Chrome Launches Quantum-Safe HTTPS Initiative with Merkle Tree Certificates

Chrome Advances Quantum-Safe HTTPS with Merkle Tree Certificates

Mountain View, CA – The Chrome Secure Web and Networking Team has announced a new initiative to future-proof HTTPS certificates against quantum computing threats. The program leverages Merkle Tree Certificates (MTCs), a lightweight alternative to traditional X.509 certificates, to mitigate the performance challenges posed by post-quantum cryptography (PQC) in TLS connections.

Technical Overview: Why MTCs?

Quantum-resistant algorithms introduce significantly larger key sizes, which can strain bandwidth and degrade performance in TLS handshakes. MTCs address this by replacing serialized certificate chains with compact Merkle Tree proofs. In this model:

• A Certification Authority (CA) signs a single "Tree Head" representing millions of certificates.
• The browser receives only a lightweight proof of inclusion in the tree, drastically reducing data transmission.

Key advantages of MTCs include:

• Bandwidth efficiency: Minimizes TLS handshake overhead, preserving performance.
• Built-in transparency: Certificates cannot be issued without inclusion in a public tree, eliminating the need for separate Certificate Transparency (CT) logs.
• Decoupled security: Separates cryptographic strength from transmitted data size, enabling seamless adoption of PQC.

Rollout Phases: Chrome’s Quantum-Resistant Roadmap

Chrome’s deployment of MTCs will unfold in three phases:

Phase 1 (Underway): Feasibility Testing

• In collaboration with Cloudflare, Chrome is evaluating MTC performance in real-world TLS connections.
• All MTC-based connections are backed by traditional X.509 certificates as a fail-safe to ensure stability.

Phase 2 (Q1 2027): Bootstrapping Public MTCs

• CT Log operators with at least one "usable" log in Chrome (as of February 1, 2026) will be invited to participate.
• These operators will help establish the initial infrastructure for MTC issuance, leveraging their existing high-availability CT infrastructure.

Phase 3 (Q3 2027): Chrome Quantum-Resistant Root Store (CQRS)

• Introduction of a dedicated root store for MTCs, operating alongside Chrome’s existing Root Program.
• Sites will gain the option to opt into downgrade protections, enabling quantum-resistant-only certificates.
• Finalization of requirements for MTC CA onboarding, including pathways for organizations to demonstrate operational excellence.

Policy and Ecosystem Evolution

Google’s initiative emphasizes security, simplicity, and transparency in TLS infrastructure. Proposed policy changes include:

• ACME-only workflows to streamline certificate issuance and enhance cryptographic agility.
• Modernized revocation frameworks, replacing legacy CRLs with key-compromise-focused mechanisms.
• Reproducible Domain Control Validation (DCV), enabling public verification of domain ownership.
• Performance-based CA inclusion, prioritizing operators with proven reliability as Mirroring Cosigners and DCV Monitors.
• Continuous monitoring to replace annual third-party audits, ensuring real-time oversight.

Impact and Next Steps

While Chrome has no immediate plans to add PQC-enabled X.509 certificates to its Root Store, the team will support their use in private PKIs later this year. The long-term goal is to establish a quantum-resistant web without compromising performance or security.

As the program evolves, Chrome will continue collaborating with IETF, C2SP, and other standards bodies to refine MTC specifications and policy frameworks. Organizations interested in becoming Chrome-trusted MTC CAs are encouraged to monitor upcoming policy announcements.

For more details, refer to the PLANTS IETF working group and the Merkle Tree Certificates draft.