816 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS—I: REGULAR PAPERS, VOL. 54, NO. 4, APRIL 2007 A Class of Maximum-Period Nonlinear Congruential Generators Derived From the Rényi Chaotic Map T. Addabbo, Student Member, IEEE, M. Alioto, Member, IEEE, A. Fort, Member, IEEE, A. Pasini, S. Rocchi, Member, IEEE, and V. Vignoli, Member, IEEE Abstract—In this paper, a family of nonlinear congruential gen- erators (NLCGs) based on the digitized Rényi map is considered for the definition of hardware-efficient pseudorandom number generators (PRNGs), and a theoretical framework for their study is presented. The authors investigate how the nonlinear structure of these systems eliminates some of the statistical regularities spoiling the randomness of sequences generated with linear tech- niques. In detail, in this paper, a necessary condition that the considered NLCGs must satisfy to have maximum period length is given, and a list of such maximum period PRNGs for period lengths up to is provided. Referring to the NIST800-22 statistical test suite, two PRNG examples are presented and compared to well-known PRNGs based on linear recurrencies requiring a similar amount of resources for their implementation. Index Terms—Digital circuits, nonlinear systems, random number generators (RNGs), sequences. I. INTRODUCTION R ANDOM number generation is a key issue in many applications, such as cryptography, stochastic simula- tions, testing of digital circuits and telecommunication systems [1]–[4]. In most of these applications, random numbers are generated by means of pseudorandom number generators (PRNGs), which are finite state machines that freely evolve after being initialized by an initial state (seed), chosen within the state space. The aim of a PRNG is to emulate, within the period, an information source issuing mutually independent and evenly distributed symbols, thus generating sequences that appear to be random [5]. As shown in Fig. 1, the basic architec- ture of a digital PRNG includes a memory block consisting of flip-flops storing the present state , an input forming logic which evaluates the next state according to the recursive relationship , and an output forming logic, which evaluates the current output . Typically, by means of a proper normalization, the function provides numbers belonging to the unit interval [0, 1). When the output get values belonging to , the PRNG is a pseudo- random bit generator (PRBG). The architecture of Fig. 1 can be complicated introducing further memory dependencies in the definition of the state, i.e., . Nevertheless, in such cases, by rearranging the system state Manuscript received July 21, 2006; revised October 20, 2006. This paper was recommended by Associate Editor L. Kocarev. T. Addabbo, M. Alioto, A. Fort, S. Rocchi, and V. Vignoli are with the De- partment of Information Engineering, University of Siena, Siena, 53100 Italy (e-mail: vignoli@dii.unisi.it). A. Pasini is with the Math Department “R.Magari,” University of Siena, Siena, 53100 Italy. Digital Object Identifier 10.1109/TCSI.2007.890622 Fig. 1. General architecture of a digital PRNG. space dimension with a proper expansion, the obtained system can be traced back to the architecture of Fig. 1. For the definition of the input forming logic function , linear transformations (or linear recurrences) are a popular choice. An example is the mixed multiple recursive generator (1) where the modulus and the order are positive integers, and the coefficients and are nonnegative integers [6], [7]. Expression (1) is used in a wide class of PRNG which includes the well-known families of linear feedback shift reg- isters (LFSRs) and linear congruential generators (LCGs) [5]. The use of linear recurrences allows for the definition of PRNGs which are very efficient in terms of both high throughput and low hardware (or software) complexity implementations. As a drawback, as it is discussed in Section V, although nowadays for this kind of systems the theoretical background is strong and reliable, PRNGs based on linear recurrences typically gen- erate sequences whose randomness is affected by some unde- sired regularities, and therefore not suitable for a wide class of applications (e.g., cryptographic applications) [8]. Nonlinear generators have been widely investigated as al- ternatives to generators based on linear recurrences. One well- known example is the Blum, Blum, and Shub generator, whose input forming logic is , where is the product of two distinct primes, both congruent to 3 modulo 4, and for which the initial seed has to be chosen prime with respect to [6]. Several other nonlinear generators have been proposed, and typically they do not suffer from the regu- larity problems as much as PRNGs based on linear recurrences. Nevertheless, as a drawback, the nonlinear generators are typi- cally characterized by a higher computational complexity than the latter PRNGs, needing either more hardware resources or much more processor time [6], [7]. 1549-8328/$25.00 © 2007 IEEE