Related papers: Quantum-Resistant Domain Name System: A Comprehensive System-Level Study

Quantum-Resistant Domain Name System: A Comprehensive System-Level Study

URL: http://arxiv.org/abs/2506.19943v1
Date: Tue, 24 Jun 2025 18:35:24 GMT
Title: Quantum-Resistant Domain Name System: A Comprehensive System-Level Study
Authors: Juyoul Lee, Sanzida Hoque, Abdullah Aydeger, Engin Zeydan,
Abstract summary: We present a comprehensive system-level study of post-quantum DNS security across three widely deployed mechanisms.<n>We propose Post-Quantum Cryptographic (PQC)-DNS, a unified framework for benchmarking DNS security under legacy, post-quantum, and hybrid cryptographic configurations.
Score: 0.9365037811026767
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The Domain Name System (DNS) plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in the post-quantum era is imperative. In this paper, we present a comprehensive system-level study of post-quantum DNS security across three widely deployed mechanisms: DNSSEC, DNS-over-TLS (DoT), and DNS-over-HTTPS (DoH). We propose Post-Quantum Cryptographic (PQC)-DNS, a unified framework for benchmarking DNS security under legacy, post-quantum, and hybrid cryptographic configurations. Our implementation leverages the Open Quantum Safe (OQS) libraries and integrates lattice- and hash-based primitives into BIND9 and TLS 1.3 stacks. We formalize performance and threat models and analyze the impact of post-quantum key encapsulation and digital signatures on end-to-end DNS resolution. Experimental results on a containerized testbed reveal that lattice-based primitives such as Module-Lattice-Based Key-Encapsulation Mechanism (MLKEM) and Falcon offer practical latency and resource profiles, while hash-based schemes like SPHINCS+ significantly increase message sizes and processing overhead. We also examine security implications including downgrade risks, fragmentation vulnerabilities, and susceptibility to denial-of-service amplification. Our findings inform practical guidance for deploying quantum-resilient DNS and contribute to the broader effort of securing core Internet protocols for the post-quantum future.

Related papers

Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS [0.4374837991804085]
This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS.<n>We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families.<n>Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures.
arXiv Detail & Related papers (2025-07-12T14:34:17Z)
Extensible Post Quantum Cryptography Based Authentication [1.7449047573672085]
We introduce a quantum-safe single-shot protocol for machine-to-machine authentication and authorization.<n> operating entirely over insecure channels, this protocol enables the forward-secure establishment of tokens.<n>This study lays the groundwork for scalable, resilient, and future-proof identity infrastructures in a quantum-enabled world.
arXiv Detail & Related papers (2025-05-22T01:34:17Z)
Post-Quantum Cryptography: An Analysis of Code-Based and Lattice-Based Cryptosystems [55.49917140500002]
Quantum computers will be able to break modern cryptographic systems using Shor's Algorithm.<n>We first examine the McEliece cryptosystem, a code-based scheme believed to be secure against quantum attacks.<n>We then explore NTRU, a lattice-based system grounded in the difficulty of solving the Shortest Vector Problem.
arXiv Detail & Related papers (2025-05-06T03:42:38Z)
A Quantum Good Authentication Protocol [0.0]
This article presents a novel network protocol that incorporates a quantum photonic channel for symmetric key distribution.<n>The protocol uses strong hash functions to hash original messages and verify heightened data integrity at the destination.
arXiv Detail & Related papers (2025-03-05T20:30:34Z)
Quantum-Safe integration of TLS in SDN networks [0.0]
transition to quantum-safe cryptography within the next decade is critical.<n>We have selected Transport Layer Security as the foundation to hybridize classical, quantum, and post-quantum cryptography.<n>The performance of this approach has been demonstrated using a deployed production infrastructure.
arXiv Detail & Related papers (2025-02-24T14:35:56Z)
Onion Routing Key Distribution for QKDN [1.8637078358591843]
The advance of quantum computing poses a significant threat to classical cryptography.<n>Two main approaches have emerged: quantum cryptography and post-quantum cryptography.<n>We propose a secure key distribution protocol for Quantum Key Distribution Networks (QKDN)
arXiv Detail & Related papers (2025-02-10T16:47:42Z)
Double-Signed Fragmented DNSSEC for Countering Quantum Threat [3.0874677990361246]
We investigate the viability of employing 'Double-Signatures' in DNSSEC. We leverage a way to do application-layer fragmentation of DNSSEC responses with two signatures.
arXiv Detail & Related papers (2024-11-12T04:22:57Z)
Towards efficient and secure quantum-classical communication networks [47.27205216718476]
There are two primary approaches to achieving quantum-resistant security: quantum key distribution (QKD) and post-quantum cryptography (PQC) We introduce the pros and cons of these protocols and explore how they can be combined to achieve a higher level of security and/or improved performance in key distribution. We hope our discussion inspires further research into the design of hybrid cryptographic protocols for quantum-classical communication networks.
arXiv Detail & Related papers (2024-11-01T23:36:19Z)
Guarantees on the structure of experimental quantum networks [105.13377158844727]
Quantum networks connect and supply a large number of nodes with multi-party quantum resources for secure communication, networked quantum computing and distributed sensing. As these networks grow in size, certification tools will be required to answer questions regarding their properties. We demonstrate a general method to guarantee that certain correlations cannot be generated in a given quantum network.
arXiv Detail & Related papers (2024-03-04T19:00:00Z)
The Evolution of Quantum Secure Direct Communication: On the Road to the Qinternet [49.8449750761258]
Quantum secure direct communication (QSDC) is provably secure and overcomes the threat of quantum computing.<n>We will detail the associated point-to-point communication protocols and show how information is protected and transmitted.
arXiv Detail & Related papers (2023-11-23T12:40:47Z)
Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security. This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z)
An Evolutionary Pathway for the Quantum Internet Relying on Secure Classical Repeaters [64.48099252278821]
We conceive quantum networks using secure classical repeaters combined with the quantum secure direct communication principle. In these networks, the ciphertext gleaned from a quantum-resistant algorithm is transmitted using QSDC along the nodes. We have presented the first experimental demonstration of a secure classical repeater based hybrid quantum network.
arXiv Detail & Related papers (2022-02-08T03:24:06Z)
Backflash Light as a Security Vulnerability in Quantum Key Distribution Systems [77.34726150561087]
We review the security vulnerabilities of quantum key distribution (QKD) systems. We mainly focus on a particular effect known as backflash light, which can be a source of eavesdropping attacks.
arXiv Detail & Related papers (2020-03-23T18:23:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.