A MULTIPLE STREAM GENERATOR BASED ON DE ... - CiteSeerX

7 downloads 0 Views 180KB Size Report
and to the Mersenne Twister MT19937. Results of statistical tests are reported. 1. Introduction. It is well known that generating good and reliable pseudorandom.
A MULTIPLE STREAM GENERATOR BASED ON DE BRUIJN DIGRAPH HOMOMORPHISMS ABBAS ALHAKIM, MUFUTAU AKINWANDE DEPARTMENT OF MATHEMATICS & COMPUTER SCIENCE CLARKSON UNIVERSITY POTSDAM, NY 13699 Abstract. We propose a method to obtain several streams of bits based on an original backbone generalized shift register type generator. The method is based on inverting one cycle in a de Bruijn digraph into many sequences in a higher order de Bruijn graph via an appropriate graph homomorphism. We apply this technique to twisted generalized feedback shift register generators and to the Mersenne Twister MT19937. Results of statistical tests are reported.

1. Introduction It is well known that generating good and reliable pseudorandom numbers is crucial for various fields that depend on the computer. The success of Monte Carlo studies or any computer simulation that requires randomness depends–to a large extent–on a good source of random numbers. We list as examples computer games and graphics, high dimensional integration, data security (public key cryptography) and simulation of physical models, e.g. the Ising model, and randomized algorithms in Computer Science. Pseudo-random number generators are computer programs that yield pseudo-random sequences which only appear random, i.e., they behave like random sequences when subjected to statistical tests of randomness that run in a reasonable amount of time. There does exist however, many hardware devices that emit random bits by employing natural phenomena whose outcome is practically random and therefore nonreproducible. Being able to reproduce the same sequence is of course an essential component of scientific experiments. In this paper we will only Key words and phrases. parallel random number generator, Generalized feedback shift register sequence, de Bruijn graph, Lempel homomorphism, TGFSR, Mersenne Twister. 1

2

ALHAKIM & AKIWANDE

concern ourselves with pseudo-random number generators of a specific type (Generalized feedback shift register generators, see below). With the advance of multiprocessor computers, Monte Carlo simulations can be performed in parallel by running several independent copies of the same experiment on different units. Two obvious advantages are to speed up the computation and to reduce the variance of an estimator. Even on single processor machines, multiple streams of random numbers may be needed by different tasks and at different times. In Section 2 we discuss the requirements of a good parallel pseudorandom number generator (PPRNG) and we give an overview of the typical techniques used to generate parallel streams. In Section 3 we describe our proposed method which is roughly based on mapping one (generalized) shift register sequence to many distinct sequences, using the inverse of a well designed homomorphism between two de Bruijn digraphs of different orders. The latter will be defined below. The main merits of the produced sequences is that they are all of the same length as the original, and no sequence of consecutive numbers of a certain prescribed length is common to any two sequences produced. 2. Overview of Parallel Generation Techniques A parallel pseudorandom number generator is an algorithm that outputs multiple streams of pseudo-random numbers that are typically produced by different processing units, or even generated by a single processor so as to be assigned to different tasks that each requires a sequence of independent random variables which show little or no correlation with any other sequence. As mentioned earlier realizing streams that satisfy this last assumption is essential to validate many simulation schemes. Current methods of generating multiple streams of random numbers are essentially of two types. One type depends on a single sequential generator, a backbone generator which typically is tested for good theoretical and statistical properties. The PPRNG is this backbone generator equipped with a method to split its total period into separate parts. One technique to accomplish this, called jumping ahead, is to cut the stream into non-overlapping segments. Given a seed, this is performed by pre-computing another set of seeds that are spaced far apart in the main stream, without having to calculate all the intermediate values. Decimation, or leapfrogging (Coddington [5]) is another technique that has been used to divide one stream into many. An integer N is specified and the ith stream is given by {si+N j } where {sn } is the outcome of the generator. In other words, the sequence is dealt

