Pseudorandom number generator based on the Bernoulli map on cubic algebraic integers
aa r X i v : . [ m a t h . N T ] J un Pseudorandom number generator based on the Bernoulli map oncubic algebraic integers
Asaki Saito ∗ and Akihiro Yamaguchi Future University Hakodate, 116-2 Kamedanakano-cho,Hakodate, Hokkaido 041-8655, Japan Fukuoka Institute of Technology, 3-30-1 Wajiro-higashi,Higashi-ku, Fukuoka 811-0295, Japan (Dated: June 27, 2017)
Abstract
We develop a method for generating pseudorandom binary sequences using the Bernoulli mapon cubic algebraic integers. The distinguishing characteristic of our generator is that it generateschaotic true orbits of the Bernoulli map by exact computation. In particular, we clarify a wayto properly prepare a set of initial points (i.e., seeds), which is needed when generating multiplepseudorandom sequences. With this seed selection method, we can distribute the initial pointsalmost uniformly in the unit interval and can also guarantee that the orbits starting from themdo not merge. We also report results of a large variety of tests indicating that the generatedpseudorandom sequences have good statistical properties as well as an advantage over what isprobably the most popular generator, the Mersenne Twister MT19937.
PACS numbers: 05.45.-a ∗ Electronic address: [email protected] . INTRODUCTION A random sequence is a sequence of numbers that are a typical sample of independentlyidentically distributed random variables, and it cannot be generated by a deterministic algo-rithm (cf., e.g., Refs. [1, 2]). A pseudorandom sequence, i.e., a computer-generated sequencethat appears similar to a random one, is therefore not random at all, but has a wide range ofapplications, such as Monte Carlo methods, probabilistic algorithms, and cryptography [3].In order to generate such pseudorandom sequences, various pseudorandom number genera-tors have been proposed, including linear congruential generators [4], linear feedback shiftregisters [5], and the Mersenne Twister [6]. Of all the generators, MT19937 [6], a version ofthe Mersenne Twister, is probably the most popular one at this time. MT19937 can pro-duce, at very high speed, a pseudorandom sequence having an “astronomically” long periodof length 2 − binary se-quences. One of the mathematically simplest and soundest ways to generate (pseudo-)random binary sequences is to use the Bernoulli map. Also known as the doubling map,the dyadic map, or the 2 x modulo 1 map, the Bernoulli map is a map on the half-open unitinterval [0 ,
1) given by M B ( x ) = x if x ∈ [0 , / x − x ∈ [1 / , . Note that the repeated tossing of a fair coin is modeled by the one-sided Bernoulli shift on { , } N with 0 and 1 having equal weight 1 /
2, and this Bernoulli shift is measure-theoreticallyisomorphic to M B (cf., e.g., Ref. [7]). Thus, M B can produce binary sequences equivalent tothose obtained by tossing a fair coin. However, it is well known that one cannot simulate M B with conventional simulation methods such as those using double-precision binary floating-point numbers or arbitrary-precision rational numbers (see, e.g., Refs. [8, 9]). This is because,2or M B , finite binary decimals on [0 ,
1) are eventually fixed points (i.e., points that reachthe fixed point at x = 0 after finitely many iterations) and because rational numbers on[0 ,
1) are eventually periodic points (i.e., points that reach a periodic point after finitelymany iterations). For this reason, a computational method that realizes pseudorandomnumber generation using M B has not been proposed [10] (except for our previous study[11]), although pseudorandom number generators based on chaotic dynamics have been verywidely studied for many decades [12–14].On the other hand, orbit computations using algebraic numbers other than rational oneshave been performed in the fields of number theory and arithmetic dynamics (e.g., Refs. [15–19]). Also, by using our methods to achieve exact simulations of piecewise linear and linearfractional maps [20, 21], one can generate errorless true orbits displaying the same statisticalproperties as typical orbits of M B (as well as those of the tent map and the baker’s trans-formation; cf. [10]). In particular, by using true orbits on quadratic algebraic integers, wesucceeded in realizing a pseudorandom number generator using M B [11]. To our knowledge,the generator of Ref. [11] is the only one that has a direct connection to the repeated tossingof a fair coin, but we can expect that we can establish such generators having good statis-tical properties also by using algebraic integers of degree three or more. In order to realizesuch generators, however, we particularly need to resolve