What it is. Berachain is a young trading-focused blockchain, barely a year old, built for moving liquidity around between apps and run by a tight validator group that locks the same Ethereum-style account math as everyone else.
What we found. Its quantum readiness work has not started: there is no roadmap, no test version, no team assigned, and the crypto guarding every wallet and validator key is the kind a future quantum machine could unpick.
Why it matters. When a connected app got drained late in 2025 the validators halted the chain within hours, shipped a patched binary, and blocked the stolen tokens, so the same group that just proved it can act fast under attack has not yet pointed that reflex at the quantum problem coming for its funds.
Berachain's quantum posture is the inherited Ethereum-stack posture without any of Ethereum's PQ research investment surface. BLS12-381 at consensus, ECDSA secp256k1 at execution, Keccak-256 throughout, KZG commitments for blob DA. No public PQ working group, no PQ-equivalent BRIP, no testnet branch. The November 2025 emergency hard fork (Balancer V2/BEX exploit containment) demonstrates real coordination capacity, closest analogue to a future PQ-emergency rotation.
Summary
Berachain is an EVM-equivalent L1 that launched mainnet on 2025-02-06 using BeaconKit, a modular framework that runs a CometBFT-derived consensus layer beneath an Ethereum-CL-shaped API and pairs with the Bera-Reth execution client over the standard Engine API. Validator signing keys are explicitly BLS12-381 (cometbft/PubKeyBls12_381, 48-byte compressed pubkeys); user signing is ECDSA secp256k1 with Keccak-256 hashing inherited from the Ethereum stack; data-availability uses KZG commitments. Every active primitive is Shor-affected (pairings) or Grover-weakened. No PQ family is deployed; no foundation post-quantum statement, BRIP, working group, or dated milestone has been published. Inside ~15 months of mainnet life, Berachain executed Pectra hard fork (2025-06-04), Pectra11 (2025-08-06), an emergency hard fork on 2025-11-03 to contain the Balancer V2/BEX exploit (validators coordinated network halt; binary distributed; exploited tokens blocked), and Bectra (Q1 2026). Architecture-Execution Gap fires modestly (26). Adversarial-coordination credit is unusual for a 15-month-old chain. Gate 1a-Sig FAIL, Gate 1a-KEM FAIL. QRI 20, Band 2 Acknowledged numerically; qualitative posture is Band 1 Unaware given no PQ statement.
What the gates say
- Gate 1a, Hybrid signature: FAIL , no documented hybrid signature composition AND or OR for either user-side ECDSA secp256k1 or validator-side BLS12-381
- Gate 1a, Hybrid KEM: FAIL , validator p2p CometBFT noise/X25519 and RPC TLS terminate over classical KEMs only; no hybrid PQ KEM
- Gate 1b, Commit-to-hash: COND , no OR-composition declared; no 1a-Sig at all
- Gate 2, Evidence reconstruction: PASS , every sub-score has ≥3 public artifacts
- Gate 3, Primitive naming: PASS , BLS12-381, ECDSA secp256k1, Keccak-256, KZG commitments named with mechanism
Burn-vs-rescue policy on file
Declared option f, Undeclared. No published policy for QV-vulnerable balances under a future PQ rotation. The November 2025 emergency-fork precedent shows the chain can coordinate state-level mitigations under attack pressure (binary distributed; movement of exploited tokens blocked), no PQ-specific analogue declared.
Seven dimensions
Each dimension scores 0–100 internally; the weighted roll-up produces the QRI.
1 Cryptographic Exposure weight 15% 24 / 100
BeaconKit (modified CometBFT) + Bera-Reth (execution) over Engine API. No canonical foundation primitive inventory; reconstructed across BeaconKit docs, validator-lifecycle docs, Beacon API reference.
BLS12-381 (CometBFT validator pubkey type cometbft/PubKeyBls12_381, 48-byte compressed) at consensus · ECDSA secp256k1 (EVM tx signing) · Keccak-256 (EVM hashing) · KZG commitments (blob data-availability) ECDSA secp256k1→ Shor-break-via-DL-without-pairingsBLS12-381→ Shor-break-via-pairingsKZG commitments→ Shor-break-via-pairingsKeccak-256→ Grover-weaken (256→128 bit)
0 PQ. Classical-only (ECC, pairing-based ECC, Keccak).
No NIST PQC-standardized primitive deployed.