3

to the substreams like a deck of cards to card players. This method is less flexible than the previous as the maximum number of streams is fixed a priori. The other type of parallelization is via parametrization, where each stream of random numbers is generated by a distinct sequential generator. The way this is done is by parameterizing a family of generators. For example, the family of multiplicative linear congruential generators (MLCG), of the form xn = axn−1 ( mod m), can be parameterized using the multiplier a which has to be a primitive root modulo m in order for the recurrence to have maximal period. Knowing one such a, it is possible to generate the entire set of primitive roots, thus arriving at a parametrization of the entire family of MLCG that use modulo m. Similar ideas are used to parameterize other common families of generators. Mascagni [12] provides a detailed account of these parametrization methods for various families of PRNG’s. 3. The Proposed Method In the current section we describe a novel method that is in principle different from both methods outlined above. However it resembles the splitting method in that it starts with a backbone generator (a shift register generator, in particular). Rather than splitting it, it makes several modified “images” of it. The method relies on homomorphisms between directed de Bruijn graphs of different orders, which we define and describe below. Thus we treat the backbone generator as a cycle in a de Bruijn digraph of an appropriate order and alphabet size. Definition 3.1. An m-ary de Bruijn digraph Bn (m) of order n has as vertex set the set of all strings of size n drawn from an alphabet with m symbols, typically enumerated as 0, 1, · · · , m − 1. Two vertices x and y are connected by a directed edge from x to y if and only if they have the form x = a1 a2 · · · an and y = a2 a3 · · · an b where b and ai are symbols from the alphabet. A de Bruijn sequence is simply a Hamiltonian cycle in Bn (m). An equivalent formulation of a de Bruijn sequence of order n is a minimum length sequence that includes every word of size n exactly once. Such a sequence necessarily has length mn +n−1, where the prefix and suffix of length n−1 coincide. It turns out that the number of such n−1 n−1 sequences is tremendously large, namely [(m − 1)!]m · mm −n , see [6]. The following definition provides a figure of merit for the quality of sequences used as pseudo-random numbers and it will be relevant in the sequel. More details can be found in Knuth [8].

4

ALHAKIM & AKIWANDE

Definition 3.2. A periodic sequence of symbols from a finite alphabet is said to be k-distributed, or equivalently satisfy the k-distribution property for a positive integer k, if all patterns of size k occur as substrings the same number of times, except the all zero pattern which occurs one time less. The outcome of a linear shift register sequence (LFSR) is indeed a de Bruijn sequence that lacks the all zeroes word. This is sometimes referred as a punctured de Bruijn sequence or M-sequence. These are the most commonly generated de Bruijn sequences since the generation can be performed most efficiently using special hardware devices called feedback shift registers. Many engineering applications use Msequences due to their good statistical properties such as the long period and the absence of serial correlation. Evidently, an M-sequence of order k is i-distributed for every i ≤ k. The next definition generalizes the concept of k-distribution to a collection of sequences. Definition 3.3. A finite collection P of sequences of symbols from a finite alphabet will be said to satisfy the family-wise k-distribution property for some positive integer k if all patterns of size k occur the same number of times as substrings of sequences in P except the all zero pattern which occurs one time less. 3.1. GFSR Sequences As Cycles in a de Bruijn Digraph. LFSR generators provide streams of bits while the output of typical random number generators consists of ‘real’ valued variables that appear to be distributed uniformly in the interval (0, 1). There are classical techniques to transform an LFSR sequence into usable numbers, see [15] for details. The pioneering work is due to Tausworthe [18] whose work was generalized by Lewis and Payne [16] to Generalized feedback Shift Register generators (GFSR) produced by the recurrence equation (3.1)

xn = xn−p ⊕ xn−q , n > p

where ⊕ is bitwise addition modulo 2, p and q are two integers such that p > q, x0 , x1 , · · · , xp−1 are given seeds and for i ≥ 0 xi is a wbit integer for some integer w, typically the computer word size. The parameters p and q are usually chosen in such a way that the trinomial xp + xq + 1 is primitive over the Galois field GF (2). Note that each bit xij of xi satisfies the same recurrence relation xi,n = xi,n−p ⊕ xi,n−q so that the period of each bit stream coincides with the period of the sequence {xi } which is 2p − 1. The vector of seeds is chosen so that the columns of the matrix [x1 , x2 , · · · , xp−1 ] are linearly independent. Lewis and Payne [16] give conditions for this to happen as well as an algorithm to construct such seeds in order to generate sequences of

