This paper describes a working system that moves high-quality random bytes produced by a quantum random number generator (QRNG) to small Internet-of-Things devices. The goal is to give constrained microcontrollers better entropy for cryptography while protecting the transport against future quantum attackers. The authors build a Quantum Entropy as a Service (QEaaS) that delivers QRNG output from a Quantis PCIe device to ESP32-class clients over CoAP (a lightweight web protocol) protected by post-quantum cryptography (PQC).

On the server side the team uses a Quantis QRNG PCIe-240M card that produces 58 megabits per second of quantum randomness. The kernel exposes it as /dev/qrandom0. The implementation offers two server paths: a direct path that hands QRNG bytes to applications via a custom OpenSSL provider, and a mixed path that injects QRNG bytes into the Linux entropy pool via rng-tools. The service exposes both HTTPS and a secure CoAP endpoint. A CoAP-to-HTTP proxy forwards requests from constrained clients to the HTTP backend.

On the client side they target ESP32 microcontrollers running the Zephyr real-time operating system. They extended libcoap to work well on Zephyr and integrated wolfSSL as a DTLS 1.3 (Datagram Transport Layer Security) backend so constrained clients can use DTLS-protected CoAP requests. The client firmware adds a local BLAKE2s-based entropy pool that preserves Zephyr’s standard entropy extraction interface and adds an injection API (entropy_add_entropy) so bytes fetched from the server can be mixed into the local pool. The pool keeps 512 bytes of mixed entropy and refills itself from the ESP32 TRNG (true random number generator).