Google Quantum-Proofs HTTPS by Squeezing 15kB of Data into 700-Byte Space
SAN FRANCISCO — Google on Friday unveiled a technical breakthrough that protects HTTPS certificates against future quantum computer attacks while preserving the efficiency of the existing web infrastructure. The company’s Chrome team has developed Merkle Tree Certificates (MTCs) that compress roughly 15 kilobytes of quantum-resistant cryptographic material into just 700 bytes.
The innovation addresses a critical challenge in post-quantum cryptography: many quantum-resistant algorithms, such as ML-DSA, produce significantly larger signatures and public keys than current classical algorithms. Adding this extra cryptographic material to TLS certificates would have increased their size dramatically, potentially slowing down web connections and straining the global certificate ecosystem. By leveraging clever mathematics based on Merkle trees, Google has found a way to include the necessary post-quantum protection without breaking the internet’s performance characteristics.
Merkle Tree Certificates Already Supported in Chrome
Merkle Tree Certificate support is already available in Chrome, with broader deployment planned across the web ecosystem in the coming months.
The approach works by embedding cryptographic material from quantum-resistant algorithms such as ML-DSA into a compact Merkle tree structure. This allows certificates to carry the additional post-quantum data in a highly compressed form. According to technical details reported by Ars Technica, the technique ensures that forging a certificate would require an attacker to break both classical and post-quantum encryption simultaneously, providing strong defense-in-depth against quantum threats.
Google’s solution is designed to maintain backward compatibility and minimize bandwidth overhead. The dramatic reduction from 15kB to approximately 700 bytes means that the new certificates can be transmitted with negligible impact on page load times and network efficiency.
Technical Innovation Addresses Quantum Threat
The development comes as the cryptography community prepares for the arrival of cryptographically relevant quantum computers, which could eventually break widely used public-key algorithms such as RSA and ECC. Standards bodies including NIST have already finalized several post-quantum cryptography algorithms, but integrating them into the web’s TLS infrastructure has proven challenging due to size constraints.
By using Merkle Tree Certificates, Google is able to include the larger quantum-resistant signatures and keys without requiring fundamental changes to how browsers and servers handle certificate validation. The Merkle tree structure allows verifiers to efficiently check only the relevant cryptographic paths rather than transmitting the entire expanded dataset.
This announcement represents a significant step forward in Google’s broader post-quantum migration strategy. The company has been actively working on quantum-resistant technologies across its products, recognizing that sensitive data protected by today’s encryption may need to remain secure for decades into the future.
Impact on Web Ecosystem and Developers
For web developers and site operators, the introduction of Merkle Tree Certificates promises a relatively smooth transition to quantum-resistant HTTPS. Because the compressed certificates maintain similar size characteristics to current certificates, most websites should not require significant infrastructure changes or experience performance degradation.
Certificate authorities will need to begin supporting the new certificate format, and server software will require updates to issue and serve MTCs. However, the fact that Chrome already supports the technology suggests an accelerated path toward widespread adoption.
The move also puts pressure on other browser vendors and technology providers to implement compatible support for Merkle Tree Certificates, potentially accelerating the industry’s overall transition to post-quantum cryptography.
What’s Next
Google has not yet announced a specific timeline for when Merkle Tree Certificates will become mandatory in Chrome or when it expects full ecosystem support. However, the company’s history with security feature rollouts suggests a gradual, measured deployment that prioritizes compatibility.
The broader industry is watching closely as major technology companies begin deploying post-quantum solutions in production environments. NIST and other standards organizations continue to refine post-quantum cryptography standards, and Google’s practical implementation provides valuable real-world data on the feasibility of these new algorithms at internet scale.
As quantum computing capabilities advance, the successful deployment of technologies like Merkle Tree Certificates will be critical to maintaining the security and privacy guarantees that users expect from HTTPS connections. Google’s innovation demonstrates that the transition to quantum-resistant web encryption can be achieved without sacrificing the performance characteristics that have made the modern web possible.