Mersenne Twister

The Mersenne Twister is a pseudorandom number generator (PRNG). It is by far the most widely used general-purpose PRNG.[1] Its name derives from the fact that its period length is chosen to be a Mersenne prime.

The Mersenne Twister was developed in 1997 by Makoto Matsumoto (松本 眞) and Takuji Nishimura (西村 拓士).[2] It was designed specifically to rectify most of the flaws found in older PRNGs. It was the first PRNG to provide fast generation of high-quality pseudorandom integers.

The most commonly used version of the Mersenne Twister algorithm is based on the Mersenne prime 219937−1. The standard implementation of that, MT19937, uses a 32-bit word length. There is another implementation that uses a 64-bit word length, MT19937-64; it generates a different sequence.

Adoption in software systems

The Mersenne Twister PRNG is available by default for the following software systems: R,[3] PHP,[4] Python,[5][6] Ruby,[7] CMU Common Lisp,[8] Embeddable Common Lisp,[9] Steel Bank Common Lisp,[10] Free Pascal,[11] GLib,[12] SageMath,[13] Maple,[14] MATLAB,[15] GAUSS,[16] IDL,[17] Julia,[18] Scilab,[19] Stata,[20] GNU Octave,[21] the GNU Scientific Library,[22] the GNU Multiple Precision Arithmetic Library,[23] and Microsoft Visual C++.[24] It is also available in standard C++ (since C++11)[25][26] and Apache.[27] Add-on implementations are provided in many program libraries, including the Boost C++ Libraries[28] and the NAG Numerical Library.[29]

The Mersenne Twister is one of two PRNGs in SPSS: the other generator is kept only for compatibility with older programs, and the Mersenne Twister is stated to be "more reliable".[30] The Mersenne Twister is similarly one of the PRNGs in SAS: the other generators are older and deprecated.[31]

Advantages

The commonly-used version of Mersenne Twister, MT19937, which produces a sequence of 32-bit integers, has the following desirable properties:

  1. It has a very long period of 219937  1. While a long period is not a guarantee of quality in a random number generator, short periods (such as the 232 common in many older software packages) can be problematic.[32]
  2. It is k-distributed to 32-bit accuracy for every 1 ≤ k ≤ 623 (see definition below).
  3. It passes numerous tests for statistical randomness, including the Diehard tests.

Disadvantages

The large state space comes with a performance cost: the 2.5 KiB state buffer will place a load on the memory caches. In 2011, Saito & Matsumoto proposed a version of the Mersenne Twister to address this issue. The tiny version, TinyMT, uses just 127 bits of state space.[33]

By today's standards, the Mersenne Twister is somewhat slow, unless the SFMT implementation is used (see section below).

It passes most, but not all, of the stringent TestU01 randomness tests.[34]

Multiple Mersenne Twister instances that differ only in seed value (but not other parameters) are not generally appropriate for Monte-Carlo simulations that require independent random number generators, though there exists a method for choosing multiple sets of parameter values.[35][36]

It can take a long time to start generating output that passes randomness tests, if the initial state is highly non-random—particularly if the initial state has many zeros. A consequence of this is that two instances of the generator, started with initial states that are almost the same, will usually output nearly the same sequence for many iterations, before eventually diverging. The 2002 update to the MT algorithm has improved initialization, so that beginning with such a state is very unlikely.[37]

k-distribution

A pseudorandom sequence xi of w-bit integers of period P is said to be k-distributed to v-bit accuracy if the following holds.

Let truncv(x) denote the number formed by the leading v bits of x, and consider P of the kv-bit vectors
 (\text{trunc}_v(x_i), \, \text{trunc}_v(x_{i+1}), \, ..., \, \text{trunc}_v(x_{i+k-1})) \quad (0\leq i< P) .
Then each of the 2kv possible combinations of bits occurs the same number of times in a period, except for the all-zero combination that occurs once less often.

Alternatives

The algorithm in its native form is not cryptographically secure. The reason is that observing a sufficient number of iterations (624 in the case of MT19937, since this is the size of the state vector from which future iterations are produced) allows one to predict all future iterations.

A pair of cryptographic stream ciphers based on output from the Mersenne Twister has been proposed by Matsumoto, Nishimura, and co-authors. The authors claim speeds 1.5 to 2 times faster than Advanced Encryption Standard in counter mode.[38]

An alternative generator, WELL ("Well Equidistributed Long-period Linear"), offers quicker recovery, and equal randomness, and nearly equal speed.[39] Marsaglia's xorshift generators and variants are the fastest in this class.[40]

Algorithmic detail

Visualisation of generation of pseudo-random 32-bit integers using a Mersenne Twister. The 'Extract number' section shows an example where integer 0 has already been output and the index is at integer 1. 'Generate numbers' is run when all integers have been output.

