Randomness from Chaos

# A Pseudo Random Number Generator From Chaos

Nabarun Mondal D.E.Shaw & Co. India, Hyderabad  and  Partha P. Ghosh Microsoft India, Hyderabad
###### Abstract.

A random number generator is proposed based on a theorem about existence of chaos in fixed point iteration of . Digital computer simulation of this function iteration exhibits random behavior. A method is proposed to extract random bytes from this simulation. Diehard and NIST test suite for randomness detection is run on this bytes, and it is found to pass all the tests in the suite. Thus, this method qualifies even for cryptographic quality random number generation.

###### Key words and phrases:
chaos ; random number generation ; diehard ; NIST
###### 2010 Mathematics Subject Classification:
Primary 11K45 ; 65P20 ; Secondary 03D10
Dedicated to my late professor Dr. Prashanta Kumar Nandi.
Dedicated to my parents without their presence we are nothing.
Big thanks to: Abhishek Chanda,Gurpreet Singh (Manager),Waseem Fazal,Sahiba Khurana, Jaipal Reddy : You all have been constant support.
In Memory of : Dhrubajyoti Ghosh, my closest human being. RIP

numbers=left, stepnumber=1, numberstyle=, numbersep=10pt language=Perl,style=numbers,style=MyFrame,frame=lines , basicstyle= language=Java,style=numbers,style=MyFrame,frame=lines , basicstyle= language=Python,style=numbers,style=MyFrame,frame=lines , basicstyle=

## 1. Introduction

Fast generation of high quality random numbers using simple arithmetic methods are elusive. The most elusive aspect about generating random numbers is that one can never be sure, if the produced numbers are really random. That is exactly why a background theory is needed for it, and a set of standardized statistical tests must certify the numbers as random.

Robert R. Coveyou suggested : “The generation of random numbers is too important to be left to chance.”. Almost same theme is reiterated in the immortal words of Knuth [4] “one should not expect arbitrary algorithms to produce random numbers, a theory should be involved” . The great Von Neumann asserted randomness lies beyond the realm of arithmetic: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin.” As it turned out to be, Von Neumann might not had been exactly correct, and that is what the authors want to present in the current paper.

Until recently it was assumed that randomness comes out of complexity. However, it can also be an effect of chaotic dynamics [7]. Properties of a chaotic system would be discussed in the section 2. Many people misleadingly talk about as if there are various sources of randomness. According to some authors [7] , the fundamental source of randomness, if at all any, is Heisenberg Uncertainty Principle.

A practical viewpoint is : Randomness occurs to the extent that something can not be predicted. Randomness is a matter of degree, and lies in the eyes of the beholder. Poincare pointed out that the classic random outcome of a die throwing or a flipping coin, comes from sensitive dependence to the initial condition. A small perturbation causes a large difference in the final outcome, thereby making prediction difficult. This sensitive dependence is a hallmark of Chaos [10].

Chaotic trajectories even look random, and they pass many classic “tests” of randomness. This in fact generates the principle of equivalence between chaotic and random systems, as discussed in [1].

Furthermore, chaotic systems might arise in very simple forms of iterative maps [9] [10] (definition 2.1). Two such simple looking systems are discussed in the section 2, both exhibiting complex behavior. They form the operating principle (or the theory) behind the proposed random number generator is presented.

However, chaotic systems trajectories sometimes can approach the subset of the state space called attractors, thereby drastically reducing the perceived randomness. This is a natural outcome of running the simulation in digital computer, where the precision of the state point is limited to fixed number of bits of information, without arbitrary precision, the simulated chaotic system would get into a cycle.

The practical principle of garnering randomness out of chaotic systems would be then, to ensure, that the system trajectory does not end up being in an attractor. Practical generation of random digits (bytes) are the topic of discussion in section 3.

Finally, the result of two of the industry standard statistical test suites are presented in section 4. It was found that the generated random byte stream passes all these industry standard tests, thereby making the generated numbers suitable even for cryptography.

## 2. Theory of Operation

In this section we would discuss the operating principle of the proposed random number generator, and prove that, the iterative map is Devany Chaotic (definition 2.2 [3] ). Some of the prerequisite terms and definitions can be found in Appendix A.

We start with the idea of a fixed point iteration, or a single dimensional discrete dynamical system.

Let there be a function where is a metric space (definition A.2). Lets start with , and let . Let .

###### Definition 2.1.

Iterative Function.

The general form :-

 xn+1=f(xn)

is called iterative function system, or a fixed point iteration, which is a type of single dimensional discrete dynamical system, or map.

