Google Develops Quantum-Secure Chrome HTTPS Certificates for Future-Proof Web Browsing

Post Views: 11

Google Enhances Chrome’s HTTPS Certificates Against Quantum Computer Threats

Google is working to enhance the security of Chrome’s HTTPS certificates against potential threats from quantum computers. The company plans to transition to Merkle Tree Certificates (MTCs), which utilize compact Merkle Tree proofs to eliminate the bandwidth usage of classical X.509 certificate chains.

Merkle Tree Certificates (MTCs)

In this model, a Certification Authority (CA) signs a single “Tree Head” representing potentially millions of certificates, and the “certificate” sent to the browser is merely a lightweight proof of inclusion in that tree. This approach shrinks the authentication data in the TLS handshake, decouples the size of the transmitted data from the security strength of the cryptographic algorithm, and ensures that the post-quantum web is as fast as today’s internet while providing stronger security.

MTCs also ensure that transparency is a fundamental property of issuance, making it impossible to issue a certificate without including it in a public tree. This means that the security properties of today’s Certificate Transparency (CT) ecosystem are included by default, without adding extra overhead to the TLS handshake.

Implementation and Testing

Google has been experimenting with MTCs in Chrome and has partnered with Cloudflare to assess the performance and security of TLS connections relying on them. Currently, the MTC-based connections in the browser are backed by trusted X.509 certificates.

Rollout Plan

In the first quarter of 2027, CT Log operators who had at least one usable log in Chrome before February 1, 2026, will be invited to participate in bootstrapping public MTCs. These organizations have demonstrated the operational excellence and high-availability infrastructure required to run global security services that underpin TLS connections in Chrome.

By the third quarter of 2027, Google expects to finalize the requirements for onboarding CAs into a new Chrome Quantum-resistant Root Store (CQRS) and into the corresponding MTCs-only Root Program. This will establish a modern, purpose-built trust store specifically designed for the requirements of a post-quantum web.

During the third phase, sites will be able to opt in to downgrade protections, allowing only sites interested in using quantum-resistant certificates to do so. This will ensure a risk-managed transition that maintains the highest levels of security for all users.