TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security AI Conundrum: Why MCP Security Can't Be Patched Away AI Conundrum: Why MCP Security Can't Be Patched Away by Jai Vijayan Mar 19, 2026 4 Min Read Cyber Risk Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads by Nate Nelson Mar 18, 2026 6 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Сloud Security Cyber Risk Perimeter Endpoint Security News, news analysis, and commentary on the latest trends in cybersecurity technology. Post-Quantum Web Could be Safer, Faster Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to a tenth their previous size, decreasing latency and adding transparency. Robert Lemos , Contributing Writer March 19, 2026 7 Min Read Source: Teerayuth Mitrsermsarp via Shutterstock With practical quantum computers predicted to arrive in the next decade or so, technologists worry about the risks to encrypted data traveling over current web protocols, but a new infrastructure proposed by an internet standards group could future-proof against quantum attacks. Cryptographically-relevant quantum computers (CRQCs) could allow the decryption of secure traffic using HTTPS and the spoofing of secure servers. Shoring up the security of the internet with the structures used today requires adopting post-quantum algorithms that come with significant trade-offs. Browser makers have already adopted additions to the current Transport Layer Security (TLS) standard for securing communications against the most significant present-day quantum concern: "store now, decrypt later" (SNDL) threats, where an adversary steals data to exploit when quantum computing is available. Yet, the technology does not solve other future security problems that will arise. Related: Microsoft Security Change for Azure VMs Creates Pitfalls Typical quantum-resistant encryption algorithms, such as Module-Lattice-Based Digital Signature Algorithm (ML-DSA), result in significant increases in bandwidth and cause moderate slowdowns in establishing sessions. Worse, "middle boxes" — such as web application gateways, load balancers, and intrusion-detection appliances — often fail with the larger certificate chains, Cloudflare found . Enter Merkle tree certificates, or MTCs, a draft specification for using efficient hash-based certificates designed to efficiently secure against post-quantum attacks. While stronger, quantum-safe encryption typically requires larger keys and more calculations, MTCs provide a very efficient way to distribute keys, requiring keys less than 10% of size of best alternative quantum-safe methods of cryptography. Created by the Internet Engineering Task Force (IETF), the draft specification is already being tested by major internet infrastructure providers, such as Google and Cloudflare, said Luke Valenta, senior research engineer at Cloudflare. "MTCs work ... and they are used to secure real traffic today," he told the audience at the Real World Crypto Symposium 2026. "They are faster than even classical signature chains, ... so even without quantum computers on the horizon, this would be justification to deploy them." Protection Before Q-Day No one knows when practical quantum computers will arrive . Technologists have perennially predicted the necessary advances will be here in a decade or three, but that time has shortened in recent years with some breakthroughs and investment. Bill Gates argues that a QC could arrive in the next three to five years , while analysts at Forrester Research predict practical business QCs could be here by 2030 . Related: Microsoft Adds Agentic AI Capabilities to Sentinel Because of the need to protect against SNDL attacks, government agencies and companies are already preparing by rolling out quantum-resistant algorithms . Currently, all modern browsers support Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), adopted by the US National Institute of Standards and Technology (NIST) as FIPS 203, one of its post-quantum encryption standards . Currently, two-thirds of non-bot traffic processed by Cloudflare already uses TLS with post-quantum encryption, up from 38% a year ago, according to Cloudflare Radar . In the past six months, Cloudflare has seen non-bot usage of post-quantum encryption rise to two-thirds of requests, up from 40%. Source: Cloudflare Radar Yet, post-quantum encryption key exchange using ML-KEM only protects against SNDL attacks. Following the creation of a CRQC, the system could still be used to impersonate web sites, making a different type of protection necessary before such computers become viable. Foiling such attacks is the promise of Merkle tree certificates. Merkle trees, or hash trees, are an efficient way of organizing verification data. Data is divided up into blocks, with the hash of each data block stored in a leaf node. The non-leaf nodes of the tree hold the hash of its child nodes. Using the data structure, the tree can quickly determine if data was changed and, if so, in which data block. Related: Most Google Cloud Attacks Start With Bug Exploitation Merkle tree certificates use this same approach. Not only do MTCs reduce the size of post-quantum certificates, but they also decrease latency and have transparency as a feature, not an added-on requirement. Trying to use other post-quantum alternatives, such as ML-DSA, allows servers to be authenticated, but results in a significant increase in overhead. At present, loading the certificate from a page view on a site requires 3.1 KB per connection, but ML-DSA would cause that to blow up to 14.7 KB per connection, says Brian Trzupek, senior vice president of product at certificate authority DigiCert. MTCs only require approximately 840 bytes per page load, more efficient than even pre-quantum certificates. Because most sites acquire assets and resources from other domains — 21 different TLS domains for Dark Reading , for example — that quickly results in significant overhead, he says. "It's this huge increase of data that's going on," Trzupek says. "So that's slowing things down, that's making pages load slower, congesting networks, all [that] kind of stuff." For those reasons, Google announced its intent to support MTCs in the Chrome browser , saying the company has begun to work with Cloudflare on a feasibility study. Bonus: Better Web Performance A typical TLS handshake transmits two public keys and five signatures. With classical encryption methods, that requires about 1.2 kilobytes to be transferred. With ML-DSA-44, which is the best option for post-quantum web encryption today, that grows to about 14.7 kilobytes. The Chrome security teams concluded that adding more than 7 kilobytes to web communications will overburden the web and cause problems for users and internet infrastructure, Cloudflare's Valenta said in his RWC presentation. ML-DSA is the most efficient post-quantum encryption, but even that requires an order of magnitude more bandwidth than MTCs. Source: Cloudflare (partial table of data) There are two types of Merkle tree certificates: landmark certificates and standalone certificates. Landmark certificates require preloading of information on the chain of hashes for each certificate authority that provides an inclusion proof for CA's Merkle tree root. If the browser does not have up-to-date landmarks, then it will download a standalone certificate, which requires more data. Google is currently in Phase 1 of its effort to test MTCs using conventional cryptography, a worst-case scenario compared to post-quantum encryption, Google researchers say. "Despite this, experimental MTCs are still consistently faster and require fewer bytes transferred than their conventional counterparts, and we expect this lead will grow significantly when using PQ signature algorithms in Phases 2 and 3," they stated in comments to Dark Reading . In the initial pilots, the landmark certificate files include 168 landmarks, each one consisting of a few hashes, making the client-side storage certainly greater, but not too much greater, Valenta said during the RWC. "There is definitely a trade-off with more storage on the client side, and there are lots of parameters — currently, in the experiment, we have landmarks being generated every hour, and that might be closer to a day," he says.