Cryptography is the process of converting ordinary text into unintelligible text and vice-versa. It is used to store and transmit data so that only those intended can read and process it.[1] It plays a key role in data privacy and authentication today. The former concerns long-term communication secrecy while the latter concerns the digital artifacts for establishing trust in communication, such as identity and authorization.[2]

Algorithms

Algorithms in modern cryptography depend on the difficulty of certain math problems that take huge amounts of time to solve. The two types of algorithms used nearly universally on the Internet today for digital signatures and key exchange are the RSA and Diffie-Hellman schemes. They are known mathematically as the hard problems of factoring and finding the discrete logarithms of large integers.[3]

Post-Quantum Cryptography

In the future (assumed to be at least 50 years away if ever),[4] large-scale quantum computers might be able to solve problems that are impossible with current computing technology because quantum computers can handle many complex processes at the same time. Such "cryptographically relevant quantum computers" (CRQCs) could find a break in an RSA or D-H scheme (which today is practically impossible) in a day or less. Post-quantum cryptography (PQC) algorithms should not be susceptible to quantum computers because they are fundamentally different from the RSA and the Diffie-Hellman. That is, they are not weakened by Shor’s algorithm.[5][6]

Hurdles to Quantum Computing

It is very difficult to build even very small quantum computers.[7] First, the information in qubits is very fragile, so qubits must be completely isolated from the external environment and kept at temperatures near zero degrees Kelvin during computations, which takes extensive machinery and physical space. Second, qubits are highly prone to errors during processing, which requires thousands of additional cooled qubits to correct errors for every qubit in the computation.
Moreover, building small quantum computers will not suffice to break cryptography. Running a small quantum computer for longer will not break the cryptographic keys, nor will running many small quantum computers in parallel achieve the task.

ICANN's positions

On February 11, 2022, ICANN OCTO stated the org's positions on the topic of the DNS and PQC:[8]

  • The ICANN Community has not reached a consensus on how developments in quantum computing relate to the DNS.
  • The DNSSEC Community does not need to consider PQC at this time.
  • DNS protocols that use TLS (such as DNS-over-TLS and DNS-over-HTTPS) should update to PQC to align with web protocols when they are updated.

References