Efficient Online Computation of Mean, Median, and Standard Deviation as Continuous Health Tests for HRNGs

Hardware random number generators (HRNGs) underpin the security of cryptographic systems, yet their physical entropy sources are susceptible to degradation, environmental perturbation, and adversarial manipulation. Continuous health testing during operation is therefore mandated by all major certification frameworks, including NIST SP 800-90B and BSI AIS 31. This survey examines the feasibility and efficiency of employing three classical statistical measures—mean, median, and standard deviation—as lightweight online health indicators for HRNG output streams. We ground our analysis in the Hotelling–Solomons inequality |μ − m| ≤ σ, which establishes a distribution-free bound linking these three statistics. We survey efficient streaming algorithms—including Welford’s online variance computation, two-heap sliding-window median structures, and approximate quantile sketches—that enable their computation under the strict throughput and memory constraints of embedded cryptographic modules. We further address numerical stability considerations for long-running deployments processing billions of samples. Our analysis demonstrates that the mean–median–standard deviation triplet, combined with the Hotelling–Solomons bound, provides a complementary health test layer that fills the gap between the minimal repetition count and adaptive proportion tests of SP 800-90B and the comprehensive but offline NIST SP 800-22 statistical test suite.