The native signing primitive is named precisely (SLH-DSA per FIPS 205) and corroborated across the foundation site, official wallet docs, foundation press releases, independent research, and the FIPS 205 publication. Two deductions: the exact FIPS 205 parameter set (12 options: SHA2/SHAKE x 128/192/256 x small/fast) is not in any public primary source, and the internal hash instantiation and block-hash function are undocumented. A security-critical inventory should name the parameter set; it does not. (The Feb 2025 mainnet press release uses 'SPHINCS+'; later materials use 'SLH-DSA' - same scheme family.)

The entire native signing surface is PQ-safe: SLH-DSA (hash-based) carries no Shor-breakable signature primitive at the transaction or consensus layer. Deduction reflects (a) the lattice-confidence caveat on ML-KEM (though it is only wallet-backup scope) and (b) the inability to confirm Grover-resistance margins without the SLH-DSA parameter set.

On the deployed network exactly one PQ family is used at the signing layer: hash-based (SLH-DSA). Per the 1c rubric, '1 hash-only = 10'. ML-KEM (lattice) is present but at the wallet-backup layer, not the consensus/signing path, so it does not count toward deployed signing-layer diversity. Note: the lattice-monoculture Diversity Cap targets LATTICE-monoculture specifically; Quranium's deployed signing surface is HASH-based, which 1c treats as less fragile than lattice-monoculture (which is hard-capped at 5). The literal cap does not fire; the single-family single-point-of-failure concern is noted.

SLH-DSA is NIST-finalized (FIPS 205, 2024-08-13). Its NIST security category (1, 3, or 5) depends entirely on the parameter set (128 -> cat 1, 192 -> cat 3, 256 -> cat 5), which is undisclosed, so the deployed category cannot be confirmed. ML-KEM (FIPS 203) similarly maps to cat 1/3/5 by parameter (512/768/1024), also undisclosed. Credit is given for using NIST-finalized standards (not merely 'selected'); the deduction reflects the inability to pin the deployed security category for either primitive.

SLH-DSA and ML-KEM are NIST-finalized standards (cryptanalytic Tier 3 per the 1e rubric: NIST PQC standardized). Deductions: the L1 node implementation is NOT open-source (only example Solidity contracts and a Hardhat deploy script are public), no independent cryptographic audit of Quranium's SLH-DSA implementation is published, no machine-checked formal verification or constant-time posture is cited for the specific implementation, and the library provenance (whether liboqs / PQCA-derived or in-house) is undocumented. A hash-based signing scheme is implementation-forgiving relative to lattice timing leaks, but the absence of open code or an audit on a security-critical L1 is a material limitation.

Forge. Quranium native addresses sign with SLH-DSA (hash-based). Revealing an SLH-DSA public key on-chain does NOT enable Shor-based key recovery, because hash-based signatures are not broken by Shor. This inverts the active-key forgery risk that dominates ECDSA/Ed25519 chains. The forge-resistance is a property of the primitive and holds regardless of mainnet/testnet maturity. Deductions: the specific parameter set is undisclosed, so the precise long-horizon margin cannot be confirmed; the account model is EVM-style with 0x addresses where wallet-layer key handling is the residual surface; and the value-at-stake is lower than scored because the verifiable signing network is substantially a testnet.

Forge. Dormant/cold QRN balances sit on SLH-DSA (hash-based) addresses, which are Shor-resistant by construction. There is no dormant-P2PK-style quantum-exposure problem of the Bitcoin kind, and no 'N million coins at quantum-vulnerable addresses' figure exists because native addresses are quantum-safe by design. Deductions for the unconfirmed parameter set, the unexplained classical Monero-fork repo (not scored as live, but a latent inconsistency if ever connected), and the unverified production-mainnet status (cold-balance value is mostly testnet).

Forge. Historical Quranium transaction signatures are SLH-DSA (hash-based) and remain unforgeable post-Shor; signed messages rest on hash-based security. Deductions: long-horizon validity depends on the undisclosed SLH-DSA parameter set's symmetric-security margin under Grover and on the undocumented internal hash function; and the bulk of the historical signatures are testnet transactions on the foundation's own accounting.

Decrypt (HNDL). Validator-to-validator and RPC-to-client transport encryption primitives are NOT publicly specified (no documented TLS version, cipher suite, or hybrid PQ KEM at the transport layer). ML-KEM is used for QSafe wallet backups, not transport. Absent a documented hybrid PQ KEM in the core stack, harvested transport ciphertexts would be decryptable once Shor breaks the classical key exchange. Scored low (consistent with classical-transport chains) because no transport PQ protection is documented.

