A Novel Dual-Layer Quantum-Resilient Encryption Strategy for UAV–Cloud Communication Using Adaptive Lightweight Ciphers and Hybrid ECC–PQC

Abstract

Unmanned Aerial Vehicles (UAVs) are increasingly integrated into Internet of Things (IoT) ecosystems for applications such as surveillance, disaster response, environmental monitoring, and logistics. These missions demand reliable and secure communication between UAVs and cloud platforms for command, control, and data storage. However, UAV communication channels are highly vulnerable to eavesdropping, spoofing, and man-in-the-middle attacks due to their wireless and often long-range nature. Traditional cryptographic schemes either impose excessive computational overhead on resource-constrained UAVs or lack sufficient robustness for cloud-level security. To address this challenge, we propose a dual-layer encryption architecture that balances lightweight efficiency with strong cryptographic guarantees. Unlike prior dual-layer approaches, the proposed framework introduces a context-aware adaptive lightweight layer for UAV-to-gateway communication and a hybrid post-quantum layer for gateway-to-cloud security, enabling dynamic cipher selection, energy-aware key scheduling, and quantum-resilient key establishment. In the first layer, UAV-to-gateway communication employs a lightweight symmetric encryption scheme optimized for low latency and minimal energy consumption. In the second layer, gateway-to-cloud communication uses post-quantum asymmetric encryption to ensure resilience against emerging quantum threats. The architecture is further reinforced with optional multi-path hardening and blockchain-assisted key lifecycle management to enhance scalability and tamper-proof auditability. Experimental evaluation using a UAV testbed and cloud integration shows that the proposed framework achieves 99.85% confidentiality preservation, reduces computational overhead on UAVs by 42%, and improves end-to-end latency by 35% compared to conventional single-layer encryption schemes. These results confirm that the proposed adaptive and hybridized dual-layer design provides a scalable, secure, and resource-aware solution for UAV-to-cloud communication, offering both present-day practicality and future-proof cryptographic resilience.

1. Introduction

Unmanned Aerial Vehicles (UAVs) have rapidly evolved from military-focused platforms to critical enablers of civilian and industrial Internet of Things (IoT) applications, including environmental monitoring, precision agriculture, logistics, disaster management, and surveillance [1]. Their ability to collect, process, and transmit data in real time makes UAVs essential components of next-generation IoT ecosystems [2]. The inherent characteristics of UAVs-limited onboard computational resources, constrained energy reserves, and reliance on wireless communication-pose significant challenges to maintaining secure, low-latency, and scalable communication with ground stations and cloud infrastructures [3]. As UAV operations increasingly intersect with safety-critical domains, ensuring the confidentiality, integrity, and availability of UAV-to-cloud communication has become paramount [4].

Despite advances in secure communication protocols, existing cryptographic solutions face a fundamental trade-off between computational overhead and security strength [5]. Conventional encryption schemes such as AES or TLS 1.3, while robust, are computationally demanding for resource-constrained UAVs and may significantly reduce flight endurance. Conversely [6], lightweight ciphers such as PRESENT and Ascon are efficient but lack the post-quantum guarantees necessary to resist emerging threats from quantum adversaries [7]. This tension underscores the need for a cryptographic model that simultaneously addresses present-day constraints and future-proof security requirements [8].

Recent research has highlighted the “harvest-now, decrypt-later” paradigm, where adversaries intercept and store encrypted UAV communications with the intent of decrypting them once quantum computing capabilities mature [9]. This threat is particularly concerning for long-term sensitive data such as surveillance video or GNSS telemetry [10]. Moreover, UAV communication channels are exposed to real-time threats, including eavesdropping, spoofing, replay, and man-in-the-middle (MITM) attacks, as well as side-channel vulnerabilities arising from UAV capture [11]. These multifaceted risks demand an encryption architecture that is adaptive, resilient, and capable of integrating [12] both lightweight and quantum-resistant mechanisms [13].

To address these challenges, this paper proposes a dual-layer encryption framework tailored to UAV-to-cloud communication. Unlike prior dual-layer designs that simply stack symmetric and asymmetric primitives, the proposed system introduces several innovations specifically engineered for UAV environments: (i) a context-aware adaptive lightweight layer that dynamically selects between PRESENT-128, Ascon, and AES-CCM based on real-time battery and channel conditions; (ii) a hybrid ECC+Kyber post-quantum layer that fuses classical efficiency with long-term quantum resilience; and (iii) an integrated defense-in-depth structure combining multi-path isolation, onion-style nesting, and blockchain-assisted key lifecycle management. These elements operate cohesively to provide a level of adaptiveness, robustness, and future-proof security not demonstrated in previous dual-layer architectures.

The first layer introduces adaptive lightweight symmetric encryption for UAV-to-gateway links, enabling UAVs to dynamically switch between ciphers (PRESENT-128, Ascon, AES-CCM) based on battery levels, channel quality, and latency constraints. This ensures an optimized trade-off between energy efficiency and robustness. The second layer secures gateway-to-cloud communication through a hybrid post-quantum scheme that combines Elliptic Curve Diffie-Hellman (ECC) with lattice-based Kyber key encapsulation, delivering both immediate efficiency and quantum resilience. The integration of multi-path security, onion-style nesting, and blockchain-assisted key management further distinguishes this framework by providing forward secrecy, decentralized trust, and tamper-proof auditability in a unified architecture.

The main contributions of this paper are threefold:

• We design an adaptive cipher selection mechanism with energy-aware key scheduling for UAV-to-gateway links. This adaptiveness allows UAVs to optimize security and energy use in real time, a capability absent from prior lightweight encryption models.
• We propose a hybrid ECC + PQC model for gateway-to-cloud security that balances performance with quantum resilience. This dual encapsulation mechanism mitigates both classical and post-quantum attacks, addressing the long-term vulnerability overlooked in existing UAV cryptography frameworks.
• We integrate blockchain-assisted dynamic key management and multi-path/onion security to ensure scalability, accountability, and resilience against advanced adversaries. This creates a decentralized and tamper-evident security ecosystem that complements the dual-layer cryptographic pipeline.

The remainder of this paper is organized as follows. Section 2 reviews related work on UAV security and lightweight/post-quantum cryptography. Section 3 details the proposed methodology, including system model, adaptive symmetric layer, hybrid encryption layer, integration strategies, and blockchain key management. Section 4 presents the experimental setup and evaluation metrics. Section 5 discusses results and comparisons with baselines.

2. Literature Review

Sarkar et al. [4] conducted a comparative analysis of lightweight block ciphers for securing UAV communications, focusing on energy efficiency and computational overhead on resource-constrained aerial platforms. The study evaluated PRESENT-128, HIGHT, SIMON, SPECK, and AES-CCM using a Raspberry Pi 3 UAV simulator, measuring throughput, latency, the memory footprint, and energy consumption during telemetry transmissions. Results showed that PRESENT-128 provided the lowest energy cost (31.2 mJ/MB) but with a reduced security margin, while AES-CCM offered stronger confidentiality and authentication guarantees at higher latency. Lightweight ciphers improved UAV endurance by 25–40% compared to conventional AES or TLS schemes. However, the study did not address post-quantum threats, nor did it include adaptive cipher switching based on UAV conditions or any form of decentralized key management. Our proposed framework addresses these limitations by combining energy-aware cipher agility at the UAV tier with hybrid post-quantum cryptography at the gateway–cloud layer, alongside blockchain-based key lifecycle control for enhanced resilience.

Telikani et al. [14] examined the role of post-quantum cryptography (PQC) in securing UAV communication, motivated by the “harvest-now, decrypt-later” threat posed by quantum adversaries. Their study reviewed NIST PQC finalists such as Kyber, Dilithium, and Falcon, and benchmarked Kyber512 and Dilithium-II on a Raspberry Pi 4 UAV simulator against ECC and AES baselines. Results showed that Kyber512 achieved practical encapsulation times of 2.1 ms with low energy consumption, making it suitable for UAV-to-cloud uplinks, while Dilithium provided stronger security but incurred higher latency (14 ms) and memory cost (20 kb). Although effective in resisting quantum threats, the study focused solely on post-quantum encryption and did not integrate lightweight ciphering at the UAV tier or provide any dynamic key management approach. Our work bridges this gap by offering a dual-layer model that unifies lightweight symmetric encryption and hybrid ECC+PQC, complemented with onion-layered multipath protection and blockchain-enforced key rotation.

Telikani et al. [15] proposed a blockchain-assisted key management framework for UAV networks to overcome the limitations of centralized public key infrastructures (PKI). Their system employed a consortium blockchain where UAV gateways acted as validator nodes and UAVs as lightweight clients, with smart contracts handling enrollment, distribution, revocation, and auditing of cryptographic keys. Their evaluation demonstrated that enrollment required approximately 1.2 s, revocation 250 ms, and rekeying 200 ms, while UAVs incurred minimal overhead by storing only block headers and Merkle proofs. The framework ensured tamper-proof auditability, scalability to 500 UAVs, and resilience against key compromise. However, this contribution was limited to key lifecycle management and lacked integration with lightweight encryption schemes, post-quantum cryptographic protocols, or adaptive data protection mechanisms. In contrast, our work embeds blockchain-based key control within a broader dual-layer encryption architecture that includes both adaptive symmetric encryption and hybrid post-quantum encapsulation.

Kwon et al. [16] proposed a secure broadcast authentication protocol for intelligent transportation systems in UAV-assisted mobile edge computing (MEC) environments. The framework leveraged a self-certified public key cryptosystem (SCPKC) to eliminate reliance on a central trusted authority, elliptic curve cryptography (ECC) for efficient key operations, and biohashing technology for biometric-based privacy. Security robustness was validated through informal analysis, the Real-or-Random (ROR) model, and Scyther tool simulations, while performance was assessed using the MIRACL cryptographic library and NS-3 network simulations. Results showed that the protocol achieved mutual authentication and key agreement without a TA, resisted impersonation, replay, and man-in-the-middle attacks, and maintained low computational overhead (27.4 ms) and moderate communication cost (1728 bits). Despite these advantages, the system was not designed for end-to-end UAV-to-cloud data confidentiality, nor did it account for quantum-resilient encryption or adaptive encryption strategies under dynamic UAV constraints. Our architecture addresses these needs by offering secure, adaptable communication across the full UAV–Gateway–Cloud spectrum, with additional compartmentalization via onion encryption.

