Google is developing a new technical approach designed to help keep secure websites protected as computing technology evolves.
HTTPS is the security system that protects information sent between a user’s browser and a website. When you see the padlock icon in your browser’s address bar, it means that connection is encrypted, or scrambled, so outsiders cannot read it.
Today, that protection relies on mathematical methods known as public key encryption. Two of the most widely used systems are RSA and elliptic curve cryptography. These systems use complex math problems that are extremely difficult for traditional computers to solve, which keeps online data secure.
However, researchers have warned that future quantum computers could one day solve those problems much faster than current machines. If that happens, encryption methods like RSA and elliptic curve cryptography could become vulnerable.
Although large scale quantum computers capable of doing this don’t yet exist, technology companies are already working on new forms of encryption designed to resist those future attacks. These are known as post quantum algorithms.
The challenge is that post quantum encryption requires much larger digital signatures. Larger signatures mean larger security certificates, which are small digital files used to verify that a website is legitimate. Bigger certificates can increase the amount of data exchanged when a secure connection is first established, potentially affecting speed and efficiency.
To address this, Google is testing a system called Merkle Tree Certificates. Instead of each website sending a long chain of digital signatures, certificates are grouped together in a mathematical structure called a Merkle tree. A Certificate Authority signs the top of that structure, and individual websites provide a small proof showing they are included. The browser verifies that proof instead of processing multiple large signatures.
This approach reduces the amount of certificate data sent during a secure connection while still supporting stronger, larger post quantum encryption. Google has begun testing the system in Chrome and plans a gradual rollout over the next two years, working with certificate providers and transparency logs as part of the transition.
For users, the change will not be visible. Secure connections will continue to function normally. The goal is to ensure that HTTPS remains both secure and efficient as encryption standards evolve.
Leave a Reply