Anonymity. Quranium is an EVM-compatible, transparent ledger: sender, receiver, and amount are visible on the public QRN Scan explorer. Pseudonymous 0x addresses, comparable to Ethereum transparency. No native shielding, confidential transactions, or stealth addresses are documented on the main chain. (The unexplained Monero-fork 'private' repo is not a deployed feature of this chain.)

Anonymity. RPC/explorer infrastructure (QRN Scan; docs.qrnscan.com returned 403 at research time) and node operation appear foundation-operated; the validator set size and distribution are not publicly disclosed, and no validator metadata-retention policy is published (zero credit on that component per the 3b rubric). The chain does not depend on the Infura/Alchemy oligopoly (it is independent), but with no published node/RPC concentration data and an undeclared retention policy, only partial credit on the gossip-observability component is defensible.

Anonymity. Quranium is a young independent chain with its own native coin (QRN); no live PQ-safe bridge to external chains is documented, and QSafe's multi-chain support routes to external chains via their own native signing (a wallet feature, not a bridge with shared bookkeeping). The cross-chain correlation surface is therefore small by isolation rather than by deliberate privacy engineering; scored moderately as low-exposure-by-isolation.

Confidentiality. This is a relative strength: Quranium uses no discrete-log/EC privacy primitives at the native layer (no ElGamal ring signatures, no EC zk-SNARKs), so Shor does NOT retroactively de-anonymize Quranium history at the cryptographic layer the way it would for an EC-based shielded chain. The de-anonymization that remains is the ordinary transparency of a public EVM ledger (already visible, not Shor-dependent). Not full credit because Quranium offers no positive confidentiality layer to protect in the first place.

Anonymity. No on-chain mixer, no commit-reveal shuffle, no cMix/mixnet infrastructure, no batch-ordering is documented for the live chain. The unexplained Monero-fork repo (CryptoNote ring signatures) is not connected to the main chain by any public source and is not credited here.

No formal crypto-agility mechanism (versioned signature types, in-protocol algorithm switch) is publicly documented for changing the SLH-DSA parameter set or adding a second scheme without a hard fork. The chain is EVM-compatible, so contract-level verifier logic is in principle available, but no spec or governance process for primitive changes is published. Partial credit only.

Quranium is EVM-compatible, so ERC-4337 / EIP-7702 account-abstraction patterns are in principle available, and QSafe is a self-custody wallet with SLH-DSA signing + ML-KEM-backed backup/recovery (a documented key-backup mechanism). Deduction: no DEPLOYED PQ client-layer migration path with active mainnet tx volume distinct from the native signing is documented, AA support is inherited EVM capability rather than an exercised PQ-migration flow, and per-user key-rotation primitives are not specifically documented.

Track record is thin and partly unverifiable. The foundation describes a sequence (Public Node Sale Dec 2024; mainnet-launch claim Feb 2025; 'Convergence Layer' testnet May 2025; a foundation-docs 'Core Layer' PoS mainnet with the L2 'Crust Layer' still in development), but no single coordinated mainnet consensus upgrade is reconstructible from public primary sources, the consensus label is itself in conflict (PoW vs PoS vs PoR/BlockDAG), and there is no public improvement-proposal registry. A single young, partly-testnet chain with no reconstructible coordinated mainnet upgrade is a thin positive.

Quranium is explicitly PURE post-quantum and markets 'no dependency on legacy cryptography' as a feature; it cannot ship a classical+PQ hybrid composition because it has no classical scheme to compose with. Under the v3.1 hybrid-mandatory framing this scores low - the dimension rewards classical+PQ co-signing readiness, which Quranium by design does not pursue. Tension noted (as with other PQ-native chains).

Quranium deploys SLH-DSA, a STATELESS hash-based scheme, so per the 4e rubric ('chains using only stateless schemes... score full 15 by default') this sub-score is full credit. The chain's public materials explicitly cite the stateless property (vs stateful XMSS/LMS) as the reason for choosing SLH-DSA. The Stage-5 stateful-hash 90-day-operational-record prerequisite does NOT apply.

