Publications - Pervasive Computing Laboratory

Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon Discovery emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT magos Pervasive computing Post-Quantum Cryptography privacy Protocols Qursa Ramones raudo2 Security Smart Card Trust management VANETs 
Show all
2025
 Suela, Julio Gento;  Blanco-Romero, Javier;  Almenares-Mendoza, Florina;  Sánchez, Daniel Díaz
Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS Journal Article 
In: 2025.
Abstract | Links | BibTeX | Tags: CoreDNS, Discovery, DNS security, DNSSEC, I-Shaper, Post-Quantum Cryptography, Qursa, Ramones
@article{javierblanco006,

title = {Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS},

author = {Julio Gento Suela and Javier Blanco-Romero and Florina Almenares-Mendoza and Daniel Díaz Sánchez },

doi = { https://doi.org/10.48550/arXiv.2507.09301},

year  = {2025},

date = {2025-07-15},

urldate = {2025-07-15},

abstract = {The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS to enable quantum-resistant DNSSEC functionality. We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families: ML-DSA, FALCON, SPHINCS+, MAYO, and SNOVA. Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures. A benchmark has been performed and performance evaluation results reveal significant trade-offs between security and efficiency. The results indicate that while PQC algorithms introduce operational overhead, several candidates offer viable compromises for transitioning DNSSEC to quantum-resistant cryptography.},

keywords = {CoreDNS, Discovery, DNS security, DNSSEC, I-Shaper, Post-Quantum Cryptography, Qursa, Ramones},

pubstate = {published},

tppubtype = {article}

}

Close
The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS to enable quantum-resistant DNSSEC functionality. We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families: ML-DSA, FALCON, SPHINCS+, MAYO, and SNOVA. Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures. A benchmark has been performed and performance evaluation results reveal significant trade-offs between security and efficiency. The results indicate that while PQC algorithms introduce operational overhead, several candidates offer viable compromises for transitioning DNSSEC to quantum-resistant cryptography.
Close
doi: https://doi.org/10.48550/arXiv.2507.09301
Close