This work addresses the challenge of limited entropy quality and high overhead of secure protocols on embedded devices by proposing a Quantum Entropy as a Service (QEaaS) system. It presents the first efficient post-quantum entropy distribution architecture deployed on resource-constrained platforms such as the ESP32, leveraging ML-KEM-512 and ML-DSA-44 to establish a post-quantum secure DTLS 1.3 channel. The system injects Quantis quantum random numbers into a Zephyr-compatible CoAP stack and integrates a BLAKE2s-based entropy pool alongside a custom OpenSSL entropy provider. Experimental results demonstrate that a full post-quantum DTLS handshake completes in just 225 ms—63% faster than the classical ECDHE+ECDSA counterpart—while local entropy operations incur less than 0.1 ms of latency.

Embedded cryptography stands or falls on entropy quality, yet small devices have few trustworthy sources and little tolerance for heavyweight protocols. We build a Quantum Entropy as a Service (QEaaS) system that moves QRNG-derived entropy from a Quantis device to ESP32-class clients over post-quantum-secured channels. On the server side, the design exposes two paths: direct quantum entropy through a custom OpenSSL provider and mixed entropy through the Linux system pool. On the client side, we extend libcoap's Zephyr support, integrate wolfSSL-based DTLS 1.3 into the CoAP stack, and add a BLAKE2s entropy pool that preserves the standard Zephyr extraction interface while introducing an injection API for server-provided entropy. Benchmarks on ESP32 hardware, targeting 100 iterations per configuration, show that ML-KEM-512 completes a DTLS 1.3 handshake in 313 ms on average without certificate verification, 35% faster than ECDHE P-256. Pairing ML-KEM-512 with ML-DSA-44 lowers the mean to 225 ms. Certificate verification adds roughly 194 ms for ECDSA but only 17 ms for ML-DSA-44, so the fully post-quantum configuration remains 63% faster than classical ECDHE P-256 with ECDSA even under full verification. Local BLAKE2s pool operations stay below 0.1 ms combined. On this platform, post-quantum key exchange and authentication are not only feasible; they are faster than the classical baseline.