the issue described below. Whenproposing a pseudorandom number generator, it is desirable to simultaneously disclose howone can properly perform seed selection, especially in the case where one needs multipleseeds to generate more than one pseudorandom sequence. In particular, such a methodfor selecting initial points (i.e., seeds) is indispensable for a generator based on true orbits:In true orbit computations, the longer a true orbit, the higher the computational cost ofgenerating it. Therefore, the computational cost can be markedly lowered by generating anumber of relatively short true orbits. We could establish such a seed selection method inthe case of quadratic algebraic integers, but algebraic numbers of different degrees are quitedistinct from each other, and it is unclear even whether such a seed selection method existsin the case of algebraic integers of degree three or more.In this paper, we realize a pseudorandom number generator using chaotic true orbits ofthe Bernoulli map on cubic algebraic integers. We also devise, for the cubic case, a seedselection method for generating multiple pseudorandom binary sequences. Moreover, wedemonstrate the ability of our generator by performing two kinds of computer experiments:3xtensive statistical testing and a comparison with MT19937. II. PROPOSED PSEUDORANDOM NUMBER GENERATOR
In this study, we use cubic algebraic integers to simulate the Bernoulli map M B . A cubicalgebraic integer is a complex number that is a root of a monic irreducible cubic polynomial x + bx + cx + d with b, c, d ∈ Z (see, e.g., Ref. [22] for a detailed explanation of algebraicintegers). M B maps any cubic algebraic integer in the open unit interval (0 ,
1) to a cubicalgebraic integer in (0 , S and S , and a map π from ¯ S to S . Let ¯ S be the set of all( b, c, d ) ∈ Z satisfying the following three conditions: (i) b − c ≤ (ii) d < (iii) b + c + d > S . If we consider a function f : R → R , given by f ( x ) = x + bx + cx + d with ( b, c, d ) ∈ ¯ S , we see from (i) that f is strictly monotonically increasing. Thus, f has a unique real root, denoted by α . We also see from (ii) and (iii) that f (0) < f (1) >
0, which implies α ∈ (0 , α / ∈ Z , we see that α is a cubic algebraic integer.Also, let S be the set of all cubic algebraic integers in (0 ,
1) that are roots of x + bx + cx + d with ( b, c, d ) ∈ ¯ S . We can define a map π from ¯ S to S by assigning each ( b, c, d ) ∈ ¯ S theunique real root α ∈ S of x + bx + cx + d . It is easy to see that π : ¯ S → S is a bijection.In the following, we represent α ∈ S with ( b, c, d ) = π − ( α ) ∈ ¯ S . M B maps α ∈ S to α ′ = 2 α mod 1. As already mentioned, α ′ is a cubic algebraic integerin (0 , α ′ ∈ S as follows. Let ( b, c, d ) be the representation of α ,and let x + b ′ x + c ′ x + d ′ be the minimal polynomial of α ′ . Then, the coefficients b ′ , c ′ , d ′ are given as follows:If α ∈ (0 , / b ′ c ′ d ′ = bcd . (1a)4 - - - FIG. 1: Part of ¯ S . The dots represent elements of ¯ S . If α ∈ (1 / , b ′ c ′ d ′ = bcd + . (1b)Equation (1a) (resp. Eq. (1b)) is obtained by substituting α = α ′ / α = ( α ′ + 1) / x + bx + cx + d = 0. It is easy to confirm that ( b ′ , c ′ , d ′ ) satisfies the conditions (i),(ii), and (iii), which implies α ′ ∈ S .Equation (1) gives the explicit form of π − ◦ M B ◦ π , i.e., the transformation on ¯ S corre-sponding to M B . We denote this transformation by ¯ M B . Note that ¯ M B gives the represen-tation ( b ′ , c ′ , d ′ ) of α ′ from the representation ( b, c, d ) of α . This transformation is exactlycomputable by using only integer arithmetic. Incidentally, we see easily that ( b, c, d ) with b − c < b ′ , c ′ , d ′ ) with b ′ − c ′ <
0, and that ( b, c, d ) with b − c = 0 ismapped to ( b ′ , c ′ , d ′ ) with b ′ − c ′ = 0.One has to exactly determine whether a given α ∈ S is in (0 , /
2) or (1 / ,
1) in order togenerate true orbits of M B on S , thereby obtaining pseudorandom binary sequences. Let α be represented by ( b, c, d ) ∈ ¯ S , and let f ( x ) = x + bx + cx + d . This determination canbe made easily by evaluating the sign of f (1 / f (1 / >
0, then α ∈ (0 , / f (1 / <
0, then α ∈ (1 / , f (1 / b + 4 c + 8 d . Therefore, one can exactly determine whether α ∈ (0 , /
2) or not by using only integer arithmetic. Consequently, one can generate a true orbit5 ( b n , c n , d n ) } n =0 , , , ··· of ¯ M B starting from an initial point ( b , c , d ) ∈ ¯ S , where ( b n , c n , d n ) =¯ M nB ( b , c , d ). In order to obtain a pseudorandom binary sequence { ǫ n } n =0 , , , ··· , all one hasto do is let ǫ n = 0 if 1 + 2 b n + 4 c n + 8 d n > ǫ n = 1 if 1 + 2 b n + 4 c n + 8 d n <
0, in thecourse of generating a true orbit.