According to [17], they developed a microservices-based cloud framework for autonomous UAV infrastructure inspection, integrating mission planning, monitoring, and UAV simulation as services. The system decomposed UAV functions into microservices for routing, pathfinding, logging, and no-fly zone management, deployed using containerization and Kubernetes orchestration with continuous integration and deployment pipelines. A Gazebo UAV simulation microservice validated mission planning before real-world deployment, while load testing with the Locust framework demonstrated scalability to 5000 concurrent users by dynamically scaling service pods. Results confirmed robustness, flexibility, and feasibility for civil infrastructure inspection with multiple UAVs. However, the architecture primarily focused on orchestration and scalability of mission tasks and did not incorporate security protocols for UAV communication, post-quantum resilience, or key distribution mechanisms. Our solution complements such scalable designs by embedding secure-by-design communication layers and cryptographic controls for UAV data protection.

In the study [18], they proposed a distributed blockchain-based platform for UAV systems to address vulnerabilities such as Sybil, denial-of-service (DoS), and GPS spoofing attacks. Their framework introduced a lightweight blockchain architecture optimized for UAV resource constraints, featuring compressed block and transaction structures, a reputation-based consensus mechanism akin to delegated proof of stake, and multiple transaction types for UAV–GCS–cloud interactions. Security and efficiency were validated using NS-3 simulation and the UB-ANC emulator, achieving notable gains in attack resilience, with precision of 92.15%, specificity of 93.65%, sensitivity of 94.5%, and reliability of 90%. The system demonstrated improved throughput and reduced latency overhead compared to conventional centralized UAV communication schemes. Yet, it did not incorporate adaptive cipher switching, post-quantum security models, or dual-hop encryption strategies for protecting UAV–cloud links. Our work fills this gap by embedding blockchain-assisted key control within a dual-layer cryptographic framework that includes cipher agility, hybrid key encapsulation, and defense-in-depth integration mechanisms.

Sangeetha et al. (2025) [19] present a quantum-resistant cryptographic framework for 5G that hybridizes lattice-based CRYSTALS-Kyber key encapsulation with ECC and employs AES-GCM for authenticated data protection, targeting reduced latency and higher throughput in next-generation networks. The study motivates migration beyond classical public-key schemes and designs a Kyber+ECC hybrid exchange with ECC signatures for mutual authentication, evaluated against ECC-AES, RSA-AES, and NTRU baselines in large-scale simulations. Reported improvements include an 18.4% latency reduction versus ECC-only exchange, a 22.7% gain in key-generation time, and a 31.2% increase in encryption throughput. While effective for 5G core security, the framework does not address UAV link constraints or provide energy/channel-aware cipher agility at the first hop, hybrid ECC+PQC backhaul handshakes tuned for edge gateways, auditable blockchain-based key lifecycle, or multi-path/onion compartmentalization for contested air-ground links. Our work fills these gaps with a dual-layer design (lightweight AEAD on UAV, hybrid ECC+PQC on gateway–cloud), and energy-adaptive cipher switching.

Li et al. (2025) [20] propose a lightweight hybrid encryption architecture for Internet of Drones (IoD) networks that integrates elliptic-curve Diffie–Hellman (ECDH) key exchange with symmetric AES-CTR to achieve confidentiality, authentication, and forward secrecy under strict UAV resource constraints. The framework introduces a two-phase key establishment: an ECC-based handshake for UAV–ground station pairs followed by a symmetric key derivation for data encryption. Implemented on an IoD testbed with Wi-Fi-enabled UAVs, the system achieves 24.6% lower latency and 28.3% energy savings compared to pure ECC and RSA models, while maintaining 99.4% packet integrity and 0.3% retransmission rate across 5–10 UAV nodes. Although effective for small-scale IoD communication, the scheme lacks quantum resilience, adaptive cipher selection, or blockchain-based key lifecycle management; it also omits multi-path or onion-style segmentation and hybrid PQC–ECC protection for gateway–cloud links. Our study addresses these gaps through a dual-layer UAV–cloud architecture that couples lightweight AEAD at the UAV tier with hybrid ECC+PQC encryption at the backhaul.

3. Methodology

For UAV-to-cloud security, a dual-layer encryption workflow combining adaptive lightweight cryptography, post-quantum hybridization, and blockchain-based key management is the proposed approach, as summarized in Figure 1. First, the system model and threats are defined, emphasizing UAV limitations and adversarial risks. The figure presents the proposed secure UAV-to-cloud communication architecture as an end-to-end methodology that explicitly couples adaptive lightweight protection at the UAV tier with strong hybrid and post-quantum security at the gateway-cloud tier. At the UAV tier, the design begins with realistic operational constraints (battery budget, limited CPU/memory, and channel noise) and a concrete threat model (eavesdropping, spoofing, jamming/interference, and adversarial manipulation). These conditions are not treated as secondary assumptions; instead, they directly drive the first-layer decision logic that selects an appropriate lightweight cipher for the current context, thereby reducing computational overhead while preserving confidentiality and integrity for the UAV–gateway hop. The edge gateway serves as the security “pivot” of the system: it receives UAV-encrypted traffic, applies re-encryption, and performs the computationally heavier key-establishment procedures required for hybrid encryption, ensuring that constrained UAVs are not burdened with expensive cryptographic operations. In this way, the architecture operationalizes the core methodological goal of distributing cryptographic workload across tiers while maintaining a consistent security posture from UAV sensing to cloud analytics.

Importantly, the figure highlights that key management is a first-class component rather than an implicit dependency. The blockchain-assisted key management layer provides structured support for the complete lifecycle of cryptographic identities and keys, including PKI-assisted enrollment, periodic rekeying for forward secrecy, key revocation for rapid response to compromise, and immutable audit logging for accountability and non-repudiation. This enables scalable swarm operation by ensuring that key updates and trust decisions can be enforced without centralized single points of failure, while still keeping UAV-side overhead low through lightweight KDF-based session keys and local ephemeral storage. The explicit inclusion of evaluation tiers and performance metrics (end-to-end latency, throughput, energy overhead, resilience, and scalability) further reinforces that the methodology is not purely conceptual: it is designed to be experimentally verifiable, with measurable security–performance trade-offs at each stage (UAV encryption, gateway re-encryption, hybrid/PQ key exchange, and blockchain governance). Collectively, the architecture captures a coherent methodology where adaptive cryptography, gateway-centric hybridization, and auditable key management jointly deliver a practical, quantum-resilient security framework for UAV-to-cloud deployments.

3.1. System Model and Threat Landscape

UAV nodes, intermediate gateways, and a cloud back-end constitute the three-tier communication hierarchy that underpins the proposed encryption architecture. UAVs are lightweight aerial nodes with limited processing power, memory, and battery life. These devices collect data (video, telemetry, or GNSS readings) and transmit encrypted data to a gateway node in the vicinity. Ground control stations and UAV base stations are examples of moderately powered edge devices that act as cryptographic intermediaries. They provide a secure uplink to the cloud and offload computationally demanding tasks from UAVs. Cloud servers serve as the global control and analytics layer, offering large-scale data analysis, mission coordination, and long-term storage. End-to-end cryptographic guarantees are necessary because communication channels between these layers are assumed to be wireless, heterogeneous, and intrinsically insecure.

The adversarial model considers both classical and quantum-capable attackers. Man-in-the-middle (MITM) attacks targeting UAV–gateway or gateway–cloud links, active spoofing and replay attacks that inject forged messages, and passive eavesdropping, in which adversaries intercept UAV transmissions, are examples of potential threats. Because UAV devices are physically exposed and could be intercepted by adversaries, side-channel leakage is also considered. We also recognize the “harvest-now, decrypt-later” paradigm, in which adversaries record encrypted UAV data for later decryption using quantum algorithms. The system’s four security goals are to: (1) guarantee the confidentiality and integrity of UAV data streams; (2) provide forward secrecy through periodic key refresh; (3) incorporate quantum-resilient algorithms to secure cloud storage; and (4) maintain scalability and lightweight execution appropriate for real-time UAV swarms.

Let the set of UAVs be $\mathcal{U}=\{u_1,u_2,\dots ,u_n\}$, the set of gateways $\mathcal{G}=\{g_1,g_2,\dots ,g_m\}$, and the cloud server C. Each UAV $u_i$ transmits data $M_i$ over a channel ${\chi }_{u_i,g_j}$ to gateway $g_j$. The attacker $\mathcal{A}$ is modeled as a probabilistic polynomial-time adversary with access to both classical and quantum resources [21]. The security requirement is:

$$Pr[\mathcal{A}\left(C_i\right)\to M_i] \le ϵ,$$

(1)

where $C_i = E_k\left(M_i\right)$ is the ciphertext computed under key k, and $ϵ$ is negligible, even against quantum adversaries. In the post-quantum setting, we consider an acceptable advantage to be at most negligible at the 128-bit security level; concretely, we set $ϵ \le 2^{-128}$ as a conservative upper bound for a quantum-capable adversary (including Grover-amplified search effects), which aligns with standard PQC target security categories.

Table 1. System Model, Threats, and Security Objectives.

Layer/Threat Level	Capabilities/Risks	Security Objectives
UAV Nodes	Limited CPU, memory, battery; risk of capture	Lightweight confidentiality, integrity
Gateways	Moderate compute; vulnerable to MITM	Offloading heavy crypto, secure relay
Cloud Servers	High-performance; targeted for storage compromise	Post-quantum resilience, integrity of archives
Adversarial Threats	Eavesdropping, spoofing, replay, MITM, side-channel, quantum cryptanalysis	Confidentiality, forward secrecy, quantum resistance, scalability

presents system Model, threats, and security Objectives.

3.2. Adaptive Lightweight Symmetric Encryption (UAV-to-Gateway)

To achieve secure and efficient UAV-to-gateway communication, we propose an adaptive lightweight symmetric encryption layer. Unlike static encryption methods, which impose a fixed cryptographic cost regardless of network or device conditions, our framework dynamically switches between a cipher suite of PRESENT-128, Ascon, and AES-CCM depending on real-time constraints [22]. PRESENT-128 provides ultra-lightweight block encryption suitable for extremely resource-constrained UAVs. Ascon, a NIST-selected lightweight authenticated cipher, is preferred in noisy environments due to its strong resistance against side-channel and differential attacks. AES-CCM is used when latency is critical and moderate computational resources are available, balancing strong security with authentication guarantees. This adaptive approach ensures that UAVs can maximize both security and performance under varying operational scenarios.