Many iterated systems exhibit what is known as “chaotic behavior”. “Chaos” however remains a tricky thing to define. In fact, it is much easier to list properties that a system described as “chaotic” has rather than to give a precise definition of chaos [3].

###### Definition 2.2.

Chaotic Systems.

A chaotic fixed point iteration (dynamical system 2.1 ) is generally characterised by:-

1. Having a dense (definition A.6) collection of points with (definition A.3) periodic orbits.

2. Being sensitive to the initial condition of the system (so that initially nearby points can evolve quickly into very different states), a property sometimes known as the butterfly effect.

3. Being topologically transitive (definition A.7).

### 2.1. Discontinuous Maps

The map we would be discussing here is . This is a discontinuous map. Unfortunately, while literature is filled with material on continuous maps, very few are really available on discontinuous maps [2]. Reciprocal of any continuous map becomes discontinuous on the set of zeros of the original map.

For example the map is a reciprocal map of , while the zero of the original , became a point of discontinuity.

In general there is nothing interesting about these type of reciprocal maps, as this specific one has a fixed point , and while iterated would immediately converge to one of them.

But, these maps behave very differently when put into a circle domain, that is in modular form.

Such a modular form for the map is:-

 xn=(1x2n−1)mod1;x∈(0,1)

For some maps which are inherently periodic, this contraption becomes a natural choice to investigate their behaviour.

For example we can define the reciprocal map , whose domain is :-

 D=R∖{(2n+1)π/2};n∈Z

But what happens in real is modular arithmetic with period . Hence, any output or should be treated modulo , due to periodicity of . In this case, the modified system have the domain changed from to :-

 Dπ=[0,π/2)∪(π/2,π]

The output range should also be changed accordingly to :-

 xn=1cos(xn−1)modπ

This works in a domain where are actually the same point. Notice the unnecessary use of the period in the definition. Therefore, we can generalise this for any periodic function with a period and we can go a step beyond to always normalise the domain and range as the same interval: a.k.a the unit circle :-

 I=(0,1)

by introducing the following definition of normal maps:-

###### Definition 2.3.

Normalised Maps.

Let be any function with a period . Then:-

 Ng(x)=g(xT)modTT;x∈(0,1) (2.1)

is called the normalised rational map form of .

With this definition is mind, lets see how a modulus operation applies on a linear map with mod . We note that obviously when , would become zero, and would generate discontinuity, but while , the derivative remains . The modulus operation does not change the derivative of the underlying function, just makes it undefined at periodic points .

Comparing equation (2.1) of definition 2.3 with the sawtooth map equation (2.2) suggests that the map would become a sawtooth type map, which is known to be of chaotic type, given the slope is greater than 1, that is .

 f(x)=m(1−x)mod1;m∈R (2.2)

In case of a general function , only the slope would vary, which would become a function of x itself as in :-

 m(x)=g′(x).

A normalized function (definition 2.3) diverging to infinity (having singularities) would still have the derivative of its non modular analog, but would have introduced countable discontinuities due to modular operation.

Image (1) demonstrate the effect modularisation has on the function . Note the discontinuities appearing on the side of , they are all chopped off to , and as we are mapping a potentially infinite length with unit interval, we would need countable amount of them.

The fixed point can not be reached from anywhere in the domain now. If an iteration value gets close to the value , in the next iteration it would be pushed back to the left side of the map, with . Which means it would go into the zone of the chaos, where it will be eventually pushed back to any point other than 1. This dynamics is what essentially generates the chaotic behaviour in the system. These type of systems have tremendous sensitivity to initial condition.

In fact, the modularisation makes many trivial map act in a non trivial way, for example the always 3-cycle map of under the normal form

 xn=11−xmod1;x∈(0,1)

becomes just as chaotic as depicted in Image 1.

In this regard, it is curious to note how modulus operation can generate chaotic behaviour. Modulus operation is a very special case of the general discontinuous maps studied in [2], which we define next.

###### Definition 2.4.

Sharkovosky Chua Type Map [2] : .

Let with be map such that:-

1. is continuous everywhere except points :-

 D={z1,z2,...,zr};r∈Z
2. is monotonic in the interval for , with .

3. The limits

 limx→zi−0f(x)≠limx→zi+0f(x)

and

 limx→zi±0=f(x)∈{a,b}∀i
4. It is expansive . For every point there exists an interval containing the point such that:-

 d(f(U))>ld(U)

for every interval where is the length of the interval .

then, is called a Sharkovosky Chua Type Map.

Note that the original papers [2] definition does admit countable number of infinities, but that admission does not change any property of the map with respect to chaotic behaviour, in fact augments it.

