Methodology v3.1.0
The framework scores the chains in the LayerQu evaluation set on their readiness to keep working after a cryptographically relevant quantum computer arrives. The headline output is Migration Stage on a 0 to 5 scale. The secondary output is the Quantum Readiness Index (QRI), 0 to 100. Each chain is also flagged against five gates and six caps that surface specific failure modes a non-cryptographer can read at a glance.
v3.1.0 is the third revision of the framework, ratified 2026-05-01. It supersedes v3.0 (ratified 2026-04-24) and v2 (2026-04-17). The change log is at the bottom of this page.
Two structural changes matter most. First, Migration Stage replaced QRI as the headline because architectural elegance is not deployment, and a chain can score well on paper while shipping nothing observable on mainnet. Second, Dimension 2 was split into Forge (signature forgeability after Shor) and Decrypt (recovery of harvested ciphertext after Shor) because the two threats have different timelines and different mitigations. Dimension 3 was split into Anonymity and Confidentiality subtotals for privacy-focused chains because a chain can hide the transaction graph while leaving every encrypted note exposed under Shor. Two new gates were added around hybrid composition, which is the only deployment pattern that survives a CRQC during transition.
Six principles
- Public artifacts only. GitHub commits, governance proposals, audit reports, conference talks, peer-reviewed papers, foundation blogs. No private interviews on the scoring path.
- Primitives named, not categories. Not "signatures." ECDSA over secp256k1. Not "ZK." Halo2-KZG over BN254 (PSE / pairing-based) versus Halo2-IPA over Pasta (Zcash-style, non-pairing); the distinction matters for Shor exposure.
- Hybrid is mandatory. Stage 5 is hybrid-PQ, not pure-PQ. A pure-replacement migration that depends on a single PQ family is a single point of failure, and the standardisation track has revisable cryptanalysis. Hybrid composition is the design that survives classical and quantum adversaries during transition.
- Stage over QRI. A chain can be architecturally elegant and operationally absent. Migration Stage measures what has shipped; QRI measures what could ship.
- Washing discount. Chains that talk more than they ship get penalized, not rewarded. The ratio of announcements to shipped code is published explicitly.
- Independence. No paid listings, no sponsored upgrades, no chain foundations on the reviewer list. The framework is the framework regardless of who is reading.
Migration Stage 0 to 5, the headline output
The single number a non-cryptographer should read on a chain page. Stage answers: what has actually shipped?
| Stage | Label | Test |
|---|---|---|
| 0 | Unaware | No public foundation statement on PQ posture; no plan; no spec. |
| 1 | Acknowledged | Public statement of intent; no architecture; no code. |
| 2 | Architected | Spec ratified or PQ code merged into client; mainnet feature-flagged off acceptable. |
| 3 | Piloted | Real PQ primitive signing real protocol data on mainnet, opt-in or parallel; not majority. |
| 4 | Hybrid shipped | Hybrid composition (Gate 1a-Sig PASS) on mainnet with non-trivial traffic. |
| 5 | Hybrid majority | Majority of mainnet traffic under hybrid PQ; classical sunset declared and dated. |
Caps reduce maximum Stage. Milestone-Discipline Cap pulls Stage to 2 if 5d (published dated milestones) is voided. Supply-Chain Cap pulls Stage to 3 if 3+ of 4 vendor tiles lack PQC roadmap.
QRI 0 to 100, the granular index
The Quantum Readiness Index is the weighted roll-up across the seven dimensions. It is published as a secondary stat next to Stage. The QRI captures gradations, a Stage-2 chain at QRI 25 looks meaningfully different from a Stage-2 chain at QRI 41, but it is not the primary call.
QRI is bounded by the six caps (see below). A chain with strong architecture (Dim 4) and weak deployment (Dim 5) will have a high raw QRI capped at 70 by the Architecture-Execution Gap Cap.
