A UK-based cybersecurity startup claims to have done what many in cryptography circles have long written off as impractical: getting one of the heaviest post-quantum algorithms airborne on a drone without compromising its flight.
Post-Quantum and STV Group say they have successfully trialled a quantum-resilient drone platform built around the airborne use of Classic McEliece, with testing carried out at STV’s weapons facility in the Czech Republic and further field validation planned on systems already operating in active theatres.
The trial builds on an earlier partnership between Post-Quantum and STV to embed quantum-safe communications across defence systems, including drones and command-and-control networks, aimed at NATO and allied deployments.
At the centre of the claim is not just that post-quantum cryptography can be made to work on unmanned systems, but that one of its most unwieldy candidates can be made operational. Classic McEliece has long been regarded as a non-starter for constrained environments due to its large public key size, typically around one megabyte. That has pushed most real-world implementations towards more efficient alternatives, particularly CRYSTALS-Kyber.
“Nobody has solved that for a drone before. We have,” Post-Quantum CEO Rikky Hasan told Resilience Media. “Classic McEliece has nearly 50 years of unbroken cryptanalytic scrutiny behind it and no other post-quantum algorithm comes close to that security track record. Deploying a newer, less-studied algorithm on a military platform because it is more convenient is a risk decision. We chose not to make that compromise.”
The company’s approach has been to avoid treating the algorithm as a drop-in replacement for existing cryptography. Instead, it has engineered how and where it is used within the communications stack.
“Rather than treating it as a generic, drop-in replacement, we engineered how and where it is used within the communications stack,” Hasan explained. “We designed the communication flow so that Classic McEliece is used where its performance characteristics minimise bandwidth and latency impact.”
That design decision appears to be doing much of the heavy lifting. The main overhead associated with Classic McEliece – the large public key exchange – is handled at session establishment, outside the critical flight window. “Once airborne, the cryptographic workload is lightweight and the data exchanged remains minimal,” Hasan said. “In normal operation, the impact is negligible.”
Those are bold claims in a domain where even small performance penalties can have operational consequences. Drone systems operating in contested environments must already contend with jamming, degraded links, and intermittent connectivity. Any additional burden on bandwidth or power risks reducing range, endurance or reliability. Post-Quantum says testing at STV’s facility confirmed that the system can operate effectively under those conditions, though it is not yet publishing detailed performance data.
The system has been validated in testing, but not yet deployed in live operations. Even so, Hasan argues the gap between trial and deployment is narrow. “We are not claiming live operational deployment today,” he said. “We are claiming a validated, deployment-ready platform with a clear and short path to theatre.”
That confidence rests in part on STV’s position as a supplier whose unmanned systems are already in use in active conflict zones. The company’s ability to deploy platforms directly to theatre without further certification is being presented as a key enabler for rapid adoption, particularly as allied defence programmes look to harden systems against emerging threats.
Chief among those is the so-called “harvest now, decrypt later” risk, which Hasan describes in unequivocal terms. “It is the most immediate and concrete quantum threat in the defence domain, and it is already happening,” he said. “State-level adversaries… are intercepting and storing encrypted communications now. The question is not whether they will attempt this, it is whether the data will still be sensitive when decryption becomes feasible.”
In the case of drone operations, that sensitivity can persist for years. ISR data – from video feeds to telemetry – may retain intelligence value long after it is captured, particularly in protracted conflicts or when analysing infrastructure and force movements. “A drone procured today may be flying operationally in 2030 or 2035,” Hasan said. “The encryption protecting its communications must be secure not just today but across that entire operational life.”
The argument is that if systems are expected to remain in service for decades, then the cryptography underpinning them must be selected with that lifespan in mind. “Classical encryption cannot provide that assurance,” Hasan said. “Post-quantum cryptography, implemented now, at the point of manufacture, is the only solution.”
Whether defence buyers accept that argument will depend on how the technology performs in real-world conditions beyond controlled trials. However, the work by Post-Quantum and STV suggests that even the most cumbersome forms of post-quantum cryptography may be edging closer to operational reality – not by changing the algorithms themselves, but by rethinking how they are deployed in the systems that depend on them.