We present an energy-aware key scheduling mechanism to further enhance resilience. The length and complexity of the encryption key are directly impacted by the UAV’s constant monitoring of its battery level and channel conditions. For example, in high-security situations with enough energy, the system uses larger key sizes and stronger ciphers, but when battery levels are low, it reduces block size or key length to increase operational lifetime. This context-driven key adaptation enables longer mission durations while preserving encryption strength without prematurely depleting onboard resources.

Secure Acquisition of UAV Context (Battery and Channel State)

The gateway does not infer UAV battery level implicitly; instead, each UAV periodically reports a compact context tag that includes a quantized battery indicator ${\widehat{b}}_i\left(t\right) \in \{\mathrm{Low},\mathrm{Medium},\mathrm{High}\}$ and an optional mission flag. To avoid adding a separate communication channel, this context tag is piggybacked on existing UAV–gateway control/data frames and is protected under the current first-layer session key using AEAD. Concretely, for UAV $u_i$, the transmitted context message is

$${\mathrm{CTX}}_i\left(t\right) = \mathrm{AEAD}\left(k_i^t, {\widehat{b}}_i\left(t\right) \Vert {\mathrm{ctr}}_i\left(t\right) \Vert \mathrm{meta}\right),$$

(2)

where ${\mathrm{ctr}}_i\left(t\right)$ is a monotonic counter (anti-replay) and $\mathrm{meta}$ may include a short policy identifier. Channel-quality indicators (e.g., retransmission rate, RTT jitter, and packet loss) are primarily measured at the gateway from link statistics, so only minimal UAV telemetry is required. Context updates are sent every $\Delta T$ seconds (or upon threshold crossing), and quantization limits information leakage while preserving sufficient resolution for energy-aware decisions.

Forward secrecy is maintained by using ephemeral session keys. Elliptic-Curve Diffie–Hellman (ECDH) or lightweight post-quantum alternatives like Kyber512 are used to periodically refresh keys, offering resilience against both classical and quantum adversaries. In the event that a session key is compromised, this prevents attackers from decrypting previous traffic. A flexible yet secure lightweight encryption model is established by the combination of cipher agility, energy-aware scheduling, and frequent key refreshing, guaranteeing that UAV communication remains effective, reliable, and adaptable to changing circumstances, as shown in Algorithm 1.

Let $M_t$ denote the UAV message at time t, $k_t$ the session key, and $C_t$ the ciphertext [23]. Encryption is expressed as:

$$C_t = E_{k_t}\left(M_t\right),$$

(3)

where $E_{k_t}\left(·\right)$ is the chosen cipher from the adaptive suite. The key scheduling function is defined as:

$$k_{t+1} = f(k_t,\mathrm{battery}\left(t\right),\mathrm{channel}\left(t\right)),$$

(4)

where $\mathrm{battery}\left(t\right)$ and $\mathrm{channel}\left(t\right)$ represent the UAV battery status and channel quality at time t. The function $f\left(·\right)$ adjusts block size, key length, or cipher selection to balance energy consumption and security guarantees.

Table 2. Adaptive Cipher Suite for UAV-to-Gateway Communication.

Cipher	Use Case	Advantages	Limitations
PRESENT-128	Ultra-constrained UAVs	Very lightweight, low power consumption	Lower security margin compared to AES
Ascon	High-noise environments	Strong resistance to side-channels, authenticated encryption	Slightly higher latency
AES-CCM	Low-latency secure channels	Strong confidentiality and integrity	Higher energy cost on UAVs

summarizes the adaptive cipher suite. PRESENT-128 is selected for ultra-constrained UAVs to conserve energy, while Ascon is applied in noisy environments where robustness is crucial. AES-CCM is employed for latency-sensitive communication with gateways capable of supporting a slightly higher computational load. This tri-cipher strategy enables UAVs to dynamically align encryption strength with operational needs.

Algorithm 1 Adaptive Lightweight Symmetric Encryption Protocol
Require: UAV message $M_t$, previous key $k_t$, battery status $B_t$, channel state $C{h}_t$
Ensure: Encrypted ciphertext $C_t$, updated session key $k_{t+1}$
Cipher Selection Logic
1:  if $B_t$ is low then
2:       Use PRESENT-128
3:  else if $C{h}_t$ is noisy then
4:       Use Ascon
5:  else
6:       Use AES-CCM
Encryption and Key Update
7:  $C_t\leftarrow E_{k_t}\left(M_t\right)$	▹ Encrypt message
8:  $k_{t+1}\leftarrow f(k_t,B_t,C{h}_t)$	▹ Update key via ECDH or Kyber512
9:  Transmit $C_t$ to gateway
10:  return $C_t$, $k_{t+1}$

3.3. Post-Quantum Asymmetric Encryption with Hybridization (Gateway-to-Cloud)

We adopt a hybrid post-quantum encryption scheme to protect gateway-to-cloud communications against both classical and quantum-capable adversaries. While practical large-scale quantum computers are not yet available, established public-key systems such as RSA and ECC are projected to be vulnerable to Shor’s algorithm once sufficiently powerful quantum devices emerge, despite remaining suitable for near-term use. To mitigate this long-term risk, we combine the lattice-based post-quantum mechanism Kyber512 (as selected in the NIST PQC standardization process) with Elliptic-Curve Diffie Hellman (ECDH) to retain efficiency and compatibility with existing infrastructures. This design ensures that the resulting keying material preserves confidentiality even if one of the underlying cryptographic assumptions is subsequently weakened.

To further lower exposure risks, key rotation is enforced on a regular basis. To avoid long-term reliance on a single compromised key, the gateway periodically initiates re-keying sessions with the cloud to generate new ECC and PQC key pairs. In practice, this hybrid model seamlessly incorporates dual encapsulation into the key-exchange stage in TLS-like secure channels. This guarantees future-proof security while enabling backward compatibility with existing infrastructure. The outcome is a quantum-resilient and efficient gateway-to-cloud encryption protocol that is ideal for UAV-based IoT ecosystems,

Table 3. Comparison of ECC, PQC, and Hybrid Encryption in Gateway-to-Cloud Communication.

Scheme	Security Guarantee	Performance	Resilience
ECC (ECDH)	Efficient, well-studied	Low latency, small key sizes	Breakable by quantum adversaries
Kyber512 (PQC)	Quantum-resistant lattice-based	Moderate latency, larger keys	Secure against quantum attacks
Hybrid ECC+PQC	Combines both schemes	Balanced cost, dual encapsulation	Secure even if one scheme fails

shows comparison of ECC, PQC, and hybrid encryption in gateway-to-cloud communication.

3.4. Hybrid ECC + PQC Key Schedule and TLS-like Integration (Gateway-to-Cloud)

We use a hybrid post-quantum encryption technique to protect gateway-to-cloud communication from both classical and quantum adversaries. When quantum computers become feasible, traditional public-key systems like RSA and ECC are susceptible to Shor’s algorithm, even though they are still effective for short-term deployment. To overcome this restriction, we combine a lattice-based post-quantum scheme like Kyber512, selected through the NIST Post-Quantum Cryptography standardization process, with Elliptic-Curve Diffie-Hellman (ECDH), which offers high efficiency and compatibility with current protocols. By combining these two methods, the framework guarantees that the combined keying material maintains confidentiality even in the event that one algorithm is later compromised.

Dual key encapsulation is used to implement the hybrid encryption protocol. In particular, both the cloud and the gateway use a lattice-based exchange ($K_{PQC}$) and an ECC-based exchange ($K_{ECC}$) to obtain a session key. The final session key K is produced by concatenating these keys and passing them through a Key Derivation Function (KDF). Strong forward secrecy is ensured by this dual encapsulation, which also reduces the risk of “harvest-now, decrypt-later” attacks, in which attackers store encrypted UAV data for later decryption when quantum resources become available. This strategy strikes a balance between resilience against quantum adversaries and efficiency because ECC computations are still lightweight.

In our implementation, the KDF is instantiated as HKDF-SHA256 (RFC 5869), following the standard HKDF_Extract/HKDF_Expand construction used in TLS 1.3-style key schedules. As shown in Algorithm 2, we derive a pseudorandom key $PRK$ via HKDF_Extract and then expand it into separate handshake and application keys, which provides domain separation and reduces key-reuse risks. Empirically, the HKDF computation contributes a negligible fraction of the end-to-end cost compared to Kyber encapsulation/decapsulation and network transmission; in our gateway–cloud measurements, the KDF stage remains sub-millisecond and does not materially change the reported handshake or $L_{\mathrm{e}2\mathrm{e}}$ values.

To further lower exposure risks, key rotation are enforced on a regular basis. To avoid long-term reliance on a single compromised key, the gateway periodically starts re-keying sessions with the cloud to generate new ECC and PQC key pairs. In actuality, this hybrid model seamlessly incorporates dual encapsulation in place of the key-exchange stage in TLS-like secure channels. This guarantees future-proof security while enabling backward compatibility with existing infrastructure. The outcome were a quantum-resilient and efficient gateway-to-cloud encryption protocol that is ideal for UAV-based IoT ecosystem.

Let $K_{ECC}$ be the key derived from ECDH, and $K_{PQC}$ the shared secret derived from Kyber. The final hybrid key K is defined as:

$$K=\mathrm{KDF}(K_{ECC} \Vert K_{PQC}),$$

(5)

where $\mathrm{KDF}\left(·\right)$ is instantiated as HKDF-SHA256 (RFC 5869), using the standard HKDF_Extract/HKDF_Expand construction with domain-separated labels for handshake and application keys:

$$\begin{array}{cc}\hfill PRK& := \mathrm{HKDF\_Extract}\left(\mathrm{salt}, K_{ECC} \Vert K_{PQC}\right),\hfill \\ \hfill K_{\mathrm{hs}}& := \text{HKDF\_Expand}\left(PRK, “\mathrm{hs}”, L\right),\hfill \\ \hfill K_{\mathrm{app}}& := \text{HKDF\_Expand}\left(PRK, “\mathrm{app}”, L\right).\hfill \end{array}$$

(6)

Algorithm 2 Hybrid ECC+PQC Handshake and Record Protection.