For a w-bit word length, the Mersenne Twister generates integers in the range [0, 2w−1].

The Mersenne Twister algorithm is based on a matrix linear recurrence over a finite binary field F2. The algorithm is a twisted generalised feedback shift register[41] (twisted GFSR, or TGFSR) of rational normal form (TGFSR(R)), with state bit reflection and tempering. The basic idea is to define a series x_i through a simple recurrence relation, and then output numbers of the form x_i T, where T is an invertible F2 matrix called a tempering matrix.

The general algorithm is characterized by the following quantities (some of these explanations make sense only after reading the rest of the algorithm):

with the restriction that 2nw  r  1 is a Mersenne prime. This choice simplifies the primitivity test and k-distribution test that are needed in the parameter search.

The series x is defined as a series of w-bit quantities with the recurrence relation:

x_{k+n} := x_{k+m} \oplus ({x_k}^u \mid {x_{k+1}}^l) A \qquad \qquad k=0,1,\ldots

where \mid denotes the bitwise or, \oplus the bitwise exclusive or (XOR), {x_k}^u means the upper w - r bits of x_k, and x_{k+1}^l means the lower r bits of x_{k+1}. The twist transformation A is defined in rational normal form as:


A = \begin{pmatrix} 0 & I_{w - 1} \\ a_{w-1} & (a_{w - 2}, \ldots , a_0) \end{pmatrix}

with In  1 as the (n  1) × (n  1) identity matrix. The rational normal form has the benefit that multiplication by A can be efficiently expressed as: (remember that here matrix multiplication is being done in F2, and therefore bitwise XOR takes the place of addition)


\boldsymbol{x}A = \begin{cases}\boldsymbol{x} \gg 1 & x_0 = 0\\(\boldsymbol{x} \gg 1) \oplus \boldsymbol{a} & x_0 = 1\end{cases}

where x0 is the lowest order bit of x.

As like TGFSR(R), the Mersenne Twister is cascaded with a tempering transform to compensate for the reduced dimensionality of equidistribution (because of the choice of A being in the rational normal form). Note that this is equivalent to using the matrix A where A = T−1AT for T an invertible matrix, and therefore the analysis of characteristic polynomial mentioned below still holds.

As with A, we choose a tempering transform to be easily computable, and so do not actually construct T itself. The tempering is defined in the case of Mersenne Twister as

y := x  ((x >> u) & d)
y := y  ((y << s) & b)
y := y  ((y << t) & c)
z := y  (y >> l)

where x is the next value from the series, y a temporary intermediate value, z the value returned from the algorithm, with <<, >> as the bitwise left and right shifts, and & as the bitwise and. The first and last transforms are added in order to improve lower-bit equidistribution. From the property of TGFSR, s + t \ge \lfloor w/2 \rfloor - 1 is required to reach the upper bound of equidistribution for the upper bits.

The coefficients for MT19937 are:

Note that 32-bit implementations of the Mersenne Twister generally have d = FFFFFFFF16. As a result, the d is occasionally omitted from the algorithm description, since the bitwise and with d in that case has no effect.

The coefficients for MT19937-64 are:[42]

Initialization

As should be apparent from the above description, the state needed for a Mersenne Twister implementation is an array of n values of w bits each. To initialize the array, a w-bit seed value is used to supply x0 through xn  1 by setting x0 to the seed value and thereafter setting

xi = f × (xi-1 ⊕ (xi-1 >> (w-2))) + i

for i from 1 to n-1. The first value the algorithm then generates is based on xn. The constant f forms another parameter to the generator, though not part of the algorithm proper. The value for f for MT19937 is 1812433253 and for MT19937-64 is 6364136223846793005.[43]

Comparison with classical GFSR

In order to achieve the 2nw  r  1 theoretical upper limit of the period in a TGFSR, φB(t) must be a primitive polynomial, φB(t) being the characteristic polynomial of


B = \begin{pmatrix}
0 & I_{w} & \cdots & 0 & 0 \\
\vdots & & & & \\
I_{w} & \vdots & \ddots & \vdots & \vdots \\
\vdots & & & & \\
0 & 0 & \cdots & I_{w} & 0 \\
0 & 0 & \cdots & 0 & I_{w - r} \\
S & 0 & \cdots & 0 & 0
\end{pmatrix}
\begin{matrix}
\\ \\ \leftarrow m\hbox{-th row} \\ \\ \\ \\
\end{matrix}


S = \begin{pmatrix} 0 & I_{r} \\ I_{w - r} & 0 \end{pmatrix} A

The twist transformation improves the classical GFSR with the following key properties:

