Daniel Díaz-Sánchez

Javier Blanco-Romero, Yuri Melissa Garcia-Niño, Florina Almenares Mendoza et al.

Embedded cryptography stands or falls on entropy quality, yet small devices have few trustworthy sources and little tolerance for heavyweight protocols. We build a Quantum Entropy as a Service (QEaaS) system that moves QRNG-derived entropy from a Quantis device to ESP32-class clients over post-quantum-secured channels. On the server side, the design exposes two paths: direct quantum entropy through a custom OpenSSL provider and mixed entropy through the Linux system pool. On the client side, we extend libcoap's Zephyr support, integrate wolfSSL-based DTLS 1.3 into the CoAP stack, and add a BLAKE2s entropy pool that preserves the standard Zephyr extraction interface while introducing an injection API for server-provided entropy. Benchmarks on ESP32 hardware, targeting 100 iterations per configuration, show that ML-KEM-512 completes a DTLS 1.3 handshake in 313 ms on average without certificate verification, 35% faster than ECDHE P-256. Pairing ML-KEM-512 with ML-DSA-44 lowers the mean to 225 ms. Certificate verification adds roughly 194 ms for ECDSA but only 17 ms for ML-DSA-44, so the fully post-quantum configuration remains 63% faster than classical ECDHE P-256 with ECDSA even under full verification. Local BLAKE2s pool operations stay below 0.1 ms combined. On this platform, post-quantum key exchange and authentication are not only feasible; they are faster than the classical baseline.

Javier Blanco-Romero, Vicente Lorenzo, Florina Almenares Mendoza et al.

This study investigates the application of machine learning predictors for min-entropy estimation in Random Number Generators (RNGs), a key component in cryptographic applications where accurate entropy assessment is essential for cybersecurity. Our research indicates that these predictors, and indeed any predictor that leverages sequence correlations, primarily estimate average min-entropy, a metric not extensively studied in this context. We explore the relationship between average min-entropy and the traditional min-entropy, focusing on their dependence on the number of target bits being predicted. Utilizing data from Generalized Binary Autoregressive Models, a subset of Markov processes, we demonstrate that machine learning models (including a hybrid of convolutional and recurrent Long Short-Term Memory layers and the transformer-based GPT-2 model) outperform traditional NIST SP 800-90B predictors in certain scenarios. Our findings underscore the importance of considering the number of target bits in min-entropy assessment for RNGs and highlight the potential of machine learning approaches in enhancing entropy estimation techniques for improved cryptographic security.