Name: Zcash — LayerQu quantum-readiness scorecard
Creator: LayerQu
License: https://layerqu.com/methodology

ZCASH · privacy-L2 · QRI 14 · BAND 1 Aware-Only Hybrid FAIL · Stage 1 · Washing 0.5x

Zcash users bought anonymous-forever and got anonymous-until-someone-builds-a-big-enough-quantum-computer. Halo 2 proofs over Pallas and Vesta are discrete-log, which means every shielded transaction back to 2016 genesis is a retroactive de-anonymization target. The ECC dev team resigning in January 2026 is the second problem.

inLinkedIn XPost ▼Scorecard JSON ⇆Compare Verified 2026-04-17

Summary

Zcash faces the most severe retroactive de-anonymization risk in the evaluated set. Halo 2 shielded proofs are discrete-log-based (Pallas/Vesta) — fully Shor-breakable. A quantum adversary in 2040+ could retroactively de-anonymize every shielded transaction back to 2016 genesis, linking notes and reconstructing transaction graphs. Privacy commitments that users made assuming 'anonymous forever' have a crypto expiration date. Compounding: ECC dev team resigned Jan 2026, eroding the coordination capacity that would execute a PQ shielded-proof migration. A lattice-based or STARK-based shielded proof would need to be designed, audited, deployed, and migrated to — a multi-year project with uncertain leadership.

What the gates say

Hybrid: FAIL. No hybrid plan on file.
Evidence: PASS. Sources reconstructable by third party.
Primitive naming: PASS. Named primitives at every scored sub-level.

Burn-vs-rescue policy on file

none-ratified; shielded de-anon cannot be prevented retroactively — only forward-looking pools can gain PQ privacy

Seven dimensions

Each dimension scores 0-100 internally; the weighted roll-up produces the QRI on the left. Open a row to read the sub-score detail.

1 Cryptographic Exposure 38 / 100

1a_primitive_inventory 13 / 20

Shielded pools use Pallas/Vesta via Halo 2 (no trusted setup); transparent addresses use ECDSA.

Primitives: ECDSA secp256k1 (transparent addresses) · JubJub (Sapling shielded addrs) · Pallas/Vesta (Orchard shielded, Halo 2) · Halo 2 (recursion-friendly PLONK) · Pedersen hashing (shielded commitment) · SHA-256 (transparent)

Evidence:

1b_shor_grover_pq_tag 8 / 20

1c_algorithm_family_diversity 3 / 20

Multiple EC families but all classical.

1d_nist_security_category 6 / 20

1e_implementation_quality 8 / 20

2 HNDL Exposure 18 / 100

2a_active_key_exposure 5 / 20

Shielded users rely on privacy guarantee; pubkeys not necessarily exposed for shielded-only users.

2b_cold_key_exposure 4 / 20

~9 years mainnet; shielded + transparent pools both long-lived.

2c_signature_longterm_validity 5 / 20

Transparent ECDSA sigs historically forgeable post-Shor.

2d_encryption_confidentiality 4 / 20

Standard TLS + in-viewing-key encryption; no PQ KEM.

3 Metadata & Privacy Exposure 25 / 100

3a_tx_graph_visibility 5 / 20

Shielded pool hides tx graph today BUT only because proofs are unbreakable under classical assumptions.

3b_rpc_mempool_concentration 6 / 20

zcashd + zebrad node operators; Electric Coin Company (ECC) and ZF as primary.

3c_cross_chain_bridge_correlation 6 / 20

Shielded pool isolates from bridge correlation; shielded-to-transparent hops leak metadata.

3d_retroactive_deanon_risk 8 / 20

CRITICAL: Halo 2 (Pallas/Vesta) is discrete-log-based and Shor-breakable. A capable quantum adversary in the future could RETROACTIVELY DE-ANONYMIZE every shielded Zcash transaction back to genesis by reconstructing proofs and linking notes. This is the strongest retroactive-deanon risk in the evaluated privacy-L2 category because the privacy guarantee itself is crypto-conditional. This is the single most significant structural finding in the LayerQu batch.

4 Migration Architecture 35 / 100

4a_crypto_agility 10 / 20

Multi-pool architecture (Sprout-Sapling-Orchard) demonstrates historical cryptosystem migration capacity. New pool addition is the migration primitive.

4b_account_abstraction_key_rotation 8 / 20

Viewing keys + spending keys architecture; shielded key rotation possible via new pool.

