Parsimoni’s pure-OCaml CCSDS protocol stack (Borealis) booted on DPhi Space’s ClusterGate-2 satellite April 23, 2026, with BPSec encryption and post-quantum OTAR key rotation.
Key Takeaways
Borealis runs on an Arm Cortex-A53 SoC (4 GB RAM) as a FROM-scratch Docker image, treating DPhi’s filesystem upload/download API as a delay-tolerant BPv7 bundle network.
BPSec wraps every bundle in payload encryption plus authentication blocks; sequence numbers block replays, keeping the satellite operator’s routing path outside the trust boundary on shared hosted-payload hardware.
Post-quantum signing uses ML-DSA-65 keys rotated via OTAR without re-flashing; claimed first in-orbit demonstration of post-quantum OTAR, aligned with NASA-STD-1006A requirements.
OxCaml with exclave stack annotations drops CCSDS dispatch p99.9 latency from 29 ns to 9 ns per packet and eliminates GC pressure (394 minor GCs to zero over 25M packets).
The master key has no rotation path once in orbit; lost master key means the stack is permanently unreachable, an explicit acknowledged failure mode with no hardware TPM available.
