Navigating Post-Quantum Cryptography: Meta's Blueprint for a Secure Future

As quantum computing advances, traditional encryption methods face obsolescence, threatening the security of digital systems worldwide. Meta recently shared its experience migrating to post-quantum cryptography (PQC), offering a practical framework to help organizations navigate this complex transition. Below, we answer key questions about Meta's approach, including risk assessment, deployment strategies, and lessons learned, to equip you with actionable insights for your own migration journey.

What is post-quantum cryptography, and why is Meta migrating to it?

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to withstand attacks from quantum computers, which will eventually break current public-key systems like RSA and ECC. Meta is proactively migrating its internal infrastructure to PQC to protect billions of users against future threats. The urgency stems from the “store now, decrypt later” (SNDL) strategy, where adversaries collect encrypted data today, expecting to decrypt it once quantum computers become available. By transitioning now, Meta ensures long-term confidentiality and integrity of sensitive information, aligning with guidance from bodies like NIST and the UK NCSC. The company aims to complete critical system upgrades before 2030, using standards such as ML-KEM and ML-DSA. This migration is not just a technical upgrade but a strategic move to maintain trust and security in an era where quantum decryption could expose decades of data.

What is the “store now, decrypt later” threat, and how does PQC counter it?

The “store now, decrypt later” (SNDL) threat involves adversaries harvesting encrypted data today, anticipating that future quantum computers will crack the encryption. This puts historically sensitive information—like financial records, personal communications, or state secrets—at risk even if quantum computers are still years away. Meta addresses this by deploying post-quantum cryptography across its systems, which uses quantum-resistant algorithms. For example, NIST-approved standards like ML-KEM (formerly Kyber) and ML-DSA (Dilithium) are designed to resist both classical and quantum attacks. Additionally, Meta cryptographers contributed to HQC, a newly selected PQC algorithm. By implementing these defenses now, Meta prevents a future where large-scale decryption becomes possible, ensuring that data encrypted today remains secure indefinitely. The company’s multi-year rollout includes prioritizing high-value assets and monitoring emerging quantum capabilities to adapt its strategy as the threat evolves.

What are PQC Migration Levels, and how do they help organizations?

Meta proposes PQC Migration Levels as a tiered framework to help teams manage the complexity of cryptographic upgrades across diverse use cases. These levels categorize migration stages from initial risk assessment to full deployment and ongoing guardrails. For instance, Level 1 involves inventorying cryptographic assets and identifying dependencies, while higher levels include algorithm selection, testing, and phased deployment with rollback plans. This structured approach allows organizations to prioritize efforts based on risk exposure, resource availability, and compliance deadlines. By breaking down the journey into manageable steps, teams can track progress without overwhelming their operations. Meta’s own deployment used this framework to coordinate across services, ensuring that critical systems like user authentication and data storage were upgraded first. The levels also facilitate communication between security, engineering, and leadership teams, aligning everyone on milestones and responsibilities. Ultimately, this model aims to make PQC migration efficient and economical for any organization.

How does Meta conduct risk assessment and inventory for PQC migration?

Meta’s process begins with a comprehensive risk assessment to identify which systems and data are most vulnerable to quantum attacks. This includes evaluating the sensitivity of data, its lifespan, and the cryptographic algorithms currently in use. Next, the company builds a detailed inventory of all cryptographic endpoints, such as TLS certificates, signing keys, and internal communication channels. This inventory is crucial for understanding dependencies and potential impact during upgrades. Meta also assesses third-party components and protocols that may need updates. Based on this, they prioritize systems that handle long-term secrets (e.g., password databases, encryption keys) and services exposed to external networks. The risk score combines factors like algorithm strength, compliance requirements, and threat actor capabilities. Lessons learned include investing in automated tools for continuous discovery and tagging, as manual inventories quickly become outdated. This approach ensures no asset is overlooked, and resources are allocated to the highest-risk areas first. For a deeper dive, see our Migration Levels section.

What NIST standards are used in Meta’s PQC migration, and what is Meta’s role?

Meta’s migration relies on NIST-approved algorithms such as ML-KEM (Kyber) for key encapsulation and ML-DSA (Dilithium) for digital signatures. These standards were selected for their performance, security, and widespread support. Notably, Meta cryptographers are co-authors of HQC, another NIST-selected algorithm that provides additional robustness. Beyond using these standards, Meta actively contributes to their development by testing implementations, providing feedback, and sharing real-world deployment insights with the cryptographic community. The company also monitors emerging algorithms like Falcon and SPHINCS+ for potential future needs. This dual role—both adopter and contributor—helps ensure that the standards remain practical for large-scale operations. For example, Meta’s testing of ML-KEM revealed performance optimizations that benefit other organizations. By openly sharing findings, Meta accelerates industry-wide adoption of post-quantum cryptography and helps shape standards that balance security with efficiency.

What are the key lessons learned from Meta’s PQC migration journey?

Meta highlights several critical lessons for organizations undertaking PQC migration. First, start early—quantum threats may be 10–15 years away, but SNDL attacks make immediate action necessary. Second, invest in automated inventory and dependency mapping to avoid manual errors. Third, adopt a phased approach using PQC Migration Levels to manage complexity without disrupting services. Fourth, involve stakeholders across the organization, from security teams to product managers, to ensure alignment on priorities. Fifth, test rigorously in staging environments before production rollout, allowing for algorithm tuning and fallback mechanisms. Sixth, plan for algorithm agility—future standards may change, so design systems to be upgradeable. Finally, share knowledge openly with the community to accelerate global resilience. Meta’s own experience showed that early proof-of-concepts and close partnerships with cloud providers smoothed the transition. By following these guidelines, even resource-constrained organizations can effectively protect their digital assets against the coming quantum revolution.