5

maximal possible period. Obviously the order p recurrence of a GFSR sequence means that in a full period GFSR sequence, each substring of p consecutive elements appears at most once. In other words, it is an edge disjoint cycle in the de Bruijn digraph Bp (2w ). Note that the length of this cycle is tiny in comparison with a linear or punctured de Bruijn cycle in Bp (2w ) which has length 2pw − 1. Matsumoto and Kurita [13] offer an improvement of the GFSR, by proposing a twisted version of the recurrence 3.1 given by xn = xn−p ⊕ xn−q A for some matrix A. They show that an appropriate choice of A allows for a full potential period of 2pw − 1. Another advantage of TGFSR is that no special algorithm is needed to seed it, any choice of seeds leads to the same sequence up to a shift of the sequence. With the exception of the all zero sequence, each subsequence of p w-integers appears exactly once, thus forming a punctured de Bruijn cycle in Bp (2w ). A further generalization of TGFSR generators by Matsumoto and Nishimura yields the class of generators that includes the well-known Mersenne Twister “MT19937” [14] with period length 219937 − 1. The general period length is 2pw−r −1 where r is chosen so that the period is a Mersenne prime. Similarly to GFSR and TGFSR, each bit in the MT class follows a recurrence relation governed by a primitive polynomial. However, the state vectors of MT are “incomplete arrays” of the form (xu0 , x1 , · · · , xn−1 ) where the length of each vector xi is w except the first vector xu0 that has length r < w. After one iteration, the state vector changes to (xu1 , x2 , · · · , xn ) where xn is calculated from the previous state vector using a recurrence relation similar to that of TGFSR together with a tempering step that improves the k-distribution property [14]. Since each state vector except the all zeros vector occurs exactly once in a period, each pattern (x1 , · · · , xn−1 ) occurs 2r times within a period (except the all zero pattern that occurs one less time. Hence, as a sequence of integers, x0 , x1 , x2 , · · · is (n − 1)-distributed. In the context of a de Bruijn digraph, the above discussion says that the Mersenne Twister is a cycle in Bn−1 (2w ) that crosses every vertex exactly the same number of times (except the all zero vertex that is crossed one less time). 3.2. Homomorphisms Between de Bruijn Digraphs. A homomorphism H between two digraphs G1 and G2 is a function that preserves the structure of the digraph. That is, if (x1 , x2 ) is an edge in G1 then (Hx1 , Hx2 ) is also an edge in G2 . For two positive integers n and k, Alhakim [1] characterizes such homomorphisms and describes a family of homomorphisms from Bn+k (m) to Bn (m) whose

6

ALHAKIM & AKIWANDE

inverse assigns to an arbitrary edge-disjoint path in Bn (m) a constant number, mk , of non-overlapping preimage paths in Bn+k (m). We will say that such a homomorphism enjoys property (D) or simply is a D-homomorphism. The following results are proved in [1] and they characterize D-homomorphisms between de Bruijn digraphs and binary de Bruijn digraphs respectively. Theorem 3.4. A map Dn,k : Bn+k (m) → Bn (m) has property (D) if Dn,k (x1 , · · · , xn+k ) = (d(x1 , · · · , xk+1 ), d(x2 , · · · , xk+2 ), · · · , d(xn , · · · , xn+k )) where d(y1 , · · · , yk+1 ) is any function that is one-to-one with respect to each of the variables y1 and yk+1 when all other variables are kept fixed. The result in the binary case is especially simple. Theorem 3.5. A map Dn,k : Bn+k (2) → Bn (2) has property (D) if and only if d(y1 , · · · , yk+1 ) = y1 + b(y2 , · · · , yk ) + yk+1 where b(y2 , · · · , yk ) is an arbitrary boolean function and d is as given in the previous theorem. For k = 1 there is exactly one homomorphism from Bn+1 (2) to Bn (2) (up to bitwise complement) that has been used to construct de Bruijn sequences recursively, namely, d(x1 , x2 ) = x1 + x2 , which is known as Lempel’s D-morphism. Lempel [9], Annextein [2] and Chang et. al. [3] all describe how this recursive construction is achieved. Alhakim [1] investigates recursions of higher order (k ≥ 2) as well as non-binary digraphs. The recursive construction of de Bruijn cycles starts with a de Bruijn cycle in Bn (m). Taking the inverse by a D-homomorphism produces several cycles that are joined together into one full cycle in Bn+k (m). In the current proposed method of parallelizing a generator, a backbone generator is regarded as a cycle and inverted by a D-homomorphism to make a large number of inverse sequences that all have the same size as the original cycle, when the former are regarded as paths in the higher order de Bruijn digraph. We will first illustrate the method with a toy binary example. Example 3.6. Consider the function d(x1 , x2 , x3 , x4 ) = x1 + x2 x3 + x4 and the sequence b4 := [0000111101100101] which is a de Bruijn cycle of order 4 (wrapping it around, each word of size 4 occurs exactly once in b4 ). The inverse images of b4 started with all possible words of size 3 are given below, where the underlined prefixes are all the possible seeds of size 3.

