{"ID":2895447,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2507.09301","arxiv_id":"2507.09301","title":"Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS","abstract":"The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This paper presents the integration of post-quantum cryptographic (PQC) algorithms into CoreDNS to enable quantum-resistant DNSSEC functionality. We have developed a plugin that extends CoreDNS with support for five PQC signature algorithm families: ML-DSA, FALCON, SPHINCS+, MAYO, and SNOVA. Our implementation maintains compatibility with existing DNS resolution flows while providing on-the-fly signing using quantum-resistant signatures. A benchmark has been performed and performance evaluation results reveal significant trade-offs between security and efficiency. The results indicate that while PQC algorithms introduce operational overhead, several candidates offer viable compromises for transitioning DNSSEC to quantum-resistant cryptography.","short_abstract":"The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to quantum attacks. This pape...","url_abs":"https://arxiv.org/abs/2507.09301","url_pdf":"https://arxiv.org/pdf/2507.09301v1","authors":"[\"Julio Gento Suela\",\"Javier Blanco-Romero\",\"Florina Almenares Mendoza\",\"Daniel Díaz-Sánchez\"]","published":"2025-07-12T14:34:17Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.NI\"]","methods":"[]","has_code":false}