Download The period of pseudo-random numbers generated by Lehmer`s

The period of pseudo-random numbers generated by
Lehmer's congruential method
A. T. Fuller
Cambridge University Engineering Department, Control Engineering Group, Mill Lane,
Cambridge CB2 1RX
Lehmer has given a congruential method for generating a sequence of pseudo-random numbers.
A known technique is available for checking whether the period of the sequence is maximal. In the
present note it is shown how to calculate the period, whether or not this is maximal. The procedure
is applied to various cases of Lehmer's sequences and it is found that, contrary to previous assertions,
certain cases do not have maximal period.
The theory of Lehmer's sequences is also made more accessible for non-experts in number theory.
(Received January 1975)
1. Introduction
In 1949 D. H. Lehmer proposed the congruential method of
generating a sequence of pseudo-random
numbers
If
x0, xu x2
In this method each member of the sequence
generates its successor by means of the following algorithm.
The integer xn is multiplied by a (constant) integer k, the product
is divided by a (constant) integer m, and the resulting remainder
is taken as xn+i. Thus
xn+l = kxn (mod m) (n = 0, 1,. . .) .
(1.1)
Lehmer did not give the theory of his method. This theory was
first discussed in unpublished reports by Duparc, Lekkerkerker
and Peremans (1953) and Juncosa (1953), and since then has
been further developed in many papers. See reviews and
bibliographies by Tocher (1963, 1967), Hull and Dobell (1962),
Hammersley and Handscomb (1964), Jansson (1966) and
Halton (1970).
However the available theory is still somewhat fragmentary
and inexplicit. It has not emerged clearly how one calculates
the period of sequence (1.1) in the important case when the
modulus mis a large prime or has a large prime as a factor.
In what follows the theory will be consolidated and made
more accessible. Some known multipliers k and moduli m will
be investigated, and certain values of k will be found not to
yield the maximal period for given m, contrary to previous
assertions.
The length of the period is of course not the only matter of
interest in a generator. For a discussion of other factors see
Knuth (1969).
k = 0 (mod m)
(2.8)
(2.6) shows that JC15 x2,. • • are all zero. The sequence is then
useless as a supply of pseudo-random numbers. We therefore
take
jc0 # 0 (mod m)
(2.9)
k # 0 (mod m)
(2.10)
2. Preliminary theory
In the ensuing treatment all numbers are integers. With the
notation of Gauss (1801), a congruence may be written (see e.g.
Young, 1911; and Ore, 1948)
a = b (mod m)
(2.1)
This means that [a — b) is divisible by m. Two basic properties
of congruences will be repeatedly used in the sequel and are as
follows. If (2.1) holds, so does
ua = ub (mod m)
(2.2)
where u is any integer. If (2.1) holds, so does
a" = b° (mod m)
(2.3)
where v is any non-negative integer. These properties follow
from the fact that if (a — b) is divisible by m, so are (ua — ub)
and (a" — b°), since both expressions have (a — b) as a factor.
Applying property (2.2) to (1.1) with n = 0, we have
(2.4)
kxt = k2x0 (mod m)
i.e.
x2 = k2x0 (mod tri)
(2.5)
Similarly
xn = k"x0 (mod m)
(2.6)
Volume 19 Number 2
x0 = 0 (mod m)
(2.7)
or if
i.e. neither x0 nor A: is a multiple of m.
To begin with we shall restrict attention to the case when the
modulus m is a prime number/?:
m=p
(2.11)
so the sequence of x's satisfies
(2.12)
* n + i = kxH (mod/0 (« = 0, 1, 2, . . .) .
From (2.6) and (2.11) the sequence begins to repeat for a value
of n which satisfies
(2.13)
knx0 s x0 (mod/?)
Thus (k"x0 — x0) is divisible by/?, and since x0 is not divisible
by p (see (2.9) and (2.11)), (kn — 1) must be so divisible, i.e.
k" = 1 (mod/?)
(2.14)
Suppose the smallest positive integer n satisfying (2.14) is d.
Then dmay be called the period of the sequence (Lehmer, 1949).
Our problem is to calculate d for a given modulus/? and a given
multiplier k.
