On Friday, Google revealed its strategy to secure HTTPS certificates in its Chrome browser to protect against quantum computer attacks, aiming to achieve this without disrupting internet functionality.
This undertaking presents challenges, as the quantum-resistant cryptographic data required for publicly publishing TLS certificates is significantly largerâapproximately 40 timesâthan the classical cryptographic materials currently in use. Present-day X.509 certificates measure around 64 bytes, comprising six elliptic curve signatures and two EC public keys, which can be potentially compromised through Shorâs algorithm powered by quantum computing. In contrast, certificates with equivalent quantum-resistant properties are about 2.5 kilobytes in size, all of which must be transmitted when a browser connects to a site.
The bigger they come, the slower they move
âThe bigger you make the certificate, the slower the handshake and the more people you leave behind,â said Bas Westerbaan, a principal research engineer at Cloudflare, a key partner with Google in this transition. Westerbaan noted that users might disable new encryption if it degrades browsing speed. Additionally, the increased certificate size could impact "middle boxes," which function as intermediaries between browsers and their destination sites.
To overcome these obstacles, companies are turning to Merkle Trees, a sophisticated data structure employing cryptographic hashes and mathematical operations to verify extensive amounts of information using minimal data compared to traditional public key infrastructure techniques.
According to Googleâs Chrome Secure Web and Networking Team members, Merkle Tree Certificates âreplace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs.â They explained, âIn this model, a Certification Authority (CA) signs a single âTree Headâ representing potentially millions of certificates, and the âcertificateâ sent to the browser is merely a lightweight proof of inclusion in that tree.â