Standard Ethereum-stack libraries (libsecp256k1 via Bera-Reth's go-ethereum lineage; blst-family BLS12-381 from CometBFT validator-key handling). Releases GPG-signed (key ID B5690EEEBB952194). Schemes stateless. No Berachain-specific formal-verification artifacts. Cryptanalytic maturity tier 1.
2 Quantum Recovery Exposure weight 10% 17 / 100
Standard EVM EOA model: every tx reveals the secp256k1 pubkey, so every address with outbound history is Shor-vulnerable. Entire BERA / HONEY / BGT economic surface sits behind ECDSA secp256k1.
Mainnet 2025-02-06; ~15 months of cold-key accumulation at evaluation date. Smaller absolute exposed value than older EVM L1s, not a different threat model. Address-reuse patterns inherit Ethereum conventions.
All historical validator BLS12-381 attestations and user ECDSA secp256k1 sigs Shor-forgeable post-CRQC. No sig-rotation or hash-output migration program.
Validator p2p uses CometBFT's standard transport (Noise / X25519-class). RPC endpoints (Alchemy, QuickNode, Ankr, Dwellir, dRPC, Chainstack) over classical TLS with classical ECDH/RSA. No hybrid PQ KEM in the stack.
3 Metadata, Anonymity & Confidentiality weight 13% 18 / 100
Pseudonymous EVM (transparent tx graph; balances and call data fully visible by default). No native shielded pool.
Top-3 RPCs Alchemy / QuickNode / Ankr (Dwellir, Chainstack, dRPC also active); concentration high, similar to other EVM L1s. Mempool gossip observable via standard Bera-Reth interfaces. No published validator metadata-retention policy.
Native bridge is Stargate over LayerZero (live at mainnet launch, 12 supported source chains). Source-to-destination EOA trivially correlated. No anonymity-preserving bridging primitive.
No on-chain encryption-of-content or shielded-balance primitive, nothing private to retroactively de-anonymize at the protocol layer. Classical-curve dependence (secp256k1, BLS12-381) means future signed identity proofs or off-chain encrypted records anchored to chain pubkeys are Shor-recoverable.
No on-chain mix, shuffle, or commit-reveal mechanism.
4 Migration Architecture weight 10% 41 / 100
BeaconKit is explicitly modular ('a modular framework for building EVM consensus clients') on CometBFT with clean Engine API boundary to Bera-Reth. Cosmos SDK module pattern in principle allows a swappable signing module. Inherits Pectra-equivalent EL features (Bectra Q1 2026). No documented protocol path to switch validator sig scheme without a hard fork.
EVM-equivalent L1 inherits ERC-4337 + EIP-7702 semantics from Pectra/Bectra tracks. No documented client-layer PQC path. AA-only credit.
Inside ~15 months of mainnet life, Berachain has executed: Pectra hard fork (2025-06-04), Pectra11 hard fork (2025-08-06; gas stabilization, fixed block time, enshrined core mechanics), an emergency hard fork on 2025-11-03 to contain the Balancer V2 / BEX exploit (validators coordinated network halt; binary distributed; movement of exploited tokens blocked), and the Bectra hard fork in Q1 2026.
Modular CometBFT+EL design + Cosmos SDK lineage make a parallel/hybrid signing module conceivable. No announcement, no spec, no testnet branch references hybrid PQ.
Stateless-scheme default credit. Active sigs (BLS12-381, ECDSA secp256k1) stateless; no XMSS/LMS/leanXMSS state-reuse risk.
BeaconKit returns BLS signatures via Beacon API (/eth/v1/beacon/headers; sigs from CometBFT blockstore); pubkeys cometbft/PubKeyBls12_381. No published path (hash-based+SNARK / authenticated channels / staged checkpoints) declared for PQ-safe consensus aggregation.
5 Deployment Execution weight 22% 15 / 100
Mainnet PQC %: 0. No PQ-tagged signatures or KEMs in any mainnet code path.
berachain/beacon-kit releases through v1.x (Pectra11, Bectra), no merged PQC primitive (no ML-DSA, SLH-DSA, ML-KEM, Falcon, leanXMSS, hash-based aggregation).
Pubkey type cometbft/PubKeyBls12_381 per live Beacon API; 0% of stake/validators carry a PQ key.
