LEO constellation · Telemetry and payload

AllEyes ResilientAgent PQC-WAN (variante espace)GARANCE PKI

01 — Analysis

Problem

LEO constellations (Kuiper, Starlink, IRIS²) operate on short visibility windows with CCSDS TT&C links exposed to interception and spoofing. Earth observation (EO/SAR) payloads generate terabytes beyond downlink bandwidth without onboard pre-processing. Classical crypto (AES-GCM with RSA handshake) will break before constellation end-of-life (15+ years).

CryptOps Solution

Ground segment runs AllEyes Resilient that encrypts CCSDS/SpaceWire with ML-KEM-1024 and runs observation AI (SAR-ATR, maritime, fires) on the GPU. Space segment integrates the same PQC crypto stack via the radiation-tolerant Agent PQC-WAN variant. Same GARANCE ground/space PKI, per-orbit-window key rotation.

Deployment architecture

◆

Antenne de poursuite

Ka/X-band

◆

AllEyes Resilient

ML-KEM-1024

Burst

◆

GARANCE PKI

ML-DSA-87

LIAISON RADIOAES-256-GCM · PFSHandshake ML-KEM < 2 s

◆

Payload radio

OBC + modem

◆

Agent PQC embarqué

Tolerant aux fenêtres de visibilité

Résilient aux coupures de liaison — rekeying incrémentalCompatibilité CNES · ESA · DGA

See multi-agent compute breakdown (FPGA · CPU · GPU)

02 — Performance

Key metrics

CCSDS

+ SpaceWire

Protocol

10-40

Gbps/sat

Downlink throughput

1 orbit

~90 min LEO

Key rotation

TID 100

krad variant

Radiation

03 — ROI

ROI analysis

Item	Before	With CryptOps	Impact
Cleartext TT&C (spoofing risk)	Confirmed hijack (NASA 2021)	ML-DSA-87 auth	Risk eliminated
Ground vs onboard pre-processing	Saturated downlink	Onboard AI	-80% bandwidth
IRIS² sovereignty	US/IL solution	100% EU stack	EU compliance

04 — Compliance

Applicable regulation

CCSDS 355.0-B Space Data Link Security

SDLS Extended Procedures

Encryption framework for space data links — PQC adoption under way in CCSDS WG.

ESA ECSS-E-ST-40

Space software engineering

Safe Rust compatible with DAL-A/B requirements for critical embedded software.

EU Space Strategy

IRIS² sovereignty

Mandatory use of European solutions for the IRIS² constellation.

05 — Target clients

Target clients

LEO constellation operators Space agencies CNES/ESA integrators Space defense EO/SAR payload industrials

06 — Business applications

Data processing on the same appliance

Beyond post-quantum encryption, every AllEyes Resilient appliance hosts your data-processing workloads on its FPGA, CPU and GPU resources — all isolated from the certified crypto core.

Explore business applications →

Next step

Secure your infrastructure today

Our team will guide you through the deployment tailored to your use case.

Request a demo → Download brochure ↓