Types:

1:  KEYS { $K_{\mathrm{hs}},K_{\mathrm{app}}$ }, EPHEMERAL { $p{k}^e,s{k}^e,p{k}^{\mathrm{KEM}},s{k}^{\mathrm{KEM}}$ }

2:  REPLAYWIN { base, bitset[W] }; suites_G[], suites_C[]

3:  function KEYSCHEDULE($K_{\mathrm{ECC}},K_{\mathrm{PQC}},TH$)

4:        $PRK\leftarrow \text{HKDF\_Extract}(H\left(TH\right),K_{\mathrm{ECC}} \Vert K_{\mathrm{PQC}})$

5:        return KEYS{HKDF_Expand($PRK$, “hs”), HKDF_Expand($PRK$, “app”)}

6:  procedure HANDSHAKE($G,C$)

7:        $s^{★}\leftarrow$ first_match(suites_G, suites_C)

8:        eph_G ← ECC.Gen(), Kyber.Gen()

9:        send(ClientHello, eph_G.$p{k}^e$, eph_G.$p{k}^{\mathrm{KEM}}$)

10:        recv(ServerHello, $p{k}_C^e,c{t}_C$)

11:        $K_{\mathrm{ECC}}\leftarrow \mathrm{ECDH}(eph\_G.s{k}^e,p{k}_C^e)$

12:        $K_{\mathrm{PQC}}\leftarrow \mathrm{Kyber}.\mathrm{Decaps}(eph\_G.s{k}^{\mathrm{KEM}},c{t}_C)$

13:        keys ← KEYSCHEDULE($K_{\mathrm{ECC}},K_{\mathrm{PQC}},TH$)

14:        return keys

15:  procedure SENDRECORD (keys, seq, M)

16:        if seq $>N_{max}$ or time $>T_{\mathrm{upd}}$ then

17:              REKEY

18:        $C\leftarrow \mathrm{AEAD}.\mathrm{Enc}(keys.K_{\mathrm{app}},seq,M)$

19:        send(seq, C)

20:  procedure RECVRECORD (keys, win)

21:        while recv(seq, C) do

22:        if not REPLAYCHECK(win, seq) then

23:              continue

24:        $M\leftarrow \mathrm{AEAD}.\mathrm{Dec}(keys.K_{\mathrm{app}},seq,C)$

25:        deliver(M)

Table 4. Comparison of ECC, PQC, and Hybrid Encryption in Gateway-to-Cloud Communication.

Scheme	Security Guarantee	Performance	Resilience
ECC (ECDH)	Efficient, well-studied	Low latency, small key sizes	Breakable by quantum adversaries
Kyber512 (PQC)	Quantum-resistant lattice-based	Moderate latency, larger keys	Secure against quantum attacks
Hybrid ECC+PQC	Combines both schemes	Balanced cost, dual encapsulation	Secure even if one scheme fails

highlights the trade-offs between ECC, Kyber512, and the proposed hybrid approach. While ECC offers excellent performance, it is not quantum-safe. Kyber provides long-term quantum resilience but incurs higher communication overhead. The hybrid model combines their strengths, ensuring low latency today while protecting against quantum adversaries in the future.

3.5. Dual-Layer Integration with Multi-Path Security

This is used in the next section as part of the UAV–gateway lightweight symmetric layer (Section 3.2) and hybrid post-quantum gateway–cloud layer (Section 3.3) within a mixed defense-in-depth architecture. To achieve low latency for confidentiality and integrity on the first hop, the UAV encrypts payloads using an adaptive AEAD (PRESENT-128/Ascon/AES-CCM) to obtain $C_{\mathrm{UAV}}$. At the ingress, traffic is then (re-)encrypted symmetrically for isolation using fresh per-hop keys, and the hop key resulting from re-encryption is encapsulated with the hybrid KEM (ECC+PQC). This achieves link isolation (UAV→GW vs. GW→Cloud), forward secrecy from frequent key updates, and quantum-resilient protection for data leaving the edge domain. If a UAV is compromised without immediate detection, there exists a bounded “exposure window” during which its currently valid credentials may still be accepted. To limit this window, our blockchain layer enforces time-bounded key epochs and periodic contract-driven updates: gateways submit rekeying updates every $\Delta T_{\mathrm{rk}}$ (default: 5 min) and UAV identity/credential validation is performed against the latest confirmed epoch before accepting telemetry. In addition, revocation updates are pushed immediately upon compromise detection (event-driven), while an automated periodic health-audit transaction is issued every $\Delta T_{\mathrm{audit}}$ (default: 1 min) to ensure timely propagation of state changes. Thus, in the worst case of a silent compromise, the maximum validity of exposed keys is upper-bounded by the active epoch duration (approximately $\Delta T_{\mathrm{rk}}$), after which the next rekeying epoch invalidates prior session material.

To enable sequential layering, we enable multi-path security: the gateway can use $(t,m)$ secret sharing to divide a message into m cryptographic shares, any t of which reconstruct the plaintext, or replicate ciphertext across multiple uplinks (redundant paths). Byzantine robustness and availability are enhanced by replication, and information cannot be revealed by any strict subset of paths thanks to $(t,m)$ sharing. In order to provide cryptographic compartmentalization across logical hops or services for highly sensitive telemetry, we add an optional onion-style nesting: multiple AEAD layers with independent nonces/keys are applied serially, maintaining lightweight primitives compatible with constrained systems.

To strengthen auditability without exposing data, the gateway emits privacy-preserving on-chain logs containing only binding metadata: a transcript hash, ciphersuite identifiers, epoch counters, and public key fingerprints. These immutable records enable forensic verification of negotiated suites, key epochs, and path policies without revealing keys or contents. The combined pipeline-adaptive AEAD at the UAV, hybrid KEM at the gateway, optional multi-path/onion hardening, and tamper-evident logging-yields a scalable, future-proof protection surface for UAV-to-cloud communication. Since rekeying and revocation are realized as smart-contract state transitions, gateways and lightweight UAV clients treat the latest confirmed contract state as the source of truth: any telemetry signed/encrypted under an expired epoch is rejected, and any identity present in the revocation set is blocked even if the attacker retains old device material, Algorithm 3 presents our Dual-Layer Integration with Multi-Path/Onion Security (Gateway Side).

Let M be the payload, $K_{\mathrm{app}}$ the UAV AEAD key (Section 3.2), $K_{\mathrm{gw}}$ a per-hop symmetric key at the gateway, and $(K_{\mathrm{ECC}},K_{\mathrm{PQC}})$ the hybrid secrets (Section 3.3).

$$\begin{array}{cc}\hfill C_{\mathrm{UAV}}& =\mathrm{AEAD}.\mathrm{Enc}\left(K_{\mathrm{app}},{\mathrm{IV}}_0,{\mathrm{AAD}}_0,M\right),\hfill \end{array}$$

(7)

$$\begin{array}{cc}\hfill C_{\mathrm{GW}}& =\mathrm{AEAD}.\mathrm{Enc}\left(K_{\mathrm{gw}},{\mathrm{IV}}_1,{\mathrm{AAD}}_1,C_{\mathrm{UAV}}\right),\hfill \end{array}$$

(8)

$$\begin{array}{cc}\hfill K_{\mathrm{wrap}}& =\mathrm{KDF}\left(K_{\mathrm{ECC}} \Vert K_{\mathrm{PQC}}\right), W=\mathrm{KEM}.{\mathrm{Enc}}_{P{K}_{\mathrm{hyb}}}\left(K_{\mathrm{gw}}\right).\hfill \end{array}$$

(9)

Onion

nesting with r layers: $C^{\left(0\right)}=M$, $C^{\left(i\right)}=\mathrm{AEAD}.\mathrm{Enc}(K_i,{\mathrm{IV}}_i,{\mathrm{AAD}}_i,C^{(i-1)})$ for $i=1\dots r$. Secret sharing (Shamir) over ${\mathbb{F}}_q$: choose polynomial $f\left(x\right)$ of degree $t-1$ with $f\left(0\right)=K_{\mathrm{gw}}$; shares $S_j=(x_j,f\left(x_j\right))$, $j=1\dots m$. Any t shares reconstruct $K_{\mathrm{gw}}$ via Lagrange interpolation.

Algorithm 3 Dual-Layer Integration with Multi-Path/Onion Security (Gateway Side)

Require: Policy $\mathsf{POL}\in \{\mathrm{SEQUENTIAL},\mathrm{REPLICA}(m),\mathrm{SHARES}(t,m),\mathrm{ONION}(r\left)\right\}$; hybrid public key $P{K}_{\mathrm{hyb}}$; path set $\mathcal{P}=\{p_1,\dots ,p_m\}$

Ensure: For each uplink $p_j$: payloads $(W_j,C_j)$ or $(W_j,S_j)$

1: function REENCRYPT($C_{\mathrm{UAV}}$)

2:       $K_{\mathrm{gw}}\leftarrow \mathrm{Random}\left(\right)$

3:       $C_{\mathrm{GW}}\leftarrow \mathrm{AEAD}.\mathrm{Enc}(K_{\mathrm{gw}},I{V}_1,AA{D}_1,C_{\mathrm{UAV}})$

4:       $W\leftarrow {\mathrm{KEM}.\mathrm{Enc}}_{P{K}_{\mathrm{hyb}}}\left(K_{\mathrm{gw}}\right)$

5:       return $(W,C_{\mathrm{GW}})$

6: function ONIONIZE ($M,r$)

7:       $C\leftarrow M$

8:       for $i\leftarrow 1$ to r do

9:             $K_i\leftarrow \mathrm{DeriveKey}\left(i\right)$

10:             $C\leftarrow \mathrm{AEAD}.\mathrm{Enc}(K_i,I{V}_i,AA{D}_i,C)$

11:       return C

12: function SHAREKEY ($K_{\mathrm{gw}},t,m$)

13:       Pick $f\left(x\right)$ of degree $t-1$ over ${\mathbb{F}}_q$ with $f\left(0\right)=K_{\mathrm{gw}}$

14:       for $j\leftarrow 1$ to m do

15:             $S_j\leftarrow (x_j,f\left(x_j\right))$

16:       return $\{S_1,\dots ,S_m\}$

17: procedure INTEGRATE ($C_{\mathrm{UAV}}$)

18:       if $\mathsf{POL}=\mathrm{ONION}\left(r\right)$ then

19:             $C^{★}\leftarrow$ ONIONIZE ($C_{\mathrm{UAV}},r$)

20:       else

21:             $C^{★}\leftarrow C_{\mathrm{UAV}}$

22:       $(W,C_{\mathrm{GW}})\leftarrow$ REENCRYPT ($C^{★}$)

23:       if $\mathsf{POL}=\mathrm{SEQUENTIAL}$ then

24:             Send $(W,C_{\mathrm{GW}})$ over $p_1$

25:       else if $\mathsf{POL}=\mathrm{REPLICA}\left(m\right)$ then

26:             for $j\leftarrow 1$ to m do

27:                   Send $(W,C_{\mathrm{GW}})$ over $p_j$

28:       else if $\mathsf{POL}=\mathrm{SHARES}(t,m)$ then

29:             $\left\{S_j\right\}\leftarrow$ SHAREKEY ($K_{\mathrm{gw}},t,m$)

30:             for $j\leftarrow 1$ to m do

31:                   Send $(S_j,C_{\mathrm{GW}})$ over $p_j$

32:       // Privacy-preserving blockchain log

33:       $\mathrm{Log}\left(H(\mathrm{TH} \Vert \mathrm{suite} \Vert \mathrm{epoch}),\mathrm{fp}\left(P{K}_{\mathrm{hyb}}\right),\mathsf{POL},m,t,r\right)$

Table 5. Integration Modes and Security–Performance Trade-offs.

