Quantum computing has been lurking in the background of security conversations for years. It is not breaking HTTPS today. But the people who build browsers are clearly thinking about what happens if it ever can.
Today, the Chrome Secure Web and Networking Team outlined a plan to harden HTTPS against quantum threats. And instead of simply cramming bigger cryptographic algorithms into the existing system and calling it a day, Chrome is proposing something more structural.
The browser team is working on something called Merkle Tree Certificates, or MTCs. If you are used to traditional X.509 certificate chains, this is a different animal.
Here is the issue. Post-quantum cryptography tends to be bulky. Larger keys. Larger signatures. More data moving across the wire during a TLS handshake. Multiply that by billions of daily connections and you have a performance problem. Nobody wants a “secure but slower” web.
Chrome’s answer, at least for now, is not to stuff post-quantum algorithms into standard public X.509 certificates in its Root Store. Instead, it is collaborating within the IETF PLANTS working group to develop MTCs as an alternative foundation.
The core idea is surprisingly elegant. Rather than sending a long, serialized chain of signatures with every connection, a Certification Authority signs a single “Tree Head” that represents potentially millions of certificates. What the browser receives is not the entire chain. It is a compact proof that a given certificate is included in that tree.
Less data in the handshake. Strong cryptography under the hood. That is the pitch.
There is another angle here that security folks will appreciate. With MTCs, certificate transparency becomes baked in. It is not an add-on. A certificate cannot exist outside the public tree model. In other words, the transparency guarantees the ecosystem has layered on over the years are part of the design from day one.
This is not just theoretical. Chrome is already testing MTCs with live internet traffic in partnership with Cloudflare. During this Phase 1 experiment, every MTC-backed connection is also supported by a traditional, trusted X.509 certificate. That fallback matters. Users are not being turned into guinea pigs. Chrome gets real-world data without risking connection stability.
If things go well, Phase 2 is targeted for Q1 2027. Chrome plans to work with Certificate Transparency log operators that already run “usable” logs in the browser. These operators have demonstrated they can handle global, high-availability infrastructure. Since MTCs share architectural DNA with CT, Chrome sees them as natural early participants.
Phase 3, expected in Q3 2027, introduces something more ambitious: a Chrome Quantum-resistant Root Store, or CQRS. This would sit alongside the existing Chrome Root Program but be purpose-built for MTCs and a post-quantum web. The idea is a controlled, risk-managed transition rather than a flag day where everything flips at once.
Chrome is also hinting at broader ecosystem changes. ACME-only workflows to simplify issuance. A more modern revocation framework that could move beyond legacy CRLs. Even “reproducible” Domain Control Validation, where proofs of domain control are publicly and persistently verifiable. That would let independent parties act as DCV monitors and double-check the legitimacy of validations.
Oversight is on the table too. Instead of leaning so heavily on annual third-party audits, Chrome is talking about continuous, externally verifiable monitoring. More real-time transparency. Less paperwork for its own sake.
It is important to note what Chrome is not doing. It is not ripping out today’s Root Store. It is not abandoning existing Certificate Authorities. The company says it remains committed to supporting current CA partners and ensuring non-quantum hierarchies remain conformant. It also expects to support traditional X.509 certificates with quantum-resistant algorithms in private PKIs later this year, just not in the public Chrome Root Store.
The bigger picture is this. The dominant browser on the planet is actively redesigning part of the web’s trust infrastructure before quantum computers become a practical threat to TLS. That is not panic. That is long-term planning.
Will quantum machines break RSA tomorrow? No. But if they ever can, the web cannot afford to improvise. Chrome is trying to make sure that when the cryptographic ground shifts, HTTPS does not fall apart with it.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz