Qerberos: A Protocol for Secure Distribution of QRNG Keys David Soler, Carlos Dafonte and Francisco N´ ovoa Universidade da Coru˜ na A Coru˜ na, Spain Email: {david.soler,carlos.dafonte,fjnovoa}@udc.es M. Fern´ andez-Veiga, A. Fern´ andez Vilas and R. P. D´ ıaz-Redondo atlanTTic, Universidade de Vigo, Vigo, Spain Email: {mveiga,avilas,rebeca}@det.uvigo.es Abstract—A communication protocol for the distribution of cryptographic keys generated by a quantum random number generator (QRNG) has been developed by introducing a minor modification to Kerberos and using SRP as the authentication mechanism. The protocol, named Qerberos, allows two users to acquire the same symmetric key generated by a trusted third party with access to a QRNG, whose keys have higher entropy than a classical generator. An implementation that employs two different QRNGs has been tested for different parameters achieving good performance and short request times. I. I NTRODUCTION Cryptography is an essential tool in communications nowa- days, since it ensures confidentiality and authentication be- tween peers. Common encryption and decryption algorithms use secret keys that should not be revealed to unauthorised users. The quality of these secret keys is of the utmost importance: they should possess the highest level of entropy possible to avoid brute-force attacks [1]. Classical Random Number Generators (RNG) generate low quality keys, and some of them have known vulnerabilities in their source code [2], which may jeopardise the entire communication. If an attacker manages to obtain the secret key (possibly via guessing or exploiting those vulnerabilities), she would be able to decrypt any message sent, regardless of whichever encryption algorithm is being used. This poses a serious problem: even if an algorithm is perfectly secure, the entire system may be in danger if low entropy keys are used. Quantum Random Number Generators (QRNG) present a solution to this problem, since the randomness they provide is guaranteed by the laws of physics. However, this technology is currently in its first steps and QRNG devices have still a limited availability. Since keys could only be generated in specific locations with access to a QRNG, a method to securely distribute keys to users that require them is needed. The work is funded by the Plan Complementario de Comunicaciones Cu´ anticas, Spanish Ministry of Science and Innovation(MICINN), Plan de Recuperaci´ on NextGenerationEU de la Uni´ on Europea (PRTR-C17.I1, Ref. 305.2022), and Regional Government of Galicia (Agencia Gallega de Inno- vaci´ on, GAIN, Ref. 306.2022) This publication is part of the project TED2021-130369B-C31, TED2021-130369BC32, TED2021-130369B-C33 funded by MCIN/AEI/ 10.13039/501100011033 and by “ERDF A way of making Europe”. In this paper, we present a protocol which allows distribut- ing secret keys generated by a QRNG to two users, so that the keys can be used as symmetric keys to establish their secure communications. To that end, we propose a modification to the authentication protocol Kerberos [3], allowing the Service Granting Ticket (SGT) to contain two copies of the symmetric key encrypted with both users’ session keys. Furthermore, Kerberos authentication has been modified to use SRP [4], an authentication protocol which does not require users to reveal their passwords. The new protocol (named Qerberos) has been implemented in Java using the Apache Kerby library [5]. The distribution of high-quality cryptographic keys could enhance security in critical processes where communications confi- dentiality and integrity is specially relevant. Moreover, since authentication is required to obtain a key, it could be used as a token to verify an user’s identity during multi-factor authenti- cation. Point-to-point communications, like instant messaging apps or file sharing, could also benefit from the additional security provided by QRNG-generated symmetric keys. Two different QRNG have been employed in this project, which will be introduced in Section II. The protocol that we present in this document is novel, be- cause it uses classical communication channels to distribute se- cret keys generated by a QRNG. Embedding SRP in Kerberos is mentioned in [6], and in [7] a zero-knowledge authentication algorithm for Kerberos is proposed. The authors of [8] propose an authentication method resistant to dictionary attacks for Kerberos. In [9], a multifactor authentication is incorporated in Kerberos. To the best of the authors’ knowledge, no other reference to a Kerberos implementation with a zero-knowledge authentication algorithm exists in the literature. The remainder of the paper is organized as follows. Sec- tion II describes the basic properties of QRNGs. The system architecture is presented in Section III, followed by a brief review of Kerberos. Section IV presents the novel Qerberos in detail, and a security analysis is provided in Section V. The protocol implementation is summarized in Section VI, and some concluding remarks appear in Section VII. II. QRNG Commonly used Pseudo Random Number Generators (PRNGs) generate pseudo- random numbers in a deterministic manner, starting with a seed and performing mathematical 978-1-6654-9952-1/22/$31.00 ©2022 European Union