L2 network token
Arbitrum ARB
Arbitrum is a Stage 1 (Quantum Risk Assessed) optimistic rollup on Ethereum with no post-quantum protection in production. All critical cryptographic layers — spend authorization (ECDSA secp256k1), sequencer batch posting (ECDSA), canonical bridge settlement (ECDSA/L1-dependent), AnyTrust data availability (BLS12-381), and governance (ECDSA) — remain entirely quantum-vulnerable. Application-layer PQC is technically feasible via ERC-4337 account abstraction and Stylus WASM contracts, but this is opt-in, unaudited for production, and does not protect the base protocol, existing EOAs with exposed public keys, bridge escrow, or L1 settlement. Arbitrum/Offchain Labs has published no quantum risk assessment, cryptographic inventory, or migration roadmap. The QRI Score of 3 reflects minimal credit for publicly documented cryptography (enabling external quantum risk assessment) and negligible migration coverage (<25% of value-at-risk protected). The project is capped at Stage 1 (max 20) and further constrained by the ECC-only spend authorization cap (max 40). Full quantum readiness would require coordinated upgrades across Arbitrum L2, the canonical bridge, and Ethereum L1 settlement.
Quantum-VulnerableECC-Only Spend AuthorizationBridge-Dependent on Non-PQ L1Application-Layer PQC Capability (Opt-In Only)
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
1.75 / 5
Critical Quantum Blockers
- Active production spend authorization remains entirely ECDSA secp256k1-only (Readiness & Risk Cap: 40)
- Two-way canonical bridge allows unrestricted value flow between Arbitrum L2 and quantum-vulnerable Ethereum L1 (Readiness & Risk Cap: 50)
- All bridged value (entire L2 TVL) is escrowed in L1 bridge contracts secured by ECDSA-based governance and upgrade mechanisms
- Sequencer (centralized, Offchain Labs) uses ECDSA keys for batch posting and transaction ordering
- AnyTrust DAC uses BLS12-381 signatures for Data Availability Certificates; quantum-vulnerable with 2-of-N trust assumption
- No public quantum risk assessment, cryptographic inventory, or migration roadmap published by Arbitrum/Offchain Labs
Key Risks
- All Arbitrum EOAs that have ever sent a transaction have exposed secp256k1 public keys on L2 and/or L1. A CRQC can derive private keys from these exposed public keys with no time constraint (long-exposure at-rest attack).
- The canonical token bridge escrows all L2 backing value in L1 contracts. Bridge admin keys (ECDSA multisig) control upgrade and pause functionality. Compromise of L1 bridge admin keys — whether via quantum attack on exposed signer keys or classical exploit — could drain all bridged assets.
- Arbitrum's security model is fundamentally tied to Ethereum L1. Even if Arbitrum L2 were PQ-secured, Ethereum L1's ECDSA (accounts), BLS (validators), and KZG (data availability) vulnerabilities would still threaten settlement finality, fraud-proof confirmation, and bridge security.
- AnyTrust chains (Arbitrum Nova) use BLS12-381 aggregated signatures for Data Availability Certificates with a 2-of-N honesty assumption. A quantum attacker deriving BLS private keys for 2 committee members could forge DACerts, potentially enabling data withholding attacks.
- The centralized sequencer (Offchain Labs) signs batch posts with ECDSA keys. Sequencer key compromise via quantum attack could enable transaction censorship, reordering, or fraudulent batch submission during the challenge window.
- No migration path exists for users with exposed ECDSA public keys. Unlike Bitcoin's P2PKH (hash-protected until spend), Ethereum's account model exposes public keys on first transaction, making all active EOAs vulnerable to offline key recovery.
- Optimism has published a 10-year ECDSA deprecation roadmap (January 2026); Arbitrum has not published any comparable plan. This creates uncertainty about whether and when Arbitrum will address quantum vulnerabilities, potentially leaving users with no migration timeline.
Assurance Notes
- Classical security audits are current: Trail of Bits audited Nitro v3.2.0 and DVP through Feb 2026; OpenZeppelin, Consensys Diligence, and other firms have audited bridge contracts, BoLD, Stylus, and governance contracts. No quantum-specific audit exists for any component.
