|
|
| Line 1: |
Line 1: |
| {{About|the computational or physical device|the song from the musical ''[[Hedwig and the Angry Inch (musical)|Hedwig and the Angry Inch]]''|Random Number Generation (song)}}
| | The person who wrote the article is called Jayson Hirano and he completely digs that title. One of the very are psychics real ([http://203.250.78.160/zbxe/?document_srl=1792908 78.160]) best things in the globe for him is doing ballet and he'll be starting some thing else alongside with it. I've usually loved residing in Alaska. Office supervising is where her main [http://modenpeople.co.kr/modn/qna/292291 real psychics] earnings comes from but she's already applied for another 1.<br><br>Review my weblog; [http://www.chk.woobi.co.kr/xe/?document_srl=346069 accurate psychic predictions] |
| | |
| {{Refimprove|date=June 2009}}
| |
| | |
| A '''random number generator (RNG)''' is a [[computer|computational]] or physical device designed to generate a sequence of [[number]]s or symbols that lack any pattern, i.e. appear [[random]].
| |
| | |
| The many [[applications of randomness]] have led to the development of several different methods for generating [[randomness|random]] data. Many of these have existed since ancient times, including [[dice]], [[coin flipping]], the [[shuffling]] of [[playing card]]s, the use of [[yarrow]] stalks (by divination) in the [[I Ching]], and many other techniques. Because of the mechanical nature of these techniques, generating large numbers of sufficiently random numbers (important in statistics) required a lot of work and/or time. Thus, results would sometimes be collected and distributed as [[random number table]]s. Nowadays, after the advent of computational random number generators, a growing number of government-run [[lottery|lotteries]], and lottery games, are using RNGs instead of more traditional drawing methods. RNGs are also used today to determine the odds of modern [[slot machine]]s.<ref>{{cite web | |
| | title = Introduction to Slot Machines
| |
| | url = http://slotsvariations.com/slot-machine.htm
| |
| | accessdate = 2010-05-14
| |
| }}</ref>
| |
| | |
| Several computational methods for random number generation exist. Many fall short of the goal of true randomness — though they may meet, with varying success, some of the [[statistical randomness|statistical tests for randomness]] intended to measure how unpredictable their results are (that is, to what degree their patterns are discernible). However, carefully designed cryptographically secure computationally based methods of generating random numbers do exist, such as those based on the [[Yarrow algorithm]] and the [[Fortuna (PRNG)]] and others.
| |
| | |
| == Practical applications and uses ==
| |
| {{Main|Applications of randomness}}
| |
| | |
| Random number generators have applications in [[gambling]], [[statistical sampling]], [[computer simulation]], [[cryptography]], [[completely randomized design]], and other areas where producing an unpredictable result is desirable.
| |
| | |
| Note that, in general, where unpredictability is paramount – such as in security applications – hardware generators are generally preferred (where feasible) over pseudo-random algorithms.
| |
| | |
| Random number generators are very useful in developing [[Monte Carlo method|Monte Carlo-method]] simulations, as [[debugging]] is facilitated by the ability to run the same sequence of random numbers again by starting from the same ''[[random seed]]''. They are also used in [[cryptography]] – so long as the ''seed'' is secret. Sender and receiver can generate the same set of numbers automatically to use as keys.
| |
| | |
| The generation of [[pseudo-random number]]s is an important and common task in computer programming. While cryptography and certain numerical algorithms require a very high degree of ''apparent'' randomness, many other operations only need a modest amount of unpredictability. Some simple examples might be presenting a user with a "Random Quote of the Day", or determining which way a computer-controlled adversary might move in a computer game. Weaker forms of ''randomness'' are used in [[hash algorithm]]s and in creating [[amortization|amortized]] [[search algorithm|searching]] and [[sorting algorithm]]s.
| |
| | |
| Some applications which appear at first sight to be suitable for randomization are in fact not quite so simple. For instance, a system that "randomly" selects music tracks for a background music system must only ''appear'' random, and may even have ways to control the selection of music: a true random system would have no restriction on the same item appearing two or three times in succession.
