AI network token
Optimism OP
Optimism (OP Mainnet) is a Stage 1 (Quantum Risk Assessed) Ethereum L2 optimistic rollup with a comprehensive post-quantum roadmap published January 14, 2026, but zero production PQ cryptographic protection as of June 2026. All spend authorization (EOAs), sequencer block signing, batch submission, L1 bridge escrow, Security Council multisig, and P2P identity remain entirely ECDSA/secp256k1-dependent. Approximately $1.2B in bridged TVL and ~$296M in DeFi TVL (DefiLlama) are exposed to quantum key-recovery attacks with no current mitigation, migration path, prototype, or testnet. The project earns credit for a detailed public roadmap reviewed by Dan Boneh and Justin Drake, enabling infrastructure (EIP-7702 live via Isthmus hardfork, May 2025), and strong open-source codebase, but the QRI Score of 5.25 reflects the absence of any production or testnet PQ protection. The binding Readiness & Risk Cap is 25 (roadmap/proposal only); the Factor Score of 5.25 is lower. The Stage 1 cap of 20 is not binding. Users and institutions should monitor for testnet and mainnet PQ deployments, which are not expected before late 2026 at the earliest per the published roadmap.
Roadmap OnlyECC-Only ProductionL2 RollupL1-DependentSuperchain
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
2.25 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
3.25 / 5
Critical Quantum Blockers
- Roadmap/proposal only; no public PQ code, prototype, testnet, or implementation exists — Readiness & Risk Cap: 25.
- Active production spend authorization remains entirely ECDSA-only for all EOAs, sequencer, and batch submitter — Readiness & Risk Cap: 40.
- Material long-exposure quantum-vulnerable value exists (~$1.2B bridged TVL, ~$296M DeFi TVL) in transacted EOAs with exposed public keys, L1 bridge escrow contracts, and Security Council multisig, with no migration, freeze, deprecation, or burn path yet active — Readiness & Risk Cap: 55.
- Security Council multisig (10-of-13 + 5-of-7 nested) and Foundation multisig use classical ECDSA keys with no PQ migration path; quantum key recovery could enable unauthorized contract upgrades bypassing all fault-proof security.
- L1 bridge and settlement dependency inherits Ethereum L1's quantum-vulnerable BLS validator signatures and KZG commitments; Optimism cannot independently mitigate this dependency.
Key Risks
- Harvest-now-decrypt-later: All ECDSA public keys exposed on OP Mainnet (every EOA that has sent a transaction, all sequencer/batcher public keys, all multisig signer addresses) are permanently recorded on-chain and harvestable for future quantum decryption via Shor's algorithm.
- Sequencer compromise: A quantum attacker who recovers the sequencer ECDSA private key could submit fraudulent batches, censor transactions, reorder blocks for MEV extraction, and disrupt L2 block production.
- Bridge escrow risk: ~$1.2B in bridged TVL is secured by L1 bridge contracts governed by the Security Council multisig and Ethereum L1 settlement. Quantum compromise of the multisig or Ethereum L1 validators could enable unauthorized bridge withdrawals.
- Instant upgrade risk: The Security Council multisig (2-of-2 nested: 10-of-13 + 5-of-7) can upgrade all OP Mainnet contracts without timelock. Quantum compromise of these keys would bypass all fault-proof security guarantees and could drain the bridge or alter protocol rules instantly.
- L1 dependency: OP Mainnet inherits Ethereum L1 quantum vulnerabilities including BLS validator signatures and KZG commitments for EIP-4844 blob data availability. A quantum break of Ethereum L1 finality would cascade to OP Mainnet settlement.
- Superchain cascade: The OP Stack is shared across dozens of chains (Base, Zora, Mode, Unichain, Soneium, Ink). A quantum vulnerability in the shared codebase affects the entire Superchain ecosystem simultaneously.
- No PQ algorithm selected: The roadmap defers algorithm selection, adding uncertainty about migration timelines, wallet compatibility, and gas cost implications for the eventual PQ transition.
- Long-exposure value: A significant portion of bridged TVL sits in long-exposure EOAs and smart contracts whose admin keys have transacted on-chain. These public keys are permanently harvestable with no deprecation, freeze, or burn mechanism.
Assurance Notes
- No PQ code, prototype, testnet, or implementation exists on any network as of evaluation date; audit freshness is N/A for the quantum-critical scope.
- Optimism published a comprehensive 10-year PQ roadmap (January 14, 2026) with strategic guidance from Dan Boneh and review by Justin Drake, demonstrating serious risk assessment and ecosystem leadership.