- Arbitrum/Offchain Labs has not published a quantum risk assessment, cryptographic inventory for quantum purposes, or post-quantum migration roadmap. All quantum-vulnerability findings are based on external analysis of public documentation, source code, and protocol design.
- The canonical token bridge between Arbitrum and Ethereum L1 is controlled by upgradeable proxy contracts governed by the Arbitrum DAO and Security Council. Bridge escrow holds all L2 backing value on L1. Admin key compromise (classical ECDSA multisig) could drain bridge funds independently of quantum attack.
- AnyTrust mode (Arbitrum Nova) uses BLS12-381 aggregated signatures for Data Availability Certificates. BLS is quantum-vulnerable; a quantum attacker compromising 2-of-N DAC members could forge DACerts and disrupt data availability.
- ERC-4337 Account Abstraction is live on Arbitrum and third-party proofs-of-concept demonstrate ML-DSA-65 verification via Stylus WASM contracts. This is purely application-layer, opt-in, unaudited for production, and does not protect the base protocol, sequencer, bridge, or existing EOAs.
- Arbitrum inherits Ethereum L1 quantum vulnerabilities for settlement, fraud-proof confirmation, and bridge security. Even if Arbitrum L2 were hypothetically PQ-secured, the L1 bridge escrow and settlement layer would remain quantum-vulnerable.
- LayerQu (v3.1.0 methodology, 2026-05-01) rates Arbitrum One as Migration Stage 0 (Unaware), QRI 26/100, Crisis Zone. The LayerQu score differs from this QRI evaluation due to methodological differences in subfactor weighting and cap application.
Non-Scoring Caveats
- ERC-4337 Account Abstraction and Stylus WASM contracts provide application-layer infrastructure that third parties can use to deploy PQ-secure smart contract wallets. This does not protect the base protocol, existing EOAs with exposed public keys, the sequencer, the bridge, or L1 settlement.
- Third-party POC (multivmlabs/pq-smart-wallet, 2026) demonstrates ML-DSA-65 verification on Arbitrum Stylus at ~374K gas. This is unaudited, uses RC crate dependencies, and is not production-ready.
- No formal quantum-specific incident-response playbook exists; general security council and governance processes exist but are not quantum-aware.
- Arbitrum DAO governance (ARB token voting, Security Council) uses ECDSA for proposal submission and voting. A quantum attacker could compromise governance if delegate keys are exposed.
- Audit reports are classical in scope and do not evaluate quantum resistance of any cryptographic primitive.
- LayerQu (2026-05-01) rates Arbitrum as Migration Stage 0 (Unaware) with QRI 26/100. This external assessment uses different methodology and weighting but confirms the same fundamental quantum-vulnerability profile.
- Ethereum L1 is actively working on post-quantum migration (Lean Ethereum roadmap targeting ~2029 for core PQ infrastructure). Arbitrum will likely follow Ethereum's lead but no independent L2-specific plan exists.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: Arbitrum documentation and source code describe ECDSA secp256k1 for transactions/accounts and BLS12-381 for AnyTrust DAC signatures; no quantum threat model published.
Coverage basis: Public documentation and source code inventory classical cryptographic mechanisms; no quantum-specific threat model exists.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No project-published quantum threat model or risk assessment exists
Assurance: Cryptographic mechanisms are well-documented in official sources. Absence of quantum threat model is confirmed by exhaustive search of docs.arbitrum.io, GitHub repositories, and Arbitrum DAO governance forum.
External analysis (LayerQu, BMIC, academic papers) provides effective quantum risk assessment based on public documentation. The project itself has not published any quantum-specific analysis.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: Source code (Nitro, token-bridge-contracts), protocol specification (Nitro whitepaper), audit reports, and third-party analysis are publicly available.
Coverage basis: Public GitHub repositories, published audit reports, and independent third-party analyses document classical cryptography usage.
Implementation score: 0.5 · Evidence confidence: High
Issue classification: none · Score treatment: note-only
Assurance: Audits (Trail of Bits through Feb 2026, OpenZeppelin, Consensys Diligence) are current for classical security scope. No quantum-specific audit exists. Third-party quantum assessments (LayerQu, BMIC) are secondary sources but consistent with primary evidence.
