Recent trends in random number and random vector generation

Annals of Operations Research 31 (1991) 323-346 323

RECENT T R E N D S IN R A N D O M N U M B E R A N D R A N D O M V E C T O R G E N E R A T I O N

Harald N I E D E R R E I T E R

hlstitute for hlformation Processing, Auslrian Academy of Sciences, Sonnenfelsgasse 19. A-IOIO Vienna, Austria

A survey of recent work in the areas of uniform pseudorandom number and uniform pseudorandom vector generation is presented. The emphasis is on methods for which a detailed theory is available. A progress report on the construction of quasirandom points for efficient multidimensional numerical integration is also given.

Keywords: Uniform pseudorandom numbers, uniformity test, serial test, lattice test, linear congruential method, nonlinear congruential method, inversive congruential method, digital multistep method, GFSR method, uniform pseudorandom vectors, matrix generator, quasirandom points, discrepancy, multidimensional numerical integration.

1. Introduction

R a n d o m numbers are needed for simulation and testing purposes. In numerical work they are basic ingredients of Monte Carlo methods. A specific appl icat ion which is of great interest for stochastic opt imizat ion is mul t id imensional numerical integration by the Monte Carlo method. For a general discussion of r a n d o m numbers in the context of s imulat ion methods we refer to the book of Bratley, Fox, and Schrage [10].

The task in r andom number generat ion is the following: given a distr ibution funct ion F on the set of real numbers, generate a sequence of numbers which simulates a sequence of i.i.d, r a n d o m variables with distr ibution funct ion F. The s tandard procedure is to break up this task into two steps. In the first step one generates r andom numbers for the un i fo rm distr ibution on the interval [0, 1], i.e. for the distr ibution funct ion defined by U( t ) = 0 for t < 0, U( t ) = t for 0 ~< t ~< 1, and U(t) = I for t > 1. The second step is to t ransform these r a n d o m numbers to fit the target distr ibution F. The second step has been treated at length in the excellent book of Devroye [16]. We concent ra te here on the first step, namely the generat ion of uniform random numbers.

In the compute r age uni form r a n d o m numbers are generated by determinist ic algori thms in the machine. In the case of determinist ic generat ion one speaks of uniform pseudorandom numbers. Methods for generat ing un i form p s e u d o r a n d o m numbers were first devised in the 1940s and by now various substantial ly

�9 J.C. Baltzer A.G. Scientific Publishing Company

324 H. Niederreiter / Random number generation

different algorithms are available. In this paper we present in sections 2, 3, and 4 a survey of recent work in the area of uniform pseudorandom number generation. For an account of earlier work we refer to the book of galuth [42, ch. 3] and to the survey article of Niederreiter [55]. The increased interest in parallel algorithms has inspired recent efforts in uniform pseudorandom vector generation which we discuss in section 5. Section 6 is devoted to advances on the problem of the explicit construction of quasirandom points, i.e. of deterministic points that are particularly useful as nodes for efficient multidimensional numerical integration. We refrain from discussing the recent work on cryptographically strong pseudorandom numbers since it has not yet reached a stage where it is of practical relevance for simulation methods.

The standard algorithms for generating uniform pseudorandom numbers are based on recursive procedures. Because of the finite memory and the fixed word length of the machine, the generated sequences of numbers are then necessarily periodic. Some of the desirable properties of sequences of uniform pseudorandom numbers are the following: long period length, good equidistribution properties. statistical (almost-)independence of successive pseudorandom numbers, little intrinsic structure, and a reasonably fast generation algorithm. Uniform pseudorandom numbers have to pass a variety of statistical tests for randomness in order to be acceptable. A detailed survey of such statistical tests can be found in [42, ch. 3].

We measure deviations from uniformity by using the concept of discrepancy which is defined as follows.

DEFINITION 1 For any N points "b, "'1 . . . . . "'N-~ in the s-dimensional interval [0, 1] s, s > 1,

their discrepancy is defined by

DN ( Ub, "1 . . . . . w N_~ ) = sup I EN ( J ) - V ( J ) [, a

where the supremum is extended over all subintervals J of [0, 1] s with one vertex at the origin, EN(J ) is N -1 times the number of terms among "b, wl . . . . . "'iv- falling into J, and V(J) denotes the volume of J.

Let x 0, x 1 . . . . be an arbitrary sequence of uniform pseudorandom numbers in [0, 1]. For a given s >/1 we consider the sequence of s-dimensional points

x,, = (x,,, x,,+, . . . . . x,,+.,_,) r [0, 11' for n = 0, 1 . . . . (1)

and we define

D~NS)= DN( Xo, x, . . . . . XN_,) (2)

to be the discrepancy of the first N terms of this sequence. The sequence x 0, x~ . . . . of pseudorandom numbers passes the uniformi(v test if D~N 1~ is small

H. Niederreiter / Random number generation 325

for large N: this is a test for equidistribution in [0, 1]. The sequence x 0, x 1 . . . . passes the s-dimensional serial test for some s >/2 if D~7 ) is small for large N; this is a test for the statistical independence of s successive pseudorandom numbers. The theoretical results on these tests that will be discussed in this paper serve as a basis for eliminating " b a d " generators. The remaining "good" generators which pass the uniformity test and the serial test must be subjected to further statistical tests to certify their quality.

For a periodic sequence of numbers or of vectors t,,, n = 0, 1 . . . . . we write per( t , ) for the least period length of the sequence. If x 0, xa . . . . is a purely periodic sequence of uniform pseudorandom numbers in [0, 1], then because of the periodicity it suffices to consider the uniformity test and the serial test for N ~< per(x,) . The results are usually somewhat stronger for the case N = per (x , ) (full period) than for the case N < per(x,,) (parts of the period).

2. The linear congruentiai method

This is the classical method for the generation of uniform pseudorandom numbers which goes back to Lehmer [47]. In this method one chooses a large integer M and then generates a sequence Yo, Yl . . . . of integers with 0 ~< y,, < M by the recursion

3 ; ,+~ -aY , ,+c mod M for n = 0 , 1 . . . . .

where a and c are suitable integers. The finear congruential pseudorandom

numbers x o, x 1 . . . . are obtained by the normalization

1 x , , = - ~ ) ; , for n = 0 , 1 . . . . .

It is clear that we have pe r (x , ) ~< M. On the other hand, conditions are known which guarantee that per(x,,) = M. For instance, this happens if M is a power of 2, a = 1 mod 4. and c is odd (see [42, section 3.2]). Another situation of interest arises if M is prime, a is a primitive root modulo M, c = 0, and Y0 > 0, in which case we have per(x,,) = M - 1.

The structural and statistical properties of linear congruential pseudorandom numbers have been studied extensively; see the surveys in Knuth [42, ch. 3] and Niederreiter [55]. Since our interest is in recent developments, we will not list papers on linear congruential pseudorandom numbers that have already been covered in these earlier surveys. From the practical viewpoint the most important concern is to find explicit parameters M, a, c such that the generated linear congruential pseudorandom numbers satisfy stringent criteria for randomness. The value of the mo.dulus M is usually determined by the word length of the machine and the value of c turns out to be of secondary importance, so that the

326 11. Niederreiter / Random number generation

emphasis is on finding suitable multipliers a for a given M. Here two extensive recent studies have to be mentioned: Fishman and Moore [29] carried out an exhaustive search for suitable multipliers with the prime modulus M = 231 - 1, whereas Fishman [28] carried out an exhaustive search with the modulus M = 232 and a partial search with M = 2 48. m systematic search algorithm for optimal multipliers with respect to the 2-dimensional serial test was developed by Borosh and Niederreiter [8] and a different algorithm for this purpose is due to Denzer and Ecker [15]. General upper and lower bounds for the discrepancy L- Nr~Cs) for linear congruential pseudorandom numbers were established in Niederreiter [58]. Algorithms for the exact calculation of DCN 2) with N = per(xn) were developed by Afflerbach and Weilb~icher [3]. An existence theorem on optimal multipliers for prime power moduli with respect to the 3-dimensional serial test was established by Larcher and Niederreiter [45]; earlier results applied only to prime moduli or to the 2-dimensional serial test.

