{ "chain_slug": "iota", "name": "IOTA", "scorecard_profile": "L1", "evaluated_at": "2026-04-18", "evaluator": "layerqu-v2-scoring-agent-3", "v1_reference": "chainscreen-v1-archive", "dimensions": { "1_cryptographic_exposure": { "weight": 0.15, "score": 45, "sub_scores": { "1a_primitive_inventory": { "score": 14, "primitives_named": [ "Ed25519 (current, since Chrysalis 2021 and Rebased 2025)", "WOTS / Winternitz One-Time Signatures (historical, 2016-2021)", "BLAKE2b (hashing)", "Kerl/Keccak (historical)", "Poseidon (some zk integrations)" ], "evidence": [ "https://wiki.iota.org/learn/protocols/stardust/overview/", "https://blog.iota.org/rebased-move/" ], "note": "Unique crypto history: IOTA originally shipped hash-based WOTS signatures (2016-2021), migrated AWAY from them to Ed25519 in Chrysalis (2021), and planned PQ-hash reintroduction in IOTA 2.0 roadmap (unclear if shipped post-Rebased)." }, "1b_shor_grover_pq_tag": { "score": 16, "tags": { "Ed25519": "Shor-break", "WOTS (historical)": "Grover-weaken only (hash-based, PQ-resistant)", "BLAKE2b": "Grover-weaken-128bit", "Poseidon": "Grover-weaken-128bit" }, "evidence": [] }, "1c_algorithm_family_diversity": { "score": 6, "families_represented": 1, "families": [ "Hash-based (historical WOTS, unclear if currently deployed post-Rebased)" ], "note": "HISTORICAL hash-based WOTS is a unique data point. Current mainnet is Ed25519 only. No NIST PQC standard deployed." }, "1d_nist_security_category": { "score": 3, "mappings": { "WOTS": "Category I (128-bit classical) — PQ-resistant but one-time only" }, "note": "WOTS is not NIST-standardized. Hash-based schemes like SLH-DSA/XMSS are NIST-standardized but IOTA does not use them." }, "1e_implementation_quality": { "score": 6, "formal_verification": "Ed25519 standard-library quality", "constant_time": "ed25519-dalek via Rust", "libraries": [ "iota-sdk (Rust)", "Move-based IOTA Rebased (Sui-derived)" ], "evidence": [ "https://github.com/iotaledger/iota" ] } }, "total_artifacts": 3 }, "2_hndl_exposure": { "weight": 0.1, "score": 20, "sub_scores": { "2a_active_key": { "score": 4, "note": "Current Ed25519 addresses fully exposed on first tx. IOTA 2.0 planned account abstraction + signature agility (implementation status unclear post-Rebased)." }, "2b_cold_key": { "score": 6, "note": "Long-dormant Chrysalis-era Ed25519 keys from 2021+ are quantum-exposed. Pre-2021 WOTS addresses were hash-based." }, "2c_sig_long_term": { "score": 6, "note": "DAG history includes WOTS-signed transactions (PQ-safe) and Ed25519 since Chrysalis (Shor-vulnerable)." }, "2d_encryption_conf": { "score": 4, "note": "Standard TLS. No PQC KEM documented." } }, "total_artifacts": 2 }, "3_metadata_privacy_exposure": { "weight": 0.1, "score": 30, "sub_scores": { "3a_graph_visibility": { "score": 7, "note": "DAG transaction graph visible. Pseudonymous." }, "3b_rpc_concentration": { "score": 8, "note": "Rebased DPoS has limited validator set; Foundation and partners run major endpoints." }, "3c_bridge_correlation": { "score": 7, "note": "IOTA bridges to Ethereum/BSC; some correlation risk." }, "3d_retroactive_deanon": { "score": 8, "note": "Historical WOTS tx in pre-Chrysalis DAG are hash-based (PQ-resistant at signature layer). Post-Chrysalis Ed25519 tx retroactively de-anonymizable under Shor." } }, "total_artifacts": 1 }, "4_migration_architecture": { "weight": 