Mersenne twister: Difference between revisions

en:Mersenne twister

My Draft

A version of this adapted as an example toy ai-integration.biz application is the purpose of the draft here.

Overview

The Mersenne twister is a pseudorandom number generator developed in 1997 by Template:Nihongo and Template:Nihongo^[1] that is based on a matrix linear recurrence over a finite binary field <math>F_{2}</math>. It provides for fast generation of very high-quality pseudorandom numbers, having been designed specifically to rectify many of the flaws found in older algorithms.

Its name derives from the fact that period length is chosen to be a Mersenne prime. There are at least two common variants of the algorithm, differing only in the size of the Mersenne primes used. The newer and more commonly used one is the Mersenne Twister MT19937, with 32-bit word length. There is also a variant with 64-bit word length, MT19937-64, which generates a different sequence.

Application

The algorithm in its native form is not suitable for cryptography (unlike Blum Blum Shub). Observing a sufficient number of iterates (624 in the case of MT19937) allows one to predict all future iterates. A pair of cryptographic stream ciphers based on output from Mersenne twister has been proposed by Makoto Matsumoto et al. The authors claim speeds 1.5 to 2 times faster than AES in counter mode.^[2]

Another issue is that it can take a long time to turn a non-random initial state into output that passes randomness tests. A small lagged Fibonacci generator or linear congruential generator gets started much quicker and usually is used to seed the Mersenne Twister. If only a few numbers are required and standards aren't high, it is simpler to use the seed generator. But the Mersenne Twister will still work.

For many applications, however, the Mersenne twister is quickly becoming the pseudorandom number generator of choice; for example, it is the default in R, Maple, MATLAB, and the two popular scripting languages Python^[3] and Ruby^[4]. Since the library is portable, freely available, and quickly generates high quality pseudorandom numbers, it is rarely a bad choice.

It is designed with Monte Carlo simulations and other statistical simulations in mind. Researchers primarily want high quality numbers but also benefit from its speed and portability.

Advantages

The commonly used variant of Mersenne Twister, MT19937 has the following desirable properties:

1. It was designed to have a period of 2¹⁹⁹³⁷ − 1 (the creators of the algorithm proved this property). In practice, there is little reason to use a larger period, as most applications do not require 2¹⁹⁹³⁷ unique combinations (2¹⁹⁹³⁷ is approximately 4.3 × 10⁶⁰⁰¹; this is many orders of magnitude larger than the estimated number of particles in the observable universe, which is 10⁸⁷).
2. It has a very high order of dimensional equidistribution (see linear congruential generator). This implies that there is negligible serial correlation between successive values in the output sequence.
3. It passes numerous tests for statistical randomness, including the Diehard tests. It passes most, but not all, of the even more stringent TestU01 Crush randomness tests.

Alternatives

The Mersenne Twister algorithm has received some criticism in the computer science field, notably by George Marsaglia. These critics claim that while it is good at generating random numbers, it is not very elegant and is overly complex to implement. Marsaglia has provided several examples of random number generators that are less complex yet which he claims provide significantly larger periods. For example, a simple complementary multiply-with-carry generator can have a period 10³³⁰⁰⁰ times as long, be significantly faster, and maintain better or equal randomness.^[5][6]

Algorithmic detail

The Mersenne Twister algorithm is a twisted generalised feedback shift register^[7] (twisted GFSR, or TGFSR) of rational normal form (TGFSR(R)), with state bit reflection and tempering. It is characterized by the following quantities:

• w: word size (in number of bits)
• n: degree of recurrence
• m: middle word, or the number of parallel sequences, 1 ≤ m ≤ n
• r: separation point of one word, or the number of bits of the lower bitmask, 0 ≤ r ≤ w - 1
• a: coefficients of the rational normal form twist matrix
• b, c: TGFSR(R) tempering bitmasks
• s, t: TGFSR(R) tempering bit shifts
• u, l: additional Mersenne Twister tempering bit shifts

with the restriction that 2^nw − r − 1 is a Mersenne prime. This choice simplifies the primitivity test and k-distribution test that are needed in the parameter search.

