tags:

views:

330

answers:

3

There is a Java library by the name of Uncommon Maths that claims to provide better random number generators than Sun and (potentially) even BouncyCastle. How one can determine whether their library can be trusted? I trust Sun and BouncyCastle because a lot of important companies use their stuff. It's not clear if Uncommon Maths falls into the same category. Any ideas?

A: 

Write your own tests.

A basic check of a random number generator can be done using a chi-square test

Mitch Wheat
+4  A: 

Uncommon Maths claims to pass the Diehard tests. That's as reliable as I know.

You can always be a scientist and re-run those tests for yourself as an independent check.

duffymo
+6  A: 

Good question ;)

All of the RNG algorithms are well-known algorithms invented by people smarter than myself. I am a programmer, not a mathematician. I've just ported the original C code. So you have to hope that I haven't introduced any bugs in the conversion.

As with most open source software, there is NO WARRANTY. If you want to use it for simulations, I think it's a very good choice. If you want to use it for cryptography, something like Fortuna would be better.

Uncommons Maths is not as widely used as some libraries. It gets between 5 and 20 downloads a week. I don't know how many of those actually go on to use it in serious applications. I use it for evolutionary computation and a few trivial poker-related programs that I've been playing with.

I have run Diehard on each of the RNG implementations and it does not highlight any flaws. That said, Diehard's results are not the easiest to interpret:

Thus you should not be surprised with occasional p-values near 0 or 1, such as .0012 or .9983. When a bit stream really FAILS BIG, you will get ps of 0 or 1 to six or more places. By all means, do not, as a Statistician might, think that a p < .025 or p> .975 means that the RNG has "failed the test at the .05 level". Such ps happen among the hundreds that DIEHARD produces, even with good RNGs. So keep in mind that "p happens".

The Uncommons Maths RNGs all satisfy this fuzzy definition of success. There are one or two p-values outside the 0.025 .. 0.975 range, but none that "fail big". This is comparable to the results obtained with Java's SecureRandom (and better than java.util.Random, which does "fail big").

If you want to test this for yourself, there is a class called DiehardInputGenerator in the distribution. This generates the 12mb file that you need to run Diehard.

Dan Dyer
Any plans on porting Fortuna to Java? :) FSF put out a Java version but it is GPL and doesn't extend java.util.Random for convenience: http://www.docjar.com/html/api/gnu/javax/crypto/prng/Fortuna.java.html
Gili
+1 - awesome work, Dan. Really well done.
duffymo
Fortuna is real belt-and-braces stuff. It manages multiple entropy sources and recovers from compromise. The Uncommons Maths AESCounterRNG is the core PRNG that Fortuna uses but it omits the entropy pooling, automatic re-seeding and seed file management.
Dan Dyer
I've implemented a variant of Fortuna in Java for a previous project (all except the seed file management). We were using hardware RNGs (via JNI) for entropy. It's overkill for Uncommons Maths. The focus is not cryptography.
Dan Dyer