The intensive research on the linear congruential method has exposed several deficiencies of this method which are well known by now. We list a few of these deficiencies that are relevant for the comparison with other methods to be discussed later in this paper:

(i) The modulus M and therefore the least period length of the generated sequence are bounded in terms of the word length of the machine. For instance, with a 32-bit processor we have to take M ~< 232, unless we want to use costly multiple-precision arithmetic.

(ii) The simple nature of the generation algorithm implies a lot of regularity in sequences of linear congruential pseudorandom numbers. For instance, the discrepancy D~ ~) with N = per (x , ) tends to be very small for most choices of multipliers. Other known regularities in sequences of linear congruential pseudorandom numbers are certain long-range correlations (see de Matteis and Pagnutti [14], Eichenauer-Herrmann and Grothe [24], and Percus and Percus [74]). These regularities can be disruptive in simulations where random irregularities are desired.

(iii) Linear congruential pseudorandom numbers have an unfavorable lattice structure. Concretely, this means that all points Yn = (Y,, Y,,+1 . . . . . . V,,+s-1) E Z '~, 17 = 0, 1 . . . . . lie on a coarse grid or on a union of relatively few such grids (a grid is a shifted sublattice of the s-dimensional integer lattice Zs). See Knuth [42, section 3.3] for the classical results on this property and Afflerbach [1] and Ripley [75] for more recent work.

Important recent developments in uniform pseudorandom number generation can be seen as responses to the challenge of designing a n d / o r analyzing methods that overcome the deficiencies of the linear congruential method. The discussion of these developments is a principal feature of the present article. The results obtained so far show that there are methods which perform better than the linear congruential method in several respects.


3. Other congruential methods

The unfavorable lattice structure of linear congruential pseudorandom numbers, which is listed as deficiency (iii) in section 2, stems from the fact that one uses a simple linear recursion to generate these numbers. Nonl inear recursions in modular arithmetic provide a way of breaking up the coarse lattice structure. Two types of methods that were designed recently, namely the nonlinear congruential method and the inversive congruential method, are based on this idea.

The nonlinear congruential method was introduced by Eichenauer, Grothe, and Lehn [18]. In this method one chooses a large prime p and then generates a sequence Yo, Yl . . . . of integers in Fp = {0, 1 . . . . . p - 1) by the recursion

); ,+1-f(Y,,) mod p for n = 0, 1 . . . . . (3)

where f is an integer-valued function on Fp such that the sequence Y0, Yl . . . . is purely periodic with p e r ( y n ) = p . Then a sequence x 0, x~ . . . . of nonlinear congruential pseudorandom numbers is obtained by setting

1 x , , = ~ y , , for n = 0 , 1 . . . . .

An equivalent description of the generator (3) was shown by Niederreiter [63]. It amounts to the observation that if we identify Fp with the finite field of order p, then there exists a uniquely determined polynomial g over Fp such that 3;, = g(n) for all n ~ Fp and 1 ~< d := deg(g) ~< p - 2. Since ( Yo, Y~ . . . . . yp_ ~ } = Fp, w e have { g(0), g(1) . . . . . g( p - 1)} = Fp, i.e. g is a permutat ion polynomial of Fp (see Lidl and Niederreiter [49, ch. 7] for information on permutat ion polynomials of finite fields). The case d = 1 yields a trivial and uninteresting generator, hence we will always assume that 2 ~< d ~< p - 2.

It is clear that a sequence x 0, x~ . . . . of nonlinear congruential pseudorandom numbers passes the uniformity test when considered over the full period, since in the full period we find exactly all rational numbers in [0, 1) with fixed denominator p. In terms of the one-dimensional discrepancy this says that Dp ~ ) = 1/p. For the uniformity test for parts of the period and for the serial test (both for the full period and for parts of the period) we have results of Niederreiter [64] which we combine into the following theorem.

THEOREM 1 For any nonlinear congruential generator we have

Dy )=O(dp-1/z ( log p ) " ) for 2~<s~<d,

D~N s '=O(dN- 'p l /2 ( log p)S+ ' ) for l ~ < U < p a n d l < ~ s < ~ c t - 1 .

Further results in [64] show that theorem 1 is in general best possible, in the sense that /)(s) can be of an order of magnitude at least p-1/2 and that the - - p

328 H. Niederreiter / Random immber generation

bounds cannot (or need not) hold for dimensions s higher than those allowed in theorem 1.

The number d introduced above is impor tant not only in the context of theorem 1, but d also plays a crucial role for the lattice structure of a nonl inear congruential generator. Let s be a given dimension and let y, , v~ . . . . be the sequence generated by (3). We put

.v,,= ();,. );,+~ . . . . . . I ; ,+~_l )~Fp ~ for n = 0 . 1 . . . . . p - l .

where we view F~;" as an s-dimensional vector space over the finite field Fp. By specializing a general definition of Marsaglia [51]. we arrive at the following notion.

DEFINITION 2 A nonlinear congruential generator passes the s-dimensional lattice test if the

vectors y , - Y0, n = 1, 2 . . . . . p - 1, span the vector space F~;'.

In other words, passing the s-dimensional lattice test means that the points );, only have the trivial lattice structure which stems from the fact that the j;, have integer coordinates. The following result was shown by Eichenauer. Grothe . and Lehn [18] and a simpler proof was given by Niederrei ter [63].

THEOREM 2 A nonlinear congruential generator passes the s-dimensional lattice test exactly

for all s~<d.

However, results on Marsaglia 's lattice test have to be taken with a grain of salt since this test is rather weak. For instance, a cons t ruc t ion of Eichenauer and Niederreiter [23] shows that for any prime p > 5 there exists a nonl inear congruential generator rood p with very bad statistical properties, but which never- theless passes the s-dimensional lattice test for all s ~< p - 2. No te that a nonlinear congruential generator rood p can never pass the s-dimensional lattice test for some s > / p - 1 because of theorem 2 and d~<p - 2.

We now turn to the int, ersiue congruential method. If this method is used with a prime modulus p, then it is actually a special case of the nonl inear congruent ia l method, though one with very interesting features. The inversive congruent ia l method with prime modulus was in t roduced by Eichenauer and Lehn [20]. For c ~ Fp we define f ~ Fp by c~:= 1 rood p if c =/= 0 and ~:= 0 if c = 0. N o w choose p to be a large prime and generate a sequence 3',, Yl . . . . of integers in F~, by the recursion

3 ; , + l - a ? , , + b rood p for n = 0 , 1 . . . . . (4)

where a, b e Fp are constants. It was shown by Eichenauer and Lehn [20] that a, b ~ Fp can be chosen in such a way that the sequence Y0, .vl . . . . is purely


periodic with per();,) = p. A sufficient condition for this is based on the following concept which is discussed in detail in [49].

DEFINITION 3 A monic polynomial f ( x ) over Fp of degree k > 1 is called a primitive

polynomial over Ft, if riO) 4:0 and if the least positive integer e such that f i x ) divides x c - 1 in F,[x] is pk _ 1.

If we now choose a, b ~ Fp such that x 2 - b x - a is a primitive polynomial over Fp, then the sequence Y0, Yl . . . . generated by (4) is purely periodic with per(y,,) = p. We assume that a, b ~ Fp have been chosen in this way. A sequence x o, x I . . . . of inuersive congruential pseudorandom numbers is obtained by

1 x , , = ~ y , , for n = 0 , 1 . . . . .

As in the nonlinear congruential method we have D~ ~ = 1/p for the one-dimensional discrepancy of this sequence. For higher dimensions we have the following result of Niederreiter [68].

THEOREM 3 For any inversive congruential generator with prime modulus p we have

DJ"'=O(p- ' /2(Iog p ) " ) for 2 ~ < s < p .