Bands, qualitative summary
Bands compress QRI into a label readers can quote without misrepresenting.
| Band | QRI | Label |
|---|---|---|
| 1 | 0–10 | Unaware |
| 2 | 11–20 | Acknowledged |
| 3 | 21–30 | Planning |
| 4 | 31–40 | Architected |
| 5 | 41–50 | Prototyped |
| 6 | 51–70 | Transitioning |
| 7 | 71–100 | Deployed |
The seven dimensions
Each dimension scores 0 to 100 internally. Weights vary by profile (see profiles).
| # | Dimension | Sub-scores | What it measures |
|---|---|---|---|
| 1 | Cryptographic Exposure | 1a–1e | Inventory of named primitives, Shor/Grover classification, family diversity, NIST category mapping, implementation quality. |
| 2 | Quantum Recovery Exposure | 2a–2d (or 2a–2e for privacy) | Forge subtotal (active-key, cold-key, signature long-term validity) + Decrypt subtotal (HNDL, note-ciphertext payload). |
| 3 | Metadata, Anonymity & Confidentiality | 3a–3e (or 3a–3f for privacy) | Anonymity subtotal (tx-graph, RPC concentration, bridge correlation, mixnet) + Confidentiality subtotal (retroactive deanon, content-payload encryption shelf life). |
| 4 | Migration Architecture | 4a–4f | Crypto-agility, AA / key rotation, hard-fork track record, hybrid deployment readiness, stateful-hash management, BFT aggregation-path declaration. |
| 5 | Deployment Execution | 5a–5f | Mainnet PQC traffic %, code in consensus client, validator adoption, dated milestones, washing delta, signature-footprint multiplier. |
| 6 | Supply Chain Vendor Readiness | 6a–6d | Top-3 wallet, bridge, custodian, and RPC/HSM/TEE PQC roadmaps. Cross-tile weak-link cap applies. |
| 7 | Governance & Coordination | 7a–7e | Validator/stake distribution, upgrade cadence under pressure, named coordination lead, adversarial-coordination precedent, canary/tripwire mechanism. |
Forge / Decrypt + Anonymity / Confidentiality splits
v3.1.0 publishes two subtotals on Dim 2 because Forge (signature forgeability post-Shor) and Decrypt (HNDL ciphertext recovery) are different threats with different timelines. A chain can have low Decrypt exposure (no on-chain encrypted state) but catastrophic Forge exposure (every active address reveals its public key on first spend).
v3.1.0 publishes two subtotals on Dim 3 for privacy-focused chains, Anonymity (graph hiding) and Confidentiality (content hiding). The split surfaces the dominant privacy-chain finding: shielded-by-default chains can have strong Anonymity (50+ / 80) and zero Confidentiality (0/40) when every shielded primitive depends on Shor-vulnerable curves. Single-Q-day events decrypt the entire historical pool.
Three profiles
Different chain types absorb post-quantum risk differently. Three weight profiles.
| Dimension | L1 | rollup-L2 | privacy-focused-chain |
|---|---|---|---|
| 1 Cryptographic Exposure | 15% | 12% | 12% |
| 2 Quantum Recovery Exposure | 10% | 8% | 10% |
| 3 Metadata / Anonymity / Confidentiality | 13% | 8% | 25% (split) |
| 4 Migration Architecture | 10% | 15% | 12% |
| 5 Deployment Execution | 22% | 22% | 18% |
| 6 Supply Chain Vendor Readiness | 22% | 25% | 18% |
| 7 Governance & Coordination | 8% | 10% | 5% |
| Privacy-focused-chain weights split Dim 3 into 15% Anonymity + 10% Confidentiality. | |||
Five gates
Gates flag, they do not rank. A chain can fail any gate and still score well on the granular dimensions. The point is to surface conditions a non-cryptographer can read at a glance.
| Gate | PASS condition | Failure signal |
|---|---|---|
| Gate 1a, Hybrid signature | Hybrid composition (AND or OR-with-commit-to-hash) documented at signature path | No composition documented; pure-replacement deployment counts as FAIL |
| Gate 1a, Hybrid KEM | Hybrid PQ KEM at validator transport (concatenated shared-secret per IETF hybrid TLS draft) | Classical KEM only at consensus / RPC / peer transport |
| Gate 1b, Commit-to-hash | For OR-composition only: commit-to-hash-of-both-pubkeys documented | OR-composition without commit; N/A if no OR-composition |
| Gate 2, Evidence reconstruction | Every sub-score is backed by ≥ 3 source artifacts (foundation specifications, code commits, third-party analyses) held in the internal audit repository, granted on request via /audit-access | Any sub-score has < 3 artifacts; failure triggers Evidence-Density Cap |
| Gate 3, Primitive naming | Every sub-score names specific primitives with mechanism (curve, hash, KDF, AEAD) | Category-level labels ("signatures", "ZK") at any sub-score |
Six caps
Caps are floors on the headline outputs. Granular dimension scores are unaffected; the QRI and Migration Stage are bounded.