7

0000000110011011010 1001001100001110011 0010010101000100001 1011101010110010110 0100100011010111100 1101110001111101000 0111011000101001111 1110111111100000101 As illustrated in this example, given a de Bruijn sequence bn of order n, a D-homomorphism of order k induced by d(x1 , · · · , xk+1 ) and any seed of size k, there is a unique sequence of length |bn | + k (where |bn | = mk is the length of bn ) that begins with that given seed. Remark 3.7. It is worth noting that property (D) is essential for this method to work, and not just the homomorphism property. To illustrate this, consider the homomorphism Hn,k from Bn+k (m) to Bn (m) for k ≥ 0 and n ≥ 1 introduced by Chen and Chen [4], where Hn,k (x1 , · · · , xn+k ) = (xk+1 , · · · , xn+k ). In other words, this function trims the k leftmost symbols of a word so as to make it a word of size n. Obviously, this is a homomorphism having, according to the notation of Theorem 3.4, d(y1 , · · · , yk+1 ) = yk+1 , hence it does not enjoy property (D). The mk inverses of any cycle in B2 (m) by H2,k disagree only in their seeds while the body of the sequences are all equal to the original cycle. The reader is invited to find the four inverse sequences of b4 in Example 3.6 by H2,2 . Theorems 3.4 and 3.5 suggest that we use for backbone generator a sequence that forms a de Bruijn cycle or at least an edge disjoint cycle in a de Bruijn digraph of some order. While a GFSR or TGFSR generator provides such a sequence, the Mersenne Twister is not an edge disjoint cycle but it is rather a cycle in the de Bruijn digraph B623 (232 ) that crosses each node an equal number of times, due to the k-distribution property. The next theorem shows that the Mersenne Twister can still be used as a backbone generator for our scheme. Consider a sequence c with the n-distribution property, from a certain alphabet with m symbols, such that each word of length n occurs exactly f times. Then s can be viewed as a cycle in the de Bruijn digraph Bn (m). Let D be a homomorphism with property (D) from Bn+k (m) to Bn (m) and P(c) −1 started at all mk prefixes be the family of inverse images of c under Dn,k of size k. Theorem 3.8. The family P(c) is family-wise (n + k)-distributed. The proof of the above theorem is rather technical and is deferred to an appendix.

8

ALHAKIM & AKIWANDE

4. Implementation It is evident by Theorem 3.4 that there exists a huge number of homomorphisms with property (D). For concrete implementation we use a subfamily of D-homomorphisms described in the corollary to Theorem 3.4 below that lends itself to efficient implementation. When the backbone generator produces w-bit integers, the size of the vertex set of the relevant de Bruijn digraph is m = 2w . Corollary 4.1. The function dk (x1 , · · · , xk+1 ) = Ax1 + xs ? xt + Bxk+1 induces a D-homomorphism with property (D), where A and B are two nonsingular binary w × w matrices, 2 ≤ s < t ≤ k, ? is a logical bitwise operator and xi is treated as a column vector of the bits representing its binary expansion. Property (D) follows because A and B are nonsingular. Heuristically, choosing dk as a nonlinear function should introduce more complexity in the resulting inverse image itself for a given seed. Moreover, it should make the correlation between different inverse images started at different seeds less obvious, giving rise to streams that behave more ‘independently’. On the other hand, the inclusion of only two intermediate variables xs and xt as well as the use of a logical operator are intended to make the computation of inverse images more efficient. Given the current value zi of the backbone sequence and the current values xi , · · · , xi+k−1 of a particular pre-image, the next value is (4.2)

