"In this model, a Certification Authority (CA) signs a single 'Tree Head' representing potentially millions of certificates, and the 'certificate' sent to the browser is merely a lightweight proof of inclusion in that tree. MTCs shrink the authentication data in the TLS handshake, decouple the size of the transmitted data from the security strength of the cryptographic algorithm, and ensure that the post-quantum web is as fast as today's internet while providing stronger security."
"Finally, with MTCs, transparency is a fundamental property of issuance: it is impossible to issue a certificate without including it in a public tree. This means the security properties of today's CT ecosystem are included by default, and without adding extra overhead to the TLS handshake as CT does today."
Google is developing Merkle Tree Certificates (MTCs) to strengthen Chrome's HTTPS certificates against quantum computing threats. Rather than immediately adopting post-quantum cryptography, which would degrade TLS performance, Google is transitioning to MTCs that use compact Merkle Tree proofs to eliminate bandwidth overhead from traditional X.509 certificate chains. In this model, a Certification Authority signs a single Tree Head representing millions of certificates, with browsers receiving lightweight proofs of inclusion. MTCs reduce authentication data in TLS handshakes, decouple transmitted data size from cryptographic algorithm strength, and maintain current internet speeds while providing enhanced security. Transparency becomes inherent to certificate issuance without additional TLS handshake overhead. Google has partnered with Cloudflare to test MTC performance and security, with CT Log operators invited to participate in bootstrapping public MTCs in Q1 2027.
#quantum-resistant-cryptography #merkle-tree-certificates #https-security #tls-performance-optimization #certificate-transparency
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]