Google has announced a new program to make HTTPS certificates secure against quantum computers.
The program, called PLANTS — PKI, Logs, And Tree Signatures — aims to address performance and bandwidth challenges introduced by the increased size of quantum-resistant cryptography in TLS connections requiring Certificate Transparency (CT).
Securing TLS connections against attacks by quantum computers of the future would severely impact the performance of browsers using those connections, as well as tax bandwidth, if the current digital certificates used by those connections were simply swapped out for certificates using quantum-resistant cryptography.
“The quantum-vulnerable cryptography we use today is very small. It’s very efficient in size,” explained Bas Westerbaan, a research engineer with Cloudflare, a web performance and security company headquartered in San Francisco.
“We’ve become a bit addicted to how small it is,” he told TechNewsWorld.
“Quantum-resistant cryptography is typically 40 times bigger,” he said. “That poses a challenge, as we’ve gotten used to using a lot of cryptography on certain web connections.”
Growing Merkle Trees on the Internet
Rebecca Krauthamer, CEO and co-founder of QuSecure, a maker of quantum-safe security solutions in San Mateo, Calif., explained that browsers terminate TLS billions of times per day, and certificate authentication is on the critical path for page loading.
“Today’s public web handshake often carries multiple signatures and keys due to certificate chains and Certificate Transparency-related proofs,” she told TechNewsWorld. “That overhead was tolerable with small classical signatures, but post-quantum signature and key material are substantially larger, which increases bytes on the wire, handshake time, and failure modes like fragmentation and stress on intermediaries.”
“At internet scale, bigger handshakes become slower handshakes that create additional network congestion and significant challenges for connections with constrained bandwidth,” she said.
Google’s response to potential performance issues arising from quantum-resistant cryptography is to evolve HTTPS certificates using Merkle Tree Certificates (MTCs).
MTCs can replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs. In this model, Google explained in its security blog, a Certification Authority (CA) signs a single “Tree Head” representing potentially millions of certificates, and the “certificate” sent to the browser is merely a lightweight proof of inclusion in that tree.
MTCs enable the adoption of robust post-quantum algorithms without incurring the massive bandwidth penalty of legacy certificate chains, Google said.
Google added that MTCs also decouple the security strength of the corresponding cryptographic algorithm from the size of the data transmitted to the user. By shrinking the authentication data in a TLS handshake to the absolute minimum, it maintained, MTCs aim to keep the post-quantum web as fast and seamless as today’s internet, maintaining high performance even as stronger security is adopted.
New Ecosystem of Dependencies
“MTCs are promising because their core design goal keeps post-quantum authentication feasible without ballooning every single TLS handshake,” said Jeremy Samuelson, executive vice president of AI and innovation at Integrated Quantum Technologies, a post-quantum AI infrastructure company.
However, he noted the system introduces an ecosystem of dependencies that could be problematic. “There are definitely some operational challenges that always come with introducing a new ecosystem of dependencies, which is essentially what they’re doing,” he told TechNewsWorld.
While the adoption of MTCs has the potential to address performance and bandwidth problems, until there are large-scale deployments, other issues won’t be apparent beyond already easy-to-predict interoperability issues with older systems, noted Roger Grimes, CISO advisor at KnowBe4, a security awareness training provider in Clearwater, Fla.
“It’s an entirely new way of doing [digital certificates] and TLS,” he told TechNewsWorld. “Every involved software, firmware, and hardware coded to the old way will need to be updated or replaced.”
“I take what Google is announcing as a maturation of the market along its journey from the theoretical to the practical, and Google is leading the way, making the hard decisions — along with other groups — that the rest will follow,” he said.
Whether MTCs gain traction will depend on the extent to which they are adopted as internet architecture standards and supported by other vendors, added Tim Williams, CTO of ProteQC, a post-quantum cryptography advisory and consulting firm in London.
He pointed out, however, that from the perspective of organizations other than Google, this represents externally imposed changes that they have not planned for or budgeted for. “Many vendors and customers will find it hard to align with Google’s changes in the timescales Google is demanding,” he told TechNewsWorld.
More Than a Browser Update
Antonio Sanchez, chief strategy officer at Quantum XChange, a post-quantum secure communications company in Bethesda, Md., noted that Google’s announcement further underscores the urgency of protecting organizations from harvest now, decrypt later (HNDL) attacks, in which adversaries steal encrypted data now with the hope of decrypting it later with a quantum computer.
“It also highlights the importance of solving this problem without affecting the user experience,” he told TechNewsWorld.
“The migration to post-quantum cryptography is not a software update that can be patched,” he added. “It is a digital transformation initiative that requires a new approach and innovative architecture purposefully built for the quantum age.”
“This is not just a browser update,” emphasized Allan Francis Beechinor, chief AI strategist and inventor-founder of EmergeGen, an enabler of AI-ready knowledge environments. “It is Chrome signaling that quantum-safe trust must be engineered into the web stack in a way that is scalable and operationally viable.”
“Moving early on certificate infrastructure forces the ecosystem to confront performance, governance, and interoperability now rather than reactively later,” he told TechNewsWorld.
“Google is the first browser developer to take a stab at shipping a solution for widely available quantum computing against TLS transactions,” added Bobby Kuzma, director of offensive cyber operations at ProCircular, a cybersecurity consulting firm in Coralville, Iowa.
“I’m pleased to see someone taking the initiative to get a standards-based solution — even if the standard isn’t 100% baked yet — out into the wild to see how it fares.”
A Most Significant Development
Brian Trzupek, senior vice president of product at DigiCert, a global digital security company, called Google’s action “one of the most consequential moves we’ve seen toward preparing the web’s trust infrastructure for the post-quantum era.”
“Google is signaling that the transition to quantum-resistant authentication on the public internet won’t simply be a drop-in algorithm swap,” he told TechNewsWorld. “Instead, they’re proposing a fundamental rethinking of how certificates are structured, issued, and verified, moving from traditional certificate chains to Merkle Tree Certificates.”
“What makes this significant is the ambition and the timeline,” he said. “Google is already live-testing MTCs with Cloudflare and has laid out a concrete three-phase roadmap that envisions an entirely new quantum-resistant root store by late 2027. For the CA ecosystem, this announcement puts everyone on notice: the architecture of web PKI is going to evolve, and organizations that want to remain relevant need to be actively preparing now.”
“We also think it’s important that this transition is being driven through open standards,” he added. “Google’s work in the IETF PLANTS group, and the broader collaboration with Cloudflare and the CA community, ensures that the resulting infrastructure works for everyone, not just one browser or one cloud provider.”