Every time you visit a website with a padlock in the address bar, your browser is doing something important in the background.
It is checking a digital certificate that proves you are actually talking to the real site and not an imposter.
Those certificates are secured by complex mathematical problems that would take a regular computer thousands of years to crack.
Quantum computers will not take thousands of years. They will take minutes.
The good news: no such quantum computer exists yet.
The bad news: it probably will, within this decade. And there is a version of this threat that is already active today, right now, that most people have never heard of.
Google has heard of it. And it is already rebuilding the certificate infrastructure inside Chrome to prepare for a world where quantum computers exist and today’s encryption is useless.
The Threat That Is Already Running
There is a specific attack strategy that security experts have been warning about for years called “harvest now, decrypt later.”
The idea is this: a nation-state adversary intercepts and stores encrypted internet traffic today.
All of it. Emails. Financial transactions. State secrets. Corporate communications. Everything that flows across the internet, encrypted with current cryptography.
They cannot decrypt it today. Current encryption is strong enough to resist any computer that currently exists.
But they are patient. They store the data and wait. When quantum computers mature to the point where they can crack today’s encryption, they go back to the archive, unlock everything they collected years earlier, and read it all.
Jacob Krell, senior director for Secure AI Solutions at Suzu Labs, put the timeline bluntly: “Nation states and well-resourced threat groups are already collecting encrypted internet traffic with the expectation of decrypting it once quantum capabilities mature.”
The collection is already happening. The decryption comes later. Which means the time to fix the encryption is now, not when the quantum computer arrives.
Why Fixing It Is Harder Than It Sounds
The straightforward answer to quantum threats is post-quantum cryptography, algorithms designed to be secure even against quantum computers. Those algorithms exist. They are standardized. They work.
The problem is size.
Current X.509 certificates, the standard format browsers use today, are about 64 bytes. Quantum-resistant equivalents run to roughly 2,500 bytes. That is about 40 times larger.
That may not sound like much in isolation. But multiply it by the billions of HTTPS connections made every day across every browser on earth, and you have a problem.
Every website load would require downloading significantly more security data. Load times would increase. Bandwidth consumption would spike. The web would get slower for everyone.
Simply swapping out the old certificates for quantum-resistant ones is not a viable path. The performance cost is too high.
Google needed a different architecture entirely.
The Merkle Tree Solution
The answer is a cryptographic structure called a Merkle Tree Certificate, or MTC.
Here is how traditional certificate verification works. When you visit a website, your browser downloads that site’s individual certificate and checks it.
The certificate contains the site’s identity, a digital signature proving it is legitimate, and a chain of additional signatures tracing back to a trusted authority. All of that data travels to your browser with every connection.
Here is how MTCs work instead. A certificate authority signs a single “Tree Head” that represents potentially millions of certificates simultaneously.
Your browser receives only a tiny proof, called a Merkle tree proof, that confirms your specific site is included in that tree.
The proof is mathematically secure but tiny, close to the original 64-byte footprint of today’s certificates.
The quantum-resistant cryptographic strength is applied at the Tree Head level, where the size increase is absorbed once rather than multiplied across every connection.
The data your browser handles stays small. The security it provides becomes quantum-resistant.
Google’s Chrome Secure Web and Networking team described the goal plainly: “By shrinking the authentication data in a TLS handshake to the absolute minimum, MTCs aim to keep the post-quantum web as fast and seamless as today’s internet, maintaining high performance even as we adopt stronger security.”
The Three-Phase Rollout
Google is not flipping a switch. It is running a three-phase transition that will take until at least late 2027 to complete.
Phase one is already underway. Google is running live experiments with real internet traffic, in collaboration with Cloudflare, testing MTC-based connections alongside traditional X.509 certificates.
Each MTC connection in the experiment is still backed by a traditional certificate, so if anything goes wrong, security is not compromised.
Phase two begins in Q1 2027. Google will invite Certificate Transparency log operators who already have infrastructure in Chrome’s trust system to participate in bootstrapping the public MTC ecosystem.
These are organizations that already run the global security infrastructure that underpins today’s HTTPS web. They know how to operate at scale under reliability requirements that most companies never face.
Phase three, targeted for Q3 2027, introduces the Chrome Quantum-resistant Root Store, or CQRS, a completely new trust architecture designed specifically for the post-quantum web.
It will operate alongside the existing Chrome Root Program during a transition period rather than replacing it overnight.
Importantly, MTCs also solve a second problem with today’s certificates. Under the new system, a certificate cannot be issued unless it is included in a public tree.
That makes it mathematically impossible to issue a certificate in secret. Every certificate is publicly logged by design. The 2011 DigiNotar hack, which allowed 500 fake certificates to be secretly issued and used to spy on web users, becomes structurally impossible under MTCs.
Why Chrome Specifically
Chrome has roughly 65% of global browser market share. When Chrome changes how it handles certificates, it effectively changes how the internet handles certificates.
Certificate authorities, cloud providers, enterprise security teams, and hosting providers all follow Chrome’s lead because they have to.
If Chrome requires MTCs, the industry builds MTCs. If Chrome validates a new trust store, the ecosystem aligns to it.
Riaan Gouws, CTO at Forward Edge-AI, framed the leverage plainly: “When a dominant browser begins operationalizing post-quantum cryptography, it accelerates adoption across certificate authorities, cloud providers, and enterprise infrastructure.”
Google is not waiting for a quantum computer to exist before acting. It is using Chrome’s dominance to pull the entire internet ecosystem toward quantum-resistant infrastructure while there is still time to do it carefully.
What You Need to Do Right Now
If you are a regular user, nothing immediately. The transition is happening in the background. Your browser will handle it.
If you run a website, you do not need to act today, but you should start talking to your hosting provider or certificate authority about when they plan to support MTC-based certificates. The 2027 timeline is not far away in infrastructure terms.
If you are a security professional: the experts Google consulted on this are unanimous on one point. Start inventorying your cryptographic dependencies now.
Every system in your organization that relies on TLS, HTTPS, or digital certificates will eventually need to be updated.
The organizations that start that inventory today will have an easier transition than those who wait until the deadline is on top of them.
The quantum computer that can break the internet’s current encryption does not exist yet. But the data being collected for when it does is already out there.
Google is not waiting. Neither should anyone else building systems that need to be secure in ten years.
About the Author
