Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks

Google Chrome’s Secure Web and Networking Team has announced a new effort to protect HTTPS traffic from upcoming quantum‑computing attacks.

This initiative stems from the IETF’s “PKI, Logs, And Tree Signatures” (PLANTS) working group and introduces Merkle Tree Certificates (MTCs) as a quantum‑safe upgrade for the web.

Quantum computers could undermine today’s cryptographic algorithms that secure HTTPS. While post‑quantum cryptography exists, it typically requires much larger keys.

Those larger keys would cause serious performance and bandwidth challenges in conventional X.509 certificate chains, particularly when combined with Certificate Transparency (CT) obligations.

To avoid those bandwidth penalties, Chrome will not immediately add post‑quantum X.509 certificates to its Root Store.

Instead, the focus moves to Merkle Tree Certificates. MTCs replace bulky signature chains with compact cryptographic proofs.

In this model, a Certificate Authority (CA) signs a single “Tree Head” that can cover millions of certificates.

According to Google, the browser receives only a lightweight inclusion proof, separating security strength from data size

  • Performance Maintenance: MTCs keep the TLS handshake small, ensuring the post‑quantum web stays as fast as today’s internet.
  • Built‑in Transparency: Certificates cannot be issued without being added to a public tree, automatically providing the security advantages of the current CT ecosystem without extra overhead.
  • Scalability: By using compact proofs, CAs can handle millions of certificates efficiently while preserving strong post‑quantum security.

Chrome’s Rollout Strategy

Chrome’s deployment of MTCs is organized into three clear phases to ensure a smooth transition:

  • Phase 1 (Currently Underway): Chrome is collaborating with Cloudflare on a real‑world feasibility study. In this stage, MTC connections are backed by a traditional X.509 certificate as a “fail‑safe,” allowing performance monitoring without compromising user security.
  • Phase 2 (Q1 2027): Chrome will invite established CT log operators to help bootstrap public MTCs. Only operators with a proven record of reliable infrastructure will qualify, leveraging their similarity to MTC architecture for rapid deployment.
  • Phase 3 (Q3 2027): Chrome will finalize the requirements for a new Chrome Quantum‑resistant Root Store (CQRS). This dedicated trust store will support only MTCs and will run alongside the existing Root Program. Sites will also be able to opt‑in to downgrade protections, ensuring connections use only quantum‑resistant certificates.

Google sees this shift as a chance to modernize the foundations of TLS. Future ecosystem norms will stress security, simplicity, and transparency.

The plan includes prioritizing ACME workflows to guarantee cryptographic agility and upgrading revocation mechanisms to replace legacy Certificate Revocation Lists (CRLs).

Chrome also intends to explore “reproducible” Domain Control Validation (DCV) and evolve third‑party oversight models toward continuous, externally verifiable monitoring rather than periodic audits.

As standards evolve, Chrome remains committed to supporting existing CA partners while building the infrastructure needed for MTC integration.

The company expects to publish a concrete policy framework for the quantum‑resistant root store in the near future.

Related Articles

Back to top button