Meta has already begun preparing for the threats posed by quantum computing and migrating its systems to post-quantum cryptography, a complex process that will take multiple years to complete. In a recent article, Meta researchers outline their strategy and share key lessons learned along the way.
Meta describes its migration process as a far-reaching transformation of infrastructure, standards, and engineering practices across the entire organization. To track progress, they defined a five-level maturity model, from PQ-unaware to PQ-enabled, with the latter representing the ultimate goal of full quantum-resistant protection.
Each level along the scale brings incremental protection. At the PQ-aware level, a company has assessed its usage of cryptography and understands what it takes to reach the next level, PQ-ready. PQ-readyness marks the beginning of the migration even if post-quantum secure solutions are not yet fully enabled. While this is not ideal, it would still make the company faster in reacting once an actual threat materializes.
The strategy suggested by Meta's researchers is defined as a sequence of steps, beginning with prioritization. Companies should rank applications based on their vulnerability. In particular, systems that rely on public-key encryption and key exchange mechanisms are considered high priority, as these primitives are especially vulnerable in a post-quantum world.
Among high-risk applications, we differentiate the ones that have no external dependencies (can be migrated right away), from the ones that have external dependencies and thus may need to wait until these dependencies are resolved.
Medium- and high-priority applications are those that would only become vulnerable once actual quantum computer are available in the future. Among these, attacks on symmetric cryptography are considered low priority due to their substantial resource requirements (typically associated with brute-force Grover’s attacks, while applications relying on digital signatures are generally classified as medium priority
Other steps in the process include building an inventory of affected systems and applications, addressing external dependencies, and designing a quantum-secure solution by selecting appropriate post-quantum cryptography algorithms. At the same time, companies are advised to adopt guardrails to prevent new systems from being built using quantum vulnerable algorithms, including discouraging the creation of new quantum vulnerable keys and the use of affected APIs.
The final step, integrating post-quantum cryptography solutions, can be carried out either by replacing existing solutions or by layering post-quantum schemes on top the classical ones. Meta’s researchers generally favor this hybrid approach:
[It can be] designed so that the combined system should remain at least as secure as the current standard. An adversary would need to break both layers to compromise the system, providing a critical safety net.
While quantum computing is still far from being a reality, it is long known that hackers could harvest encrypted data today and decrypt it when quantum computers will become available in future, with growing evidence they could need fewer resources than earlier thought to break current algorithms. The authors of the research write:
This finding underscores the importance of ongoing efforts to transition widely deployed cryptographic systems to post-quantum standards designed to be secure against quantum attacks.
In this frame, Meta's migration guidelines can offer valuable help to prepare for a complex process that requires visibility, prioritization, ecosystem coordination, and incremental rollout.