On the F2-linear relations of Mersenne Twister pseudorandom number generators

Abstract

Sequence generators obtained by linear recursions over the two-element field F2, i.e., F2-linear generators, are widely used as pseudorandom number generators. For example, the Mersenne Twister MT19937 is one of the most successful applications. An advantage of such generators is that we can assess them quickly by using theoretical criteria, such as the dimension of equidistribution with v-bit accuracy. To compute these dimensions, several polynomial-time lattice reduction algorithms have been proposed in the case of F2-linear generators. In this paper, in order to assess non-random bit patterns in dimensions that are higher than the dimension of equidistribution with v-bit accuracy,we focus on the relationship between points in the Couture--L'Ecuyer dual lattices and F2-linear relations on the most significant v bits of output sequences, and consider a new figure of merit Nv based on the minimum weight of F2-linear relations whose degrees are minimal for v. Next, we numerically show that MT19937 has low-weight F2-linear relations in dimensions higher than 623, and show that some output vectors with specific lags are rejected or have small p-values in the birthday spacings tests. We also report that some variants of Mersenne Twister, such as WELL generators, are significantly improved from the perspective of Nv.