Google Unveils Merkle Tree Certificates to Shield HTTPS Against Quantum Threats

Google has announced a major initiative to protect HTTPS connections from the emerging threats posed by quantum computing.

Working with the Internet Engineering Task Force (IETF) and its “PKI, Logs, And Tree Signatures” (PLANTS) working group, Chrome is spearheading the transition to Merkle Tree Certificates (MTCs).

This new approach addresses the performance and bandwidth challenges that traditional quantum-resistant cryptography would otherwise impose on TLS connections.

Chrome has confirmed that it will not add traditional X.509 certificates that include post-quantum cryptography to the Chrome Root Store.

Instead, the focus is entirely on MTCs, which offer a more scalable and efficient solution for the future of web encryption.

Why Merkle Tree Certificates?

Traditional X.509 certificate chains require significant bandwidth, which would increase substantially with the adoption of robust post-quantum algorithms.

MTCs solve this by replacing the heavy, serialized chain of signatures with compact Merkle Tree proofs.

In this model, a Certification Authority (CA) signs a single “Tree Head” that represents potentially millions of certificates. The actual certificate sent to the browser is a lightweight proof of inclusion within that tree.

This decoupling of cryptographic strength from data size ensures that the post-quantum web remains fast and efficient. Furthermore, MTCs make transparency a fundamental requirement.

It is impossible to issue an MTC without including it in a public tree, effectively embedding the security properties of the current Certificate Transparency (CT) ecosystem by default, without adding extra overhead to the TLS handshake.

Chrome’s Rollout Plan

Chrome has outlined a three-phase approach to propagate MTCs across the internet:

Phase	Timeline	Summary
Phase 1	Underway	Feasibility study with Cloudflare testing MTCs using real traffic, backed by X.509 certificates for stability.
Phase 2	Q1 2027	CT Log operators begin bootstrapping public MTCs to scale deployment.
Phase 3	Q3 2027	Launch of Chrome Quantum-resistant Root Store (CQRS) supporting MTCs alongside the existing Root Program, with optional quantum-only certificates.

Google views this transition as a chance to modernize the foundation of TLS, focusing the new framework on simplicity, transparency, and resilience.

Key advancements will include using ACME-only workflows for cryptographic agility, replacing legacy CRLs with modern revocation-status communication, and exploring reproducible Domain Control Validation (DCV).

Additionally, the CA inclusion model will evolve to emphasize proven operational excellence, requiring prospective CAs to demonstrate reliability as Mirroring Cosigners and DCV Monitors before acceptance.

While building this quantum-resistant future, Google remains committed to supporting current CA partners and maintaining the existing Chrome Root Program.

A concrete policy framework for the new quantum-resistant root store will be shared with the community as the project progresses.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Google Unveils Merkle Tree Certificates to Shield HTTPS Against Quantum Threats appeared first on Cyber Security News.