FHN 
Google Chrome’s security team has announced a new plan to protect HTTPS from future quantum computer attacks.
The new approach uses Merkle Tree Certificates (MTCs), developed through the IETF PLANTS working group, to strengthen web security without slowing down the internet.
Why This Is Needed
Quantum computers could one day break today’s encryption methods used in HTTPS.
Post-quantum cryptography already exists, but it creates much larger keys. Larger keys mean:
- Bigger certificate sizes
- Slower TLS handshakes
- Higher bandwidth usage
- Performance issues in traditional X.509 certificate chains
Because of this, Chrome is not adding post-quantum X.509 certificates to its Root Store right now.
What Are Merkle Tree Certificates (MTCs)?
Instead of using large signature chains, MTCs use compact cryptographic proofs.
Here’s how it works:
- A Certification Authority (CA) signs one “Tree Head”
- That Tree Head can represent millions of certificates
- The browser receives only a small proof showing the certificate is included
This keeps security strong while reducing data size.
Key Benefits of MTCs
- Smaller TLS handshakes
- Better performance
- Built-in transparency
- Easier scaling for millions of certificates
- Strong post-quantum protection
Chrome’s Rollout Plan
Chrome is rolling this out in three phases.
Phase 1 (Now Ongoing)
Chrome is working with Cloudflare to test MTCs in real-world conditions. A traditional X.509 certificate is still used as a backup during testing.
Phase 2 (Q1 2027)
Trusted Certificate Transparency log operators will help launch public MTC systems.
Phase 3 (Q3 2027)
Chrome will introduce a new Quantum-Resistant Root Store (CQRS). This will support only MTC-based certificates and run alongside the current root program.
Websites will also have the option to enforce quantum-resistant connections only.
What’s Next
Google sees this as a major step in modernizing TLS.
Future plans include:
- Improved automated certificate management (ACME)
- Better revocation systems to replace old CRLs
- Stronger domain validation methods
- Continuous external monitoring instead of yearly audits
Chrome aims to build a faster, simpler, and quantum-safe web while maintaining compatibility with today’s ecosystem.
About the Author
