This is the fourth in a multi-part series on cryptography and the Domain Name System (DNS).
One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer.
If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994.
This prospect has motivated research into new so-called "post-quantum" algorithms that are less vulnerable to quantum computing advances. These algorithms, once standardized, may well be added into the Domain Name System Security Extensions (DNSSEC) thus also adding another dimension to a cryptographer's perspective on the DNS.
(Caveat: Once again, the concepts I'm discussing in this post are topics we're studying in our long-term research program as we evaluate potential future applications of technology. They do not necessarily represent Verisign's plans or position on possible new products or services.)
The National Institute of Standards and Technology (NIST) started a Post-Quantum Cryptography project in 2016 to "specify one or more additional unclassified, publicly disclosed digital signature, public-key encryption, and key-establishment algorithms that are capable of protecting sensitive government information well into the foreseeable future, including after the advent of quantum computers."
Security protocols that NIST is targeting for these algorithms, according to its 2019 status report (Section 2.2.1), include: "Transport Layer Security (TLS), Secure Shell (SSH), Internet Key Exchange (IKE), Internet Protocol Security (IPsec), and Domain Name System Security Extensions (DNSSEC)."
The project is now in its third round, with seven finalists, including three digital signature algorithms, and eight alternates.
NIST's project timeline anticipates that the draft standards for the new post-quantum algorithms will be available between 2022 and 2024.
It will likely take several additional years for standards bodies such as the Internet Engineering Task (IETF) to incorporate the new algorithms into security protocols. Broad deployments of the upgraded protocols will likely take several years more.
Post-quantum algorithms can therefore be considered a long-term issue, not a near-term one. However, as with other long-term research, it's appropriate to draw attention to factors that need to be taken into account well ahead of time.
The three candidate digital signature algorithms in NIST's third round have one common characteristic: all of them have a key size or signature size (or both) that is much larger than for current algorithms.
Key and signature sizes are important operational considerations for DNSSEC because most of the DNS traffic exchanged with authoritative data servers is sent and received via the User Datagram Protocol (UDP), which has a limited response size.
Response size concerns were evident during the expansion of the root zone signing key (ZSK) from 1024-bit to 2048-bit RSA in 2016, and in the rollover of the root key signing key (KSK) in 2018. In the latter case, although the signature and key sizes didn't change, total response size was still an issue because responses during the rollover sometimes carried as many as four keys rather than the usual two.
Thanks to careful design and implementation, response sizes during these transitions generally stayed within typical UDP limits. Equally important, response sizes also appeared to have stayed within the Maximum Transmission Unit (MTU) of most networks involved, thereby also avoiding the risk of packet fragmentation. (You can check how well your network handles various DNSSEC response sizes with this tool developed by Verisign Labs.)
The larger sizes associated with certain post-quantum algorithms do not appear to be a significant issue either for TLS, according to one benchmarking study, or for public-key infrastructures, according to another report. However, a recently published study of post-quantum algorithms and DNSSEC observes that "DNSSEC is particularly challenging to transition" to the new algorithms.
Verisign Labs offers the following observations about DNSSEC-related queries that may help researchers to model DNSSEC impact:
A typical resolver that implements both DNSSEC validation and qname minimization will send a combination of queries to Verisign's root and top-level domain (TLD) servers.
Because the resolver is a validating resolver, these queries will all have the "DNSSEC OK" bit set, indicating that the resolver wants the DNSSEC signatures on the records.
The content of typical responses by Verisign's root and TLD servers to these queries are given in Table 1 below. (In the table,
For an A or NS query, the typical response, when the domain of interest exists, includes a referral to another name server. If the domain supports DNSSEC, the response also includes a set of Delegation Signer (DS) records providing the hashes of each of the referred zone's KSKs the next link in the DNSSEC trust chain. When the domain of interest doesn't exist, the response includes one or more Next Secure (NSEC) or Next Secure 3 (NSEC3) records.