0.12, "score": 55, "sub_scores": { "4a_crypto_agility": { "score": 18, "note": "IOTA has the most extensive crypto-migration track record in this batch: WOTS -> Ed25519 (Chrysalis 2021), Ed25519 -> MoveVM (Rebased 2025). Demonstrated ability to execute breaking crypto changes.", "evidence": [ "https://blog.iota.org/iota-chrysalis-network-upgrade/", "https://blog.iota.org/rebased-move/" ] }, "4b_aa_key_rotation": { "score": 12, "note": "Move-based IOTA Rebased inherits Sui-style AA primitives. Signature scheme agility at account layer." }, "4c_hard_fork_track_record": { "score": 15, "note": "Successful Chrysalis + Stardust + Rebased upgrades. Foundation-coordinated hard forks with multi-year horizons." }, "4d_hybrid_deployment_readiness": { "score": 10, "note": "IOTA 2.0 white paper discusses PQ signature schemes. Rebased Move VM could accommodate hybrid envelopes. Implementation status of published PQ plan unclear." } }, "total_artifacts": 3 }, "5_deployment_execution": { "weight": 0.2, "score": 10, "sub_scores": { "5a_mainnet_pqc_pct": { "score": 2, "mainnet_pqc_pct": "uncertain — historical WOTS tx in DAG were hash-based; current mainnet sigs are Ed25519", "evidence": [ "https://wiki.iota.org/learn/protocols/stardust/overview/" ], "note": "Technical ambiguity: historical WOTS sigs remain verifiable in DAG but new tx are Ed25519-only. PQC-washing risk if 'IOTA is quantum-resistant' is claimed based on heritage not current state." }, "5b_pqc_code_in_consensus": { "score": 2, "loc_or_bytes": "uncertain", "note": "WOTS verification logic likely retained for historical tx compatibility. No NIST PQC (SLH-DSA/ML-DSA) in client." }, "5c_validator_pqc_keys": { "score": 0, "pct": 0, "note": "No validator PQC keys." }, "5d_published_milestones": { "score": 4, "count": 1, "milestones": [ "IOTA 2.0 white paper references PQ signatures" ], "note": "White paper mention; no dated production milestone found." }, "5e_pqc_washing_delta": { "score": 2, "ratio": 1.6, "note": "PQC-washing risk: marketing around 'IOTA quantum resistance' often references historical WOTS, not current Ed25519 mainnet. Delta of ~1.6x plausible." } }, "total_artifacts": 2 }, "6_supply_chain_vendor_readiness": { "weight": 0.2, "score": 6, "sub_scores": { "6a_wallet": { "score": 2, "top3": [ "Firefly (IOTA native)", "Nightly", "Bloom Wallet" ], "pqc_roadmap_count": 0 }, "6b_bridge": { "score": 2, "top3": [ "IOTA Bridge (ETH/BSC)", "LayerZero (limited)", "Axelar (limited)" ], "pqc_roadmap_count": 0 }, "6c_custodian": { "score": 1, "top3": [ "Fireblocks (research only)", "BitGo (limited support)", "Coinbase Custody (limited)" ], "pqc_roadmap_count": 0 }, "6d_rpc_hsm": { "score": 1, "top3": [ "IOTA Foundation nodes", "Community nodes", "Partner validators" ], "pqc_roadmap_count": 0 } }, "total_artifacts": 1 }, "7_governance_coordination": { "weight": 0.13, "score": 40, "sub_scores": { "7a_validator_stake_distribution": { "score": 8, "note": "Rebased DPoS limited validator set; Foundation-aligned." }, "7b_upgrade_cadence_under_pressure": { "score": 15, "note": "Multiple successful protocol-level crypto migrations (Chrysalis, Stardust, Rebased). Strong hard-fork execution history." }, "7c_named_coordination_lead": { "score": 10, "note": "IOTA Foundation (Dominik Schiener). Research team active on cryptography and