The public evidence record is sufficient for external evaluators to assess quantum vulnerability even though the project has not published its own quantum assessment.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: Arbitrum uses ECDSA secp256k1 for all externally owned account (EOA) transaction signatures, inherited from Ethereum's account model.
Coverage basis: All production transactions on Arbitrum One and Nova require ECDSA secp256k1 signatures for EOAs.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Active production spend authorization remains entirely ECDSA-only
Assurance: ECDSA usage is confirmed in Nitro source code (Geth fork), protocol documentation, and all audit reports. No PQC or hybrid-PQC signature path exists on mainnet.
ERC-4337 smart contract accounts can theoretically use PQ signatures, but this is opt-in, not default, and applies only to new smart contract wallets, not existing EOAs.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: Ethereum account model exposes secp256k1 public keys on first transaction. All EOAs that have sent transactions have exposed public keys vulnerable to offline Shor's algorithm attacks.
Coverage basis: All transacted EOAs on Arbitrum One and Nova have exposed public keys. Per Etherscan/Arbiscan, millions of addresses have sent transactions.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Long-exposure quantum-vulnerable public keys exist for all transacted EOAs with no migration or deprecation path
Assurance: The Ethereum account model's public-key exposure properties are well-understood and documented in academic literature. All EOAs that have sent ≥1 transaction have recoverable public keys in transaction signatures.
Unlike Bitcoin P2PKH (hash-protected until spend), Ethereum/Arbitrum EOAs expose public keys on first transaction, making them vulnerable to offline at-rest attacks immediately after first use.
Production Cryptographic Protection
Consensus-critical authentication
Claim: Arbitrum uses a centralized sequencer (Offchain Labs) with ECDSA keys for batch posting. BoLD validation protocol uses classical cryptography. AnyTrust DAC uses BLS12-381 aggregated signatures.
Coverage basis: Sequencer batch posting to L1 SequencerInbox contract uses ECDSA-signed transactions. AnyTrust DACerts use BLS12-381 over BLS12-381 curve.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Sequencer uses ECDSA keys; AnyTrust DAC uses BLS12-381; both quantum-vulnerable
Assurance: SequencerInbox.sol source code confirms batch poster authorization model. Nitro whitepaper Section 7 documents BLS12-381 usage for AnyTrust DACerts. No PQ alternative exists.
The sequencer is currently centralized (Offchain Labs). Transition to distributed sequencing is planned but not yet implemented. BoLD permissionless validation was activated but relies on classical cryptography for bond posting and dispute resolution.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Data availability relies on Ethereum L1 (EIP-4844 blobs with KZG commitments, or calldata). AnyTrust mode uses BLS-signed DACerts. Fraud proofs rely on deterministic execution replay.
Coverage basis: EIP-4844 KZG commitments are quantum-vulnerable (pairing-based). AnyTrust DACerts use BLS12-381. Fraud-proof correctness depends on L1 settlement finality.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: KZG commitments (EIP-4844) and BLS DACerts are quantum-vulnerable; DA and state-integrity depend on L1 quantum-vulnerable primitives
Assurance: Arbitrum's DA and state-integrity mechanisms are documented in the Nitro whitepaper and source code. Quantum vulnerability of KZG and BLS is well-established in cryptographic literature.
Fraud-proof correctness depends on L1 settlement finality, which in turn depends on Ethereum's quantum-vulnerable validator BLS signatures and KZG commitments.
Production Cryptographic Protection
Privacy and proof layers
Claim: Arbitrum has no native privacy layer or shielded transaction pool.
Coverage basis: Arbitrum does not implement shielded transactions, confidential assets, or zero-knowledge privacy features at the protocol level.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Third-party privacy applications on Arbitrum would have their own quantum-vulnerability profile separate from this base-protocol evaluation.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: Nitro nodes use standard Ethereum P2P networking (devp2p) with classical cryptography for node identity and peer authentication.
Coverage basis: Nitro forks Geth and inherits its P2P stack including ECDSA-based node identities (enode addresses) and RLPAx transport.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: P2P node identity is not directly spend, bridge, or custody-critical. Compromise would enable eclipse attacks or transaction censorship but not direct asset theft. Scored as note-only per QRI v3.1 P2P guidance.
