Suela, Julio Gento; Blanco-Romero, Javier; Almenares-Mendoza, Florina; Sánchez, Daniel Díaz Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS Journal Article In: 2025. Abstract | Links | BibTeX | Tags: CoreDNS, Discovery, DNS security, DNSSEC, I-Shaper, Post-Quantum Cryptography, Qursa, Ramones Blanco-Romero, Javier; García, Pedro Otero; Sobral-Blanco, Daniel; Almenares-Mendoza, Florina; Vilas, Ana Fernández; Fernández-Veiga, Manuel Hybrid Quantum Security for IPsec Journal Article In: pp. 23, 2025. Abstract | Links | BibTeX | Tags: Discovery, I-Shaper, Internet Protocol Security, Key Distritution, Post-Quantum Cryptography, Quantum Key Distribution, Qursa, Ramones Blanco-Romero, Javier; García, Pedro Otero; Sobral-Blanco, Daniel; Almenares-Mendoza, Florina; Vilas, Ana Fernández; Fernández-Veiga, Manuel Hybrid Quantum Security for IPsec Journal Article In: pp. 23, 2025. Abstract | Links | BibTeX | Tags: Discovery, I-Shaper, Internet Protocol Security, Key Distritution, Post-Quantum Cryptography, Quantum Key Distribution, Qursa, Ramones Blanco-Romero, Javier; Otero-Garcia, Pedro; Sobral-Blanco, Daniel; Almenares-Mendoza, Florina; Fernandez-Vilas, Ana; Diaz-Redondo, Rebeca QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers Conference 2025. Abstract | Links | BibTeX | Tags: I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS Blanco-Romero, Javier; Lorenzo, Vicente; Almenares, Florina; Díaz-Sánchez, Daniel; and Celeste Campo,; García-Rubio, Carlos Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9. Abstract | Links | BibTeX | Tags: coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa2025
@article{javierblanco006,
title = {Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS},
author = {Julio Gento Suela and Javier Blanco-Romero and Florina Almenares-Mendoza and Daniel Díaz Sánchez },
doi = { https://doi.org/10.48550/arXiv.2507.09301},
year = {2025},
date = {2025-07-15},
urldate = {2025-07-15},
abstract = {The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS to enable quantum-resistant DNSSEC functionality. We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families: ML-DSA, FALCON, SPHINCS+, MAYO, and SNOVA. Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures. A benchmark has been performed and performance evaluation results reveal significant trade-offs between security and efficiency. The results indicate that while PQC algorithms introduce operational overhead, several candidates offer viable compromises for transitioning DNSSEC to quantum-resistant cryptography.},
keywords = {CoreDNS, Discovery, DNS security, DNSSEC, I-Shaper, Post-Quantum Cryptography, Qursa, Ramones},
pubstate = {published},
tppubtype = {article}
}
@article{javierblanco007,
title = {Hybrid Quantum Security for IPsec},
author = {Javier Blanco-Romero and Pedro Otero García and Daniel Sobral-Blanco and Florina Almenares-Mendoza and Ana Fernández Vilas and Manuel Fernández-Veiga},
url = {https://arxiv.org/pdf/2507.09288},
doi = {https://doi.org/10.48550/arXiv.2507.09288},
year = {2025},
date = {2025-07-12},
pages = {23},
abstract = {Quantum Key Distribution (QKD) offers information-theoretic security against quantum computing threats, but integrating QKD into existing security protocols remains an unsolved challenge due to fundamental mismatches between pre-distributed quantum keys and computational key exchange paradigms. This paper presents the first systematic comparison of sequential versus parallel hybrid QKD-PQC key establishment strategies for IPsec, revealing fundamental protocol design principles that extend beyond specific implementations. We introduce two novel approaches for incorporating QKD into Internet Key Exchange version 2 (IKEv2) with support for both ETSI GS QKD 004 stateful and ETSI GS QKD 014 stateless API specifications: (1) a pure QKD approach that replaces computational key derivation with identifier-based quantum key coordination, and (2) a unified QKD-KEM abstraction that enables parallel composition of quantum and post-quantum cryptographic methods within existing protocol frameworks. Our key insight is that parallel hybrid approaches eliminate the multiplicative latency penalties inherent in sequential methods mandated by RFC 9370, achieving significant performance improvements under realistic network conditions. Performance evaluation using a Docker-based testing framework with IDQuantique QKD hardware demonstrates that the parallel hybrid approach significantly outperforms sequential methods under network latency conditions, while pure QKD achieves minimal bandwidth overhead through identifier-based key coordination. Our implementations provide practical quantum-enhanced IPsec solutions suitable for critical infrastructure deployments requiring defense-in-depth security.},
keywords = {Discovery, I-Shaper, Internet Protocol Security, Key Distritution, Post-Quantum Cryptography, Quantum Key Distribution, Qursa, Ramones},
pubstate = {published},
tppubtype = {article}
}
@article{javierblanco007b,
title = {Hybrid Quantum Security for IPsec},
author = {Javier Blanco-Romero and Pedro Otero García and Daniel Sobral-Blanco and Florina Almenares-Mendoza and Ana Fernández Vilas and Manuel Fernández-Veiga},
url = {https://arxiv.org/pdf/2507.09288},
doi = {https://doi.org/10.48550/arXiv.2507.09288},
year = {2025},
date = {2025-07-12},
urldate = {2025-07-12},
pages = {23},
