Inventory is named per-spec but not consolidated, a reader assembles it across SIP-021, SIP-025, c32check repo, and Hiro docs. Two points deducted for fragmentation.

0 families. Every signature primitive in active use is a discrete-log construction over secp256k1.

No NIST PQC primitive deployed, no NIST PQC primitive in any merged spec or testnet branch.

Clarity smart-contract language is decidable-by-design but this concerns contract-level safety, not chain signature-scheme implementation quality. stacks-core uses standard Rust libsecp256k1-derived bindings. No Formosa-Crypto / Libjade machine-checked implementations of any chain-internal primitive. Stateless. Cryptanalytic tier 1 for ECDSA secp256k1, SHA-256, RIPEMD-160, Schnorr/WSTS (WSTS as a threshold-signing protocol is a 2023-era construction with academic security analysis).

Stacks transactions and PoX participation reveal the secp256k1 public key on first signed action. Stackers explicitly register block-signing keys when they stack or delegate-stack, signer keys are revealed by definition. Active-trader / active-stacker addresses are Forge-vulnerable post-Shor on the same horizon as Bitcoin's revealed-pubkey set.

Stacks addresses are c32check-encoded HASH160 (RIPEMD-160(SHA-256(pubkey))), the same protection Bitcoin's P2PKH addresses use. Cold STX addresses that have never broadcast a transaction retain hash-protection: pubkey is not on-chain until first spend. Post-quantum ceiling for HASH160 is ~80-bit Grover-vs-RIPEMD-160.

Historical Stacks transactions (genesis 2021-01-14) signed under ECDSA secp256k1 are stored permanently. Post-Shor, every historical signature is forgeable. PoX block commits on Bitcoin L1 are signed under ECDSA secp256k1 by miners. Nakamoto-era blocks (post-2024-10-29) carry an additional Schnorr WSTS aggregate from Stackers, also Shor-vulnerable.

Stacks node P2P transport (per SIP-003) and public RPC surfaces (Hiro API, public node endpoints) use standard TLS and standard libp2p / chain-specific P2P framing. No documented hybrid PQ KEM. Bridge surfaces (sBTC peg WSTS coordination) use signer-to-signer encrypted channels described in SIP-025 / WSTS docs without specifying hybrid PQ KEM.

Pseudonymous (Bitcoin-class). All Stacks transactions are public, sender, recipient, STX amount, contract calls, function arguments, post-conditions all transparent. Stacks addresses link directly to Bitcoin addresses via shared HASH160, cross-chain pseudonym linkage is structural, not statistical.

Top-3 RPC concentration: Hiro Systems operates the dominant public Stacks API (api.hiro.so) and provides the reference Stacks node infrastructure; block explorers similarly concentrated. No published distribution table. Mempool gossip: standard public mempool. Validator metadata retention policy: undeclared.

sBTC is the primary bridge in Stacks's economic gravity (Bitcoin → Stacks). The 14-of-15 federated WSTS signer set produces a single Schnorr aggregate signature on Bitcoin L1 to release/lock pegged BTC. Withdrawals (Phase 2, live since end-April 2025) similarly correlate. Composite linkability high.

Post-Shor, every revealed Stacks pubkey can be inverted, every historical ECDSA signature can be forged, every historical Schnorr WSTS signer-aggregate can be deconstructed if signer pubkeys were revealed. A future analyst with a CRQC and full chain history can identify which actor controlled which address, then cluster cross-chain Bitcoin holdings via the shared HASH160 mapping.

L1 profile uses 4 sub-scores for Dim 3; this entry not scored.

Stacks has a SIP-driven hard-fork mechanism (SIP-015 Stacks 2.1 PoX upgrade; SIP-021 Nakamoto activated at Bitcoin block 867,867 on 2024-10-29). Swapping the signature scheme is a consensus-breaking change requiring SIP ratification and coordinated activation. Tx-authorization is tightly coupled to Bitcoin compatibility (HASH160 addresses share Bitcoin pubkey-hash format). No verifiable production instance of a cryptographic-algorithm switch in the last 5 years.

No ERC-4337-style account abstraction, no EIP-7702-style native AA. Multisig supported (SIP-027 covers non-sequential multisig). Clarity contracts can implement custom auth logic at the smart-contract level, but underlying tx-authorization to the protocol remains ECDSA secp256k1. Key rotation: not native, a user 'rotating' effectively transfers funds to a new address.

Coordinated forks delivered: SIP-015 (Stacks 2.1, 2022-12); SIP-022/023 (emergency PoX fixes, 2023); SIP-021 (Nakamoto, activated at Bitcoin block 867,867 on 2024-10-29). Nakamoto delays demonstrate the coordination cost of PoX-anchored upgrades: each window slip required re-aligning Bitcoin block targets, signer onboarding, and stacker re-registration.