| |
| | |
| == "True" random numbers vs. pseudo-random numbers ==
| |
| {{Main|Pseudorandom number generator}}
| |
| | |
| There are two principal methods used to generate random numbers. The first method measures some physical phenomenon that is expected to be random and then compensates for possible biases in the measurement process. Example sources include measuring atmospheric noise, thermal noise, and other external electromagnetic and quantum phenomena. For example, cosmic background radiation or radioactive decay as measured over short timescales represent sources of natural [[Entropy (information theory)|entropy]].
| |
| | |
| The speed at which entropy can be harvested from natural sources is dependent on the underlying physical phenomena being measured. Thus, sources of naturally occurring 'true' entropy are said to be [[blocking (computing)|block]]ing i.e. rate-limited until enough entropy is harvested to meet demand. On some Unix-like systems, including Linux, the pseudo device file [[/dev/random]] will [[blocking (computing)|block]] until sufficient entropy is harvested from the environment.<ref>{{man|4|random}}</ref> Due to this blocking behavior large bulk reads from [[/dev/random]], such as filling a hard disk with random bits, can often be slow.
| |
| | |
| The second method uses computational [[algorithm]]s that can produce long sequences of apparently random results, which are in fact completely determined by a shorter initial value, known as a seed or [[key (cryptography)|key]]. The latter type are often called [[pseudorandom number generator]]s. These types of generators do not typically rely on sources of naturally occurring entropy, though they may be periodically seeded by natural sources, they are non-[[blocking (computing)|blocking]] i.e. not rate-limited by an external event.
| |
| | |
| A "random number generator" based solely on deterministic computation cannot be regarded as a "true" random number generator in the purest sense of the word, since their output is inherently predictable if all seed values are known. In practice however they are sufficient for most tasks. Carefully designed and implemented pseudo-random number generators can even be certified for security-critical cryptographic purposes, as is the case with the [[yarrow algorithm]] and [[fortuna (PRNG)]]. (The former being the basis of the <code>/dev/random</code> source of entropy on [[FreeBSD]], [[AIX]], [[Mac OS X]], [[NetBSD]] and others. [[OpenBSD]] also uses a pseudo-random number algorithm based on [[RC4]] known as ARC4. See also: [[Cryptographically secure pseudorandom number generator]].)
| |
| | |
| == Generation methods ==
| |
| | |
| === Physical methods ===
| |
| {{Main|Hardware random number generator}}
| |
| The earliest methods for generating random numbers — [[dice]], [[coin flipping]], [[roulette]] wheels — are still used today, mainly in [[game]]s and gambling as they tend to be too slow for most applications in statistics and cryptography.
| |
| | |
| A physical random number generator can be based on an essentially random atomic or subatomic physical phenomenon whose unpredictability can be traced to the laws of [[quantum mechanics]]. Sources of [[entropy (information theory)|entropy]] include [[radioactive decay]], [[Johnson–Nyquist noise|thermal noise]], [[shot noise]], avalanche noise in [[Zener diode]]s, [[clock drift#Random number generators|clock drift]], the timing of actual movements of a [[hard disk]] read/write head, and [[Noise (radio)|radio noise]]. However, physical phenomena and tools used to measure them generally feature asymmetries and [[systematic bias]]es that make their outcomes not uniformly random. A [[randomness extractor]], such as a [[cryptographic hash function]], can be used to approach a uniform distribution of bits from a non-uniformly random source, though at a lower bit rate.
| |
| | |
| In 2010, Kanter et al. at Bar-Ilan University created a physical random bit generator that operates at a rate of 300 gigabits per second, the fastest thus far created.<ref>Kanter, Ido; Aviad, Yaara; Reidler, Igor; Cohen, Elad; Rosenbluh, Michael. An optical ultrafast random bit generator. Nature Photonics, Volume 4, Issue 1, pp. 58–61 (2010).</ref>
| |
| | |
| Various imaginative ways of collecting this entropic information have been devised. One technique is to run a hash function against a frame of a video stream from an unpredictable source. [[Lavarand]] used this technique with images of a number of [[lava lamp]]s. [http://www.fourmilab.ch/hotbits/ HotBits] measures radioactive decay with [[Geiger–Muller tube]]s,<ref>{{cite web
| |
| | last = Walker
| |
| | first = John
| |
| | title = HotBits: Genuine Random Numbers
| |
| | url = http://www.fourmilab.ch/hotbits/
| |
| | accessdate = 2009-06-27 }}</ref> while [[Random.org]] uses variations in the amplitude of atmospheric noise recorded with a normal radio.
