European defense technology integrator STV Group a.s. and London-based cybersecurity firm Post-Quantum flew what they describe as the world’s first quantum-resilient drones on March 31, 2026. The trial, announced from London and Prague, used Classic McEliece encryption to protect full-motion video, imagery, and flight metadata in contested electromagnetic conditions. The choice of algorithm is notable because NIST evaluated Classic McEliece during its post-quantum cryptography standardization process but ultimately passed it over, selecting HQC instead for key establishment. That gap between government standardization and battlefield deployment raises a pointed question: can defense operators afford to wait for regulators to finish picking winners?
What the Trial Actually Demonstrated
The joint trial encrypted live drone sensor feeds, including video and flight metadata, using Classic McEliece as the key-encapsulation mechanism. According to the companies, the architecture was designed for mission-critical communications in environments where adversaries actively jam or intercept signals. STV Group, a Prague-based defense integrator, handled the platform side while Post-Quantum supplied the cryptographic layer.
No public performance benchmarks, such as latency overhead or bandwidth impact, accompanied the announcement. That omission matters. Classic McEliece is known for very large public keys, often exceeding one megabyte, which creates real engineering constraints for bandwidth-limited drone links. Without published test data, outside observers cannot yet verify whether the encryption ran smoothly at operational speeds or required significant tradeoffs in video quality or transmission range. The companies framed the trial as preparation for active deployment across allied theatres, but the distance between a successful trial and fielded capability remains unclear.
Another open question is how the system behaved under real electromagnetic stress. The firms described “contested” conditions but did not detail jamming power levels, packet loss rates, or how often key exchanges had to be retried. In practice, a post-quantum key-encapsulation mechanism must tolerate dropped packets and intermittent connectivity without leaving long windows where data travels unprotected. Until more technical documentation emerges, the trial should be read as a proof of concept rather than a validated performance benchmark.
Why Classic McEliece Instead of a NIST-Approved Algorithm
The algorithm choice stands out precisely because NIST did not select Classic McEliece for standardization. NIST had advanced it to the fourth round of its post-quantum cryptography competition alongside other candidates. In March 2025, the agency chose HQC as the fifth algorithm for post-quantum encryption, and its status report, NIST IR 8545, explained the rationale for why Classic McEliece did not make the cut. The full evaluation details are documented in the IR 8545 report.
STV Group and Post-Quantum appear to be betting on security pedigree over regulatory endorsement. Classic McEliece is based on the original McEliece cryptosystem, which the companies describe as holding the longest unbroken security track record in public-key cryptography. That claim carries weight: the original McEliece system dates to 1978, and no known attack, classical or quantum, has broken it. NIST’s decision against standardizing it likely reflected practical concerns about key size and implementation complexity rather than doubts about its mathematical security.
This creates an interesting split in the post-quantum world. NIST’s finalized standards, FIPS 203, 204, and 205, released as the first wave of post-quantum specifications, are designed for broad interoperability across government and commercial systems. Defense operators, however, often have different priorities. They may tolerate larger key sizes if the tradeoff is a cryptosystem with decades of scrutiny behind it, especially when the data being protected has a long classification shelf life.
From an acquisition perspective, choosing a non-standardized algorithm introduces supply-chain and certification friction. Hardware vendors and secure radio manufacturers are already planning around the NIST portfolio, which centers on lattice-based schemes plus HQC for key establishment. A system built around Classic McEliece may require bespoke implementations, additional assurance work, and, in some jurisdictions, explicit waivers to operate on classified networks. STV Group and Post-Quantum are effectively arguing that, for some missions, that extra friction is acceptable.
The “Harvest Now, Decrypt Later” Pressure on Drone Operations
The urgency behind this trial connects directly to a well-known intelligence threat. Adversaries can intercept and store encrypted communications today, then decrypt them years later once a sufficiently powerful quantum computer becomes available. For consumer data, this risk is abstract. For military drone feeds showing troop positions, surveillance footage, or targeting coordinates, the consequences of future decryption could be severe and immediate in a strategic sense.
NIST’s broader standardization effort was launched precisely to address this timeline pressure. The agency initially listed Classic McEliece among the fourth-round candidates before ultimately selecting HQC in March 2025 as the backup key-establishment algorithm, complementing the lattice-based schemes already standardized. That fourth-round decision was formally described when NIST announced HQC as a new selection in its post-quantum process.
For drone operators, the “harvest now, decrypt later” problem is not just about long-term confidentiality of archived video. It also affects how historical data can be fused with future intelligence. If an adversary can eventually decrypt years of drone feeds, they may reconstruct patterns of life, infer tactics and operating procedures, or identify human sources who appeared in the footage. That raises the stakes on getting quantum-resistant protections into platforms that are flying today, not just future airframes.
Engineering Tradeoffs in the Air
Deploying Classic McEliece on small airborne platforms forces designers to juggle competing constraints. Large public keys must be stored somewhere, and constrained radios must move them around without consuming too much of the link budget. Engineers can partially mitigate this by caching keys, performing infrequent handshakes, or offloading more computation to ground stations, but each mitigation introduces its own failure modes.
Recent academic work has tried to quantify these tradeoffs. One study on post-quantum secure UAV links examined how key sizes, handshake frequency, and channel conditions interact for different algorithms. While not focused solely on Classic McEliece, it underscored that bandwidth and latency overheads can quickly erode the effective throughput of tactical data links if key exchanges are not carefully engineered. The STV and Post-Quantum trial implicitly claims to have solved enough of these problems to support full-motion video, but the absence of public metrics leaves the underlying design choices opaque.
There is also the question of interoperability. NATO and allied forces are moving toward common cryptographic baselines aligned with NIST standards. A drone fleet that relies on Classic McEliece for key establishment will need gateways or protocol translation layers to interoperate with systems that expect HQC or lattice-based KEMs. Those gateways become critical trust anchors and potential bottlenecks in coalition operations.
What This Signals for Defense Procurement
Even with limited technical detail, the trial sends a clear signal: some defense integrators are no longer waiting for complete regulatory convergence before fielding post-quantum protections. Instead, they are running live experiments with algorithms that sit just outside the emerging standards portfolio, prioritizing perceived cryptanalytic conservatism over alignment with NIST.
For procurement officials, this raises a dilemma. On one hand, sticking strictly to NIST-approved algorithms simplifies certification, interoperability, and long-term support. On the other, operators are demanding quantum-resilient capabilities now, and some are attracted to schemes like Classic McEliece that have weathered decades of scrutiny. The compromise path may involve modular designs that can swap key-encapsulation mechanisms as standards evolve, allowing early deployments without locking in a single algorithm for the lifetime of the platform.
The STV and Post-Quantum drones are therefore less important as a singular “world first” than as a marker of where the debate is heading. As quantum threats move from theoretical to planning assumptions, more defense programs are likely to confront the same tradeoff: follow the letter of the standards process, or lean into mature but non-standardized cryptosystems to close perceived gaps. How regulators, alliances, and vendors navigate that tension will shape not just drone security, but the broader architecture of secure military communications in the post-quantum era.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