The next result was proved in Niederreiter [70] and demonstrates that for a positive percentage of the parameters the bound in theorem 3 is essentially best possible.

THEOREM 4 For a positive fraction of the possible parameter pairs (a , b) in the inversive

congruential method with prime modulus p the generated pseudorandom numbers satisfy

Dt(,~)>~Cp-I/2 foral l s>~2,

where C is a positive absolute constant.

The behavior of inversive congruential pseudorandom numbers with prime modulus p under the lattice test was also studied. Eichenauer, Grothe, and Lehn [18] showed that the s-dimensional lattice test is passed for all s ~ ( p - 1 ) /2 and the following slight improvement was obtained by Niederreiter [63].

THEOREM 5 An inversive congruential generator with pr ime modulus p passes the s-dimen-

sional lattice test for all s ~< ( p + 1)/2.

330 H. N i e d e r r e i t e r , / R a n d o m n u m b e r genera t ion

E x a m p l e 1

For the prime modulus p = 2 -~ - 1, possible values of a and b such that the polynomial x 2 - b x - a is primitive over Fr, are given by a = 23~ - 8, b = 231 - 1427039054 (see Grothe [36]). According to theorem 5, the corresponding inversive congruential generator passes the s-dimensional lattice test for all s ~< 2 ~~

A comparison between the linear congruential method and the inversive congruential method with prime modulus reveals that the latter has at least tile following two advantages:

(i) Inversive congruential pseudorandom numbers are vastly superior with respect to lattice structure. Once a, b ~ F e have been chosen such that x 2 - b x - a

is primitive over Fp, then theorem 5 automatically guarantees that the lattice test is passed for a very large range of dimensions. On the other hand, for the linear congruential method one has to work hard to find parameters that yield a nearly opt imal la t t ice structure even for a modest range of dimensions. For instance, if p = 2 - ~ - 1 as in example 1, then an inversive congruential generator with this modulus passes the lattice test for all dimensions s ~< 2 ~~ whereas for the linear congruential method with a modulus of this order or magnitude a considerable computational effort has to be expended to guarantee a nearly optimal lattice structure for all dimensions s ~ 10 (compare with Fishman [28] and Fishman and Moore [29]).

(ii) Sequences of inversive congruential pseudorandom numbers display more irregularity in their distribution. For sequences of linear congruential pseudoran- dora numbers with prime modulus p and least period length p - 1 it is known by a result of Niederreiter [54] that for s > / 2 we have on the average Dp~L~I = O(p -~ ( log p)" log log p). For sequences of inversive congruential pseudorandom numbers theorems 3 and 4 show that on the average Dp ~'~ has an order of magnitude between p - ~ / 2 and p-W2(log p)~. We emphasize that it is in this range of magnitudes where one also finds the discrepancy of p independent and uniformly distributed random points from [0, 1]", according to the law of the iterated logarithm for discrepancies due to Kiefer [40]. In this sense, inversive congruential pseudorandom numbers model truly random numbers more closely than linear congruential pseudorandom numbers.

A computational issue that arises in connection with the recursion (4) is the efficient calculation of g for given c ~ F,. One method is based on the observa- tions that g = c p-2 for all c ~ F, and that c p 2 can be calculated with O(log p) multiplications in F, by using the standard square-and-multiply technique (see [50, p. 347]). A second method calculates k: for c ~ 0 by using the Euclidean algorithm with the integers c and p, and this algorithm will terminate after O(logp) steps (see [42, section 4.5]).

The inversive congruential method may also be applied with composi te moduli, and a particularly convenient choice for practical implementat ions is given by


powers of 2. Let M be a large power of 2 and let G M be the set of all odd integers c with 1 ~< c < M. For c ~ G M let g be the unique element of G,w with cg: - 1 mod M. Now we choose integers a -- 1 mod 4 and b - 2 rood 4 and generate a sequence )b, 3'~ . . . . of elements of Gal by the recursion

) , , + ~ - @ , , + b mod M for n = 0 , 1 . . . . .

A sequence x 0, xa . . . . of pseudorandom numbers is derived by setting

1 x,,=-~-]);, for n = 0 , 1 . . . . .

This method was introduced by Eichenauer, Lehn, and Topuzoglu [22] and it was shown in this paper that the sequence Yo, 3q . . . . is purely periodic with per(),,,) = M / 2 . Therefore the elements in the full period of this sequence run exactly through all elements of G M. From this one sees immediately that for the one-dimensional discrepancy of the sequence x 0, x I . . . . we have D{I} 2 = 1 / M . For the two-dimensional discrepancy it was shown in Niederreiter [68] that D[~/2=O(M-1/2( log M)e), but because of technical difficulties a result for higher dimensions is not yet available. The lattice structure of inversive congruential pseudorandom numbers with modulus M was investigated by Eichenauer- Herrmann, Grothe, Niederreiter, and Topuzoglu [26].

We refer to Eichenauer, Grothe, Lehn, and Topuzoglu [19] and Eichenauer and Lehn [21] for further types of nonlinear congruential generators. We also draw attention to the work of L'Ecuyer [46] and Wichmann and Hill [84,85], among others, on methods of combining several linear congruential generators to im- prove randomness properties.

4. Shift register methods

The pseudorandom numbers to be discussed in this section have already been studied in the literature for a considerable time, but a systematic theory of their equidistribution and statistical independence properties was developed only recently. The algorithms for generating these pseudorandom numbers are based on higher-order linear recursions with a small prime modulus. Such recursions allow a hardware implementation via a simple switching circuit called a linear feedback shift register, hence the name "shift register methods" (see [49, ch. 8] for the design of linear feedback shift registers).

We first collect the necessary background on higher-order linear recursions (see [49, ch. 8] for proofs and more information). Let p be a prime and let k >~ 2 be an integer. A sequence 3'o, Yl . . . . of integers in FI,= {0, 1 . . . . . p - 1 } is called a ( kth-order) linear recurring sequence if

Y,,+k----ak-l.l",,+k-1 + . ' . + a a y , rood p for n = O, 1 . . . . . (5)

332 H. Niederreiter , /Random number generation

where a k_ 1 . . . . . ao ~ Fp are cons tant coefficients. The po lynomia l

f( . , -) = x k - a k _ , x k - ' - . . . - ao, (6)

viewed as a polynomial over the finite field Fp, is called the characteristic polynomial of the linear recurring sequence. Note that the initial values Yo, 3'~ . . . . . . )k--~ and the characteris t ic po lynomia l f comple te ly de te rmine the linear recurring sequence. The sequence Yo, )'1 . . . . genera ted by (5) is per iodic and we have pe r (y , ) ~< p~ - 1. We will assume f rom now on that the character is t ic po lynomia l f is a pr imit ive po lynomia l over F, in the sense of defini t ion 3 and that the initial values Yo, Yl . . . . . . vk-~ are not all 0. In this case the sequence )'i> .)'1 . . . . is purely periodic with per() ; , ) = p k _ 1.

The idea of using higher-order l inear recursions for p s e u d o r a n d o m n u m b e r generat ion had its origin in the 1950s (see e.g. Duparc , Lekkerkerker , and Peremans [17] and van Wi jngaarden [83]), but it received wider d isseminat ion through an article of Tauswor the [79]. One basic issue is how to t r ans form the sequence .)~, 3q . . . . generated by (5) into a sequence of un i fo rm p s e u d o r a n d o m numbers in [0, 1]. No te that normal iza t ion is now not sui table since we think of the modulus p as being small. There are two t r ans fo rma t ion techniques that have proved useful. We will describe them in the sequel.

