APTOS · L1 · QRI 29 · BAND 3 Planning Hybrid PASS · Stage 1 · Washing 2.5x

Aptos has the most conservative PQC proposal in the batch, AIP-137 choosing hash-based SLH-DSA precisely because it adds no new cryptographic assumptions. It also has a PQC-washing ratio of 2.5, the highest in the batch. Good proposal, zero deployed code, and the gap between the two is the whole story.

inLinkedIn XPost ▼Scorecard JSON ⇆Compare Verified 2026-04-18

Summary

Aptos has a strong PQC architectural story (AIP-137 proposing SLH-DSA-SHA2-128s, NIST FIPS 205) but zero deployment. Multi-key auth and Move VM provide excellent crypto-agility. Aaronson cap triggers: architecture (Dim 4 score 68) far exceeds execution (Dim 5 score 10). PQC-washing ratio 2.5 flagged.

What the gates say

Hybrid: PASS. Hybrid-PQ design present.
Evidence: PASS. Sources reconstructable by third party.
Primitive naming: PASS. Named primitives at every scored sub-level.

Burn-vs-rescue policy on file

undeclared

Seven dimensions

Each dimension scores 0-100 internally; the weighted roll-up produces the QRI on the left. Open a row to read the sub-score detail.

1 Cryptographic Exposure 50 / 100

1a_primitive_inventory 14 / 20

Multi-key auth framework. Full primitive inventory documented.

Primitives: Ed25519 (default) · BLS12-381 (validator consensus AptosBFT) · ECDSA secp256k1 · ECDSA secp256r1 (P-256) · SHA-256 · SHA-3-256

Evidence: aptos.dev · github.com

1b_shor_grover_pq_tag 15 / 20

Evidence: aptos.dev

1c_algorithm_family_diversity 6 / 20

AIP-137 proposes SLH-DSA (hash-based) but not deployed. Currently no PQC families deployed.

1d_nist_security_category 5 / 20

Proposal-only; not deployed.

1e_implementation_quality 10 / 20

Evidence: github.com

2 HNDL Exposure 28 / 100

2a_active_key_exposure 6 / 20

Auth keys stored in account state. All active accounts expose key data.

2b_cold_key_exposure 8 / 20

41 months mainnet age; BlackRock BUIDL stablecoin holdings at $1.15B.

2c_signature_longterm_validity 7 / 20

Ed25519 consensus + Move resource sigs forgeable post-Shor.

2d_encryption_confidentiality 7 / 20

Standard TLS for RPC. No PQC KEM.

3 Metadata & Privacy Exposure 22 / 100

3a_tx_graph_visibility 5 / 20

Pseudonymous transparent Move resource ledger.

3b_rpc_mempool_concentration 4 / 20

AWS hosts 43.2% of stake; RPC concentration through Aptos Labs, Nodereal.

3c_cross_chain_bridge_correlation 7 / 20

LayerZero, Wormhole bridges; linkable cross-chain.

3d_retroactive_deanon_risk 6 / 20

Aptos Keyless uses OpenID-connected auth; Shor-broken.

4 Migration Architecture 68 / 100

4a_crypto_agility 18 / 20

Multi-key authentication natively supports multiple sig schemes. Move VM modular.

4b_account_abstraction_key_rotation 18 / 20

Aptos Keyless + multi-key auth allow sig scheme migration per account.

4c_hard_fork_track_record 18 / 20

Active AIP process; AIP-131 (block time), AIP-137 (PQC proposal), Proposal #183 (supply cap).

4d_hybrid_deployment_readiness 14 / 20

Multi-key auth enables hybrid Ed25519+SLH-DSA; AIP-137 opt-in design preserves default Ed25519.

5 Deployment Execution 10 / 100

5a_mainnet_pqc_pct 0 / 20

no PQC traffic on mainnet

5b_pqc_code_in_client 0 / 20

AIP-137 proposal only; no code merged

5c_validator_pqc_adoption 0 / 20

no validator PQC keys

5d_published_milestones_count 8 / 20

AIP-137 formal governance proposal is 1 milestone. No dated deployment timeline.

5e_pqc_washing_delta 2 / 20

Announced AIP-137 widely; no deployed code. Ratio >2.0 triggers extra flag.

6 Supply Chain Vendor Readiness 10 / 100

6a_wallet 3 / 20

6b_bridge 2 / 20

6c_custodian 3 / 20

6d_rpc_hsm 2 / 20

7 Governance & Coordination 48 / 100

7a_validator_stake_distribution 10 / 20

152 validators, Nakamoto 22 (consensus), 1 (AWS hosting).

7b_upgrade_cadence_under_pressure 15 / 20

Active AIPs; AIP-131 block time upgrade executed fast.

7c_named_coordination_lead 15 / 20

Aptos Labs (Mo Shaikh, Avery Ching) + Aptos Foundation.

7d_adversarial_coordination_precedent 8 / 20

No documented adversarial-pressure precedent.

The X + Y vs Z inequality

X (data shelf life): 5-10 (Ed25519 default, rapid key rotation possible)

Y (migration time): 7-12

Z10 (10% CRQC year): 2036 · Z50 (50%): 2041

Verdict: X+Y > Z (danger).

Four-scenario grid

Scenario	Value preserved	Privacy preserved
quantum never	100%	100%
arrives suddenly pre migration	15%	5%
arrives slowly post migration	90%	75%
arrives slowly mid migration	55%	35%

Peers in the L1 profile

Order-book view of the 9 chains closest to Aptos by QRI.

Public artifacts used for this scorecard

Each entry below is a sub-score citation. Clicking the link takes you to the public source. A third party should be able to reconstruct every number on this page from these URLs in 48 hours.

Cryptographic Exposure · 1a_primitive_inventory

Multi-key auth framework. Full primitive inventory documented.

Cryptographic Exposure · 1b_shor_grover_pq_tag

https://aptos.dev

Cryptographic Exposure · 1e_implementation_quality

https://github.com/aptos-labs/aptos-core

Supply chain snapshot

wallet Petra · Pontem · Martian 0 PQC roadmaps

bridge LayerZero · Wormhole · Stargate 0 PQC roadmaps

custodian Coinbase Custody · BitGo · Fireblocks 0 PQC roadmaps

rpc_hsm Aptos Labs RPC · Nodereal · Ankr 0 PQC roadmaps

A chain's supply chain cannot migrate faster than its slowest dependency. Zero PQC roadmaps in any of the four categories is a structural blocker, not a lagging indicator.

Analyst notes on the scoring

AIP-137 is one of the most technically conservative PQC proposals in industry (hash-based, no new crypto assumptions). But governance approval pending and no deployed code. Aaronson cap is the binding constraint.

Scorecard metadata

Profile: L1
Scored: 2026-04-18 by layerqu-v2-scoring-agent-1
v1 reference: chainscreen-v1-archive
QRI raw: 29 · after caps: 29
Confidence interval: ±10
PQC washing ratio: 2.5x
Burn-vs-rescue: undeclared

Caps triggered

mosca_cap_60
aaronson_cap_70 (dim 4 > dim 5 by >1 migration stage)
sutor_stage_cap_2 (5d has only 1 milestone, not 3+; partially meets)
casado_stage_cap_3