[3] The "cryptographic box" tool used in DNSCurve are the same used in CurveCP, a UDP-based protocol which is similar to TCP but uses elliptic-curve cryptography to encrypt and authenticate data.
An analogy is that while DNSSEC is like signing a webpage with Pretty Good Privacy (PGP), CurveCP and DNSCurve are like encrypting and authenticating the channel using Transport Layer Security (TLS).
The resolver then sends to the server a packet containing its DNSCurve public key, a 96-bit nonce, and a cryptographic box containing the query.
Adam Langley, security officer at Google, says "With very high probability, no one will ever solve a single instance of Curve25519 without a large, quantum computer.
[8] According to the U.S. National Security Agency (NSA), elliptic curve cryptography offers vastly superior performance over RSA and Diffie–Hellman at a geometric rate as key sizes increase.
Jan Mojžíš has released curveprotect,[14] a software suite which implements DNSCurve and CurveCP protection for common services like DNS, SSH, HTTP, and SMTP.