Introduction
Quantum computers pose a significant threat to current public-key cryptography, potentially breaking widely used encryption methods within the next 10–15 years. Adversaries can already collect encrypted data today, waiting for quantum decryption capabilities—a tactic known as 'store now, decrypt later' (SNDL). To protect sensitive information, organizations must begin migrating to post-quantum cryptography (PQC) now. Drawing from Meta’s framework and lessons learned, this guide provides a structured approach to PQC migration, helping you navigate complexity, prioritize efforts, and build resilience.
What You Need
- Cryptography expertise – Internal or external specialists familiar with PQC algorithms (e.g., ML-KEM, ML-DSA, HQC).
- System inventory tools – To catalog all cryptographic implementations across hardware, software, and networks.
- Risk assessment framework – A method to evaluate exposure to SNDL attacks and prioritize systems.
- Migration planning team – Cross-functional members from security, engineering, operations, and compliance.
- Testing environment – Sandboxed infrastructure to validate PQC integration without disrupting production.
- Access to NIST standards – Copies of published PQC algorithms and guidelines.
Step-by-Step Migration Guide
Step 1: Understand the Threat and Define Goals
Begin by educating your leadership and teams on the quantum threat. Recognize that store now, decrypt later attacks put long-lived data at risk. Establish clear migration goals aligned with industry recommendations, such as NIST’s 2030 target for critical systems. Define what ‘PQC-ready’ means for your organization—e.g., all new deployments using PQC, or legacy systems upgraded by a specific date. This step sets the foundation for the entire effort.
Step 2: Conduct a Comprehensive Cryptographic Inventory
Identify every system, application, and protocol that uses public-key cryptography. This includes TLS certificates, digital signatures, key exchange mechanisms, and authentication systems. Use automated tools to map dependencies and versions. Document the encryption algorithms currently in use (e.g., RSA, ECC) and assess their vulnerability to quantum attacks. A thorough inventory prevents blind spots during migration.
Step 3: Perform Risk Assessment and Prioritize
Evaluate each inventoried component for exposure to SNDL and the sensitivity of data it protects. Assign priority levels based on factors like data lifespan, system criticality, and regulatory requirements. For example, systems handling health records or financial transactions for decades should be top priority. Use a tiered approach—such as PQC Migration Levels—to manage complexity:
- Level 1: Immediate threat (e.g., systems with long-term secrets).
- Level 2: Moderate risk (e.g., internal communication channels).
- Level 3: Low risk (e.g., ephemeral keys).
This categorization helps allocate resources effectively.
Step 4: Develop a Migration Plan with Guardrails
Design a phased rollout that minimizes disruption. Define guardrails to ensure safety, such as hybrid deployments using both classical and PQC algorithms until the new standards are proven. Include fallback mechanisms. Consider using NSA’s Commercial National Security Algorithm Suite (CNSA) 2.0 or NIST’s finalists (ML-KEM, ML-DSA, HQC) as starting points. Create a timeline for each phase, with milestones for testing, stakeholder review, and go/no-go decisions.
Step 5: Implement and Test in a Controlled Environment
Deploy PQC algorithms in a sandboxed environment first. Test for performance impacts—PQC keys can be larger, leading to increased latency in protocols like TLS. Verify interoperability with legacy systems if using hybrid modes. Conduct security audits to ensure the new implementation doesn’t introduce vulnerabilities. For example, Meta co-authored HQC, which offers robust security; evaluate similar options for your use case. Iterate based on findings before production deployment.
Step 6: Roll Out incrementally with Monitoring
Start with low-risk Level 3 systems to gain confidence. Gradually move to higher priorities. Use feature flags or gradual traffic shifting to limit blast radius. Monitor for failures, errors, and performance degradation. Establish automated rollback procedures. As Meta demonstrated over a multi-year process, patience and iteration are key. Document lessons learned and update your migration plan accordingly.
Step 7: Update Policies and Maintain Resilience
Once migration is complete, revise security policies to mandate PQC for all new deployments. Train staff on ongoing management. Stay informed about algorithm updates (e.g., NIST’s future endorsements). Continue monitoring for ‘harvest now, decrypt later’ threats and adjust priorities. Post-quantum security is not a one-time project—it requires continuous vigilance.
Tips for a Successful Migration
- Start early – Even if quantum computers are years away, SNDL risks are present now. Early movers gain experience and reduce future rush.
- Use standardized algorithms – Avoid rolling your own PQC; rely on NIST-approved ones like ML-KEM or HQC for interoperability and trust.
- Plan for hybrid modes – Transition periods benefit from classical + PQC combinations to maintain backwards compatibility.
- Engage cross-functional teams – Involve cryptography experts, network engineers, and legal/compliance to address all aspects.
- Automate inventory and testing – Manual processes are error-prone; use tools to continuously map and validate cryptographic usage.
- Document everything – Maintain records of decisions, configurations, and lessons learned to accelerate future migrations.