Cloudflare launches experiment with Merkle Tree Certificates

Cloudflare has announced a new initiative to develop and experimentally evaluate Merkle Tree Certificates (MTC). This is a promising approach to digital certificates that could form the foundation of post-quantum security for web encryption.

❓ Why this matters As quantum computers continue to advance, traditional cryptography (such as ECDSA) will become vulnerable, since a sufficiently powerful quantum computer could decrypt traffic and forge certificates. Post-quantum (PQ) algorithms already exist, but their adoption faces serious challenges: post-quantum keys and signatures are significantly larger than current ones, which negatively impacts TLS connection performance.

💡 How MTC works Instead of embedding large signatures into every TLS certificate, MTC uses Merkle trees, a data structure that allows multiple certificates to be verified through a single "root" signed by a certificate authority. The client receives this root separately and uses it to verify certificates during the connection process.

Thus, fewer signatures and keys are exchanged during the TLS handshake, reduced overhead, and potentially improved performance, even when using post-quantum algorithms.

Cloudflare and Google Chrome Security are now launching an experimental deployment of MTC to evaluate how this new format performs in practice, how it affects performance, and how quickly clients update their data.

If MTC experiments prove successful, this will mark an important step toward ensuring that web cryptography remains both fast and secure in the era of quantum threats without compromising connection stability or performance.

💬 Discuss