There is a Java library by the name of Uncommon Maths that claims to provide better random number generators than Sun and (potentially) even BouncyCastle. How one can determine whether their library can be trusted? I trust Sun and BouncyCastle because a lot of important companies use their stuff. It's not clear if Uncommon Maths falls into the same category. Any ideas?
Can the uncommon maths library be trusted?
Good question ;)
All of the RNG algorithms are well-known algorithms invented by people smarter than myself. I am a programmer, not a mathematician. I've just ported the original C code. So you have to hope that I haven't introduced any bugs in the conversion.
As with most open source software, there is NO WARRANTY. If you want to use it for simulations, I think it's a very good choice. If you want to use it for cryptography, something like Fortuna would be better.
Uncommons Maths is not as widely used as some libraries. It gets between 5 and 20 downloads a week. I don't know how many of those actually go on to use it in serious applications. I use it for evolutionary computation and a few trivial poker-related programs that I've been playing with.
I have run Diehard on each of the RNG implementations and it does not highlight any flaws. That said, Diehard's results are not the easiest to interpret:
Thus you should not be surprised with occasional p-values near 0 or 1, such as .0012 or .9983. When a bit stream really FAILS BIG, you will get p
s of 0 or 1 to six or more places. By all means, do not, as a Statistician might, think that a p < .025 or p> .975 means that the RNG has "failed the test at the .05 level". Such ps happen among the hundreds that DIEHARD produces, even with good RNGs. So keep in mind that "p happens".
The Uncommons Maths RNGs all satisfy this fuzzy definition of success. There are one or two p-values outside the 0.025 .. 0.975 range, but none that "fail big". This is comparable to the results obtained with Java's SecureRandom (and better than java.util.Random, which does "fail big").
If you want to test this for yourself, there is a class called DiehardInputGenerator in the distribution. This generates the 12mb file that you need to run Diehard.
Write your own tests.
A basic check of a random number generator can be done using a chi-square test