{ "chain_slug": "aztec", "name": "Aztec", "scorecard_profile": "privacy-L2", "evaluated_at": "2026-04-18", "evaluator": "layerqu-v2-scoring-agent-1", "v1_reference": "chainscreen-v1-archive", "dimensions": { "1_cryptographic_exposure": { "weight": 0.12, "score": 32, "sub_scores": { "1a_primitive_inventory": { "score": 14, "primitives_named": [ "ECDSA secp256k1 (user auth)", "UltraPLONK over BN254 (ZK proof system)", "Poseidon (ZK-friendly hash)", "AES-GCM (note encryption)", "SHA-256" ], "evidence": [ "https://docs.aztec.network", "https://aztec.network/" ], "note": "UltraPLONK/BN254 for all privacy proofs. Noir language compiles to BN254 arithmetic circuits." }, "1b_shor_grover_pq_tag": { "score": 14, "tags": { "ECDSA secp256k1": "Shor-break", "UltraPLONK-BN254": "Shor-break (pairing-based)", "Poseidon": "Grover-weaken (ZK-SNARK-friendly, 128-bit)", "AES-GCM-256": "PQ-safe (128-bit under Grover)", "SHA-256": "Grover-weaken-128bit" }, "evidence": [ "https://docs.aztec.network" ] }, "1c_algorithm_family_diversity": { "score": 0, "families_represented": 0, "families": [], "note": "No PQC families deployed. Privacy primitives are ECC-based." }, "1d_nist_security_category": { "score": 0, "mappings": {}, "note": "No NIST PQC" }, "1e_implementation_quality": { "score": 4, "formal_verification": "Aztec/Noir circuits have formal verification via barretenberg", "constant_time": "standard", "libraries": [ "barretenberg (C++)", "noir-lang" ], "evidence": [ "https://github.com/AztecProtocol" ] } }, "total_artifacts": 3 }, "2_hndl_exposure": { "weight": 0.1, "score": 22, "sub_scores": { "2a_active_key_exposure": { "score": 5, "note": "Account keys in encrypted notes (AES-GCM); private keys never on-chain." }, "2b_cold_key_exposure": { "score": 5, "note": "Mainnet ~4 months. Limited history." }, "2c_signature_longterm_validity": { "score": 5, "note": "ECDSA sigs + UltraPLONK proofs all Shor-breakable." }, "2d_encryption_confidentiality": { "score": 7, "note": "AES-GCM for note encryption is PQ-safe. Key exchange to AES uses Diffie-Hellman over BN254 curve — Shor-breakable, so retrodecryption of historical notes possible." } }, "total_artifacts": 2 }, "3_metadata_privacy_exposure": { "weight": 0.25, "score": 35, "sub_scores": { "3a_tx_graph_visibility": { "score": 12, "note": "Mixed privacy — private function calls are shielded; public function calls visible. Best current privacy-L2 on Ethereum." }, "3b_rpc_mempool_concentration": { "score": 8, "note": "Aztec Connect sequencer was centralized; new mainnet has 3,400+ sequencers, 185+ operators — decentralized sequencing from day one." }, "3c_cross_chain_bridge_correlation": { "score": 8, "note": "L1 bridge visible; privacy leaks on deposit/withdraw correlation." }, "3d_retroactive_deanon_risk": { "score": 7, "note": "CRITICAL: all historical shielded txs based on UltraPLONK/BN254. Shor-break means EVERY historical private tx retroactively de-anonymized. This is Chaum's specific warning." } }, "total_artifacts": 3 }, "4_migration_architecture": { "weight": 0.12, "score": 52, "sub_scores": { "4a_crypto_agility": { "score": 12, "note": "ZK proof system swap is expensive (would need to replace UltraPLONK + BN254 curve). STARK/FRI-based PQC migration possible but architecturally significant." }, "4b_account_abstraction_key_rotation": { "score": 18, "note": "Native AA from day one — signature scheme upgradeable per account." }, "4c_hard_fork_track_record": { "score": 12, "note": "Very new mainnet. Limited track record." }, "4d_hybrid_deployment_readiness": { "score": 10, "note": "Hybrid path would require hash-based / FRI-based / STARK proof system alongside UltraPLONK — substantial work." } }, "total_artifacts": 3 }, "5_deployment_execution": { "weight": 0.18, "score": 5, "sub_scores": { "5a_mainnet_pqc_pct": { "score": 0, "mainnet_pqc_pct": 0, "evidence": [], "note": "no public artifact found" }, "5b_pqc_code_in_client": { "score": 0, "note": "no PQC code in Aztec client or barretenberg" }, "5c_validator_pqc_adoption": { "score": 