Navigating the Quantum Threat: Meta's Guide to Post-Quantum Cryptography Migration

As quantum computing advances, the cryptographic foundations of today's digital world face an unprecedented challenge. Meta has been proactively migrating its infrastructure to post-quantum cryptography (PQC) and sharing its framework, including the innovative concept of PQC Migration Levels, to help other organizations navigate this complex transition. Below, we answer key questions about the threats, standards, and practical steps involved in securing systems against future quantum attacks.

What is the “store now, decrypt later” threat and why does it matter?

The “store now, decrypt later” (SNDL) strategy is a serious security risk where adversaries collect encrypted data today with the intention of decrypting it once quantum computers become powerful enough to break current public‑key cryptography. Although practical quantum computers may still be 10–15 years away, sensitive information—such as personal communications, financial records, and state secrets—can be harvested now and stored for future decryption. This means that any data encrypted with today’s algorithms could be exposed, even if quantum machines are not yet operational. Organizations must therefore begin transitioning to post‑quantum cryptographic standards now, not later, to protect long‑term confidentiality. Meta has recognized this urgency and is proactively deploying PQC across its infrastructure to safeguard the billions of users who rely on its platforms.

What are the key NIST PQC standards and what is Meta's role in their development?

The U.S. National Institute of Standards and Technology (NIST) has published the first industry‑wide post‑quantum cryptography standards: ML‑KEM (Kyber) for key‑encapsulation and ML‑DSA (Dilithium) for digital signatures. Additional algorithms, such as HQC, are on the way. Notably, Meta cryptographers are co‑authors of HQC, reflecting the company’s deep commitment to advancing global cryptographic security. These algorithms have been designed to resist attacks from both classical and quantum computers, providing robust defenses against SNDL threats. Meta has already begun integrating these standards into its internal systems, and its involvement in the development process ensures that the solutions are both practical and effective for large‑scale deployments.

Why is Meta migrating to post-quantum cryptography now rather than waiting?

Meta operates platforms used by billions of people daily, making it a prime target for data harvesting under the SNDL strategy. Waiting for quantum computers to become a concrete threat would leave user data vulnerable to retroactive decryption. Meta has therefore taken a proactive, multi‑year approach to deploy PQC across its internal infrastructure, ensuring strong security and privacy commitments are upheld both now and in the future. This early migration also allows Meta to test and refine its framework, share lessons learned, and help the broader community accelerate its own transitions. By acting ahead of mandatory deadlines (such as the 2030 targets recommended by NIST and the UK’s NCSC), Meta reduces risk and builds cryptographic agility—the ability to switch algorithms quickly as standards evolve.

What are PQC Migration Levels and how can they help organizations?

PQC Migration Levels is a conceptual framework introduced by Meta to help teams within organizations manage the complexity of transitioning to post‑quantum cryptography across different use cases. The levels range from initial risk assessment and inventory through to full deployment and ongoing guardrails. By categorizing systems according to their sensitivity, exposure, and readiness, organizations can prioritize efforts and allocate resources more efficiently. For example, a critical financial service might be assigned a higher migration level than an internal communication tool. This structured approach reduces the risk of oversight and ensures that no system is left unprotected. Meta has used this framework internally and believes it can serve as a practical guide for others navigating the PQC landscape.

What steps did Meta take in its PQC migration process?

Meta’s migration follows a systematic process: risk assessment to identify systems vulnerable to SNDL, inventory of all cryptographic assets, deployment of new PQC algorithms (such as ML‑KEM and ML‑DSA), and guardrails to monitor and enforce the transition. The company also developed internal tools to automate algorithm switching and tested compatibility across its vast infrastructure. A key lesson was the importance of cryptographic agility—designing systems to support multiple algorithms so that future upgrades are smoother. Meta’s approach emphasizes efficiency and economy, aiming to minimize disruption while maximizing security. The entire multi‑year effort is documented to provide a blueprint for other organizations.

What lessons and takeaways can other organizations learn from Meta's experience?

Meta’s PQC migration offers several practical takeaways: 1. Start early—even if quantum threats seem distant, SNDL attacks make immediate action necessary. 2. Adopt a layered framework like PQC Migration Levels to systematically address complexity. 3. Build cryptographic agility into systems from the start to ease future algorithm changes. 4. Invest in inventory and risk assessment tools to understand your cryptographic footprint. 5. Collaborate with standards bodies and the wider community—Meta’s involvement in NIST standards like HQC ensures industry‑aligned solutions. 6. Communicate internally to secure executive buy‑in and cross‑team cooperation. Finally, Meta emphasizes that migration is not a one‑time project but an ongoing process—continuous monitoring and updating are essential. By sharing its framework and lessons, Meta hopes to accelerate the global shift toward a post‑quantum secure future.