Researchers can estimate the effect of post-quantum algorithms on response size by replacing the sizes of the various RSA keys and signatures with those for their post-quantum counterparts. As discussed above, it is important to keep in mind that the number of keys returned may be larger during key rollovers.
Most of the queries from qname-minimizing, validating resolvers to the root and TLD name servers will be for A or NS records (the choice depends on the implementation of qname minimization, and has recently trended toward A). The signature size for a post-quantum algorithm, which affects all DNSSEC-related responses, will therefore generally have a much larger impact on average response size than will the key size, which affects only the DNSKEY responses.
Post-quantum algorithms are among the newest developments in cryptography. They add another dimension to a cryptographer's perspective on the DNS because of the possibility that these algorithms, or other variants, may be added to DNSSEC in the long term.
In my next post, I'll make the case for why the oldest post-quantum algorithm, hash-based signatures, could be a particularly good match for DNSSEC. I'll also share the results of some research at Verisign Labs into how the large signature sizes of hash-based signatures could potentially be overcome.
Read the previous posts in this six-part blog series:
Read more:
Securing the DNS in a Post-Quantum World: New DNSSEC Algorithms on the Horizon - CircleID
- The Quantum Computer Revolution Is Closer Than You May Think - National Review [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Time Crystals Could be the Key to the First Quantum Computer - TrendinTech [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- quantum computing - WIRED UK [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Chinese scientists build world's first quantum computing machine - India Today [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Here's How We Can Achieve Mass-Produced Quantum Computers - ScienceAlert [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- D-Wave partners with U of T to move quantum computing along - Financial Post [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Team develops first blockchain that can't be hacked by quantum computer - Siliconrepublic.com [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Telstra just wants a quantum computer to offer as-a-service - ZDNet [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Research collaborative pursues advanced quantum computing - Phys.Org [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Quantum Computing Market Forecast 2017-2022 | Market ... [Last Updated On: June 6th, 2017] [Originally Added On: June 6th, 2017]
- Quantum Computing Is Real, and D-Wave Just Open ... - WIRED [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- FinDEVr London: Preparing for the Dark Side of Quantum Computing - GlobeNewswire (press release) [Last Updated On: June 9th, 2017] [Originally Added On: June 9th, 2017]
- Purdue, Microsoft to Collaborate on Quantum Computer - Photonics.com [Last Updated On: June 9th, 2017] [Originally Added On: June 9th, 2017]
- Scientists May Have Found a Way to Combat Quantum Computer Blockchain Hacking - Futurism [Last Updated On: June 9th, 2017] [Originally Added On: June 9th, 2017]
- Microsoft and Purdue work on scalable topological quantum computer - Next Big Future [Last Updated On: June 12th, 2017] [Originally Added On: June 12th, 2017]
- HYPRES Expands Efforts in Quantum Computing with Launch of European Subsidiary SeeQC - Business Wire (press release) [Last Updated On: June 12th, 2017] [Originally Added On: June 12th, 2017]
- From the Abacus to Supercomputers to Quantum Computers - Duke Today [Last Updated On: June 13th, 2017] [Originally Added On: June 13th, 2017]
- Accenture, Biogen, 1QBit Launch Quantum Computing App to ... - HIT Consultant [Last Updated On: June 14th, 2017] [Originally Added On: June 14th, 2017]
- The US and China "Quantum Computing Arms Race" Will Change Long-Held Dynamics in Commerce, Intelligence ... - PR Newswire (press release) [Last Updated On: June 14th, 2017] [Originally Added On: June 14th, 2017]
- Quantum Computing Technologies markets will reach $10.7 billion by 2024 - PR Newswire (press release) [Last Updated On: June 14th, 2017] [Originally Added On: June 14th, 2017]