xi+k = B −1 zi − B −1 Axi − B −1 (xi+s−1 ? xi+t−1 ).

In our specific implementation we tried two generators as the backbone generator. These are the TT800 of the twisted GFSR family and the integer version of Mersenne Twister (MT). As mentioned above, a period of MT will be regarded as a cycle in the B623 (232 ). To generate a particular ‘inverse image’ stream {xi } of {zi } we need to initialize an arbitrary vector of k seeds, {x0 , · · · , xk−1 }. Note that since each bit of both MT and TT800 satisfies a recurrence relation, it is possible–in principle–to write a recurrence relation for {zi } and therefore generate the latter sequence directly. However, this is more involved and our simple implementation makes use of the efficient implementations of backbone generators MT and TT800 together with the simple relation (4.2). 4.1. Empirical Testing. For the purpose of testing specific outcome sequences, we used equation (4.2) with A = B = I where I is the w ×w identity matrix. For the operator ? we used both the and and xor logical operators. Note that subtraction in equation (4.2) is performed

9

in the group of residues modulo 2w . This is of course implemented in C by the regular addition of unsigned long data type variables. The seed of each stream was generated by first inputting a value x0 then generating k − 1 other values via a linear congruential generator. Outcome streams were tested using Marsaglia’s Diehard battery (see Marsaglia [11] which consists of 15 tests as well as the STS battery of 14 tests developed by the national institute of standards and technology (NIST), Rukhin et. al. [17]. The STS battery conducts two-level testing in which each test is repeated many times, the resulting pvalues are submitted to a χ2 goodness-of-fit test against uniformity in the interval [0, 1], this two-level testing is also performed on some of the Diehard tests. Using 500 replica and 106 for the sample size of each replication, STS tests were passed without exception by all the tests given in the first column of Table 2, according to the passing criteria of the battery itself. We however used a more stringent score for each stream generator, which is the count of p-values that either exceed 0.99 or do not exceed 0.01. Marsaglia [11] actually recommends that a generator be failed only when the reported p-value is either 0 or 1 to high precision. The test results for Diehard and STS are summarized in Table 1 and Table 2 respectively, where ‘A’ and ‘X’ are abbreviations for and and xor. In order to compare the effect of the seed size k, we tried several values of k and then somehow arbitrarily picked values for s and t although all combinations were examined for k = 3, 4. Based on our failure criteria, a quick inspection of the two tables suggests that choosing larger values of k does not show a systematic decrease in the number of tests failed. 5. Conclusion We will finally list the main merits of the proposed techniques. 1) Given a backbone generator of an allowed type, and an arbitrary sequence of k seeds, the generated pre-image has a period of the same length as the entire backbone stream. 2) For a given value k and a word size w, the number of possible streams started at different seeds is 2kw . This is already 296 for the two generators with k = 3 implemented on a 32 bit machine. 3) While the equidistribution of the generated stream is not established, the entire set of possible streams combined are n+k distributed. As a matter of fact, the equidistribution of each stream is not needed. This is similar in principle to the current state of the art method of parallelizing the MT generator, in which each stream is a segment of the

10

ALHAKIM & AKIWANDE

Stream # tests failed vs. Generator backbone generator (k, ?, s, t) MT TT800 (3, A,2,3) 6 1 (4, A,2,3) 1 0 (4, A,2,4) 2 4 (4, A,3,4) 4 1 (16,A,2,3) 2 0 (16,A,2,11) 1 1 (16,A,3,11) 1 2 2 3 (32,A,2,17) (32,A,10,11) 1 1 (32,A,10,17) 0 4