III. SEED SELECTION METHOD
In this section, we consider how to select initial points (i.e., seeds). Because α representedby ( b, c, d ) ∈ ¯ S is irrational, its binary expansion is guaranteed to be nonperiodic. Thus,one can choose any ( b, c, d ) ∈ ¯ S as an initial point in the sense that at least one obtainsa nonperiodic binary sequence. It is worth noting that the binary sequence obtained from( b, c, d ) ∈ ¯ S is not only guaranteed to be nonperiodic. In fact, it is widely believed thatevery irrational algebraic number is a normal number (Borel’s conjecture [23]). Recall that α ∈ R is said to be normal if, for any integer b ≥
2, every word of length l ≥ { , , . . . , b − } occurs in the base- b expansion of α with asymptotic frequency b − l . Also, it is proved that the base- b expansion of any irrational algebraic number cannothave a regularity so simple that it can be generated by a finite automaton [24]. Moreover,our previous studies strongly suggest that the base- b expansion of any irrational algebraicnumber has the same statistical properties as those of almost all real numbers [11, 20, 21].For the generation of more than one pseudorandom sequence, it is necessary to preparean initial point set ¯ I ⊂ ¯ S . One can consider a variety of conditions that ¯ I should satisfy;here, we impose the following two conditions (Conditions 1 and 2) on it. Condition 1.
The elements of I ⊂ S corresponding to ¯ I are uniformly distributed in theunit interval. This condition is for unbiased sampling of initial points and is a natural one also fromthe viewpoint of applications, such as the Monte Carlo method. However, it is a nontrivialquestion as to how we can construct ¯ I satisfying Condition 1, because α depends on ( b, c, d )in a very complicated way. In fact, α takes the following complex form:6f b − c < α = p − b + 9 bc − d + 3 √ √− b c + 4 c + 4 b d − bcd + 27 d √ − √ − b + 3 c )3 p − b + 9 bc − d + 3 √ √− b c + 4 c + 4 b d − bcd + 27 d − b . If b − c = 0, α = √− b + 9 bc − d − b . Condition 2.
The orbits starting from the elements of ¯ I do not merge. Even if one selects two different points as the elements of ¯ S , the latter parts of the resultingbinary sequences may coincide with each other. In fact, this happens if the two points are onthe same orbit or, more generally, if the orbits starting from them merge. When generatingmultiple pseudorandom sequences, it is desirable that the binary sequences derived from¯ I are as different from each other as possible, and it is obviously desirable that ¯ I satisfiesCondition 2. However, in order to realize such an ¯ I , we need to make it clear how we canselect the elements of ¯ I while avoiding such orbital overlaps.In what follows, we show that we can construct an ¯ I satisfying Conditions 1 and 2.Concerning Condition 1, the following fact holds. Fact 1.
