Paper 2024/1319

Quantum-safe Signatureless DNSSEC

Aditya Singh Rawat, Ashoka University
Mahabir Prasad Jhanwar, Ashoka University
Abstract

We present $\mathsf{SL\text{-}DNSSEC}$: a backward-compatible protocol that leverages a quantum-safe KEM and a MAC to perform signature-less $\mathsf{(SL)}$ DNSSEC validations in a single UDP query/response style. Our experiments targeting NIST level I security for QTYPE A query resolution show that $\mathsf{SL\text{-}DNSSEC}$ is practically equivalent to the presently deployed RSA-2048 in terms of bandwidth usage and resolution speeds. Compared to post-quantum signatures, $\mathsf{SL\text{-}DNSSEC}$ reduces bandwidth consumption and resolution times by up to $95\%$ and $60\%$, respectively. Moreover, with response size $<$ query size $\leq 1232$ bytes, $\mathsf{SL\text{-}DNSSEC}$ obviates the long-standing issues of IP fragmentation, TCP re-transmits and DDoS amplification attacks.

Note: To appear in ACM AsiaCCS '25

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
DNSSEC
Contact author(s)
aditya rawat_phd21 @ ashoka edu in
mahavir jhawar @ ashoka edu in
History
2025-01-13: revised
2024-08-23: received
See all versions
Short URL
https://ia.cr/2024/1319
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1319,
      author = {Aditya Singh Rawat and Mahabir Prasad Jhanwar},
      title = {Quantum-safe Signatureless {DNSSEC}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1319},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1319}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.