Name: Horizen, LayerQu quantum-readiness scorecard
Creator: LayerQu
License: https://layerqu.com/methodology/

HORIZEN · L1 · STAGE 1 ACKNOWLEDGED BUT UNSTARTED · QRI 29 v3.1.0 methodology

In plain terms

What it is. Horizen tore itself down and rebuilt in 2025, dropping its old standalone network and relaunching on top of another chain, with no protection yet against the kind of future computer that could break today's signatures.

What we found. It proved it can re-engineer itself fast, but it spent that speed on a new design rather than on quantum defense, and its next big feature keeps data private through special hardware rather than against that future threat.

Why it matters. Holders who never claimed their coins after the move are left on the old, breakable setup, and with no plan or date on the table, anyone relying on Horizen is exposed if that powerful computer arrives.

Horizen completed a full chain transformation in 2025: legacy ZEN PoW chain (Zendoo SNARKs, Schnorr signatures over BLS12-377 / Tweedle, POSEIDON hash, BW6 pairings, secure-node tier) was deprecated; ZEN migrated to ERC-20 on Base on 2025-07-23; Horizen relaunched as an EVM-native L3 on Base on 2025-12-10. The Horizen Confidential Compute Environment (HCCE), scheduled Q1 2026, uses TEE attestation for privacy, not PQ. Every classical primitive in scope (Schnorr/BLS12-377, BLS12-377/BW6, POSEIDON, Blake2s, secp256k1, Keccak-256) is Shor-breakable or Grover-weakened. No Horizen PQ roadmap published.

inLinkedIn ↷Audit access ⇆Compare Verified 2026-05-02

Summary

Horizen 2.0 is an EVM-native L3 on Base (mainnet 2025-12-10) following the 2025-07-23 ZEN ERC-20 migration; the legacy Horizen Zendoo PoW L1 (Ginger-lib SNARKs, Schnorr/BLS12-377, BW6 pairings, POSEIDON hash, Blake2s) is deprecated in favor of the relaunched architecture. The next milestone is the Horizen Confidential Compute Environment (HCCE), a TEE-based privacy compute layer scheduled for Q1 2026, confidentiality via hardware, not PQ. Every signing primitive in scope is Shor-breakable; every hash primitive is Grover-bounded. mainnet-traffic cap fires (5a = 0), Milestone-Discipline cap fires (5d = 0), Supply-Chain cap fires. Gates 1a-Sig and 1a-KEM both FAIL. The chain has demonstrated extreme architectural agility (full relaunch in 2025) but has not converted that agility into a PQ commitment. Long-tail residual exposure: unmigrated legacy ZEN balances on PoW addresses remain on classical Schnorr/BLS primitives. QRI 29, Band 3 Planning. Migration Stage 1.

What the gates say

Gate 1a, Hybrid signature: FAIL , no documented hybrid signature composition on legacy ZEN or post-relaunch Horizen-on-Base
Gate 1a, Hybrid KEM: FAIL , no PQ KEM hybrid for transport; HCCE TEE attestation uses classical ECDSA/RSA platform keys
Gate 1b, Commit-to-hash: COND , no OR-composition declared
Gate 2, Evidence reconstruction: PASS ,
Gate 3, Primitive naming: PASS , Schnorr/BLS12-377, POSEIDON, Blake2s, BLS12-377/BW6, secp256k1 ECDSA, Keccak-256

Burn-vs-rescue policy on file

Declared option f, Undeclared. Horizen Labs has not published a position on dormant-balance handling for legacy ZEN PoW addresses or for ERC-20 ZEN on Base. The 2025-07-23 ERC-20 migration is a partial migration via claim portal, unclaimed legacy ZEN remains at unmigrated PoW addresses, exposed to the legacy chain's classical-Schnorr surface.

Seven dimensions

Each dimension scores 0–100 internally; the weighted roll-up produces the QRI.