DLT." }, "7d_adversarial_coordination_precedent": { "score": 7, "note": "2017 Curl-P / vulnerability response showed willingness to migrate primitives quickly. Coordinator migration demonstrated adversarial coordination capability." } }, "total_artifacts": 2 } }, "gates": { "hybrid_deployment": "FAIL", "evidence_reconstruction": "PASS", "primitive_naming": "PASS" }, "caps_applied": [ "Mosca (5a<20% → QRI max 60)", "Sutor (5d count=1 — Migration Stage max 2)", "Casado (3+ vendor tiles pqc=0 → migration_stage max 3)", "Hybrid gate FAIL → QRI cap 60" ], "qri": { "raw": 32, "after_caps": 32, "ci_plus_minus": 12, "band": 3, "band_name": "Intentional" }, "migration_stage": 1, "mosca_inequality": { "X_signature_shelf_life_years": "5-15 (historical WOTS addresses dormant; Ed25519 since 2021)", "Y_migration_time_years_range": "6-10 (Foundation has shown fast hard-fork capability)", "Z_10pct_year": 2036, "Z_50pct_year": 2041, "danger_zone_at_50pct": true }, "four_scenario_grid": { "quantum_never": { "value_preserved_pct": 100, "privacy_preserved_pct": 100 }, "arrives_suddenly_pre_migration": { "value_preserved_pct": 15, "privacy_preserved_pct": 25 }, "arrives_slowly_post_migration": { "value_preserved_pct": 90, "privacy_preserved_pct": 75 }, "arrives_slowly_mid_migration": { "value_preserved_pct": 60, "privacy_preserved_pct": 50 } }, "burn_vs_rescue_policy": "undeclared", "pqc_washing_ratio": 1.6, "vendor_tile_summary": { "wallet": { "top3": [ "Firefly", "Nightly", "Bloom Wallet" ], "pqc_roadmap_count": 0 }, "bridge": { "top3": [ "IOTA Bridge", "LayerZero", "Axelar" ], "pqc_roadmap_count": 0 }, "custodian": { "top3": [ "Fireblocks", "BitGo", "Coinbase Custody" ], "pqc_roadmap_count": 0 }, "rpc_hsm": { "top3": [ "IOTA Foundation nodes", "Community nodes", "Partner validators" ], "pqc_roadmap_count": 0 } }, "narrative_summary": "IOTA is the anomaly of the batch: originally shipped hash-based Winternitz One-Time Signatures (2016-2021), migrated AWAY from them to Ed25519 in Chrysalis (2021) for ecosystem compatibility, and is now planning hash-based reintroduction in IOTA 2.0 roadmap. Rebased (May 2025) moved to Move VM on a new DPoS chain. Current mainnet is Ed25519 (Shor-vulnerable), but the crypto-migration track record is the strongest in this batch: three protocol-level hard forks with crypto scheme changes. Migration architecture score is Band 3 (Intentional) not higher because no NIST PQC (ML-DSA/SLH-DSA) is currently deployed despite the ecosystem's PQ-friendly heritage.", "evaluator_notes": "IOTA is the headline surprise of this 25-chain batch. Historical WOTS deployment (2016-2021) is a genuine hash-based PQ-resistant signature scheme. The paradox is that the ecosystem migrated AWAY from hash-based PQ-resistance toward Ed25519 (Shor-vulnerable) for compatibility reasons. IOTA 2.0 white paper discusses PQ reintroduction but current mainnet is Ed25519. PQC-washing risk: 'IOTA is quantum-resistant' claims based on heritage rather than current deployment. Band 3 Intentional reflects strong track record + roadmap intent; no higher due to absent current NIST-PQC deployment.", "narrative_voiced": "IOTA is the only chain in the batch that once ran hash-based signatures and then migrated away from them. Winternitz One-Time Signatures were PQ-resistant; Ed25519 is not. The quantum-resistant heritage is real. The current mainnet is not." }