May 14 – 15, 2017
Europe/Madrid timezone

What DNS Admins Should Know About Post-Quantum Cryptography

May 15, 2017, 10:15 AM
Standard Presentation Public Workshop Public Workshop: DNSSEC


Paul Hoffman (ICANN)


There is a lot of talk about the need for post-quantum cryptography (PQC) due to the possibility that quantum computers will be able to break the current cryptography in coming decades. If it becomes possible to build massive quantum computers, all cryptographic protocols will probably move to using PQC algorithms. It is expected that PQC algorithms for signatures use keys and/or signatures that are many times larger than those for RSA 2048. This will make DNSSEC-signed responses so much larger that TCP will probably be used for nearly all DNSSEC using PQC. Signing times might also increase by an order of magnitude. This presentation covers the current state of quantum computing, guesses at timelines leading to the need for PQC, and an overview of the size requirement for the PQC algorithms that might be chosen.


The transition from RSA and EC signatures to post-quantum cryptography (PQC) signatures will cause DNSSEC the length of responses to ballon by many kilobytes. This presentation gives estimates of when that might happen and what kind of signatures we might see.

Talk Duration 15 Minutes

Primary author

Presentation materials