Counter-based random number generator (CBRNG)

A counter-based random number generation (CBRNG, also known as a counter-based pseudo-random number generator, or CBPRNG) is a kind of pseudorandom number generator that uses only an integer counter as its internal state.

Background

We can think of a pseudorandom number generator (PRNG) as a function that transforms a series of bits known as the state into a new state and a random number.

That is, given a PRNG function and an initial state , we can repeatedly use the PRNG to generate a sequence of states and random numbers.

In some PRNGs, such as the Mersenne Twister, the state is large, more than 2048 bytes. In other PRNGs, such as xorshift, and are one and the same (and so the state is small, just 4, 8, or 16 bytes, depending on the size of the numbers being generated). But in both cases, and indeed in most traditional PRNGs, the state evolves unpredictably, so if you want to calculate a particular given an initial state , you have to calculate , , and so on, running the PRNG times.

Such algorithms are inherently sequential and not amenable to running on parallel machines like multi-core CPUs and GPUs.

In contrast, a counter-based random number generator (CBRNG) is a PRNG where the state "evolves" in a particularly simple manner: . This way you can generate each number independently, without knowing the result of the previous call to the PRNG.

This property make it easy to run a CBRNG on a multiple CPU threads or a GPU. For example, to generate random numbers on a GPU, you might spawn threads and have the th thread calculate .

Implementations

CBRNGs based on block ciphers

Some CBRNGs are based on reduced-strength versions of block ciphers. Below we explain how this works.

When using a cryptograhpic block cipher in counter mode, you generate a series of blocks of random bits. The th block is calculated by encrypting the number using the encryption key : .

This is similar to a CBRNG, where you calculate the th random number as . Indeed, any block cipher can be used as a CBRNG; simply let !

This yields a strong, cryptographically-secure source of randomness. But cryptographically-secure pseudorandom number generators tend to be slow compared to insecure PRNGs, and in practice many uses of random numbers don't require this degree of security.

In 2011, Salmon et al. at D. E. Shaw Research introduced[1] two CBRNGs based on reduced-strength versions of block ciphers.

  • Threefry uses a reduced-strength version of the Threefish block cipher. (Juvenile fish are known as "fry".)
  • ARS uses a reduced-strength version of the AES block cipher. ("ARS" is a pun on "AES"; "AES" stands for "advanced encryption standard", and "ARS" stands for "advanced randomization system"[2].)

ARS is used in recent versions of Intel's Math Kernel Library[3] and gets good performance by using instructions from the AES-NI instruction set, which specifically accelerate AES encryption.

Code implementing Threefry, ARS, and Philox (see below) is available from the authors[4].

CBRNGs based on multiplication

In addition to Threefry and ARS, Salmon et al. described a third counter-based PRNG, Philox. It's based on wide multiplies, e.g. multiplying two 32-bit numbers and producing a 64-bit number, or multiplying two 64-bit numbers and producing a 128-bit number.

As of 2020, Philox is popular on CPUs and GPUs. On GPUs, nVidia's cuRAND library[5] and TensorFlow[6] provide implementations of Philox. On CPUs, Intel's MKL provides an implementation.

In 2020, Bernard Widynski published the Squares CBRNG[7][8]. Squares is based on John von Neumann’s middle-square method, applying several rounds to a counter to produce a random output. The Squares PRNG is notable for being extremely simple, just 7 lines of C code.

gollark: 9 persons? How does THAT work?
gollark: I mean generally speaking.
gollark: How is such a crazy polity or whatever still around then?
gollark: Well, that means you might run into problems with attacks not visible on them.
gollark: Second!

References

  1. Salmon, John; Moraes, Mark; Dror, Ron; Shaw, David (2011). "Parallel random numbers: as easy as 1, 2, 3". Proceedings of 2011 International Conference for High Performance Computing, Networking, Storage and Analysis, Article No. 16. doi:10.1145/2063384.2063405.
  2. http://www.thesalmons.org/john/random123/releases/1.11.2pre/docs/. Retrieved August 8, 2020. Missing or empty |title= (help)
  3. Fedorov, Gennady; Gladkov, Eugeny (2015). "New counter-based Random Number Generators in Intel® Math Kernel Library". Intel. Retrieved August 22, 2016.
  4. "Random123".
  5. https://docs.nvidia.com/cuda/curand/device-api-overview.html. Retrieved August 8, 2020. Missing or empty |title= (help)
  6. https://www.tensorflow.org/guide/random_numbers#general. Missing or empty |title= (help)
  7. Widynski, Bernard (April 2020). "Squares: A Fast Counter-Based RNG". arXiv:2004.06278v2.
  8. Squares RNG website
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.