Horizen completed a full chain transformation in 2025: legacy ZEN PoW chain (Zendoo SNARKs, Schnorr signatures over BLS12-377 / Tweedle, POSEIDON hash, BW6 pairings, secure-node tier) was deprecated; ZEN migrated to ERC-20 on Base on 2025-07-23; Horizen relaunched as an EVM-native L3 on Base on 2025-12-10. The Horizen Confidential Compute Environment (HCCE), scheduled Q1 2026, uses TEE attestation for privacy, not PQ. Every classical primitive in scope (Schnorr/BLS12-377, BLS12-377/BW6, POSEIDON, Blake2s, secp256k1, Keccak-256) is Shor-breakable or Grover-weakened. No Horizen PQ roadmap published.
Summary
Horizen 2.0 is an EVM-native L3 on Base (mainnet 2025-12-10) following the 2025-07-23 ZEN ERC-20 migration; the legacy Horizen Zendoo PoW L1 (Ginger-lib SNARKs, Schnorr/BLS12-377, BW6 pairings, POSEIDON hash, Blake2s) is deprecated in favor of the relaunched architecture. The next milestone is the Horizen Confidential Compute Environment (HCCE), a TEE-based privacy compute layer scheduled for Q1 2026, confidentiality via hardware, not PQ. Every signing primitive in scope is Shor-breakable; every hash primitive is Grover-bounded. Mainnet-Traffic cap fires (5a = 0), Milestone-Discipline cap fires (5d = 0), Supply-Chain cap fires. Gates 1a-Sig and 1a-KEM both FAIL. The chain has demonstrated extreme architectural agility (full relaunch in 2025) but has not converted that agility into a PQ commitment. Long-tail residual exposure: unmigrated legacy ZEN balances on PoW addresses remain on classical Schnorr/BLS primitives. QRI 29, Band 3 Planning. Migration Stage 1.
What the gates say
- Gate 1a, Hybrid signature: FAIL , no documented hybrid signature composition on legacy ZEN or post-relaunch Horizen-on-Base
- Gate 1a, Hybrid KEM: FAIL , no PQ KEM hybrid for transport; HCCE TEE attestation uses classical ECDSA/RSA platform keys
- Gate 1b, Commit-to-hash: COND , no OR-composition declared
- Gate 2, Evidence reconstruction: PASS ,
- Gate 3, Primitive naming: PASS , Schnorr/BLS12-377, POSEIDON, Blake2s, BLS12-377/BW6, secp256k1 ECDSA, Keccak-256
Burn-vs-rescue policy on file
Declared option f, Undeclared. Horizen Labs has not published a position on dormant-balance handling for legacy ZEN PoW addresses or for ERC-20 ZEN on Base. The 2025-07-23 ERC-20 migration is a partial migration via claim portal, unclaimed legacy ZEN remains at unmigrated PoW addresses, exposed to the legacy chain's classical-Schnorr surface.
Seven dimensions
Each dimension scores 0–100 internally; the weighted roll-up produces the QRI.
1 Cryptographic Exposure weight 15% 37 / 100
Legacy chain (Sidechains-SDK + zen + EON) deprecated in favor of Horizen-on-Base L3 (2025-12-10 mainnet). HCCE not yet live.
Schnorr signatures (over BLS12-377 / Tweedle inside Ginger-lib), legacy Zendoo sidechain certificate authentication · POSEIDON hash (Ginger-lib SNARK-friendly hash) · VRF (Ginger-lib, BLS12-377-family curves) · BLS12-377 / BW6 (pairing curves in Ginger-lib zk-SNARK / Coboundary-Marlin construction) · Blake2s (hash-to-curve) · Merkle tree based on POSEIDON · secp256k1 ECDSA (ZEN ERC-20 on Base, post-2025-07-23) · Keccak-256 (Ethereum/Base hashing post-relaunch) · TEE attestation primitives (HCCE planned Q1 2026; specific TEE not publicly disclosed in evidence cutoff) Schnorr (BLS12-377 / Tweedle)→ Shor-break (DL on the underlying curve)BLS12-377 / BW6→ Shor-break-via-pairingsPOSEIDON hash→ Grover-weaken (algebraic hash; Tier 4 cryptanalytic maturity)Blake2s→ Grover-weakensecp256k1 ECDSA (ERC-20 ZEN on Base)→ Shor-break (DL)Keccak-256→ Grover-weakenTEE attestation (HCCE, planned)→ root-of-trust typically classical ECDSA/RSA (Shor-break) plus AES-GCM session keys (Grover-weaken)
Zero PQ-safe families deployed.
