A score you can defend in a meeting
Readers who spend their week looking at dashboards know one thing: most scorecards are built to please, not to be cross-examined. LayerQu is built for the second case. Every number must reconstruct from public artifacts in 48 hours by a third party. If it cannot, we do not publish it.
Most quantum readiness reports flatter the chains that commissioned them. This one does not: we commissioned none, and the foundations that are best-prepared are the ones willing to read a low score and still send their engineers to the comment thread. The grown-ups self-identify.
Five principles
- Public artifacts only. GitHub commits, governance proposals, audit reports, conference talks, peer-reviewed papers. No private interviews on the scoring path.
- Primitives named, not categories. Not "signatures." ECDSA secp256k1. Not "ZK." Groth16-KZG.
- Hybrid is mandatory. Stage 5 is hybrid-PQ, not pure-PQ. Monoculture risk matters more than elegance.
- Washing discount. Chains that talk more than they ship get penalized, not rewarded.
- Independence. No paid listings, no sponsored upgrades, no chain foundations on the reviewer list.
The seven dimensions
Seven dimensions score each chain on a 0-20 scale. Each profile (L1, rollup-L2, privacy-L2) uses a different weight mix: rollup-L2s inherit L1 risk, privacy-L2s carry retroactive de-anonymization risk that L1s do not. The exact weight profiles are part of the v2 specification available to subscribers.
- 1. Cryptographic Exposure. Named primitives on the signing, consensus, and commitment paths.
- 2. HNDL Exposure. Harvest-now, decrypt-later risk across on-chain and adjacent channels.
- 3. Metadata & Privacy Exposure. Retroactive deanonymization surface.
- 4. Migration Architecture. Path to hybrid-PQ without a contentious hard fork.
- 5. Deployment Execution. Shipped code versus published research.
- 6. Supply Chain Vendor Readiness. Clients, wallets, HSMs, PQC vendor coverage.
- 7. Governance & Coordination. Upgrade history under adversarial pressure.
Scoring 0-20
A dimension is scored from 0 (unaware, no evidence) to 20 (hybrid deployment in production with post-migration audit). The useful reference points are:
0-4Unaware · no public artifacts.5-8Acknowledged · blog post or forum thread, no design.9-12Planned · formal proposal or RFC circulating.13-16Prototyped · testnet implementation or partial mainnet.17-20Deployed · mainnet hybrid with audit trail.
Scorecard A: Gates
Three binary gates. A chain can fail a gate and still score well. The point of gates is not to rank; the point is to flag.
| Gate | PASS condition | Failure signal |
|---|---|---|
| Hybrid | Hybrid PQC design (not pure-PQ, not no-PQ) | Monoculture risk · or no plan at all |
| Mosca Safe | X + Y < Z50 | You have to migrate before you can |
| Stage ≥ 2 | Planning or beyond | Chain has not started |
Scorecard B: Caps
Caps punish structural issues that scoring alone understates: a washing adjustment for chains that talk more than they ship, a coordination ceiling for chains without upgrade history, and a privacy ceiling for privacy-L2s without a forward-secrecy story. Specific multipliers, thresholds, and ceilings are part of the v2 specification available to subscribers.
Scorecard C: Bands
QRI is an index in [0, 100]. Bands compress the number into a qualitative summary readers can quote without misrepresenting.
| Band | QRI | Label |
|---|---|---|
| 0 | 0-4 | Unaware |
| 1 | 5-12 | Aware |
| 2 | 13-24 | Acknowledged |
| 3 | 25-36 | Planning |
| 4 | 37-48 | Transitioning |
| 5 | 49-72 | Prototyped |
| 6 | 73-100 | Deployed |
The Mosca theorem
Michele Mosca, 2015: if X + Y > Z, you have a problem.
Xis how long your data must stay secret.Yis how long migration takes.Zis how long until a cryptographically relevant quantum computer exists.
The pleasant version of this inequality is the chains that satisfy it. The unpleasant version is the dozens of chains on our dashboard that do not.
Z50 horizon
We set Z50 = 2041, the 50% probability horizon for a CRQC. This is not the number we quote to the press; this is the number we use to stress-test migration plans. It comes from the Global Risk Institute's expert survey, the NSA CNSA 2.0 guidance, and the consensus range cited in the peer-reviewed literature through 2026.
A chain that assumes Z = 2055 because it sounds calmer is not doing risk management, it is doing comfort management. Two different activities.
The reconstruction test
Each published score must reconstruct from public evidence in 48 hours by a third party who has never spoken to us. If a reviewer flags a non-reconstructable score, we retract the score and keep the flag. That is the cost of credibility. It is also the whole product.
LayerQu v2 methodology · ratified 2026-04-17 · supersedes ChainScreen v1 · next review 2026-10-17.