| |
| | |
| Another common entropy source is the behavior of human users of the system. While people are not considered good randomness generators upon request, they generate random behavior quite well in the context of playing [[mixed strategy]] games.<ref>{{cite paper
| |
| | author = Halprin, Ran
| |
| | coauthors = [[Moni Naor|Naor, Moni]]
| |
| | title = Games for Extracting Randomness
| |
| | publisher = Department of Computer Science and Applied Mathematics, Weizmann Institute of Science
| |
| | url = http://www.neko.co.il/games4rand.pdf
| |
| | format = PDF
| |
| | accessdate = 2009-06-27 }} [http://mae.neko.co.il Main site]</ref> Some security-related computer software requires the user to make a lengthy series of mouse movements or keyboard inputs to create sufficient entropy needed to generate random [[key (cryptography)|keys]] or to initialize pseudorandom number generators.<ref>{{cite web
| |
| | last = TrueCrypt Foundation
| |
| | title = TrueCrypt Beginner's Tutorial, Part 3
| |
| | url = http://www.truecrypt.org/docs/?s=tutorial3
| |
| | accessdate = 2009-06-27 }}</ref>
| |
| | |
| === Computational methods ===
| |
| [[Pseudo-random number generator]]s (PRNGs) are [[algorithm]]s that can automatically create long runs of numbers with good random properties but eventually the sequence repeats (or the memory usage grows without bound). The string of values generated by such algorithms is generally determined by a fixed number called a '''seed.''' One of the most common PRNG is the [[linear congruential generator]], which uses the recurrence
| |
| | |
| :<math>X_{n+1} = (a X_n + b)\, \textrm{mod}\, m</math>
| |
| | |
| to generate numbers. The maximum number of numbers the formula can produce is the [[Modulus (algebraic number theory)|modulus]], ''m''. To avoid certain non-random properties of a single linear congruential generator, several such random number generators with slightly different values of the multiplier coefficient ''a'' can be used in parallel, with a "master" random number generator that selects from among the several different generators.{{Citation needed|date=December 2009}}
| |
| | |
| A simple pen-and-paper method for generating random numbers is the so-called [[middle square method]] suggested by [[John von Neumann]]. While simple to implement, its output is of poor quality.
| |
| | |
| Most computer programming languages include functions or library routines that provide random number generators. They are often designed to provide a random byte or word, or a [[floating point]] number [[Uniform distribution (continuous)|uniformly distributed]] between 0 and 1.
| |
| | |
| The quality i.e. randomness of such library functions varies widely from completely predictable output, to cryptographically secure. The default random number generator in many languages, including Python, Ruby, R, IDL and PHP is based on the [[Mersenne Twister]] algorithm and is ''not'' sufficient for cryptography purposes, as is explicitly stated in the language documentation. Such library functions often have poor statistical properties and some will repeat patterns after only tens of thousands of trials. They are often initialized using a computer's [[real time clock]] as the seed, since such a clock generally measures in milliseconds, far beyond the person's [[Accuracy and precision|precision]]. These functions may provide enough randomness for certain tasks (for example video games) but are unsuitable where high-quality randomness is required, such as in cryptography applications, statistics or numerical analysis.
| |
| | |
| Much higher quality random number sources are available on most operating systems; for example [[/dev/random]] on various BSD flavors, Linux, Mac OS X, IRIX, and Solaris, or [[CryptGenRandom]] for Microsoft Windows. Most programming languages, including those mentioned above, provide a means to access to these higher quality sources.