- The roadmap explicitly defers PQ algorithm selection, stating the specific post-quantum signature scheme is 'not yet decided' and that NIST lattice-based signatures may not be the optimal long-term choice.
- EIP-7702 support was activated on OP Stack via the Isthmus hardfork (May 2025), providing the account-abstraction mechanism needed for future PQ smart-account migration. No PQ signature verification is implemented on top of this mechanism.
- The Security Council multisig (2-of-2 nested: 10-of-13 Council + 5-of-7 Foundation) controls instant, timelock-free upgrades to all OP Mainnet L1 contracts. These ECDSA keys are a systemic quantum-vulnerability surface with no published PQ migration plan.
- Migration depends on Ethereum L1 also migrating BLS validator signatures and KZG commitments to PQ alternatives — a dependency acknowledged by the roadmap but outside Optimism's direct control.
- Approximately $1.2B in bridged TVL and ~$296M in DeFi TVL (DefiLlama, June 2026) are secured entirely by classical ECDSA cryptography with long-exposure public keys on-chain.
- No formal quantum-specific incident-response playbook or emergency disclosure process for quantum vulnerabilities has been published.
- The OP Stack powers multiple Superchain chains (Base, Zora, Mode, Unichain, Soneium, Ink, etc.); quantum vulnerability is systemic across the entire OP Stack ecosystem.
Non-Scoring Caveats
- The 10-year ECDSA deprecation timeline (January 2036) is a policy commitment subject to Optimism governance approval and may change.
- The specific PQ algorithm is deferred to future ecosystem coordination; the roadmap mentions evaluating NIST lattice-based signatures (Dilithium, Falcon) but makes no commitment.
- OP Stack is shared across the Superchain (Base, Zora, Mode, Unichain, Soneium, Ink, etc.); quantum vulnerability is systemic across all OP Stack chains, not isolated to OP Mainnet.
- L1 bridge and settlement dependency on Ethereum means Optimism cannot be fully quantum-ready until Ethereum L1 also completes its PQ migration for BLS validators and KZG commitments.
- No formal quantum-specific incident-response playbook or emergency disclosure process has been published, though the Security Council Guardian mechanism provides a general emergency response capability.
- No exchange or custody PQ migration attestations exist for OP Mainnet or any OP Stack chain.
- No PQ performance or resource-impact analysis (gas costs, block size, validation overhead) has been published for any PQ signature scheme on OP Stack.
- The roadmap states testnets for PQ sequencer signatures are planned for late 2026 at the earliest; this has not yet materialized as of the evaluation date.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: Optimism published a PQ roadmap (January 14, 2026) identifying ECDSA EOAs, sequencer/batch-submitter keys, L1 BLS validator signatures, and KZG commitments as quantum-vulnerable surfaces. Covers affected layers and attack assumptions.
Coverage basis: Published risk assessment covering major cryptographic surfaces
Implementation score: 0.75 · Evidence confidence: High
Issue classification: none · Score treatment: score-reducing
Assurance: Roadmap reviewed by Dan Boneh and Justin Drake. Covers major surfaces (EOAs, sequencer, BLS, KZG) but does not formally enumerate all bridge contract keys, multisig member keys, P2P keys, or token admin keys as a structured cryptographic inventory document.
Score 0.75 reflects credible threat model covering major surfaces but not a formal comprehensive cryptographic inventory.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: The roadmap references Ethereum's cryptographic architecture, EIP-7702, OP Stack codebase, and L1 dependencies. Public source code confirms ECDSA-only production posture.
Coverage basis: Published evidence record with code references
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: score-reducing
Assurance: Public code and specs support the assessment, but no independent quantum-specific audit or formal evidence record with transaction examples or reproducible analytics exists.
Score 0.5 reflects evidence primarily from roadmap blog post and public repositories; a formal structured evidence record is absent.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: Production implementation uses standard Ethereum ECDSA/secp256k1 for all user transaction signing with no PQ or hybrid-PQ support in mainnet code paths. EIP-7702 is live but does not implement PQ signature verification.
Coverage basis: Classical ECC-only spend authorization confirmed in production source code
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All user spend authorization is ECDSA-only; Shor's algorithm breaks secp256k1.
Assurance: Verifiable from production source code; absence of PQ code is definitive. EIP-7702 enables delegation but no PQ wallet or verification contract exists.
All EOA transactions on OP Mainnet use ECDSA/secp256k1. EIP-7702 (live since Isthmus, May 2025) is an enabling mechanism only.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths
Claim: Optimism inherits Ethereum's account model; EOAs that have sent transactions expose their secp256k1 public keys on-chain (long-exposure). No PQ key-derivation scheme or hidden-public-key mechanism exists.
