CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Google Advances Quantum-Resistant HTTPS Certificates with Merkle Tree Certificates

First reported
Last updated
4 unique sources, 4 articles

Summary

Hide ▲

Google is advancing Merkle Tree Certificates (MTCs) to secure Chrome’s HTTPS connections against quantum computing threats, with deployment underway in three phases. MTCs use compact Merkle Tree proofs to reduce bandwidth usage, improve performance, and simplify certificate transparency. Experimental testing with real internet traffic by Google and Cloudflare shows MTCs are faster than classical chains and post-quantum alternatives. Chrome plans to integrate MTCs into its Root Store by 2027, with a feasibility study underway, public deployment in Q1 2027, and the introduction of the Chrome Quantum-resistant Root Store in Q3 2027. MTCs reduce certificate sizes to approximately 840 bytes per page load, compared to 14.7 KB for post-quantum methods like ML-DSA, and require no additional action from website managers beyond server software updates.

Timeline

  1. 02.03.2026 13:33 4 articles · 18d ago

    Google Plans to Integrate Merkle Tree Certificates into Chrome by 2027

    Google is developing Merkle Tree Certificates (MTCs) to enhance the security of Chrome's HTTPS certificates against quantum computing threats. MTCs use compact Merkle Tree proofs to reduce bandwidth usage and improve performance while maintaining strong security. Experimental testing with real internet traffic by Google and Cloudflare confirms MTCs are faster than classical signature chains and post-quantum alternatives. Chrome plans to integrate MTCs into its Root Store by 2027, with a feasibility study underway, public deployment in Q1 2027, and the introduction of the Chrome Quantum-resistant Root Store in Q3 2027. MTCs reduce certificate sizes to approximately 840 bytes per page load, compared to 14.7 KB for ML-DSA post-quantum methods. Chrome will modernize certificate governance with ACME-only workflows, streamlined revocation systems, and enhanced oversight models. MTCs integrate certificate transparency as a core feature, simplifying logging and reducing log sizes by two orders of magnitude.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Post-Quantum TLS Migration in Hybrid Cloud Environments

Organizations are beginning the complex journey to post-quantum cryptography (PQC) to secure hybrid cloud environments. The migration involves inventorying cryptographic assets, upgrading protocols, and validating integrations across thousands of systems. Hybrid cloud architectures, which use Transport Layer Security (TLS) for communication, are particularly vulnerable to quantum-era threats. The migration to quantum-resistant TLS requires support for new post-quantum algorithms on both sides of the communication channel. OpenSSL 3.5 has introduced PQC support, facilitating this transition for organizations using it. However, cloud providers' support for post-quantum TLS varies, potentially requiring organizations to deploy a PQ TLS proxy. Organizations can start hardening TLS now to protect data in transit, reducing exposure to future quantum decryption threats. This can be achieved with minimal disruption, especially where vendor and library support already exists.

Open in new tab

Microsoft outlines quantum-safe transition plan for core products and services

Microsoft has updated its Quantum-Safe Program (QSP) roadmap, aiming to make its products and services quantum-safe by 2033. This includes integrating post-quantum cryptography (PQC) algorithms into core components and services in phases, with early deployment expected by 2029. The plan aligns with broader industry efforts to mitigate the risks posed by quantum computing to modern cryptographic algorithms. Microsoft's strategy involves a modular framework that considers each service's unique requirements, performance constraints, and risk profile. The roadmap outlines three phases: integrating foundational security components, core infrastructure services, and all services and endpoints. The company has already integrated PQC algorithms into SymCrypt, a cryptographic library used across Windows, Azure, and Microsoft 365.

Open in new tab