Introduction: Why Post-Quantum Cryptography Matters Now
The rise of quantum computing poses a fundamental threat to the public-key encryption that secures today’s digital infrastructure. Recognizing this, Meta has taken a proactive stance by migrating its internal systems to post-quantum cryptography (PQC). In this article, we share the framework, lessons, and practical guidance derived from Meta’s multi-year migration journey. Our goal is to help other organizations navigate this complex transition effectively, efficiently, and economically.
The Quantum Threat and “Store Now, Decrypt Later”
Research indicates that sufficiently powerful quantum computers will eventually break conventional public-key algorithms, such as RSA and ECC. Although experts estimate this capability may emerge within the next 10–15 years, a more immediate danger lies in the “store now, decrypt later” (SNDL) attack strategy. Adversaries can collect encrypted data today and store it, waiting for a future quantum computer to decrypt it. This means sensitive information—from personal messages to financial records—could be at risk even before practical quantum computers arrive.
To address this, organizations like the US National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre (NCSC) have published migration guidance, recommending that critical systems prioritize PQC protections by 2030. These guidelines acknowledge that complexity, incomplete tooling, and missing technical capabilities are significant hurdles.
NIST has already standardized foundational PQC algorithms: ML-KEM (Kyber) for key encapsulation and ML-DSA (Dilithium) for digital signatures. Additional algorithms, such as HQC, are on the way—notably, Meta cryptographers are co-authors of HQC, reflecting the company’s commitment to advancing global cryptographic security.
Meta’s Proactive Approach to PQC Migration
With billions of people relying on Meta’s platforms daily, maintaining strong security and data protection is paramount. Meta has already begun deploying post-quantum encryption across its internal infrastructure through a structured, multi-year process. The migration effort revolves around three core components: a risk assessment and inventory phase, phased deployment, and ongoing guardrails.
PQC Migration Levels: A Framework for Complexity
One of Meta’s key contributions is the concept of PQC Migration Levels. This framework helps teams within an organization assess the complexity of migrating different use cases. Each level corresponds to a combination of technical difficulty, dependency depth, and operational criticality. By categorizing systems into levels, teams can prioritize migration efforts and allocate resources more effectively.
Risk Assessment and Cryptographic Inventory
The first step in Meta’s approach was a comprehensive inventory of all cryptographic assets. This included identifying which public-key algorithms were in use, where they were deployed, and what data they protected. A risk assessment then evaluated the exposure to SNDL attacks and the potential impact of a quantum breach. This process highlighted systems that required immediate attention and those that could be migrated later.
Deployment and Guardrails
Meta deployed PQC upgrades incrementally, starting with low-risk, isolated services and gradually moving to core infrastructure. To ensure security during the transition, the team implemented cryptographic guardrails—automated checks that prevent accidental rollback to weak algorithms and enforce the use of approved PQC primitives. These guardrails also monitor for misconfigurations and provide alerts when deprecated algorithms are detected.
Lessons Learned and Practical Takeaways
Meta’s migration has yielded several insights that can benefit the broader industry:
- Start early: Even if your organization isn’t required to migrate by 2030, beginning the inventory and risk assessment process now reduces future pressure.
- Use standardized algorithms: Adopt NIST-approved PQC algorithms like ML-KEM and ML-DSA to ensure interoperability and compliance with emerging regulations.
- Plan for hybrid deployments: In many scenarios, combining existing public-key cryptography with PQC (hybrid mode) provides a safety net until the new algorithms are fully proven.
- Invest in automation: Cryptographic guardrails and automated inventory tools dramatically reduce the risk of human error and simplify ongoing maintenance.
- Foster cross-team collaboration: PQC migration touches infrastructure, product, security, and compliance teams—early coordination is essential.
Conclusion: A Roadmap for the Post-Quantum Future
Meta’s experience demonstrates that a structured, level-based migration approach can help organizations manage the complexity of transitioning to post-quantum cryptography. By prioritizing risk assessment, building automated guardrails, and learning from early deployments, any enterprise can strengthen its resilience against the coming quantum threat. The industry’s collective move toward PQC standards is accelerating—and with the right framework, organizations can navigate this transition with confidence.
For more details, explore Meta’s full PQC migration guidance or refer to resources from NIST and NCSC.