| |
| | |
| An example of a simple pseudo-random number generator is the [[multiply-with-carry]] method invented by [[George Marsaglia]]. It is computationally fast and has good (albeit not cryptographically strong) randomness properties:<ref>{{cite web
| |
| | last = Marsaglia | first = George | title = sci.stat.math | date = 1999-01-12 | work = | url=http://groups.google.com/group/sci.crypt/browse_thread/thread/ca8682a4658a124d/ | accessdate = 2010-02-10 }}</ref>
| |
| | |
| <source lang="c">
| |
| m_w = <choose-initializer>; /* must not be zero, nor 0x464fffff */
| |
| m_z = <choose-initializer>; /* must not be zero, nor 0x9068ffff */
| |
| | |
| uint get_random()
| |
| {
| |
| m_z = 36969 * (m_z & 65535) + (m_z >> 16);
| |
| m_w = 18000 * (m_w & 65535) + (m_w >> 16);
| |
| return (m_z << 16) + m_w; /* 32-bit result */
| |
| }
| |
| </source>
| |
| | |
| === Generation from a probability distribution ===
| |
| There are a couple of methods to generate a random number based on a [[probability density function]]. These methods involve transforming a uniform random number in some way. Because of this, these methods work equally well in generating both pseudo-random and true random numbers. One method, called the [[Inverse transform sampling|inversion method]], involves integrating up to an area greater than or equal to the random number (which should be generated between 0 and 1 for proper distributions). A second method, called the [[Rejection sampling|acceptance-rejection method]], involves choosing an x and y value and testing whether the function of x is greater than the y value. If it is, the x value is accepted. Otherwise, the x value is rejected and the algorithm tries again.<ref>{{cite web
| |
| | last = The MathWorks | first = | title = Common generation methods | date = | work = | url=http://www.mathworks.de/help/toolbox/stats/br5k9hi-1.html | accessdate = 2011-10-13 }}</ref><!-- [http://www.mathworks.com/access/helpdesk/help/toolbox/stats/bqttfc1.html#bqt8l8g]--><ref>{{ cite web | last = The Numerical Algorithms Group | first = | title = G05 – Random Number Generators | date = | work = NAG Library Manual, Mark 23 | url = http://www.nag.co.uk/numeric/fl/nagdoc_fl23/pdf/G05/g05intro.pdf | accessdate = 2012-02-09 }}</ref>
| |
| | |
| === By humans ===
| |
| Random number generation may also be done by humans directly.
| |
| However, most studies find that human subjects have some degree of nonrandomness when generating a random sequence of, e.g., digits or letters.
| |
| They may alternate too much between choices compared to a good random generator.<ref>{{Cite journal
| |
| | author = W. A. Wagenaar
| |
| | title = Generation of random sequences by human subjects: a critical survey of the literature
| |
| | journal = [[Psychological Bulletin]]
| |
| | year = 1972
| |
| | volume = 77
| |
| | issue = 1
| |
| | pages = 65–72
| |
| | doi = 10.1037/h0032060
| |
| }}</ref>
| |
| | |
| == Post-processing and statistical checks ==
| |
| : ''See also: [[Statistical randomness]]'' and ''[[List of random number generators]]''
| |
| Even given a source of plausible random numbers (perhaps from a quantum mechanically based hardware generator), obtaining numbers which are completely unbiased takes care. In addition, behavior of these generators often changes with temperature, power supply voltage, the age of the device, or other outside interference. And a software bug in a pseudo-random number routine, or a hardware bug in the hardware it runs on, may be similarly difficult to detect.
| |
| | |
| Generated random numbers are sometimes subjected to statistical tests before use to ensure that the underlying source is still working, and then post-processed to improve their statistical properties. An example would be the TRNG9803 <ref>{{cite web|last=Dömstedt|first=B.|title=TRNG9803 True Random Number Generator|url=http://www.trng98.se/serial_trng_9803.html|publisher=www.TRNG98.se|location=Manufacturer|year=2009}}</ref> hardware random number generator, that use an entropy measurement as hardware test, and then post-process with a shift register stream cipher.
| |
| | |
| == Other considerations ==
| |
| Random numbers uniformly distributed between 0 and 1 can be used to generate random numbers of any desired distribution by passing them through the inverse [[cumulative distribution function]] (CDF) of the desired distribution. Inverse CDFs are also called [[quantile function]]s. To generate a pair of [[Statistical independence|statistically independent]] [[Normal distribution|standard normally distributed]] random numbers (''x'', ''y''), one may first generate the [[polar coordinates]] (''r'', ''θ''), where ''r''~[[Chi-squared distribution|χ<sub>2</sub><sup>2</sub>]] and ''θ''~[[Uniform distribution (continuous)|UNIFORM(0,2π)]] (see [[Box–Muller transform]]).