Let c be a sufficiently large positive integer, and let ¯ I b,c = (cid:8) ( b, c, d ) ∈ ¯ S | d ∈ {− , − , · · · , − ( b + c ) } (cid:9) . (3) Then, the elements of I b,c ⊂ S corresponding to ¯ I b,c are distributed almost uniformly (equidis-tantly) in the unit interval.Proof. Since | b | ≤ √ c , | b | ≪ c holds for sufficiently large c . Let ( b, c, d ) ∈ ¯ I b,c , α d = π ( b, c, d ), and f d ( x ) = x + bx + cx + d . We see that f − (0) = −
1, lim c →∞ f − (2 /c ) = 1,lim c →∞ f − ( b + c ) (1 − /c ) = −
1, and f − ( b + c ) (1) = 1. Thus, we have lim c →∞ α − = 0 andlim c →∞ α − ( b + c ) = 1. We also see easily that α d < α d − and f d ( α d − ) = 1 hold for d ∈{− , − , · · · , − ( b + c ) + 1 } . Let ∆ d = α d − − α d ( d ∈ {− , − , · · · , − ( b + c ) + 1 } ). By themean value theorem, there exists β ∈ ( α d , α d − ) such that f ′ d ( β ) = ∆ − d . It is easy to see7hat − | b | + c < f ′ d ( x ) < | b | + c holds for x ∈ (0 , c , wehave (3 + 2 | b | + c ) − < ∆ d < ( − | b | + c ) − , which implies (cid:18) | b | + 3 c (cid:19) − < ∆ d c − < (cid:18) − | b | c (cid:19) − . We note that − x + 2 ≤ x − holds for x ≥ x − ≤ − x + 3 holds for 1 / ≤ x ≤ c , we have1 − | b | + 3 c < ∆ d c − < | b | c , which implies lim c →∞ max d ∈{− , ··· , − ( b + c )+1 } (cid:12)(cid:12)(cid:12)(cid:12) ∆ d c − − (cid:12)(cid:12)(cid:12)(cid:12) = 0 . Therefore, if we take a sufficiently large c , the elements of I b,c are distributed across the unitinterval almost equidistantly, with distances approximately equal to c − .An important characteristic of ¯ M B on ¯ S (or equivalently, M B on S ) when considering¯ I satisfying Condition 2 is its injectivity. The inverse image of ( b ′ , c ′ , d ′ ) ∈ ¯ S under ¯ M B isuniquely determined if it exists: If b ′ (or c ′ or d ′ ) is even, ( b ′ , c ′ , d ′ ) is derived from Eq. (1a).If odd, it is derived from Eq. (1b). Let us call an element of ¯ S a source point if it doesnot have an inverse image in ¯ S . It is clear that two different source points do not exist onthe same orbit. Also, the injectivity prevents the merging of orbits starting from differentsource points. Concerning the source points, the following fact holds. Fact 2.
There is no inverse image for ( b, c, d ) ∈ ¯ S if and only if one of the followingconditions holds: (i) b , c , d are neither all even nor all odd. (ii) b , c , d are all even, but c or d . (iii) b , c , d are all odd, but − b + c or b − c + d .Proof. If ( b, c, d ) ∈ ¯ S has an inverse image, then by Eq. (1) b , c , d are either all even or allodd. We can easily verify that a necessary and sufficient condition for ( b, c, d ) ∈ ¯ S with b , c , d all even to have an inverse image is that both c ≡ d ≡ b, c, d ) ∈ ¯ S with b , c , d all odd to have an inverse image is that both − b + c ≡ b − c + d ≡ b, c, d ) ∈ ¯ S has no inverse image if and only if one of the conditions (i)–(iii)holds.The orbits starting from the elements of ¯ I do not merge if one lets ¯ I consist of only sourcepoints.Consequently, on the basis of Facts 1 and 2, we can construct ¯ I satisfying Conditions 1and 2: The simplest way is to choose b to be an even integer and c to be a large positiveodd integer, or b to be an odd integer and c to be a large positive even integer, and to let¯ I be the ¯ I b,c given by Eq. (3). Note, however, that consisting of only source points is not anecessary condition for ¯ I to be free from orbital mergers. For example, ¯ I b,c with b = 0 and c = 8 contains a point that is not a source point, but mergers do not occur with ¯ I , (cf.next paragraph).Condition 2 is equivalent to the condition that latter parts of the binary sequences derivedfrom ¯ I do not coincide, which in turn is equivalent to the condition that, even if each of thebinary sequences is transformed by any multi-bit shift operation that is expressible as a map x n x mod 1 ( n ∈ Z ≥ ), none of the resulting sequences are identical. With computerassistance, one can reveal that many, but not all, of ¯ I b,c have a much more desirable propertythan Condition 2. Namely, for many of ¯ I b,c , Q ( α ) = Q ( β ) holds for all α, β ∈ I b,c with α = β (i.e., each element of I b,c belongs to a different cubic field). In particular, we experimentallyconfirmed that all of I b,c with b = 0 and c in 1 ≤ c ≤ × have this desirable property,which leads us to the following conjecture: Conjecture 1.
