Distributed Random Number Generation
- Distributed RNG is a family of techniques for generating random data across multiple devices with key properties like non-overlap, bias resistance, and reproducibility.
- Methods include partitioning long pseudorandom sequences, multi-party protocols for auditability, and physical entropy extraction from shared channels.
- Applications span parallel Monte Carlo simulations, public governance in blockchain, and high-throughput system-level implementations with optimized resource management.
Distributed random number generation (RNG) denotes a family of techniques for producing random data when computation, observation, or trust is distributed across multiple processes, devices, or institutions. In the literature surveyed here, the term covers at least four distinct settings: partitioning a long pseudorandom sequence into many non-overlapping streams for parallel and distributed Monte Carlo; executing multi-party protocols that jointly output a publicly auditable random value; extracting correlated random bits from a shared physical channel such as atmospheric turbulence; and provisioning high-bandwidth randomness as a system resource in multicore or manycore machines (Barash et al., 2013, Lalev, 2018, Bornman et al., 2019, Bostancı et al., 2022). Across these settings, recurring requirements include non-overlap, bias resistance, reproducibility or auditability, and sufficient throughput for the surrounding application.
1. Conceptual scope and major design families
The contemporary literature treats distributed RNG as a design space rather than a single primitive. In large-scale simulation, the central object is usually a long-period pseudorandom generator whose orbit is partitioned into streams. In public-governance and blockchain settings, the object is a jointly generated value that no single participant can bias after seeing others’ inputs. In physical-layer schemes, the objective is often not identical randomness but correlated randomness, followed by reconciliation and privacy amplification if exact agreement is required. In system architecture, the emphasis shifts again, from combinatorial or cryptographic guarantees to interference, latency, and fairness (Barash et al., 2013, Lalev, 2018, Bornman et al., 2019, Bostancı et al., 2022).
| Setting | Core mechanism | Representative works |
|---|---|---|
| Parallel simulation | Jump-ahead, block splitting, stream selectors | RNGSSELIB (Barash et al., 2013), Randompack (Jónasson, 6 May 2026) |
| Public or decentralized randomness | Commit–reveal, permutation composition, modular summation, incentive design | Public-governance protocol (Lalev, 2018), RIG beacon (Cai, 2023) |
| Shared physical entropy | Correlated measurements of a common channel or medium | Atmospheric turbulence (Bornman et al., 2019), 5G spectrogram entropy (Catak et al., 2023) |
| Node-level high-throughput service | Hardware entropy integrated with scheduling and buffering | GPU PRNGs (Hissoiny et al., 2011), DR-STRaNGe (Bostancı et al., 2022) |
This taxonomy also clarifies a common ambiguity. “Distributed RNG” can mean either distributed generation of a single random output or distributed provision of many independent local streams. The two problems overlap only partially. The first is dominated by bias resistance and auditability; the second by stream independence, reproducibility, and performance.
2. Stream splitting and reproducible pseudorandomness in parallel simulation
A major line of work treats distributed RNG as the problem of giving each process or thread an explicitly delimited subsequence of a long generator orbit. A 2006 contribution stated that “multiple linear recurrences in finite fields are an ideal method to produce high quality pseudorandom numbers in sequential and parallel algorithms,” while noting that their “known weakness (failure of sampling points in high dimensions) can be overcome by an appropriate delinearization” [0609584].
RNGSSELIB makes this viewpoint explicit. Its design goals for parallel and distributed Monte Carlo include many independent streams, long guaranteed non-overlapping subsequences per stream, good statistical quality across and within streams, efficient generation on modern CPUs, and a simple C/Fortran API. The library adds jump-ahead operations for all supported generators and the ability “to initialize up to independent random number streams with block splitting method.” In block splitting, stream receives
and the corresponding starting state is
The paper emphasizes that, provided each process uses fewer than random numbers, streams do not overlap; because the mapping from seed and stream index to state is deterministic, reproducibility follows directly (Barash et al., 2013).
The same paper positions block splitting against leapfrogging and parameterization. RNGSSELIB explicitly chooses block splitting because it works well with all supported linear generators, provides explicit control over stream counts and lengths, and is convenient when the number of processes may vary. The library couples this with SSE/SSE2/SSE4.1 implementations and Fortran compatibility, which is particularly relevant for MPI-based HPC codes written in Fortran (Barash et al., 2013).
