Is encryption possible at the physical layer?

The job of physical layer is to transmit the data over some channel(cable or wireless medium). If encryption was done at the physical layer, then all the data, including the application data, the destination IP address, port number, different headers, etc. will be encrypted as well. When this encrypted data will be transmitted, the next node(router,switch, or some other link) won't be able to determine the destination address(since even the destination address is encrypted), and it won't be able to forward it. Hence, encryption is not done at physical layer.


If you choose to implement encryption at the physical layer, it might be because:

  • Either you need for some reason to support anything which could compose the link layer 2, you want your encryption scheme to be independent and transparent to potentially unsecured upper layers.
  • Some requirement make it unavoidable to work as close to the physical as possible.

The only current use-case I could imagine for such purpose would be radio-communication, and mostly military grade radio-communication. For instance, there are systems obfuscating the communication as to appear as electromagnetic blank noise while being actual communication (trying to avoid detection and localization issues). Such encoding does not process bytes, it directly processes the electromagnetic waves so it needs to be located at the physical layer.

In all case physical layer encryption would bring quite a high complexity, and therefore higher cost, so most chances are that its usage is limited to military & co. As far as I know for civilian usage using a standard physical layer with encryption implemented no lower than layer-2 is usually sufficient.


Sure, Powerline adapters have done this for years.

Powerline adapter

For example the Belkin Surf POWERLINE NETWORKING ADAPTER employs 128-bit AES encryption.