Let c ∈ Z > . Then, Q ( α ) = Q ( β ) holds for all α, β ∈ I ,c with α = β . If I b,c has such a property, the binary sequences derived from ¯ I b,c are significantly differentfrom each other in the following sense: Even if each of the binary sequences is transformed byany operation expressible as a rational map with rational coefficients (except those mappingelements of I b,c to rational numbers), the resulting sequences include no identical sequences.Such operations include not only multi-bit shifts, but a wide variety of operations, e.g.,all-bit inversion, which is expressible as the map x − x .9 V. EXPERIMENTAL RESULTSA. Statistical testing
We evaluated our generator using three statistical test suites: DIEHARD [25], NISTstatistical test suite [26], and TestU01 [27]. We summarize their results in Table I.We performed DIEHARD and NIST tests on the binary sequences of length 10 derivedfrom ¯ I , . For TestU01, we prepared test data as follows: We generated the binary se-quences of length 1000032 using ¯ I , . We then removed the first 32 bits of each sequenceand concatenated the resulting sequences in descending order of d value. We removed thefirst 32-bit blocks in order to avoid introducing correlations among them, because each ofthese blocks stores information regarding the position of the initial point.Here we briefly explain the three statistical test suites and report their results.DIEHARD [25] contains 234 statistical tests classified into 18 categories. The resultsfor 6 of the 18 categories are further tested by checking the uniformity of the resulting P -values. (That is, DIEHARD consists of 234 first-level tests and 6 second-level ones.) UsingDIEHARD version “DOS, Jan 7, 1997”, we performed all 240 tests with a significance levelof 0.01. As a result, 238 of the 240 tests were passed.NIST statistical test suite [26] contains 188 first-level tests. In NIST testing, each of 188first-level tests is performed 10 times, and the results of each first-level test are furthertested in two ways: (i) The proportion of passing sequences is tested using a significancelevel of 0.001540 (cf. Ref. [11]). (ii) The uniformity of P -values is tested using a significancelevel of 0.0001. For this procedure, we used version 2.1.2 of the NIST statistical test suite.As a result, 187 of the 188 second-level tests based on the proportion of passing sequenceswere passed. As for the second-level tests based on the uniformity of P -values, all 188 testswere passed.TestU01 [27] offers several predefined sets of tests, including SmallCrush, Crush, andBigCrush, which consist of 15, 144, and 160 tests, respectively. In TestU01, the result ofeach test is interpreted as clear failure if the P -value for the test is less than 10 − or greaterthan 1 − − . The result is interpreted as suspicious if the P -value is in [10 − , − ) or(1 − − , − − ]. In all other cases, the test is considered as passed . Using version 1.2.3of TestU01, we applied SmallCrush, Crush, and BigCrush to the test data described above.10 ABLE I: Results of statistical testing.Statistical testing Number of:Tests Passed tests Suspicious tests Failed testsDIEHARD First-level tests 234 232 — 2Second-level tests 6 6 — 0NIST STS Second-level tests (proportion) 188 187 — 1Second-level tests (uniformity) 188 188 — 0TestU01 SmallCrush 15 15 0 0Crush 144 144 0 0BigCrush 160 160 0 0
As a result, all tests of SmallCrush, Crush, and BigCrush were passed.Consequently, all tests were passed for NIST’s second-level testing based on the uniformityof P -values and TestU01’s SmallCrush, Crush, and BigCrush, while a few tests were failedfor DIEHARD and NIST’s second-level testing based on the proportion of passing sequences.Note that the numbers of failed tests (i.e., two for DIEHARD and one for NIST’s second-leveltesting based on the proportion of passing sequences) are within relevant ranges because theyare close to the expected numbers of failed tests (i.e., 2.40 for DIEHARD and 0.29 for NIST’ssecond-level testing based on the proportion of passing sequences). From these results, wecan confirm that our generator has good statistical properties. B. Comparison with the Mersenne Twister MT19937
