1.9.3 — Quantum Communication Systems — maturity: experimental

Post-Quantum Communications

Hardening satellite communication links against quantum-era cryptanalysis by embedding NIST-standardised post-quantum cryptographic algorithms into the space and ground segments.

Auto-drafted reference page — content reviewed for shape, individual references not yet link-checked.

Classical public-key cryptography underpins every secure satellite link today, and it is provably broken the moment a sufficiently powerful quantum computer exists. The threat is not theoretical: adversaries already harvest encrypted traffic for later decryption, meaning data transmitted now over vulnerable links is already compromised in a 'store now, decrypt later' attack. Sovereign operators who depend on foreign satellite services have no visibility into, let alone control over, when or whether those providers will migrate their cryptographic stack.

Post-quantum communications replaces RSA, ECDH and classical TLS handshakes with NIST-standardised algorithms—CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures—embedded directly in the satellite's onboard communications processor and mirrored in the ground segment. A constellation of microsatellites running software-defined radios allows cryptographic modules to be patched over-the-air as standards evolve, avoiding the hardware lock-in that plagues purpose-built GEO platforms. The ground network enforces end-to-end PQC from user terminal to operations centre, with no classical cryptography in the path.

The operational outcome is a communications architecture that remains confidential across its entire design lifetime—typically 10-15 years on orbit—regardless of advances in quantum hardware. Sovereign ownership means the nation controls algorithm selection, key management infrastructure and the patch cadence, none of which can be guaranteed when renting capacity from a commercial provider operating under a foreign regulatory and export-control regime.

What matters

NIST finalised CRYSTALS-Kyber (FIPS 203) and CRYSTALS-Dilithium (FIPS 204) in 2024, giving sovereign operators a stable migration target for the first time.
Store-now-decrypt-later attacks are active today: adversaries intercepting classical-encrypted government satellite traffic can retrospectively decrypt it once quantum hardware matures.
Software-defined radio payloads allow PQC algorithm upgrades via authenticated over-the-air patches, eliminating the need for a hardware refresh when standards evolve.
Foreign commercial satellite providers operate under their own export-control and lawful-intercept obligations, making algorithm selection and key custody decisions inaccessible to tenant governments.

Sovereignty score: 9/10 — A nation that does not own and operate its PQC-hardened satellite stack surrenders control over the cryptographic longevity of its most sensitive communications to foreign vendors, foreign regulators and the pace of a commercial market it cannot direct.

Key custody and algorithm selection: commercial satellite operators under foreign jurisdiction may be compelled by lawful-intercept orders to weaken or disclose encryption configurations, making sovereign key management architecturally impossible without owning the platform.
Export-control exposure: advanced PQC-capable onboard processors and software-defined radio systems are subject to US EAR and ITAR controls, meaning a sovereign nation renting foreign capacity has no guarantee of access to the cryptographic modules protecting its own traffic.
Standards agility: as NIST and ITU-T standards evolve, a sovereign operator can mandate and verify over-the-air algorithm updates on a schedule aligned with its own threat assessment, whereas a commercial provider will prioritise its broadest customer base and contractual obligations.
Geopolitical escalation risk: in a crisis, a foreign-operated satellite communication service can be degraded, suspended or selectively decrypted under bilateral pressure—a risk that is eliminated only when the nation owns the keys, the hardware and the orbit slot.

Reference architecture

Payload: Software-defined radio communications payload supporting S-band and Ka-band links; onboard cryptographic processing module implementing CRYSTALS-Kyber (FIPS 203) key encapsulation and CRYSTALS-Dilithium (FIPS 204) digital signatures; hardware security module (HSM) for key storage rated to EAL5+; 10 W RF output per channel; cryptographic throughput ≥ 1 Gbps symmetric after key exchange
Bus class: 12U cubesat or ESPA-class microsat (80–120 kg), 400 W total power, deployable solar panels; modular payload bay sized to accept next-generation PQC processor cards without bus redesign
Orbit: Sun-synchronous LEO at 500–550 km; 18-satellite walker constellation (3 planes × 6 satellites) providing ≤ 30-minute revisit for ground terminals at mid-latitudes; higher inclinations optional for polar coverage
Ground segment: Sovereign 4-station national network (Ka-band uplink, S-band TT&C); all ground terminals running matched CRYSTALS-Kyber/Dilithium software stack; HSM-secured key management centre air-gapped from public internet; SatNOGS-compatible S-band backup for telemetry; no third-party ground station sharing to preserve key isolation
Software & data
Latency
Cost band
Lead time

References

NIST Post-Quantum Cryptography Standardisation — FIPS 203, 204, 205 — NIST published the first three finalised post-quantum cryptographic standards in August 2024, covering lattice-based key encapsulation and digital signature schemes. The standards are algorithm-agnostic in deployment and are designed for integration into existing communication protocols including TLS and satellite link-layer encryption.
ESA — Quantum Technologies for Space — ESA's quantum technologies programme includes research into post-quantum cryptographic implementations for satellite onboard computers and ground terminals. The agency identifies PQC migration as a near-term priority distinct from but complementary to quantum key distribution.
ITU-T Focus Group on Quantum Information Technology for Networks — The ITU-T focus group has produced technical reports on integrating post-quantum algorithms into existing telecom and satellite network protocols, including guidance on hybrid classical-PQC transition architectures. It highlights standardisation timelines relevant to sovereign network planners.
ENISA — Post-Quantum Cryptography: Current State and Quantum Mitigation — ENISA's report assesses the operational risk of store-now-decrypt-later attacks on government and critical-infrastructure communications, recommending immediate migration planning. It specifically flags satellite communication links as high-priority targets due to their long asset lifespans.
CISA — Post-Quantum Cryptography Initiative — CISA's initiative provides migration guidance for critical infrastructure operators, including telecommunications and satellite systems, emphasising that cryptographic agility—the ability to swap algorithms without hardware replacement—is a core design requirement. The guidance is directly applicable to sovereign satellite ground and space segment procurement.