For a word x with w bit width, it is expressed as the recurrence relation

<math>x_{k+n} := x_{k+m} \oplus ({x_k}^u \mid {x_{k+1}}^l) A \qquad \qquad k=0,1,\ldots</math>

with | as the bitwise or and ⊕ as the bitwise exclusive or (XOR), x^u, x^l being x with upper and lower bitmasks applied. The twist transformation A is defined in rational normal form

<math> A = R = \begin{pmatrix} 0 & I_{w - 1} \\ a_{w-1} & (a_{w - 2}, \ldots , a_0) \end{pmatrix} </math>

with I_n − 1 as the (n − 1) × (n − 1) identity matrix (and in contrast to normal matrix multiplication, bitwise XOR replaces addition). The rational normal form has the benefit that it can be efficiently expressed as

<math> \boldsymbol{x}A = \begin{cases}\boldsymbol{x} \gg 1 & x_0 = 0\\(\boldsymbol{x} \gg 1) \oplus \boldsymbol{a} & x_0 = 1\end{cases} </math>

where

<math>\boldsymbol{x} := ({x_k}^u \mid {x_{k+1}}^l) \qquad \qquad k=0,1,\ldots</math>

In order to achieve the 2^nw − r − 1 theoretical upper limit of the period in a TGFSR, φ_B(t) must be a primitive polynomial, φ_B(t) being the characteristic polynomial of

<math> B = \begin{pmatrix} 0 & I_{w} & \cdots & 0 & 0 \\ \vdots & & & & \\ I_{w} & \vdots & \ddots & \vdots & \vdots \\ \vdots & & & & \\ 0 & 0 & \cdots & I_{w} & 0 \\ 0 & 0 & \cdots & 0 & I_{w - r} \\ S & 0 & \cdots & 0 & 0 \end{pmatrix} \begin{matrix} \\ \\ \leftarrow m\hbox{-th row} \\ \\ \\ \\ \end{matrix} </math>

<math> S = \begin{pmatrix} 0 & I_{r} \\ I_{w - r} & 0 \end{pmatrix} A </math>

The twist transformation improves the classical GFSR with the following key properties:

• Period reaches the theoretical upper limit 2^nw − r − 1 (except if initialized with 0)
• Equidistribution in n dimensions (e.g. linear congruential generators can at best manage reasonable distribution in 5 dimensions)

As like TGFSR(R), the Mersenne Twister is cascaded with a tempering transform to compensate for the reduced dimensionality of equidistribution (because of the choice of A being in the rational normal form), which is equivalent to the transformation A = R → A = T⁻¹RT, T invertible. The tempering is defined in the case of Mersenne Twister as

y := x ⊕ (x >> u)

y := :y ⊕ ((y << s) & b)

y := :y ⊕ ((y << t) & c)

z := y ⊕ (y >> l)

with <<, >> as the bitwise left and right shifts, and & as the bitwise and. The first and last transforms are added in order to improve lower bit equidistribution. From the property of TGFSR, <math>s + t \ge \lfloor w/2 \rfloor - 1</math> is required to reach the upper bound of equidistribution for the upper bits.

The coefficients for MT19937 are:

• (w, n, m, r) = (32, 624, 397, 31)
• a = 9908B0DF₁₆
• u = 11
• (s, b) = (7, 9D2C5680₁₆)
• (t, c) = (15, EFC60000₁₆)
• l = 18

Pseudocode

The following generates uniformly 32-bit integers in the range [0, 2³² − 1] with the MT19937 algorithm:

 // Create a length 624 array to store the state of the generator
 int[0..623] MT
 int index = 0
 
 // Initialize the generator from a seed
 function initializeGenerator(int seed) {
     MT[0] := seed
     for i from 1 to 623 { // loop over each other element
         MT[i] := last 32 bits of(1812433253 * (MT[i-1] xor (right shift by 30 bits(MT[i-1]))) + i) // 0x6c078965
     }
 }
 
