- Quantum computing threatens cryptography behind HTTPS certificates
- Fake certificates expose users to surveillance risks
- Transparency logs help quickly detect unauthorized certificate issuance
Google has revealed plans to make HTTPS certificates resistant to future quantum computing attacks while still keeping the internet usable.
Past incidents, such as the DigiNotar hack in 2011, which allowed 500 fake certificates to spy on internet users, have shown the risks of unverified certificates.
Today, browsers rely on public transparency logs, append-only registries, to allow website owners to check in real time whether their domains’ certificates are illegitimate.
Preparing certificate transparency for the quantum era
The advent of quantum computing introduces new vulnerabilities to classical cryptography, because when effective, Shor’s algorithm could forge digital signatures and break keys in certificate logs, allowing attackers to trick a browser or operating system into accepting certificates that were never issued.
Google’s solution integrates post-quantum cryptographic algorithms such as ML-DSA.
“We view the adoption of MTC and a quantum-resistant root store as a critical opportunity to ensure the robust foundations of today’s ecosystem,” Google said in a blog post.
“By adapting to the specific requirements of a modern, agile Internet, we can accelerate the adoption of post-quantum resilience for all web users. »
This approach ensures that counterfeits will only succeed if attackers break classical encryption and quantum-resistant encryption simultaneously.
The challenge is size. Traditional X.509 certificate chains are about four kilobytes in size, small enough for browsers to manage them efficiently.
Quantum-resistant data can increase this figure by around 40 times, which could slow down exchanges and affect devices protected by firewalls or endpoint security systems.
Bas Westerbaan of Cloudflare explained: “The bigger the certificate, the slower the handshake and the more people you leave behind. »
If the process becomes too slow, users could disable the new encryption altogether. To reduce data overhead, Google and its partners use Merkle Tree Certificates (MTC).
This method condenses the verification of millions of certificates into compact proofs. The certificate authorities sign a single “tree head” and the browser receives a lightweight proof of inclusion.
This approach reduces transmitted data to approximately 700 bytes, ensuring smooth operations while maintaining transparency and security.
Chrome has already implemented MTCs and Cloudflare is testing around 1,000 certificates to evaluate performance.
Over time, CAs will manage the distributed ledger themselves.
The Internet Engineering Task Force formed a working group called PKI, Logs and Tree Signatures to coordinate the standards.
Simply put, the combination of quantum-resistant certificates and MTC aims to protect web users without interrupting the browser experience or compromising endpoint security.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