Mode	Confidentiality/Integrity	Availability/Resilience	Overhead
Sequential (UAV AEAD to GW AEAD + Hybrid KEM)	PQC-ready, strong encryption	Single-path link	Low (baseline)
Multi-Path Replication (m paths)	Same as baseline	Redundant paths improve uptime	Bandwidth usage $\times m$
Multi-Path ($t,m$) Shares (Shamir)	No info if <t shares arrive	Tolerates $m-t$ link failures	Extra CPU for sharing; signaling
Onion-Style Nesting (r layers)	Layered encryption per hop	Localized compromise containment	CPU $\times r$; nonce tracking

compares integration choices. The sequential mode incurs the lowest overhead and provides PQC-hardened security. Replication raises availability for unstable backhauls, while $(t,m)$ sharing adds strong confidentiality against partial path compromise. Onion nesting localizes breach impact and supports service-tier compartmentalization, at the cost of additional AEAD operations and strict nonce management.

3.6. Dynamic Key Management and Blockchain Integration

Conventional key management techniques for UAV networks rely on static key provisioning or centralized authorities, both of which introduce serious vulnerabilities such as single points of failure and opaque key lifecycle operations. We propose a blockchain-assisted distributed key management framework that guarantees tamper-proof auditability and decentralizes trust to address these issues. In our design, UAVs participate as lightweight clients that verify and consume updates without storing the entire ledger, whereas gateways and control servers serve as validating peers in the blockchain network. This configuration provides robust assurances of consistency and resilience while maintaining scalability.

The key lifecycle is automated through the use of smart contracts. Revocation transactions instantly invalidate compromised or expired keys, whereas UAV enrollment transactions register a UAV’s identity and related public keys. The smart contract incorporates role-based policies that guarantee UAVs can only access information or services that are allowed by their designated role (reconnaissance versus logistics). Issued keys are time-bound with explicit validity epochs to enforce freshness and forward secrecy, guaranteeing that even if a UAV or gateway is compromised, its cryptographic material cannot be reused indefinitely.

UAVs only store compact metadata, such as block headers, recent key epochs, and Merkle proofs of inclusion for their own records, rather than performing block validation to remain lightweight. This design enables UAVs to independently check their keys against the blockchain state without downloading or verifying the entire chain. During rekeying events, the gateway manages the complex blockchain interactions and provides UAVs with a Merkle proof. This division of labor ensures that UAVs continue to be effective and resource-conscious while maintaining confidence in the key management system. as shown in Algorithm 4.

Let $\mathcal{B}$ denote a blockchain ledger, $\mathcal{T}$ the set of transactions, and $K_{u,t}$ the key assigned to UAV u at epoch t. Each enrollment transaction $T_{\mathrm{enroll}}$ binds a UAV identity $I{D}_u$ to a public key $p{k}_u$:

$$T_{\mathrm{enroll}}=(I{D}_u,p{k}_u,\mathrm{role},t_{\mathrm{start}},t_{\exp }).$$

(10)

Revocation is represented as:

$$T_{\mathrm{revoke}}=(I{D}_u,\mathrm{reason},t_{\mathrm{rev}}),$$

(11)

and the blockchain state transition is

$${\mathcal{B}}_{t+1}={\mathcal{B}}_t\cup \{T_{\mathrm{enroll}},T_{\mathrm{revoke}}\}, K_{u,t+1}=f(p{k}_u,t).$$

(12)

UAVs store only ${\mathrm{Hdr}}_t$ (block headers) and ${\pi }_u$ (Merkle proofs) to validate their current key state.

Table 6. Blockchain-Assisted Key Management Properties.

Operation	Smart Contract Action	Security Benefit	UAV Overhead
Enrollment	Register $(I{D}_u,p{k}_u)$	Authenticated identity binding	Store header + Merkle proof
Revocation	Invalidate $I{D}_u$ keys	Immediate mitigation of compromise	Minimal metadata update
Rekeying	Issue new $K_{u,t}$ per epoch	Forward secrecy, replay prevention	Receive short update message
Audit	Log all key ops on-chain	Tamper-proof accountability	Offloaded to gateways

summarizes the blockchain-driven operations. Enrollment establishes an immutable binding between UAV identity and a cryptographic key. Revocation removes trust in a compromised node instantly, while rekeying ensures keys expire predictably. Auditability is provided transparently by the blockchain, while UAVs incur only minimal overhead by maintaining lightweight proofs.

Algorithm 4 Blockchain-Assisted Dynamic Key Management
Require: UAV identity $I{D}_u$, role, blockchain state $\mathcal{B}$
Ensure: Valid session key $K_{u,t}$ for UAV u
1:  procedure ENROLLUAV ($I{D}_u$, $p{k}_u$, role)
2:        Create $T_{\mathrm{enroll}}\leftarrow (I{D}_u,p{k}_u,\mathrm{role},t_{\mathrm{start}},t_{\exp })$
3:        Submit $T_{\mathrm{enroll}}$ to blockchain; wait for confirmation
4:  procedure REVOKEUAV ($I{D}_u$, reason)
5:        Create $T_{\mathrm{revoke}}\leftarrow (I{D}_u,\mathrm{reason},t_{\mathrm{rev}})$
6:        Append to blockchain; invalidate future keys for $I{D}_u$
7:  procedure REKEY ($I{D}_u$, epoch)
8:        $p{k}_u\leftarrow \mathcal{B}\left[I{D}_u\right]$	▹fetch from on-chain state
9:        $K_{u,t}\leftarrow f(p{k}_u,\mathrm{epoch})$
10:        Gateway sends $(K_{u,t},{\pi }_u)$ to UAV
11:        UAV verifies inclusion proof ${\pi }_u$ against header ${\mathrm{Hdr}}_t$
12:  procedure VERIFYKEY ($K_{u,t}$, ${\pi }_u$, ${\mathrm{Hdr}}_t$)
13:        if $\mathrm{MerkleVerify}({\pi }_u,K_{u,t},{\mathrm{Hdr}}_t)$ = true then
14:              return VALID
15:        else
16:              return INVALID

Figure 2 details the key-management architecture integrated into the proposed dual-layer UAV-cloud security framework, addressing the full key lifecycle across the UAV, gateway, and cloud tiers. At the UAV tier, lightweight session keys are generated via a lightweight KDF and stored only as short-lived ephemeral material, while periodic rekeying is enforced to preserve forward secrecy and limit the impact of device capture or key exposure. At the gateway tier, an edge key-management module performs key translation and re-encryption key handling, enabling the UAV-gateway hop to remain energy-efficient while securely bridging to the stronger gateway-cloud protection. For the cloud tier, post-quantum key exchange (PQ KEM) and a long-term key repository support scalable key establishment and archival security against ‘harvest-now, decrypt-later’ adversaries. the framework incorporates blockchain-assisted governance for enrollment, revocation, audit logging, and key issuance, providing tamper-evident accountability and rapid invalidation of compromised identities without imposing heavy storage or consensus overhead on UAV nodes. Collectively, these mechanisms ensure authenticated key enrollment, continuous key rotation, prompt revocation, and auditable key updates, making key management a first-class component of the proposed cryptographic pipeline rather than an implicit assumption.

3.7. Experimental Setup and Evaluation Metrics

To validate the proposed dual-layer encryption architecture, we designed a heterogeneous testbed that mirrors realistic UAV-to-cloud communication conditions. At the UAV tier, Raspberry Pi Zero, STM32 microcontrollers, and ARM Cortex-based autopilot boards were used to capture the constraints of lightweight aerial platforms with limited CPU and memory [23]. At the gateway tier, NVIDIA Jetson Nano edge devices and industrial control servers were used to represent moderately capable ground stations. At the cloud tier, we used AWS EC2 instances and Microsoft Azure VMs, offering scalable and elastic computational resources [24]. This multi-tier testbed enables us to evaluate trade-offs between lightweight execution at UAVs, secure re-encryption at gateways, and post-quantum protection in the cloud. To ensure that the measured reductions in computational overhead and end-to-end latency are directly attributable to the proposed encryption architecture (and not to external factors such as optimized routing paths or unconstrained network variations), all schemes were executed on the same hardware testbed with identical payload sizes, identical software environments, and fixed network routing configurations. In particular, the UAV-gateway and gateway-cloud links were evaluated using the same network path and identical bandwidth/latency settings for all baselines and the proposed method, and only the cryptographic processing pipeline was changed between experiments.

Software environment. The experimental framework was implemented using Python (v3.11) with NumPy (v1.26) for data handling and analysis, while cryptographic operations were executed using OpenSSL (v3.0) for ECC/TLS baselines and a post-quantum library implementation for Kyber (liboqs v0.10) integrated through standard API bindings. Network traffic generation and measurement were performed using iPerf3 (v3.14) and Wireshark (v4.2), and all experiments were executed on Ubuntu Linux (v22.04 LTS) to ensure a consistent runtime environment across UAV, gateway, and cloud tiers. Where applicable, cloud-side orchestration and monitoring relied on AWS EC2 and Azure VM tooling with fixed instance configurations to maintain reproducibility across repeated trials.

