Post-quantum signatures in DNSSEC via request-based fragmentation

Resolution times and data transfer sizes for standard DNS (over UDP using TCP fallback) and parallel ARRF

Abstract

The Domain Name System Security Extensions (DNSSEC) provide authentication of DNS responses using digital signatures. DNS operates primarily over UDP, which leads to several constraints: notably, DNS packets should be at most 1232 bytes long to avoid problems during transmission. Larger DNS responses would either need to be fragmented into several UDP responses or the request would need to be repeated over TCP, neither of which is sufficiently reliable in today's DNS ecosystem. While RSA or elliptic curve digital signatures are sufficiently small to avoid this problem, even for DNSSEC packets containing both a public key and a signature, this problem is unavoidable when considering the larger sizes of post-quantum schemes. We propose ARRF, a method of fragmenting DNS resource records at the application layer (rather than the transport layer) that is request-based, meaning the initial response contains a truncated fragment and then the requester sends follow-up requests for the remaining fragments. Using request-based fragmentation avoids problems identified for several previously proposed—and rejected—application-level DNS fragmentation techniques. We implement our approach and evaluate its performance in a simulated network when used for the three post-quantum digital signature schemes selected by NIST for standardization (Falcon, Dilithium, and SPHINCS+) at the 128-bit security level. Our experiments show that our request-based fragmentation approach provides substantially lower resolution times compared to standard DNS over UDP with TCP fallback, for all the tested post-quantum algorithms, and with less data transmitted in the case of both Falcon and Dilithium. Furthermore, our request-based fragmentation design can be implemented relatively easily: our implementation is in fact a small daemon that can sit in front of a DNS name server or resolver to fragment/reassemble transparently. As well, our request-based application-level fragmentation over UDP may avoid problems that arise on poorly configured network devices with other approaches for handling large DNS responses.

Keywords: Domain Name System, DNSSEC, post-quantum cryptography

Reference

Jason Goertzen, Douglas Stebila. Post-quantum signatures in DNSSEC via request-based fragmentation. In Thomas Johansson, Daniel Smith-Tone, editors, Proc. 14th International Conference on Post-Quantum Cryptography (PQCrypto) 2023, LNCS. Springer, August 2023. © Springer.

Download

Code

BibTeX

Funding

This research was supported by:
  • Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146
  • Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2022-03187
  • Gift from Verisign Inc.