Sample (x) = (a*x<=t) is a Distinguisher with Probability 1/8

A random sampling function Sample: U → {0, 1} for a key universe U is a distinguisher with probability. If for any given assignment of values v (x) to the keys x ∈ U, including at least one non-zero v (x) ≠ 0, the sampled sum Σ{v(x) | x ∈ U ∧ Sample(x) = 1} is non-zero with probability at least α. Here the key values may come from any commutative monoid (addition is commutative and associative and zero is neutral). Such distinguishers were introduced by Vazirani [PhD thesis 1986], and Naor and Naor used them for their small bias probability spaces [STOC´90]. Constant probability distinguishers are used for testing in contexts where the key values are not computed directly, yet where the sum is easily computed. A simple example is when we get a stream of key value pairs (x₁, v₁), (x₂, v₂), ..., (x_n, v_n) where the same key may appear many times. The accumulated value of key x is v(x) = Σ{v₁ | x_i = x}. For space reasons, we may not be able to maintain x(x) for every key x, but the sampled sum is easily maintained as the single value Σ{v_i | Sample(x_i) = 1}. Here we show that when dealing with w-bit integers, if a is a uniform odd w-bit integer and t is a uniform w-bit integer, then Sample(x) = [ax mod 2^w ≤ t] is a distinguisher with probability 1/8. Working with standard units, that is w = 8,16,32,64, we exploit that w-bit multiplication works modulo 2^w, discarding overflow automatically, and then the sampling decision is implemented by the C-code a*x<;=t. Previous such samplers were much less computer-friendly, e.g. The distinguisher of Naor and Naor [STOC´90] was more complicated and involved a 7-independent hash function.