| Cap | Trigger | Effect |
|---|---|---|
| Mainnet-Traffic Cap | 5a (mainnet PQC traffic %) < 20% | QRI ≤ 60 |
| Architecture-Execution Gap Cap | Dim 4 − Dim 5 ≥ 25 points | QRI ≤ 70 |
| Milestone-Discipline Cap | 5d (published dated milestones) voided to 0; voided when 5a = 0 | Migration Stage ≤ 2 |
| Evidence-Density Cap | Any dim has < 3 evidence artifacts at sub-score level | That dim's weighted contribution discounted 50% |
| Supply-Chain Cap | 3+ of 4 vendor tiles (wallet/bridge/custodian/RPC) lack top-3 PQC roadmap | Migration Stage ≤ 3 |
| Cryptographic-Diversity Cap | Lattice-monoculture in PQ deployment or roadmap (no hash-based or code-based fallback at signature path) | QRI ≤ 60 |
Caps lower the headline outputs; they do not replace the granular sub-scores. Lowest binding cap wins.
X + Y vs Z, the timing test
Demoted from headline to secondary signal in v3.1.0, kept because it is the right question to ask: can a chain finish migrating before the threat lands?
- X: signature shelf life, how many years a signature must remain unforgeable. For privacy-focused chains, also X_priv: note-encryption shelf life.
- Y: years to Stage 5 from current state, accounting for governance cadence, vendor readiness, and gate failures.
- Z10: 10% probability year for a cryptographically-relevant quantum computer (≈ 2030 per Global Risk Institute 2025).
- Z25: 25% probability year (≈ 2035).
- Z compliance: NIST IR 8547 (2030 deprecation, 2035 disallowance), CNSA 2.0, BSI Migrationsplan, EU NIS2 / DORA.
If X + Y > Z10 the chain is in Crisis Zone, it cannot finish migrating before the lower-probability threat. If X + Y > Z25 the chain is Outside risk window. If X + Y > Z compliance the chain is Outside compliance window.
Announcement-to-shipped ratio
A ratio of PQC-related claims in trailing-12-month public communications to PQC-related shipped code on mainnet under named primitive.
| Ratio | Tag | Effect |
|---|---|---|
| < 1.5 | none | No deduction |
| 1.5 – 2.0 | >1.5 deduction | 10-point deduction at 5e |
| 2.0 – 5.0 | QRI cap 65 | QRI ≤ 65 (does not bind unless raw QRI > 65) |
| > 5.0 (or undefined when shipped = 0) | narrative-only | 10-point deduction + QRI cap 65 + tag rendered on chain card |
Burn-vs-rescue policy
v3.1.0 requires every chain card to declare a burn-vs-rescue policy: what happens to dormant balances on the unmigrated classical scheme once the PQ scheme is dominant?
| Option | Description | Example |
|---|---|---|
| (a) Freeze / burn | Sunset date after which classical signatures are no longer accepted; stuck balances are unspendable | Bitcoin BIP-361 (Draft), Phase B at +5y invalidates ECDSA/Schnorr |
| (b) STARK rescue | Zero-knowledge proof of pubkey ownership rescues balances after sunset | BIP-361 Phase C zk-recovery (research) |
| (c) Hybrid client-layer | Wallet-level dual-signing during transition | n/a |
| (d) Hourglass / rate-limit canary | Cap on per-block spend from quantum-vulnerable addresses | Bitcoin Hourglass V2 (proposal) |
| (e) Optional migration | No forced sunset; users opt in voluntarily; long-tail balances remain at risk indefinitely | Adam Back position; majority of L1s by default |
| (f) Undeclared | No policy on file | Most chains in the v3.1.0 set |
Declaring (f) "undeclared" is itself a signal. The absence of a policy is a Dim 7 governance finding.
Source-disagreement disclosure
Every chain card publishes a source-disagreement disclosure, material divergences among authoritative sources (foundation vs independent press, methodology vs alternative weighting, primary spec vs third-party interpretation). Plus a delta-QRI under the alternative weighting.
This is a transparency requirement, not a hedge. The disclosure surfaces where a reasonable evaluator could land at a different number under a defensible alternative reading. The methodology call is what the card carries; the alternative is what the next reviewer should test.
The audit packet
Every published score is built from a packet of foundation specifications, source commits, and third-party analyses. The packet is held in our internal audit repository. Public chain cards on layerqu.com display the substantive claim and the source category, not the evidence URL list, because a single broken or stale link in a public scorecard does more damage to the reader than the link adds in transparency.
