Google is spearheading a groundbreaking initiative to advance internet security by introducing quantum-resistant HTTPS in its Chrome browser. This effort aims to mitigate future risks posed by quantum computing capabilities.
The Chrome Secure Web and Networking Team announced that traditional X.509 certificates with post-quantum cryptography will not be immediately added to Chrome’s Root Store. Instead, they are working on a new type of HTTPS certificates called Merkle Tree Certificates (MTCs) in partnership with other industry leaders.
Understanding Merkle Tree Certificates
As Cloudflare describes, MTCs represent an evolution in Public Key Infrastructure (PKI), designed to streamline the TLS handshake process by minimizing public keys and signatures. In this model, a Certification Authority (CA) signs a ‘Tree Head’, which can encompass millions of certificates, and the browser receives a compact proof of inclusion.
This approach enables the integration of post-quantum algorithms without the extra bandwidth that classical X.509 certificate chains require. It separates the cryptographic security strength from the size of data transmitted, ensuring efficient browsing.
Phases of Implementation
Google is already testing MTCs with live internet traffic. The company plans a phased rollout, aiming to have full implementation by late 2027.
Currently, in Phase 1, Google is collaborating with Cloudflare to assess the performance and security of MTC-based TLS connections. During Phase 2, starting in early 2027, Certificate Transparency Log operators will join the initial setup of public MTCs.
Finally, by the third quarter of 2027, Phase 3 will establish the criteria for integrating additional CAs into the new Chrome Quantum-resistant Root Store, which will exclusively support MTCs.
Future-Proofing Web Security
Google views the adoption of MTCs and the development of a quantum-resistant root store as pivotal to strengthening the current internet security infrastructure. By designing systems that cater to the modern web’s needs, Google aims to expedite the adoption of post-quantum security measures for users worldwide.
This initiative underscores Google’s commitment to maintaining a secure and efficient internet, ensuring that as technology evolves, the web’s foundational security evolves with it.
