Contents

# ARS5

This is a keyed family of counter-based BRNGs. The state consists of 128-bit integer counter
c
and a 128-bit key
k
. The BRNG is based on the AES encryption algorithm [FIPS-197]. The 32-bit output is obtained in the following way [Salmon2011]:
1. The
i
-th number is defined by the following formula:
ri
=
(
f(i/4
) >> ((i mod 4) * 32) mod 232
2. Function
f(c
)
takes 128-bit input and produces 128-bit result obtained in the following way:
1. Put
c
0
=
c xor k
and
k
0
=
k
.
2. The following recurrence is calculated N times:
1. ci+1
=
SubBytes(c)
2. ci+1
=
ShiftRows(ci+1)
3. ci+1
=
MixColumns(ci+1)
, this step is omitted if
i + 1 = N
4. c
i+1
=
5. Lo(ki+1
)
=
Lo(
k)
+ 0x9E3779B97F4A7C15
Hi(ki+1
)
=
Hi(
k)
+ 0xBB67AE8584CAA73B
3. Put
f(
c
) = cN
, where
N
= 5
3. Real output:
un = (int)rn/232 + ½
Specification for the
SubBytes
,
ShiftRows
,
MixColumns
and
functions can be found in [FIPS-197].
Real Implementation (Single and Double Precision)
The output vector is the sequence of the floating-point values
u
0
,
u
1
, ...
Integer Implementation
The output vector of 32-bit integers
r
0
,
r
1
, ...
Stream Initialization by Function
vslNewStream
ARS5 generates the stream and initializes it specifying the 32-bit input integer parameter seed. The stream state is two 128-bit numbers
c
and
k
initialized in the following way:
1. Assume
k
= seed.
2. Assume
c
= 0.
Stream Initialization by Function
vslNewStreamEx
ARS5 generates the stream and initializes it specifying the array
params[]
of
n
32-bit integers:
1. If
n
= 0, assume
c
=
k
= 0.
2. If
n
= 1, assume
k
= params[0],
c
= 0.
3. If
n
= 2, assume
k
= params[0] + params[1]*2
32
,
c
= 0.
4. If
n
= 3, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
,
c
= 0.
5. If
n
= 4, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
+ params[3]*2
96
,
c
= 0.
6. If
n
= 5, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
+ params[3]*2
96
,
c
= params[4].
7. If
n
= 6, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
+ params[3]*2
96
,
c
= params[4] + params[5]*2
32
.
8. If
n
= 7, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
+ params[3]*2
96
,
c
= params[4] + params[5]*2
32
+ params[6]*2
64
.
9. If
n
>= 8, assume
k
= params[0] + params[1]*2
32
+ params[2]*2
64
+ params[3]*2
96
,
c
= params[4] + params[5]*2
32
+ params[6]*2
64
+ params[7]*2
96
.
Subsequences Selection Methods
Generator Period
Empirical Testing Results Summary
Test Name
vsRngUniform
vdRngUniform
viRngUniform
viRngUniformBits
3D Spheres Test
OK (20% errors)
OK (20% errors)
Not applicable
OK (20% errors)
Birthday Spacing Test
Not applicable
Not applicable
Not applicable
OK (0% errors)
Bitstream Test
Not applicable
Not applicable
Not applicable
OK (15% errors)
Rank of 31x31 Binary Matrices Test
Not applicable
Not applicable
Not applicable
OK (0% errors)
Rank of 32x32 Binary Matrices Test
Not applicable
Not applicable
Not applicable
OK (0% errors)
Rank of 6x8 Binary Matrices Test
Not applicable
Not applicable
Not applicable
OK (0% errors)
Counts-the-1’s Test (stream of bits)
Not applicable
Not applicable
Not applicable
OK (0% errors)
Counts-the-1’s Test (stream of specific bytes)
Not applicable
Not applicable
Not applicable
OK (0% errors)
Craps Test
OK (30% errors)
OK (30% errors)
OK (30% errors)
OK (30% errors)
Parking Lot Test
OK (10% errors)
OK (10% errors)
Not applicable
OK (10% errors)
2D Self-Avoiding Random Walk Test
OK (20% errors)
OK (10% errors)
Not applicable
OK (10% errors)
Note
1. The tabulated data is obtained using the one-level (threshold) testing technique. The OK result indicates FAIL < 50%. The run fails when p-value falls outside the interval [0.05, 0.95].
2. The stream tested is generated by calling the function
vslNewStream
with seed=7,777,777.

#### Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804