Reviewers who need the underlying packet for verification request access at /audit-access. Access is granted on a case-by-case basis to chain foundations, regulators, standards bodies, researchers, and institutional reviewers with a stated verification need.
If a reviewer flags a score they cannot reconstruct from the packet, we retract the score and keep the flag visible until the issue is resolved.
Common questions
What is Migration Stage 0 to 5?
The headline output of LayerQu v3.1.0. Stage 0 = Unaware, Stage 1 = Acknowledged, Stage 2 = Architected (real PQ code merged or spec ratified), Stage 3 = Piloted at protocol margins, Stage 4 = Hybrid PQ shipped to mainnet, Stage 5 = Hybrid PQ majority on mainnet. The Stage answers the question: what has actually shipped?
What is the QRI?
A 0 to 100 weighted index across the seven dimensions, demoted to a secondary stat in v3.1.0. The QRI captures the granular score; the Migration Stage captures the operational reality. A chain can have a high QRI through architectural readiness without having shipped any post-quantum cryptography. Six caps prevent that gap from inflating the headline.
What are the seven dimensions?
1) Cryptographic Exposure (named primitives in active use), 2) Quantum Recovery Exposure (Forge subtotal + Decrypt subtotal, what an adversary recovers post-Shor), 3) Metadata, Anonymity & Confidentiality (split into Anonymity and Confidentiality subtotals for privacy-focused chains), 4) Migration Architecture (crypto-agility, AA, hybrid readiness, BFT aggregation path), 5) Deployment Execution (mainnet PQ traffic %, code merged, validator adoption), 6) Supply Chain Vendor Readiness (wallets, bridges, custodians, RPC/HSM/TEE), 7) Governance & Coordination (validator distribution, upgrade cadence, named coordination lead).
What are the five gates?
Gate 1a-Sig (hybrid signature composition documented), Gate 1a-KEM (hybrid KEM at validator transport), Gate 1b (commit-to-hash for OR-composition), Gate 2 (every sub-score reconstructible by independent third party in 48h), Gate 3 (every primitive named with mechanism, not category). Gates flag, they do not rank, a chain can fail Gate 1a and still score well on the granular dimensions.
What are the six caps?
Mainnet-Traffic Cap (5a < 20% → QRI ≤ 60), Architecture-Execution Gap Cap (Dim 4 − Dim 5 ≥ 25 → QRI ≤ 70), Milestone-Discipline Cap (5d voided → Stage ≤ 2), Evidence-Density Cap (any dim with < 3 artifacts → 50% weighted-contribution discount), Supply-Chain Cap (3+ of 4 vendor tiles missing PQC roadmap → Stage ≤ 3), Cryptographic-Diversity Cap (lattice-monoculture without second family → QRI ≤ 60). Caps are floors that cap the headline; they do not penalize granular scores.
What is the X+Y vs Z timing test?
Demoted from headline in v3.1.0, kept as secondary signal. X is signature shelf life (or note-encryption shelf life for privacy chains). Y is years to Stage 5 from current state. Z is the year a cryptographically-relevant quantum computer arrives, Z10 is the 10% probability year (≈2030), Z25 is the 25% year (≈2035). If X+Y > Z, the chain enters the Crisis Zone, it cannot finish migrating before the threat lands.
What does "primitives named" mean?
Every sub-score must cite the specific primitive in production: curve and hash for signatures (e.g., ECDSA secp256k1 + SHA-256d), commitment scheme and proof system for ZK (Halo2-KZG over BN254), KDF and AEAD for confidential channels (ChaCha20-Poly1305 + HKDF-SHA256). Category labels like "signatures" or "ZK" score lower because they cannot be cross-examined against NIST IR 8547 or CNSA 2.0.
What is the announcement-to-shipped ratio?
A ratio of PQC-related claims in trailing-12-month public communications to PQC-related shipped code on mainnet. Ratio > 1.5 triggers a 10-point sub-score deduction. Ratio > 2.0 triggers a QRI cap at 65. Ratio > 5.0 (or undefined when shipped = 0) triggers the narrative-only tag. Chains that talk more than they ship get penalised, not rewarded.
Can a chain commission a private scorecard?
No. LayerQu is a public reference. If a chain foundation wants to change its score, it ships evidence and provides public artifacts that move the relevant sub-scores. The methodology applies the same to every chain in the evaluation set.
LayerQu v3.1.0 methodology, ratified 2026-05-01, supersedes v3.0 (2026-04-24), v2 (2026-04-17), and ChainScreen v1. Next review 2026-08-01.