Why post-quantum migration plans probably don't reach low Earth orbit

Most post-quantum migration plans you read in 2026 read like terrestrial cloud-microservice migration plans, because that is overwhelmingly where the people writing them work. The plan assumes a credential authority you can call. It assumes you can roll out a new TLS profile across a fleet of services and that, between them, hardware load balancers and the cloud KMS will sort out the migration math.

These assumptions do not survive the harshest operational regimes. A drone in jamming cannot call the authority. A satellite between ground passes cannot call the authority. A subsea unmanned vehicle has acoustic-link bandwidth measured in single-digit kilobits per second, and the migration math, when written down, asks it to perform a key rotation that won't fit in a surfacing window.

The temptation when you operate one of these systems is to defer the post-quantum question. The cryptographically relevant quantum computer is, depending on whose estimate you trust, a decade or two out. The drone you build today will be retired before the threat is real. So why fix what is not yet broken?

The reason is that post-quantum is not a flag day. The transition is a multi-year drift. The standards are landing now (FIPS 203, FIPS 204, FIPS 205), the regulatory mandates are landing now (CNSA 2.0, EU CER, EU NIS2), and the procurement contracts are starting to ask whether your roadmap is post-quantum. If your answer is "we will migrate when we have to," you have already lost the buyer in pharma cold-chain, in industrial-edge, in defence, and increasingly in space.

The harder problem, and the one EdSSA Orbit was built around, is that the harsh-conditions environment changes what migration even means. You cannot phone home. You cannot rotate a certificate. The protocol that ships in the firmware of the satellite you launch in 2026 has to keep authenticating in 2045 — through hardware redundancy events, through schema changes, through whatever post-quantum primitive becomes the standard you actually care about a decade after launch.

The architectural shape that survives this is one where the post-quantum part happens at bootstrap, where the bootstrap material is discarded after the in-memory state is initialised, and where the running state advances autonomously through one-way functions on a schedule that does not require communication. That is the shape of EdSSA Nano.

It is not the shape of any cloud-microservice authentication architecture. That is fine. Cloud microservices have an authority they can call. The harsh-conditions market does not. The plans that work in the harsh-conditions market start from the constraint, not from the convenience.

If you are mapping a post-quantum migration for a system that has to keep running through a decade of disconnects — talk to us. We have done the architectural work.