Randompack generalizes the same distributed-simulation agenda to a broader engine and distribution library. It separates engines from distributions, supports jump-ahead, stream selectors based on keys, increments, or nonces, and a deterministic seeding interface based on a user seed plus a “spawn key.” It also introduces a bitexact mode that makes all distributions except multivariate normal bit-identical across operating systems, compilers, CPUs, and language bindings, and it exposes primitives such as randompack_jump, engine-specific stream setters, and serialization for exact replay and checkpointing (Jónasson, 6 May 2026).
Massively parallel hardware introduces a different but related stream-management problem. GPU implementations based on one RNG instance per thread use small-state generators so that each thread can keep state in registers or shared memory. The GPU study distinguishes sequence splitting, leapfrogging, and parameterization, but primarily uses parameterization plus per-thread seeding. On the evaluated GTX280, the reported rates reached 18.0 GSamples/s for MWC, 12.5 GSamples/s for the register-based 256-bit XorShift implementation, and 9.2 GSamples/s for KISS with writeback. In TestU01 Crush, KISS passed all 96 tests, while MWC and XorShift each failed exactly 1 test out of 96 (Hissoiny et al., 2011).
3. Multi-party protocols, auditability, and public random beacons
In public governance, distributed RNG is framed as a transparency mechanism. The protocol proposed for judicial and other public selections distributes control among an initiator and a small set of guarantors. One participant generates a random base integer , the others generate random permutations on , and the final result is
The protocol wraps this composition in a commit–reveal structure using cryptographic hash commitments, long salts, draw numbers, and digital signatures. Its central fairness claim is that the generated numbers remain fair even if of the 0 participants collude, provided that one participant adheres to the protocol fairly. It is also explicitly optimized for transparency, public verification, and ex post auditability through signed transcripts and public registers (Lalev, 2018).
This governance-oriented construction highlights an important distinction between binding participants to inputs and incentivizing those inputs to be uniform. The RIG random-beacon work argues that many existing proof-of-stake beacons rely either on pseudorandomness assumptions or on user-supplied randomness without incentives for reliability. RIG therefore defines a game in which players choose 1, the output is
2
and the payoff structure is chosen so that the uniform mixed strategy profile is the only alliance-resistant Nash equilibrium. The thesis presents this as the first approach that incentivizes honest behavior instead of merely assuming it, while remaining trustless, unbiased, tamper-proof, and modular enough to plug into proof-of-stake blockchains (Cai, 2023).
The contrast between these two approaches is instructive. The public-governance protocol prioritizes auditable procedure, small participant counts, and legal enforceability. RIG addresses the separate question of why rational participants would choose uniformly random inputs in the first place. Together they show that distributed RNG in adversarial settings has at least three logically distinct layers: commitment, combination, and incentive compatibility.
4. Shared physical entropy and correlated randomness
A different model dispenses with multiple independent inputs and instead gives multiple parties access to the same stochastic physical process. In the turbulence-based scheme, Alice and Bob send counter-propagating beams through approximately the same atmospheric path and synchronously measure the resulting far-field intensity patterns. Each computes the center of mass,
3
quantizes the result into quartiles on each axis, and maps the 4 grid cell to a 4-bit symbol. In the laboratory implementation, 30,000 turbulence realizations produced 120,000-bit strings, with raw Alice/Bob fidelity of about 5; a modified setup using local “black box” perturbations reduced Eve’s fidelity to about 6, close to random guessing. The paper also reports that Alice’s 120,000-bit string passed 11 out of 15 NIST SP 800-22 tests, while noting that the sample size was modest and the turbulence masks were themselves generated by a pseudo-RNG (Bornman et al., 2019).
This model corrects another common misconception: shared physical entropy does not automatically imply identical keys. The turbulence paper is explicit that raw strings differ mainly when the center of mass lies near quartile boundaries, and it points to standard error-correcting codes for reconciliation and to privacy amplification as the next layer of a complete protocol (Bornman et al., 2019).
5G-SRNG is not itself a distributed protocol, but it is relevant because its entropy source is a shared wireless medium. The scheme constructs a 5G spectrogram 7, extracts a random frame of size 8, and folds its entries into a 32-bit seed by repeated XOR and shift operations. For the tested frame sizes, the generated sequences passed the NIST SP 800-22 tests with 9, and the reported latencies ranged from 329 ms for 4096 bits to 396 ms for 32786 bits. The paper does not define a distributed RNG protocol, but its use of spectrum sensing and a shared radio environment suggests extensions to shared or correlated randomness across devices (Catak et al., 2023).
