- Quantum computing threatens the cryptography behind HTTPS certificates
- Fake certificates expose users to surveillance risks
- Transparency logs help quickly detect unauthorized certificate issuance
Google has revealed plans to make HTTPS certificates resistant to future quantum hacking attacks while keeping the Internet usable.
Past incidents, such as the DigiNotar hack in 2011, which allowed 500 fake certificates to spy on web users, showed the risks of unverified certificates.
Today, browsers rely on public transparency registries, annex-only ledgers, to allow website owners to check in real time whether any certificates on their domains are illegitimate.
Preparing certificate transparency for the quantum era
The advent of quantum computing introduces new vulnerabilities to classical cryptography, since, when effective, Shor’s algorithm could forge digital signatures and break keys in certificate records, allowing attackers to trick a browser or operating system into accepting certificates that were never issued.
Google’s solution integrates post-quantum cryptographic algorithms such as ML-DSA.
“We view the adoption of MTC and a quantum-resistant root store as a critical opportunity to ensure the robustness of the current ecosystem foundation,” Google said in a blog post.
“By designing for the specific demands of a modern, agile Internet, we can accelerate the adoption of post-quantum resilience for all web users.”
This approach ensures that forgeries will only be successful if attackers break classical encryption and quantum-resistant encryption at the same time.
The challenge is size. Traditional X.509 certificate chains are approximately four kilobytes, small enough for browsers to handle efficiently.
Quantum-resistant data can increase that number by about 40 times, which could slow down handshakes and affect devices behind firewalls or endpoint security systems.
Cloudflare’s Bas Westerbaan explained: “The larger the certificate, the slower the handshake and the more people you leave behind.”
If the process becomes too slow, users could disable the new encryption completely. To reduce data overload, Google and its partners use Merkle Tree Certificates (MTC).
This method condenses the verification of millions of certificates into compact tests. Certification authorities sign a single “Tree Head” and the browser receives a lightweight inclusion test.
This approach reduces transmitted data to around 700 bytes, keeping operations smooth while maintaining transparency and security.
Chrome has already implemented MTC and Cloudflare is testing approximately 1,000 certificates to evaluate performance.
Over time, certification authorities will manage the distributed ledger themselves.
The Internet Engineering Working Group has formed a working group called PKI, Registries and Signature Trees to coordinate the standards.
In simple terms, the combination of quantum-resistant certificates and MTC aims to protect web users without altering the browser experience or compromising endpoint security.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
