{ "chain_slug": "immutable-x", "name": "Immutable X", "scorecard_profile": "rollup-L2", "evaluated_at": "2026-04-18", "evaluator": "layerqu-v2-scoring-agent-3", "v1_reference": "chainscreen-v1-archive", "dimensions": { "1_cryptographic_exposure": { "weight": 0.12, "score": 28, "sub_scores": { "1a_primitive_inventory": { "score": 10, "primitives_named": [ "ECDSA secp256k1 (user tx, EVM)", "STARK proofs (FRI over prime field, hash-based)", "Keccak-256" ], "evidence": [ "https://docs.immutable.com/docs/x/main-concepts/architecture" ], "note": "StarkEx + StarkNet L2 architecture." }, "1b_shor_grover_pq_tag": { "score": 12, "tags": { "ECDSA secp256k1": "Shor-break", "STARK (FRI)": "Grover-weaken (hash-based, PQ-leaning)", "Keccak-256": "Grover-weaken-128bit" }, "evidence": [ "https://starkware.co/stark/" ] }, "1c_algorithm_family_diversity": { "score": 4, "families_represented": 1, "families": [ "Hash-based (STARK FRI)" ], "note": "FRI-based STARKs are hash-based and considered PQ-leaning (vs pairing-based SNARKs)." }, "1d_nist_security_category": { "score": 0, "mappings": {}, "note": "FRI-STARK is PQ-leaning but not NIST-standardized. No PQC signature scheme deployed." }, "1e_implementation_quality": { "score": 2, "formal_verification": "StarkEx prover audits (external)", "constant_time": "standard libraries", "libraries": [ "StarkEx (proprietary StarkWare)" ], "evidence": [] } }, "total_artifacts": 2 }, "2_hndl_exposure": { "weight": 0.08, "score": 22, "sub_scores": { "2a_active_key_exposure": { "score": 5, "note": "User ECDSA keys exposed on first tx. NFT holdings persist long-term." }, "2b_cold_key_exposure": { "score": 6, "note": "NFT holdings often long-dormant (collectibles). Cold ECDSA keys persistent." }, "2c_signature_longterm_validity": { "score": 6, "note": "STARK proofs are hash-based and PQ-leaning for state transitions. User ECDSA sigs still Shor-breakable." }, "2d_encryption_confidentiality": { "score": 5, "note": "TLS for API. No PQC KEM." } }, "total_artifacts": 2 }, "3_metadata_privacy_exposure": { "weight": 0.08, "score": 20, "sub_scores": { "3a_tx_graph_visibility": { "score": 5, "note": "Pseudonymous. NFT provenance is fully transparent." }, "3b_rpc_mempool_concentration": { "score": 3, "note": "Centralized StarkEx operator runs the mempool/order book." }, "3c_cross_chain_bridge_correlation": { "score": 6, "note": "Ethereum bridge visible; deposits/withdrawals linkable." }, "3d_retroactive_deanon_risk": { "score": 6, "note": "Non-private by design; low marginal retroactive risk." } }, "total_artifacts": 1 }, "4_migration_architecture": { "weight": 0.15, "score": 42, "sub_scores": { "4a_crypto_agility": { "score": 14, "note": "STARK proof system is modular — FRI parameters, hash choice upgradable. StarkEx governance controls upgrades." }, "4b_account_abstraction_key_rotation": { "score": 12, "note": "StarkEx L2 uses L1 Ethereum wallets for tx submission. L1 AA (ERC-4337) leverageable." }, "4c_hard_fork_track_record": { "score": 10, "note": "Multi-year StarkEx upgrades (StarkEx → zkEVM). Operator controls upgrades." }, "4d_hybrid_deployment_readiness": { "score": 6, "note": "No published hybrid PQC envelope. STARK already PQ-leaning on proof side." } }, "total_artifacts": 2 }, "5_deployment_execution": { "weight": 0.22, "score": 8, "sub_scores": { "5a_mainnet_pqc_pct": { "score": 3, "mainnet_pqc_pct": "STARK proofs PQ-leaning but not NIST-PQC; user sigs 0%", "evidence": [ "https://starkware.co/stark/" ], "note": "STARK proof system is hash-based/PQ-leaning, but this is not NIST PQC and user signatures remain ECDSA. Score credits FRI but flags conceptual gap." }, "5b_pqc_code_in_client": { "score": 0, "note": "No NIST PQC code in client." }, "5c_validator_pqc_adoption": { "score": 0, "note": "No validator set — centralized operator." }, "5d_published_milestones_count": { "score": 0, "count": 0, "milestones": [], "note": "No