# How does the Mersenne's Twister work? posted February 2016

Someone asked that question on reddit, and so I replied with a high level answer that should provide a clear enough view of the algorithm:

From a high level, here's what a PRNG is supposed to look like:

you start with a `seed`

(if you re-use the same `seed`

you will obtain the same `random`

numbers), you initialize it into a `state`

. Then, every time you want to obtain a `random`

number, you transform that `state`

with a one-way function \(g\). This is because you don't want people to find out the state out of the `random`

output.

You want another `random`

number? You first transform the `state`

with a one way function \(f\): this is because you don't want people who found out the `state`

to be able to retrieve past `states`

(forward secrecy). And then you use your function \(g\) again to output a `random`

number.

Mersenne Twister (MT) is like that, except:

- your first
`state`

is not used to output any`random`

numbers - a
`state`

allows you to output not only one, but 624`random`

numbers (although this could be thought as one big`random`

number) - the \(g\) function is reversible, it's not a one-way function, so MT it is not a cryptographically secure PRNG.

With more details, here's what MT looks like:

the \(f\) function is called "twist", the \(g\) function is called "temper". You can find out how each functions work by looking at the working code on the wikipedia page of MT.

## Comments

## mm

Very elegant explanation. :) Very helpful.

Thou I think it's 623 dimensions. [http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/ARTICLES/mt.pdf]

Thanks.

## test

test

## rd

Thanks for the explanation.

## Sam

Great article! Thanks

## Daz

Hi David.

Great explanation. I find these mathematical concepts and applications fascinating. Someone told me recently that one of our Lotto systems in Australia generates its numbers using a RNG. I would assume these systems would be water tight and that it would be impossible to crack them in a normal lifetime. Hence I guess they wouldn't use them, unless they use them with people thinking that is the case in the hope that no one would even contemplate trying lol. I'd be interested in your thoughts on this topic.

Thanks and best regards

Daz

([email protected])

## René

Hi David,

By "one-way function", do you mean a non-injective map or is it a more subtle concept ? Maybe a map for which each number has at least a given (large) number of antecedents ?

René

## david

It's non-injective, but it's more than that. One-way in cryptography usually refers to the pre-image resistance. See this explanation: https://freecontent.manning.com/hash-functions-and-security/

## leave a comment...