16.1.1 — Quantum & Sovereign Cryptographic Infrastructure — maturity: experimental

Sovereign QKD Backbones

Distributing quantum-secured encryption keys via satellite to create an unconditionally secure national communications backbone immune to computational attack.

Auto-drafted reference page — content reviewed for shape, individual references not yet link-checked.

Every encrypted government link rests on a mathematical assumption: that breaking the underlying cipher is computationally infeasible today. Quantum computers are eroding that assumption on a known timeline, and adversaries are already harvesting ciphertext now to decrypt later — a strategy called 'store now, decrypt later'. A sovereign state that waits for the threat to materialise before acting will find its most sensitive historical traffic retrospectively readable by foreign intelligence services. Quantum Key Distribution (QKD) sidesteps the problem entirely: the laws of physics, not computational hardness, guarantee that any eavesdropping attempt disturbs the key and is detected before a single bit of plaintext is exposed.

Satellite QKD extends the range of this guarantee from the 100–150 km fibre limit to intercontinental distances. A constellation of low-Earth-orbit satellites carrying single-photon transmitters passes over ground stations in darkness — atmospheric turbulence and solar noise are minimised at night — and exchanges quantum keys with national nodes using BB84 or decoy-state protocols. Each satellite acts as a trusted relay, generating a key with one ground station and a separate key with another, then XOR-combining them aboard to produce a one-time-pad segment that neither intercepted link alone can compromise. The Chinese Micius satellite demonstrated this architecture at 1,200 km altitude in 2017 and achieved intercontinental QKD at 7,600 km effective range by 2020, validating the physics at scale.

The operational outcome is a national key-distribution spine that connects ministries, military command nodes, central banks and critical infrastructure operators with keys that are provably uncompromised. Day-to-day traffic still runs on classical encrypted links, but those links are rekeyed on a schedule driven by the satellite constellation, replacing long-lived asymmetric keys with freshly generated quantum keys. A nation that owns this constellation controls the cadence, the trusted-relay logic, the ground-station access list and the key escrow policy — none of which can be dictated or suspended by a foreign vendor or treaty partner.

What matters

Store-now-decrypt-later attacks are active today: adversaries are archiving TLS-protected government traffic on the assumption that cryptographically-relevant quantum computers will exist within the decade.
Fibre-based QKD is limited to ~150 km without trusted repeaters; satellite relay is the only near-term solution for national-scale key distribution across geographically dispersed sites.
The trusted-relay architecture means the satellite operator defines which ground nodes can exchange keys — outsourcing that role to a foreign constellation is a structural intelligence vulnerability.
QKD keys are typically consumed as one-time pads or used to rekey AES-256 links; key generation rate (currently 0.1–1 Mbit/s per ground pass) determines how many high-priority links the constellation can serve simultaneously.

Sovereignty score: 10/10 — A nation that does not own its QKD constellation owns neither its key-generation policy nor its long-term communications security — and no treaty partner will guarantee either under adversarial pressure.

Geopolitical leverage: the trusted-relay node aboard a foreign-operated satellite determines which ground stations can exchange keys; access can be denied or logged without the customer's knowledge during a crisis or diplomatic rupture.
Export control and supply-chain risk: single-photon sources, superconducting nanowire single-photon detectors (SNSPDs) and precision pointing assemblies for QKD payloads are controlled under national export regimes (US EAR, EU Dual-Use Regulation); a sovereign programme must qualify domestic or allied suppliers before any adversarial pressure removes access.
Legal and intelligence exposure: key escrow and audit-log policies for a foreign-operated QKD network are governed by the operator's national law, which may compel disclosure of key metadata or ground-station contact records to that government's intelligence services.
Escalation control: in a pre-conflict or conflict scenario, a foreign operator can suspend ground-station handshake windows, denying key refresh to critical national infrastructure at the moment of highest demand — a sovereign constellation removes that single point of coercion.

Reference architecture

Payload: Polarisation-entangled or decoy-state BB84 single-photon transmitter operating at 780 nm or 1550 nm; 15–30 cm Cassegrain telescope with active tip-tilt mirror for sub-microradian beam pointing; auxiliary classical laser channel (1550 nm DWDM) for timing synchronisation and authentication; key generation rate 100–500 kbit/s per ground pass under clear-sky conditions
Bus class: ESPA-class microsat, 120–180 kg, 400 W total power (100 W payload); 3-axis stabilised with reaction wheels and star trackers to achieve ≤0.01° pointing knowledge required for photon link budget closure
Orbit: Sun-synchronous LEO at 500–600 km; 6-satellite initial constellation (Walker 60°/6/1 variant) providing 2–3 passes per night per mid-latitude ground station; eventual 18-satellite full constellation for sub-24-hour key refresh across all national nodes; nightside-only QKD passes, dayside used for housekeeping and classical relay
Ground segment: National network of 4–6 optical ground stations (0.5–1 m aperture telescopes, adaptive optics optional) co-located with key-management servers in hardened national facilities; S-band TT&C at each station; inter-station fibre backbone for classical authentication and key-XOR relay; SatNOGS UHF/VHF backup for telemetry only — not used for quantum channel
Software & data
Latency
Cost band
Lead time

References

Micius Satellite QKD Experiment — Nature (via Chinese Academy of Sciences) — The Chinese Academy of Sciences describes how the Micius satellite demonstrated satellite-to-ground QKD at 1,200 km, achieving a key rate orders of magnitude beyond what terrestrial fibre could support at that range. The experiment validated decoy-state BB84 protocol under real atmospheric conditions.
European Quantum Communication Infrastructure (EuroQCI) Initiative — The European Commission's EuroQCI programme aims to build a pan-European quantum-secured communication network integrating both terrestrial fibre and a space segment, positioning quantum communications as critical sovereign infrastructure. All 27 EU member states have signed the EuroQCI Declaration.
ITU-T Focus Group on Quantum Information Technology for Networks — The ITU-T Focus Group has published technical reports on QKD network architectures, standardisation gaps and the interoperability requirements for trusted-relay satellite nodes. Its work frames the policy and technical baseline for national QKD deployments.
ETSI Quantum Key Distribution Industry Specification Group — ETSI's QKD ISG has produced standards covering QKD device characterisation, key management interfaces and security proofs for trusted-relay architectures, including the satellite relay model. These specifications are the closest thing to an interoperability baseline for sovereign QKD deployments today.
ESA Quantum Communications Feasibility Study (SAGA / QUARTZ) — ESA's quantum communications programme has funded feasibility studies and technology maturation activities for a European QKD satellite, examining payload mass, photon-source performance and ground-station telescope aperture requirements. The programme sets the engineering parameters for a credible European sovereign alternative to Micius-class systems.