1 Cryptographic Exposure weight 15% 37 / 100

1a · primitive inventory 13 / 20

Legacy chain (Sidechains-SDK + zen + EON) deprecated in favor of Horizen-on-Base L3 (2025-12-10 mainnet). HCCE not yet live.

Primitives: Schnorr signatures (over BLS12-377 / Tweedle inside Ginger-lib), legacy Zendoo sidechain certificate authentication · POSEIDON hash (Ginger-lib SNARK-friendly hash) · VRF (Ginger-lib, BLS12-377-family curves) · BLS12-377 / BW6 (pairing curves in Ginger-lib zk-SNARK / Coboundary-Marlin construction) · Blake2s (hash-to-curve) · Merkle tree based on POSEIDON · secp256k1 ECDSA (ZEN ERC-20 on Base, post-2025-07-23) · Keccak-256 (Ethereum/Base hashing post-relaunch) · TEE attestation primitives (HCCE planned Q1 2026; specific TEE not publicly disclosed in evidence cutoff)

1b · shor grover pq tag 12 / 20

Tags:

Schnorr (BLS12-377 / Tweedle) → Shor-break (DL on the underlying curve)
BLS12-377 / BW6 → Shor-break-via-pairings
POSEIDON hash → Grover-weaken (algebraic hash; Tier 4 cryptanalytic maturity)
Blake2s → Grover-weaken
secp256k1 ECDSA (ERC-20 ZEN on Base) → Shor-break (DL)
Keccak-256 → Grover-weaken
TEE attestation (HCCE, planned) → root-of-trust typically classical ECDSA/RSA (Shor-break) plus AES-GCM session keys (Grover-weaken)

1c · family diversity 0 / 20

Zero PQ-safe families deployed.

1d · nist security category 4 / 20

No NIST PQC-categorized primitive deployed. Classical primitives at standard 128-bit classical levels.

1e · implementation quality 8 / 20

Library provenance: Ginger-lib (Horizen Labs in-house Rust); HorizenOfficial/Sidechains-SDK (legacy); ZEN node forked from Bitcoin/Zcash lineage. Post-relaunch inherits Base + OP Stack tooling. POSEIDON / lattice-algebraic hash is Tier 4 cryptanalytic maturity. Specific third-party Ginger-lib audits not consistently published. No machine-checked formal verification.

2 Quantum Recovery Exposure weight 10% 31 / 100

Forge subtotal: 23/75 Decrypt subtotal: 8/25

2a · active key exposure 5 / 25

Pre-relaunch ZEN PoW chain used Bitcoin-style P2PKH/P2SH (secp256k1). Post-relaunch ZEN is ERC-20 on Base, every transferring account reveals secp256k1 pubkey on first transaction. EON sidechain (legacy) used standard ECDSA. All actively transacting accounts reveal pubkeys.

2b · cold key exposure 13 / 25

Horizen launched as ZenCash on 2017-05-30; ~108 months of historical balance accumulation. The 2025-07-23 ERC-20 migration to Base requires legacy holders to claim through a dedicated portal, meaning some legacy ZEN remains at unmigrated PoW addresses on classical primitives. Substantial dormant supply across both legacy and migrated states.

2c · sig long term validity 5 / 25

All historical Schnorr/BLS-pairing signatures inside Zendoo SNARKs and all secp256k1 ECDSA on the legacy chain + Base migration are post-Shor forgeable. No PQ attestation layer.

2d · encryption confidentiality hndl 8 / 25

Legacy node P2P used Bitcoin-style transport (libsecp256k1 + AES). HCCE (planned Q1 2026) will use TEE attestation: TEE platform attestation typically uses RSA/ECDSA root-of-trust keys (Shor-break) and AES-GCM session keys (Grover-bounded). No PQ KEM hybrid documented.