Here we attempt a comparison between our generator and MT19937.As described in Sec. I, MT19937 is a highly practical generator that produces, at very highspeed, a pseudorandom sequence having a period of length 2 − F = { , } .MT19937 generates a sequence of 32-bit unsigned integers. In the following, we will11dentify a 32-bit unsigned integer with an element of F . Also, we will not distinguishbetween row and column vectors except in that a vector postmultiplying a matrix will beregarded as a column vector. MT19937 is one of the multiple-recursive matrix methods[30, 31], and any sequence { y n } n =0 , , , ··· in F generated by MT19937 obeys the followingrecurrence relation (cf. Ref. [29]): y n = y n − + A y n − + B y n − , n ≥ , (4)where y , y , · · · y are initial vectors, and A and B are 32 ×
32 matrices with elements in F . The explicit forms of A and B are given in Appendix A.From Eq. (4), we can grasp the regularity of the sequence generated by MT19937. Forexample, the most significant 8 bits of y n and those of y n − coincide if an integer n with n ≥
624 satisfies the following two conditions: (a)
The inner product of the i th row vector of A and y n − equals zero for every i with1 ≤ i ≤ (b) The inner product of the second row vector of B and y n − equals zero.Note that condition (b) is equivalent to the condition that B y n − = (cf. the form of B in Appendix A). Let y n = ( y n, , y n, , · · · , y n, ) ∈ F and Y n = P i =1 y n,i − i for n ≥ { y n } n =0 , , , ··· , of 32-bit unsigned integers using MT19937 [32],and plotted, in Fig. 2, the points ( Y n − , Y n ) for n satisfying conditions (a) and (b). Allthe points are on the diagonal line Y n = Y n − , but, obviously, this cannot happen with arandom sequence.On the other hand, our generator produced a binary sequence of length 10 , using(0 , , − ∈ ¯ S as an initial point. Then, by partitioning it into nonoverlapping binary subse-quences of length 32, we transformed it into a sequence { y n } n =0 , , , ··· , of 32-bit unsignedintegers. Also for this { y n } n =0 , , , ··· , , we plotted, in Fig. 2, the points ( Y n − , Y n ) for n satisfying conditions (a) and (b), which was similar to what we did for { y n } n =0 , , , ··· , ob-tained by MT19937. We can see from Fig. 2 that the points obtained from our pseudorandomsequence are almost uniformly distributed on the square. Although the computational costof our generator is significantly higher than that of MT19937, our pseudorandom sequencedisplays the same behavior as true (uniform) random sequences.12
50 100 150 200 250050100150200250 Y n - Y n FIG. 2: Plot of the points ( Y n − , Y n ) for n satisfying conditions (a) and (b). Dots represent pointsobtained from a pseudorandom sequence produced by our generator. Crosses represent those byMT19937. V. CONCLUSION
In this paper, we have introduced a pseudorandom number generator using chaotic trueorbits of the Bernoulli map on cubic algebraic integers. Although this generator has a highcomputational cost, it exactly simulates the Bernoulli map that can generate ideal randombinary sequences. We also have clarified a seed selection method that can select initialpoints (i.e., seeds) without bias and can avoid overlaps in latter parts of the pseudorandomsequences derived from them. Moreover, we have obtained experimental results supportingthe conjecture that the initial point sets I ,c with c ∈ Z > have a more desirable propertysuch that each element of I ,c belongs to a different cubic field. In order to demonstrate thecapabilities of our generator, we have performed two kinds of computer experiments: Firstly,we have tested our generator using three statistical test suites—DIEHARD, NIST statisticaltest suite, and TestU01—and have shown that it has good statistical properties. Secondly,we have examined the independence property of pseudorandom numbers and have clarifiedan advantage that our generator has over what is probably the most popular generator, theMersenne Twister MT19937. 