Google Enhances HTTPS Security with Quantum-Resistant Certificates

Technology Source: arstechnica.com

Google has announced a new initiative to secure HTTPS certificates against potential quantum computer attacks, which could compromise current encryption methods. This effort involves the use of Merkle Tree Certificates (MTCs) to ensure that the transition to quantum-resistant cryptography does not disrupt internet performance or accessibility.

The challenge lies in the fact that quantum-resistant cryptographic data is approximately 40 times larger than the classical cryptographic material currently used. Presently, a typical X.509 certificate chain includes elliptic curve signatures and public keys that total around 4 kilobytes. This data is vulnerable to quantum attacks using Shor's algorithm, which can break classical encryption.

To address this, Google and its partner Cloudflare are utilizing Merkle Trees, a data structure that efficiently verifies large amounts of information with minimal data. MTCs replace the traditional serialized chain of signatures with compact proofs, allowing a Certification Authority (CA) to sign a single 'Tree Head' for potentially millions of certificates. The browser then receives a lightweight proof of inclusion in this tree, significantly reducing the data size required for verification.

Google's approach also involves publishing all TLS certificates in public transparency logs, which are append-only distributed ledgers. This transparency ensures that website owners can verify that no unauthorized certificates have been issued for their domains. The move towards quantum-resistant algorithms, such as ML-DSA, aims to prevent forgeries by requiring an attacker to break both classical and post-quantum encryption.

The new system, already implemented in Chrome, is part of Google's broader strategy to develop a quantum-resistant root store, complementing the Chrome Root Store established in 2022. Cloudflare is currently testing the MTCs with around 1,000 TLS certificates, while the Internet Engineering Task Force's working group is coordinating with other stakeholders to create a long-term solution.

Google emphasizes the importance of adopting MTCs and a quantum-resistant root store to maintain the security and robustness of the internet's foundational infrastructure. By proactively designing for the demands of a modern internet, Google aims to accelerate the adoption of post-quantum resilience for all web users.

Read original article →

Related Articles

Technology

Reality Show 'Love Is Blind' Faces Criticism for Reinforcing Conservative Gender Norms

"Love Is Blind," a reality TV show where couples get engaged without seeing each other, has become a staple in Netflix's reality TV lineup. However, as it enters its 10th season, the show faces critic…
Technology

Why the Kobo Remote is the Ultimate Convenience for E-Readers

The Kobo Remote, a wireless page-turning device, has emerged as a popular accessory for e-reader enthusiasts seeking enhanced convenience. While the concept of a remote for a device typically held at …
Technology

Save $150 on Beats Studio Pro Headphones with Signature Sound

The Beats Studio Pro headphones, known for their distinctive style and sound, are now available at a $150 discount. While not as advanced as some other over-ear headsets, these headphones offer the cl…
Technology

Ex-Trump Official Advocates for Stricter Regulation of Prediction Markets

Mick Mulvaney, a former official in the Trump administration, is spearheading a new initiative to regulate prediction markets under state gambling laws. Mulvaney, who served as President Trump's actin…