Google Quantum-Proofs HTTPS
Source: Slashdot
Background
An anonymous reader quotes a report from Ars Technica: Google on Friday unveiled its plan for its Chrome browser to secure HTTPS certificates against quantum computer attacks without breaking the Internet. The objective is a tall order. The quantum‑resistant cryptographic data needed to transparently publish TLS certificates is roughly 40 times bigger than the classical cryptographic material used today. Today’s X.509 certificates are about 64 bytes in size and comprise six elliptic‑curve signatures and two EC public keys. This material can be cracked through the quantum‑enabled Shor’s algorithm. Certificates containing the equivalent quantum‑resistant cryptographic material are roughly 2.5 kilobytes. All this data must be transmitted when a browser connects to a site.
Merkle Tree Certificates
To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public‑key infrastructure. Merkle Tree Certificates “replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs,” members of Google’s Chrome Secure Web and Networking Team wrote Friday. In this model, a Certification Authority (CA) signs a single Tree Head representing potentially millions of certificates, and the “certificate” sent to the browser is merely a lightweight proof of inclusion in that tree.
Quantum‑Resistant Algorithms
Google is also adding cryptographic material from quantum‑resistant algorithms such as ML‑DSA (PDF). This addition would allow forgeries only if an attacker were to break both classical and post‑quantum encryption. The new regime is part of what Google calls the quantum‑resistant root store, which will complement the Chrome Root Store the company formed in 2022. The Merkle Tree Certificates (MTCs) use Merkle Trees to provide quantum‑resistant assurances that a certificate has been published without having to add most of the lengthy keys and hashes. Using other techniques to reduce the data sizes, the MTCs will be roughly the same 64‑byte length they are now. The new system has already been implemented in Chrome.