GOOGLE has outlined a plan for Chrome to secure HTTPS certificates against quantum computer attacks without breaking the Internet, arguing that the current 64-byte X.509 certificates would need roughly 2.5 kilobytes of quantum-resistant material. To avert slowing the handshake and leaving users behind, the approach uses Merkle Tree Certificates (MTCs), which replace the heavy serialized chain of signatures with compact proofs of inclusion in a tree.
In this model, a Certification Authority signs a single Tree Head representing potentially millions of certificates, and the certificate sent to the browser is a lightweight proof rather than a full data set, according to Google’s Chrome Secure Web and Networking Team written Friday.
The plan also calls for all TLS certificates to be published in public transparency logs, with breaches and mis-issued certificates detectable in real time, and for cryptographic material from quantum-resistant algorithms such as ML-DSA to be added to limit forgery even if an attacker breaks both classical and post-quantum encryption.
For testing, Cloudflare is enrolling roughly 1,000 TLS certificates and generating the distributed ledger, with the Internet Engineering Task Force forming a working group named PKI, Logs, And Tree Signatures to coordinate long-term solutions. According to Google, the adoption of these measures is a critical step toward ensuring the robustness of the Internet’s foundation.