Meta Deploys Post-Quantum Cryptography Across Internal Systems, Urges Industry to Prepare Now

Breaking — March 2025 — Meta has quietly completed the first phase of a multi-year migration to post-quantum cryptography (PQC) across its internal infrastructure, the company announced today. In a detailed technical report, Meta’s security team warns that quantum computers could break today’s public‑key encryption within 10–15 years, and that attackers are already harvesting encrypted data for future decryption—a tactic known as “store now, decrypt later” (SNDL).

“We’re sharing these lessons to help other organizations accelerate their own PQC transitions,” said Dr. Elena Garcia, Meta’s lead cryptographer, in a statement. “The threat is real, the clock is ticking, and we cannot afford to wait until the standards are final.”

Background

Quantum computers, once scaled, will be able to factor large primes and solve discrete logarithms exponentially faster than classical machines. This directly threatens RSA, ECDH, and ECDSA—the backbone of internet security. The US National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre (NCSC) have both urged organizations to begin PQC migration by 2030 for critical systems.

In 2024, NIST finalized the first PQC standards: ML‑KEM (Kyber) for key encapsulation and ML‑DSA (Dilithium) for digital signatures. A third algorithm, HQC, is expected soon—Meta cryptographers are co‑authors of HQC, reflecting the company’s deep involvement in shaping global standards.

Meta’s PQC Migration in Detail

Meta’s report outlines a four‑stage process: risk assessment, inventory, deployment, and guardrails. The company has already rolled out post‑quantum key agreement in its internal certificate authorities, VPNs, and remote access systems. “We’re treating PQC as a fundamental architectural shift, not a one‑time patch,” Garcia noted.

To manage complexity across dozens of teams and thousands of services, Meta proposes a novel “PQC Migration Levels” framework—similar to CMMI or ISO maturity models—to help organizations prioritize and track progress. Each level defines the scope of PQC coverage, from experimental to fully deployed with monitoring.

Key Lessons Shared

• Inventory everything: Discovering all uses of public‑key crypto (from TLS to internal signing) is the hardest first step.
• Test hybrid modes early: Meta deployed classical + PQC hybrid modes before cutting over to pure PQC to avoid regressions.
• Automate guardrails: Continuous monitoring tools now reject any new service that doesn’t include PQC support.

What This Means

Meta’s proactive stance sets a precedent for hyperscalers and enterprises. “If a company of Meta’s size can migrate while maintaining 99.99% availability, there’s no excuse for others to delay,” said Professor James Wu, a cybersecurity researcher at MIT. “The SNDL threat is real—every byte of encrypted traffic sent today could be exposed in 10 years.”

The report also underscores the need for industry‑wide coordination. Without common PQC libraries, interoperability testing, and updated protocol specifications (e.g., TLS 1.3, SSH), individual migrations risk creating new vulnerabilities. Meta’s open‑source reference implementations of ML‑KEM and ML‑DSA on GitHub aim to reduce that friction.

For regulators and CIOs, the message is clear: start your PQC journey now, even if full standards are still evolving. The cost of delay—measured in lost trust, breached data, or regulatory fines—far outweighs the investment in early adoption.

— Reporting by the TechSecurity Desk