Last week, Google announced that it would introduce a new program in its Chrome browsers to make HTTPS certificates secure against emerging quantum computers. The tech giant noted that the Internet Engineering Task Force (IETF) created a new working group, PKI, Logs, And Tree Signatures (PLANTS), which aimed to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography could introduce into TLS connections requiring Certificate Transparency (CT).
“To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” Google’s Chrome Secure Web and Networking Team explained in a blog post.
It added that the Chrome team will collaborate with partners to develop an evolution of HTTPS certificates based on Merkle Tree Certificates (MTCs), which are currently under development in the PLANTS working group.
The MTCs will replace the serialized chain of signatures used in PKI with the compact Merkle Tree proofs.
Chrome is already “experimenting with MTCs with real internet traffic,” as part of its Phase 1 initiative. The company said it intends to “gradually build out our deployment such that MTCs provide a robust quantum-resistant HTTPS available for use throughout the internet.”
It will move to Phase 2 once the core technology is validated, and that could begin early in 2027. It will finalize the requirements for onboarding additional Certification Authority (CA) by Q3 of 2027.
“This will establish a modern, purpose-built trust store specifically designed for the requirements of a post-quantum web,” the blog post continued.
The Quantum of Solace
Cybersecurity experts have praised Google for trying to stay ahead of the curve rather than being reactive in a post-quantum world. Post-quantum cryptography (PQC), or quantum-resistant cryptography, will require cryptographic algorithms designed to secure digital information against future, powerful quantum computers.
PQC will also require the use of algorithms designed to withstand quantum attacks, allowing for a proactive, secure transition before these threats arrive.
“Google’s move to integrate quantum-safe certificates into Chrome is a pivotal signal to the broader internet ecosystem,” said Riaan Gouws, CTO at Forward Edge-AI.
“When a dominant browser begins operationalizing post-quantum cryptography, it accelerates adoption across certificate authorities, cloud providers, and enterprise infrastructure,” Gouws told ClearanceJobs. “This does not speak to an immediate quantum breakthrough. It’s about mitigating the harvest now, decrypt later risk by preparing today’s encrypted traffic for tomorrow’s cryptographic realities. ”
Jacob Krell, senior director for Secure AI Solutions & Cybersecurity at Suzu Labs, added that this announcement should also be seen as a preemptive fix for a known long-term weakness in the web PKI. He told ClearanceJobs that a cryptographically relevant quantum computer does not exist yet. He warned that the “harvest now, decrypt later” model means traffic recorded today could be exposed in the future.
“Nation states and well-resourced threat groups are already collecting encrypted internet traffic with the expectation of decrypting it once quantum capabilities mature,” said Krell. “It is important to note that Google’s work here focuses specifically on the authentication layer of HTTPS, the certificate and transparency ecosystem, not bulk traffic encryption. Getting that layer hardened before the quantum window closes is exactly the right response.”
Quantum Scale
A key point to note is that post-quantum signatures and public keys will be much larger than their classical counterparts.
“Current web PKI uses classical signatures measured in tens of bytes, while quantum-resistant equivalents like ML-DSA run to a few kilobytes each. Applied naively across every certificate chain and TLS handshake, that size increase would slow page loads and push users to disable the protection entirely. That is the engineering problem Google had to solve, and it is why Merkle Tree Certificates exist,” said Krell.
He further suggested that the adoption of Merkle Tree Certificates is designed to address performance and bandwidth challenges, and early results suggest they work.
“The model anchors the tree with a small number of post-quantum signatures, and the browser verifies its certificate is genuine by checking a compact Merkle proof of inclusion rather than downloading the full chain,” said Krell. “Google has demonstrated that this brings what would be on the order of tens of kilobytes of post-quantum authentication data down to well under a kilobyte. The performance penalty that everyone expected from this transition is largely eliminated before it ever reaches the end user.”
Reshaping Web Trust
Advances in quantum computing could be a game-changer. Still, quantum-safe certificates in Chrome will also be an important early step toward preparing the public internet for the eventual reality of quantum computing.
“Today’s web security relies heavily on algorithms like RSA and ECC, which sufficiently powerful quantum computers could theoretically break,” warned Ensar Seker, CISO at SOCRadar.
By beginning to integrate post-quantum cryptography into something as widely deployed as Chrome, Google will help ensure the industry begins the long transition to cryptographic systems that remain secure in a quantum era.
“Given Chrome’s massive share of global web traffic, even incremental steps here can have a significant ripple effect across the broader internet ecosystem,” Seker told ClearanceJobs.
Still, he added that this move should be seen as the beginning of a long migration rather than a completed solution.
“Transitioning global internet infrastructure to quantum-resistant cryptography will take years because certificates, TLS libraries, hardware security modules, and enterprise systems all need to adapt,” Seker continued. “Security leaders should start inventorying cryptographic dependencies now and preparing for hybrid or post-quantum certificate deployments. The organizations that begin planning early will be better positioned to avoid disruptive security upgrades once quantum capabilities mature.”
The clock is already ticking, with conservative estimates suggesting a cryptographically relevant quantum computer could be developed sometime in the 2030s. Security experts suggest that Google is taking the correct posture to prepare for the post-quantum era.
For future end users, the disruption should be minimal.
“The real work happens behind the scenes, requiring browser support, CA tooling changes, CT log upgrades, and active standards development through the IETF and CA/Browser Forum to move in coordination,” said Krell. “It is also important to note that this is a Chrome-led deployment, not a universal web switch. Other browsers, certificate authorities, and infrastructure operators will need to follow before post-quantum certificate authentication becomes the norm across the web.”