No NIST PQC-categorized primitive deployed. Classical primitives at standard 128-bit classical levels.
Library provenance: Ginger-lib (Horizen Labs in-house Rust); HorizenOfficial/Sidechains-SDK (legacy); ZEN node forked from Bitcoin/Zcash lineage. Post-relaunch inherits Base + OP Stack tooling. POSEIDON / lattice-algebraic hash is Tier 4 cryptanalytic maturity. Specific third-party Ginger-lib audits not consistently published. No machine-checked formal verification.
2 Quantum Recovery Exposure weight 10% 31 / 100
Pre-relaunch ZEN PoW chain used Bitcoin-style P2PKH/P2SH (secp256k1). Post-relaunch ZEN is ERC-20 on Base, every transferring account reveals secp256k1 pubkey on first transaction. EON sidechain (legacy) used standard ECDSA. All actively transacting accounts reveal pubkeys.
Horizen launched as ZenCash on 2017-05-30; ~108 months of historical balance accumulation. The 2025-07-23 ERC-20 migration to Base requires legacy holders to claim through a dedicated portal, meaning some legacy ZEN remains at unmigrated PoW addresses on classical primitives. Substantial dormant supply across both legacy and migrated states.
All historical Schnorr/BLS-pairing signatures inside Zendoo SNARKs and all secp256k1 ECDSA on the legacy chain + Base migration are post-Shor forgeable. No PQ attestation layer.
Legacy node P2P used Bitcoin-style transport (libsecp256k1 + AES). HCCE (planned Q1 2026) will use TEE attestation: TEE platform attestation typically uses RSA/ECDSA root-of-trust keys (Shor-break) and AES-GCM session keys (Grover-bounded). No PQ KEM hybrid documented.
3 Metadata, Anonymity & Confidentiality weight 13% 21 / 100
Pseudonymous transparent ledger on Base post-relaunch (ERC-20 ZEN). Legacy ZEN PoW chain was Bitcoin-style transparent. HCCE will offer encrypted-state computation in a TEE but is not yet live.
Post-relaunch ZEN trades on Aerodrome and Uniswap on Base; RPC concentration follows Base (Coinbase Cloud, Alchemy, Infura). Validator-metadata retention on Base is sequencer-level (Coinbase). No protocol-level retention policy for Horizen-specific contracts.
ZEN → Base ERC-20 migration via Horizen-operated claim portal; further cross-chain via standard Base bridges. Linkability between legacy ZEN PoW addresses and migrated ERC-20 holders is high (one-way mapping per claim).
Shor on the underlying curves (BLS12-377 / Tweedle / secp256k1) reconstructs all historical Schnorr signatures inside Zendoo SNARKs and all ECDSA signatures on the legacy + Base chain. Legacy POSEIDON-based primitives in Ginger-lib do not provide PQ confidentiality.
Legacy ZEN had no on-chain shielded transactions (forked Zcash but disabled shielded-pool functionality in mainline ZEN). Post-relaunch, no on-chain mixer or commit-reveal shuffle on Horizen contracts.
4 Migration Architecture weight 10% 38 / 100
Horizen has demonstrated extreme crypto-agility: full chain relaunch from PoW L1 to EVM L3 on Base (2025-12-10), removal of legacy Zendoo SNARK construction, and ERC-20 token migration via claim portal (2025-07-23). However, none of these moves involved PQ primitives, they were architectural pivots within classical cryptography. No published PQ-agility spec.
Inherits Base / Ethereum AA (EIP-7702 + ERC-4337). No Horizen-specific PQ AA path documented.
Multiple coordinated upgrades on legacy ZEN (Sidechains-SDK launch, EON sidechain mainnet October 2023). 2025-07-23 ERC-20 migration and 2025-12-10 Base mainnet relaunch shipped on stated schedule. No contested forks. The relaunch effectively deprecated the legacy chain, heavy-handed but coordinated.
No documented hybrid signature composition on legacy ZEN or post-relaunch Horizen-on-Base.
No stateful hash scheme deployed. Default 15/15 per v3.1 rule.
Legacy ZEN was a PoW chain (no BFT aggregation in the BLS sense). Post-relaunch, Horizen-on-Base inherits Base sequencer model + Ethereum L1 BLS12-381 settlement (Shor-break-via-pairings). No Horizen-specific PQ aggregation declaration.
