Speaker
Paul Hoffman
(ICANN)
Description
There is a lot of talk about the need for post-quantum cryptography (PQC) due to the possibility that quantum computers will be able to break the current cryptography in coming decades. If it becomes possible to build massive quantum computers, all cryptographic protocols will probably move to using PQC algorithms.
It is expected that PQC algorithms for signatures use keys and/or signatures that are many times larger than those for RSA 2048. This will make DNSSEC-signed responses so much larger that TCP will probably be used for nearly all DNSSEC using PQC. Signing times might also increase by an order of magnitude.
This presentation covers the current state of quantum computing, guesses at timelines leading to the need for PQC, and an overview of the size requirement for the PQC algorithms that might be chosen.
Summary
The transition from RSA and EC signatures to post-quantum cryptography (PQC) signatures will cause DNSSEC the length of responses to ballon by many kilobytes. This presentation gives estimates of when that might happen and what kind of signatures we might see.
| Talk Duration | 15 Minutes |
|---|
Primary author
Paul Hoffman
(ICANN)