A hybrid signature path on Stacks would require either a new tx-authorization type alongside existing standard / multisig types plus a Clarity-language extension for PQ-pubkey-hash derivation, or a parallel chain-state with PQ-only addresses. Neither has a published spec, testnet branch, or SIP draft.

No stateful hash-based signature scheme deployed. All current primitives (ECDSA secp256k1, Schnorr WSTS over secp256k1, SHA-256, RIPEMD-160) are stateless. Default full-credit per v3.1 rule.

Stacks's Nakamoto consensus uses WSTS over secp256k1 for block-signing, a Schnorr aggregate (not BLS), but functionally aggregating ≥70%-by-stake signer commitments into a single signature, putting Stacks in 4f scope. Replacing WSTS-Schnorr with a PQ-aggregating equivalent is non-trivial: candidate paths exist in research but none is declared, specified, or testnet-staged for Stacks consensus.

0% of Stacks consensus or transaction-authorization traffic uses PQ primitives. No PQ-signed blocks, no PQ-authenticated transactions, no PQ-pegged sBTC operations.

stacks-core (the reference consensus client, Rust) has no merged PQ-primitive code. No SLH-DSA, ML-DSA, ML-KEM, Falcon, or any other NIST-PQC primitive in the consensus path.

0% of stackers / signers operate PQ keys. Nakamoto signer registration explicitly registers secp256k1 block-signing keys.

VOIDED per v3.1 since 5a = 0.

Trailing-12-month PQ announcements: 0. Shipped PQ on mainnet: 0. Ratio undefined; tag 'no narrative, no shipping.' No announcement-to-shipped because no PQC narrative to wash.

No PQ primitive deployed, no measured PQ-signature-bytes-per-block on Stacks mainnet, no published analysis of hypothetical PQ migration cost.

Top-3 Stacks wallets by user volume: Leather (formerly Hiro Wallet), Xverse (multi-chain Bitcoin/Stacks), Asigna (multisig-focused). PQ-roadmap status: zero public PQ posture from any of the three. All three sign Stacks transactions via standard secp256k1.

Top bridges: sBTC (the native federated peg, 14 elected signers, Asymmetric Research, Blockdaemon, Chorus One, Kiln, ALUM Labs, Bitcoin L2 Labs, and additional confirmed signers per SIP-028 onboarding); Wormhole. PQ-roadmap status: sBTC operates on WSTS-Schnorr-secp256k1, no PQ path declared. Wormhole has no public PQ roadmap for Stacks.

Custodians offering STX / sBTC custody include BitGo, Copper, and (per market evidence) some signer-operator entities double as institutional custody (Blockdaemon, Chorus One). PQ-readiness: no PQ-MPC product publicly available for Stacks-specific keys.

RPC: Hiro Systems is the dominant API provider (api.hiro.so); Ankr offers Stacks RPC. PQ-roadmap from RPC providers for Stacks: none published. HSM: standard HSMs used by signer-operators and custodians without PQ-key support for the secp256k1 keys they protect. TEE: not a documented part of the standard Stacks node operator set.

Nakamoto reduced the active block-producing set to a more concentrated stacker-signer pool than the pre-Nakamoto miner set; current operating signer count approximately 37 (per Stacks Q3 2025 / H1 2025 ecosystem briefs). Top stackers concentrate a meaningful share of total stacked STX; 70% of stacked STX is the signing threshold for block finality. Single client implementation (stacks-core, Rust).

Coordinated forks: SIP-015 (2022), SIP-022/023 (emergency PoX fixes, 2023), SIP-021 (Nakamoto activation 2024-10-29). Nakamoto required multiple schedule slips (April-29 → August-28 → October-29 windows). Emergency-fix track record (SIP-022/023) demonstrates capacity for hot-patches.

Named coordination structure: Stacks Foundation (foundation entity, distributes grants and coordinates SIPs), Hiro Systems (primary protocol-development entity, employs core stacks-core authors). SIP process is published (SIP-000) with named SIP editors, technical/governance/economics CABs, and a Steering Committee. No published PQC working group, no named PQC migration lead.

Stacks has not yet been forced to coordinate a cryptographic algorithm change with an active adversary. Emergency PoX fixes (SIP-022/023) were coordinated under economic pressure but not under active cryptographic attack. Bitcoin-anchored finality means Stacks has, in effect, never had to handle a Stacks-only adversarial scenario.

No published canary, honeypot, rate-limited spending rule, or cryptographic tripwire for quantum-attack detection at consensus or sBTC-peg level.