4c_hard_fork_track_record 9 / 20

NU1-NU5 network upgrades executed (Sprout, Sapling, Blossom, Heartwood, Canopy, NU5). ECC-led coordination.

4d_hybrid_deployment_readiness 8 / 20

No PQ shielded-proof roadmap ratified. Research (lattice-based SNARKs, STARK-over-Pallas variants) referenced but not shipped. **ECC dev team resigned Jan 2026** — significant coordination disruption.

5 Deployment Execution 5 / 100

5a_mainnet_pqc_pct 0 / 20

Zero PQC on mainnet. Halo 2 is classical zk-SNARK.

5b_pqc_code_in_client 1 / 20

No PQ code in zcashd/zebrad mainnet branches; research discussions only.

5c_validator_pqc_adoption 0 / 20

Zero PQ miners (PoW).

5d_published_milestones_count 2 / 20

Milestone: forum discussion of post-quantum Zcash (2024-2025); no deliverable.

5e_pqc_washing_delta 2 / 20

Low: honest silence, some research talk.

6 Supply Chain Vendor Readiness 10 / 100

6a_wallet 2 / 20

6b_bridge 2 / 20

6c_custodian 3 / 20

6d_rpc_hsm 3 / 20

7 Governance & Coordination 35 / 100

7a_validator_stake_distribution 10 / 20

PoW mining; F2Pool, Binance Pool dominate.

7b_upgrade_cadence_under_pressure 9 / 20

Network upgrade cadence historically smooth; next NU uncertain post-ECC resignation.

7c_named_coordination_lead 8 / 20

Named: Zooko Wilcox (former ECC), ECC (depleted), Zcash Foundation, ZCG. Lead team resigned Jan 2026 = coordination capacity compromised.

7d_adversarial_coordination_precedent 8 / 20

Dev fund governance disputes; ECC dev team resignation Jan 2026 = adversarial internal precedent.

The X + Y vs Z inequality

X (data shelf life): FOREVER (retroactive shielded de-anon — privacy commitments must hold indefinitely)

Y (migration time): 5-10 (ECC team disruption adds 2-3y)

Z10 (10% CRQC year): 2036 · Z50 (50%): 2041

Verdict: X+Y > Z (danger).

Four-scenario grid

Scenario	Value preserved	Privacy preserved
quantum never	100%	100%
arrives suddenly pre migration	15%	0%
arrives slowly post migration	55%	10%
arrives slowly mid migration	30%	5%

Peers in the privacy-L2 profile

Order-book view of the 5 chains closest to Zcash by QRI.

Public artifacts used for this scorecard

Each entry below is a sub-score citation. Clicking the link takes you to the public source. A third party should be able to reconstruct every number on this page from these URLs in 48 hours.

Cryptographic Exposure · 1a_primitive_inventory

Shielded pools use Pallas/Vesta via Halo 2 (no trusted setup); transparent addresses use ECDSA.

v1:chainscreen-v1-archive/data/chains/zcash.json

Supply chain snapshot

wallet Zashi (ECC) · YWallet · Ledger (transparent only) 0 PQC roadmaps

bridge zIBC (research) · limited · none mainstream 0 PQC roadmaps

custodian Coinbase (transparent) · Kraken · Binance 0 PQC roadmaps

rpc_hsm ZF nodes · zcashd operators · limited 0 PQC roadmaps

A chain's supply chain cannot migrate faster than its slowest dependency. Zero PQC roadmaps in any of the four categories is a structural blocker, not a lagging indicator.

Analyst notes on the scoring

Stage 1. Single most important PQ finding in LayerQu batch: privacy-coin users face FUTURE privacy loss today from quantum adversaries that do not yet exist. X horizon = forever (not merely shelf-life of sigs). Preskill cap applied for leadership disruption. Privacy-L2 scorecard weights elevate metadata/privacy dim (0.25) vs L1 (0.13), appropriately surfacing this risk.

Scorecard metadata

Profile: privacy-L2
Scored: 2026-04-17 by layerqu-v2-scoring-agent-5
v1 reference: chainscreen-v1-archive
QRI raw: 18 · after caps: 14
Confidence interval: ±6
PQC washing ratio: 0.5x
Burn-vs-rescue: none-ratified; shielded de-anon cannot be prevented retroactively — only forward-looking pools can gain PQ privacy

Caps triggered

mosca_cap_60 (5a=0)
sutor_cap_50
preskill_cap_40 (ECC dev team resignation disrupts coordination)