en

ICANN Publishes Paper on How Quantum Computing Will Affect the DNS in the Future

17 February 2022

The topic of quantum computing has appeared more often in the past few years because more people are concerned about its possible effects on security and privacy. If someone can build a very large quantum computer, it would completely undermine the cryptography that is used in digital signatures (such as those used in DNSSEC) and key exchanges for privacy (such as those used in TLS).

For DNSSEC, this means that someone with such a quantum computer could impersonate any zone owner who signs with DNSSEC, even the root. For TLS, this means that any private exchange that has been recorded could be exposed by such a quantum computer. These quantum computers are not ready now (or even soon) but might be available in future decades. People are actively planning to use new algorithms in DNSSEC, TLS, and so on that are not affected by these new quantum computers.

In order to help the ICANN community better understand quantum computing and its effects on cryptography, ICANN's Office of the Chief Technical Officer (OCTO) recently published "Quantum Computing and the DNS", This report surveys recent research into quantum computing, and attempts to simplify the complex technical issues enough so that the community can start thinking about the changes it will need to make, and when it will need to make them.

Even though it will probably take many decades to build quantum computers that can affect today's cryptography, the security community is already looking at making changes to TLS within a few years, after new key exchange algorithms are tested and standardized. The DNS community has longer to choose, which is fortunate because signature algorithms that resist quantum computers will have harsher effects on DNSSEC. ICANN will, of course, keep tracking the progress of these new algorithms and will continue to help our community understand their importance.