Google has announced a major step toward protecting the web from future quantum computing threats by developing a new HTTPS certificate model for its Google Chrome browser.
Instead of simply adding larger post-quantum certificates to existing systems, Google is building a new framework called Merkle Tree Certificates (MTCs) — a design intended to deliver quantum-resistant security without sacrificing speed or efficiency.
Rethinking HTTPS for the Quantum Era
As quantum computers advance, today’s widely used public-key cryptography could eventually become vulnerable. That prospect has pushed technology companies to explore post-quantum cryptographic standards capable of resisting attacks from powerful quantum machines.
However, integrating post-quantum cryptography into the existing X.509 certificate system presents a challenge. Traditional certificates would grow significantly larger, increasing bandwidth consumption and slowing down TLS handshakes.
To address this, Google’s Chrome Secure Web and Networking Team confirmed that Chrome does not currently plan to add conventional post-quantum X.509 certificates to its Root Store. Instead, the company is collaborating with industry partners to develop a more scalable alternative based on Merkle tree structures.
What Are Merkle Tree Certificates?
Merkle Tree Certificates represent a new evolution of the internet’s Public Key Infrastructure (PKI). The concept is being developed within the PLANTS working group and aims to minimize the amount of cryptographic data exchanged during secure connections.
Under the MTC model:
- A Certification Authority (CA) signs a single “Tree Head,” representing potentially millions of certificates.
- When a user connects to a website, the browser receives a lightweight proof that the site’s certificate exists within that tree.
- This proof replaces the need to transmit a full certificate chain during the TLS handshake.
According to Cloudflare, which is working with Google on testing, this method dramatically reduces the number of public keys and signatures required in each secure connection.
The result: post-quantum cryptography can be deployed without increasing handshake sizes or degrading browsing performance.
Maintaining Speed While Strengthening Security
One of the primary concerns around post-quantum encryption has been performance. Stronger cryptographic algorithms typically require larger keys and signatures, which can slow down secure connections.
MTCs aim to decouple cryptographic strength from data size. By shrinking authentication data to the bare minimum, Google intends to preserve the speed and seamless experience users expect from HTTPS connections — even after transitioning to quantum-resistant algorithms.
The company described the effort as a critical opportunity to modernize the web’s trust infrastructure while maintaining performance standards.
Three-Phase Rollout Through 2027
Google has already begun experimenting with Merkle Tree Certificates using real internet traffic. The company outlined a phased roadmap extending through 2027:
Phase 1 (Currently Underway)
Google and Cloudflare are conducting feasibility studies to assess performance, scalability, and security impacts of TLS connections using MTCs.
Phase 2 (Q1 2027)
Certificate Transparency (CT) log operators with at least one usable log in Chrome before February 1, 2026, will be invited to help bootstrap public MTC deployment.
Phase 3 (Q3 2027)
Google plans to finalize onboarding requirements for Certificate Authorities into a new Chrome Quantum-Resistant Root Store (CQRS), which will exclusively support Merkle Tree Certificates.
Preparing the Web for Post-Quantum Threats
Quantum computing poses a long-term but significant risk to today’s encryption systems. By proactively redesigning HTTPS authentication around scalable, quantum-resistant principles, Google aims to future-proof the foundation of secure web communication.
If widely adopted, Merkle Tree Certificates could mark one of the most substantial transformations in internet security infrastructure since the introduction of modern TLS standards.
As post-quantum research accelerates, browser-level innovation such as MTCs may play a decisive role in ensuring that encrypted web traffic remains secure in the decades ahead.