Stream # tests failed vs. Generator backbone generator (k, ?, s, t) MT TT800 (3, X,2,3) 1 5 (4, X,2,3) 8 2 (4, X,2,4) 1 2 (4, X,3,4) 2 2 (16,X,2,3) 1 0 (16,X,2,11) 4 2 (16,X,3,11) 1 3 (32,X,2,17) 1 3 (32,X,10,11) 1 2 (32,X,10,17) 1 3

Table 1. DIEHARD results giving the number of failing p-values out of a total of 146 p-values reported for each generator (only the final goodness of fit p-value is counted for the two-level tests). The sample size accepted by DIEHARD is 67, 109, 000 throughout and the stream seed is 6308.

entire period. When cutting the MT stream into substreams, the only concern is to find seeds distant enough to avoid potential overlaps of different streams. Individual streams do not have the equidistribution property. It is worth noting that we experimented with many choices of the parameters but they all essentially behaved the same way regardless of how big k is. Due to efficiency considerations, this strongly suggests that choosing the value of k = 3 should be satisfactory. Although the tables suggest that using MT as a backbone generator may be superior in general to TT800, no preference can be drawn as to which of (3, A, 2, 3) and (3, X, 2, 3) behaves better. Further testing using STS with 1000 replica and the maximum replication size (2 × 106 − 1) still did not resolve this issue as both generators received a small score of failing p-values. Further development will require more testing to study the dependence structure between different ‘parallel’ streams started at different seeds for a particular (k, ?, s, t). This will be necessary to obtain a good set of parameters k, s and t which will then be implemented as a flexible parallel random number generator which, among other things, allows new streams to be initiated and old streams to be restarted.

11

Stream # tests failed vs. Generator backbone generator (k, ?, s, t) MT TT800 (3, A,2,3) 3 6 (4, A,2,3) 4 7 (4, A,2,4) 5 4 (4, A,3,4) 6 6 (16,A,2,3) 1 7 (16,A,2,11) 5 1 (16,A,3,11) 3 1 3 1 (32,A,2,17) (32,A,10,11) 2 3 (32,A,10,17) 3 4

Stream # tests failed vs. Generator backbone generator (k, ?, s, t) MT TT800 (3, X,2,3) 4 2 (4, X,2,3) 4 5 (4, X,2,4) 0 5 (4, X,3,4) 3 3 (16,X,2,3) 2 2 (16,X,2,11) 4 5 (16,X,3,11) 3 1 (32,X,2,17) 7 3 (32,X,10,11) 5 5 (32,X,10,17) 3 6

Table 2. STS results giving the number of failing pvalues out of a total of 190 p-values reported for each generator. 500 repetitions were used throughout with a sample size 106 for each repetition. The stream seed is 6308.

Appendix A. Proof of Theorem 3.8 Let c1 , · · · , cl+n−1 be the sequence c produced by the backbone generator where l is the period of the generator and cl+i = ci ; i = 1, · · · , n − 1. P(c) is the set of mk inverse images by Dn,k of c started at all the possible seed vectors of size k. We denote the sequences in P(c) by xij for i = 1, · · · , mk and j = 1, · · · , l + n + k − 1. For positive integers u and j ≤ l + n − u let wij (u) = (xij , · · · , xi,j+u−1 ). If for some i, i0 and j0 wij0 (n + k) = wi0 j0 (n + k) then in particular wij0 (k) = wi0 j0 (k) = cj0 . Consider the sequence c˜ = cj0 , · · · , cl , c1 , · · · , cj0 +n−2 obtained by shifting c by j0 places to the right. By property (D) the two sequences {˜ xij0 } and {˜ xi0 j0 } that are the inverse images of c˜ started respectively at wij0 (k) and wi0 j0 (k) are necessarily the same sequence. But {˜ xij0 } and {˜ xi0 j0 } are also shifts by j0 places of {xij0 } and {xi0 j0 }. It follows that the last two sequences are equal. This contradicts the assumption that wi1 (k) 6= wi0 1 (k). Thus (1.3)

wij (n + k) 6= wi0 j (n + k) for all i 6= i0 .

