Google Squeezes 2.5kB into 64 Bytes to Quantum-Proof HTTPS
▼ Summary
– Google announced a plan to make Chrome’s HTTPS certificates resistant to attacks from future quantum computers.
– The required quantum-resistant cryptographic data is about 40 times larger than current certificates, posing a speed and compatibility challenge.
– Large certificates slow down browser connections and risk being disabled by users if they degrade performance.
– To solve this, the plan uses Merkle Trees, a data structure that verifies certificates with much less transmitted data.
– In this model, a single signature covers millions of certificates, and browsers receive only a lightweight proof of inclusion.
Securing the future of web browsing against the looming threat of quantum computing requires innovative solutions that don’t compromise today’s performance. Google has announced a significant step in this direction, revealing a plan for its Chrome browser to implement quantum-resistant HTTPS certificates. The core challenge is immense: the cryptographic data needed to withstand quantum attacks is approximately forty times larger than what’s currently used. Today’s standard certificates are a compact 64 bytes, but their quantum-proof equivalents balloon to around 2.5 kilobytes. This dramatic increase in size threatens to slow down the critical handshake process when a browser connects to a secure website, potentially degrading the user experience for everyone.
The sheer volume of new data presents a major practical hurdle. As Bas Westerbaan, a principal research engineer at Cloudflare, points out, larger certificates directly translate to slower connection speeds. Cloudflare is collaborating with Google on this transition, and Westerbaan emphasizes the importance of inclusivity. If the new encryption significantly slows down browsing, users are likely to disable it, undermining the entire security upgrade. Furthermore, the increased data load can strain network “middle boxes”, the hardware and software that sit between users and websites, potentially causing additional performance issues and failures.
To navigate this bottleneck, the companies are turning to a clever cryptographic structure known as a Merkle Tree. This approach fundamentally changes how certificate verification works. Instead of transmitting a bulky chain of signatures, the system uses mathematical hashes to create a much more efficient proof. In this new model, a Certification Authority (CA) signs a single “Tree Head” that can represent millions of individual certificates. What the browser actually receives is not the full certificate data, but a lightweight, compact proof that a specific certificate is included in that massive, pre-signed tree. This method allows the robust security of quantum-resistant cryptography to be delivered with only a minimal amount of data needing to travel across the network during each connection.
(Source: Ars Technica)
