Why it matters: One of the greatest risks of quantum computing is its potential to break many of the cryptographic protocols that keeps the internet safe today. Thankfully, quantum is still fairly distant from being that great a risk – at this stage, it can't break internet encryption. But Google isn't exactly waiting around for that to happen. On Friday, the company announced that Chrome is rolling out a new type of web certificate that's essentially designed to be quantum-proof from the ground up.
To understand why this matters, it helps to know how current web security actually works. When you visit a website, your browser checks a digital certificate to confirm you're actually talking to the real site and not some imposter. Those certificates are secured using complex math problems that regular computers would take years or even decades to solve.
However, quantum computers throw all of that out the window. For instance, a quantum algorithm called Shor's algorithm could theoretically crack those certificates wide open, which would basically make them useless. The natural response to something like this is switching to quantum-resistant cryptography. But there's a catch with that, too.
That quantum-safe cryptographic material is way bigger than what we use now. Current X.509 certificates – the standard format that browsers use today – clock in at around 64 bytes. Swap in quantum-safe equivalents, though, and you're looking at roughly 2.5 kilobytes, which may not sound like a lot but is still about 40 times the size.
Today, every time you visit a website, your browser has to pull down that certificate data during the initial connection. Blow up the size of those certificates, and you're definitely going to feel it in your load times. And if browsing feels sluggish because of all that extra data, people are just going to turn the protection off entirely.
To get around this particular problem, Google is depending on a cryptographic structure called a Merkle tree.
"MTCs replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle tree proofs. In this model, a certification authority (CA) signs a single "Tree Head" representing potentially millions of certificates, and the "certificate" sent to the browser is merely a lightweight proof of inclusion in that tree," Google wrote.
That may sound overly technical, but in short, your browser receives a small proof – instead of downloading a full individual certificate for every site. With it, any certificate authority only needs to sign one batch covering potentially millions of websites, and the data your browser actually receives stays close to that original 64-byte footprint.
Chrome is already live-testing these Merkle tree Certificates with Cloudflare, and it's already running about 1,000 certificates through the new system right now. Every one of those connections has a standard certificate riding alongside it as a safety net, so nothing breaks while they're still kicking the tires on this process.
The broader rollout stretches into 2027. That's when Google plans to launch a dedicated quantum-resistant trust store that will run parallel to the existing Chrome Root Store.
One genuinely cool side effect of this whole approach is that certificate transparency stops being optional. You physically cannot issue one of these new certificates without it appearing in a publicly verifiable log. This means that shady or forged certificates become a lot harder to sneak through.
It's worth mentioning here that Google has been taking steps to safeguard browsers and the internet against quantum computing for a decade now.