| |
| | |
| Some 0 to 1 RNGs include 0 but exclude 1, while others include or exclude both.
| |
| | |
| The outputs of multiple independent RNGs can be combined (for example, using a bit-wise [[XOR]] operation) to provide a combined RNG at least as good as the best RNG used. This is referred to as [[Hardware random number generator#Software whitening|software whitening]].
| |
| | |
| Computational and hardware random number generators are sometimes combined to reflect the benefits of both kinds. Computational random number generators can typically generate pseudo-random numbers much faster than physical generators, while physical generators can generate "true randomness."
| |
| | |
| == Low-discrepancy sequences as an alternative ==
| |
| Some computations making use of a random number generator can be summarized as the computation of a total or average value, such as the computation of integrals by the [[Monte Carlo method]]. For such problems, it may be possible to find a more accurate solution by the use of so-called [[low-discrepancy sequence]]s, also called [[quasirandom]] numbers. Such sequences have a definite pattern that fills in gaps evenly, qualitatively speaking; a truly random sequence may, and usually does, leave larger gaps.
| |
| | |
| == Activities and demonstrations ==
| |
| The following sites make available Random Number samples:
| |
| # The [[SOCR]] resource pages contain a number of [http://wiki.stat.ucla.edu/socr/index.php/SOCR_EduMaterials_Activities_RNG hands-on interactive activities and demonstrations] of random number generation using Java applets.
| |
| # The Quantum Optics Group at the [[ANU]] generates random numbers sourced from quantum vacuum. You can download a sample of random numbers by visiting their [http://photonics.anu.edu.au/qoptics/Research/qrng.php quantum random number generator ] research page.
| |
| # [http://Random.Org Random.Org] makes available random numbers that are sourced from the randomness of atmospheric noise. [http://www.random.org/ Visit their page] to obtain a sample.
| |
| # The [http://random.irb.hr/ Quantum Random Bit Generator Service] at the [[Ruđer Bošković Institute]] harvests randomness from the quantum process of photonic emission in semiconductors. They supply a variety of ways of fetching the data, including libraries for several programming languages.
| |
| | |
| ==Backdoors==
| |
| {{main|Random number generator attack}}
| |
| Since much cryptography depends on a [[cryptographically secure random number generator]] for key and [[cryptographic nonce]] generation, if a random number generator can be made predictable, it can be used as [[backdoor (computing)|backdoor]] by an attacker to break the encryption.
| |
| | |
| The NSA is reported to have inserted a backdoor into the [[National Institute of Standards and Technology|NIST]] certified [[cryptographically secure pseudorandom number generator]] [[Dual_EC_DRBG]]. If for example an SSL connection is created using this random number generator, then according to [[Matthew Green (cryptographer)|Matthew Green]] it would allow NSA to determine the state of the random number generator, and thereby eventually be able to read all data sent over the SSL connection.<ref>{{cite web|url=http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html|title=The Many Flaws of Dual_EC_DRBG|author=matthew Green}}</ref> Even though it was apparent that Dual_EC_DRBG was a very poor and possibly backdoored pseudorandom number generator long before the NSA backdoor was confirmed in 2013, it had seen significant usage in practice until 2013, for example by the prominent security company [[RSA Security]].<ref name="green">{{cite web|url=http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html|title=RSA warns developers not to use RSA products|author=Matthew Green}}</ref> There have subsequently been accusations that RSA Security knowingly inserted a NSA backdoor into its products, possibly as part of the [[Bullrun (decryption program)|Bullrun]] program. RSA has denied knowingly inserting a backdoor into its products.<ref>{{cite web|url=http://arstechnica.com/security/2013/09/we-dont-enable-backdoors-in-our-crypto-products-rsa-tells-customers/|title=We don’t enable backdoors in our crypto products, RSA tells customers|publisher=Ars Technica}}</ref>
