Pentagon prepares F-35 for quantum computing threat

The F-35 Joint Program Office is preparing to modify the fighter’s In-Line File Encryption Device software to support government-mandated quantum-resistant algorithms, according to a presolicitation notice published on May 6, 2026.

The notice, issued through Naval Air Systems Command, signals that the F-35 program is beginning the process of hardening one of the aircraft’s core cryptographic systems against the threat posed by future quantum computers. The F-35 JPO intends to solicit, negotiate, and award a sole source contract to Lockheed Martin Aeronautics under FAR 6.103-1, the federal acquisition regulation provision covering cases where only one responsible source can satisfy agency requirements. Capability statements from other potential offerors are due by May 21, 2026.

The In-Line File Encryption Device is the hardware and software component responsible for encrypting and protecting the signed code inside the F-35’s systems. Modifying its software to incorporate quantum-resistant algorithms means replacing or augmenting the current cryptographic foundations with mathematical approaches specifically designed to remain secure against an adversary using quantum computing to break encryption. That threat is not theoretical — the U.S. government has been working for years through the National Institute of Standards and Technology to establish quantum-resistant cryptographic standards, and the mandate to implement those standards across government systems is now reaching operational military platforms like the F-35.

The practical challenge the contract notice identifies is as important as the cryptographic one. The vendor must verify that the software update can be applied in the field without opening the enclosure — meaning the modification has to be deployable to aircraft at operating bases around the world through normal software update procedures, without requiring the physical device to be disassembled, returned to a depot, or replaced outright. For a fighter jet deployed across more than a dozen countries and operated by Air Force, Navy, and Marine Corps units in various locations, the ability to push a cryptographic update through field-level procedures rather than requiring hardware returns is a significant logistical requirement that shapes how the contract must be written and executed.

Lockheed Martin Aeronautics’ sole source designation rests on the same rationale that governs most F-35 software work: as the sole designer, developer, and integrator of the aircraft, LM Aero is the only entity with the experience and technical expertise needed to modify and integrate IFED software, according to the notice. That judgment isn’t merely procedural. The F-35’s software architecture is among the most complex in any operational weapon system, with millions of lines of code governing everything from flight control to sensor fusion to weapons employment. Modifying a cryptographic subsystem inside that architecture requires intimate knowledge of how it interacts with every adjacent system, what failure modes a bad update could introduce, and how the testing and verification process needs to be structured to ensure nothing breaks in the process of hardening the encryption. No other company has that knowledge base, and building it from scratch would take longer than the government’s timeline allows.

The quantum computing threat to military cryptography has been moving from a distant concern to an active planning requirement faster than many expected. The core problem is that the encryption algorithms currently protecting most secure communications and data — including those on military platforms — were designed under the assumption that no computer could factor large numbers or solve discrete logarithm problems in any practical timeframe. Quantum computers, once sufficiently capable, can break that assumption using algorithms like Shor’s algorithm that run exponentially faster on quantum hardware than on classical machines. An adversary that acquires a capable quantum computer could retroactively decrypt previously intercepted communications and, more immediately relevant to the F-35 context, potentially compromise the cryptographic verification mechanisms that ensure software running on the aircraft is legitimate and unmodified.

The F-35 carries a suite of classified capabilities whose protection depends on the integrity of its cryptographic architecture. The IFED specifically handles the verification of signed code, meaning it is the gatekeeper that confirms the software running on the aircraft is authorized and hasn’t been tampered with. A quantum-vulnerable IFED is a potential attack surface not just for data theft but for code integrity compromise — a much more serious concern for a platform whose software defines its combat effectiveness and mission safety. Updating that component to quantum-resistant standards is therefore not a routine security patch but a fundamental upgrade to the aircraft’s cyber resilience.