A Performance Problem with Post Quantum Signatures
Let’s Encrypt has charted a path forward for post quantum web security with a focus on Merkle Tree Certificates (MTCs). The core challenge is that standard post quantum signature algorithms produce large signatures. For example, ML-DSA-44 generates signatures nearly 38 times larger than current ECDSA P256 signatures. Swapping all the signatures in a typical TLS handshake could push its size well beyond 10 kilobytes. Research from Cloudflare indicates that such a size increase would cause a significant number of real world TLS connections to fail, and would slow down the remainder. This performance penalty represents a difficult tradeoff for a threat that is not yet imminent.
How Merkle Tree Certificates Solve the Bloat
Merkle Tree Certificates address this performance issue by replacing the traditional serialized chain of signatures with a more compact Merkle Tree proof. Instead of sending multiple large signatures, the system sends a single concise proof that validates the certificate’s position within a larger tree. This design delivers quantum resistant authentication without bloating the TLS handshake. Google has already announced a 2029 migration deadline for its services, and Chrome is spearheading the transition to MTCs. Let’s Encrypt is now aligning its roadmap with this industry shift, offering a practical way for certificate authorities to adopt post quantum security without breaking the web’s current performance expectations.
Source: Cyber Security News
