March 31, 2016 to April 1, 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone

The Quest for the Missing Keytags

Apr 1, 2016, 11:30 AM
Montserrat (Intercontinental Buenos Aires)


Intercontinental Buenos Aires

Buenos Aires, Argentina
Public Workshop Public Workshop: Research


Roy Arends (ICANN)


In an effort to create all possible 64K keytags for a DNSSEC signing key, an anomaly surfaced that caused 75% of the possible keytags to never appear. This effort to generate certain cryptographic keys became an adventure in itself that included beautiful discrete math, flawed functions, carefully crafted primes, multiple cryptographic libraries, and some brilliant people. The result of this effort shows that using an ancient checksum function to identify cryptographic keys is not optimal.


The presentation will go through the quest of uncovering the anomaly that caused the limitation in keytags generation.

Primary author

Roy Arends (ICANN)

Presentation materials