VOIDED to 0 per v3.1 (5a = 0). Independent of the rule, no dated PQC milestone in foundation comms.
Trailing-12-month PQC announcements: 0. Shipped: 0. Ratio undefined; full credit (no washing).
Undisclosed; no foundation analysis of PQ sig/blocksize impact published.
6 Supply Chain Vendor Readiness weight 22% 10 / 100
Top-3 per foundation Connect-a-Wallet page + ecosystem coverage: MetaMask, Rabby, Ledger Live (Coinbase Wallet, Brave, Frame, Zerion also supported). No top-3 published, dated PQC roadmap in primary signing path.
Top-3: LayerZero (native stack), Stargate (built on LayerZero; native bridge front-end at launch), Wormhole (active in ecosystem). None publishes a PQC roadmap for production cross-chain messaging.
Top-3: Coinbase Custody, BitGo, Fireblocks (per common EVM-L1 institutional patterns + Fireblocks's published Berachain coverage; no foundation custody partner list). None has a production PQC custody flow.
Top-3 RPC: Alchemy, QuickNode, Ankr (Dwellir, Chainstack, dRPC also production-grade). HSM coverage inherits from generic EVM tooling (YubiHSM / AWS KMS). TEE attestation inherits underlying CPU vendor PQ posture. None publishes a Berachain-specific PQC plan.
7 Governance & Coordination weight 8% 40 / 100
Active set ~65 (BeraHub at evaluation date); ~250M BERA staked. Block-proposal probability proportional to stake share. No foundation-published Nakamoto coefficient. Single consensus client (BeaconKit), single dominant EL (Bera-Reth), limited client diversity.
Three coordinated upgrades (Pectra 2025-06-04, Pectra11 2025-08-06, Bectra Q1 2026) + one emergency fork 2025-11-03 (Balancer V2/BEX). November fork executed under live attacker pressure, validators halted network, binary rotated in to freeze exploited-asset movement. Strong coordination for a 15-month-old chain.
Berachain Foundation is the published coordinating body (X handle renamed January 2025). Co-founders Smokey The Bera, Dev Bear, Papa Bear, Man Bera under pseudonyms (Smokey public-facing, Consensus 2025 speaker). No PQ working group lead, no PQ migration mandate.
2025-11-03 emergency fork is a real-world precedent, validators paused, foundation distributed binary, attacker neutralized at the protocol layer. Closest analogue to a future PQ-emergency rotation.
No PQ canary, honeypot, rate-limit, or cryptographic tripwire in consensus. November 2025 fork shows reactive capacity, not pre-positioned tripwire.
X + Y vs Z, when does the math turn against you?
v3.1 demotes the X+Y vs Z timing test to a secondary signal, the headline output is Migration Stage. The timing test still answers the question: can this chain finish migrating before the threat lands?
Verdict
X+Y > 2035, Crisis Zone (vs Z10 2030); Outside risk window (vs Z25 2035)
Z-compliance
Outside compliance window for any operators required to meet NIST IR 8547 timelines
Source-disagreement disclosure
v3.1 requires every chain card to publish material divergences among authoritative sources, plus the delta-QRI under alternative weighting.
Foundation messaging describes BeaconKit both as an Ethereum consensus-layer specification implementation with Berachain modifications and as CometBFT-derived BFT consensus. Both are accurate (CometBFT sits beneath an Ethereum-CL-shaped API), but the framing affects whether observers expect Berachain to inherit Ethereum's PQ research direction (leanXMSS+SNARK) or the Cosmos-side direction (fragmented). LayerQu treats the BLS12-381 dependency as binding regardless.
Foundation docs and third-party trackers (BeraHub, Everstake) describe the active set, but a published Nakamoto coefficient is absent. Methodologies (raw stake share vs. infra-provider clustering) would produce materially different decentralization scores. We score 7a on raw counts.
Delta-QRI under alternative weighting
Under privacy-focused weighting, QRI would drop further given Dim 3 weight increase. Under rollup-L2 weighting, QRI would rise marginally. Under applied L1 weighting, QRI = 20.
Announcement-to-shipped ratio
Announced: 0. Shipped: 0. Ratio: 0.
Tag: none, no washing
Peers in the L1 profile
9 chains closest to Berachain by Stage then QRI.