Skip to content

SPACE EXPLORATION

Archive-grade provenance that travels with the mission archive.

An operator-independent provenance layer for long-duration exploration missions and long-archive scientific datasets. Sits above DTN, BPSec, and the CCSDS link-layer security primitives. Verifiable decades later, after the original crypto has migrated and the original operators have changed.

The problem

What today's M2M auth can't deliver in space exploration.

Lunar, cislunar, and deep-space missions have well-engineered transport and link-security stacks. DTN (RFC 9171) handles intermittent connectivity through store-and-forward. IETF BPSec (RFC 9172) authenticates bundles end-to-end. CCSDS SDLS handles link-layer integrity. These are mature standards with flight heritage at NASA, ESA, JAXA, and ISRO, and the CCSDS Security Working Group has an active post-quantum migration track.

The gap is in what happens after receipt. Existing space-security primitives verify each message on arrival and the cryptographic evidence is then consumed; what survives in the mission archive is a regular database record inside the operating agency's trust boundary. For a single-operator mission with a defined custodian that has been fine. For modern exploration — multi-agency cooperative missions, dual-use commercial-with-defence payloads, science datasets that will outlive the mission operator and the underlying crypto primitives — it is not. A BPSec tag from 2026 is not a useful audit artifact in 2046, and a Mars dataset whose provenance rests on a single agency's internal logs is not independently verifiable by a researcher, regulator, or successor mission decades later.

How EdSSA addresses it

What EdSSA does differently here.

EdSSA Orbit sits above DTN and BPSec. Each authenticated transit event produces, alongside the existing bundle-layer verification, an EdSSA provenance record: anchored, replay-checked, post-quantum-ready (ML-KEM-768 + threshold structure), and independently verifiable against the open EdSSA specification by anyone holding the artifact. State advancement is keyed to physical events the spacecraft observes locally — perigee passage, eclipse exit, communication-window acquisition — so the record stream stays coherent across multi-orbit and multi-day comms gaps without re-bootstrap. Light-time delay does not interrupt the provenance chain.

We are not building space cryptography. The space community has done that. We are building the archival provenance layer that the existing space-security stack does not provide — and that the new generation of multi-agency, dual-use, and long-archive missions increasingly need.

Use cases

Concrete operational scenarios.

  • Operator-independent provenance for lunar lander and rover telemetry across ground-blackout windows
  • Cross-mission, cross-agency audit records for cislunar relay station transit events
  • Archive-grade attestation for deep-space probe science data across light-time gaps
  • Multi-decade verifiable archives for long-duration unmanned exploration platforms

Compliance & standards

Standards and regulatory regimes.

CCSDS SDLS and BPSec compatible — sits above, does not replace. Aligned with the CCSDS Security Working Group post-quantum migration direction. NASA / ESA / JAXA / ISRO cooperative-mission framework friendly.

Audit emission

Long-mission audit-log buffering with light-time-tolerant shipping. Merkle-anchored tamper-evidence suitable for multi-year and multi-decade mission archives. Records verifiable by parties outside the original operator trust circle and across crypto-primitive migrations.

Customers

Operators in this vertical.

[CUSTOMER LOGO 1]
[CUSTOMER LOGO 2]
[CUSTOMER LOGO 3]
[CUSTOMER LOGO 4]
[CUSTOMER LOGO 5]
[CUSTOMER LOGO 6]
The mission archive can be re-verified ten years from now by parties who weren't in the original trust circle. That property used to require trusting our future selves.
[CUSTOMER ROLE], [CUSTOMER COMPANY][PLACEHOLDER]

Operating in space exploration?

Set up an NDA call. We’ll walk through how EdSSA fits your specific operational envelope.

Set up an NDA call →