Google and other browser makers require that all TLS certificates be published in public transparency logs, which are append-only distributed ledgers. Website owners can then monitor the logs in real time to verify that no rogue certificates have been issued for their domains. The transparency programs were launched after the 2011 hack of Netherlands-based DigiNotar, which enabled the creation of roughly 500 fake certificates for Google and other sites, some of which were used to spy on web users in Iran.
Once practical, Shor’s algorithm could be used to fake classical encryption signatures and to break the classical public keys that protect the certificate logs. Ultimately, an attacker could fabricate the signed certificate timestamps that are presented to a browser or operating system to indicate a certificate has been logged when it hasn’t.
To eliminate that risk, Google is adding cryptographic material from quantum-resistant algorithms such as ML-DSA. That change would only permit forgeries if an attacker were able to break both the classical and post-quantum schemes. The new approach is part of what Google calls the quantum-resistant root store, which will complement the Chrome Root Store the company formed in 2022.
The MTCs rely on Merkle Trees to offer quantum-resistant proof that a certificate has been published without having to include most of the lengthy keys and hashes. By applying other techniques to shrink the data, the MTCs will be roughly the same 4kB length they are now, Westerbaan said.
The new system has already been rolled out in Chrome. For now, Cloudflare is enrolling roughly 1,000 TLS certificates to evaluate how well the MTCs perform. At present Cloudflare is generating the distributed ledger; the plan is for CAs to take on that role in time. The Internet Engineering Task Force standards body has recently formed a working group called the PKI, Logs, And Tree Signatures, which is coordinating with other stakeholders to build a long-term solution.
“We view the adoption of MTCs and a quantum-resistant root store as a critical opportunity to ensure the robustness of the foundation of today’s ecosystem,” Google’s Friday blog post said. “By designing for the specific demands of a modern, agile internet, we can accelerate the adoption of post-quantum resilience for all web users.”
Post updated to correct reported sizes of various items.
