TECH

Google brings quantum-hardened HTTPS to Chrome in major security upgrade

Traditional cryptographic signatures that underpin HTTPS can be broken by a sufficiently powerful quantum computer using algorithms like Shor's, threatening the trust model of secure connections. To help protect against this threat, Google is rolling out a major upgrade to Secure HTTP in its Chrome browser. In a blog post published yesterday, the Chrome Secure Web and Networking Team outlined a new program to make TLS certificates resistant to future quantum attacks without imposing significant performance penalties on the web ecosystem.

The central innovation in Google's approach is the adoption of Merkle Tree Certificates (MTCs), a structure that replaces the long chain of signatures found in classic X.509 certificates with compact proofs that a given certificate is included in a public Merkle tree. Under this model, a Certification Authority signs a single "Tree Head" representing "potentially millions of certificates," and the browser verifies inclusion using a lightweight proof rather than downloading bulky cryptographic material. This cuts down the data sent during a TLS handshake while maintaining verifiable trust.

Post-quantum cryptographic algorithms such as ML-DSA (and others standardized by NIST, the National Institute of Standards and Technology) generate signatures and keys that are orders of magnitude larger than classical equivalents. Embedding these larger primitives directly in every HTTPS certificate would balloon certificate sizes from the current ~64-byte footprint to multiple kilobytes, drastically slowing connections and increasing bandwidth use. Merkle Tree proofs sidestep this by decoupling the size of strong cryptography from in-flight handshake data, keeping performance closer to today's web.

Google has already integrated preliminary MTC support into Chrome and is conducting feasibility studies with partners such as Cloudflare in a phased rollout. In the first phase, MTC-enabled connections are backed by traditional certificates to ensure a safe fallback while measuring real-world performance and reliability. The plan calls for broader bootstrapping with Certificate Transparency log operators and the eventual establishment of a Chrome Quantum-resistant Root Store alongside the existing root program by 2027.

This effort is part of a broader industry push to harden internet security ahead of quantum computing's maturation, with groups like the IETF's PKI, Logs, And Tree Signatures (PLANTS) working on standards for these new certificate paradigms. By investing early in scalable quantum-safe TLS mechanisms, Google aims to future-proof critical web trust infrastructure without fracturing compatibility or degrading performance. If only every development team were so dedicated.

Why MTCs? MTCs enable the adoption of robust post-quantum algorithms without incurring the massive bandwidth penalty of classical X.509 certificate chains. They also decouple the security strength of the corresponding cryptographic algorithm from the size of the data transmitted to the user. By shrinking the authentication data in a TLS handshake to the absolute minimum, MTCs aim to keep the post-quantum web as fast and seamless as today’s internet, maintaining high performance even as we adopt stronger security. Finally, with MTCs, transparency is a fundamental property of issuance: it is impossible to issue a certificate without including it in a public tree. This means the security properties of today’s CT ecosystem are included by default, and without adding extra overhead to the TLS handshake as CT does today.

Chrome’s MTC Propagation Plan...Chrome is already experimenting with MTCs with real internet traffic, and we intend to gradually build out our deployment such that MTCs provide a robust quantum-resistant HTTPS available for use throughout the internet.

Broadly speaking, our rollout spans three distinct phases:

Phase 1 (UNDERWAY): In collaboration with Cloudflare, we are conducting a feasibility study to evaluate the performance and security of TLS connections relying on MTCs. To ensure a seamless and secure experience for Chrome users who might encounter an MTC, every MTC-based connection is backed by a traditional, trusted X.509 certificate during this experiment. This "fail safe" allows us to measure real-world performance gains and verify the reliability of MTC issuance without risking the security or stability of the user's connection.

Phase 2 (Q1 2027): Once the core technology is validated, we intend to invite CT Log operators with at least one “usable” log in Chrome before February 1, 2026 to participate in the initial bootstrapping of public MTCs. These organizations have already demonstrated the operational excellence and high-availability infrastructure required to run global security services that underpin TLS connections in Chrome. Since MTC technology shares significant architectural similarities with CT, these operators are uniquely qualified to ensure MTCs are able to get off the ground quickly and successfully.

Phase 3 (Q3 2027): Early in Phase 2, we will finalize the requirements for onboarding additional CAs into the new Chrome Quantum-resistant Root Store (CQRS) and corresponding Root Program that only supports MTCs. This will establish a modern, purpose-built trust store specifically designed for the requirements of a post-quantum web. The Chrome Quantum-resistant Root Program will operate alongside our existing Chrome Root Program to ensure a risk-managed transition that maintains the highest levels of security for all users. This phase will also introduce the ability for sites to opt in to downgrade protections, ensuring that sites that only wish to use quantum-resistant certificates can do so.

This area is evolving rapidly. As these phases progress, we will continue our active participation in standards bodies such as the IETF and C2SP, ensuring that insights gathered from our efforts flow back towards standards, and that changes in standards are supported by Chrome and the CQRS.

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

mundophone