We evaluate the system along five main dimensions: (1) Cryptographic security, which measures confidentiality, integrity, forward secrecy, and post-quantum resistance; (2) performance, which includes end-to-end latency, throughput, and UAV energy consumption; (3) scalability, which measures the number of UAVs supported concurrently without degrading security or latency; (4) resilience, which is tested by introducing replay, spoofing, and side-channel attempts; and (5) blockchain overhead, which measures transaction latency, energy cost per block, and additional bandwidth. Conventional single-layer schemes, such as TLS 1.3 (ECC-only), AES-only channels, PQC-only channels, and key management without blockchain integration, were used as baseline comparisons.

To isolate whether the improvements come from the proposed architecture (dual-layer offloading + adaptive ciphering + hybrid ECC–PQC key establishment) rather than simply “replacing a heavy cipher”, we additionally performed controlled component-wise comparisons where (i) the network path and message size are held constant and (ii) only one design element is changed at a time (fixed-cipher vs. adaptive-cipher, single-hop vs. gateway re-encryption, ECC-only vs. hybrid ECC–PQC). These controlled comparisons support a causal attribution of the reported latency and overhead reductions to the proposed scheme.

Profilers and monitoring scripts are used to instrument each layer to gather metrics. UAVs record the amount of power and CPU cycles used for each cryptographic operation. Blockchain transaction confirmations, packet loss, and re-encryption latency are all recorded by gateways. The cloud logs resilience against artificial adversarial attacks, hybrid KEM encapsulation/decapsulation costs, and session setup times. To guarantee repeatability and reliability of results, statistical averaging is carried out over several test runs with different network conditions.

We separately logged (a) cryptographic processing time at each tier and (b) pure network transmission time on each hop, so that the reported latency improvements can be decomposed into computation-driven versus network-driven components. This decomposition helps rule out the possibility that the observed end-to-end latency reductions are primarily due to network path effects.

End-to-end latency is defined as [25]

$$L_{e2e}=T_{\mathrm{enc}}^{\mathrm{UAV}}+T_{\mathrm{tx}}^{\mathrm{UAV}\to \mathrm{GW}}+T_{\mathrm{reenc}}^{\mathrm{GW}}+T_{\mathrm{tx}}^{\mathrm{GW}\to \mathrm{Cloud}}+T_{\mathrm{dec}}^{\mathrm{Cloud}},$$

(13)

where each term represents encryption, transmission, re-encryption, and decryption delay. To explicitly attribute improvements to the encryption design, we also report the cryptographic-only latency component as

$$L_{\mathrm{crypto}}=T_{\mathrm{enc}}^{\mathrm{UAV}}+T_{\mathrm{reenc}}^{\mathrm{GW}}+T_{\mathrm{dec}}^{\mathrm{Cloud}}+T_{\mathrm{hs}}^{\mathrm{GW}\leftrightarrow \mathrm{Cloud}},$$

(14)

where $T_{\mathrm{hs}}^{\mathrm{GW}\leftrightarrow \mathrm{Cloud}}$ denotes the gateway–cloud handshake/key-establishment time (ECC-only, PQC-only, or hybrid ECC–PQC). This separation provides a direct measure of computational overhead independent of link transmission delays.

Throughput is

$$\Theta ={\displaystyle \frac{{\sum }_{i=1}^N\left|M_i\right|}{{\sum }_{i=1}^N{L}_{e2e}\left(M_i\right)}},$$

(15)

for N messages of size $|M_i|$. Blockchain overhead is modeled as

$$O_{BC}=T_{\mathrm{tx}}^{BC}+T_{\mathrm{consensus}}+E_{\mathrm{tx}}^{BC},$$

(16)

where $T_{\mathrm{tx}}^{BC}$ is transaction submission latency, $T_{\mathrm{consensus}}$ is block confirmation delay, and $E_{\mathrm{tx}}^{BC}$ is the energy consumed.

Table 7. Evaluation Metrics and Measurement Methods.

Category	Metric	Definition	Measurement Source
Cryptographic Security	Confidentiality, Integrity, PQC resistance	Resistance to cryptanalysis	CryptoLib + adversarial tests
Performance	Latency, Throughput, Energy	$L_{\mathrm{e}2\mathrm{e}},\Theta$, Joules/msg	Logs from UAV/GW/Cloud
Attribution/Control	Crypto-only latency, Network-only latency	$L_{\mathrm{crypto}}$ and hop-wise $T_{\mathrm{tx}}$ components under fixed paths	Time-stamped profilers + network monitors
Scalability	UAV concurrency	Max UAVs with $L_{\mathrm{e}2\mathrm{e}}<T_{\mathrm{thr}}$	Simulation scaling tests
Resilience	Attack robustness	Success rate of replay/spoofing	Controlled attack injection
Blockchain Overhead	Delay, Energy, Bandwidth	$O_{\mathrm{BC}}$	Gateway ledger + profilers

summarizes the evaluation metrics and their corresponding measurement sources. Cryptographic security is tested by adversarial cryptanalysis. Performance and energy are measured directly on UAVs and gateways. Scalability is benchmarked by scaling UAV counts. Resilience is assessed by injecting controlled attacks. Blockchain costs are profiled at gateways interacting with the ledger.

The attribution/control metrics (crypto-only and network-only latency components under fixed routing) provide an explicit mechanism to demonstrate that the reported reductions in overhead and end-to-end latency originate from the proposed cryptographic architecture rather than from optimized network paths or unrelated system changes. as shown in Algorithm 5.

Algorithm 5 Evaluation Workflow for Dual-Layer Encryption

Require: Testbed $\{\mathcal{U},\mathcal{G},C\}$; baseline schemes $\mathcal{B}$

Ensure: Metrics $\{L_{\mathrm{e}2\mathrm{e}},\Theta ,E,O_{\mathrm{BC}},\mathrm{Resilience}\}$

Control Assumptions: fixed routing/path, fixed payload sizes, identical hardware/software across schemes

1:  for each scheme $s\in \{\text{DL\_Hybrid}\}\cup \mathcal{B}$ do

2:        for each UAV $u\in \mathcal{U}$ do

3:               for epoch $t=1$ to T do

4:                      $M\leftarrow$ generate_payload($u,t$)

5:                      Encrypt at UAV: $C_u\leftarrow {\mathrm{Enc}}_s\left(M\right)$

6:                      Re-encrypt at Gateway: $C_g\leftarrow {\mathrm{ReEnc}}_s\left(C_u\right)$

7:                      Decrypt at Cloud: $M^{\prime }\leftarrow {\mathrm{Dec}}_s\left(C_g\right)$

8:                      Measure latency $L_{\mathrm{e}2\mathrm{e}}\left(M\right)$, energy $E\left(u\right)$, throughput $\Theta \left(u\right)$

9:                      Measure hop-wise transmission times and compute $L_{\mathrm{crypto}}$ to isolate cryptographic overhead

10:                      if attack_scenario = true then

11:                             Record resilience score

12:                      if blockchain_enabled then

13:                             Record blockchain overhead $O_{\mathrm{BC}}$

14:    Aggregate averages; compare with baselines

4. Discussion Results and Comparison

The results in

Table 8. End-to-End Performance vs. Baselines (1 kb messages, median over 10 runs).

Scheme	Latency ${\mathit{L}}_{\mathbf{e}2\mathbf{e}}$ (ms)	Throughput (Mb/s)	UAV Energy (mJ/MB)	GW–Cloud HS (ms)
TLS 1.3 (ECC only)	49.2	17.4	52.7	7.8
PQC-only (Kyber512)	62.3	12.9	58.4	15.9
AES-only (single hop)	41.0	19.8	44.1	7.6
Proposed Dual-Layer (Adaptive + Hybrid)	34.8	21.6	38.5	12.6

clearly demonstrate the performance of the proposed dual-layer encryption architecture compared to conventional baselines. In terms of end-to-end latency, the dual-layer scheme achieves a speed of 34.8 ms, significantly outperforming TLS 1.3 (49.2 ms) and PQC-only Kyber512 (62.3 ms), while also improving upon the AES-only single-hop configuration (41.0 ms). These reductions in delay highlight the efficiency of combining adaptive lightweight ciphers at the UAV side with hybrid ECC+PQC encapsulation at the gateway.

Importantly, these comparisons were executed under identical hardware, fixed routing paths, and fixed payload sizes across all schemes; thus, the observed improvements cannot be explained by network-path optimizations or platform differences and are attributable to the proposed encryption pipeline. throughput is maximized at 21.6 Mb/s, surpassing all other schemes, including the AES-only baseline (19.8 Mb/s). this improvements validate that adaptively selecting UAV ciphers and offloading heavy Operations to the Gateway enables higher data transfer rate Without compromising Security. To further support causality, we separately profiled cryptographic processing time (UAV encryption, gateway re-encryption, and cloud decryption) and gateway–cloud handshake cost; the reductions are primarily driven by the lightweight/adaptive first-hop processing and computation offloading to the gateway rather than changes in transmission time.

4.1. Energy Consumption Results

Energy consumption results further reinforce the advantage of the proposed approach. UAV-side energy per megabyte is reduced to 38.5 mJ/MB, lower than TLS 1.3 (52.7 mJ/MB) and PQC-only (58.4 mJ/MB), and even more efficient than AES-only (44.1 mJ/MB). These energy savings directly translate to extended UAV operational lifetime and mission endurance, a critical factor in real-world deployments. Although the gateway–cloud handshake time for the dual-layer scheme (12.6 ms) is higher than ECC-only or AES-only due to the inclusion of post-quantum encapsulation, it remains substantially lower than the PQC-only scheme (15.9 ms). These results confirm that the dual-layer architecture successfully balances lightweight execution, quantum resilience, and system-wide efficiency, offering a pragmatic and future-proof solution for UAV-to-cloud secure communication.

Attribution of performance gains. To address the possibility that lower $L_{\mathrm{e}2\mathrm{e}}$ is caused by network-path effects, we decomposed end-to-end latency into computation-dominant and transmission-dominant components. Under fixed routing and identical link settings, the measured reductions are dominated by the cryptographic component (UAV encryption + gateway re-encryption + cloud decryption + GW–Cloud handshake), while hop transmission delays remain statistically stable across schemes. Therefore, the latency and overhead improvements in Table 8 are directly attributable to the proposed dual-layer cryptographic design rather than external network optimization.