Pseudocode

The following piece of pseudocode implements the general Mersenne Twister algorithm. The constants w, n, m, r, a, u, d, s, b, t, c, l, and f are as in the algorithm description above. It is assumed that int represents a type sufficient to hold values with w bits:

 // Create a length n array to store the state of the generator
 int[0..n-1] MT
 int index := n+1
 const int lower_mask = (1 << r) - 1 // That is, the binary number of r 1's
 const int upper_mask = lowest w bits of (not lower_mask)
 
 // Initialize the generator from a seed
 function seed_mt(int seed) {
     index := n
     MT[0] := seed
     for i from 1 to (n - 1) { // loop over each element
         MT[i] := lowest w bits of (f * (MT[i-1] xor (MT[i-1] >> (w-2))) + i)
     }
 }
 
 // Extract a tempered value based on MT[index]
 // calling twist() every n numbers
 function extract_number() {
     if index >= n {
         if index > n {
           error "Generator was never seeded"
           // Alternatively, seed with constant value; 5489 is used in reference C code[44]
         }
         twist()
     }
 
     int y := MT[index]
     y := y xor ((y >> u) and d)
     y := y xor ((y << s) and b)
     y := y xor ((y << t) and c)
     y := y xor (y >> l)
 
     index := index + 1
     return lowest w bits of (y)
 }
 
 // Generate the next n values from the series x_i 
 function twist() {
     for i from 0 to (n-1) {
         int x := (MT[i] and upper_mask)
                   + (MT[(i+1) mod n] and lower_mask)
         int xA := x >> 1
         if (x mod 2) != 0 { // lowest bit of x is 1
             xA := xA xor a
         }
         MT[i] := MT[(i + m) mod n] xor xA
     }
     index := 0
 }

Python implementation

This python implementation hard-codes the constants for MT19937:

def _int32(x):
    # Get the 32 least significant bits.
    return int(0xFFFFFFFF & x)

class MT19937:

    def __init__(self, seed):
        # Initialize the index to 0
        self.index = 624
        self.mt = [0] * 624
        self.mt[0] = seed  # Initialize the initial state to the seed
        for i in range(1, 624):
            self.mt[i] = _int32(
                1812433253 * (self.mt[i - 1] ^ self.mt[i - 1] >> 30) + i)

    def extract_number(self):
        if self.index >= 624:
            self.twist()

        y = self.mt[self.index]

        # Right shift by 11 bits
        y = y ^ y >> 11
        # Shift y left by 7 and take the bitwise and of 2636928640
        y = y ^ y << 7 & 2636928640
        # Shift y left by 15 and take the bitwise and of y and 4022730752
        y = y ^ y << 15 & 4022730752
        # Right shift by 18 bits
        y = y ^ y >> 18

        self.index = self.index + 1

        return _int32(y)

    def twist(self):
        for i in range(624):
            # Get the most significant bit and add it to the less significant
            # bits of the next number
            y = _int32((self.mt[i] & 0x80000000) +
                       (self.mt[(i + 1) % 624] & 0x7fffffff))
            self.mt[i] = self.mt[(i + 397) % 624] ^ y >> 1

            if y % 2 != 0:
                self.mt[i] = self.mt[i] ^ 0x9908b0df
        self.index = 0

SFMT

SFMT, the single instruction, multiple data-oriented fast Mersenne Twister, is a variant of Mersenne Twister, introduced in 2006,[45] designed to be fast when it runs on 128-bit SIMD.

Intel SSE2 and PowerPC AltiVec are supported by SFMT. It is also used for games with the Cell BE in the PlayStation 3.[47]

MTGP

MTGP is a variant of Mersenne Twister optimised for graphics processing units published by Mutsuo Saito and Makoto Matsumoto.[48] The basic linear recurrence operations are extended from MT and parameters are chosen to allow many threads to compute the recursion in parallel, while sharing their state space to reduce memory load. The paper claims improved equidistribution over MT and performance on a high specification GPU (Nvidia GTX260 with 192 cores) of 4.7 ms for 5×107 random 32-bit integers.