- A Hybrid of Quantum Computing and Machine Learning Is Spawning New Ventures - IEEE Spectrum [Last Updated On: June 14th, 2017] [Originally Added On: June 14th, 2017]
- KPN CISO details Quantum computing attack dangers - Mobile World Live [Last Updated On: June 16th, 2017] [Originally Added On: June 16th, 2017]
- Get ahead in quantum computing AND attract Goldman Sachs - eFinancialCareers [Last Updated On: June 16th, 2017] [Originally Added On: June 16th, 2017]
- Accenture, 1QBit partner for drug discovery through quantum ... - ZDNet [Last Updated On: June 16th, 2017] [Originally Added On: June 16th, 2017]
- Toward optical quantum computing - MIT News [Last Updated On: June 17th, 2017] [Originally Added On: June 17th, 2017]
- Quantum computing, the machines of tomorrow | The Japan Times - The Japan Times [Last Updated On: June 17th, 2017] [Originally Added On: June 17th, 2017]
- Its time to decide how quantum computing will help your ... [Last Updated On: June 18th, 2017] [Originally Added On: June 18th, 2017]
- Israel Enters Quantum Computer Race, Placing Encryption at Ever-Greater Risk - Sputnik International [Last Updated On: June 20th, 2017] [Originally Added On: June 20th, 2017]
- Prototype device enables photon-photon interactions at room ... - Phys.Org [Last Updated On: June 20th, 2017] [Originally Added On: June 20th, 2017]
- Dow and 1QBit Announce Collaboration Agreement on Quantum Computing - Business Wire (press release) [Last Updated On: June 21st, 2017] [Originally Added On: June 21st, 2017]
- Imperfect crystals may be perfect storage method for quantum computing - Digital Trends [Last Updated On: June 21st, 2017] [Originally Added On: June 21st, 2017]
- Dow Chemical, 1QBit Ink Quantum Computing Development Deal - Zacks.com [Last Updated On: June 22nd, 2017] [Originally Added On: June 22nd, 2017]
- Google on track for quantum computer breakthrough by end of 2017 - New Scientist [Last Updated On: June 22nd, 2017] [Originally Added On: June 22nd, 2017]
- USC to lead project to build super-speedy quantum computers - USC News [Last Updated On: June 24th, 2017] [Originally Added On: June 24th, 2017]
- The Quantum Computer Factory That's Taking on Google and IBM ... - WIRED [Last Updated On: June 24th, 2017] [Originally Added On: June 24th, 2017]
- The weird science of quantum computing, communications and encryption - C4ISR & Networks [Last Updated On: June 27th, 2017] [Originally Added On: June 27th, 2017]
- Multi-coloured photons in 100 dimensions may make quantum ... - Cosmos [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- Global Quantum Computing Market Growth at a CAGR of 35.12 ... - PR Newswire (press release) [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- Qudits: The Real Future of Quantum Computing? - IEEE Spectrum - IEEE Spectrum [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- New method could enable more stable and scalable quantum ... - Phys.Org [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- Quantum computers are about to get real | Science News - Science News Magazine [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- Quantum Computing - Scientific American [Last Updated On: June 30th, 2017] [Originally Added On: June 30th, 2017]
- Australia's ambitious plan to win the quantum race - ZDNet [Last Updated On: July 3rd, 2017] [Originally Added On: July 3rd, 2017]
- How quantum mechanics can change computing - The Conversation - The Conversation US [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- UNSW joins with government and business to keep quantum computing technology in Australia - The Australian Financial Review [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- UNSW launches Australia's first hardware quantum computing company with investments from federal and NSW ... - OpenGov Asia [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- Finns chill out quantum computers with qubit refrigerator to cut out errors - ZDNet [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- Hype and cash are muddying public understanding of quantum ... - The Conversation AU [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- IEEE Approves Standards Project for Quantum Computing ... - insideHPC [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- Silicon Quantum Computing launched to commercialise UNSW ... - ZDNet [Last Updated On: August 24th, 2017] [Originally Added On: August 24th, 2017]