Now for j 6= j 0 suppose wij (n + k) = wij 0 (n + k). Then obviously (1.4)

Dn,k (wij (n + k)) = Dn,k (wi0 j (n + k)).

12

ALHAKIM & AKIWANDE

Let wn+k be a word of size n + k, wn = Dn,k (wn+k ), |wn | be the number of times wn occurs as a subword in c and |wn+k | = #{(i, j) : wn+k = wij (n + k)}. We will show that |wn+k | = |wn |. (j ) Without loss of generality, we assume that |wn | > 0. Let wn 0 = (cj0 , · · · , cj0 +n−1 ) be an occurrence of wn in c. By Equation (1.3) there is an i between 1 and mk such that wij0 (k) matches the size k prefix of wn+k . By property (D) wij0 (k) is uniquely extended to wij0 (n + k) so that Dn,k (wij0 (n + k)) = wn . It follows from (1.3) and (1.4) that |wn+k | = |wn |. In particular, if c is n-distributed then P(c) is familywise (n + k)-distributed. References [1] A. Alhakim, De Bruijn Graph Homomorphisms and Nonlinear de Bruijn Sequences. Submitted, (2008). [2] F. S. Annexstein, Generating De Bruijn Sequences: An Efficient Implementation, IEEE Transactions on Computers, 46, 2, 198-200, (1997). [3] T. Chang, B. Park, Y. H. Kim, An Efficient Implementation of the DHomomorphism for Generation of de Bruijn Sequences, IEEE Transactions on Information Theory, 45, 4, 1280-1283, (1999). [4] C. Chen and J. Chen, A Homomorphism of the de Bruijn Graphs and its applications, IEEE first international conference on algorithms and architectures for parallel processing, 465-470, (1995). [5] P. D. Coddington, Random Number Generators for Parallel Computers, Tech. Report, Northeast Parallel Architectures Center, Syracuse University, (1997). [6] H. Fredricksen, A Survey of Full Length Nonlinear Shift Register Cycle Algorithms, SIAM Review, 24, 2, 195-221, (1982). [7] S. Golomb, Shift Register Sequences, Holden-Day, Inc., (1967). [8] D. Knuth, Semi-Numerical Algorithms, The Art of Computer Programming, 2, (1968). [9] A. Lempel, On a Homomorphism of the de Bruijn Graph and Its Applications to the Design of Feedback Shift Registers. IEEE Transactions on Computers, C-19, 12, (1970). [10] J. Makino and O. Miyamura, Parallelized feedback shift Register Generators of Pseudorandom Numbers, Parallel Computing, 21, (1995). [11] Marsaglia, G. DIEHARD: A battery of tests of randomness. http://stat.fsu.edu/ geo/diehard.html, (1996). [12] M. Mascagni, Some Methods of Parallel Pseudorandom Number Generation, Algorithms for Parallel Processing, R. Schreiber, M. Heath and A. Ranade editors, Springer Verlag: New York, Berlin, 277-288, (1997). [13] Makoto Matsumoto and Yoshiharu Kurita, Twisted GFSR Generators, preprint, (1992). [14] Makoto Matsumoto and Takuji Nishimura, Mersenne Twister: A 623Dimensionally Equidistributed Uniform Pseudorandom Number Generator, ACM Transactions on Modeling and Computer Simulations: Special Issue on Uniform Random NUmber Generation, (1998).

13

[15] H. Niederreiter, Random Number Generation and Quasi-Monte Carlo Methods, SIAM, (1992). [16] T. G. Lewis and W.H. Payne, Generalized Feedback Shift Register Pseudorandom Number Algorithms, Journal of the ACM, 20, 456-468, (1973). [17] Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., and Vo, S., A statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST special publication 800-22, National Institute of Standards and Technology (NIST), Gaithersburg, MD. http://csrc.nist.gov/rng/, (2001). [18] R. C. Tausworthe, Random Numbers Generated by Linear Recurrence Modulo Two, Mathematics of Computation, 19, 201-209, (1965). Clarkson University E-mail address: [email protected], [email protected]