Authors: Christoph Wildfeuer, Timeo Jauslin, Alain Lavoyer, Milenko Starcik, Afonso Serra, Laszlo Etesi, Valentina Tamburello and Bruno Huttner

As quantum computing advances, the need for quantum-safe cryptographic solutions in space systems becomes increasingly urgent. Current CCSDS/SDLS protocols rely exclusively on symmetric key cryptography, which poses challenges for key distribution, and scalability. This contribution presents an extension of the CCSDS/SDLS protocol stack with post-quantum public-key cryptography (PQC), enabling secure and scalable key exchange and authentication for satellite communications. Building on NIST Round 3 PQC candidates, we integrate algorithms such as ML-KEM (Kyber) and ML-DSA (Dilithium) into a hybrid security architecture that supports both legacy and future space missions. Our implementation is designed for compatibility with existing satellite systems and optimized for resource-constrained environments. It comprises a quantum random number generator for improved key generation. This work is part of ESA’s E2EQSS initiative and demonstrates a practical pathway to end-to-end quantum-safe satellite data links.