Google announced a strategy on Friday to protect HTTPS certificates in its Chrome browser from future quantum computer attacks, while maintaining current internet performance standards. This effort addresses a significant challenge: quantum-resistant cryptographic data required for transparent TLS certificate publication is approximately 40 times larger than the classical cryptographic material in use today.
A standard X.509 certificate chain today includes six elliptic curve signatures and two EC public keys, each occupying only 64 bytes. This configuration is vulnerable to decryption via Shor’s algorithm when run on quantum computers. The entire chain totals about 4 kilobytes, all of which must be transmitted during browser-to-site connections.
Increasing certificate size directly impacts connection speed. “The bigger you make the certificate, the slower the handshake and the more people you leave behind,” stated Bas Westerbaan, principal research engineer at Cloudflare, which is collaborating with Google on this transition. He emphasized the goal of avoiding user exclusion during the shift to new encryption methods.
Westerbaan noted in an interview that users are likely to disable new encryption if it slows their browsing experience. He also highlighted that substantial size increases can impair “middle boxes,” devices positioned between browsers and destination sites that manage traffic.
To overcome these limitations, Google and Cloudflare are implementing Merkle Trees. This data structure employs cryptographic hashes and mathematical techniques to validate large information sets using minimal material compared to conventional public key infrastructure verification processes.
Merkle Tree Certificates “replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs,” explained members of Google’s Chrome Secure Web and Networking Team in their Friday announcement. In this model, a Certification Authority signs a single “Tree Head” that can represent millions of certificates, and the certificate sent to browsers is a lightweight proof of inclusion in that tree.
This approach compresses the quantum-resistant cryptographic data from roughly 15 kilobytes down to about 700 bytes, enabling efficient transmission without compromising security against quantum threats.