Software-only local entropy sources can also act as per-node building blocks in distributed systems. IID-based QPP-RNG is explicitly described as a local software RNG, but the paper connects it to multi-party coin-tossing and randomness beacons. Its output byte is
0
where 1 is the number of random permutations required to return a small array to sorted order, and its seed is continuously refreshed by system jitter through
2
Across the reported tests, the paper claims Shannon entropy 3 bits per byte and min-entropy 4 bits per byte, positioning the generator as a candidate local entropy source for distributed protocols that combine contributions from multiple nodes (Kuang et al., 25 Feb 2025).
5. System-level implementations and throughput engineering
At the node level, distributed RNG often becomes a resource-management problem. The GPU study shows one extreme: each thread owns its generator state, synchronization is avoided, and parameterization or per-thread seeds define streams. The resulting architecture is suited to embarrassingly parallel Monte Carlo, and its design pattern is explicit: small state, one RNG instance per thread, and on-the-fly generation inside simulation kernels rather than separate memory-intensive RNG kernels (Hissoiny et al., 2011).
DR-STRaNGe addresses the opposite extreme, where true randomness comes from a shared hardware resource rather than thread-local state. It integrates DRAM-based TRNGs such as D-RaNGe and QUAC-TRNG into the memory controller and identifies three system-level problems: RNG interference with normal memory traffic, system fairness degradation, and high RNG latency. The design therefore adds a separate RNG request queue, a 16-entry random-number buffer, an RNG-aware memory scheduler, and a per-channel idleness predictor with 256 entries. Compared with an RNG-oblivious baseline, DR-STRaNGe improves the average performance of non-RNG and RNG applications by 5 and 6, respectively, improves average system fairness by 7, and reduces average energy consumption by 8 across 186 multiprogrammed workloads (Bostancı et al., 2022).
The broader implication is that high-bandwidth distributed RNG cannot be evaluated only through entropy rate. In multicore or multi-tenant environments, the RNG path interacts with memory scheduling, queueing, buffering, and application priorities. DR-STRaNGe makes this point directly: higher TRNG throughput alone does not eliminate interference or unfairness; controller policy is part of the RNG design (Bostancı et al., 2022).
6. Guarantees, misconceptions, and open directions
Several distinctions recur across the literature. First, reproducibility is not the same as independence. Stream libraries such as RNGSSELIB and Randompack aim for deterministic replay and non-overlap under explicit block sizes, stream selectors, and jump-ahead rules; they do not solve the governance problem of who gets to choose the randomness (Barash et al., 2013, Jónasson, 6 May 2026). Second, commit–reveal is not the same as uniformity: the public-governance protocol binds participants and exposes transcripts, whereas RIG adds a game-theoretic argument that uniform play is the only equilibrium (Lalev, 2018, Cai, 2023). Third, correlated physical observations are not the same as agreed keys: the turbulence scheme explicitly leaves reconciliation and privacy amplification to subsequent layers (Bornman et al., 2019).
The literature also identifies practical limits. The public-governance protocol argues that 3–5 participants are probably optimal because audits across many data centres become logistically difficult, and it treats persistent sabotage before the commitment structure is fully established as the most dangerous practical threat (Lalev, 2018). The 5G work does not analyze cross-device correlation formally, which suggests caution when extending local radio-derived entropy to shared-randomness protocols (Catak et al., 2023). QPP-RNG presents high min-entropy claims but no formal security reduction, and it treats hostile multi-tenant environments as a place where conservative entropy accounting is needed (Kuang et al., 25 Feb 2025).
Chaos-based local generators illustrate a further tension between empirical quality and systems practicality. The delay-equation RNG built from
9
passes TestU01 BigCrush in the reported configuration, but the implementation is about 7 times slower than MRG32k3a, and the paper leaves open questions about stream separation, effective period under finite precision, and parameter robustness (Self et al., 2015). This suggests that, in distributed settings, local entropy sources and local PRNG kernels should be treated as composable building blocks rather than interchangeable solutions.
Taken together, these works present distributed RNG as a layered problem. One layer partitions or generates candidate randomness; another guarantees non-overlap, unbiasedness, or correlation structure; a further layer handles auditability, incentives, or reconciliation; and the systems layer decides whether the design remains usable under realistic contention, bandwidth demands, and deployment constraints.