28

I understand that the C specification does not give any specification about the specific implementation of rand(). What different algorithms are commonly used on different major platforms? How do they differ?

Jetbeard
  • 323
  • 1
  • 3
  • 6
  • 1
    The main comment is that rand() is only pseudo-random, and often not even a very good pseudo-random generator. The C standard suggests a possible implementation, and many an implementation uses it. As others have noted, there are lots of others. Just ensure that you do not use the basic random functions for situations where you need cryptographic randomness. – Jonathan Leffler Jun 23 '09 at 00:34

3 Answers3

24

See this article: http://en.wikipedia.org/wiki/List_of_random_number_generators

This is the source code of glibc's rand():

/* Reentrant random function from POSIX.1c.
   Copyright (C) 1996, 1999, 2009 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, write to the Free
   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
   02111-1307 USA.  */

#include <stdlib.h>


/* This algorithm is mentioned in the ISO C standard, here extended
   for 32 bits.  */
int
rand_r (unsigned int *seed)
{
  unsigned int next = *seed;
  int result;

  next *= 1103515245;
  next += 12345;
  result = (unsigned int) (next / 65536) % 2048;

  next *= 1103515245;
  next += 12345;
  result <<= 10;
  result ^= (unsigned int) (next / 65536) % 1024;

  next *= 1103515245;
  next += 12345;
  result <<= 10;
  result ^= (unsigned int) (next / 65536) % 1024;

  *seed = next;

  return result;
}

Source: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=stdlib/rand_r.c;hb=HEAD

As you can see, it's simply multiply with an addition and a shift. The values are carefully chosen to make sure that you get no repeat of the output for RAND_MAX iterations.

Note that this is an old implementation which has been replaced by a more complex algorithm: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=stdlib/random_r.c;hb=HEAD

If the link if broken, Google for "glibc rand_r"

Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
  • 1
    That's it? Surprisingly simple. Thanks muchly. – Jetbeard Jun 22 '09 at 10:04
  • Yes, that's it, most general purpose PNRGs are surprisingly simple to implement. If you're looking for something more complex try the Mersenne Twister. – Jasper Bekkers Jun 22 '09 at 10:12
  • Even MT19937 isn't exactly hard to implement. – Joey Jun 22 '09 at 10:56
  • 1
    via @Tiemen below: @Aaron I can not comment but RAND_MAX is the highest possible value returned, not the number of iterations before repeating. – Jason Watkins Jun 22 '09 at 21:45
  • @Jason: Any link for that? I was under the impression that there won't be a repeat for RAND_MAX calls (unless you change the seed, of course) – Aaron Digulla Jun 23 '09 at 20:12
  • @Aaron: If that were the case, it wouldn't be a very good random number generator. What you'd have in that case is sampling without replacement. – Mike Daniels Sep 18 '09 at 21:08
  • @Mike: rand() is not random but pseudo random, so the numbers aren't really random at all. IIRC, the values of the standard rand() are chosen to yield the maximum of iterations before a repeat. – Aaron Digulla Sep 21 '09 at 07:33
  • Your http://qa.coreboot.org/docs/libpayload/rand_8c-source.html link doesn't work, you probably meant http://qa.coreboot.org/docs/libpayload/rand_8c_source.html . – Adrian Jul 09 '10 at 03:54
  • Where is this source code from? I cannot find it anymore... Is it a simplified version? – Daniel Richter Mar 14 '14 at 09:03
  • It's the original code; today's version (see my updated answer) is a bit more complex but basically just repeats the `*+<<` three times. – Aaron Digulla Mar 14 '14 at 09:37
  • @AaronDigulla, what would be the time complexity to generate one random number using this algorithm? How much is the time complexity for rand in general? https://en.cppreference.com/w/cpp/numeric/random/rand does not specify the time complexity for a rand() function. – opposite_orange Nov 22 '20 at 06:31
  • 1
    @Payal The code above has O(1) since there are no loops, that is it always executes the same amount of operations and by definition O(N) == O(1). – Aaron Digulla Nov 24 '20 at 17:06
14

I once wrote a report on CRNGs for a course in Discrete Mathematics. For it, I disassembled rand() in msvcrt.dll:


msvcrt.dll:77C271D8 mov     ecx, [eax+14h]
msvcrt.dll:77C271DB imul    ecx, 343FDh
msvcrt.dll:77C271E1 add     ecx, 269EC3h
msvcrt.dll:77C271E7 mov     [eax+14h], ecx
msvcrt.dll:77C271EA mov     eax, ecx
msvcrt.dll:77C271EC shr     eax, 10h
msvcrt.dll:77C271EF and     eax, 7FFFh

So it's a LCG something like (untested)...


int ms_rand(int& seed)
{
  seed = seed*0x343fd+0x269EC3;  // a=214013, b=2531011
  return (seed >> 0x10) & 0x7FFF;
}
eloj
  • 536
  • 1
  • 4
  • 10
  • 1
    The C source code for the Microsoft C Run-time library is available as part of MSDN, and rand()/srand() is included there. See for example the portable implementation of microsoft_rand here: https://bitbucket.org/shlomif/fc-solve/src/dd80a812e8b3aba98a014d939ed77eb1ce764e04/fc-solve/source /board_gen/pi_make_microsoft_freecell_board.c?at=master (short URL - http://is.gd/kAUmHW . – Shlomi Fish Dec 09 '12 at 11:28
3

The field of PRNGs (Pseudo Random Number Generators) is quite vast.

First of all you have to understand that without having an external input (usually physical) you can't get a real source of random numbers.. That's why these algorithms are called pseudo random: they usually use a seed to initialize a position in a very long sequence that seems random but it's not random at all.

One of the simplest algorithms is the Linear Congruential Generator (LCG), that has some costraints to guarantee a long sequence and it's not secure at all.

Another funny one (at least for the name) is the Blum Blum Shub Generator (BBS) that is unusual for normal PRNGs because it relies on exponentiation in modulo arithmetic giving a security comparable to other algorithms like RSA and El Gamal in breaking the sequence (also if I'm not sure about the proof of it)

Jack
  • 131,802
  • 30
  • 241
  • 343