TL;DR
Let’s Encrypt announced plans to support Merkle Tree Certificates (MTCs) by 2027 to ensure post-quantum security for the web PKI. This involves significant infrastructure changes and aims to balance security with performance.
Let’s Encrypt announced it will support Merkle Tree Certificates (MTCs) as a post-quantum security measure for the web PKI, aiming for staging in late 2026 and full deployment in 2027.
The organization is adopting MTCs to address the emerging threat of quantum computers capable of breaking current cryptographic standards. Unlike traditional certificates, MTCs issue certificates in batches, with a single signature covering all certificates, reducing size and improving transparency.
This approach leverages existing experience with Certificate Transparency logs, which use Merkle trees, and is supported by Chrome and Cloudflare’s ongoing feasibility experiments. The shift aims to mitigate the size and performance issues associated with post-quantum signatures, which are significantly larger than current algorithms, potentially impacting TLS handshake performance and user experience.
Why It Matters
This development is critical because it signals a proactive move by Let’s Encrypt to secure the web against future quantum threats, especially targeting long-lived keys like root certificates. The transition to MTCs could influence global standards and accelerate adoption of post-quantum cryptography in the public web, affecting billions of internet users and countless secure communications.
Migration to Post-Quantum Cryptography: Cryptographic Discovery – Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Over recent years, governments and industry leaders, including the NSA and NIST, have accelerated plans to transition to post-quantum cryptography, with timelines targeting 2030-2035. Major tech companies like Google and Cloudflare have announced migration plans by 2029. The challenge has been balancing the large size of post-quantum signatures with the need for fast, reliable web security. MTCs represent a promising solution, leveraging existing infrastructure and standards.
“We believe Merkle Tree Certificates are a strong path forward for a post-quantum web PKI, balancing security, transparency, and performance.”
— Let’s Encrypt spokesperson
“Chrome supports MTCs for adding post-quantum certificates, aligning with the broader industry move to prepare for quantum threats.”
— Chrome security team
Merkle Tree Certificates for web security
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
Details about the full implementation process, potential technical challenges during large-scale deployment, and how backward compatibility will be managed remain unclear. It is also uncertain how quickly adoption will occur across the entire web ecosystem and whether other CAs will follow suit.
quantum-resistant SSL/TLS certificates
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Let’s Encrypt plans to develop and test MTC support in staging environments starting late 2026, with a target for full production deployment in 2027. Standardization efforts through the IETF are ongoing, and industry stakeholders will monitor early implementations for performance and security outcomes.
Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are Merkle Tree Certificates?
Merkle Tree Certificates are a batch issuance method that signs multiple certificates together using a single signature, reducing size and enabling built-in transparency.
Why is this transition necessary?
Quantum computers could break current cryptographic standards, risking the security of long-term keys. MTCs aim to provide post-quantum security without compromising performance.
When will MTC support be available?
Support is planned for late 2026 in staging environments, with full deployment expected in 2027.
Will this affect current TLS connections?
Initially, larger signatures may impact performance, but MTCs are designed to minimize disruption. Future optimizations are expected to address performance concerns.
How does this impact web security overall?
This move aims to future-proof web security against quantum threats, ensuring the integrity and trustworthiness of internet communications for decades to come.
Source: Hacker News
