Google is proactively preparing Chrome for the advent of quantum computing by developing a new type of HTTPS certificate. This initiative aims to ensure that internet security remains robust against potential future threats posed by quantum computers, without compromising web performance. The new system, known as Merkle Tree Certificates (MTCs), is designed to be more efficient than traditional methods.

Key Takeaways

• Google is developing Merkle Tree Certificates (MTCs) to secure HTTPS against quantum computing threats.

• MTCs aim to reduce data size in TLS handshakes, maintaining web speed.

• A phased rollout is planned, with initial testing already underway.

• This move signifies a significant step towards a quantum-resistant internet infrastructure.

The Quantum Threat to Internet Security

Quantum computers, when they become powerful enough, could break current encryption methods, including those used to secure HTTPS connections. This poses a significant risk to the confidentiality and integrity of online communications. Traditional X.509 certificates, while secure today, may become vulnerable. Google's approach focuses on evolving the Public Key Infrastructure (PKI) to be resilient against these future threats.

Merkle Tree Certificates: A New Approach

Instead of embedding large post-quantum cryptographic algorithms directly into traditional X.509 certificates, Google is championing Merkle Tree Certificates (MTCs). This innovative method, developed in collaboration with partners and being standardized within the PLANTS working group of the IETF, uses a Merkle tree structure. A single "Tree Head" signed by a Certification Authority (CA) can represent millions of certificates. Browsers then receive a lightweight proof of inclusion, significantly reducing the amount of data exchanged during the TLS handshake. This efficiency is crucial for maintaining the speed and seamlessness of the modern internet.

Phased Rollout and Future Vision

Google has already begun experimenting with MTCs on live internet traffic. The company has outlined a three-phase rollout plan:

• Phase 1 (In Progress): A feasibility study with Cloudflare is evaluating the performance and security of MTC-backed TLS connections.

• Phase 2 (Q1 2027): Certificate Transparency (CT) Log operators will be invited to help bootstrap the deployment of public MTCs.

• Phase 3 (Q3 2027): Requirements for onboarding additional CAs into the new Chrome Quantum-resistant Root Store (CQRS) will be finalized.

This strategic approach ensures a gradual and stable transition to a quantum-resistant web, with the ultimate goal of establishing a robust foundation for internet security in the quantum era.

Sources

• Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome, The Hacker News.

• Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space, Ars Technica.

• Chrome Unveils Plan For Quantum-Safe HTTPS Certificates, Infosecurity Magazine.