Post-Quantum Entropy as a Service for Embedded Systems

TL;DR

This paper introduces a post-quantum entropy service for embedded systems, demonstrating that post-quantum cryptographic protocols can be faster and more efficient than classical ones on resource-constrained devices.

Contribution

It presents a novel QEaaS system integrating quantum entropy sources with post-quantum cryptography for embedded devices, optimizing performance and security.

Findings

Post-quantum key exchange is faster than classical on ESP32.

Full post-quantum setup remains significantly faster than classical baseline.

Local entropy operations are extremely efficient, under 0.1 ms.

Abstract

Embedded cryptography stands or falls on entropy quality, yet small devices have few trustworthy sources and little tolerance for heavyweight protocols. We build a Quantum Entropy as a Service (QEaaS) system that moves QRNG-derived entropy from a Quantis device to ESP32-class clients over post-quantum-secured channels. On the server side, the design exposes two paths: direct quantum entropy through a custom OpenSSL provider and mixed entropy through the Linux system pool. On the client side, we extend libcoap's Zephyr support, integrate wolfSSL-based DTLS 1.3 into the CoAP stack, and add a BLAKE2s entropy pool that preserves the standard Zephyr extraction interface while introducing an injection API for server-provided entropy. Benchmarks on ESP32 hardware, targeting 100 iterations per configuration, show that ML-KEM-512 completes a DTLS 1.3 handshake in 313 ms on average without certificate verification, 35% faster than ECDHE P-256. Pairing ML-KEM-512 with ML-DSA-44 lowers the mean to 225 ms. Certificate verification adds roughly 194 ms for ECDSA but only 17 ms for ML-DSA-44, so the fully post-quantum configuration remains 63% faster than classical ECDHE P-256 with ECDSA even under full verification. Local BLAKE2s pool operations stay below 0.1 ms combined. On this platform, post-quantum key exchange and authentication are not only feasible; they are faster than the classical baseline.