| |
| | |
| It has also been theorized that hardware RNGs could be secretly modified to have less entropy than stated, which would make encryption using the hardware RNG susceptible to attack. One such method which has been published works by modifying the dopant mask of the chip, which would be undetectable to optical reverse-engineering.<ref>{{cite web|url=http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/|title=Researchers can slip an undetectable trojan into Intel’s Ivy Bridge CPUs|publisher=Ars Technica}}</ref> For example for random number generation in Linux, it is seen as unacceptable to use Intel's [[RdRand]] hardware RNG without mixing in the RdRand output with other sources of entropy to counteract any backdoors in the hardware RNG. Especially after the revelation of the NSA Bullrun program.<ref>{{cite web|url=https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J|title=I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RdRand instruction. |publisher=Google Plus|author=Theodore Ts'o}}</ref><ref>{{cite web|url=https://lwn.net/Articles/567077/|title=Re: [PATCH] /dev/random: Insufficient of entropy on many architectures|publisher=LWN|author=Theodore Ts'o}}</ref>
| |
| | |
| == See also ==
| |
| * [[Flipism]]
| |
| * [[List of random number generators]]
| |
| * [[PP (complexity)]]
| |
| * [[Procedural generation]]
| |
| * [[Randomization]]
| |
| * [[Randomized algorithm]]
| |
| * [[Random number generator attack]]
| |
| * [[Random password generator]]
| |
| * [[Randomness]]
| |
| | |
| == References ==
| |
| {{reflist}}
| |
| | |
| == Further reading ==
| |
| * {{cite book
| |
| | title = [[The Art of Computer Programming]]
| |
| | author = Donald Knuth
| |
| | author-link = Donald Knuth
| |
| | volume = Vol. 2: Seminumerical algorithms
| |
| | chapter = Chapter 3 – Random Numbers
| |
| | year = 1997
| |
| | edition = 3
| |
| }}
| |
| * {{Cite book
| |
| |title=Handbook of Monte Carlo Methods | chapter = Chapter 1 – Uniform Random Number Generation|last=Kroese |first=D. P. |coauthors=Taimre, T.; Botev, Z.I. |year=2011
| |
| |publisher= John Wiley & Sons |location=New York |isbn=0-470-17793-4 |page=772 |url=http://www.montecarlohandbook.org | ref=harvnb }}
| |
| * {{Cite book | last1=Press | first1=WH | last2=Teukolsky | first2=SA | last3=Vetterling | first3=WT | last4=Flannery | first4=BP | year=2007 | title=Numerical Recipes: The Art of Scientific Computing | edition=3rd | publisher=Cambridge University Press | publication-place=New York | isbn=978-0-521-88068-8 | chapter=Chapter 7. Random Numbers | chapter-url=http://apps.nrbook.com/empanel/index.html#pg=340 | postscript=<!-- Bot inserted parameter. Either remove it; or change its value to "." for the cite to end in a ".", as necessary. -->{{inconsistent citations}}}}
| |
| * [http://csrc.nist.gov/publications/PubsSPs.html NIST SP800-90A, B, C series on random number generation]
| |
| | |
| == External links ==
| |
| {{Commons category|Random}}
| |
| * {{In Our Time|Random and Pseudorandom|b00x9xjb}}
| |
| * {{cite web|last=Clewett|first=James|title=Random Numbers|url=http://www.numberphile.com/videos/random_numbers.html|work=Numberphile|publisher=[[Brady Haran]]}}
| |
| * [https://sites.google.com/site/simulationarchitecture/jrand jRand] a Java-based framework for the generation of simulation sequences, including pseudo-random sequences of numbers
| |
| * [http://www.nag.co.uk/numeric/fl/nagdoc_fl24/html/G05/g05conts.html Random number generators in NAG Fortran Library]
| |
| * [http://www.nist.gov/itl/csd/ct/nist_beacon.cfm Randomness Beacon] at [[NIST]], broadcasting full-entropy bit-strings in blocks of 512 bits every 60 seconds. Designed to provide unpredictability, autonomy, and consistency.
| |
| | |
| [[Category:Information theory]]
| |
| [[Category:Random number generation|*]]
| |