- The Era of Quantum Computing Is Here. Outlook: Cloudy ... [Last Updated On: January 30th, 2018] [Originally Added On: January 30th, 2018]
- The Era of Quantum Computing Is Here. Outlook: Cloudy | WIRED [Last Updated On: February 6th, 2018] [Originally Added On: February 6th, 2018]
- Quantum computing in the NISQ era and beyond [Last Updated On: February 6th, 2018] [Originally Added On: February 6th, 2018]
- What is quantum computing? - Definition from WhatIs.com [Last Updated On: February 6th, 2018] [Originally Added On: February 6th, 2018]
- Quantum computers - WIRED UK [Last Updated On: February 19th, 2018] [Originally Added On: February 19th, 2018]
- Is Quantum Computing an Existential Threat to Blockchain ... [Last Updated On: February 21st, 2018] [Originally Added On: February 21st, 2018]
- What is Quantum Computing? Webopedia Definition [Last Updated On: March 25th, 2018] [Originally Added On: March 25th, 2018]
- Quantum Computing Explained - WIRED UK [Last Updated On: April 15th, 2018] [Originally Added On: April 15th, 2018]
- Quantum computing: A simple introduction - Explain that Stuff [Last Updated On: June 2nd, 2018] [Originally Added On: June 2nd, 2018]
- What are quantum computers and how do they work? WIRED ... [Last Updated On: June 22nd, 2018] [Originally Added On: June 22nd, 2018]
- How Quantum Computers Work [Last Updated On: July 22nd, 2018] [Originally Added On: July 22nd, 2018]
- The reality of quantum computing could be just three years ... [Last Updated On: September 12th, 2018] [Originally Added On: September 12th, 2018]
- The 3 Types of Quantum Computers and Their Applications [Last Updated On: November 24th, 2018] [Originally Added On: November 24th, 2018]
- Quantum Computing - VLAB [Last Updated On: January 27th, 2019] [Originally Added On: January 27th, 2019]
- Quantum Computing | Centre for Quantum Computation and ... [Last Updated On: January 27th, 2019] [Originally Added On: January 27th, 2019]
- Microsofts quantum computing network takes a giant leap ... [Last Updated On: March 7th, 2019] [Originally Added On: March 7th, 2019]
- IBM hits quantum computing milestone, may see 'Quantum ... [Last Updated On: March 7th, 2019] [Originally Added On: March 7th, 2019]
- Quantum technology - Wikipedia [Last Updated On: March 13th, 2019] [Originally Added On: March 13th, 2019]
- Quantum Computing | D-Wave Systems [Last Updated On: April 18th, 2019] [Originally Added On: April 18th, 2019]
- Microsoft will open-source parts of Q#, the programming ... [Last Updated On: May 7th, 2019] [Originally Added On: May 7th, 2019]
- What Is Quantum Computing? The Complete WIRED Guide | WIRED [Last Updated On: May 8th, 2019] [Originally Added On: May 8th, 2019]
- The five pillars of Edge Computing -- and what is Edge computing anyway? - Information Age [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- Moore's Law Is Dying. This Brain-Inspired Analogue Chip Is a Glimpse of What's Next - Singularity Hub [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- Experts Gather at Fermilab for International Workshop on Cryogenic Electronics for Quantum Systems - Quantaneo, the Quantum Computing Source [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- Princeton announces initiative to propel innovations in quantum science and technology - Princeton University [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- Detecting Environmental 'Noise' That Can Damage The Quantum State of Qubits - In Compliance [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- Quantum Computing beginning talks with clients on its quantum asset allocation application - Proactive Investors USA & Canada [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- What is quantum computing? The next era of computational evolution, explained - Digital Trends [Last Updated On: October 1st, 2019] [Originally Added On: October 1st, 2019]
- IT sees the Emergence of Quantum Computing as a Looming Threat to Keeping Valuable Information Confidential - Quantaneo, the Quantum Computing Source [Last Updated On: October 23rd, 2019] [Originally Added On: October 23rd, 2019]
- More wrong answers get quantum computers to find the right one - Futurity: Research News [Last Updated On: October 23rd, 2019] [Originally Added On: October 23rd, 2019]