The computational and energy costs of various lightweight symmetric ciphers when implemented on a limited UAV platform (Raspberry Pi Zero W) are shown in

Table 9. UAV-Side Microbenchmarks for Symmetric Ciphers (Raspberry Pi Zero W).

Cipher (Mode)	Cycles/Byte	Energy (mJ/MB)	Notes
PRESENT-128 (AEAD wrapper)	18.2	30.2	Ultra-light, lowest power
Ascon-128a (AEAD)	23.4	36.8	NIST LWC winner; robust in noise
AES-CCM-128	35.1	49.5	Lowest latency on good channels

. According to the results, PRESENT-128 has the smallest footprint, requiring only 18.2 cycles/byte and consuming 30.2 mJ/MB, which makes it ideal for ultra-constrained UAVs with low processing power and battery capacity. Ascon-128a provides authenticated encryption and robustness against side-channel attacks, which justifies its higher computational cost in noisy or adversarial environments, despite being slightly more demanding at 23.4 cycles/byte and 36.8 mJ/MB. AES-CCM-128 is the most resource-intensive, using 35.1 cycles/byte and 49.5 mJ/MB, but because of its strong security guarantees and compatibility with hardware acceleration, it offers the lowest latency under high-quality channel conditions.

These comparative scores indicate the importance of cipher agility in UAV communication. PRESENT-128 is best used for extending mission time under strict energy constraints, although it has a lower theoretical security margin than AES. Ascon offers a compromise by providing moderate energy overhead together with lightweight cryptographic strength in noisy or adversarial settings. AES-CCM, despite requiring more power consumption, is useful when the energy budget is sufficient and low-latency transmission is required. Overall, these microbenchmarks demonstrate that no single cryptographic primitive dominates across all scenarios; instead, adaptive switching among PRESENT, Ascon, and AES-CCM enables UAVs to remain concurrently secure, efficient, and scalable as operational conditions change.

An ablation study contrasting the adaptive ciphering strategy with fixed cipher configurations under mixed channel conditions is shown in

Table 10. Ablation: Adaptive Ciphering vs. Fixed Choice.

Policy	${\mathit{L}}_{\mathbf{e}2\mathbf{e}}$ (ms)	UAV Energy (mJ/MB)	Retransmits (/10 k)	Integrity Fail (/10 k)
Fixed PRESENT-128	33.1	30.6	35	1.9
Fixed Ascon	38.9	37.2	22	0.1
Fixed AES-CCM	36.2	48.7	18	0.4
Adaptive (ours)	34.8	38.5	14	0.1

. Fixed PRESENT-128 achieves the lowest UAV energy consumption at 30.6 mJ/MB, but it is less resilient in noisy or hostile environments due to higher retransmission rates (35/10 k) and integrity failures (1.9/10 k). In contrast, fixed Ascon offers outstanding integrity with only 0.1 failures/10 k, but it is less ideal for missions with limited resources due to its moderate energy cost (37.2 mJ/MB) and higher latency (38.9 ms). While fixed AES-CCM offers lower latency (36.2 ms) and fewer retransmissions (18/10 k), it has the highest energy consumption (48.7 mJ/MB), which could shorten UAV endurance.

All ablation runs used the same UAV hardware, identical payload sizes, and the same fixed network path and link configuration; therefore, the differences observed in Table 10 are driven by the ciphering policy (fixed vs. adaptive) rather than external network optimizations. In particular, since the adaptive policy switches among both lightweight and heavier options depending on channel/battery context, the observed reliability and latency improvements cannot be attributed solely to replacing a heavy cipher with a lighter one.

By achieving a balance between efficiency, robustness, and reliability, the proposed adaptive strategy outperforms all fixed policies. With only 14 retransmits/10 k and 0.1 integrity failures/10 k, it achieves nearly the same low latency as PRESENT (34.8 ms vs. 33.1 ms), near-minimal energy cost (38.5 mJ/MB), and the best overall transmission reliability. These findings confirm that adaptive switching enables UAVs to dynamically take advantage of each cipher’s strengths: reducing retransmissions for stable links, guaranteeing robustness in unfavorable channels, and conserving energy when resources are limited. To maximize UAV mission performance and security resilience in a variety of operating conditions, the adaptive policy offers a comprehensive optimization by combining the best features of the individual ciphers.

4.2. Ablation: Adaptive Ciphering vs. Fixed Choice Results

The effects of onion-style nesting, Shamir secret sharing, and multi-path replication on availability, performance overhead, and confidentiality are assessed in

Table 11. Multi-Path and Onion Hardening: Availability and Overhead.

Mode	Avail. (% Delivered)	Bandwidth Ovhd	${\mathit{L}}_{\mathit{e}2\mathit{e}}$ Ovhd	Confidentiality Note
Sequential (baseline)	97.8	$\times 1.0$	+0%	PQC-ready link isolation
Replica ($m=2$)	99.6	$\times 2.0$	+4.3%	Redundant paths
Replica ($m=3$)	99.9	$\times 3.0$	+7.1%	High availability
Shamir $(t=2,m=3)$	99.2	$\times 1.0$	+6.4%	No info with <t shares
Shamir $(t=3,m=5)$	99.8	$\times 1.0$	+9.5%	Tolerates $m-t$ loss
Onion ($r=2$)	97.7	$\times 1.0$	+8.2%	Layered compartmentalization
Onion ($r=3$)	97.5	$\times 1.0$	+14.7%	Strongest compartmentalization

. With no extra bandwidth or latency overhead, the baseline sequential scheme delivers 97.8% of packets under a 2% per-path loss rate, but it only offers single-path resilience. Delivery rates are greatly increased by replication: $m=2$ paths increase availability to 99.6% at the expense of doubling bandwidth, while $m=3$ paths produce the highest reliability at 99.9%, but bandwidth triples. This demonstrates how replication can maximize availability at the expense of network efficiency.

Strong confidentiality is introduced without increasing bandwidth through Shamir secret sharing. While $(t=3,m=5)$ achieves 99.8% availability and tolerates up to two lost paths, latency overhead increases by 9.5%. With $(t=2,m=3)$, availability is 99.2% and no single compromised path reveals information. Onion nesting emphasizes compartmentalization: at constant bandwidth, $r=2$ layers result in a slight latency increase (+8.2%), while $r=3$ layers offer the strongest isolation (+14.7%). These findings confirm that replication is best for high availability, onion nesting for layered isolation, and Shamir sharing for confidentiality against path compromise. This allows system designers to customize integration policies based on resource budgets and mission-critical requirements.

Table 12. Security/Resilience Under Active Adversary.

Scheme	Replay Success (%)	MITM Acceptance (%)	Key Compromise Impact	HN/DL Resilience
TLS 1.3 (ECC only)	0.0	0.3	Session-limited	Not resilient
PQC-only (Kyber512)	0.0	0.4	Session-limited	Resilient
AES-only (single hop)	0.7	1.1	Link-scoped	Not resilient
Proposed Dual-Layer	0.0	0.1	Hop+session compartmentalized	Resilient

analyzes the resilience of different encryption schemes under active adversarial conditions, including replay, MITM, and key compromise, as well as long-term “harvest-now, decrypt-later” (HN/DL) threats. AES-only single-hop protection shows the weakest resilience, with 0.7% replay success and 1.1% MITM acceptance, highlighting its vulnerability to link-layer exploitation. TLS 1.3 (ECC) improve robustness by eliminating replay success and reducing MITM acceptance to 0.3%, but it remains quantum-vulnerable, offering no defense against HN/DL adversaries. PQC-only Kyber512 achieves replay resistance and quantum resilience, but its MITM acceptance rate of 0.4% and session-only protection in key-compromised scenarios reveal a potential gap if a gateway or UAV is temporarily exposed.

The proposed dual-layer architecture achieves the strongest overall security posture. Replay attempts are fully neutralized (0.0%), and MITM acceptance is minimized to only 0.1%, the lowest across all schemes. Unlike ECC- or PQC-only designs, which confine compromise impact to a single session, the dual-layer model enforces hop+session compartmentalization, ensuring that exposure of one layer’s key does not compromise other links or epochs. Moreover, it is the only scheme that simultaneously guarantees forward secrecy and PQC-level resilience, making it resistant to HN/DL attacks. These results confirm that layering adaptive lightweight encryption with hybrid post-quantum encapsulation provides a defense-in-depth strategy that not only strengthens resilience against classical adversaries but also ensures future-proof protection in the quantum era.

Table 13. Blockchain-Assisted Key Ops: Overhead and UAV Cost.

Operation	GW/Cloud Latency (ms)	Bytes Uplink	UAV Verify Energy (mJ)	Notes
Enrollment	1200	1.8 kb	0.22	One-time per UAV
Rekey (epoch)	180	520 b	0.18	Frequent, lightweight
Revocation	220	0.9 kb	0.21	Immediate effect
Audit Append	95	0.4 kb	0.05	Metadata only

evaluates the operational overhead and UAV-side costs of blockchain-assisted key management. The results indicate that enrollment is the most resource-intensive operation, requiring 1200 ms latency and 1.8 kb of uplink data, though it is only performed once per UAV during system registration. Revocation events are lighter at 220 ms and 0.9 kb, enabling rapid invalidation of compromised nodes without excessive communication or energy burden. Audit appends, which log cryptographic events and metadata, are the least demanding, with just 95 ms latency, 0.4 kb uplink, and a negligible UAV verification cost of 0.05 mJ, highlighting their practicality for continuous monitoring and accountability.

The most common and important operation is rekeying, which incurs the lowest UAV verification energy at 0.18 mJ, a small overhead of 180 ms, and only 520 B of data. This strengthens forward secrecy without depleting UAV resources because it is lightweight enough to support short-lived session keys and frequent key refresh. Collectively, these findings demonstrate that blockchain integration minimizes UAV-side overhead while offering robust security guarantees of immutability, transparency, and accountability. The cost distribution effectively strikes a balance between security enforcement and resource efficiency in UAV deployments by ensuring that recurring operations (rekeying and auditing) remain lightweight while infrequent operations (enrollment and revocation) carry higher latency.

4.3. Scalability Results

The scalability benefits of the proposed dual-layer architecture over ECC-only TLS 1.3 and PQC-only Kyber512 schemes are shown in

Table 14. Scalability: Median $L_{\mathrm{e}2\mathrm{e}}$ vs. Number of Concurrent UAVs.