0, "note": "Sequencers use ECDSA; no PQC keys" }, "5d_published_milestones_count": { "score": 3, "count": 0, "note": "ZKnox PQ-precompile research references exist but not Aztec roadmap" }, "5e_pqc_washing_delta": { "score": 2, "ratio": 1, "note": "No Aztec-specific PQC announcements" } }, "total_artifacts": 1 }, "6_supply_chain_vendor_readiness": { "weight": 0.18, "score": 7, "sub_scores": { "6a_wallet": { "score": 2, "top3": [ "Obsidion (Aztec-native)", "Azguard", "MetaMask (for deposits)" ], "pqc_roadmap_count": 0, "evidence": [] }, "6b_bridge": { "score": 2, "top3": [ "Aztec L1 bridge", "no major third-party bridges yet" ], "pqc_roadmap_count": 0, "evidence": [] }, "6c_custodian": { "score": 2, "top3": [ "Copper", "Fireblocks (research)", "Anchorage" ], "pqc_roadmap_count": 0, "evidence": [] }, "6d_rpc_hsm": { "score": 1, "top3": [ "Aztec official RPC", "community sequencers" ], "pqc_roadmap_count": 0, "evidence": [] } }, "total_artifacts": 1 }, "7_governance_coordination": { "weight": 0.05, "score": 50, "sub_scores": { "7a_validator_stake_distribution": { "score": 15, "note": "3,400+ sequencers, 185+ operators from day one — strong decentralization." }, "7b_upgrade_cadence_under_pressure": { "score": 10, "note": "Too new for track record." }, "7c_named_coordination_lead": { "score": 15, "note": "Aztec Labs (Zac Williamson, Joe Andrews)." }, "7d_adversarial_coordination_precedent": { "score": 10, "note": "No precedent. Aztec Connect sunset in 2023 demonstrated decommissioning capability." } }, "total_artifacts": 2 } }, "gates": { "hybrid_deployment": "FAIL", "evidence_reconstruction": "PASS", "primitive_naming": "PASS" }, "caps_applied": [ "mosca_cap_60", "sutor_stage_cap_2", "casado_stage_cap_3", "preskill_half_dim5_dim6", "hybrid_gate_fail_cap_60" ], "qri": { "raw": 21, "after_caps": 21, "ci_plus_minus": 10, "band": 3, "band_name": "Planning" }, "migration_stage": 0, "mosca_inequality": { "X_signature_shelf_life_years": "infinite for historical private txs (privacy chain; Shor-retrodecryption devastating)", "Y_migration_time_years_range": "10-15", "Z_10pct_year": 2036, "Z_50pct_year": 2041, "danger_zone_at_50pct": true }, "four_scenario_grid": { "quantum_never": { "value_preserved_pct": 100, "privacy_preserved_pct": 100 }, "arrives_suddenly_pre_migration": { "value_preserved_pct": 15, "privacy_preserved_pct": 0 }, "arrives_slowly_post_migration": { "value_preserved_pct": 70, "privacy_preserved_pct": 30 }, "arrives_slowly_mid_migration": { "value_preserved_pct": 40, "privacy_preserved_pct": 10 } }, "burn_vs_rescue_policy": "undeclared", "pqc_washing_ratio": 1, "vendor_tile_summary": { "wallet": { "top3": [ "Obsidion", "Azguard", "MetaMask" ], "pqc_roadmap_count": 0 }, "bridge": { "top3": [ "Aztec L1 bridge" ], "pqc_roadmap_count": 0 }, "custodian": { "top3": [ "Copper", "Fireblocks", "Anchorage" ], "pqc_roadmap_count": 0 }, "rpc_hsm": { "top3": [ "Aztec official RPC", "community sequencers" ], "pqc_roadmap_count": 0 } }, "narrative_summary": "Aztec is the only privacy-L2 in batch. UltraPLONK over BN254 curve provides privacy proofs; all historical shielded txs retroactively de-anonymizable when Shor breaks BN254. AES-GCM note encryption is PQ-safe but DH key exchange is not. Chaum-framed privacy disaster: privacy evaporates retroactively under CRQC. No PQC migration path documented; would require fundamental ZK proof system replacement.", "evaluator_notes": "Highest metadata privacy score in batch by design (3a=12) but 3d score (retroactive de-anon) reflects the existential privacy threat. Scorecard profile weights metadata at 25%. Aztec's existence justifies privacy-L2 scorecard as methodology class.", "narrative_voiced": "Aztec is the only privacy chain in the batch, and that is where quantum hurts most. Every shielded transaction uses UltraPLONK over BN254, and when BN254 falls to Shor, the privacy does not just stop working forward. It retroactively stops having worked. The chain that forgets becomes the chain that confesses." }