Xorshift random number generators are a class of pseudorandom number generators that were discovered by George Marsaglia. Specifically, they are a subset of linear-feedback shift registers (LFSRs) which allow a particularly efficient implementation without using excessively sparse polynomials. They generate the next number in their sequence by repeatedly taking the exclusive or of a number with a bit-shifted version of itself. This makes them extremely fast on modern computer architectures. Like all LFSRs, the parameters have to be chosen very carefully in order to achieve a long period.
Contents
Xorshift generators are among the fastest non-cryptographically-secure random number generators, requiring very small code and state. Although they do not pass every statistical test without further refinement, this weakness is well-known and easily amended (as pointed out by Marsaglia in the original paper) by combining them with a non-linear function, resulting e.g. in a xorshift+ or xorshift* generator. A naive C implementation of a xorshift+ generator that passes all tests from the BigCrush suite (with an order of magnitude fewer failures than Mersenne Twister or WELL) typically takes fewer than 10 clock cycles on x86 to generate a random number, thanks to instruction pipelining.
Because plain xorshift generators (without a non-linear step) fail a few statistical tests, they have been accused of being unreliable.
Example implementation
A C/C++ version of two xorshift algorithms are given here. One has one 32-bit word of state, and period 232−1. The other has four words of state, and period 2128−1. Both use three shifts and three exclusive-or operations:
The 128-bit algorithm passes the diehard tests. However, it fails the MatrixRank and LinearComp tests of the BigCrush test suite from the TestU01 framework.
Variations
All xorshift generators fail some tests out of TestU01's BigCrush test suite. This is true for all generators based on linear recurrences, such as the Mersenne Twister or WELL. However, it is easy to scramble the output of such generators to improve their quality.
xorshift*
A xorshift* generator takes a xorshift generator and applies an invertible multiplication (modulo the word size) to its output as a non-linear transformation, as suggested by Marsaglia. The following 64-bit generator with 64 bits of state has a maximal period of 264 − 1 and fails only the MatrixRank test of BigCrush:
A similar generator is suggested in Numerical Recipes, but it fails also the BirthdaySpacings test.
Vigna suggests the following xorshift1024* generator with 1024 bits of state and a maximal period of 21024 − 1; it passes BigCrush, even when reversed:
Both generators, as it happens with all xorshift* generators, emit a sequence of 64-bit values that is equidistributed in the maximum possible dimension (except that they will never output zero for 16 calls, i.e. 128 bytes, in a row).
xorshift+
Rather than using multiplication, it is possible to use addition as a faster non-linear transformation. The idea was first proposed by Saito and Matsumoto (also responsible for the Mersenne Twister) in the XSadd generator, which adds two consecutive outputs of an underlying xorshift generator based on 32-bit shifts.
XSadd, however, has some weakness in the low-order bits of its output; it fails several BigCrush tests when the output words are bit-reversed. To correct this problem, Vigna introduced the xorshift+ family, based on 64-bit shifts: the following xorshift128+ generator uses 128 bits of state and has a maximal period of 2128 − 1. It passes BigCrush, even when reversed.
This generator is one of the fastest generators passing BigCrush. One disadvantage of adding consecutive outputs is while the underlying xorshift128 generator is 2-dimensionally equidistributed, the associated xorshift128+ generator is only 1-dimensionally equidistributed.