 // Extract a tempered pseudorandom number based on the index-th value,
 // calling generateNumbers() every 624 numbers
 function extractNumber() {
     if index == 0 {
         generateNumbers()
     }
     
     int y := MT[index]
     y := y xor (right shift by 11 bits(y))
     y := y xor (left shift by 7 bits(y) and (2636928640)) // 0x9d2c5680
     y := y xor (left shift by 15 bits(y) and (4022730752)) // 0xefc60000
     y := y xor (right shift by 18 bits(y))
     
     index := (index + 1) mod 624
     return y
 }
 
 // Generate an array of 624 untempered numbers
 function generateNumbers() {
     for i from 0 to 623 {
         int y := 32nd bit of(MT[i]) + last 31 bits of(MT[(i+1) mod 624])
         MT[i] := MT[(i + 397) mod 624] xor (right shift by 1 bit(y))
         if (y mod 2) == 1 { // y is odd
             MT[i] := MT[i] xor (2567483615) // 0x9908b0df
         }
     }
 }

SFMT

Template:Expand-section

SFMT, the SIMD-oriented Fast Mersenne Twister, is a variant of Mersenne Twister, introduced in 2006^[8], designed to be fast when it runs on 128-bit SIMD.

• It is roughly twice as fast as Mersenne Twister.^[9]
• It has a better equidistribution property of v-bit accuracy than MT but worse than WELL ("Well Equidistributed Long-period Linear").
• It has quicker recovery from zero-excess initial state than MT, but slower than WELL.
• It supports various periods from 2⁶⁰⁷-1 to 2²¹⁶⁰⁹¹-1.

Intel SSE2 and PowerPC AltiVec are supported by SFMT. It is also used for games with the Cell BE in the Playstation 3.^[10]

Implementations

• XLL Excel Addin Implementation of mersenne twister random number generator
• Two implementations of Mersenne Twister in Java: one is the fastest known, and the other is a drop-in replacement for java.util.Random
• The GNU Scientific Library (GSL), containing an implementation of the Mersenne Twister
• C++ and binary function libraries for several platforms. Multithreaded. Includes Mersenne Twister and SFMT
• Implementations of the Mersenne Twister in C and C++
• Implementation of the Mersenne Twister in C++
• Implementation of the Mersenne Twister in C++ within the Mobile Robot Programming Toolkit
• Implementation of Mersenne Twister as an add-in for Microsoft Excel
• Implementation of Mersenne Twister as a free module for Visual Basic (Microsoft Excel, Microsoft Access and VB compilers) and for other Basic versions in the official site of the Mersenne Twister
• Implementation of Mersenne Twister for REALbasic (requires REALbasic 2006r1 or greater)
• Implementation of Mersenne Twister for Lisp
• Implementation of Mersenne Twister in Euphoria
• Implementation of Mersenne Twister for C# (newer, System.Random drop-in replacement) (Older implementation)
• Implementation of Mersenne Twister for Ada
• Implementation of Mersenne Twister for Fortran 95
• Implementation of Mersenne Twister for Mathematica
• Implementation of Mersenne Twister for MATLAB
• Implementation of Mersenne Twister for Mitrion-C
• Implementation of Mersenne Twister for Clean
• High-speed Implementation of Mersenne Twister in Linoleum (a cross-platform Assembler), by Herbert Glarner
• CPAN module implementing the Mersenne Twister for use with Perl
• Implementation of Mersenne Twister for Haskell
• Implementation of Mersenne Twister for Standard ML
• Implementation of Mersenne Twister in F#
• It also is implemented in gLib and the standard libraries of at least PHP, Python and Ruby.
• C++ class implementing Mersenne Twister and SFMT
• C++ implementation of Mersenne Twister for the IBM/Sony Cell Broadband Engine (Cell BE) specialized processing units
• Mersenne Twister ported to ActionScript

References

External links

• The academic paper for MT, and related articles by Makoto Matsumoto
• Mersenne Twister home page, with codes in C, Fortran, Java, Lisp and some other languages
• SIMD-oriented Fast Mersenne Twister (SFMT)

fr:Mersenne Twister ko:메르센 트위스터 it:Mersenne Twister nl:Mersenne-twister ja:メルセンヌ・ツイスタ ru:Вихрь Мерсенна pl:Mersenne Twister