Note that in the literature on number theory the number d
is given the following assortment of names: the exponent to
which k belongs (Gauss, 1801), indicator (Cauchy, 1841),
gaussian (Lucas, 1891),haupt-exponent(e.g. Cunninghams? a/.,
1922), and order (Nagell, 1951). Moreover some of these terms
are used in different senses by various writers.
3. Basic theorems
The following theorems are basic in number theory.
Theorem 1 (Fermat, 1640):
Let p be a given prime and kbea given positive integer satisfying
(3.1)
k # 0 (mod p)
Then
(3.2)
kp~l=\
(mod/?)
Theorem 2 (Euler, 1761):
Let k and m be given positive integers satisfying
k # 0 (mod m)
(3.3)
Let d be the smallest of the positive integers n satisfying
k" = 1 (mod m)
(3.4)
173
j = Pi + 1, pt + 2,...,
Then d divides any other n satisfying (3.4).
Theorem 3 (Fermat, 1640):
Let p be a given prime and k be a given positive integer satisfying
k # 0 (mod/?)
(3.5)
Let d be the smallest of the positive integers n satisfying
k" = 1 (mod/?)
(3.6)
Then d divides (p — 1).
Proofs of theorems 1 and 2 are given by Ore (1948). Theorem 3
is an immediate consequence of theorems 1 and 2.
4. Primitive roots
Theorem 3 shows that the maximum possible value of the
period is (p — 1). Suppose that for a certain multiplier k the
period d does take the value (p — 1). Then k is said to be a
primitive root (mod/?), a term due to Euler (1773).
When choosing the multiplier k one usually tries to select k
as a primitive root to obtain as long as possible a sequence of
pseudo-random numbers without repetition. As proposed by
Duparc et al. (1953) this selection may be done semi-empirically,
by trying successively k = 2, 3, . . . and applying certain tests
to check whether k yields the maximal period.
To test whether a given multiplier k is a primitive root, the
following theorem may be used. In pseudo-random number
theory the theorem was used tacitly by Duparc et al. (1953) and
more explicitly by Orcutt, Greenberger, Korbel and Rivlin
(1961). According to Dickson (1919) the theorem goes back to
Legendre (1785); however Legendre's paper does not state it
very explicitly.
Theorem 4:
Let p be a given prime, and k be a given positive integer satisfying
k^0(modp)
(4.1)
Suppose (p — 1) factorises as
(4.2)
p - 1 =p\lpl
•P°rr
where pu p2, • • -,pr are distinct primes ( > 1) and au a2, . .., et,
are positive integers. Then a set of necessary and sufficient
conditions for k to be a primitive root (modp) is
.£ j ( m o d / >) (/- = i, 2, . . ., r) .
(4.3)
k(P-i)/Pl
A proof of this theorem is given in the Appendix.
5. Calculation of period
The previous theorem enables us to test whether A: is a primitive
root. The next theorem goes further and enables us to find the
period yielded by k, whether or not k is a primitive root.
Theorem 5:
Let p be a given prime and k be a given positive integer satisfying
k # 0 (mod/?)
(5.1)
Suppose p — 1 factorises as
p-l=p?p?...p?
(5.2)
where pu p2, . . ., pr are distinct primes (> 1) and a1, a2,. . ., ar
are positive integers. Then the smallest positive integer d satisfying
kd = 1 (modp)
(5.3)
is given by
d = p?->> p?-'* ...pa/-Pr
(5.4)
where Pu fi2, . . ., pr are non-negative integers determined by the
following conditions. For each i = 1 , 2 , . . . r the congruence
ip-iyy = l (mod;,)
(5.5)
holds for all values ofj in the range
j = 0, 1, . . ., j?,
(5.6)
and (if Pi < at) (5.5) does not holdfor any value ofj in the range
174
a, .
(5.7)
This theorem is proved in the Appendix.
6. Calculation of residues of large numbers
To use Theorems 4 and 5 we need to evaluate the remainder
obtained on dividing k(p~1Vp\ by p. In the terminology of
congruence theory the remainder is called the least positive
residue. When/? is large, A;(p"1)/P^ becomes very large, and then
the evaluation of the least positive residue is not at first sight
straightforward. Fortunately the following technique, described
by Young (1911) and Ore (1948), is available.
