Post-quantum Algorithm Testing and Analysis for the DNS

To empirically investigate the impact of post-quantum algorithms on DNSSEC, SIDN Labs started the project PATAD (Post-quantum Algorithm Testing and Analysis for the DNS). Its goal is to develop a testbed that enables us to protype, evaluate, and benchmark various post-quantum algorithms in DNSSEC, not just for SIDN, but for other organisations as well.

As the project evolves we will continue to publish more information. Meanwhile you can read about our work on post-quantum DNSSEC in the following publications:

Run your own PATAD testbed

We published the components and instructions to run your own PQC testbed on your own computer at https://github.com/SIDN/pqc-testbed.

The following screencast shows a full-stack example of our testbed with SQIsign (root), MAYO (.nl) and Falcon (sidnlabs.nl).

Developing PATAD components

The script to build containers for the PATAD testbed are published at github currently we have two PQC-ready components pqc-resolver-powerdns and pqc-auth-powerdns that contain a version of PowerDNS with the PQC algorithms Falcon, SQIsign, and MAYO. We encourage you to use these examples to build you own PATAD components.

Publications

• Presentation: “Evaluating Post-Quantum Cryptography for the Domain Name System”, SURF Networking Day 2024, Dec 2024
• Presentation: “PATAD: an open-source testbed for evaluating post-quantum cryptography for DNSSEC”, ICANN 81 Tech Day, Nov 2024
• Presentation: “A testbed to evaluate post-quantum cryptography in DNSSEC”, pq-dnssec side meeting at IETF 121, Nov 2024
• Presentation: “Evaluating Post-Quantum Cryptography for the Domain Name System”, TUCCR Fall Workshop, Oct 2024
• Presentation: “A testbed to evaluate post-quantum cryptography for DNSSEC”, Radboud Digital Security group Lunch Talk, Oct 2024
• E-magazine entry: “Enabling Post-Quantum Cryptography in the DNS”, ONE Conference E-magazine, Oct 2024
• Workshop: “Post-Quantum Cryptography & DNSSEC”, CENTR R&D / Tech workshop, Oct 2024
• Blog: “Big news! NIST standardises 3 PQC algorithms”, Aug 2024
• Blog: “Set up your own PQC testbed for DNSSEC with the PATAD open-source software”, Jul 2024
• Internet-Draft: “Research Agenda for a Post-Quantum DNSSEC”
• Abstract: “A testbed to evaluate quantum-safe cryptography in DNSSEC”, The DINR 2024 Virtual Workshop, April 2024
• Presentation: “A testbed for evaluating post quantum algorithms for the DNS”, 24th CENTR R&D, Feb 2024
• Blog: “A quantum-safe cryptography DNSSec testbed” (SIDN Labs, RIPE, APNIC), Dec 2023
• Presentation: “A testbed for evaluating post quantum algorithms for the DNS” (video), PQC conference, Nov 2023
• Blog: “Adding experimental support for X25519Kyber768 to dns4all.eu”, Sep 2023

Other work on PQC in the DNS

• Blog: “More PQC in PowerDNS: A DNSSEC Field Study”, Jul 2024
• Podcast “Testing Post Quantum Cryptography DNSSEC”, Jul 2024
• Testbed: “Post-Quantum DNSSEC Testbed with BIND and PowerDNS”