13 cknowledgments We thank Shigeki Akiyama, Shunji Ito, Teturo Kamae, Jun-ichi Tamura, Shin-ichi Yasu-tomi, and Masamichi Yoshida for their suggestions. This research was supported by JSPSKAKENHI Grant Number 15K00342. 14 ppendix A: Explicit forms of matrices A and B in Eq. (4) In this Appendix, we provide the explicit forms of matrices A and B in the recurrencerelation (4) for the Mersenne Twister MT19937.Matrix A : Matrix B :
1] M. Li and P. Vit´anyi,
An Introduction to Kolmogorov Complexity and Its Applications , 2nded. (Springer, New York, 1997).[2] H. Sugita,
Monte Carlo Method, Random Number, and Pseudorandom Number (MathematicalSociety of Japan, Tokyo, 2011).[3] D.E. Knuth,
The Art of Computer Programming , 3rd ed. (Addison-Wesley, Reading, MA,1998), Vol. 2, Chap. 3.[4] D. H. Lehmer, in
Proc. 2nd Symp. on Large-Scale Digital Calculating Machinery (HarvardUniversity Press, 1951), p. 141.[5] S.W. Golomb,
Shift Register Sequences (Aegean Park Press, Laguna Hills, CA, 1982).[6] M. Matsumoto and T. Nishimura, ACM Trans. on Modeling and Computer Simulation , 3(1998).[7] P. Billingsley, Ergodic Theory and Information (Wiley, New York, 1965).[8] E. Atlee Jackson,
Perspectives of Nonlinear Dynamics (Cambridge University Press, Cam-bridge, 1991), Vol. 1, Chap. 4.[9] A. Saito, Prog. Theor. Phys. Supplement , 328 (2006).[10] For a similar reason, there has also been no proposed pseudorandom number generator usingthe tent map on [0 ,
1] given by M T ( x ) = 1 − | x − | or the baker’s transformation on [0 , given by M b ( x, y ) = (cid:16) x, y (cid:17) if x ∈ [0 , / (cid:18) x − , y + 12 (cid:19) if x ∈ [1 / , , although these maps, together with M B , provide (literally) textbook examples of chaotic maps.[11] A. Saito and A. Yamaguchi, Chaos , 063122 (2016).[12] S.M. Ulam and J. von Neumann, Bull. Amer. Math. Soc. , 1120 (1947).[13] T.Y. Li and J.A. Yorke, Nonlinear Anal. , 473 (1978).[14] S. Oishi and H. Inoue, Trans. IECE Japan E65 , 534 (1982).[15] S. Lang and H. Trotter, J. Reine Angew. Math. , 112 (1972); Addendum, J. Reine Angew.Math. , 219 (1974).[16] F. Vivaldi, Nonlinearity , 941 (1992).
17] J.H. Lowenstein, G. Poggiaspalla, and F. Vivaldi, Dynamical Systems , 413 (2005).[18] S. Akiyama, Actes des rencontres du CIRM , 3 (2009).[19] M. Furukado, S. Ito, A. Saito, J. Tamura, and S. Yasutomi, Experimental Math. , 390(2014).[20] A. Saito and S. Ito, Physica D , 100 (2014).[21] A. Saito, S. Yasutomi, J. Tamura, and S. Ito, Chaos , 063103 (2015).[22] E. Hecke, Lectures on the Theory of Algebraic Numbers (Springer, New York, 1981), Chap. 5.[23] ´E. Borel, C. R. Acad. Sci. Paris , 591 (1950).[24] B. Adamczewski and Y. Bugeaud, Annals of Mathematics , 547 (2007).[25] G. Marsaglia, DIEHARD: A battery of tests of randomness, 1996.[26] A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D.Banks, A. Heckert, J. Dray, and S. Vo, A Statistical Test Suite for Random and Pseudoran-dom Number Generators for Cryptographic Applications, NIST Special Publication 800-22Revision 1a (2010).[27] P. L’Ecuyer and R. Simard, ACM Trans. Math. Softw. , 22 (2007).[28] F. Panneton, P. L’Ecuyer, and M. Matsumoto, ACM Trans. Math. Softw. , 1 (2006).[29] S. Harase, Math. Comput. Simul. , 103 (2014).[30] H. Niederreiter, Linear Algebra Appl. , 301 (1993).[31] H. Niederreiter, Finite Fields Appl. , 3 (1995).[32] For initialization, we carried out the same procedure as the one adopted in the program avail-able at ∼ m-mat/MT/MT2002/CODES/mt19937ar.c ..