Now, we would introduce a special class of maps with more general properties then Sharkovosky Chua type maps, these maps allow a specific type of non expansive intervals in the function domain.

###### Definition 2.5.

Generalized Sharkovosky Chua Type Map : .

A function is said to be of Generalised Sharkovosky Chua type , iff the function has the properties from (2,3) and modified (1, 4) with the following:-

1. Countable number of discontinuity.

2. Every element such that , has an element in forward orbit such that .

3. It is expansive . For every point there exists an interval containing the point such that:-

 d(f(U))>ld(U)

for every interval where is the length of the interval .

###### Lemma 2.1.

Reduction to Sharkovosky Chua Type Map.

A Generalised Sharkovosky Chua Type map (definition 2.5 ) can be contracted into a Sharkovosky Chua Type map (definition 2.4).

###### Proof.

The reduction is straight forward.

Informally, we contract the orbits from an expansive region to a non expansive region, to another expansive region.

As the intervals forwards all the points to the points such that , we can contract those iterative steps (the orbit from ) into a single step, and eliminate the whole intervals where , thereby contracting the intervals, and no point remains where .

###### Theorem 2.1.

Sharkovosky Chua Type Maps are Chaotic.

Sharkovosky Chua Type Maps are chaotic, so are the generalised Sharkovosky Chua Type maps.

###### Proof.

This has been discussed in [2]. As the generalised Sharkovosky Chua maps can be contracted into a Sharkovosky Chua map, they are chaotic too. ∎

Now we give one example of a normalised map that is not in . Curiously , the map , because the non expansive zone does not push the orbit back to the chaotic zone, as required by definition (2.5) property (3). As the fixed point (about 0.37) lies in the non expansive zone, the map converges, and is not chaotic at all.

This can nicely be explained with the Image 2, see at the zone where the function has zero, does not have the expansive property, the zone is stable.

What maps are of Generalised Sharkovosky Chua type ? Take a polynomial map with singularity, normalise it, it probably goes in . Examples are map, map. The trigonometric reciprocal maps , so is the map The map and .

Finally, the map , which is discussed in the next subsection.

### 2.2. Reciprocal Cot Squared Map.

In this subsection we discuss the dynamics of the map. This is formally represented by equation (2.3)

 (2.3)

This map can is presented in the semi normal form, that is the domain as but the range is in in the figure (3). In the figure (3), we did not present the singular points and draw only the range .

It is apparent that due to symmetry, to normalise the function it can be taken as in instead of , as if we normalise with period , the normalised function would be .

The function normalisation can be seen in figure (4).

###### Theorem 2.2.

Iteration of is chaotic.

The iteration of by being a generalised Sharkovosky Chua type map 2.1 is chaotic.

###### Proof.

The normalised function (definition 2.3) form for with period can be written by equation (2.4).

 Nc(x)=2π(cot2(πx2)modπ2) (2.4)

It is apparent from the figure (4) that for values of the next value would be in the chaotic zone, depicted in figure (5).

The derivative is :-

 ∣∣∣d[cot2(x)]dx∣∣∣=∣∣∣2cos(x)sin3(x)∣∣∣ (2.5)

We note that the derivative only when however, at that point the next would push it between which is a massively chaotic zone as depicted by figure (5). Hence, every non expansive point maps back into the zone of chaos, which is also the expansive zone with .

Hence equation (2.4) satisfies condition of generalised Sharkovosky Chua type map, and hence is chaotic. ∎

We now present the theorem of principle of equivalence between chaotic and random behavior, which would be used to apply the random behaviour of the iterate .

In a very insightful paper [1] it has been proven that:- chaotic and random systems are observationally indistinguishable. If that is the case, then, one can replace a random system by an equivalent chaotic system, and vice versa, as has been argued in [1].

###### Theorem 2.3.

Chaotic systems and Random Systems are Observationally Equivalent [1].

A chaotic system can be observationally replaced with a random system, and vice versa.

## 3. Experimental Validations

As the theorem 2.3 suggests, by virtue of being chaotic, the iteration of theorem (2.2) could serve as a randomness generator. However, there are cautionary words involved because arbitrary precision is needed while doing so.

When the digits are of finite precision, say 2 digits before and after decimal, the system can not exhibit an arbitrary long period, as the total number of states possible are . In general if the number of digits in base are of , then the maximum possible number of states becomes:- which is still finite. However, as we keep on increasing , increases exponentially, and the chance of repeat decreases.

