Non cryptographic answer:
GPS spoofing can be done without breaking the encryption.
By recording the encrypted signal and brodcasting it back with controlled delay and stronger local signal. It is the original encrypted signal and therefor decryption and verification will succeed. Deriving location is done from the difference in time delay between different satellites. If we add our own delay we can create for a target in known location any fake GPS location we choose. We start with small induced error and gradually increase.
It is theoretically possible to detect such an attack. E.g by monitoring clock jumps and falling back to other navigation systems such as INS. However such detection is heuristic and requires the victim to have a high accuracy clock and/or the attacker to be limited in the minimal delay he can induce and of course you need to have a good fallback. Plenty of military hardware does not have such anti spoofing measures.
Iran hijacked a US military drone and captured it intact. They obviously didn't share technical details but common wisdom is they jammed the control signal and spoofed the GPS signal, no evidence the encryption was broken.