P2P layer quantum vulnerability is secondary to spend authorization and bridge vulnerabilities. Node identity compromise would require active network-level attacks rather than offline key recovery.
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: No production PQ wallet, custody, or HSM path exists for Arbitrum. Existing wallets (MetaMask, Rabby, etc.) use ECDSA exclusively.
Coverage basis: All production Arbitrum wallets and custody solutions use ECDSA secp256k1 for key generation and signing.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Third-party PQ smart wallet POCs exist (multivmlabs/pq-smart-wallet) but are unaudited, use RC dependencies, and are not production-ready. No hardware wallet supports PQ signing for Arbitrum.
ERC-4337 and Stylus provide infrastructure for future PQ wallet support but no production path exists today.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: Essentially 0% of Arbitrum's value-at-risk is protected from quantum key-recovery attacks. All L2 TVL, bridged assets, and native ARB tokens are controlled by ECDSA keys.
Coverage basis: Arbitrum One TVL (approximately $2-3B as of mid-2026 per L2Beat/DefiLlama) plus Arbitrum Nova TVL. All value controlled by ECDSA-based EOAs or smart contracts with ECDSA admin keys.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path
Assurance: Value-at-risk is estimated from public L2 analytics. Exact coverage is unmeasurable because no PQ migration has begun and no vulnerable-value inventory has been published. All value controlled by transacted EOAs, exposed multisigs, and bridge admin keys is at risk.
<25% coverage qualifies for Score 1 per QRI v3.1 coverage thresholds. In practice coverage is near 0% since no production PQC protection exists.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations, major protocols) on Arbitrum have migrated to PQ protection.
Coverage basis: Arbitrum Foundation treasury, DAO treasury, bridge admin multisigs, sequencer keys, and major DeFi protocol admin keys all use ECDSA.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Major value pools (bridge escrow, DAO treasury, foundation wallets) remain quantum-vulnerable with no migration path
Assurance: Bridge admin and DAO treasury addresses are publicly documented. No evidence of PQ key migration for any critical wallet.
The Arbitrum Security Council (12-member multisig) and DAO governance contracts control protocol upgrades and bridge parameters. All use ECDSA.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable accounts has been performed.
Coverage basis: No public inventory of vulnerable EOAs, exposed public keys, or at-risk value pools exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Absence of vulnerable-account inventory is confirmed by exhaustive search of Arbitrum documentation, governance forum, and GitHub repositories.
The Ethereum account model makes identification straightforward in principle (all EOAs with ≥1 transaction have exposed keys), but no project-led effort has been undertaken.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: Arbitrum/Offchain Labs has published no post-quantum migration roadmap, ECDSA deprecation timeline, or PQ upgrade plan.
Coverage basis: Exhaustive search of docs.arbitrum.io, arbitrum.foundation, governance forum, and Offchain Labs GitHub repositories yields no PQ roadmap.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public migration roadmap; contrast with Optimism's published 10-year ECDSA deprecation plan (January 2026)
Assurance: Secondary sources (BlockEden, Medium research) confirm Arbitrum has not published a PQ roadmap. Optimism's January 2026 roadmap provides a peer-L2 contrast.
Arbitrum will likely need to align with Ethereum L1's PQC roadmap for bridge settlement and fraud-proof security. No independent L2-specific plan exists.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ migration tooling, wallet paths, user education, or migration prompts exist. ERC-4337 and Stylus provide infrastructure but no migration mechanism.
Coverage basis: No PQ account creation, transaction paths, custody paths, or user-facing warnings exist in production.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: ERC-4337 bundlers (Alto, Pimlico, etc.) are operational on Arbitrum. Stylus is live (ArbOS 31 Bianca). But these are general-purpose infrastructure, not PQ migration tooling.
The existence of ERC-4337 and Stylus means application-layer PQC migration is technically feasible without protocol changes. However, no migration tooling, defaults, or user education exists.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms (deprecation, freeze, disabled legacy signing, restricted withdrawals, mandatory migration deadlines) exist.