The perl code for computing the iteration of is presented here.

sub cot
{
my $x =$_[0];
cos($x) /sin ($x) ;
}
while ( 1 )
{
printf  "%.18f\n", $x ;$x = cot($x) ** 2 ; } The above code generates , which is not well suited for visualizing the generated randomness. A chaotic dense orbit can only be visualized in case of a bounded domain. To move the resulting value in the bounded domain the following code can be used:- while ( 1 ) {$x = cot($x) ** 2 ; my$fract = $x - int ($x ) ;
printf "%.18f\n", \$fract ;
}

This code generates . The result of the iteration is dense (definition A.6) as depicted in the figure 7, and a close-up view of the iteration is shown in the figure 8.

However, all industry standard statistical tests run on binary byte streams of data. Therefore to test for randomness one has to transform this sort of random “real” data points into a stream of random bits.

Hence, we needed to convert this apparently random iteration values into stream of bytes so that randomness test suites like diehard/NIST can be used to verify the randomness. This is discussed in the next subsection.

### 3.1. Digital Representation of Real

The IEEE floating point specification mandates that the double representation would be of 64 bits or 8 bytes. If the representation starts with bit number as and ends with bit number as , then, the is exponent of the number, while is the sign bit. In byte wise notation it is .

So, if the function is really chaos generating, then, if we can gather the mantissa : of the , the resulting bitstream should behave as random. However, it wold not be optimal for extracting , as they are not in the byte boundaries. A better, faster option would be discarding 2 of the most significant bytes, that is and taking the other bytes as random bytes.

The Python language uses call to show the floating point number :-

 [sign][0x]integer[.fraction][pexponent]

Hence, the following python code demonstrates the exact random bytes as in the hexadecimal string.

import math
import time
x = time.time() #Seed it, go to Chaos.
x = x - math.floor( x )
while True:
y = math.tan(x)
y = y * y
x = 1.0/y
s = x.hex()
a = s.split(".")
b = a[1].split("p")
s = b[0]
print s

The resulting output is shown below:-

49c07b03923a2
2201d34423ec8

The following Java class code precisely accomplishes the same thing:-

public class DoubleImpl  {
private double number;
public DoubleImpl()
{
number = System.nanoTime() ;
}
public double getNumber()
{
double r = Math.tan(number) ;
number = 1/(r*r) ;
return number;
}
public byte[] getRandomBytes()
{
long l = Double.doubleToRawLongBits(getNumber());
byte[] bytes = toByta_StripSignByte(l);
return bytes;
}
/* Return bytes from B_5 to B_0  here */
public static byte[] toByta_StripSignByte(long data) {
return new byte[] {
(byte)((data >> 40) & 0xff),   //B_5
(byte)((data >> 32) & 0xff),   //B_4
(byte)((data >> 24) & 0xff),   //B_3
(byte)((data >> 16) & 0xff),   //B_2
(byte)((data >> 8) & 0xff),    //B_1
(byte)((data >> 0) & 0xff)     //B_0
};
}
}

The above code is platform independent, and authors also wrote a faster C implementation.

## 4. Results of The Statistical Testing

For statistical testing suites a binary file is to be passed to the test suite, which is then read as a stream of random bits.

We called the getRandomBytes function (which generates 6 random byte each time it gets called) to generate medium (min:600 Mega Bytes) to long ( Max: 6 Giga Bytes) binary files.

On a 2.66 GHZ Core 2 Duo Macbook pro, with OS X Lion, using the C langauge variant , the 60 Megabyte file takes 2 sec, for 600 MB 19 sec, and 6 Giga Bytes of random bytes generation takes 290 secs.

This file, was passed to the diehard family [5] of test suite. The findings are summarised in the table [1].

However, diehard is an old generation of test suite, and NIST suite [6] is the current industry norm for randomness testing. This generator passes all the NIST suite [6] tests with ease. The file size of 6 gigabyte was passed to the NIST suite, with minimum bitstream length of 10000 bits, with minimum number of bitstream 1000, to a maximum of 10000. The resulting p-values are aggregated over all the bitstreams.

The results are summarized in the table [2].

The premise of the operation of the generator is the theorem 2.2. Due to the nature of the iteration (chaotic), the following properties are true :-

1. Hard to Predict.

The seed of the generator is , which can be an arbitrary precision floating point value. For the orbits of the iteration with and with the resulting byte stream start differing from the 3rd byte. The choice of the default initial value as current systems time in nano second, makes it impossible to track and predict the value for any iteration, unless absolutely precise time synchronisation is achieved between two systems.

Due to machines architectural and implementation differences, the same code produces two completely different byte streams in C++ and Java. Unless one knows the exact architecture of the machine and environment (language of implementation) on which the algorithm is running, it would be hard to predict the outcomes.

