The F-35 Lightning II is, by some margin, the most networked combat aircraft ever built. A single jet exchanges several gigabytes of data per sortie with other F-35s, with E-3 and E-7 controllers, with ground stations, and — through the Multifunction Advanced Data Link (MADL) and Link 16 — with the rest of the joint force. Every byte of that traffic is encrypted.

The encryption is the problem. Or rather: it will be.

The U.S. Department of Defense has begun, quietly, the work of upgrading the F-35’s communications, navigation, and avionics encryption to algorithms that resist attack by quantum computers. The Pentagon will not say which programme office is leading the effort, nor exactly which subsystems are being modified first. But the existence of the programme has now been publicly confirmed, and the timing is no accident.

The threat: harvest now, decrypt later

The risk is not theoretical. It is also not hypothetical. It is mathematical.

Most of today’s encrypted military traffic relies on two algorithm families: RSA (asymmetric public-key encryption used during key exchange) and AES (symmetric encryption used to encrypt the data itself). RSA is vulnerable to Shor’s algorithm, a quantum-computing technique published in 1994 that, when run on a sufficiently large fault-tolerant quantum computer, can factor the large numbers RSA depends on for security. AES is vulnerable, more modestly, to Grover’s algorithm, which halves the effective key length.

The practical consequence is straightforward. An adversary equipped with a Cryptographically Relevant Quantum Computer (CRQC) — one with several thousand error-corrected logical qubits — can decrypt today’s military communications. Such a computer does not yet exist outside research laboratories. Most credible estimates put first appearance in the early 2030s.

The catch, and the reason for the urgency, is that an adversary does not need the quantum computer today to begin causing damage today. They simply need to record encrypted traffic now, store it, and decrypt it later when the hardware is available. This is the so-called “harvest now, decrypt later” threat, and it is the central reason every Western intelligence service has shifted from “post-quantum is a future problem” to “post-quantum is happening now.”

What needs to change on the F-35

The F-35 carries a number of subsystems that depend on cryptography. The most important are:

1. Multifunction Advanced Data Link (MADL). The classified, low-probability-of-intercept data link used between F-35s for stealth-friendly cooperative operations. MADL exchanges sensor tracks, mission data, and engagement information at high data rates.

2. Link 16. The standard NATO tactical data link, used for everything from airborne radar pictures to friend-or-foe identification. Link 16 has its own encryption stack, separate from MADL.

3. M-code GPS. The next-generation military GPS signal, with stronger encryption and anti-jam properties. The receiver-side cryptography needs to be made quantum-resistant in step with the rest of the GPS ground segment.

4. Mission data files (MDFs) and software loads. The encrypted, signed data packages that tell the F-35 about threat radar emissions, threat parameters, and theatre-specific operating procedures. The signing infrastructure must remain secure against forgery in a post-quantum world.

5. ALIS / ODIN. The aircraft’s logistics and maintenance data system, which transmits aircraft health information back to depots. This is unclassified but operationally sensitive, and is a known intelligence target.

Each of these subsystems must be re-engineered to use post-quantum algorithms — the family of NIST-approved primitives that includes CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures. The mathematical underpinning is different (lattice-based rather than integer-factoring), and the resulting key and signature sizes are larger than RSA equivalents — sometimes by an order of magnitude. That has practical implications for memory, bandwidth, and processing on a fighter aircraft.

Why this matters now, not later

The F-35 is expected to be in service well into the 2070s. The aircraft delivered today will fly for a half-century. That timeline is longer than any reasonable estimate of when a CRQC will appear. An F-35 delivered in 2026 with RSA-protected data links is, in cryptographic terms, already obsolescent.

The Pentagon’s current Block 4 modernisation already touches every major avionic subsystem on the aircraft. Folding post-quantum cryptography into Block 4 — or into the follow-on Tech Refresh 3 / 4 baselines — is the most efficient way to handle the migration. The alternative is a separate, schedule-sensitive cryptographic upgrade later, which will be costlier and more disruptive.

It is also worth noting that any post-quantum upgrade to the F-35 has to be matched on the other end of the link. The E-7, E-3, KC-46, B-21, the Navy’s E-2D, and every coalition aircraft that talks to an F-35 must run the same algorithms. The Pentagon is therefore not only quantum-proofing the Lightning II — it is quantum-proofing the entire networked combat enterprise. This is a multi-year, multi-service programme, and the F-35 is simply the most visible aircraft in it.

A sober conclusion

None of this is glamorous. There is no flight-test pilot pulling 9G turns. There are no kill markings on a fuselage. The work consists of quiet engineers replacing one set of mathematical primitives with another, validating performance impact on cockpit avionics, regression-testing every data link, and slowly pushing the result into operational squadrons.

What it preserves, if it succeeds, is the F-35’s ability to function as a stealthy, networked, low-probability-of-intercept node well into the second half of the twenty-first century. Which, when the alternative is a fleet of expensive jets passing classified information that an adversary will read at leisure twenty years later, is a programme worth running.

Sources: U.S. Department of Defense, NIST Post-Quantum Cryptography programme, Defense Blog, Aviation Week.