March 1, 2026

Trees, keys, and quantum pleas

Article URL →HN comments →

Robust and efficient quantum-safe HTTPS

Chrome plants a new “quantum-safe” web — and everyone’s asking what happens to the rest of the forest

TLDR: Chrome is testing a new tree-based certificate to keep HTTPS fast and secure in a future with quantum computers, with wider rollout eyed for 2027. The crowd is split between excited tinkerers and skeptics worried about other browsers, Let’s Encrypt’s role, and Chrome’s growing control.

Google just pitched a future where your secure website “certificate” is a tiny proof from a giant public tree — and the crowd had thoughts. The new plan, called Merkle Tree Certificates (MTCs), aims to make the web fast and safe even when quantum computers arrive. Instead of bulky old certificates, a central authority signs one big “tree” and sites hand you a lightweight proof they’re in it. Chrome is already testing this with Cloudflare, then wants to roll out a quantum-ready trust system by 2027.

Cue the drama: some cheered the vision, linking tools like OQS to start tinkering. Others side-eyed the power move, noting Chrome didn’t name other browsers and asking what this means for community favorites like Let’s Encrypt. One voice snapped that the title felt vague and assumed this was solved by existing key tech, before realizing this is about the certificates that prove who you’re talking to — not just how you lock the connection.

Humor bloomed fast: with a working group literally called “PLANTS,” the thread sprouted tree puns about Chrome “logging” everything while promising transparency-by-default. Fans say it’s clever and lean; skeptics worry about a Chrome-shaped gate to the future. The only consensus? The quantum countdown just got very real — and very spicy

Key Points

  • Chrome is developing Merkle Tree Certificates (MTCs) to make HTTPS quantum-safe without adding PQ X.509 certificates to the Chrome Root Store.
  • MTCs replace traditional signature chains with compact Merkle Tree proofs, reducing TLS handshake data and bandwidth.
  • Transparency is intrinsic to MTCs: certificates cannot be issued without inclusion in a public tree, embedding CT-like properties by default.
  • Phase 1 feasibility testing with Cloudflare is underway, backed by traditional X.509 certificates as a fail-safe.
  • Phase 2 (Q1 2027) and Phase 3 (Q3 2027) will bootstrap public MTCs and launch the Chrome Quantum-resistant Root Store (CQRS) for MTC-only trust.

Hottest takes

"The pivot to MTC is a big change" — boutell
"We already have MLKEM" — kro
"It’s quite fun to play with." — utopiah

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.