2. Conjectured to be Unique.

For sufficient precision , the value of the will almost never repeat. The machine simulation shows this to be true for default precision, up to millions of iterations. Given the whole system can be made using arbitrary precision floating point arithmetic libraries of choice, then the values would be almost surely unique.

3. Fast Algorithm.

The java implementation for this random generator is faster than

 java.security.SecureRandom

implementation. To generate a 600 mega byte of random bytes, using 6 bytes of buffer, current java implementation takes 150 seconds on a SUN Ultra-SPARC machine, running java 7 on SOLARIS, while SecureRandom takes more than 230 Seconds.

## 6. Summary and Future Works

In this paper we have demonstrated a computationally easy and fast method of generating very good random numbers for all practical purposes, including cryptography. Arbitrary large random chunk of bytes can be generated if we take an arbitrary precision Real Number implementation like BigDecimal in Java, albeit the number generation would get slower. On the flip side, as the principle is well established, we can guarantee arbitrarily large period for the random number generator.

## Appendix A Definitions of The Theory Section.

###### Definition A.1.

Fixed Point of a function.

For a function , is said to be a fixed point, iff .

###### Definition A.2.

Metric Space.

A metric space is an ordered pair where is a set and is a metric on , i.e., a function:-

 d:M×M→R

such that for , the following holds:-

1. iff .

The function ‘’ is also called “distance function” or simply “distance”.

###### Definition A.3.

Orbit.

Let be a function. The sequence where

 xn+1=f(xn);xn∈X;n≥0

is called an orbit (more precisely ‘forward orbit’) of .

###### Definition A.4.

Period of An Orbit.

The length of the orbit (definition A.3 ) is called the period of the orbit. Hence, for an orbit the period ‘’ is:-

 p=|O|

is said to have a ‘closed’ or ‘periodic’ orbit if or the period is not infinity.

###### Theorem A.1.

Convergence Criterion for a Fixed Point Iteration (Banach Fixed Point).

Iteration of a function would converge to the fixed point iff:-

 |f(x)−f(x∗)|≤|x−x∗|

where where is called the basin of attraction.

That means, in short if be the fixed point, and in the neighbourhood of the then the fixed point iteration won’t converge at the fixed point .

###### Definition A.5.

Topological Space.

Let the empty set be written as : . Let denotes the power set, i.e. the set of all subsets of . A topological space is a set together with satisfying the following axioms:-

1. and ,

2. is closed under arbitrary union,

3. is closed under finite intersection.

The set is called a topology of .

###### Definition A.6.

Dense Set.

Let be a subset of a topological space . is dense in for any point , if any neighborhood of contains at least one point from .

The real numbers with the usual topology have the rational numbers as a countable dense subset.

###### Definition A.7.

Topological Transitivity

A function is topologically transitive ,if, given any every pair of non empty open sets , there is some positive integer such that

 fn(A)∩B≠∅.

where means n’th iterate of .

## References

• [1] Werndl, Charlotte . Are Deterministic Descriptions And Indeterministic Descriptions Observationally Equivalent? . Studies in History and Philosophy of Science Part B: Studies in History and Philosophy of Modern Physics, Volume 40, Issue 3, August 2009, Pages 232-242
• [2] Sharkovosky, A.N and Chua, L.O. . Chaos in Some 1-D Discontinuous Maps that Appear in the Analysis of Electrical Circuits . IEEE Transactions on Circuits and Systems -1 : Fundamental Theory and Applications, Volume 40, No 10, October 1993, Pages 722-731
• [3] Devany, Robert . An Introduction to Chaotic Dynamical Systems . Westview Press; Second Edition (January 2003)
• [4] Knuth, Donald . The Art of Computer Programming, Volume 2 : Seminumerical Algorithms . Addison-Wesley
• [5] Marsaglia, George . Diehard Battery of Tests of Randomness
• [6] National Institute of Standards and Technology. NIST Test Suite of Randomness
• [7] Farmer, J. Doyne and Sidorowich, John J. , Exploiting Chaos to Predict the Future and Reduce Noise . Evolution Learning and Cognition, World Scientific, 277-328
• [8] Ghosh, P. and Mondal, Nabarun Universal Computation is ‘Almost Surely’ Chaotic. arXiv:1111.4949v1 [cs.CC]
• [9] Strang, Gilbert, A chaotic search for i. The College Mathematics Journal 22(1), January 1991, 3-12.
• [10] Heinz-Otto Peitgen, Hartmut Jürgens , Dietmar Saupe. Chaos and Fractals New Frontiers of Science. Springer.
You are adding the first comment!
How to quickly get a good reply:
• Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
• Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
• Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters