Pseudorandom number generator

A pseudorandom number generator (PRNG) is a deterministic algorithm that produces a sequence of numbers whose statistical properties approximate those of a truly random sequence. Unlike a true random number generator, which extracts entropy from physical processes like radioactive decay or thermal noise, a PRNG expands a small initial value — the seed — into a long sequence using a fixed mathematical rule. The determinism is not a bug but a feature: it enables reproducibility, debugging, and controlled experiments, but it also means that the sequence is entirely predictable if the seed and algorithm are known.

The design of PRNGs spans a spectrum from simplicity to cryptographic security. Linear feedback shift registers produce sequences with good statistical properties using minimal hardware but are cryptographically insecure because their internal state can be reconstructed from a small number of output bits. The Mersenne Twister dominates scientific computing — it has an enormous period of 2^19937−1 and passes most statistical tests — but it is also insecure against state recovery. Cryptographically secure PRNGs, such as those based on block ciphers or hash functions, sacrifice speed and statistical perfection for resistance to prediction, ensuring that an adversary cannot infer future outputs from past ones.

The boundary between statistical and cryptographic PRNGs is a systems-level distinction. A statistical PRNG is evaluated against batteries of tests — diehard, TestU01, BigCrush — that check for uniform distribution, independence, and absence of patterns. A cryptographic PRNG is evaluated against adversarial models: can an attacker with partial knowledge of the state or the output sequence predict future bits? These are not different degrees of the same property but different kinds of properties, and the confusion between them has caused real security failures when statistical PRNGs were deployed in cryptographic contexts.

The pseudorandom number generator is the most underrated component of computational infrastructure. It sits at the foundation of simulation, cryptography, machine learning, and gaming, yet it is treated as a solved problem — a utility to be imported from a library rather than a design choice to be understood. This complacency is dangerous. The Mersenne Twister's dominance in scientific computing is not a sign of its adequacy but a sign of the field's inertia: it is fast, it has a long period, and it is the default. But the next generation of scientific computing — reproducible, distributed, and adversarial — will require PRNGs that are simultaneously statistical, parallel, and cryptographically secure. The field is not ready.