Welcome to the resource topic for 2024/1320
Title:
Post-Quantum DNSSEC over UDP via QNAME-Based Fragmentation
Authors: Aditya Singh Rawat, Mahabir Prasad Jhanwar
Abstract:In a typical network, a DNS(SEC) message over 1232 bytes would either be fragmented into several UDP/IP packets or require a re-transmit over TCP. Unfortunately, IP fragmentation is considered unreliable and a non-trivial number of servers do not support TCP.
We present \texttt{QNAME}-Based Fragmentation (\mathsf{QBF}): a DNS layer fragmentation scheme that fragments/re-assembles large post-quantum DNS(SEC) messages over UDP in just 1 round-trip while using only standard DNS records. Our experiments show that DNSSEC over \mathsf{QBF}, with either Falcon-512, Dilithium-2 or SPHINCS$^{+} as the zone signing algorithm, is practically as fast as the currently deployed ECDSA-P256 and RSA-2048 setups in resolving \texttt{QTYPE} \texttt{A}$ queries.
ePrint: https://eprint.iacr.org/2024/1320
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .