Let's Encrypt picks Merkle Tree Certificates as its post-quantum path, targeting late 2026 staging
Let's Encrypt has chosen Merkle Tree Certificates — which batch-sign certs under a single signature and produce TLS handshakes smaller than today's Web PKI — as its post-quantum authentication path, with staging in late 2026 and production in 2027. ACME client developers need client-side MTC support before that rollout lands; the more urgent gap today is enabling hybrid post-quantum key exchange (X25519MLKEM768) on servers, which major browsers and operating systems support.
Source: letsencrypt.org ↗
A quantum computer needs to forge a signature in real time, not retroactively, so threats to authentication hinge on the existence of a cryptographically relevant quantum computer (CRQC).
Let's Encrypt
Why this matters
- → Post-quantum signatures must ship before 2030–2035 deadlines hit; authentication is now urgent.
- → MTCs solve the size problem that would break TLS handshakes on real networks.
- → Let's Encrypt staging late 2026 sets timeline for ecosystem adoption across clients and browsers.
Quantum PKI arrives