Google Chrome Launches New Initiative for Quantum-Safe Web Ecosystem
Google Chrome’s Secure Web and Networking Team has announced a new initiative aimed at protecting HTTPS traffic against the emerging threat of quantum computing. This development is part of the Internet Engineering Task Force’s (IETF) “PKI, Logs, And Tree Signatures” (PLANTS) working group efforts.
Merkle Tree Certificates: A Quantum-Safe Evolution
Quantum computers pose a significant threat to current cryptographic standards by potentially breaking algorithms used to secure HTTPS. To address this, Google Chrome is introducing Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem.
Merkle Tree Certificates: Key Features
- Performance Maintenance: MTCs keep the TLS handshake small, ensuring that post-quantum web remains as fast as today’s internet.
- Built-in Transparency: Certificates cannot be issued without inclusion in a public tree, automatically applying the security benefits of today’s CT ecosystem without added overhead.
- Scalability: By shifting to compact proofs, CAs can manage millions of certificates efficiently while maintaining robust post-quantum security.
Chrome’s Rollout Strategy
The deployment of MTCs is structured into three distinct phases to ensure a smooth transition:
- Phase 1 (Currently Underway): Chrome is partnering with Cloudflare for a real-world feasibility study. During this phase, MTC connections are backed by a traditional X.509 certificate as a “fail-safe” to monitor performance without risking user security.
- Phase 2 (Q1 2027): Chrome will invite established CT Log operators to participate in bootstrapping public MTCs. Only operators with a proven track record of reliable infrastructure will be eligible, leveraging their architectural similarities to MTCs for quick deployment.
- Phase 3 (Q3 2027): Chrome will finalize requirements for the new Chrome Quantum-resistant Root Store (CQRS). This purpose-built trust store will support only MTCs and operate alongside the existing Root Program. Sites will also be able to opt-in to downgrade protections, ensuring they only connect using quantum-resistant certificates.
Future Ecosystem Norms
Google views this transition as an opportunity to modernize the foundation of TLS. Future ecosystem norms emphasize security, simplicity, and transparency. This includes prioritizing Automated Certificate Management Environment (ACME) workflows to ensure cryptographic agility and upgrading revocation status frameworks to replace legacy Certificate Revocation Lists (CRLs).
Conclusion
The introduction of Merkle Tree Certificates marks a significant step towards securing the web against quantum computing threats. As standard development continues, Chrome remains committed to supporting current CA partners while simultaneously building the infrastructure required for MTC integration.
元記事: https://gbhackers.com/google-chrome-introduces-merkle-tree-certificates/