Coverage basis: Standard Ethereum account model with long-exposure public keys
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure public keys are harvestable for future Shor's algorithm attacks with no current mitigation.
Assurance: Confirmed by protocol design and roadmap acknowledgment of ECDSA vulnerability.
Roadmap plans to address via EIP-7702 PQ smart accounts, but no implementation or migration tooling exists.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable
Claim: Sequencer block payload signing uses ECDSA (Unsafe Block Signer). Batch submission uses ECDSA keys. The Security Council Guardian multisig uses ECDSA.
Coverage basis: OP Stack specs and code confirm ECDSA for sequencer, batcher, and Guardian
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Sequencer and batch submitter ECDSA keys are quantum-vulnerable; compromise enables block production disruption and MEV extraction.
Assurance: Confirmed by official specs and roadmap acknowledgment that sequencers must transition to PQ.
Optimism has no validator set or BLS finality signatures (N/A for those sub-layers). Sequencer is centralized; its ECDSA key is a single point of quantum vulnerability.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: Fault proofs (Cannon) and bridge settlement rely on Ethereum L1 security, which uses ECDSA/BLS/KZG. No independent quantum-safe state binding exists on L2.
Coverage basis: L1 dependency — classical KZG and ECDSA for settlement and data availability
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: L1 bridge and settlement depend on Ethereum's quantum-vulnerable KZG commitments and BLS validator signatures.
Assurance: Optimism's fault proof system (Cannon) resolves disputes on L1 Ethereum. L1 Standard Bridge escrow contracts are secured by Ethereum's classical cryptography. L2BEAT classifies OP Mainnet at Stage 1 with Security Council override.
KZG commitments for blob DA and L1 ECDSA for bridge/settlement are structural dependencies that Optimism cannot independently mitigate.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: OP Mainnet is a transparent optimistic rollup with no shielded transaction layer or ZK privacy components in production. Fault proofs are MIPS-based (Cannon), not pairing-based.
Coverage basis: Not applicable — transparent rollup with no privacy layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: Unsafe Block Signer uses ECDSA for P2P block gossip authentication. Sequencer P2P identity is classical. OP Stack inherits Ethereum's libp2p stack.
Coverage basis: Classical P2P cryptography for block signing
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: P2P identity is not consensus, spend, bridge, or custody-critical in the Optimism architecture, but the unsafe block signing key enables targeted DoS if compromised.
P2P layer inherits Ethereum's libp2p stack. Block payload signing is consensus-adjacent (prevents DoS and block injection) but not directly spend-authorization critical.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: No PQ wallet, custody, HSM, or hardware-wallet support exists for OP Mainnet. All custody paths rely on ECDSA.
Coverage basis: Classical ECC-only wallet and custody support
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: Absence of PQ wallet support is verifiable from lack of any production PQ implementation. Roadmap anticipates future wallet tooling.
EIP-7702 provides technical foundation for future PQ smart-account migration but no PQ wallet SDK, precompile, or verification contract exists.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of ~$1.2B bridged TVL and ~$296M DeFi TVL is PQ-protected. All value is secured by ECDSA keys or ECDSA-based multisigs.
Coverage basis: No migration has occurred; all accounts use classical ECDSA
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All ~$1.2B bridged TVL is ECDSA-secured with long-exposure public keys harvestable for future quantum attack.
Assurance: TVL figures from DefiLlama (June 2026). Coverage threshold: <25% (experimental/negligible protection). L2BEAT TVS approximately $1.52B.
Coverage <25% per QRI 9.3.1 thresholds. Implementation Score 0 maps to 1 on the 20-point scale, but the category score calculation yields 0 as a fraction of total applicable subfactor points.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (Security Council, Foundation, bridge escrow, exchange custody, treasuries) have migrated to PQ protection. All use classical ECDSA.
Coverage basis: No critical wallet migration
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Security Council multisig and Foundation multisig are entirely ECDSA-based with no PQ migration path.
Assurance: No evidence of any critical wallet migration. Bridge escrow and governance keys remain classical.
The Security Council 10-of-13 and Foundation 5-of-7 multisigs are the ultimate upgrade authority. Their quantum vulnerability is a systemic risk.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: The roadmap identifies ECDSA EOAs as the legacy vulnerable pool and commits to deprecation by 2036. No on-chain measurement, freeze, deprecation, or burn mechanism is active.
Coverage basis: Roadmap-level identification only; no active mechanism
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Roadmap-level identification only. No dashboard, analytics, or on-chain mechanism to measure or deprecate vulnerable pools exists.