The first technique is the digital multistep method due to Tauswor the [79]. With the notat ion as above, we choose an integer m with 2 ~< m ~< k and put

n l

x , = Y'~y,,,,,+~_lp-i for n = 0 , 1 . . . . . I/= 1

This means that we obta in the numbers x,, ~ [0. 1) by spli t t ing up the sequence Y0, Yl . . . . into consecut ive strings of length m and then in terpre t ing each str ing as the p-ary expans ion of a n u m b e r in [0, 1). The number s x,, are called digital multistep pseudorandom numbers, or digital k-step pseudorandom numbers if one wants to emphas ize the value of k. The sequence x 0, x I . . . . is purely per iodic with

p a - 1 per(., ' ,,) = g c d ( m , p k _ 1 ) '

We will assume from now on that gcd(m, pk _ 1) = 1, thus guaran tee ing that per(x, ,) - -pk _ 1. Proofs of e lementa ry proper t ies of digital mul t i s tep pseudoran - d o m numbers are given in Lidl and Nieder re i te r [50, ch. 7] and Nieder re i te r [57]. A matr ix- theore t ic approach to these proper t ies can be found in Marsag l ia and Tsay [52].

The second technique of deriving un i fo rm p s e u d o r a n d o m number s f rom the linear recurr ing sequence Y0, .)q . . . . is the GFSR method of Lewis and Payne [48], where G F S R stands for "genera l ized feedback shift register". Here we choose integers m >/2 and //1 . . . . . h,,, >/0 and put

D1

X n = s ~ - J ),,+h,P for n = 0 , 1 . . . . . . j = 1


The numbers x,, ~ [0, 1) are called GFSR pseudorandom numbers. The sequence x 0, x 1 . . . . is purely periodic with p e r ( x , ) = p ~ - 1. If we denote by X,, the string Y,,+h,, . . . . . b,+<, of the p-ary digits of x,,, then (5) implies

X, ,+k-=a k 1 X , , + k _ l + . . . + a . X , , m o d p for n = 0 . 1 . . . . .

where all opera t ions on strings are carr ied out termwise. This provides an efficient a lgor i thm for the generat ion of G F S R p s e u d o r a n d o m numbers . In both tile digital mult is tep method and the G F S R me thod the choice p = 2 is preferred since then the p s e u d o r a n d o m numbers can s imply be genera ted by binary ari thmetic. If we speak collectively of digital mul t i s tep and G F S R p s e u d o r a n d o m numbers , we will use the term shift register pseudorandom numbers.

If x~j, x~ . . . . is a sequence of shift register p s e u d o r a n d o m numbers , then the dis tr ibut ion behavior of the s -dimensional points x,, in (1) depends s t rongly on the value of s. We will make a dist inction between the " low-d imens iona l case" and the "h igh-d imens iona l case". For digital k-s tep p s e u d o r a n d o m number s we are in the low-dimensional case if s <~ k / m and in the high-dimensional case if s > k / m . To present the cor responding case dist inct ion for G F S R p s e u d o r a n d o m numbers , we first observe that the residue class ring F p [ x ] / ( f ) can be viewed as a vector space over Fp, where f is the character is t ic po lynomia l in (6). If h~ . . . . . h,,, are the shift pa ramete r s in the G F S R method, then we consider the following proper ty :

the ms residue classes in Fp[x]/(f) dete rmined by the monomia l s x ~-~+ ' ' ,

1 ~<j ~< m, 1 ~< i ~< s, are linearly independen t over Fp. (7)

m In other words, this p roper ty means that a po lynomia l Y~I=~Y~= ~a,;x ' - l +h, with a , i ~ Fp is divisible by f ( x ) only if all a,, are 0. For G F S R p s e u d o r a n d o m numbers we say then that we are m the low-dimensional case if (7) is satisfied and in the high-dimensional case if (7) is not satisfied. Since F e [ X ] / ( f ) is a vector space of d imension k over Ft,, it is clear that (7) can only hold if s ~ k / m .

In the low-dimensional case for shift register p s e u d o r a n d o m numbers the dis tr ibut ion of the points x,, ~ [0, 1) ~ in (1) over the full per iod can be descr ibed precisely. No te first that all coord ina tes of x,, are ra t ionals with fixed denomina - tor p" . The dis t r ibut ion of the points x,,, n = O, 1 . . . . . pk _ 2, is now as follows: the n u m b e r of n, 0 ~< n ~<pk _ 2, with x,, = 0 is equal to pk- , , , , ._ 1, and for any nonzero c ~ [0, 1) ' all of whose coord ina tes are ra t ionals with d e n o m i n a t o r p " the n u m b e r of n, 0 ~< n ~ < p k _ 2, with x,, = c is equal to pk ...... . Thus we have very nearly an ideal s -d imensional equidis t r ibut ion. The p roof is s t ra igh t forward and goes back to Tauswor the [79] in the case of the digital mul t i s tep method ; see also Lidl and Niederre i te r [50, ch. 7] and Nieder re i te r [61]. Rela ted equidis t r ibu- t ion proper t ies of shift register p s e u d o r a n d o m number s have been s tudied by Arvill ias and Mari tsas [6], Collings [11], Collings and H e m b r e e [12], Fushimi [31,32], Fushimi and Te~/uka [33], Ki rkpa t r i ck and Stoll [41], K o o p m a n [43], Pavlov and P o k h o d z d [73], and Tezuka [81].


The precise description of the distribution of the points x,, in the low-dimensional case allows us to establish an exact formula for their discrepancy over the full period. We write - r = p k - 1, which is the value of per(x , ) . Then in the low-dimensional case we have

D y ' = l - (1 - p - ' " ) ' .

Note that in first approximation this is sp -m and hence can be made arbitrarily small by choosing m, and thus /,', sufficiently large. This formula was shown in Niederreiter [60] for digital multistep pseudorandom numbers and in Niederreiter [61] for GFSR pseudorandom numbers. In the low-dimensional case, upper bounds for D~; ~ with 1 ~< N < r are also available; see Niederreiter [57,67] for the digital multistep method and Niederreiter [61] for the G F S R method.

The study of the serial test for shift register pseudorandom numbers in the high-dimensional case requires more refined techniques that are based on theoretical developments initiated in Niederreiter [56,62]: see also Niederreiter [71] for a brief summary of these techniques. The discrepancy D~/+) now depends strongly on the choice of f and m in the digital multistep method and on the choice of f and h t . . . . . h,,, in the G F S R method. The following definition will be convenient for both methods. We again view F e [ x ] / ( f ) as a vector space over Fp.

DEFINITION 4 Let C = {c i / 1 ~<j ~< m, 1 ~< i ~< s} be a system of ms residue classes c,] in

F , [ x ] / ( f ) which is linearly dependent over Fp. Then we define

p ( C ) = min ~2 d,, i = l

where the minimum is extended over all s-tuples (d~ . . . . . d ,) :# 0 of integers with 0~<d,~<m for 1 ~<i~<s such that the subsystem {c,j: 1 ~<j~<d~, 1 ~<i~<s} is linearly dependent over Fp.

Since F p [ x ] / ( f ) has dimension k over Fp, we always have p ( C ) ~< k + 1. For digital k-step pseudorandom numbers we are in the high-dimensional case if s > k / m . Then the system C 1 of residue classes mod f determined by the monomials x " - I I ' ' '+ j -~ , 1 ~<j~<m, 1 ~< i<~s, is linearly dependent over Fp. We put

r ( ' ) ( f , m) = min (m, p ( C , ) - 1) (8)

and note that always 1 ~< rr m) ~< m ~< k. For G F S R pseudorandom numbers we have the high-dimensional case if the property (7) is not satisfied. Hence the system C 2 of residue classes mod f determined by the monomials x i-~+h,, 1 ~<j~< 177, 1 ~< i ~< s, is linearly dependent over Fp. We write H = (h 1 . . . . . h,,,) for the m-tuple of parameters h 1 . . . . . h,,,. Then we put

r ( ' ) ( f . H ) = m i n (m , p(Cz) - 1) (9)


and note that always 1 ~< r(S)(f, H)~<min(m, k). The following result was shown in Niederreiter [62].

