Double-Signed Fragmented DNSSEC for Countering Quantum Threat
- URL: http://arxiv.org/abs/2411.07535v1
- Date: Tue, 12 Nov 2024 04:22:57 GMT
- Title: Double-Signed Fragmented DNSSEC for Countering Quantum Threat
- Authors: Syed W. Shah. Lei Pan, Din Duc Nha Nguyen, Robin Doss, Warren Armstrong, Praveen Gauravaram,
- Abstract summary: We investigate the viability of employing 'Double-Signatures' in DNSSEC.
We leverage a way to do application-layer fragmentation of DNSSEC responses with two signatures.
- Score: 3.0874677990361246
- License:
- Abstract: DNSSEC, a DNS security extension, is essential to accurately translating domain names to IP addresses. Digital signatures provide the foundation for this reliable translation, however, the evolution of 'Quantum Computers' has made traditional digital signatures vulnerable. In light of this, NIST has recently selected potential post-quantum digital signatures that can operate on conventional computers and resist attacks made with Quantum Computers. Since these post-quantum digital signatures are still in their early stages of development, replacing pre-quantum digital signature schemes in DNSSEC with post-quantum candidates is risky until the post-quantum candidates have undergone a thorough security analysis. Given this, herein, we investigate the viability of employing 'Double-Signatures' in DNSSEC, combining a post-quantum digital signature and a classic one. The rationale is that double-signatures will offer protection against quantum threats on conventional signature schemes as well as unknown non-quantum attacks on post-quantum signature schemes, hence even if one fails the other provides security guarantees. However, the inclusion of two signatures in the DNSSEC response message doesn't bode well with the maximum allowed size of DNSSEC responses (i.e., 1232B, a limitation enforced by MTU of physical links). To counter this issue, we leverage a way to do application-layer fragmentation of DNSSEC responses with two signatures. We implement our solution on top of OQS-BIND and through experiments show that the addition of two signatures in DNSSEC and application-layer fragmentation of all relevant resource records and their reassembly does not have any substantial impact on the efficiency of the resolution process and thus is suitable for the interim period at least until the quantum computers are fully realized.
Related papers
- Quantum digital signature based on single-qubit without a trusted third-party [45.41082277680607]
We propose a brand new quantum digital signature protocol without a trusted third party only with qubit technology to further improve the security.
We prove that the protocol has information-theoretical unforgeability. Moreover, it satisfies other important secure properties, including asymmetry, undeniability, and expandability.
arXiv Detail & Related papers (2024-10-17T09:49:29Z) - Revocable Encryption, Programs, and More: The Case of Multi-Copy Security [48.53070281993869]
We show the feasibility of revocable primitives, such as revocable encryption and revocable programs.
This suggests that the stronger notion of multi-copy security is within reach in unclonable cryptography.
arXiv Detail & Related papers (2024-10-17T02:37:40Z) - A new approach to delegate signing rights to proxy signers using isogeny-based cryptography [5.662132994900804]
We propose the first post-quantum isogeny based proxy signature scheme CSI-PS (commutative supersingular isogeny proxy signature)
Our construction is proven to be uf-cma secure under the hardness of the group action inverse problem (IPGA) based on isogeny.
arXiv Detail & Related papers (2024-07-18T09:19:19Z) - An Experimentally Validated Feasible Quantum Protocol for Identity-Based Signature with Application to Secure Email Communication [1.156080039774429]
In 1984, Shamir developed the first Identity-based signature (IBS) to simplify public key infrastructure.
IBS protocols rely on several theoretical assumption-based hard problems.
Quantum cryptography (QC) is one such approach.
arXiv Detail & Related papers (2024-03-27T04:32:41Z) - Revocable Quantum Digital Signatures [57.25067425963082]
We define and construct digital signatures with revocable signing keys from the LWE assumption.
In this primitive, the signing key is a quantum state which enables a user to sign many messages.
Once the key is successfully revoked, we require that the initial recipient of the key loses the ability to sign.
arXiv Detail & Related papers (2023-12-21T04:10:07Z) - Entanglement-based quantum digital signatures over deployed campus
network [0.6617348612068856]
A major advantage of a quantum-digital-signatures protocol is that it can have information-theoretic security.
We demonstrate and characterize hardware to implement entanglement-based quantum digital signatures over our campus network.
arXiv Detail & Related papers (2023-10-30T11:31:23Z) - Revocable Cryptography from Learning with Errors [61.470151825577034]
We build on the no-cloning principle of quantum mechanics and design cryptographic schemes with key-revocation capabilities.
We consider schemes where secret keys are represented as quantum states with the guarantee that, once the secret key is successfully revoked from a user, they no longer have the ability to perform the same functionality as before.
arXiv Detail & Related papers (2023-02-28T18:58:11Z) - One-Time Universal Hashing Quantum Digital Signatures without Perfect
Keys [24.240914319917053]
We show that imperfect quantum keys with limited information leakage can be used for digital signatures and authentication without compromising security.
This study significantly reduces the delay for data postprocessing and is compatible with any quantum key generation protocols.
arXiv Detail & Related papers (2023-01-03T14:54:27Z) - Quantum Proofs of Deletion for Learning with Errors [91.3755431537592]
We construct the first fully homomorphic encryption scheme with certified deletion.
Our main technical ingredient is an interactive protocol by which a quantum prover can convince a classical verifier that a sample from the Learning with Errors distribution in the form of a quantum state was deleted.
arXiv Detail & Related papers (2022-03-03T10:07:32Z) - Deep Serial Number: Computational Watermarking for DNN Intellectual
Property Protection [53.40245698216239]
DSN (Deep Serial Number) is a watermarking algorithm designed specifically for deep neural networks (DNNs)
Inspired by serial numbers in safeguarding conventional software IP, we propose the first implementation of serial number embedding within DNNs.
arXiv Detail & Related papers (2020-11-17T21:42:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.