TL;DR
Let’s Encrypt is developing Merkle Tree Certificates (MTCs) to prepare for a post-quantum web PKI. The plan includes a staged rollout starting in late 2026, addressing size and transparency challenges. This move aims to secure long-term trust on the web against quantum threats.
Let’s Encrypt has announced plans to support Merkle Tree Certificates (MTCs) as a post-quantum solution for the web PKI, with a staged rollout expected to begin in late 2026 and full deployment in 2027. This development aims to address the security challenges posed by future quantum computers while maintaining the speed and reliability of TLS.
The initiative responds to increasing concerns about quantum computing threats to cryptography, particularly for long-lived keys such as root CAs and code-signing keys. Traditional post-quantum signatures, like ML-DSA-44, are significantly larger than current algorithms, causing potential issues with TLS handshake sizes and network performance. Cloudflare’s research indicates that large signatures could lead to failed or slowed connections on real-world networks.
To mitigate this, Let’s Encrypt is exploring Merkle Tree Certificates (MTCs), which issue certificates in batches with a single signature covering all certificates in a batch. This approach reduces handshake size, as the authentication relies on a compact Merkle proof, and integrates certificate transparency directly into the issuance process. MTCs leverage existing infrastructure, including Let’s Encrypt’s experience with transparency logs, and are already being tested by Chrome and Cloudflare in real traffic environments.
Why It Matters
This move is significant because it represents a proactive step by a major web PKI provider to adapt to the impending quantum threat. Implementing MTCs could preserve the performance and security of TLS at scale, ensuring long-term trust in internet security infrastructure. It also signals industry readiness to transition from current cryptographic standards to post-quantum algorithms, which is critical given the timeline set by national security agencies and standards bodies.
Managing Post-Quantum Cryptography: Securing the Enterprise Before the Machines Catch Up (Understanding Quantum Computing for Everyone)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Over recent years, the cryptography community has recognized the urgency of preparing for quantum computing, with agencies like the NSA and NIST setting deadlines around 2030-2035 for migrating to post-quantum algorithms. Major tech companies like Google and Cloudflare have committed to early migration timelines, citing the potential arrival of cryptographically relevant quantum computers (CRQCs). The challenge has been balancing security with performance, as post-quantum signatures tend to be larger, impacting web protocols and user experience.
Existing efforts, such as Certificate Transparency logs, have laid the groundwork for transparency and trust, but the adoption of post-quantum signatures requires new designs. MTCs are emerging as a promising solution, combining batch issuance, Merkle tree cryptography, and integrated transparency, to address these challenges effectively.
“We are planning to support Merkle Tree Certificates as the path forward for the post-quantum Web PKI, targeting late 2026 for staging and 2027 for production.”
— Let’s Encrypt
“We are already testing MTCs against real internet traffic, which demonstrates their practical viability.”
— Cloudflare
Merkle Tree Certificate support
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
Details remain unclear about the full technical implementation, compatibility with existing infrastructure, and how widespread adoption will be managed. The timeline for standardization and integration into browsers and clients is still developing, and operational challenges in scaling MTCs at the scale of Let’s Encrypt are yet to be fully addressed.
Post-Quantum Cybersecurity for Embedded Systems: Engineering Quantum-Resilient Firmware, RTOS Platforms, IoT Devices, and Edge Infrastructure
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Next steps include finalizing technical standards through IETF processes, conducting broader testing in diverse network conditions, and preparing infrastructure updates for issuance and validation. The community will monitor progress toward late 2026 staging and 2027 deployment milestones.
Samsill 100 Pack 8.5" x 11" Clear Write On Transparency Film, 5 mil, for Use with Dry Erase Markers only, Not for Use in Printer, Acetate Sheets
Value Pack – 100 write on transparency films make business and educational lessons easy to manage with having…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are Merkle Tree Certificates?
Merkle Tree Certificates (MTCs) are a post-quantum certificate issuance method that batches certificates into a Merkle tree, allowing a single signature to authenticate many certificates at once, reducing size and improving efficiency.
Why is this development important?
It prepares the web’s security infrastructure for the era of quantum computing, ensuring long-term trust and performance while transitioning to post-quantum cryptography.
When will MTCs be implemented in production?
Let’s Encrypt aims for a staging environment in late 2026 and a full production rollout in 2027, contingent on successful testing and standardization.
What challenges remain?
Technical integration, scalability, browser and client support, and ensuring minimal impact on network performance are ongoing concerns that need to be addressed before widespread adoption.
Source: Hacker News