N/A. On every consensus reading in the sources (PoS Core Layer per the foundation docs, the PoW characterization in independent coverage, or the PoR/BlockDAG Crust L2), the validator/transaction signing primitive is SLH-DSA (a PQ-safe hash-based scheme). The foundation docs explicitly state SLH-DSA replaces BLS at the consensus layer, so there is NO Shor-vulnerable BLS aggregation or pairing/threshold scheme to assess - the 4f concern does not apply. 4f weight (20) redistributes across 4a-4e. Dimension score = (7+10+6+3+15)/80 * 100 = 51.25 -> 51.

Mainnet PQC-traffic credit is largely WITHHELD. The 5a rubric measures '% of MAINNET signing traffic on PQC primitives'. The independently verifiable, transaction-bearing PQC-signing network is a public TESTNET (the May 2025 'Convergence Layer'); the foundation's own homepage reports the activity as '~1.8M+ Testnet Transactions', and an independent research review describes the project as pre-mainnet. A foundation press release (Feb 13 2025) claims a mainnet launch and the foundation docs describe a 'Core Layer' PoS mainnet, with a genesis block hash referenced on the public explorer (a client-rendered SPA whose contents are not reconstructible from static HTML), but no public primary source establishes a reconstructible mainnet PQC-traffic share. Credit (7/25) reflects: a verifiable PQC-signing primitive operating at scale on a public testnet, plus a foundation mainnet claim - but NOT a reconstructible '~100% mainnet PQC traffic' share. The prior 23/25 (based on '~100% native mainnet traffic') is corrected; the assertion that the mainnet-traffic cap does not fire on those grounds is withdrawn.

SLH-DSA verification is operating on a public network (testnet, plus a claimed mainnet) - the on-chain signing primitive is externally observable via the explorer, which is more than a design document. However the L1 node implementation is NOT open-source (the public GitHub org contains only Solidity example contracts, a Hardhat deploy script, a qsafe-download repo, and unexplained Monero/Trezor forks), so the merged PQC consensus-client code cannot be inspected, measured, or independently verified, and the network it runs on is substantially a testnet. Scored low.

The foundation docs describe a Proof-of-Stake 'Core Layer' (validators signing under SLH-DSA, which the docs say replaces BLS), and the May 2025 'Convergence Layer' testnet provides the verifiable signing activity; the consensus label is otherwise in source conflict (PoW vs PoS vs PoR/BlockDAG). Validator-PQC-key-adoption on a verified production mainnet cannot be reconstructed: the validator set size, distribution, and the share actively using PQC keys are NOT publicly disclosed on any path. Minimal credit for PQ-by-construction signing; the low value reflects the undisclosed validator data and the testnet basis of the verifiable deployment.

NOT voided. Quranium publishes named, dated milestones: Public Node Sale (Dec 2 2024), claimed mainnet launch (Feb 13 2025), Convergence Layer TESTNET + QSafe Wallet (May 2025), and subsequent ecosystem launches. Deductions: milestones are product/ecosystem launch dates rather than protocol-enforced flag-days or consensus-bound sunset dates; there is no published improvement-proposal registry; and the network the milestones back is substantially a testnet, with the mainnet milestone itself in source-conflict (see source_disagreement).

Announced-vs-shipped ratio ~3.0 (-> the 10-point Dim 5 deduction applies and the >2.0 washing threshold is crossed). Shipped and verifiable: SLH-DSA signing on a public testnet and QSafe ML-KEM-backed backups. Materially over-framed: the network has been publicly described as a 'live mainnet' while the verifiable PQC network is a testnet and an independent source calls the project pre-mainnet; the headline ~1.8M+ figure is a TESTNET figure; '70+ networks' (external chains use their own ECDSA/Ed25519; QSafe is a multi-chain wallet, not a multi-chain PQC upgrade); '110+ MOUs' / large partner figures (business-development claims); and the Trezor-firmware fork (public, last updated Jul 2024, no shipping confirmation). The core signing claim is real and on-chain-verifiable; the deployment-maturity and ecosystem framing outrun shipped reality. Below the 5.0 narrative-only threshold.

Deployment cost weakness. SLH-DSA signatures are large: per the published FIPS 205 sizes, SLH-DSA-SHA2-128s = 7,856 B (~123x the 64-byte Ed25519 baseline), and other parameter sets range up to 49,856 B (SLH-DSA-256f) - placing Quranium at or beyond the >38x band. Because the exact FIPS 205 parameter set is undisclosed, the precise multiplier cannot be pinned, but every SLH-DSA parameter set sits at the high end of the multiplier scale. No SNARK aggregation, data-availability offloading, or batching to reduce the effective per-block multiplier is documented. Scored 3/20: a non-zero floor only because the heavy footprint is the honest cost of strong hash-based PQ security on a transparent EVM ledger; the raw bytes-per-signature is worst-case.