First the least positive residue r0 of k is evaluated:
k = ro (modp)
(6.1)
Squaring yields
k2 = r^ = rv (modp) .
(6.2)
Similarly, successive squarings yield the least positive residues
r2,r3,r,,..
of fc\ k\ k16 .. . .
Suppose we wish to evaluate the least positive residue of k".
We express n in the binary scale as
n = aQ2° + a& + a222 + a323 + ...
(6.3)
where the #'s are 0 or 1. Suppose the a's which are 1 are
ax, ap,...,
a^. Then
k" = kz" k*b...
k2" = ra /•„ . . . rM (mod p) .
(6.4)
Finally the least positive residue of the product rarfir7. .. is
found by successive evaluations as follows:
rp = Sp (modp)
ry = sy (modp) .
(6.5)
. . r = j (mod/?)
7. Large primitive roots
The method for finding primitive roots by testing successively
k = 2, 3, . . ., (see Section 4) results in the discovery of relatively
small primitive roots. A small value of k has the disadvantage
that if xn is also small then so is xn+ u thus yielding some degree
of correlation between successive pseudo-random numbers.
To avoid this difficulty Juncosa (1953) proposed first finding
a small primitive root /., then taking as the multiplier in (1.1)
k =r .
(7.1)
Here the exponent a> is a positive integer which has no factors
in common with the maximal period (/? — 1).
The result that (7.1) is a primitive root under the stated
conditions was given e.g. by Gauss (1801), and may be proved
as follows (see Young, 1911): Suppose the result is not true,
i.e. suppose k is not a primitive root, so that
k" = \ (modp)
(7.2)
n <p - 1 .
(7.3)
with
From (7.1) and (7.2)
lna = 1 (mod/?) .
(7.4)
Since / is a primitive root, it follows from Theorem 2 and (7.4)
that (/? — 1) divides nco. But a> by definition has no factors in
common with (/? — 1). Hence (/? — 1) divides n. This result
contradicts (7.3), so that the initial assumption (that k is not a
primitive root) is incorrect. Thus & is a primitive root.
If A: as given by (7.1) is greater than (p — 1), we may use as an
alternative multiplier its least positive residue
k' = k (modp)
(7.5)
as pointed out bj Edmonds (1959). Since k' has fewer digits
than k, some computational economy is gained thereby. The
justification for using k' instead of k is that the two differ by a
The Computer Journal
multiple of p, hence so do kxn and k'xn; therefore replacement
of A: by k' in (1.1) does not change xn+1.
8. Numbers associated with the modulus 2 3 1 — 1
Lehmer (1949) suggested using the Mersenne prime
p = 2 31 - 1 = 2 147 483 647
(8.1)
as the modulus, pointing out that division by this number is a
particularly simple operation when the computer uses the
binary scale. Our aim is to investigate the period obtained with
this modulus, for k = 2, 3 , . . . .To apply Theorems 4 or 5 we
shall need the prime factors of (p — 1). These may be found as
follows (see Ore, 1948; Orcutt et al., 1961).
p - 1 = 2 3 1 - 2 = 2[(25 - 1)(210 + 2s + 1)]
[(25 + 1)(210 - 2 5 + 1)] (8.2)
= 2.32.7.11.31.151.331 .
(8.3)
Consequently the exponents (p — l)/pj appearing in (4.3) and
(5.5) are
(p - l)/2 = 1 073 741 823
(8.4)
(p - l)/3 = 715 827 882
(8.5)
(p - i)/3 2 = 238 609 294
(8.6)
(p - l)/7 =
(p - 1)/11 =
(p - 1)/31 =
306 783 378
195 225 786
69 273 666
(8.7)
(8.8)
(8.9)
O — 1)/151 =
O-l)/331=
14221746
6 487 866
(8.10)
(8.11)
9. Primitive roots for modulus 2 3 1 — 1
Let us evaluate successively the periods corresponding to the
multipliers k = 2, 3 , . . . , until we find a primitive root for the
Mersenne prime
p = 231 - 1 .