THEOREM 6

For shift register pseudorandom numbers we have in the high-dimensional case

D~) = O( r'- lp-r ),

where r = rC~)(f, m) for the digital multistep method and r = r(~)(f, H) for the GFSR method. The implied constant in the Landau symbol depends only on s and p.

Weaker bounds of the form D} ') = O(m'p -r) were shown earlier by Nieder- reiter [60,61] and in the special case p = 2 for G F S R pseudorandom numbers by Tezuka [80]. Upper bounds for D~ ') with 1 ~< N < ~- are also available in the high-dimensional case and they involve the number r in a similar way as in theorem 6; see Niederreiter [67] for the digital multistep method and Niederreiter [61] for the GFSR method. These results demonstrate that the numbers defined in (8) and (9) have an influence on the order of magnitude of D~ ~~. The following lower bound for the discrepancy (see Niederreiter [61,67]) shows that these numbers play indeed a decisive role.

T H E O R E M 7

For shift register pseudorandom numbers we have in the high-dimensional case

( 1 1 ) D~)~)>~ 2 2p p - r for l~<N~<'r ,

where r is as in theorem 6.

Even in the high-dimensional case, shift register pseudorandom numbers have special uniformity properties which resemble those in the low-dimensional case, provided that the parameters in the generation algorithms are chosen judiciously. The following definition and the subsequent theorem are from Niederreiter [62].

D E F I N I T I O N 5

Let b >~ 2 and 0 ~< t ~< k be integers. A (t, k, s)-net in base b is a set P of b k points in [0, 1)" such that every subinterval J of [0, 1)" of the form

J= h [c,b-e',(ci + 1) b-e') (10) i=1

with integers c i and ei and with V(J) = b t - k contains exactly b' points of P.

It follows from definition 5 that if P is a (t, k, s)-net in base b and J is a subinterval of [0, 1) s of the form (10) with V(J) >1 b t-k, or a disjoint union of


such subintervals, then J contains exactly b x V ( J ) points of P. In particular, definition 5 becomes stronger for smaller values of t.

T H E O R E M 8

In the high-dimensional case for shift register pseudorandom numbers the pk points 0, x 0, x] . . . . . x~_~ in [0, 1) * form a ( k - r, k , s)-net in base p, where i" is as in theorem 6.

It is evident from theorems 6, 7, and 8 that the larger the value of i", the better the distribution properties of the points x,,. For this reason the number r is called the f igure of merit. The maximum value of r is i"= k, in which case the points in theorem 8 form a (0, k, s)-net in base p. However, by [62, corollary 5.11] a (0, k, s)-net in base p can only exist if s ~<p + 1. Therefore, for s >~p + 2 we must have i" < k; in the special case p = 2 for the G F S R method this was proved in Tezuka [82] by a different argument.

In view of the remarks in the previous paragraph, there arises the important task of finding concrete parameters in the generation algorithms such that the corresponding figure of merit is large. In the digital multistep method we have to consider the figure of merit r{S}(f, m) defined in (8). To obtain large values of r~'}( f , m) , we first choose m to be maximal, i.e. we take m = k. Then r{"J(f, k) = o(C1) - 1 by (8), and we are in the high-dimensional case if s >/2. Hence we arrive at the following computat ional problem: given s >/2, k >/2, and the prime p, find a primitive polynomial f over Fp of degree k for which r { ' } ( f , k ) is large. For practical implementations the case p = 2 is of greatest interest. Search algorithms for large values of r{"}(f, k) were devised by Mullen and Niederreiter [53] for s = 2 and by Andr6, Mullen, and Niederreiter [4] for s >/3. Tables of primitive polynomials f over F 2 of degree k with a large value of r{~}(/", k) are given in [53] for s = 2 and 3 ~< k ~< 64, and in [4] for s = 3, 4, 5 and k ~< 32. It is conjectured in [53] that primitive polynomials f over F 2 of degree k with r~ k) = k - 1 exist for all k >/3. For a brief summary of this computat ional work see Niederreiter [71].

Example 2

Use the digital multistep method with p = 2, m = k = 32, and with the characteristic polynomial

f ( x ) = x 32 + x 3l + x 3~ + x 2s + x 27 + x 26 + X 24 -~- X 22 -']- X 21 + X 12 + X 11

9

+ ~ x i. i = 0

Then according to the tables in [4] we have

r{2}(f , 32) = 31, r{3}(f , 32) = r<4}(f, 32) = 25, r{5)(f, 32) = 24.


Therefore the generated digital multistep pseudorandom numbers perform very well under the s-dimensional serial test for 2 ~< s ~< 5.

In connection with search procedures for large values of rr k) it is of interest to have a general existence theorem which guarantees such values. In Niederreiter [67] it was shown that for every prime p and for every s >~ 2 and k >/2 there exists a primitive polynomial f over Fp of degree k with rC~ k) >1 k - c log k, where the constant c depends only on s and p. The proof of this theorem is nonconstructive. An analogous existence theorem for the figure of merit rC~)(f, H ) in the GFSR method was proved in Niederreiter [71] and it says the following. If k >t s >~ 2 and ms > k and if f is a given primitive polynomial over Fp of degree k, then there exists a choice of H = ( h i , . . . , hm) such that

rC~ H)>1 rain(m, [ k - ( s - 1 ) l ogp (m + 1)]),

where logp denotes the logarithm to the base p. In the following we list some advantages of shift register methods over the

linear congruential method: (i) Shift register pseudorandom numbers can be generated faster since in the

standard case p = 2 we use only binary arithmetic rather than modular arithmetic with a very large modulus.

(ii) The least period length of sequences of shift register pseudorandom numbers is not bounded in terms of the word length of the machine. Note that, e.g. in the standard case p = 2, the least period length is 2 k - 1 and that the value of k can be chosen far beyond the word length. The value of k is, in principle, only limited by memory restrictions.

(iii) Shift register pseudorandom numbers are preferable with regard to lattice structure. Theorem 8 shows that a shift register method with well-chosen parameters yields pseudorandom numbers with very little lattice structure. We have of course the trivial lattice structure which stems from the fact that all generated pseudorandom numbers are rationals with fixed denominator pro.

(iv) Shift register pseudorandom numbers are advantageous in applications where strong uniformity properties are desirable, such as numerical integration (compare also with section 6). This is due to the small discrepancy bound that is obtained from theorem 6 when the figure of merit r is large. Results on how small one can make the discrepancy D~ ") by a suitable choice of the parameters can be found in Niederreiter [52,57].

5. Pseudorandom vector generation

Parallel algorithms have recently received increased attention in the Monte Carlo method (see e.g. Bhavsar and Isaac [7]), and for such algorithms we need efficient ways of generating sequences of pseudorandom vectors. As in the earlier

338 H, Niederreiter / Random number generation

sections we concentrate on the uniform case, i.e. we consider k-dimensional pseudorandom vectors (or points) for which the target distribution is the uniform distribution on [0, 1] k. One possibility of generating k-dimensional uniform pseudorandom vectors is to derive them from uniform pseudorandom numbers x o, x~ . . . . by formulas similar to (1), such as

x,,=(x,,~,x,,~.+, . . . . . x,k+a. , ) ~ [ 0 , 1 ] k for n = 0 , 1 . . . . .

However, direct methods of generating uniform pseudorandom vectors are preferable.

