Keeping the Internet fast and secure: introducing Merkle Tree Certificates
6 months ago
- #web-security
- #quantum-computing
- #cryptography
- The world is racing to build the first practical quantum computer, which threatens current Internet cryptography.
- Cloudflare is helping migrate the Internet to Post-Quantum (PQ) cryptography, with 50% of its traffic already protected against 'harvest now, decrypt later' threats.
- Quantum computers could also crack TLS certificates, but PQ algorithms for quantum-safe authentication exist, though their adoption requires significant changes to the WebPKI.
- PQ algorithms like ML-DSA-44 are much larger than current ones, increasing TLS handshake overhead by up to 20 times, degrading performance.
- Merkle Tree Certificates (MTCs) propose a redesign of the WebPKI to reduce the number of signatures and public keys in TLS handshakes, making PQ authentication feasible without performance loss.
- Cloudflare and Chrome Security plan to experiment with MTCs to test their viability, performance impact, and client update frequency.
- MTCs use Merkle trees to batch certificates, allowing validation with just one signature, one public key, and one inclusion proof per handshake.
- The experiment will use bootstrap certificates to mock the role of a Merkle Tree CA, ensuring security without requiring immediate trust changes.
- The goal is to make PQ certificates cheap enough to deploy today by default, ensuring a smooth transition before Q-day.