Hey it's thanksgiving and I'm a little drunk. Apologies for any errors.
Keep in mind that "encryption" bundles together four different concepts: confidentiality, data integrity, authentication, and non-repudiation. To successfully do space science, data integrity is suuuuuuuuper important. Like if you send a command to the spacecraft to fire the engines for (binary) 000000010110010 milliseconds, and a cosmic ray happens and the spacecraft receives a command to fire the engines for 001110010110010 milliseconds, congratulations, your mission is totally fucked. Voyager was launched with Reed Soloman error correction before fundamental cryptography fundamentals like DES, DH or RSA were published.
Confidentiality is kind of a non-issue with spacecraft. If ground control says, "Fire the thrusters for 174 seconds, authentication code 0x8d0a8fc7" or whatever there are no secrets. Non-repudiation is also a non-issue: NASA doesn't need to prove to NASA that it never sent the self destruct command. NASA already knows what commands it sent.
Authentication is the bit that prevents unauthorized commands, and honestly, the authentication tech is not that complicated. We need 128 bit keys (or 256 if you're paranoid) to do confidentiality correctly, but we use 64 bit keys with "known broken" algorithms like MD5 to do authentication, and that's known to be totally safe.
So of the four pillars of encryption, one of them had to be built in from day 1, or you'd never accomplish anything. One of them is kinda of an easy problem actually, even with old technology. The other two aren't part of the attack surface.
Spacecraft also have a HUGE advantage built in: shared secrets. Ground control can program a secret key into the spacecraft before it's launched. After it's flying around you can leverage stuff off of that shared secret to authenticate communications. This totally sidesteps all of the hard parts of TLS, which involve certificate authorities, certificate revocation lists, etc.
On the confidentiality angle, I'll also add: space is very transparent if you have means to look at it. So if ground control says, "Fire the thrusters for 174 seconds", even over undecipherable one-time pad encryption, every nation with any kind of interest in space would see (or otherwise learn about) that particular spacecraft firing its thrusters for 174 seconds at a particular time. That's true even with military payloads where they try to keep things secret; with scientific missions, trajectories are openly shared anyway.
It's a lot harder to detect spacecraft manoeuvres than that. Depending on the type of thruster you might have a chance of detecting it if you have extremely sensitive, very expensive equipment closely monitoring a specific satellite in LEO, but nobody has enough of those to monitor every satellite, or even every military satellite constantly. At the distance of the Moon, forget it. No Earth based telescope can even resolve Chang'e 5 at all at this range, let alone a thrust plume. But even in LEO observing from another orbital sensor it's not easy, if the thruster is on the far side of the satellite, or using cold gas thrusters, or your view of the thruster is sufficiently blocked by a solar panel or antenna, also forget it.
> but we use 64 bit keys [...] to do authentication, and that's known to be totally safe.
I disagree with that. Using 64-bit authentication tags is fine, since they can only be attacked by sending guesses to the target system. 64-bit however are too weak, since they can be attacked using same offline brute-force attacks used against confidentiality. They have the advantage that an attacker needs to break them before they're changed/the project ends, while confidentiality can be important for many decades after that. But even then, I'd say 96 bits is the minimum authentication key size for a high value system, while I'd go with 128 bits.
There is some value in confidentiality of uplink, though. If the channel from Earth to probe is encrypted, you do not reveal your command protocol.
And, in all likelihood, there is either a common command protocol or a family of protocols for all Chinese spacecraft. Designing a brand new protocol for each class of spacecraft would be time consuming and add complexity to space operations.
It is easier to have just one command protocol, or just slight variations thereof, and use it for connection with all hardware out there.
Keep in mind that "encryption" bundles together four different concepts: confidentiality, data integrity, authentication, and non-repudiation. To successfully do space science, data integrity is suuuuuuuuper important. Like if you send a command to the spacecraft to fire the engines for (binary) 000000010110010 milliseconds, and a cosmic ray happens and the spacecraft receives a command to fire the engines for 001110010110010 milliseconds, congratulations, your mission is totally fucked. Voyager was launched with Reed Soloman error correction before fundamental cryptography fundamentals like DES, DH or RSA were published.
Confidentiality is kind of a non-issue with spacecraft. If ground control says, "Fire the thrusters for 174 seconds, authentication code 0x8d0a8fc7" or whatever there are no secrets. Non-repudiation is also a non-issue: NASA doesn't need to prove to NASA that it never sent the self destruct command. NASA already knows what commands it sent.
Authentication is the bit that prevents unauthorized commands, and honestly, the authentication tech is not that complicated. We need 128 bit keys (or 256 if you're paranoid) to do confidentiality correctly, but we use 64 bit keys with "known broken" algorithms like MD5 to do authentication, and that's known to be totally safe.
So of the four pillars of encryption, one of them had to be built in from day 1, or you'd never accomplish anything. One of them is kinda of an easy problem actually, even with old technology. The other two aren't part of the attack surface.
Spacecraft also have a HUGE advantage built in: shared secrets. Ground control can program a secret key into the spacecraft before it's launched. After it's flying around you can leverage stuff off of that shared secret to authenticate communications. This totally sidesteps all of the hard parts of TLS, which involve certificate authorities, certificate revocation lists, etc.