Methods for the direct generation of uniform pseudorandom vectors have been proposed by Grothe [34,35], Niederreiter [59], Niki [72], and Tahmi [78], but these methods can all be subsumed into the general category of matrix generators (see Niederreiter [69] for the proof of this statement). For a given dimension k >/2 a matrix generator (with prime modulus) can be described as follows. We choose a large prime p and first generate a sequence z0, z~,.., of k-dimensional row vectors with components in Fp= (0, 1 . . . . . p - 1 } by starting from an initial vector z0 r 0 and using the recursion

. v - A z , T m o d p for n = 0 , 1 , .

where A is a k • k matrix with entries in F e, z v denotes the transpose of the row vector r.. and a congruence between vectors is assumed to hold componentwise. Then a sequence of uniform pseudorandom vectors is obtained by the normalization

1 for p7 = 0, 1 . . . . . U tl ~ - - . , p ~'t,

In order to get the maximal period for given p and k, we impose the condition that A, viewed as a matrix over the finite field Fp, has as its characteristic polynomial a primitive polynomial over Fp in the sense of definition 3. Then the sequence u 0, u~ . . . . is purely periodic with per (u , ) = p k _ 1 (see Grothe [34]).

It is easy to see that in the full period the u, attain each value p-ac, where c is any nonzero element of Fp k, exactly once. Therefore we obtain an almost ideal k-dimensional equidistribution over the full period. In analogy with the serial test for uniform pseudorandom numbers we consider now the statistical independence of successive pseudorandom vectors. For a given integer s >/2 we define the sequence of points

v , , = ( u , , u , , + , . . . . . u,,+,_,) ~ [0,1] k' for n = 0 , 1 . . . . (11)

and we let

D~ ~ = DN(V0, vl . . . . . VN-1)

be the discrepancy of the first N terms. Again we want D~ ~) to be small for large N. Bounds for D~ ~) in the case of matrix generators were established in Nieder-


reiter [69]. For simplicity we report only on the results for N = pk _ 1 =: ~-, i.e. the case of the full period, although results are also available for 1 ~< N < ~-.

We first have to introduce some notation. For a ks-dimensional point h = (h 1 . . . . . . hks ) we put

ks

R(h) = H max( l , 21h, I). i=1

Then for any s >~ 2 we define the figure of merit

p'S'(A, p)= rain R(n), where the minimum is extended over all nonzero h -- (h 0, h 1 . . . . . hs_l) with each hj being a k-dimensional row vector with integer components in ( - p / 2 , p/2] such that the vector congruence

s- - I

Y'. hjA j -- 0 mod p j = 0

holds. Now we have the following upper bound.

T H E O R E M 9

For uniform pseudorandom vectors produced by a matrix generator we have

D , ~ " < I - 1 - ~ - f o r a n y s>~2.

The bound in theorem 9 is essentially best possible, as is demonstrated by the following result in Niederreiter [69].

T H E O R E M 10

For uniform pseudorandom vectors produced by a matrix generator we have

D, C'l>/max 1 - 1 - ~ , p(,)(A ' p) for a n y s > / 2 ,

where C(k, s) is a positive constant which depends only on k and s.

It follows from theorem 9 and 10 that in order to get a small discrepancy, the quantity p{S~(A, p) should be as large as possible - hence its name "figure of merit". It is not difficult to show that we always have 2 4 #C~ p) 4 2p k. On the other hand, for every prime p and every s >/2 and k >/2 there exists a k x k matrix A over F~ with primitive characteristic polynomial such that p{S~(A, p) is at least of the order of magnitude pk, up to logarithmic factors. See [69] for these results.

The points pv,,, n = 0, 1 . . . . . with % given by (11), have a lattice structure in ks-dimensional space which was investigated by Afflerbach and Grothe [2] and


Grothe [36]. Computational results on the lattice structure of specific matrix generators can be found in Grothe [36].

Matrix generators can also be defined with composite moduli. Discussions of the least period length of matrix generators with such moduli are contained in Eichenauer-Herrmann, Grothe, and Lehn [25] and Tahmi [78].

6. Quasirandom points

For purposes of multidimensional numerical integration by the Monte Carlo method it is advantageous to replace random (or pseudorandom) samples by deterministic nodes which have been specially constructed to possess excellent distribution properties. In what follows we normalize the integration domain to be [0, 1]L Sets (or sequences) of deterministic points in [0, 1]" with small discrepancy are called sets (respectively sequences) of quasirandom points. Note that we do not require that quasirandom points pass any of the standard statistical tests for randomness.

We first explain the reason for the usefulness of quasirandom points in multidimensional numerical integration. The crucial fact is that the integration error incurred by the basic Monte Carlo approximation can be bounded de- terministically once the nodes are deterministic. For instance, if the integrand g has bounded variation v(g) on [0, 1] s and if the nodes w, . . . . . w N have discrepancy D u = D u ( w l . . . . . WN), then the classical Koksma-Hlawka inequality (see Hlawka [38] and Kuipers and Niederreiter [44, ch. 2]) yields the error bound

fl0 g ( x ) d x - 1 N g(w,) , g ) ,v. .11' N y" ~< v{ D n = l

To make this error bound as small as we possibly can for a given integrand g, we have the freedom to choose nodes w 1 . . . . . w u with a small discrepancy. In this way we arrive at the conclusion that the nodes should form a set of quasirandom points. In order to have the flexibility of being able to change N without losing previously computed function values, it is convenient to work with a sequence w~,w 2 . . . . of deterministic nodes with the property that the discrepancy D N of the first N terms of the sequence is small for all N, i.e. we work with a sequence of quasirandom points. Numerical methods which are derived from Monte Carlo methods by replacing random sampling by a deterministic scheme are generically called quasi-Monte Carlo methods. Expository accounts of quasi-Monte Carlo methods can be found in the book of Hua and Wang [39] and in the survey articles of Niederreiter [55,65]. For a discussion of quasi-Monte Carlo methods with special reference to numerical integration problems arising in stochastic optimization see the survey article of Defik [13]. A rule of thumb says that quasi-Monte Carlo methods work well for moderately large dimensions, say for s~< 20.

H. Niedelv'eiter / Random number generation 341

The explicit construction of sequences of quasirandom points (also called low-discrepancy sequences) is a challenging problem on which significant advances have been achieved in recent years. We refer to the expository works cited above for the complete history of this problem. Here we only outline the main points in this history. The first important result is due to Halton [37] who constructed for any dimension s a sequence of points in [0, 1] +3 such that the discrepancy O N of its first N terms satisfies

Du<~C~U-t ( log N ) s fora l l N>~2. (12)

The constant C s depends only on s+ but it increases superexponentially as s ~ ~ . This makes the discrepancy bound (12) practically useless for large dimensions. On the other hand, the order of magnitude N- t ( log N ) s could not be improved until now, and it is in fact conjectured that this order of magnitude is best possible (see Schmidt [76] for the proof of this conjecture in the case s = 1 and Kuipers and Niederreiter [44, ch. 2] for lower bounds o n O N for s >/2).

Improvements on Halton's construction were obtained with regard to the size of the constants Q in (12). The next step was taken by Sobol' [77] whose construction yielded smaller values of C s, but they still increase superexponentially as s ~ ~ . The construction of Sobol' has the additional advantage that it works with the binary number system, and so it can be conveniently implemented (see Antonov and Saleev [5] and Bratley and Fox [9] for computer implementations). A major improvement was achieved by Faure [27] who constructed for any dimension s a sequence of points in .[0, 1]" such that the discrepancy D u of its first N terms satisfies

D u < ~ Q N - t ( l o g U ) S + o ( u - l ( l o g U ) s- l ) fora l l U>~2, (13)

where we have lim,_~o C,--0 . The construction of the s-dimensional Faure sequence works with the p+.-ary number system, where p, is the least prime >/s. See Fox [30] for an implementation of the Faure sequence. The sequences of Sobol' and Faure satisfy strong uniformity properties which are special instances of the following general definition of Niederreiter [62].

DEFINITION 6 Let b >/2 and t >/0 be integers. A sequence w 1, w 2 . . . . of points in [0, 1) .3 is

called a (t, s)-sequence in base b if for all integers m >/0 and k > t the point set ( w,,: mb k < n <~ (m + 1)b k } is a (t, k, s)-net in base b in the sense of definition 5.

