Originally reported by Google Online Security
TL;DR
Chrome is launching a quantum-safe certificate program that replaces traditional X.509 certificates with Merkle Tree Certificates (MTCs) to address performance issues from post-quantum cryptography. The rollout begins with a Cloudflare feasibility study in 2026, followed by CT log operator participation in Q1 2027 and a dedicated Chrome Quantum-resistant Root Store in Q3 2027.
This represents a significant architectural shift in web PKI to address quantum threats, with concrete implementation timeline starting 2027. While not an immediate vulnerability, it affects fundamental web security infrastructure.
Google's Chrome team announced a comprehensive program to transition HTTPS certificates to quantum-resistant technology, addressing the looming threat of cryptographically relevant quantum computers. Rather than simply adding post-quantum algorithms to existing X.509 certificates, which would create significant bandwidth and performance overhead, Chrome is pioneering an entirely new certificate architecture.
The initiative centers on Merkle Tree Certificates (MTCs), currently under development in the IETF's "PKI, Logs, And Tree Signatures" (PLANTS) working group. MTCs fundamentally reimagine certificate validation by replacing traditional certificate chains with compact Merkle tree proofs.
In the MTC model, a Certification Authority signs a single "Tree Head" representing potentially millions of certificates. The certificate presented to browsers becomes merely a lightweight proof of inclusion in that tree, dramatically reducing the bandwidth requirements that would otherwise plague post-quantum TLS connections.
Chrome has partnered with Cloudflare to conduct real-world performance testing of MTC-based TLS connections. Critically, every MTC connection during this phase maintains a traditional X.509 certificate as a failsafe, allowing Chrome to measure performance gains while ensuring zero impact on user security or connection reliability.
Chrome will invite Certificate Transparency log operators, specifically those with "usable" logs in Chrome before February 1, 2026, to participate in bootstrapping public MTCs. These operators already demonstrate the operational excellence and high-availability infrastructure necessary for global TLS security services, making them ideal candidates for MTC deployment given the architectural similarities between MTC technology and Certificate Transparency.
The final phase introduces the Chrome Quantum-resistant Root Store (CQRS), a purpose-built trust store exclusively supporting MTCs. This dedicated root program will operate alongside Chrome's existing root store, enabling a risk-managed transition while maintaining backward compatibility.
Chrome's quantum-safe initiative extends beyond technical implementation to encompass fundamental PKI policy reforms:
Chrome emphasized its commitment to supporting existing CA partners during the transition, facilitating root rotations to maintain current PKI hierarchies. The company also indicated plans to support traditional X.509 certificates with quantum-resistant algorithms for private PKI deployments later this year, though these will not be included in the public Chrome Root Store.
This announcement positions Chrome at the forefront of post-quantum web security, potentially influencing PKI evolution across the entire internet. The success of MTCs could establish a new standard for quantum-safe certificate infrastructure, while the performance data from the Cloudflare collaboration will provide crucial insights for the broader security community.
The timeline suggests Chrome expects quantum computers capable of breaking current cryptographic systems to pose a realistic threat within the next 3-5 years, making this transition both urgent and strategically necessary.
Originally reported by Google Online Security