3 Metadata, Anonymity & Confidentiality weight 13% 21 / 100

3a · tx graph visibility 5 / 20

Pseudonymous transparent ledger on Base post-relaunch (ERC-20 ZEN). Legacy ZEN PoW chain was Bitcoin-style transparent. HCCE will offer encrypted-state computation in a TEE but is not yet live.

3b · rpc mempool concentration 6 / 20

Post-relaunch ZEN trades on Aerodrome and Uniswap on Base; RPC concentration follows Base (the issuer's node service, Alchemy, Infura). Validator-metadata retention on Base is sequencer-level. No protocol-level retention policy for Horizen-specific contracts.

3c · cross chain bridge correlation 5 / 20

ZEN → Base ERC-20 migration via Horizen-operated claim portal; further cross-chain via standard Base bridges. Linkability between legacy ZEN PoW addresses and migrated ERC-20 holders is high (one-way mapping per claim).

3d · retroactive de anonymization 5 / 20

Shor on the underlying curves (BLS12-377 / Tweedle / secp256k1) reconstructs all historical Schnorr signatures inside Zendoo SNARKs and all ECDSA signatures on the legacy + Base chain. Legacy POSEIDON-based primitives in Ginger-lib do not provide PQ confidentiality.

3e · mixnet shuffle 0 / 20

Legacy ZEN had no on-chain shielded transactions (forked Zcash but disabled shielded-pool functionality in mainline ZEN). Post-relaunch, no on-chain mixer or commit-reveal shuffle on Horizen contracts.

4 Migration Architecture weight 10% 38 / 100

4a · crypto agility 7 / 15

Horizen has demonstrated extreme crypto-agility: full chain relaunch from PoW L1 to EVM L3 on Base (2025-12-10), removal of legacy Zendoo SNARK construction, and ERC-20 token migration via claim portal (2025-07-23). However, none of these moves involved PQ primitives, they were architectural pivots within classical cryptography. No published PQ-agility spec.

4b · aa key rotation 7 / 20

Inherits Base / Ethereum AA (EIP-7702 + ERC-4337). No Horizen-specific PQ AA path documented.

4c · hard fork track record 9 / 15

Multiple coordinated upgrades on legacy ZEN (Sidechains-SDK launch, EON sidechain mainnet October 2023). 2025-07-23 ERC-20 migration and 2025-12-10 Base mainnet relaunch shipped on stated schedule. No contested forks. The relaunch effectively deprecated the legacy chain, heavy-handed but coordinated.

4d · hybrid deployment readiness 0 / 15

No documented hybrid signature composition on legacy ZEN or post-relaunch Horizen-on-Base.

4e · stateful hash state management 15 / 15

No stateful hash scheme deployed. Default 15/15 per v3.1 rule.

4f · bft aggregation path 0 / 20

Legacy ZEN was a PoW chain (no BFT aggregation in the BLS sense). Post-relaunch, Horizen-on-Base inherits Base sequencer model + Ethereum L1 BLS12-381 settlement (Shor-break-via-pairings). No Horizen-specific PQ aggregation declaration.

5 Deployment Execution weight 22% 32 / 100

5a · mainnet pqc traffic pct 0 / 25

Zero. No PQC primitive in mainnet signing traffic on legacy ZEN or post-relaunch Horizen-on-Base.

5b · pqc code in consensus client 0 / 15

No PQ primitive in HorizenOfficial/zen, HorizenOfficial/Sidechains-SDK, or post-relaunch Horizen-on-Base contracts.

5c · validator pqc key adoption 0 / 15

Legacy ZEN PoW miners use SHA-256-based mining (no validator key registration). Post-relaunch, Base sequencer model, no PQ validator keys. EON sidechain validators registered classical keys.

5d · published dated milestones 0 / 10

5a = 0 → 5d voided. No dated PQC milestone with on-chain enforcement published by Horizen Labs.

5e · pqc washing delta 12 / 15

Announced PQC: zero. Shipped PQC: zero. HCCE is positioned as privacy-via-TEE, not PQ. Narrative-honest absence.

