Google is updating Chrome's security by transitioning to Merkle Tree Certificates to protect HTTPS connections against future quantum computing threats. This new approach replaces traditional certificate chains with lightweight proofs, ensuring that the shift to post-quantum cryptography does not compromise browser speed or performance.

Google has initiated a strategic overhaul of Chrome's security architecture to prepare for the era of quantum computing by evolving its HTTPS certificate system. While post-quantum cryptography is essential for future-proofing data, standard implementations often require significant bandwidth that could slow down the web. To solve this, Google is adopting Merkle Tree Certificates, which use compact proofs to verify identity without the heavy data load associated with traditional X.509 certificate chains.

In this refined model, a certification authority signs a single tree head that can represent millions of individual certificates simultaneously. When a user visits a website, the browser receives a lightweight proof of inclusion in that tree rather than a massive file containing the entire cryptographic chain. This method decouples the size of the transmitted data from the complexity of the security algorithm, allowing the post-quantum web to remain just as fast as the current internet while offering significantly stronger protection.

Transparency is built directly into the foundation of this new system, making it impossible to issue a certificate without including it in a public, verifiable tree. This integration maintains the security standards of existing certificate transparency ecosystems but removes the extra overhead that usually accompanies those checks during a connection. By making transparency a default property of issuance, Chrome ensures that security is both more robust and more efficient.

The rollout is a phased process that involves collaboration with industry partners like Cloudflare to test performance and security in real-world scenarios. In early 2027, established certificate transparency log operators will be invited to help bootstrap the public infrastructure for these new certificates. These organizations are considered uniquely qualified for the task because the architectural requirements for Merkle trees align closely with the high-availability systems they already manage.

By late 2027, Google expects to launch the Chrome Quantum-resistant Root Store, a dedicated trust store built specifically for post-quantum requirements. This program will run in parallel with the existing root program to ensure a stable transition for all users. During the final stages of implementation, website owners will have the option to opt into these advanced protections, allowing for a managed migration to a more secure digital environment.

Source: Google Develops Quantum-Safe HTTPS Certificates For Chrome Browser