Coverage basis: All ECDSA-based transactions remain fully valid and unrestricted. No quantum-aware access controls exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Arbitrum DAO governance could theoretically enact migration enforcement, but no proposal has been made or discussed.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: Arbitrum has a Security Council, bug bounty program, and governance process, but no quantum-specific incident-response playbook or disclosure process.
Coverage basis: The Arbitrum Security Council can enact emergency upgrades. The bug bounty program covers smart contract and protocol vulnerabilities. Neither addresses quantum-specific scenarios.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The Security Council provides an emergency response mechanism that could theoretically respond to quantum threats, but no quantum-specific planning, scenarios, or playbooks have been developed. Scored as note-only per QRI v3.1: absence of a formal quantum-specific IR playbook is an assurance caveat, not a QRI Score deduction.
General incident-response capability exists through the Security Council's emergency upgrade powers and the bug bounty program.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: Arbitrum does not use any PQC or hybrid-PQC algorithms in production. All cryptography is classical (ECDSA, BLS, Keccak-256).
Coverage basis: No PQC algorithm deployment in Nitro, bridge contracts, or any production component.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Third-party POCs use ML-DSA-65 (FIPS 204) and SLH-DSA (FIPS 205) on Stylus, but these are not part of the Arbitrum protocol.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: No quantum-specific audit has been performed. Classical audits (Trail of Bits, OpenZeppelin, Consensys Diligence) cover Nitro, BoLD, Stylus, and bridge contracts but do not evaluate quantum resistance.
Coverage basis: Dozens of classical audits exist through Feb 2026. Zero quantum-specific audits.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Classical audits are current and high-quality but scope-mismatched for quantum evaluation. The absence of a quantum audit is scored as note-only because no PQC implementation exists to audit; this is a gap to address when PQC is deployed.
Audit reports page lists dozens of audits including Trail of Bits (Nitro v3.2.0, DVP, 2026), OpenZeppelin, Consensys Diligence, and others. All are classical in scope.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Nitro and bridge contracts are open source (Apache 2.0/MIT). No PQC implementation exists to evaluate for reproducibility.
Coverage basis: All production code is publicly available on GitHub under open-source licenses.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Open-source status is confirmed. The subfactor evaluates PQC implementation reproducibility; none exists to evaluate.
Code is open source and buildable. Third-party PQC POCs (pq-smart-wallet) are also open source but not part of the Arbitrum protocol.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented
Claim: No PQC parameter agility or upgrade path is documented. Arbitrum's upgrade mechanism (ArbOS upgrades via DAO governance) could theoretically support future PQC but no plan exists.
Coverage basis: ArbOS upgrade mechanism exists (governance-approved hardforks) but no PQC-specific upgrade path is designed or documented.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: ArbOS upgrade history (20 Atlas, 30, 31 Bianca, 40 Callisto, 51 Dia, 60 Elara) demonstrates mature upgrade infrastructure. However, no parameter agility for cryptographic primitives is documented.
The existence of regular ArbOS upgrades through DAO governance provides a plausible future vehicle for PQC deployment, but this is not a documented upgrade path.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No PQC implementation exists to evaluate for stateful-signature safety or side-channel resistance.
Coverage basis: Not applicable; no PQC deployment.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Subfactor is applicable in principle but no PQC implementation exists to evaluate.
Third-party POC (pq-smart-wallet) uses stateless ML-DSA-65 (FIPS 204), which does not require state management. This is noted for future reference.
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ deployment
Claim: No project-published performance analysis for PQ signature verification, block validation, gas/fee market impact, or node hardware requirements exists.
Coverage basis: No PQC performance analysis published by Arbitrum/Offchain Labs.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Third-party POC benchmarks show ML-DSA-65 verification at ~374K gas on Stylus (3.7x ECDSA overhead) but these are local devnode measurements, not production-validated. Scored as note-only: no PQC deployment exists, so absence of performance analysis does not affect current quantum-attack readiness.
PQ transaction cost projections from third-party POC: $2-8 per PQ transaction (dominated by L1 calldata costs for 3,309-byte ML-DSA signatures vs 65-byte ECDSA). This is significant for user adoption but not a current quantum-readiness blocker.
Report metadata