(9.1)
Using the method described in Section 6, and the values given
in Section 8, one finds:
(9.3)
(94)
(9.5)
2(P-D/3
2(P-D/9
2(P-D/7
2(P-D/II
=
4096
2(P-1)/331
=
(99)
1
where all the congruences are with respect to the modulus
(9.1). From these results and Theorem 5 it follows that the
period for k = 2 is
d = 31 .
(9.10)
Result (9.10) is easily verified. Thus since
2 31 - 1 = 0 (mod 2 31 - 1)
(9.11)
we have
2 31 = 1 (mod2 3 1 - 1)
(9.12)
which shows that the period is 31 or less; and it cannot be less
than 31 since 31 is prime (see Theorem 2).
Similarly, for k = 3, 4, 5, 6 one finds that the periods are
715 827 882, 31, 195 225 786 and 715 827 882 respectively.
For k = 7 one finds:
7 (P-D/2
7G,-i)/3
=
s
2 147
483
646
_*. j
!5 1 3 4 7 7 7 3 5 ^ j
7 (P-D/7
=
l 205 3 6 2 8g5
7(P-D/II
=
1 9 6 9 2 1 2
^ j
174 ^ i
(9
13)
(9 1 4 )
(9
15)
(9.16)
7(,-D/3i
=
512 # 1
(9.17)
7(p-i)/isi
=
535044 134 # 1
(9.18)
7(p-i)/33i =
Volume 19 Number 2
j7 6 1
855 0 8 3
^ !
(9i9)
where all congruences are with respect to the modulus (9.1).
Since none of these residues is unity, it follows that k = 7 is a
primitive root, yielding the maximal period:
d = 2 31 - 2 = 2 147 483 646 .
(9.20)
Our results confirm an assertion of Liniger (1961) that 7 is the
smallest primitive root and an assertion of Orcutt et al. (1961)
that 7 is a primitive root for modulus 2 3 1 — 1.
To obtain a large primitive root we may raise 7 to a power
which has no factors in common with (p — 1) (see Section 7).
A possible power is 5, yielding a primitive root
k = 75 = 16 807 .
(9.21)
This value has been recommended by Lewis, Goodman and
Miller (1969), who suggest k should be about equal to s/p.
Value (9.21) has also been used by Gustavson and Liniger
(1970).
Another primitive root obtained in this way is
k = 7 1 3 = 96 889 010 407
(9.22)
or, equivalently,
k = 252 246 292 = 7 13 (modp) .
(9.23)
10. Some previously used multipliers
Edmonds (1959) asserted that 13 is a primitive root for the
Mersenne prime 2 3 1 — 1, and proposed using the multiplier
k = 13 13 = 302 875 106 592 253
(10.1)
or equivalently the multiplier
k = 455 470 314 = 13 13 (mod 2 3 1 - 1) .
(10.2)
This pseudo-random number generator attained some popularity in the 1960's (e.g. Tocher, 1963; Beasley and Wilson,
1969). However, contrary to Edmonds' assertion, 13 is not a
primitive root. The period yielded by the multiplier 13 is found
in the ensuing investigation.
Calculations similar to those in section 9 give:
13 ( p - 1 ) / 2
= 1
(10.3)
(
P
D
/
3
=
634
005
911
^
1
(10.4)
13
= 894 255 4 0 6 ^ 1
(10.5)
13(P-D/7
(
P
D
/
I
I
=
2
080
850
8
5
3
^
1
(10.6)
13
(
-i)/3i
16
#
1
(10.7)
13 P
=
(10.8)
1 3 ( P -i)/i5i s j 330 907 613 # 1
13 ( P -D/33i s
3 0 1 949 7 8 9 ^ x
(10 9)
where all the congruences are with respect to the modulus
(9.1). We conclude from these results that the period yielded
by the multiplier k = 13 is
d = (2 31 - 2)/2 = 1 073 741 823
(10.10)
i.e. half the maximal period (9.20). This is unfortunate but not
disastrous since period (10.10) is still long compared with
periods needed in typical practice. An algebraic verification
that 13 is not a primitive root can be obtained from the
theory of quadratic residues (see Chebyshev, 1889).
A pseudo-random number generator used on the TITAN
computer* was intended to be the Edmonds generator mentioned above, but owing to a programming error, the multiplier
k s 13 13 - 1 (mod 2 31 - 1)
(10.11)
i.e.
