Post-quantum Algorithm Testing and Analysis for the DNS
To empirically investigate the impact of post-quantum algorithms on DNSSEC, SIDN Labs started the project PATAD (Post-quantum Algorithm Testing and Analysis for the DNS). Its goal is to develop a testbed that enables us to protype, evaluate, and benchmark various post-quantum algorithms in DNSSEC, not just for SIDN, but for other organisations as well.
As the project evolves we will continue to publish more information. Meanwhile you can read about our work on post-quantum DNSSEC in the following publications:
Run your own PATAD testbed
We published the components and instructions to run your own PQC testbed on your own computer at https://github.com/SIDN/pqc-testbed.
The following screencast shows a full-stack example of our testbed with SQIsign (root), MAYO (.nl) and Falcon (sidnlabs.nl).
Developing PATAD components
The script to build containers for the PATAD testbed are published at github currently we have two PQC-ready components pqc-resolver-powerdns and pqc-auth-powerdns that contain a version of PowerDNS with the PQC algorithms Falcon, SQIsign, and MAYO. We encourage you to use these examples to build you own PATAD components.
Publications
- Blog: “Set up your own PQC testbed for DNSSEC with the PATAD open-source software”, Jul 2024
- Internet-Draft: “Research Agenda for a Post-Quantum DNSSEC”
- Abstract: “A testbed to evaluate quantum-safe cryptography in DNSSEC”, The DINR 2024 Virtual Workshop, April 2024
- Presentation: “A testbed for evaluating post quantum algorithms for the DNS”, 24th CENTR R&D, Feb 2024
- Blog: “A quantum-safe cryptography DNSSec testbed” (SIDN Labs, RIPE, APNIC), Dec 2023
- Presentation: “A testbed for evaluating post quantum algorithms for the DNS” (Video), PQC conference, Nov 2023
- Blog: “Adding experimental support for X25519Kyber768 to dns4all.eu”, Sep 2023
Other work on PQC in the DNS
- Blog: “More PQC in PowerDNS: A DNSSEC Field Study”, Jul 2024
- Podcast “ Testing Post Quantum Cryptography DNSSEC”, Jul 2024
- Testbed: “Post-Quantum DNSSEC Testbed with BIND and PowerDNS”