published PQC migration milestones." }, "5e_pqc_washing_delta": { "score": 5, "ratio": 1, "note": "StarkWare public about 'STARKs are post-quantum' but no user-sig PQC plan. Arguable PQC washing." } }, "total_artifacts": 1 }, "6_supply_chain_vendor_readiness": { "weight": 0.25, "score": 8, "sub_scores": { "6a_wallet": { "score": 2, "top3": [ "MetaMask", "Immutable Passport", "Argent" ], "pqc_roadmap_count": 0 }, "6b_bridge": { "score": 2, "top3": [ "Immutable Bridge (StarkEx)", "LayerZero", "Across" ], "pqc_roadmap_count": 0 }, "6c_custodian": { "score": 2, "top3": [ "Coinbase Custody", "Fireblocks (research only)", "BitGo" ], "pqc_roadmap_count": 0 }, "6d_rpc_hsm": { "score": 2, "top3": [ "Immutable RPC", "Alchemy", "QuickNode" ], "pqc_roadmap_count": 0 } }, "total_artifacts": 1 }, "7_governance_coordination": { "weight": 0.1, "score": 25, "sub_scores": { "7a_validator_stake_distribution": { "score": 5, "note": "Centralized StarkEx operator. No validator set." }, "7b_upgrade_cadence_under_pressure": { "score": 6, "note": "StarkEx operator-controlled upgrades. Transition from StarkEx to zkEVM in progress." }, "7c_named_coordination_lead": { "score": 9, "note": "Immutable (James + Robbie Ferguson) + StarkWare. No named PQC lead." }, "7d_adversarial_coordination_precedent": { "score": 5, "note": "No PQC-specific precedent." } }, "total_artifacts": 1 } }, "gates": { "hybrid_deployment": "FAIL", "evidence_reconstruction": "PASS", "primitive_naming": "PASS" }, "caps_applied": [ "Mosca (5a<20% → QRI max 60)", "Sutor (5d=0 → Migration Stage max 2)", "Preskill (several dims <3 artifacts × 0.5)", "Casado (3+ vendor tiles pqc=0 → migration_stage max 3)", "Hybrid gate FAIL → QRI cap 60" ], "qri": { "raw": 19, "after_caps": 19, "ci_plus_minus": 12, "band": 2, "band_name": "Acknowledged" }, "migration_stage": 0, "mosca_inequality": { "X_signature_shelf_life_years": "5-10 (NFTs can be long-dormant; user sigs mostly short-lived)", "Y_migration_time_years_range": "10-15", "Z_10pct_year": 2036, "Z_50pct_year": 2041, "danger_zone_at_50pct": true }, "four_scenario_grid": { "quantum_never": { "value_preserved_pct": 100, "privacy_preserved_pct": 100 }, "arrives_suddenly_pre_migration": { "value_preserved_pct": 10, "privacy_preserved_pct": 15 }, "arrives_slowly_post_migration": { "value_preserved_pct": 80, "privacy_preserved_pct": 70 }, "arrives_slowly_mid_migration": { "value_preserved_pct": 40, "privacy_preserved_pct": 35 } }, "burn_vs_rescue_policy": "undeclared", "pqc_washing_ratio": 1.1, "vendor_tile_summary": { "wallet": { "top3": [ "MetaMask", "Immutable Passport", "Argent" ], "pqc_roadmap_count": 0 }, "bridge": { "top3": [ "Immutable Bridge", "LayerZero", "Across" ], "pqc_roadmap_count": 0 }, "custodian": { "top3": [ "Coinbase Custody", "Fireblocks", "BitGo" ], "pqc_roadmap_count": 0 }, "rpc_hsm": { "top3": [ "Immutable RPC", "Alchemy", "QuickNode" ], "pqc_roadmap_count": 0 } }, "narrative_summary": "Immutable X is a StarkEx-based L2 Validium for NFTs/gaming. The STARK proof system is hash-based (FRI) and considered PQ-leaning at the proof layer, but user transactions still rely on ECDSA secp256k1 and no NIST-PQC signature scheme is deployed. Centralized operator controls upgrades. PQC washing risk: marketing sometimes describes STARKs as 'post-quantum' without qualifying that user sigs remain Shor-breakable.", "evaluator_notes": "Small dim1 credit for PQ-leaning STARK proof system. Important caveat: STARK PQ-security is not the same as user key security. Band 2 Acknowledged due to StarkWare's public PQ discourse, but no signature-layer PQC plan found.", "narrative_voiced": "Immutable X sometimes gets described as 'post-quantum' because its STARK proofs are hash-based. That is true of the proof. It is not true of the user's ECDSA secp256k1 signature, which is what actually moves the NFT. The label is doing more work than the cryptography." }