The construction of Sobol' yields (t, s)-sequences in base 2 with values of t that depend on s, and the construction of Faure yields (0, s)-sequences in base p+., where p, is as above. More recent constructions of Niederreiter [62,65] yield (0, s)-sequences in prime power bases >/s.


A general cons t ruc t ion of (t , s ) - sequences in base b, where s and b are a rb i t r a ry and t depends in a known way on s and b, was given by N ie de r r e i t e r [66]. If one opt imizes the pa rame te r s in this cons t ruc t ion , then for any d imens ion s >/2 one ob ta ins the best sequences of q u a s i r a n d o m po in t s that are ava i lab le today. These sequences are ( t(s) , s ) - sequences in a su i tab le base b(s) with a re la t ively small value of t(s). The d i sc repancy D N of the first N terms of such a sequence satisfies (13) with a value of C s which tends to 0 at a supe rexponen t i a l ra te as s ~ o e . A table of these values of C s for 1~<s~<20 can be found in Nieder re i t e r [66].

Example 3

F o r s = 4 the cur ren t ly smal les t value of C s in (13) is o b t a i n e d by choos ing a (1, 4)-sequence in base 3; then we get C 4 = 0.0858 ( r o u n d e d to three s igni f icant digits). F o r s = 10 the cur ren t ly smal les t value of C s in (13) is o b t a i n e d by choos ing a (0, 10)-sequence in base 11; then C10 = 0.000428 ( r o u n d e d to three s ignif icant digits).

References

[1] L. Afflerbach, The sub-lattice structure of linear congruential random number generators, Manuscripta Math. 55 (1986) 455-465.

[2] L. Afflerbach and H. Grothe, The lattice structure of pseudo-random vectors generated by matrix generators, J. Comp. Appl. Math. 23 (1988) 127-131.

[3] L. Afflerbach and R. Weilb~icher, The exact determination of rectangle discrepancy for linear congruential pseudorandom numbers, Math. Comp. 53 (1989) 343-354.

[4] D.A. Andrr, G.L. Mullen and H. Niederreiter, Figures of merit for digital multistep pseudorandom numbers, Math. Comp. 54 (1990) 737-748.

[5] I.A. Antonov and V.M. Saleev, An economic method of computing LP,-sequences (Russian), Zh. Vychisl. Mat. i Mat. Fiz. 19 (1979) 243-245.

[6] A.C. Arvillias and D.G. Maritsas, Partitioning the period of a class of m-sequences and application to pseudorandom number generation, J. ACM 25 (1978) 675-686.

[7] V.C. Bhavsar and J.R. Isaac, Design and analysis of parallel Monte Carlo algorithms, SIAM J. Sci. Statist. Comp. 8 (1987) s73-s95.

[8] I. Borosh and H. Niederreiter, Optimal multipliers for pseudo-random number generation by the linear congruential method, BIT 23 (1983) 65-74.

[9] P. Bratley and B.L. Fox, Algorithm 659: Implementing Sobol's quasirandom sequence generator, ACM Trans. Math. Software 14 (1988) 88-100.

[10] P. Bratley, B.L. Fox and L.E. Schrage, A Guide to Simulation, 2nd ed. (Springer, New York, 1987).

[11] B.J. Collings, String decomposition of full-period Tausworthe sequences, Comm. Statist. Simulation Comp. 16 (1987) 673-678.

[12] B.J. Collings and G.B. Hembree, Initializing generalized feedback shift register pseudorandom number generators, J. ACM 33 (1986) 706-711; Addendum, ibid. 35 (1988) 1001.


[13] I. Defik, Multidimensional integration and stochastic programming, Numerical Techniques for Stochastic Optimization, eds. Yu. Ermoliev and R.J.-B. Wets (Springer, Berlin, 1988) pp. 187-200.

[14] A. de Matteis and S. Pagnutti, Parallelization of random number generators and long-range correlations, Numer. Math. 53 (1988) 595-608.

[15] V. Denzer and A. Ecker, Optimal multipliers for linear congruential pseudo-random number generators with prime moduli, BIT 28 (1988) 803-808.

[16] L. Devroye, Non-Uniform Random Variate Generation (Springer, New York, 1986). [17] H.J.A. Duparc, C.G. Lekkerkerker and W. Peremans, Reduced sequences of integers and

pseudo-random numbers, Report ZW 1953-002, Math. Centrum, Amsterdam (1953). {18] J. Eichenauer, H. Grothe and J. Lehn, Marsaglia's lattice test and non-linear congruential

pseudo random number generators, Metrika 35 (1988) 241-250. [19] J. Eichenauer, H. Grothe, J. Lehn and A. Topuzo~,lu, A multiple recursive nonlinear congruen-

tial pseudo random number generator, Manuscripta Math. 59 (1987) 331-346. [20] J. Eichenauer and J. Lehn, A non-linear congruential pseudo random number generator,

Statist. Papers 27 (1986) 315-326. [21] J. Eichenauer and J. Lehn, On the structure of quadratic congruential sequences, Manuscripta

Math. 58 (1987) 129-140. [22] J. Eichenauer, J. Lehn and A. Topuzo~,lu, A nonlinear congruential pseudorandom number

generator with power of two modulus, Math. Comp. 51 (1988) 757-759. [23] J. Eichenauer and H. Niederreiter, On Marsaglia's lattice test for pseudorandom numbers,

Manuscripta Math. 62 (1988) 245-248. [24] J. Eichenauer-Herrmann and H. Grothe, A remark on long-range correlations in multiplicative

congruential pseudorandom number generators, Numer. Math. 56 (1989) 609-611. [25] J. Eichenauer-Herrmann, H. Grothe and J. Lehn, On the period length of pseudorandom

vector sequences generated by matrix generators, Math. Comp. 52 (1989) 145-148. [26] J. Eicbenauer-Herrmann, H. Grotbe, H. Niederreiter and A. Topuzo~lu, On the lattice

structure of a nonlinear generator with modulus 2", J. Comp. Appl. Math. 31 (1990) 81-85. [27] H. Faure, Discrrpance de suites associres hun syst~me de numrration (en dimension s), Acta

Arith. 41 (1982) 337-351. [28] G.S. Fishman, Multiplicative congruential random number generators with modulus 2~: An

exhaustive analysis for 13 = 32 and a partial analysis for 13 = 48, Math. Comp. 54 (1990) 331-344.

[29] G.S. Fishman and L.R. Moore, An exhaustive analysis of multiplicative congruential random number generators with modulus 231 - 1, SIAM J. Sci. Statist. Comp. 7 (1986) 24-45; Erratum, ibid. 7 (1986) 1058.

[30] B.L. Fox, Algorithm 647: Implementation and relative efficiency of quasirandom sequence generators, ACM Trans. Math. Software 12 (1986) 362-376.

[31] M. Fushimi, Increasing the orders of equidistribution of the leading bits of the Tausworthe sequence, Inf. Process. Lett. 16 (1983) 189-192.

[32] M. Fushimi, Designing a uniform random number generator whose subsequences are k-distributed, SIAM J. Comput. 17 (1988) 89-99.

[33] M. Fushimi and S. Tezuka, The k-distribution of the generalized feedback shift register pseudorandom numbers, Comm. ACM 26 (1983) 516-523.

[34] H. Grothe, Matrixgeneratoren zur Er-zeugung gleichverteilter Zufallsvektoren, Zufallszahlen and Simulationen, eds. L. Afflerbach and J. Lehn (Teubner, Stuttgart, 1986) pp. 29-34.

[35] H. Grothe, Matrix generators for pseudo-random vector generation, Statist. Papers 28 (1987) 233-238.

[36] H. Grothe, Matrixgeneratoren zur Erzeugung gleichverteilter Pseudozufallsvektoren, Disserta- tion, Techn. Hochschule Darmstadt (1988).

344 H. Niederrei ter / R a n d o m n u m b e r generation

[37] J.H. Halton, On the efficiency of certain quasi-random sequences of points in evaluating multi-dimensional integrals, Numer. Math. 2 (1960) 84-90: Berichtigung, ibid. 2 (1960) 196.

