Integration of quantum random number generators with post-quantum cryptography algorithms

TL;DR

This paper demonstrates integrating quantum random number generators into post-quantum cryptography protocols, enhancing entropy quality and security in cryptographic systems without affecting performance.

Contribution

It presents a proof-of-concept for incorporating QRNG devices into PQC-based TLS using open-source libraries and commercial hardware, via an Entropy-as-a-Service model.

Findings

QRNG integration enables real-time entropy monitoring

Negligible impact on TLS handshake time

Supports virtualized PKI and external PQC server connections

Abstract

As quantum technologies advance, the security of popular cryptographic protocols becomes more threatened by the capabilities of Cryptographically Relevant Quantum Computers (CRQCs). In this scenario, Post-Quantum Cryptography (PQC) has become a potential solution to prolong the life of existing Public Key Infrastructure (PKI) systems. However, PQC protocols depend on high-quality randomness for key generation and encapsulation procedures, with the quality of the entropy source potentially having a profound impact on the security of the overall system. In this work, we demonstrate a proof-of-concept enabling the incorporation of Quantum Random Number Generation (QRNG) devices within communication networks using PQC-based Transport Layer Security (TLS).Using open-source cryptographic libraries and commercial QRNG hardware, we demonstrate their use as entropy sources via an Entropy-as-a-Service (EaaS) model. We highlight two particular use cases: a fully virtualized private PKI network and a connection to an external PQC-enabled server. Experimental results show that EaaS QRNG enables real-time entropy monitoring and quality assessment in cryptographic management systems, with negligible impact on TLS handshake time.