Navigating the Post-Quantum Cryptography Transition: Meta’s Migration Framework and Key Lessons
Understanding the Quantum Threat
Research indicates that quantum computers will eventually break conventional public-key cryptography, creating a significant security risk for digital systems across industries. Although experts estimate this capability may emerge within 10–15 years, sophisticated adversaries can already collect encrypted data today, anticipating a future where quantum decryption becomes feasible—a strategy known as store now, decrypt later (SNDL). This means sensitive information could be at risk even before quantum computers arrive.
Recognizing this urgency, organizations like the U.S. National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre (NCSC) have published migration guidance, including target timeframes like 2030, for prioritizing post-quantum protections in critical systems. These guidelines acknowledge that complexity and missing technical capabilities are key factors shaping PQC migration plans.
The first industry-wide PQC standards—such as ML-KEM (Kyber) and ML-DSA (Dilithium)—have now been published by NIST, with additional algorithms like HQC on the way. Notably, Meta cryptographers are co-authors of HQC, reflecting Meta’s commitment to advancing global cryptographic security.
Meta’s Proactive Approach
At Meta, we have taken a proactive stance to prepare for the threats posed by quantum computers and SNDL. With billions of people relying on our platforms daily, maintaining strong security and data protection is paramount. As part of this, we have already begun deploying post-quantum encryption across our internal infrastructure over a multi-year process, ensuring we uphold our security and privacy commitments now and in the future.
Introducing PQC Migration Levels
To help organizations manage the complexity of PQC migration for various use cases, we propose the concept of PQC Migration Levels. This framework allows teams within an organization to assess their readiness and prioritize efforts based on risk, resource availability, and operational impact.
Risk Assessment and Inventory
The first step involves a thorough risk assessment that identifies which systems and data are most vulnerable to SNDL attacks. Teams must inventory all cryptographic assets, including encryption algorithms, key lengths, and protocols. This inventory forms the foundation for understanding the migration scope and setting priorities.
Deployment Strategies and Guardrails
Once risks are mapped, deployment strategies vary by system criticality. For high-risk assets, immediate integration of PQC standards like ML-KEM and ML-DSA is recommended. For lower-risk systems, a phased approach with hybrid cryptography (combining classical and post-quantum algorithms) can provide a safety net. Guardrails—such as automated monitoring, fallback plans, and performance benchmarks—ensure that migrations do not disrupt operations.
Key Lessons Learned
From Meta’s migration journey, several insights emerge for the broader community:
- Start now: Even if quantum computers are years away, SNDL attacks make early action critical. A multi-year migration timeline requires immediate planning.
- Invest in inventory automation: Manually tracking cryptographic assets is error-prone; automate as much as possible to maintain an accurate, up-to-date picture.
- Embrace hybrid approaches: In transition phases, hybrid cryptography reduces risk while allowing time for algorithm maturity and performance optimization.
- Collaborate industry-wide: Standards bodies and companies must share frameworks, tools, and lessons to accelerate the global transition.
- Test continuously: Performance impacts of PQC algorithms (e.g., larger key sizes) require thorough testing in real-world environments.
By outlining our framework—from risk assessment and inventory through deployment and guardrails—we hope to provide practical guidance that helps accelerate the broader community’s move toward a post-quantum future. Our goal is to help others navigate this transition effectively, efficiently, and economically so they can prepare for a future where today’s public-key encryption methods may no longer be sufficient.
Conclusion
Quantum computers will eventually break conventional public-key cryptography, but organizations can prepare today. Meta’s PQC Migration Levels framework, combined with early deployment and industry collaboration, offers a clear path forward. By acting now, adopting robust standards, and sharing knowledge, we can collectively strengthen resilience against the quantum threat.