University of Twente Student Theses
Is there a case to prefer Ed25519 over ECDSA P-256 for DNSSEC?
Yu, J.J. (2017) Is there a case to prefer Ed25519 over ECDSA P-256 for DNSSEC?
PDF
388kB |
Abstract: | DNS security Extensions (DNSSEC) adds cryptographic signatures to DNS. The most popular cryptographic signature algorithm in DNSSEC is RSA as of June 2017. Using RSA could cause problems due to the relatively large key sizes that are required, such as packet fragmentation and DNSSEC servers being turned into an amplification vector for distributed denial-of-service (DDoS) attacks, because of the large amount of information that is returned. Cryptographic signature schemes based on Elliptic Curve Cryptography (ECC) gained popularity in DNSSEC due to the smaller key sizes that are required to get a 128-bit security level compared to RSA. ECC's smaller keys and signatures promise to resolve the fragmentation and amplification issues mentioned before. As of June 2017, the most popular elliptic curve in DNSSEC is the NIST curve P-256. A newer elliptic curve algorithm, Ed25519, which uses a so-called Edwards curve has been standardized for use in DNSSEC in February 2017, citing security problems with the currently used elliptic curves as a motivation. Ed25519 can be seen as an alternative for P-256, because both have small key sizes and are at the ~128-bit security level. While Ed25519 has promising properties for DNSSEC such as speed and security, it is unclear whether it should be preferred over P-256. Therefore, in this paper we study the question: Is it worth switching from using P-256 signatures to Ed25519 signatures in DNSSEC? In order to evaluate this, the security problems and the performance on a variety of hardware architectures that reflect common computing platforms, such as servers and small home routers were studied. Security concerns related to insecure implementations are already being addressed in modern implementations of P-256. A remaining security concern could be the trustworthiness of P-256. The performance of Ed25519 and P-256 were similar when comparing the fast assembly language implementation of P-256 and the reference implementation of Ed25519 that were available in OpenSSL as of June 2017. For an optimal performance of Ed25519 fast assembly language implementations of Ed25519 are preferable however, which could then make the speed and trust aspects worth it to switch to Ed25519 if it becomes widely available. |
Item Type: | Essay (Bachelor) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Electrical Engineering BSc (56953) |
Link to this item: | https://purl.utwente.nl/essays/75354 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page