This work discusses and applies techniques to efficiently and securely use cryptography for signal authentication in civil (open) satellite navigation signals such as Chips-Message Robust Authentication (“Chimera”). By efficient and secure, we mean maintaining a cryptographic security strength requirement with minimum data bandwidth and watermark signal degradation. We exploit many strategies, including using Timed-Efficient Stream Loss-tolerant Authentication (“TESLA”), sectioned parallelized cryptographic secret distribution, and only one constant, independent spreading code watermark degradation. Our design allows multi-cadence (i.e., slow and fast) distribution even with only a single watermark degradation. Our design maintains standard 128-bit security with a single minimum bandwidth channel while allowing for authentication of many GNSS services.