Pre-release notice:
The Quantum Readiness Index is still being reviewed and refined. Reports may include rough edges, including incomplete and/or incorrect coverage.

Quantum Readiness Index (draft v3.1)

Methodology

How QRI reports are generated, scored, and interpreted.

QRI evaluates how prepared a blockchain project is for quantum-era cryptographic risk. Each report is an evidence-based assessment of the production scope being evaluated, not a rating of market quality, adoption, decentralization, or general project merit.

The methodology is designed to separate current, verifiable protection from roadmap claims. A project can receive credit for public designs, prototypes, testnets, optional mainnet support, or complete production coverage, but the score reflects the strongest implementation level supported by available evidence.

Report workflow

From project evidence to published QRI report

  1. 1 Define Scope

    Identify the project, evaluated network or asset, and applicable blockchain layers.

  2. 2 Gather Evidence

    Build a timestamped dossier from public sources, code, documentation, audits, and project materials.

  3. 3 Classify Claims

    Separate production facts, testnet work, specifications, roadmaps, assurance caveats, and unsupported statements.

  4. 4 Score Factors

    Apply the QRI rubric across applicable signature, consensus, bridge, migration, and exposure factors.

  5. 5 Apply Caps

    Limit the final score when stage caps, unresolved blockers, or quantum-critical uncertainty require it.

  6. 6 Publish Report

    Show the score with stage, confidence, tags, blockers, assurance notes, evidence, and review status.

What QRI Scores

The numeric QRI score measures current quantum-attack readiness for the evaluated production scope. It asks whether critical assets, signatures, consensus paths, bridges, exposed keys, and migration mechanisms are protected by post-quantum or hybrid post-quantum controls where those controls are applicable.

Every score is published with context:

Evidence Handling

Reports begin with an evidence-gathering step that assembles a timestamped source dossier. The dossier may include project documentation, repositories, protocol specifications, public audit reports, standards references, explorer data, governance posts, and other verifiable public materials.

Evidence affects the score only when it changes what can be verified. If a project claims complete post-quantum protection but public sources only support a design proposal, the implementation score is lowered to the proposal level. If missing evidence prevents verification of a quantum-critical property, the report may also apply a readiness or risk cap.

Evidence confidence is reported separately from the QRI score. A verifiable implementation can score well even if assurance documentation is incomplete, while unsupported marketing language receives little or no implementation credit.

Scoring Model

QRI uses normalized applicable-layer scoring. Each category receives credit only for subfactors that apply to the evaluated project architecture. A layer can be marked not applicable when the architecture genuinely lacks that function, or satisfied by design when the vulnerable path is eliminated and the design claim is supported by evidence.

The final score is constrained by three checks:

QRI Score = min(Stage Cap, Readiness & Risk Cap, Factor Score)

The factor score reflects earned points across the rubric. Stage caps prevent roadmap-only or partial implementations from scoring as if migration were complete. Readiness and risk caps prevent unresolved quantum-critical issues from being hidden inside an otherwise favorable average.

Readiness Stages

Stage Label Meaning
0 Not Assessed No usable evidence or evaluation is available.
1 Quantum Risk Assessed Quantum risk is acknowledged or assessed, but there is no meaningful production protection.
2 Mitigation / Development Mitigation design, prototype, public proposal, or testnet work exists, but it does not materially protect production users.
3 Migration Live Meaningful production protection or migration is live, but coverage, enforcement, or quantum-critical layers remain incomplete.
4 Migration Complete / Quantum-Ready Critical applicable layers are protected and migration is complete, or complete by design, for the evaluated production scope.

Confidence And Assurance

Confidence describes how reliable the evidence is for the evaluated quantum-readiness claim. High confidence typically requires strong public support such as mainnet evidence, reproducible code or data, and relevant independent review. Medium confidence may be appropriate when the quantum-critical behavior is verifiable but audit coverage is stale, limited, or absent. Low, Very Low, or None confidence is used when evidence depends on proposals, prototypes, unsubstantiated statements, or missing sources.

Assurance notes are not automatic score deductions. Audit freshness, benchmark availability, disclosure process, exchange coordination, and operational documentation are recorded as context unless they make a quantum-critical claim unverifiable or preserve a realistic quantum-enabled attack path.

Report Status

Generated reports are treated as evidence-assisted drafts unless they are marked reviewed or published. Public report pages preserve the model IDs, evidence context, confidence level, blockers, and review status so readers can distinguish the score from the reliability of the supporting record.