[38] E. Hlawka, Funktionen von beschrfinkter Variation in der Theorie der Gleichverteilung, Ann. Mat, Pura Appl. 54 (1961) 325-333.

[39] L.K. Hua and Y. Wang, Applications of Number Theo(v to Numerical Analysis (Springer, Berlin, 1981).

[40] J. Kiefer, On large deviations of the empiric d.f. of vector chance variables and a law of the iterated logarithm, Pacific J. Math. 11 (1961) 649-660.

[41] S. Kirkpatrick and E.P. Stoll, A very fast shift-register sequence random number generator. J. Comput. Phys. 40 (1981) 517-526.

[42] D.E. Knuth, The Art of Computer Programming, Vo/. 2: Semmumerical Algorithms, 2nd ed. (Addison-Wesley, Reading. MA, 1981).

[43] R.F. Koopman. The orders of equidistribution of subsequences of some asymptotically random sequences, Comm. ACM 29 (1986) 802-806.

[44] L. Kuipers and H. Niederreiter, UniJbrm Distrihution of Sequences (Wiley, New York, 1974). [45] G. Larcher and H. Niederreiter, Optima[ coefficients modulo prime powers in the three-dimen-

sional case. Ann. Mat. Pura Appl. 155 (1989) 299-315. [46] P. L'Ecuyer, Efficient and portable combined random number generators, Comm. ACM 31

(1988) 742-749, 774. [47] D.H. Lehmer, Mathematical methods in large-scale computing units, Proc. 2rid Syrup. on

Large-Scale Digital Calculating Machineo', Cambridge, MA, 1949 (Harvard Univ. Press, Cambridge, MA. 1951) pp. 141-146.

[48] T.G. Lewis and W.H. Payne, Generalized feedback shift register pseudorandom number algorithna, J. ACM 20 (1973) 456-468.

[49] R. Lidl and H. Niederreiter, Finite Fields (Addison-Wesley, Reading, MA, 1983). [50] R. Lidl and H. Niederreiter, Introduction to Finite Fiehls and Their Applications (Cambridge

Univ. Press, Cambridge, 1986). [51] G. Marsaglia, The structure of linear congruential sequences, in: Applications of Number

Theory to Numerical Analysis, ed. S.K. Zaremba (Academic Press, New York, 1972) pp. 249-285.

[52] G. Marsaglia and L.-H. Tsay, Matrices and the structure of random number sequences, Linear Algebra Appl. 67 (1985) 147-156.

[53] G.L. Mullen and H. Niederreiter, Optimal characteristic polynomials for digital multistep pseudorandom numbers, Computing 39 (1987) 155-163.

[54] H. Niederreiter. Pseudo-random numbers and optimal coefficients, Adv. Math. 26 (1977) 99-18l.

[55] H. Niederreiter, Quasi-Monte Carlo methods and pseudo-random numbers, Bull. Amer. Math. Soc. 84 (1978) 957-1041.

[56] H. Niederreiter, Applications des corps finis aux hombres pseudo-al~atoires, SOre. Th~orie des Nombres 1982-1983, Exp. 38, Univ. de Bordeaux I, Talence (1983).

[57] H. Niederreiter, The performance of k-step pseudorandom number generators under the uniformity test, SIAM J. Sci. Statist. Comp. 5 (1984) 798-810.

[58] H. Niederreiter, The serial test for pseudo-random numbers generated by the linear congruential method, Numer. Math. 46 (1985) 51-68.

[59] H. Niederreiter, A pseudorandom vector generator based on finite field arithmetic, Math. Japonica 31 (1986) 759-774.

[60] H. Niederreiter, Pseudozufallszablen und die Theorie der Gleichverteilung, Sitzungsber. Osterr. Akad. Wiss. Math.-Naturwiss. KI. Abt. It 195 (1986) 109-138.

[61] H. Niederreiter, A statistical analysis of generalized feedback shift register pseudorandom number generators, SIAM J. Sci. Statist. Comp. 8 (1987) 1035-1051.


[62] H. Niederreiter, Point sets and sequences with small discrepancy, Monatsh. Math. 104 (1987) 273-337.

[63] H. Niederreiter, Remarks on nonlinear congruential pseudorandom numbers, Metrika 35 (1988) 321-328.

[64] H. Niederreiter, Statistical independence of nonlinear congruential pseudorandom numbers, Monatsh. Math. 106 (1988) 149-159.

[65] H. Niederreiter, Quasi-Monte Carlo methods for multidimensional numerical integration, Numerical lntegrotion Ili, eds. H. Brass and G. Hfimmerlin, Int. Series of Num. Math., 85 (Birkh~iuser, Basel, 1988) pp. 157-171.

[66] H. Niederreiter. Low-discrepancy and low-dispersion sequences, J. Number Theory 30 (1988) 51-70.

[67] H. Niederreiter, The serial test for digital k-step pseudorandom numbers, Math. J. Okayama Univ. 30 (1988) 93-119.

[68] H. Niederreiter, The serial test for congruential pseudorandom numbers generated by inver- sions, Math. Comp. 52 (1989) 135-144.

[69] H. Niederreiter, Statistical independence properties of pseudorandom vectors produced by matrix generators, J. Comp. Appl. Math. 31 (1990) 139-151.

I70] H. Niederreiter, Lower bounds for the discrepancy of inversive congruential pseudorandom numbers, Math. Comp. 55 (1990) 277-287.

[71] H. Niederreiter, Pseudorandom numbers generated from shift register sequences, in: Zahlentheoretische Analysis, Springer Lecture Notes in Math., to appear.

[72] N. Niki, Finite field arithmetics and multidimensional uniform pseudorandom numbers (Japanese), Proc. Inst. Statist. Math. 32 (1984) 231-239.

[73] A.I. Pavlov and B.B. Pokhodze'/, Pseudo-random numbers generated by linear recurrence relations over a finite field (Russian), Zb. Vychisl. Mat. i Mat. Fiz. 19 (1979) 836-842.

[74] O.E. Percus and J.K. Percus, Long range correlations in linear congruential generators, J. Comput. Phys. 77 (1988) 267-269.

[75] B.D. Ripley, The lattice structure of pseudo-random number generators, Proc. Roy. Soc. London Ser. A 389 (1983) 197-204.

[76] W.M. Schmidt, Irregularities of distribution VII, Acta Arith. 21 (1972) 45-50. [77] I.M. Sobol', The distribution of points in a cube and the approximate evaluation of integrals

(Russian), Zh. Vychisl. Mat. i Mat. Fiz. 7 (1967) 784-802. {78] E.A.D.E. Tahmi, Contribution aux g6n4rateurs de vecteurs pseudo-al4atoires, Th4se, Univ. Sci.

Tecbn. H. Boumedienne, Algiers (1982). [79] R.C. Tausworthe, Random numbers generated by linear recurrence modulo two, Math. Comp.

19 (1965) 201-209. [80] S. Tezuka, On the discrepancy of GFSR pseudorandom numbers, J. ACM 34 (1987) 939-949. [81] S. Tezuka, A heuristic approach for finding asymptotically random GFSR generators, J. Inf.

Proc. 10 (1987) 178-182. [82] S. Tezuka, On optimal GFSR pseudorandom number generators, Math. Comp. 50 (1988)

531-533. [83] A. van Wijngaarden, Mathematics and computing, Proc. Syrup. on Automatic Digital Computa-

tion, London, 1954 (H.M. Stationery Office, London, 1954) pp. 125-129. [84] B.A. Wichmann and I.D, Hill, An efficient and portable pseudo-random number generator,

Appl. Star. 31 (1982) 188-190: Corrections, ibid. 33 (1984) 123. [85] B.A. Wichmann and I.D. Hill, Building a random-number generator, Byte 12, no. 3 (1987)

127-128.

Documents

Recent trends in random number and random vector generation