5 Deployment Execution weight 22% 32 / 100
Zero. No PQC primitive in mainnet signing traffic on legacy ZEN or post-relaunch Horizen-on-Base.
No PQ primitive in HorizenOfficial/zen, HorizenOfficial/Sidechains-SDK, or post-relaunch Horizen-on-Base contracts.
Legacy ZEN PoW miners use SHA-256-based mining (no validator key registration). Post-relaunch, Base sequencer model, no PQ validator keys. EON sidechain validators registered classical keys.
5a = 0 → 5d voided. No dated PQC milestone with on-chain enforcement published by Horizen Labs.
Announced PQC: zero. Shipped PQC: zero. HCCE is positioned as privacy-via-TEE, not PQ. Narrative-honest absence.
No PQ signatures deployed → no footprint multiplier impact today.
6 Supply Chain Vendor Readiness weight 22% 15 / 100
Legacy: ZenCash wallet, Ledger HW (legacy ZEN app), Sphere by Horizen. Post-relaunch: MetaMask + Base-compatible wallets. None has a published Horizen-specific PQC roadmap.
ZEN → Base claim portal (Horizen-operated, one-way), standard Base bridges (canonical, LayerZero, Stargate). No PQC roadmap on any.
Legacy ZEN supported by Coinbase, Binance, BitGo. Post-relaunch on Base supported via standard Base custody. No Horizen-specific PQC migration timetable.
Post-relaunch RPC follows Base (Coinbase Cloud, Alchemy, Infura). HCCE (Q1 2026 plan) introduces TEE attestation chains as a first-class infrastructure dependency, Intel TDX / SGX / AMD SEV-SNP unspecified in public roadmap. TEE root-of-trust uses classical ECDSA/RSA platform keys. Score reflects HCCE's TEE introduction (a confidentiality-via-hardware claim, not PQ readiness).
7 Governance & Coordination weight 8% 45 / 100
Legacy ZEN: PoW mining concentration was modest; secure-node and super-node tiers added stake-like distribution. Post-relaunch on Base: settlement-side decentralization inherited from Base sequencer + Ethereum L1.
ERC-20 migration (2025-07-23) and Base mainnet launch (2025-12-10) shipped on schedule. EON sidechain mainnet (October 2023) shipped to schedule. No contested forks.
Horizen Labs is named coordination lead (Robert Viglione, founder). Foundation governance is community-driven via the ZEN-IP system. The HCCE roadmap is published with quarterly milestones.
Notable history: 2018 ZenCash 51% attack on the legacy PoW chain. The team coordinated a post-attack hard fork to add Modified Satoshi consensus checkpoints, demonstrating crisis-response coordination. (Classical-attack precedent, not PQ.)
No published rate-limit canary, no cryptographic tripwire, no Hourglass-equivalent.
X + Y vs Z, when does the math turn against you?
v3.1 demotes the X+Y vs Z timing test to a secondary signal, the headline output is Migration Stage. The timing test still answers the question: can this chain finish migrating before the threat lands?
Verdict
X+Y reaches 2034–2043, fully Outside risk window (vs Z25 2035) and Crisis Zone (vs Z10 2030)
Z-compliance
Outside NIST 2030 deprecation window (Schnorr/BLS-pairing legacy + secp256k1 ECDSA on Base)
Source-disagreement disclosure
v3.1 requires every chain card to publish material divergences among authoritative sources, plus the delta-QRI under alternative weighting.
Industry coverage describes Horizen as a 'privacy-focused chain,' which would invite the privacy-focused-chain scorecard profile (12% Dim 1 weight, Dim 2 5-sub-score breakdown, Dim 3 split into Anonymity + Confidentiality bands). LayerQu reads post-relaunch Horizen as an L1-relaunch-as-L3 transitioning toward TEE-mediated confidentiality (HCCE Q1 2026) rather than a cryptographic privacy chain in the Zcash/Aleo/Aztec sense. This scorecard uses the L1 profile per the v3.1 evaluation framework.
Delta-QRI under alternative weighting
Under privacy-focused profile, marginal change (±2) given absence of PQ primitives across all relevant sub-scores.
Announcement-to-shipped ratio
Announced: 0. Shipped: 0. Ratio: 0.
Tag: none, narrative-honest absence; HCCE is positioned as privacy-via-TEE, not PQ
Peers in the L1 profile
9 chains closest to Horizen by Stage then QRI.