£ = 455 470 313
(10.12)
was used instead of (10.2). Investigation of the period yielded
by multiplier (10.12) shows that it is again half the maximal
period.
11. The period for a composite modulus
Suppose now that the modulus is no longer a prime, but is a
product
•TITAN was a modified Ferranti ATLAS in use at the Cambridge
University Mathematical Laboratory from 1963 to 1973.
175
m = ml m2 . . . m s
(U.I)
such that no two of m1, m2, • . ., ms have a common factor
(other than unity). To find the period we can use the following
theorem, which goes back to Cauchy (1841), although his
treatment was incomplete. In the context of pseudo-random
number theory, versions of the theorem were proved incompletelyf by Duparc et al. (1953) and Yamada (1961).
Theorem 6 (Cauchy, 1841):
Let k, mu m2, . . ., ms be given positive integers no two of which
have a common factor {other than unity). For each i = 1, 2,. . ., s
let dt be the smallest positive integer nt satisfying
k"> = 1 (modw,)
(11.2)
Let d be the smallest positive integer n satisfying
k" = 1 (mod tnlm2. . . ms) .
(11.3)
Then d is the least common multiple of du d2, . .., ds:
d = l.c.m. (dtd2 ...ds) .
(11.4)
A proof of this theorem is given in the Appendix.
To apply the theorem one expresses a given modulus m in its
prime factors:
m = < / ] • • ql* . . .q]<
(11.5)
evaluates the periods for moduli qj< (/ = 1, 2, . .., t) and finally
calculates the least common multiple of these periods. The
problem of investigating the period for a modulus qy where q
is a prime and y > 1 has been extensively treated in the
literature on pseudo-random numbers; see Duparc et al. (1953),
Juncosa (1953), Moshman (1954), Bofinger and Bofinger (1958)
and Certaine (1958).
12. Conclusions
In the present note some contributions have been made to the
theory of pseudo-random numbers generated by Lehmer's
congruential method. It has been shown how to calculate the
period, whether or not this is maximal. For the Mersenne
prime (2 3 1 - 1) as modulus, the smallest of the multipliers
which yield the maximal period has been found to be 7. Some
previously used multipliers have been shown not to yield the
' maximal period.
Appendix
Proof of Theorem 4
The conditions
tfp-ivp. ^ i (mod/,) (/ = 1 , 2 , . . . , r)
(Al)
are obviously necessary for k to be a primitive root, since if
they do not all hold, the congruence
kn = 1 (mod p)
(A2)
is satisfied for some n < p - 1, and then the period is less than
<J> - 1).
To prove sufficiency we shall show that if the period d is less
than (p — 1), at least one of conditions (Al) does not hold.
Since the prime factors of (p — 1) are given by
1 =PVPV---P*/-
(A3)
and since d is a factor of (p - 1) (see Theorem 3) we have
d = />*•-"• pp-ti. . .fir-tr
(A4)
where /?,, /?2, . . ., pr are integers satisfying
(A5)
O ^ j 8 f < a , ( i = 1,2, . . . , r ) .
Since dis assumed less than (p — 1), at least one of inequalities
(A5), say the hth, must be strengthened as follows:
(A6)
0 < Pk < a, .
From (A3) and (A4)
1
Ay
(p - I)/P* = d |TT pf'yi""
<
)
fThey omitted to prove that the period d is a factor of any common
multiple of du dz,. . ., ds.
176
O - l)/p* = df
where/is a positive integer.
From (A8)
=
j
(A8)
( m o d p )
( A 9 )
We have thus found that when the period is less than (p — 1),
at least one of the relations (Al) does not hold. This conclusion
establishes the sufficiency of (Al), and completes the proof of
the theorem.
Proof of Theorem 5
Using the notation in (A3) and (A4) we have
= fn /£•-'»] \n P*A P r j .
ln=l
J Ln^i J
Consider first values of j satisfying
O^j^Pi.
(B3)
Then all the exponents in the right side of (B2) are non-negative
(see (A5)). Hence (B2) is
(P ~ l)/ri = dfihj)
(B4)
where
(B5)
is a positive integer.
