Google has unveiled a strategic move to safeguard HTTPS connections against the potential dangers posed by advancements in quantum computing. This initiative is part of a collaborative effort with the Internet Engineering Task Force (IETF) and its PLANTS working group, focusing on the transition to Merkle Tree Certificates (MTCs).
Understanding Merkle Tree Certificates
The shift to MTCs aims to address the performance and bandwidth challenges that traditional quantum-resistant cryptographic methods would introduce to TLS connections. Rather than incorporating post-quantum cryptography into the traditional X.509 certificates within the Chrome Root Store, Google is prioritizing MTCs for a more streamlined and effective solution for web encryption.
Traditional X.509 certificate chains demand substantial bandwidth, which would only increase with the integration of robust post-quantum algorithms. MTCs overcome this by replacing the extensive signature chains with concise Merkle Tree proofs. Certification Authorities (CAs) will sign a single ‘Tree Head,’ representing potentially vast numbers of certificates, while browsers receive a lightweight proof of inclusion within that tree, ensuring a fast and efficient post-quantum web.
Advantages of MTCs
One of the core benefits of MTCs is the fundamental requirement for transparency, making it impossible to issue an MTC without public tree inclusion. This effectively embeds the security properties of the current Certificate Transparency ecosystem without adding extra overhead to the TLS handshake. MTCs thus offer a more scalable approach to maintaining the security and efficiency of web connections.
Additionally, this transition enables a modernization of the TLS foundation, focusing on simplicity, transparency, and resilience. Key innovations include adopting ACME-only workflows for cryptographic agility and replacing outdated CRLs with advanced revocation-status communication. The CA inclusion model will also evolve, emphasizing proven operational excellence.
Chrome’s Phased Rollout Approach
Google Chrome has outlined a structured plan for implementing MTCs across the internet. The strategy involves three phases: a feasibility study currently underway in collaboration with Cloudflare, followed by CT Log operators’ bootstrapping of public MTCs by Q1 2027, and culminating in the launch of the Chrome Quantum-resistant Root Store (CQRS) by Q3 2027. This rollout will support MTCs alongside the existing Root Program, with optional quantum-only certificates.
As Google advances this quantum-resistant initiative, it remains committed to supporting its current CA partners and the existing Chrome Root Program. A detailed policy framework for the new quantum-resistant root store will be made available to the community as the project develops.
Stay updated with the latest in cybersecurity by following us on Google News, LinkedIn, and X. For more information or to feature your stories, contact us.
