September 17 2025 -- As quantum technologies continue to advance, the very foundation of our digital security faces an escalating threat from Cryptographically Relevant Quantum Computers (CRQCs).

These powerful machines could solve the mathematical problems widely used in cryptographic protocols like RSA and elliptic curves, leaving our data vulnerable to “harvest now, decrypt later” attacks. Post-Quantum Cryptography (PQC), also known as Quantum-Safe Cryptography (QSC), offers new algorithms designed to resist both classical and quantum attacks.

However, PQC protocols, much like their traditional counterparts, depend on high-quality randomness for critical processes such as key generation and encapsulation. The quality of this randomness, or entropy, impacts the security of the entire system, with low-entropy sources known to facilitate cryptanalysis of some PQC algorithms.

This is where Quantum Random Number Generators (QRNGs) emerge as an essential component in the transition to quantum-safe and the strongest foundation of digital trust. Unlike conventional random number generators, QRNGs produce randomness based on the intrinsically unpredictable phenomena of quantum mechanics. Furthermore, QRNG devices can provide locally verifiable entropy with real-time unpredictability indicators and statistical metrics, allowing for continuous monitoring and quality assessment of the generated randomness.

QSNP researchers at ICFO and Quside, in collaboration with Nestlé, have developed a proof-of-concept that demonstrates how QRNGs can be successfully integrated into hybrid PQC protocols for communication networks, specifically within PQC-based Transport Layer Security (TLS). This integration leverages an Entropy-as-a-Service (EaaS) model, allowing QRNGs to work as a centralized entropy source for various applications across a network.

The work showcased this integration through two relevant scenarios: a fully virtualized private Public Key Infrastructure (PKI) network and a connection to an online PQC-enabled server. The results highlight several key advantages:

• Seamless integration and enhanced trust:the QRNGs were seamlessly integrated into standard cryptographic infrastructure (TLS) using open-source libraries like OpenSSL and libOQS, demonstrating that quantum randomness can be provided to PQC algorithms with higher security standards and without significant changes to existing software infrastructures. Real-time monitoring of entropy quality provided by the Level 4 QRNG was also leveraged as key characteristic of the enhanced trust.
• Negligible performance overhead:the EaaS QRNG added minimal overhead to TLS handshakes, with total latency increases under 30%. The QRNG’s own contribution was negligible (<10⁻⁵), confirming that its performance comfortably exceeds application requirements.
• Compatibility with hybrid PQC schemes:the approach ensures compatibility with open-source hybrid PQC schemes, which are crucial for a smooth migration in large networks like the internet.

While PQC algorithms introduce increased bandwidth consumption, primarily due to larger keys and signatures compared to traditional algorithms like RSA or ECDSA, this proof-of-concept emphasizes the practicality and robustness of integrating QRNGs to supply high-quality entropy.

This development opens the door for numerous applications, including quantum-safe web communications (TLS/HTTPS with PQC + QRNG), secure enterprise internal networks, IoT ecosystems, and critical infrastructure requiring verifiable high-entropy key generation.

The future steps in this field include developing unified methods to quantitatively measure entropy across different generation schemes and integrating QRNGs into an even broader range of real-world systems beyond TLS.

By integrating the intrinsic locally verifiable entropy of QRNGs with the quantum-resistant strength of PQC, this work marks a crucial step towards building more trustworthy and secure digital interactions for the quantum era.