Dormant EOAs with exposed public keys (from past transactions) cannot be migrated without user action and have no deprecation path.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: Optimism published a comprehensive 10-year PQ roadmap (January 14, 2026) with three phases: EIP-7702 smart wallet migration, protocol-level enforcement, and pluggable PQ schemes. Sequencing includes sequencer/batcher PQ transition first, then EOA migration.
Coverage basis: Published roadmap with sequencing, activation criteria, and dependencies
Implementation score: 0.5 · Evidence confidence: High
Issue classification: none · Score treatment: note-only
Assurance: Roadmap reviewed by Dan Boneh and Justin Drake. Subject to governance approval. Implementation Score 0.5 reflects a detailed proposal with sequencing but no code, prototype, or testnet.
The roadmap is one of the most detailed L2 PQ roadmaps in the Ethereum ecosystem but remains proposal-only.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths
Claim: No PQ account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist on mainnet. EIP-7702 is live but not configured for PQ delegation.
Coverage basis: No migration accessibility exists
Implementation score: 0 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: Absence of PQ migration tooling is expected at this stage; the roadmap explicitly states 'Users don't need to take any action today.'
EIP-7702 provides the technical foundation for future PQ smart-account migration but is not yet configured for PQ use.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation timelines, or exchange coordination for PQ migration are currently active. Users can still create new quantum-vulnerable EOAs by default.
Coverage basis: No enforcement active; roadmap mentions future enforcement after 2036
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Enforcement is roadmap-level only. No governance proposal, code, or implementation exists for enforcement mechanisms.
The 10-year deprecation timeline is a policy commitment subject to governance approval, not currently enforced.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: Optimism has a Security Council Guardian with emergency upgrade powers and a bug bounty program. No quantum-specific incident-response playbook is published.
Coverage basis: General Security Council governance; no quantum-specific IR process
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: General incident-response capabilities exist via Security Council Guardian and bug bounty, but are not quantum-specific. The Guardian can pause withdrawals or shift to permissioned dispute games.
The absence of a quantum-specific IR playbook is an assurance gap but does not directly create a quantum attack path.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQ algorithm has been selected or implemented. The roadmap explicitly states 'the specific post-quantum signature scheme is not yet decided.'
Coverage basis: No PQ algorithm selected
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No PQ algorithm selected, so no NIST standardization assessment is possible.
The roadmap mentions evaluating NIST lattice-based signatures (Dilithium, Falcon) but makes no commitment. Algorithm selection deferred to future ecosystem coordination.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for the quantum-critical scope
Claim: No PQ implementation exists, so no quantum-specific audit has been conducted. General OP Stack audits exist but do not cover PQ cryptography.
Coverage basis: No PQ implementation to audit
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: not applicable
Assurance: No PQ code exists to audit. General audits support baseline security but provide no quantum assurance.
Audit absence is a logical consequence of having no PQ implementation, not an independent gap.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: OP Stack is open-source (MIT-licensed) and publicly available. No PQ implementation exists to be open-source yet.
Coverage basis: Open-source platform with no PQ code
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: score-reducing
Assurance: Open-source posture is strong and will support future PQ implementation transparency.
OP Stack is fully open-source; future PQ implementation would likely be open as well.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented
Claim: Roadmap states PQ schemes will be 'pluggable' and smart-account patterns designed to be upgradeable. OP Stack is architected to swap signature schemes via hardforks.
Coverage basis: Roadmap-level design intent for PQ parameter agility
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: note-only
Assurance: Parameter agility is documented at the roadmap level but not yet implemented or tested with PQ algorithms.
The commitment to upgradeable smart-account patterns is a positive design principle but is not yet validated for PQ use.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management risks considered
Claim: No PQ implementation exists, so no stateful-signature safety or side-channel analysis has been conducted specific to PQ algorithms.
Coverage basis: No PQ implementation to analyze
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: score-reducing
Assurance: Not yet applicable as no PQ algorithm has been selected. Stateful-signature hazards will become relevant once an algorithm is chosen.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ costs could affect safe deployment
Claim: No PQ performance or resource-impact analysis has been published for Optimism. No PQ benchmarks for gas costs, block size, validation overhead, mempool policy, or node hardware requirements.
Coverage basis: No PQ implementation or performance analysis exists
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: PQ performance analysis is not yet meaningful without a selected algorithm.
Performance impact will depend on the specific PQ algorithm chosen (e.g., ML-DSA signatures are ~2.4-3.3 KB vs. ECDSA's 65 bytes).
Report metadata