5f · signature footprint multiplier 20 / 20

No PQ signatures deployed → no footprint multiplier impact today.

6 Supply Chain Vendor Readiness weight 22% 15 / 100

6a · wallet 3 / 25

Legacy: ZenCash wallet, Ledger HW (legacy ZEN app), Sphere by Horizen. Post-relaunch: MetaMask + Base-compatible wallets. None has a published Horizen-specific PQC roadmap.

6b · bridge 3 / 25

ZEN → Base claim portal (Horizen-operated, one-way), standard Base bridges (canonical, LayerZero, Stargate). No PQC roadmap on any.

6c · custodian 3 / 25

Legacy ZEN supported by Binance, BitGo. Post-relaunch on Base supported via standard Base custody. No Horizen-specific PQC migration timetable.

6d · rpc hsm tee infra 6 / 25

Post-relaunch RPC follows Base (the issuer's node service, Alchemy, Infura). HCCE (Q1 2026 plan) introduces TEE attestation chains as a first-class infrastructure dependency, Intel TDX / SGX / AMD SEV-SNP unspecified in public roadmap. TEE root-of-trust uses classical ECDSA/RSA platform keys. Score reflects HCCE's TEE introduction (a confidentiality-via-hardware claim, not PQ readiness).

7 Governance & Coordination weight 8% 45 / 100

7a · validator stake distribution 8 / 20

Legacy ZEN: PoW mining concentration was modest; secure-node and super-node tiers added stake-like distribution. Post-relaunch on Base: settlement-side decentralization inherited from Base sequencer + Ethereum L1.

7b · upgrade cadence under pressure 14 / 20

ERC-20 migration (2025-07-23) and Base mainnet launch (2025-12-10) shipped on schedule. EON sidechain mainnet (October 2023) shipped to schedule. No contested forks.

7c · named coordination lead 12 / 20

Horizen Labs is named coordination lead (Robert Viglione, founder). Foundation governance is community-driven via the ZEN-IP system. The HCCE roadmap is published with quarterly milestones.

7d · adversarial coordination precedent 11 / 20

Notable history: 2018 ZenCash 51% attack on the legacy PoW chain. The team coordinated a post-attack hard fork to add Modified Satoshi consensus checkpoints, demonstrating crisis-response coordination. (Classical-attack precedent, not PQ.)

7e · canary tripwire mechanism 0 / 20

No published rate-limit canary, no cryptographic tripwire, no Hourglass-equivalent.

X + Y vs Z, when does the math turn against you?

v3.1 demotes the X+Y vs Z timing test to a secondary signal, the headline output is Migration Stage. The timing test still answers the question: can this chain finish migrating before the threat lands?

X, signature shelf life

5–15 years

Y, migration time

8–12 years to Stage 5

Z10 (10% CRQC year)

2030

Z25 (25% CRQC year)

2035

Verdict

X+Y reaches 2034–2043, fully Outside risk window (vs Z25 2035) and Crisis Zone (vs Z10 2030)

Z-compliance

Outside NIST 2030 deprecation window (Schnorr/BLS-pairing legacy + secp256k1 ECDSA on Base)

Source-disagreement disclosure

v3.1 requires every chain card to publish material divergences among authoritative sources, plus the delta-QRI under alternative weighting.

Privacy-focused profile vs L1 profile classification

Industry coverage describes Horizen as a 'privacy-focused chain,' which would invite the privacy-focused-chain scorecard profile (12% Dim 1 weight, Dim 2 5-sub-score breakdown, Dim 3 split into Anonymity + Confidentiality bands). LayerQu reads post-relaunch Horizen as an L1-relaunch-as-L3 transitioning toward TEE-mediated confidentiality (HCCE Q1 2026) rather than a cryptographic privacy chain in the Zcash/Aleo/Aztec sense. This scorecard uses the L1 profile per the v3.1 evaluation framework.