Google has put forward an innovation designed to guard against the threat of quantum decryption of the HTTPS protocol, all without increasing the size of TLS certificates. The current key issue is that Shor’s quantum algorithm can break conventional X.509 certificates, which are roughly 64 bytes in size. However, traditional quantum resistance typically necessitates a 40-fold enlargement of this volume, pushing it to 2.5 KB, which severely slows down the establishment of secure connections.
Rather than magnifying certificates, Google leverages a data structure known as a “Merkle tree.” This enables a certificate authority to affix its signature to a single “root” hash representing the entire tree, which can encompass millions of certificates. Instead of sending the entire certificate to the browser, a concise proof that the website belongs to this protected structure is transmitted—keeping the size of cryptographic material at the familiar 64 bytes.
The larger size of traditional certificates causes difficulties not only in terms of performance for the end-user but also impacts intermediate network devices. Lengthy handshakes during page loads cause numerous users to abandon the new protocol, ultimately diminishing overall internet security.
To eliminate the potential for timestamp tampering and counterfeiting, Google has adopted hybrid quantum-resistant algorithms, such as ML-DSA. This strategy mandates that an attacker must simultaneously overcome both classical and post-quantum encryption, thereby making an attack significantly more challenging.
The Merkle Tree Certificates (MTC) system is already incorporated into Google Chrome. Currently, Cloudflare is the sole entity generating these new certificates, having issued approximately one thousand such TLS certificates. In the near future, this responsibility is expected to transfer to traditional certificate authorities once the standards have been finalized by the PKI, Logs and Tree Signatures working group.
Google is offering this solution immediately, intending to preempt the arrival of the quantum computing era and preclude a sharp decline in user experience due to cumbersome certificates. The synergy between Merkle trees and these novel algorithms may define the future of internet encryption, where security is maintained without sacrificing speed.
About the Author
