AZTEC · privacy-L2 · QRI 21 · BAND 3 Planning Hybrid FAIL · Stage 0 · Washing 1x

Aztec is the only privacy chain in the batch, and that is where quantum hurts most. Every shielded transaction uses UltraPLONK over BN254, and when BN254 falls to Shor, the privacy does not just stop working forward. It retroactively stops having worked. The chain that forgets becomes the chain that confesses.

inLinkedIn XPost ▼Scorecard JSON ⇆Compare Verified 2026-04-18

Summary

Aztec is the only privacy-L2 in batch. UltraPLONK over BN254 curve provides privacy proofs; all historical shielded txs retroactively de-anonymizable when Shor breaks BN254. AES-GCM note encryption is PQ-safe but DH key exchange is not. Chaum-framed privacy disaster: privacy evaporates retroactively under CRQC. No PQC migration path documented; would require fundamental ZK proof system replacement.

What the gates say

Hybrid: FAIL. No hybrid plan on file.
Evidence: PASS. Sources reconstructable by third party.
Primitive naming: PASS. Named primitives at every scored sub-level.

Burn-vs-rescue policy on file

undeclared

Seven dimensions

Each dimension scores 0-100 internally; the weighted roll-up produces the QRI on the left. Open a row to read the sub-score detail.

1 Cryptographic Exposure 32 / 100

1a_primitive_inventory 14 / 20

UltraPLONK/BN254 for all privacy proofs. Noir language compiles to BN254 arithmetic circuits.

Primitives: ECDSA secp256k1 (user auth) · UltraPLONK over BN254 (ZK proof system) · Poseidon (ZK-friendly hash) · AES-GCM (note encryption) · SHA-256

Evidence: docs.aztec.network · aztec.network

1b_shor_grover_pq_tag 14 / 20

Evidence: docs.aztec.network

1c_algorithm_family_diversity 0 / 20

No PQC families deployed. Privacy primitives are ECC-based.

1d_nist_security_category 0 / 20

No NIST PQC

1e_implementation_quality 4 / 20

Evidence: github.com

2 HNDL Exposure 22 / 100

2a_active_key_exposure 5 / 20

Account keys in encrypted notes (AES-GCM); private keys never on-chain.

2b_cold_key_exposure 5 / 20

Mainnet ~4 months. Limited history.

2c_signature_longterm_validity 5 / 20

ECDSA sigs + UltraPLONK proofs all Shor-breakable.

2d_encryption_confidentiality 7 / 20

AES-GCM for note encryption is PQ-safe. Key exchange to AES uses Diffie-Hellman over BN254 curve — Shor-breakable, so retrodecryption of historical notes possible.

3 Metadata & Privacy Exposure 35 / 100

3a_tx_graph_visibility 12 / 20

Mixed privacy — private function calls are shielded; public function calls visible. Best current privacy-L2 on Ethereum.

3b_rpc_mempool_concentration 8 / 20

Aztec Connect sequencer was centralized; new mainnet has 3,400+ sequencers, 185+ operators — decentralized sequencing from day one.

3c_cross_chain_bridge_correlation 8 / 20

L1 bridge visible; privacy leaks on deposit/withdraw correlation.

3d_retroactive_deanon_risk 7 / 20

CRITICAL: all historical shielded txs based on UltraPLONK/BN254. Shor-break means EVERY historical private tx retroactively de-anonymized. This is Chaum's specific warning.

4 Migration Architecture 52 / 100

4a_crypto_agility 12 / 20

ZK proof system swap is expensive (would need to replace UltraPLONK + BN254 curve). STARK/FRI-based PQC migration possible but architecturally significant.

4b_account_abstraction_key_rotation 18 / 20

Native AA from day one — signature scheme upgradeable per account.

4c_hard_fork_track_record 12 / 20

Very new mainnet. Limited track record.

4d_hybrid_deployment_readiness 10 / 20

Hybrid path would require hash-based / FRI-based / STARK proof system alongside UltraPLONK — substantial work.

5 Deployment Execution 5 / 100

5a_mainnet_pqc_pct 0 / 20

no public artifact found

5b_pqc_code_in_client 0 / 20

no PQC code in Aztec client or barretenberg

5c_validator_pqc_adoption 0 / 20

Sequencers use ECDSA; no PQC keys

5d_published_milestones_count 3 / 20

ZKnox PQ-precompile research references exist but not Aztec roadmap

5e_pqc_washing_delta 2 / 20

No Aztec-specific PQC announcements

6 Supply Chain Vendor Readiness 7 / 100

6a_wallet 2 / 20

6b_bridge 2 / 20

6c_custodian 2 / 20

6d_rpc_hsm 1 / 20

7 Governance & Coordination 50 / 100

7a_validator_stake_distribution 15 / 20

3,400+ sequencers, 185+ operators from day one — strong decentralization.

7b_upgrade_cadence_under_pressure 10 / 20

Too new for track record.

7c_named_coordination_lead 15 / 20

Aztec Labs (Zac Williamson, Joe Andrews).

7d_adversarial_coordination_precedent 10 / 20

No precedent. Aztec Connect sunset in 2023 demonstrated decommissioning capability.

The X + Y vs Z inequality

X (data shelf life): infinite for historical private txs (privacy chain; Shor-retrodecryption devastating)

Y (migration time): 10-15

Z10 (10% CRQC year): 2036 · Z50 (50%): 2041

Verdict: X+Y > Z (danger).

Four-scenario grid

Scenario	Value preserved	Privacy preserved
quantum never	100%	100%
arrives suddenly pre migration	15%	0%
arrives slowly post migration	70%	30%
arrives slowly mid migration	40%	10%

Peers in the privacy-L2 profile

Order-book view of the 5 chains closest to Aztec by QRI.

Public artifacts used for this scorecard

Each entry below is a sub-score citation. Clicking the link takes you to the public source. A third party should be able to reconstruct every number on this page from these URLs in 48 hours.

Cryptographic Exposure · 1a_primitive_inventory

UltraPLONK/BN254 for all privacy proofs. Noir language compiles to BN254 arithmetic circuits.

Cryptographic Exposure · 1b_shor_grover_pq_tag

https://docs.aztec.network

Cryptographic Exposure · 1e_implementation_quality

https://github.com/AztecProtocol

Supply chain snapshot

wallet Obsidion · Azguard · MetaMask 0 PQC roadmaps

bridge Aztec L1 bridge 0 PQC roadmaps

custodian Copper · Fireblocks · Anchorage 0 PQC roadmaps

rpc_hsm Aztec official RPC · community sequencers 0 PQC roadmaps

A chain's supply chain cannot migrate faster than its slowest dependency. Zero PQC roadmaps in any of the four categories is a structural blocker, not a lagging indicator.

Analyst notes on the scoring

Highest metadata privacy score in batch by design (3a=12) but 3d score (retroactive de-anon) reflects the existential privacy threat. Scorecard profile weights metadata at 25%. Aztec's existence justifies privacy-L2 scorecard as methodology class.

Scorecard metadata

Profile: privacy-L2
Scored: 2026-04-18 by layerqu-v2-scoring-agent-1
v1 reference: chainscreen-v1-archive
QRI raw: 21 · after caps: 21
Confidence interval: ±10
PQC washing ratio: 1x
Burn-vs-rescue: undeclared

Caps triggered

mosca_cap_60
sutor_stage_cap_2
casado_stage_cap_3
preskill_half_dim5_dim6
hybrid_gate_fail_cap_60