We can accelerate the adoption of post-quantum resilience for all web users: Google reveals how Chrome will help secure HTTPS certificates against quantum computer attacks — without breaking the Internet
Quantum Computing Threatens Web Encryption
Advances in quantum computing introduce new vulnerabilities to the cryptographic foundations of HTTPS certificates. If a quantum computer could run Shor’s algorithm effectively, it would be able to forge digital signatures and break the keys used in certificate logs, allowing attackers to present forged certificates that browsers would accept as legitimate.
Historical incidents, such as the 2011 DigiNotar hack, demonstrated how fake certificates could be used to spy on web users, underscoring the importance of robust verification mechanisms.
Google’s Post‑Quantum Strategy
Google’s response combines two core elements: the adoption of post‑quantum cryptographic algorithms (for example, ML‑DSA) and the deployment of a quantum‑resistant root store. The company frames this effort as a critical opportunity to ensure the resilience of today’s internet infrastructure.
By requiring attackers to break both classical and quantum‑resistant encryption simultaneously, the new approach dramatically reduces the likelihood of successful forgeries.
Managing Certificate Size with Merkle Tree Certificates
Traditional X.509 certificate chains are about four kilobytes in size. Post‑quantum data can increase that size roughly forty times, which would slow handshakes and strain devices behind firewalls or endpoint security systems.
To mitigate this, Google and its partners are using Merkle Tree Certificates (MTCs). MTCs condense verification for millions of certificates into compact proofs. Certification Authorities sign a single “Tree Head,” and browsers receive a lightweight inclusion proof, reducing transmitted data to around 700 bytes.
Implementation and Early Testing
Chrome has already implemented support for MTCs. Cloudflare is testing roughly 1,000 certificates to evaluate performance impacts. Over time, Certification Authorities are expected to manage the distributed ledger themselves, further streamlining the process.
Standards Coordination
The Internet Engineering Task Force (IETF) has formed a working group called PKI, Logs, and Tree Signatures to coordinate standards for this emerging quantum‑resistant PKI model.
In simple terms, the combination of quantum‑resistant certificates and MTCs aims to protect web users without degrading browser performance or compromising endpoint security.
Used: News Factory APP - news discovery and automation - ChatGPT for Business