UAVs	50	100	200	300	500
TLS 1.3 (ECC only)	41.6 ms	46.9 ms	58.3 ms	73.5 ms	102.1 ms
PQC-only (Kyber512)	52.8 ms	59.4 ms	74.6 ms	95.8 ms	138.4 ms
Proposed Dual-Layer	33.9 ms	36.8 ms	43.7 ms	49.5 ms	64.2 ms

. Both ECC-only and PQC-only solutions exhibit notable latency growth as the number of concurrent UAVs increases, surpassing 100 ms and 138 ms, respectively, at 500 UAVs. By comparison, the dual-layer design consistently maintains lower latency at all scales, ranging from 33.9 ms at 50 UAVs to only 64.2 ms at 500 UAVs. Under heavy load, this represents more than a 53% improvement over PQC-only and nearly a 37% improvement over ECC-only. These findings demonstrate that efficient hybrid key encapsulation at the gateway and adaptive ciphering at the UAV tier improve workload distribution and reduce communication bottlenecks.

Major design variations in gateway–cloud communication are further examined in

Table 15. GW–Cloud Key Schedule Variants (Hybrid Details).

Variant	KEM	ECC Curve	Handshake (ms)	e2e Latency (ms)
Hybrid-A	Kyber512	X25519	12.6	34.8
Hybrid-B	Kyber768	X25519	14.1	36.0
Hybrid-C	Kyber512	P-256	13.4	35.6
ECC-only	—	X25519	7.8	49.2
PQC-only	Kyber512	—	15.9	62.3

. The best trade-off is achieved by Hybrid-A (Kyber512 + X25519), which outperforms both ECC-only (49.2 ms) and PQC-only (62.3 ms) with a handshake time of only 12.6 ms and end-to-end latency of 34.8 ms. While Hybrid-C (Kyber512 + P-256) achieves comparable performance (35.6 ms) with a different curve selection, Hybrid-B (Kyber768 + X25519) offers stronger post-quantum security at the expense of slightly higher latency (36.0 ms). These findings demonstrate that the hybridization strategy maintains quantum resilience without compromising practical effectiveness. Hybrid-B offers a greater security margin for critical applications, whereas Hybrid-A provides the best balance for real-time UAV missions.

Major design variations in gateway–cloud communication are further examined in

Table 16. GW–Cloud Key Schedule Variants (Hybrid Details).

Variant	KEM	ECC Curve	Handshake (ms)	e2e Latency (ms)
Hybrid-A	Kyber512	X25519	12.6	34.8
Hybrid-B	Kyber768	X25519	14.1	36.0
Hybrid-C	Kyber512	P-256	13.4	35.6
ECC-only	—	X25519	7.8	49.2
PQC-only	Kyber512	—	15.9	62.3

. The best trade-off is achieved by Hybrid-A (Kyber512 + X25519), which outperforms both ECC-only (49.2 ms) and PQC-only (62.3 ms) with a handshake time of only 12.6 ms and end-to-end latency of 34.8 ms. While Hybrid-C (Kyber512 + P-256) achieves comparable performance (35.6 ms) with a different curve selection, Hybrid-B (Kyber768 + X25519) offers stronger post-quantum security at the expense of slightly higher latency (36.0 ms). These findings demonstrate that the hybridization strategy maintains quantum resilience without compromising practical effectiveness. Hybrid-B offers a greater security margin for critical applications, whereas Hybrid-A provides the best balance for real-time UAV missions. All GW–Cloud variant experiments were executed using the same gateway/cloud hardware, identical payload sizes, and fixed routing paths; hence, the latency differences in Table 15 primarily reflect the measured cryptographic key-establishment and key-schedule overhead (handshake cost) rather than network-path effects. In particular, the increase from Hybrid-A to Hybrid-B is consistent with the higher KEM parameter cost (Kyber768 vs. Kyber512) observed in the handshake measurements, confirming that the trade-off is driven by cryptographic computation.

The performance of hybrid variants and the scalability of various encryption schemes in UAV-to-cloud communication are compared in Figure 3. The proposed dual-layer architecture consistently maintains the lowest median end-to-end latency across increasing UAV swarm size, as shown by the scalability curve. At 500 UAVs, it sustains only 64 ms, compared to 102 ms for TLS 1.3 and 138 ms for PQC-only Kyber512. These results show that, in large-scale deployments, adaptive ciphering at the UAV tier and hybrid encapsulation at the gateway greatly reduce communication delays. The bar chart of hybrid variants further reinforces these findings: Hybrid-A (Kyber512 + X25519) outperforms both ECC-only and PQC-only baselines, achieving the best trade-off with the lowest end-to-end latency (34.8 ms) and a combined handshake time (12.6 ms). Stronger PQC parameter variants, such as Kyber768, incur marginally higher latency, demonstrating the framework’s flexibility in adjusting the security–performance balance based on mission requirements.

Because routing and link settings were held constant across all plotted schemes, the scalability advantage arises from computation distribution (lightweight/adaptive UAV encryption with gateway offloading) and the measured handshake/key schedule costs reported in Table 15, rather than from optimized network paths.

The blockchain operation latency distributions, which are essential to key management and auditability, are shown in Figure 4. With a median latency of about 1200 ms, enrollment operations are the most time-consuming; since this is a one-time expense per UAV, it is operationally acceptable. In contrast, revocation takes about 220 ms to complete, enabling a prompt response to compromised nodes, while rekeying, which happens frequently to guarantee forward secrecy, has a much lower median latency of 180 ms. Because audit appends are the lightest-averaging less than 100 ms-they can be used for continuous metadata logging without interfering with UAV communications. The distributions also show tight variance for rekeying and audit operations, ensuring predictability under load. Collectively, these findings show that the blockchain layer offers robust guarantees of decentralization and transparency.

4.4. Comparison with Related Works

The comparative analysis presented in

Table 17. Comparison of Related Studies and the Proposed Work.

Study	Lightweight Encryption	Post-Quantum Cryptography (PQC)	Blockchain Integration	Adaptive/Energy-Aware	UAV–to-Cloud Security	Authentication/ Scalability
[4]	PRESENT, HIGHT, SIMON, SPECK, AES-CCM tested on UAVs; energy gains reported.	None; only classical lightweight ciphers.	No blockchain or decentralized trust.	No adaptive switching; static benchmarking only.	Telemetry-level encryption; no full-stack coverage.	25–40% endurance gain; no scalability/authentication study.
[14]	None.	Kyber512, Dilithium-II benchmarked vs ECC/AES; PQC feasibility shown.	None; no distributed key system.	No energy-aware or adaptive scheduling.	Partial PQC uplink; no multi-tier integration.	PQC reduced endurance by 15%; no swarm scalability.
[15]	None.	None; used classical PKI-based cryptography.	Consortium blockchain for UAV key lifecycle only.	No adaptive switching; focused on key enrollment.	Key exchange only; lacked data confidentiality.	Scalable to 500 UAVs; Merkle proof storage.
[16]	None.	None.	None; no decentralized or audit system.	No energy-aware mechanism.	Broadcast authentication only.	ECC + biohashing; 27.4 ms overhead; moderate scale.
[17]	None.	None; no cryptographic enhancements.	None.	No adaptive crypto mechanisms.	Orchestration/ microservices only; no secure channels.	Scalable to 5000 UAVs; no crypto layer.
[18]	None.	None.	Lightweight blockchain with trust scoring.	No adaptive crypto.	Decentralized trust; no encryption channel layers.	>92% threat detection; improved network scale.
Proposed Work	Adaptive lightweight encryption: PRESENT-128, Ascon, AES-CCM.	Hybrid ECC + Kyber512/768 for PQC resilience.	Blockchain-based key lifecycle with smart contracts + Merkle proofs.	Energy-aware, context-driven cipher switching.	Dual-layer UAV Gateway Cloud encryption with multi-path/onion model.	Quantum-resilient auth; scalable to 500 UAVs.

positions the proposed framework within the broader landscape of UAV security research, highlighting both its architectural breadth and functional depth relative to existing approaches. Unlike prior works that typically focus on isolated security dimensions such as lightweight encryption, post-quantum cryptography, or blockchain-based trust management the proposed solution integrates all these elements into a unified, adaptive security architecture. Existing studies either emphasize energy efficiency without cryptographic robustness, or introduce post-quantum primitives without considering real-time constraints, scalability, or multi-hop UAV–cloud communication. In contrast, the proposed framework jointly addresses confidentiality, integrity, scalability, and resilience by combining adaptive lightweight encryption, hybrid ECC–PQC key exchange, and blockchain-assisted trust management. Moreover, while previous solutions often lack adaptability to dynamic mission conditions, the proposed approach introduces energy-aware cipher switching and layered security enforcement, enabling robust performance across heterogeneous UAV swarm scales. This holistic integration allows the system to maintain quantum resilience, operational efficiency, and secure interoperability, thereby overcoming the fragmented security guarantees observed in prior studies and establishing a more comprehensive foundation for next-generation UAV–cloud infrastructures.

5. Conclusions

In this work, we introduced a dual-layer encryption architecture for UAV-to-cloud communication that combines adaptive lightweight symmetric encryption at the UAV–gateway tier with a hybrid ECC+PQC scheme at the gateway–cloud tier, reinforced by multi-path security, onion-style nesting, and blockchain-assisted key management. This is not a simple layering of ciphers but a multi-dimensional, defense-in-depth architecture designed to protect UAV communication against both classical and emerging quantum threats. The proposed design effectively balances security, efficiency, and scalability, achieving low end-to-end latency, high throughput, reduced UAV energy consumption, and strong resilience against replay, MITM, and quantum-capable adversaries, with scalability demonstrated up to 500 UAVs. Unlike prior models, the architecture addresses both tactical and strategic vulnerabilities by integrating cryptographic agility, decentralized key lifecycle management, and adaptive cipher scheduling across communication tiers. These results confirm the practicality of deploying robust, future-proof cryptography in resource-constrained aerial networks. Future work will focus on extending the framework to real-time swarm scenarios with intermittent connectivity, exploring advanced post-quantum algorithms such as Dilithium and Falcon, integrating federated learning-based anomaly detection for adaptive intrusion responses, and optimizing lightweight blockchain consensus to further reduce latency and energy overhead in large-scale UAV-IoT ecosystems.