Quranium's first-party wallet is PQ-native by construction: QSafe (browser extension) signs native QRN transactions with SLH-DSA and encrypts recovery-phrase backups with ML-KEM (confirmed on the wallet site). Scored above the set norm because the primary wallet IS quantum-safe rather than carrying a 'PQC roadmap'. Deductions: the wallet's cross-chain support for external networks (BTC/ETH/Solana) uses those chains' classical ECDSA/Ed25519 (not a PQC upgrade), there is no broad third-party (MetaMask/Phantom-class) ecosystem, and the SLH-DSA/ML-KEM parameter sets used by the wallet are undisclosed.

No live PQ-safe bridge to external chains is documented. Quranium is not integrated with LayerZero, Wormhole, Axelar, or CCIP as a PQ-safe bridge, and none of those bridge vendors publish a Quranium-specific PQC roadmap. Cross-chain movement is via QSafe's multi-chain wallet (classical signing on the destination chains) or, presumably, centralized exchanges. Worst tile alongside custodian/infra - a primary driver of the Supply-Chain cap.

No institutional custodian (Anchorage, BitGo, Fireblocks) is publicly named for QRN, and none publishes a Quranium-specific PQ custody roadmap. Per the Dim 6 6c rubric, SLH-DSA is flagged as unlikely to ever have efficient MPC (contrast ML-DSA, which is MPC-amenable), so a custodian-MPC path for Quranium's pure-SLH-DSA signing is structurally hard and is not documented. Minimal institutional-custody footprint.

RPC/explorer infrastructure (QRN Scan) appears foundation-operated; no top-3 third-party RPC provider publishes a Quranium-specific PQC roadmap. A 'trezor-hardware' firmware fork exists under the project GitHub org (last updated Jul 10 2024) but no press release or documentation confirms a shipping Quranium-Trezor hardware-wallet integration, so HSM/hardware support is unconfirmed. No TEE attestation chain is documented. With bridge, custodian, and infra all low, the dimension is capped by its weakest tiles - this fires the Supply-Chain cap (3 of 4 tiles lack top-3 vendor PQC roadmaps -> Migration Stage <= 3).

The 'Convergence Layer' testnet and the foundation-docs Proof-of-Stake 'Core Layer' both imply a validator set, but the validator count, stake distribution, Nakamoto coefficient, and client diversity are NOT publicly disclosed on either the testnet or the claimed mainnet. With no public concentration data on a young foundation-launched chain, only minimal credit is defensible; the absence of any validator-distribution disclosure is itself a governance-transparency weakness.

A cadence of product/network launches exists (Node Sale Dec 2024; mainnet claim Feb 2025; Convergence Layer testnet May 2025; subsequent ecosystem launches), but no single corroborated coordinated MAINNET consensus upgrade is reconstructible, and no fork has been coordinated under live adversarial/time pressure. Moderate-to-thin cadence for a young chain; the high-stakes coordination test under attack pressure is absent.

Clear named coordination lead: the CEO and co-founder is publicly identified and quoted across press releases; a Co-CTO and Chief Product Officer are named on the official team page; a publicly listed advisory board includes a recognized cryptographer (the founder of a privacy-network project), a former head of an international IP organization, and named industry advisors; the project reports a Swiss-association structure. Strong, transparent leadership identification. Deductions: a named COO is not listed on the current team page (contra a prior reading), there is no named PQC working-group lead distinct from corporate leadership, and the coordination structure is a centralized startup rather than an open foundation with a published technical mandate.

Quranium's thesis is proactive PQ defence (PQ-native from genesis), a positive structural signal, but it has NOT executed a cryptographic migration under live adversarial pressure - there has been no attack-driven emergency fork. The proactive posture is credited modestly; a true adversarial-coordination precedent is absent.

No canary, honeypot, rate-limit spending rule, or cryptographic tripwire is documented in Quranium's consensus or governance materials. Scored 0 per the rubric, with the note that the canary mechanism is less relevant to the forge threat because the native signing layer is already hash-based and Shor-resistant.