Hence
(B6)
(fory satisfying (B3)). This result establishes (5.5).
It remains to show that if
(B7)
(which case can only occur if /?,- < af) then
(B8)
Suppose the contrary holds:
£( P -D/P, :
Proofs of theorems
P-
In view of (A5) and (A6) all the exponents written in (A7) are
non-negative. Hence (A7) is
=
j
(B9)
Here the exponent is (see (Bl))
(BIO)
In (BIO) the power of p{ is less than (af - p,), in view of (B7).
Hence (BIO) is not a multiple of d (see A4)). Therefore (B9)
contradicts Theorem 2. This contradiction shows that (B9) is
false. Hence (B8) holds for all j in range (B7). Thus the final
statement of the theorem is proved.
Proof of Theorem 6
It will be enough to prove the theorem for the case s = 2,
since the general theorem will then follow by induction. To
simplify notation we write
(Cl)
W l = y, m2 = z, dY = g, d2 = h .
Then we have to prove that for the modulus yz the period is
d = l.c.m. (g, h) .
(C2)
We shall first prove that for n to satisfy
k" = 1 (mod yz)
(C3)
(where v and z have no common factors) it is necessary and
sufficient that n should be a common multiple of g and h.
Necessity:
Suppose n satisfies (C3). Then (kn - 1) is divisible by yz.
Hence (k" — 1) is divisible by y, i.e.
The Computer Journal
k" = 1 (mod y) .
(C4)
From (C4) and Theorem 2, g divides n. Similarly h divides n.
Therefore n is a common multiple of g and A.
Sufficiency:
,
Suppose n is a mult.Ple of£ and a multiple of h. Then
n
— JS
where/is some integer. Hence
k =
" ^
'
Also, by definition of g,
£s = i (mod;>) .
(C5)
^C6^
(C7)
From (C6) and (C7)
k" = 1 (mod y) .
(C8)
Similarly
k" = 1 (mod z)
(C9)
(C8) shows that j> divides (A:" - 1), and (C9) shows that z
^J
^ _ {) J ^ j z \ , i v i d e s ^ n _ \> ( s i n c e b y h y p o .
thesis ^ and z have no common factors). Therefore
(CIO)
kn = x (mod yz) .
We have established that (C3) is satisfied if and only if n is a
common multiple of g and h. Hence the least such n is the least
common multiple of g and h. The theorem is thus proved.
References
BEASLEY, J. D., and WILSON, K. (1969). Design and testing of the system 4 random number generator, The Computer Journal, Vol. 12, N o .
4, pp. 368-372.
BOFINGER, E., and BOFINGER, V. J. (1958). On a periodic property of pseudo-random sequences, JACM, Vol. 5, pp. 261-265.
CAUCHY, A. L. (1841). Memoire sur diverses formules relatives a l'algebra et a la theorie des nombres, Comptes rendus Acad. Sci. (Paris),
Vol. 12, pp. 813-846; Oeuvres, Vol. 6, pp. 113-146.
CERTAINE, J. (1958). On sequences of pseudo-random numbers of maximal length. JACM, Vol. 5, pp. 353-356.
CHEBYSHEV, P. L. (TSCHEBYSCHEFF, P. L.) (1889). Theorie der Congruenzen, German translation reprinted by Chelsea, New York (1972).
CUNNINGHAM, A., WOODALL, H. J., and CREAK, T. G. (1922). Haupt-exponents, residue-indices, primitive roots and standard congruences,
Hodgson, London.
DICKSON, L. E. (1919). History of the theory of numbers, Vol. 1, Carnegie Institution, Washington.
DOWNHAM, D. Y., and ROBERTS, F. D. K. (1967). Multiplicative congruential pseudo-random number generators, The Computer Journal,
Vol. 10, No. 1, pp. 74-77.
DUPARC, H. J. A., LEKKERKERKER, G. G., and PEREMANS, W. (1953). Reduced sequences of integers and pseudo-random numbers, Mathematisch Centrum (Amsterdam), Report ZW 1953-002.
EDMONDS, A. R. (1959). The generation of pseudo-random numbers on electronic digital computers, The Computer Journal, Vol. 2, N o . 4.
pp. 181-185.
