Google’s Quantum-Proof HTTPS Revolutionizes Security with Merkle Tree Certificates, Compressing Data from 15kB to 700 Bytes
Google’s Quantum-Proof HTTPS: How Merkle Tree Certificates Compress Security Data
The internet faces an existential threat from quantum computers, which could render today’s encryption obsolete. Google’s Chrome team has unveiled an innovative solution that tackles this challenge head-on: Merkle Tree Certificates (MTCs) that compress 15 kilobytes of quantum-resistant cryptographic data into just 700 bytes. This breakthrough represents a paradigm shift in how the web secures HTTPS connections without sacrificing performance.
The Quantum Computing Threat to HTTPS
Quantum computers pose a serious risk to current cryptographic systems because they can execute Shor’s algorithm, which efficiently breaks the mathematical problems that protect today’s public-key encryption[2]. Traditional HTTPS certificates rely on elliptic curve signatures and public keys, with a typical X.509 certificate chain comprising six elliptic curve signatures and two EC public keys, each only 64 bytes[2]. The full chain totals roughly 4 kilobytes and is transmitted during every browser connection[2].
However, quantum-resistant cryptography requires substantially more data. The quantum-resistant cryptographic material needed to transparently publish TLS certificates is approximately 40 times larger than the classical cryptographic material used today[2]. This creates a fundamental problem: larger certificates mean slower handshakes, increased bandwidth consumption, and degraded performance for internet infrastructure known as “middle boxes” that sit between browsers and websites[2].
The Merkle Tree Certificate Solution
Rather than simply adding larger post-quantum X.509 certificates to Chrome’s existing root store, Google is collaborating with industry partners to develop Merkle Tree Certificates[1]. These certificates represent a fundamental redesign of how digital certificates function.
Traditional certificate chains work by serially signing each certificate individually. MTCs replace this approach with a far more elegant solution[1]. Instead of signing each certificate separately, a Certification Authority signs a single “Tree Head” that can represent potentially millions of certificates[1][2]. The browser then receives a lightweight proof confirming a site’s inclusion in that tree[1]. This mathematical innovation, based on Merkle tree structures, allows the compression of massive amounts of security data into a fraction of its original size.
The breakthrough is remarkable: Google has demonstrated that 15 kilobytes of authentication data can be compressed into just 700 bytes[2]. This compression maintains full security while dramatically reducing the overhead transmitted during a TLS handshake[3]. As Google’s Chrome Secure Web and Networking Team explained, MTCs “replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs.”
Performance and Transparency Benefits
One of the critical advantages of MTCs is that they decouple the security strength of cryptographic algorithms from the size of transmitted data[3]. This means organizations can adopt post-quantum algorithms without incurring the bandwidth penalties that would otherwise make quantum-safe HTTPS impractical.
Beyond performance, MTCs embed transparency directly into the certificate issuance process[1]. With traditional HTTPS, Certificate Transparency logs require separate checks to verify that certificates are publicly recorded. MTCs make transparency a fundamental property of issuance—it becomes impossible to issue a certificate without including it in a public tree[4]. This eliminates the extra overhead that Certificate Transparency currently adds to TLS handshakes while maintaining the same security properties[4].
Bas Westerbaan, principal research engineer at Cloudflare, which is partnering with Google on this transition, emphasized the importance of this approach: “The bigger you make the certificate, the slower the handshake and the more people you leave behind. Our problem is we don’t want to leave people behind in this transition.”[2]
Chrome’s Three-Phase Rollout Strategy
Google has already begun testing MTCs on live internet traffic and outlined a structured deployment plan[1]:
Phase 1 (currently underway) involves a feasibility study with Cloudflare, with every MTC-backed connection paired with a traditional X.509 certificate as a fail-safe[1]. Cloudflare is currently enrolling roughly 1,000 TLS certificates to test how well MTCs work in real-world conditions[2].
Phase 2, scheduled for the first quarter of 2027, will invite selected Certificate Transparency log operators to help bootstrap public MTC deployment[1].
Phase 3, planned for the third quarter of 2027, will introduce the Chrome Quantum-resistant Root Store (CQRS), a new trust framework dedicated solely to MTCs[1][3].
The new root program will operate alongside Chrome’s existing root store to ensure continuity and stability during the transition[1].
Modernizing Certificate Governance
Beyond the technical framework, Chrome is using this transition to modernize certificate governance[1]. Proposed updates include ACME-only workflows, streamlined revocation systems, and enhanced oversight models designed for continuous, externally verifiable monitoring[1].
Chrome will continue supporting existing certificate authorities within the current Chrome Root Store while building infrastructure for quantum-resistant HTTPS[1]. Additionally, Chrome expects to support traditional X.509 certificates with quantum-safe algorithms for use only in private PKIs later this year[1][4].
Looking Forward
Google’s approach to quantum-proofing HTTPS demonstrates how clever mathematics and thoughtful engineering can solve seemingly intractable problems. By compressing quantum-resistant cryptographic data from 15 kilobytes to 700 bytes, Merkle Tree Certificates make it possible to secure the web against quantum threats without compromising the speed and efficiency users expect. This initiative, developed through the IETF’s PLANTS working group, represents a critical step toward ensuring the robustness of the internet’s security foundation for decades to come.
Original source: Ars Technica – Google quantum-proofs HTTPS by squeezing 15kB of data into 700-byte space