Quantum Readiness Index (draft v3.1)
Methodology
How QRI reports are generated, scored, and interpreted.
QRI evaluates how prepared a blockchain project is for quantum-era cryptographic risk. Each report is an evidence-based assessment of the production scope being evaluated, not a rating of market quality, adoption, decentralization, or general project merit.
The methodology is designed to separate current, verifiable protection from roadmap claims. A project can receive credit for public designs, prototypes, testnets, optional mainnet support, or complete production coverage, but the score reflects the strongest implementation level supported by available evidence.
Report workflow
From project evidence to published QRI report
-
1
Define Scope
Identify the project, evaluated network or asset, and applicable blockchain layers.
-
2
Gather Evidence
Build a timestamped dossier from public sources, code, documentation, audits, and project materials.
-
3
Classify Claims
Separate production facts, testnet work, specifications, roadmaps, assurance caveats, and unsupported statements.
-
4
Score Factors
Apply the QRI rubric across applicable signature, consensus, bridge, migration, and exposure factors.
-
5
Apply Caps
Limit the final score when stage caps, unresolved blockers, or quantum-critical uncertainty require it.
-
6
Publish Report
Show the score with stage, confidence, tags, blockers, assurance notes, evidence, and review status.
What QRI Scores
The numeric QRI score measures current quantum-attack readiness for the evaluated production scope. It asks whether critical assets, signatures, consensus paths, bridges, exposed keys, and migration mechanisms are protected by post-quantum or hybrid post-quantum controls where those controls are applicable.
Every score is published with context:
- A 0-100 QRI score.
- A readiness stage and public stage label.
- Readiness tags such as PQ-Native, Hybrid-PQ, Partial Protection, PQ-Recoverable, Roadmap Only, or Not Assessed.
- A confidence level describing evidence quality.
- Critical quantum blockers that cap or materially constrain the score.
- Assurance and review notes for audit scope, reproducibility, operational caveats, and other non-score context.
- A user urgency status such as Monitor for Updates, Migration Required, or No Action Needed.
Evidence Handling
Reports begin with an evidence-gathering step that assembles a timestamped source dossier. The dossier may include project documentation, repositories, protocol specifications, public audit reports, standards references, explorer data, governance posts, and other verifiable public materials.
Evidence affects the score only when it changes what can be verified. If a project claims complete post-quantum protection but public sources only support a design proposal, the implementation score is lowered to the proposal level. If missing evidence prevents verification of a quantum-critical property, the report may also apply a readiness or risk cap.
Evidence confidence is reported separately from the QRI score. A verifiable implementation can score well even if assurance documentation is incomplete, while unsupported marketing language receives little or no implementation credit.
Scoring Model
QRI uses normalized applicable-layer scoring. Each category receives credit only for subfactors that apply to the evaluated project architecture. A layer can be marked not applicable when the architecture genuinely lacks that function, or satisfied by design when the vulnerable path is eliminated and the design claim is supported by evidence.
The final score is constrained by three checks:
QRI Score = min(Stage Cap, Readiness & Risk Cap, Factor Score)
The factor score reflects earned points across the rubric. Stage caps prevent roadmap-only or partial implementations from scoring as if migration were complete. Readiness and risk caps prevent unresolved quantum-critical issues from being hidden inside an otherwise favorable average.
Readiness Stages
| Stage | Label | Meaning |
|---|---|---|
| 0 | Not Assessed | No usable evidence or evaluation is available. |
| 1 | Quantum Risk Assessed | Quantum risk is acknowledged or assessed, but there is no meaningful production protection. |
| 2 | Mitigation / Development | Mitigation design, prototype, public proposal, or testnet work exists, but it does not materially protect production users. |
| 3 | Migration Live | Meaningful production protection or migration is live, but coverage, enforcement, or quantum-critical layers remain incomplete. |
| 4 | Migration Complete / Quantum-Ready | Critical applicable layers are protected and migration is complete, or complete by design, for the evaluated production scope. |
Confidence And Assurance
Confidence describes how reliable the evidence is for the evaluated quantum-readiness claim. High confidence typically requires strong public support such as mainnet evidence, reproducible code or data, and relevant independent review. Medium confidence may be appropriate when the quantum-critical behavior is verifiable but audit coverage is stale, limited, or absent. Low, Very Low, or None confidence is used when evidence depends on proposals, prototypes, unsubstantiated statements, or missing sources.
Assurance notes are not automatic score deductions. Audit freshness, benchmark availability, disclosure process, exchange coordination, and operational documentation are recorded as context unless they make a quantum-critical claim unverifiable or preserve a realistic quantum-enabled attack path.
Report Status
Generated reports are treated as evidence-assisted drafts unless they are marked reviewed or published. Public report pages preserve the model IDs, evidence context, confidence level, blockers, and review status so readers can distinguish the score from the reliability of the supporting record.