abstract = {Quantum Key Distribution (QKD) offers information-theoretic security against quantum computing threats, but integrating QKD into existing security protocols remains an unsolved challenge due to fundamental mismatches between pre-distributed quantum keys and computational key exchange paradigms. This paper presents the first systematic comparison of sequential versus parallel hybrid QKD-PQC key establishment strategies for IPsec, revealing fundamental protocol design principles that extend beyond specific implementations. We introduce two novel approaches for incorporating QKD into Internet Key Exchange version 2 (IKEv2) with support for both ETSI GS QKD 004 stateful and ETSI GS QKD 014 stateless API specifications: (1) a pure QKD approach that replaces computational key derivation with identifier-based quantum key coordination, and (2) a unified QKD-KEM abstraction that enables parallel composition of quantum and post-quantum cryptographic methods within existing protocol frameworks. Our key insight is that parallel hybrid approaches eliminate the multiplicative latency penalties inherent in sequential methods mandated by RFC 9370, achieving significant performance improvements under realistic network conditions. Performance evaluation using a Docker-based testing framework with IDQuantique QKD hardware demonstrates that the parallel hybrid approach significantly outperforms sequential methods under network latency conditions, while pure QKD achieves minimal bandwidth overhead through identifier-based key coordination. Our implementations provide practical quantum-enhanced IPsec solutions suitable for critical infrastructure deployments requiring defense-in-depth security.},
keywords = {Discovery, I-Shaper, Internet Protocol Security, Key Distritution, Post-Quantum Cryptography, Quantum Key Distribution, Qursa, Ramones},
pubstate = {published},
tppubtype = {article}
}
@conference{javierblanco005,
title = {QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers},
author = {Javier Blanco-Romero and Pedro Otero-Garcia and Daniel Sobral-Blanco and Florina Almenares-Mendoza and Ana Fernandez-Vilas and Rebeca Diaz-Redondo},
doi = { https://doi.org/10.48550/arXiv.2503.07196},
year = {2025},
date = {2025-03-10},
urldate = {2025-03-10},
abstract = {Quantum Key Distribution (QKD) promises information-theoretic security, yet integrating QKD into existing protocols like TLS remains challenging due to its fundamentally different operational model. In this paper, we propose a hybrid QKD-KEM protocol with two distinct integration approaches: a client-initiated flow compatible with both ETSI 004 and 014 specifications, and a server-initiated flow similar to existing work but limited to stateless ETSI 014 APIs. Unlike previous implementations, our work specifically addresses the integration of stateful QKD key exchange protocols (ETSI 004) which is essential for production QKD networks but has remained largely unexplored. By adapting OpenSSL’s provider infrastructure to accommodate QKD’s pre-distributed key model, we maintain compatibility with current TLS implementations while offering dual layers of security. Performance evaluations demonstrate the feasibility of our hybrid scheme with acceptable overhead, showing that robust security against quantum threats is achievable while addressing the unique requirements of different QKD API specifications.},
keywords = {I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS},
pubstate = {published},
tppubtype = {conference}
}
2024
@conference{javierblanco002,
title = {Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares and Daniel Díaz-Sánchez and and Celeste Campo and Carlos García-Rubio},
url = {https://ieeexplore.ieee.org/abstract/document/10733716/figures#figures},
doi = {https://doi.org/10.1109/ISCC61673.2024.10733716},
isbn = {979-8-3503-5424-9},
year = {2024},
date = {2024-10-31},
urldate = {2024-10-31},
booktitle = {2024 IEEE Symposium on Computers and Communications (ISCC)},
publisher = {IEEE},
abstract = {Post-Quantum Cryptography (PQC) is a practical and cost-effective solution to defend against emerging quantum computing threats. So, leading worldwide security agencies and standardization bodies strongly advocate for the proactive integration of PQ cryptography into underlying frameworks to support applications, protocols, and services. The current research predominantly addresses the incorporation of PQC in Internet communication protocols such as HTTP and DNS; nevertheless, the focus on embedded devices has been limited to evaluating PQC’s integration within TLS/DTLS in isolation. Hence, there is a notable gap in understanding how PQC impacts IoT-specific communication protocols. This paper presents the integration of PQC into two communication protocols specifically tailored for IoT devices, the Constrained Application Protocol (CoAP) and MQTT for Sensor Networks (MQTT-SN), via the wolfSSL library. These two integrations contribute to the understanding of PQC’s implications for IoT communication protocols.},
keywords = {coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa},
pubstate = {published},
tppubtype = {conference}
}
Publications
Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS Journal Article In: 2025. Hybrid Quantum Security for IPsec Journal Article In: pp. 23, 2025. Hybrid Quantum Security for IPsec Journal Article In: pp. 23, 2025. QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers Conference 2025. Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9.2025
2024