EULER, L. (1736). Theorematum quorundam ad numeros primus spectantium demonstratio, Commentarii Academiae Scientiarum Petropolitanae, Vol. 8, pp. 141-146; Opera, Series 1, Vol. 2, pp. 35-37.
EULER, L. (1761). Theoremata circa residua ex divisione potestatum relicta, Novi Commentarii Academiae Scientiarum Petropolitanae, Vol. 7,
(1758-9, published 1761), pp. 49-82; Opera, Series 1, Vol. 2, pp. 493-518.
EULER, L. (1773). Demonstrationes circa residua ex divisione potestatum per numeros primos resultantia, Novi Commentarii Academiae
Scientiarum Petropolitanae, Vol. 18, pp. 85-135; Opera, Series 1, Vol. 3, pp. 240-281.
FERMAT, P. (1640). Letter to B. Frenicle, Oeuvres, Vol. 2, pp. 206-212.
GAUSS, C. F. (1801). Disquisitiones arithmeticae, Fleischer, Leipzig, Translation by A. A. Clarke, Yale University Press (1966).
GUSTAVSON, F. G., and LINIGER, W. (1970). A fast random number generator with good statistical properties, Computing {Arch. Elektron.
Rechnen), Vol. 6, pp. 221-226.
HALTON, J. H. (1970). A retrospective and prospective survey of the Monte Carlo method, SIAM Review, Vol. 12, pp. 1-63.
HAMMERSLEY, J. M., and HANDSCOMB, D. C. (1964). Monte Carlo methods, Methuen, London.
HULL, T. E., and DOBELL, A. R. (1962). Random number generators, SIAM Review, Vol. 4, pp. 230-254.
JANSSON, B. (1966). Random number generators, Pettersons, Stockholm.
JUNCOSA, M. L. (1953). Random number generators on the BRL high speed computing machines, Ballistic Research Labs., Report N o . 855;
Aberdeen Proving Ground, Maryland.
KNUTH, D. E. (1969). The art of computer programming, Vol. 2, Addison-Wesley, Reading, Mass.
LEGENDRE, A. M. (1785). Recherches d'analyse indeterminee, Memoires de I'Academie Royale des Sciences, (Paris), pp. 465-559.
LEHMER, D. H. (1949). Mathematical methods in large-scale computing units, Proc. 2nd symposium on large-scale digital calculating machinery
(Harvard)—Annals of the computation laboratory of Harvard University, Vol. 26, pp. 141-146.
LEHMER, D. N. (1914). List of prime numbers from 1 to 10,006,721, Carnegie Institution, Washington.
LEWIS, P. A. W., GOODMAN, A. S., and MILLER, J. M. (1969). A pseudo-random number generator for the system/360, IBM Syst. J., Vol. 8,
pp. 136-146.
LINIGER, W. (1961). On a method by D. H. Lehmer for the generation of pseudo-random numbers, Numerische Mathematik, Vol. 3, pp.265-270.
LUCAS, E. (1891). Theorie des nombres, Gauthier-Villars, Paris, p. xv.
MOSHMAN, J. (1954). The generation of pseudo-random numbers on a decimal calculator, JACM, Vol. 1, pp. 88-91.
NAGELL, T. (1951). Introduction to number theory, Almquist and Wiksell, Stockholm.
ORCUTT, G. H., GREENBERGER, M., KORBEL, J., and RIVLIN, A. M. (1961). Microanalysis of socioeconomic systems: a simulation study.
Harper and Row, New York.
ORE, O. (1948). Number theory and its history, McGraw-Hill, New York.
TOCHER, K. D . (1963). The art of simulation, (Revised 1967), English Universities Press, London.
WESTERN, A. E., and MILLER, J. C. P. (1968). Tables of indices and primitive roots, Cambridge University Press, Cambridge.
YAMADA, S. (1961). On the period of pseudo-random numbers generated by Lehmer's congruential method, / . Operations Research Soc. of
Japan,Vo\. 3, pp. 113-123.
YOUNG, J. W. A. (1911). Monographs on topics of modern mathematics, Longmans, New York.
V o l u m e 19 N u m b e r 2
1T7