References

  1. E.g. Marsland S. (2011) Machine Learning (CRC Press), §4.1.1. Also see the section "Adoption in software systems".
  2. Matsumoto, M.; Nishimura, T. (1998). "Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator". ACM Transactions on Modeling and Computer Simulation 8 (1): 3–30. doi:10.1145/272991.272995.
  3. "Random Number Generators". CRAN Task View: Probability Distributions. Retrieved 2012-05-29.
  4. "mt_rand — Generate a better random value". PHP Manual. Retrieved 2016-03-02.
  5. "9.6 random — Generate pseudo-random numbers". Python v2.6.8 documentation. Retrieved 2012-05-29.
  6. "8.6 random — Generate pseudo-random numbers". Python v3.2 documentation. Retrieved 2012-05-29.
  7. ""Random" class documentation". Ruby 1.9.3 documentation. Retrieved 2012-05-29.
  8. "Design choices and extensions". CMUCL User's Manual. Retrieved 2014-02-03.
  9. "Random states". The ECL manual. Retrieved 2015-09-20.
  10. "Random Number Generation". SBCL User's Manual.
  11. "random". free pascal documentation. Retrieved 2013-11-28.
  12. Random Numbers —GLib Reference Manual
  13. Probability Distributions —Sage Reference Manual
  14. "random number generator". Maple Online Help. Retrieved 2013-11-21.
  15. Random number generator algorithms Documentation Center, MathWorks
  16. GAUSS 14 Language Reference
  17. "RANDOMU (IDL Reference)". Exelis VIS Docs Center. Retrieved 2013-08-23.
  18. Julia Language Documentation — The Standard Library
  19. Random numbers —Scilab Help
  20. New random-number generator—64-bit Mersenne Twister
  21. GNU Octave: §16.3 —Built-in Function: rand
  22. "Random number environment variables". GNU Scientific Library. Retrieved 2013-11-24.
  23. "Randum Number Algorithms". GNU MP. Retrieved 2013-11-21.
  24. <random> Microsoft Developer Network
  25. Random Number Generation in C++11 —Standard C++ Foundation
  26. "std::mersenne_twister_engine". Pseudo Random Number Generation. Retrieved 2012-09-25.
  27. Data Generation —Apache Commons Math User Guide
  28. "boost/random/mersenne_twister.hpp". Boost C++ Libraries. Retrieved 2012-05-29.
  29. "G05 – Random Number Generators". NAG Library Chapter Introduction. Retrieved 2012-05-29.
  30. "Random Number Generators". IBM SPSS Statistics. Retrieved 2013-11-21.
  31. "Using Random-Number Functions". SAS Language Reference. Retrieved 2013-11-21.
  32. Note: 219937 is approximately 4.3 × 106001; this is many orders of magnitude larger than the estimated number of particles in the observable universe, which is 1087.
  33. "Tiny Mersenne Twister (TinyMT)". hiroshima-u.ac.jp. Retrieved 4 October 2015.
  34. P. L'Ecuyer and R. Simard, "TestU01: "A C library for empirical testing of random number generators", ACM Transactions on Mathematical Software, 33, 4, Article 22 (August 2007).
  35. Makoto Matsumoto; Takuji Nishimura. "Dynamic Creation of Pseudorandom Number Generators" (PDF). Retrieved 19 July 2015.
  36. Hiroshi Haramoto; Makoto Matsumoto; Takuji Nishimura; François Panneton; Pierre L’Ecuyer. "Efficient Jump Ahead for F2-Linear Random Number Generators" (PDF). Retrieved 12 Nov 2015.
  37. "mt19937ar: Mersenne Twister with improved initialization". hiroshima-u.ac.jp. Retrieved 4 October 2015.
  38. Matsumoto, Makoto; Nishimura, Takuji; Hagita, Mariko; Saito, Mutsuo (2005). "Cryptographic Mersenne Twister and Fubuki Stream/Block Cipher" (PDF).
  39. P. L'Ecuyer, "Uniform Random Number Generators", International Encyclopedia of Statistical Science, Lovric, Miodrag (Ed.), Springer-Verlag, 2010.
  40. "xorshift*/xorshift+ generators and the PRNG shootout".
  41. Matsumoto, M.; Kurita, Y. (1992). "Twisted GFSR generators". ACM Transactions on Modeling and Computer Simulation 2 (3): 179–194. doi:10.1145/146382.146383.
  42. "std::mersenne_twister_engine". Pseudo Random Number Generation. Retrieved 2015-07-20.
  43. "std::mersenne_twister_engine". Pseudo Random Number Generation. Retrieved 2015-07-20.
  44. Takuji Nishimura; Makoto Matsumoto. "A C-program for MT19937, with initialization improved 2002/1/26.". Retrieved 20 July 2015.
  45. "SIMD-oriented Fast Mersenne Twister (SFMT)". hiroshima-u.ac.jp. Retrieved 4 October 2015.
  46. "SFMT:Comparison of speed". hiroshima-u.ac.jp. Retrieved 4 October 2015.
  47. "PlayStation®3 License". scei.co.jp. Retrieved 4 October 2015.
  48. Mutsuo Saito; Makoto Matsumoto (2010). "Variants of Mersenne Twister Suitable for Graphic Processors". arXiv:1005.4973v3 [cs.MS]. Cite uses deprecated parameter |version= (help)

External links

This article is issued from Wikipedia - version of the Thursday, March 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.