Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS

• URL: http://arxiv.org/abs/2507.09301v1
• Date: Sat, 12 Jul 2025 14:34:17 GMT
• Title: Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS
• Authors: Julio Gento Suela, Javier Blanco-Romero, Florina Almenares Mendoza, Daniel Díaz-Sánchez,
• Abstract summary: This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS.<n>We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families.<n>Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures.
• Score: 0.4374837991804085
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS to enable quantum-resistant DNSSEC functionality. We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families: ML-DSA, FALCON, SPHINCS+, MAYO, and SNOVA. Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures. A benchmark has been performed and performance evaluation results reveal significant trade-offs between security and efficiency. The results indicate that while PQC algorithms introduce operational overhead, several candidates offer viable compromises for transitioning DNSSEC to quantum-resistant cryptography.

Related papers

• Secure and practical Quantum Digital Signatures [0.0]
  Quantum Digital Signatures (QDS) can offer solutions that are information-theoretically (IT) secure and thus immune to quantum attacks.<n>We analyze three existing practical QDS protocols based on preshared secure keys and universal hashing families.<n>We numerically optimize the protocol parameters to improve efficiency in terms of preshared bit consumption and signature length.
  arXiv  Detail & Related papers  (2025-08-07T13:03:43Z)
• Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [49.1574468325115]
  CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
  arXiv  Detail & Related papers  (2025-08-03T09:53:45Z)
• Quantum-Resistant Domain Name System: A Comprehensive System-Level Study [0.9365037811026767]
  We present a comprehensive system-level study of post-quantum DNS security across three widely deployed mechanisms.<n>We propose Post-Quantum Cryptographic (PQC)-DNS, a unified framework for benchmarking DNS security under legacy, post-quantum, and hybrid cryptographic configurations.
  arXiv  Detail & Related papers  (2025-06-24T18:35:24Z)
• Post-Quantum Cryptography: An Analysis of Code-Based and Lattice-Based Cryptosystems [55.49917140500002]
  Quantum computers will be able to break modern cryptographic systems using Shor's Algorithm.<n>We first examine the McEliece cryptosystem, a code-based scheme believed to be secure against quantum attacks.<n>We then explore NTRU, a lattice-based system grounded in the difficulty of solving the Shortest Vector Problem.
  arXiv  Detail & Related papers  (2025-05-06T03:42:38Z)
• A Quantum Good Authentication Protocol [0.0]
  This article presents a novel network protocol that incorporates a quantum photonic channel for symmetric key distribution.<n>The protocol uses strong hash functions to hash original messages and verify heightened data integrity at the destination.
  arXiv  Detail & Related papers  (2025-03-05T20:30:34Z)
• Double-Signed Fragmented DNSSEC for Countering Quantum Threat [3.0874677990361246]
  We investigate the viability of employing 'Double-Signatures' in DNSSEC. We leverage a way to do application-layer fragmentation of DNSSEC responses with two signatures.
  arXiv  Detail & Related papers  (2024-11-12T04:22:57Z)
• Towards efficient and secure quantum-classical communication networks [47.27205216718476]
  There are two primary approaches to achieving quantum-resistant security: quantum key distribution (QKD) and post-quantum cryptography (PQC) We introduce the pros and cons of these protocols and explore how they can be combined to achieve a higher level of security and/or improved performance in key distribution. We hope our discussion inspires further research into the design of hybrid cryptographic protocols for quantum-classical communication networks.
  arXiv  Detail & Related papers  (2024-11-01T23:36:19Z)
• A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights [2.522402937703098]
  QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance.
  arXiv  Detail & Related papers  (2024-05-15T11:27:28Z)
• SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
  We propose SOCI+ which significantly improves the performance of SOCI. SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive. Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
  arXiv  Detail & Related papers  (2023-09-27T05:19:32Z)
• Delegated variational quantum algorithms based on quantum homomorphic encryption [69.50567607858659]
  Variational quantum algorithms (VQAs) are one of the most promising candidates for achieving quantum advantages on quantum devices. The private data of clients may be leaked to quantum servers in such a quantum cloud model. A novel quantum homomorphic encryption (QHE) scheme is constructed for quantum servers to calculate encrypted data.
  arXiv  Detail & Related papers  (2023-01-25T07:00:13Z)
• Iterative Qubits Management for Quantum Index Searching in a Hybrid System [56.39703478198019]
  IQuCS aims at index searching and counting in a quantum-classical hybrid system. We implement IQuCS with Qiskit and conduct intensive experiments. Results demonstrate that it reduces qubits consumption by up to 66.2%.
  arXiv  Detail & Related papers  (2022-09-22T21:54:28Z)
• A Variational Quantum Attack for AES-like Symmetric Cryptography [69.80357450216633]
  We propose a variational quantum attack algorithm (VQAA) for classical AES-like symmetric cryptography. In the VQAA, the known ciphertext is encoded as the ground state of a Hamiltonian that is constructed through a regular graph.
  arXiv  Detail & Related papers  (2022-05-07T03:15:15Z)
• Agile and versatile quantum communication: signatures and secrets [0.7980685978549763]
  We demonstrate two quantum cryptographic protocols, quantum digital signatures (QDS) and quantum secret sharing (QSS) on the same hardware sender and receiver platform. This is the first proof-of-principle demonstration of an agile and versatile quantum communication system.
  arXiv  Detail & Related papers  (2020-01-27T21:11:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.