IMMUTABLE X · rollup-L2 · QRI 19 · BAND 2 Acknowledged Hybrid FAIL · Stage 0 · Washing 1.1x

Immutable X sometimes gets described as 'post-quantum' because its STARK proofs are hash-based. That is true of the proof. It is not true of the user's ECDSA secp256k1 signature, which is what actually moves the NFT. The label is doing more work than the cryptography.

inLinkedIn XPost ▼Scorecard JSON ⇆Compare Verified 2026-04-18

Summary

Immutable X is a StarkEx-based L2 Validium for NFTs/gaming. The STARK proof system is hash-based (FRI) and considered PQ-leaning at the proof layer, but user transactions still rely on ECDSA secp256k1 and no NIST-PQC signature scheme is deployed. Centralized operator controls upgrades. PQC washing risk: marketing sometimes describes STARKs as 'post-quantum' without qualifying that user sigs remain Shor-breakable.

What the gates say

Hybrid: FAIL. No hybrid plan on file.
Evidence: PASS. Sources reconstructable by third party.
Primitive naming: PASS. Named primitives at every scored sub-level.

Burn-vs-rescue policy on file

undeclared

Seven dimensions

Each dimension scores 0-100 internally; the weighted roll-up produces the QRI on the left. Open a row to read the sub-score detail.

1 Cryptographic Exposure 28 / 100

1a_primitive_inventory 10 / 20

StarkEx + StarkNet L2 architecture.

Primitives: ECDSA secp256k1 (user tx, EVM) · STARK proofs (FRI over prime field, hash-based) · Keccak-256

Evidence: docs.immutable.com

1b_shor_grover_pq_tag 12 / 20

Evidence: starkware.co

1c_algorithm_family_diversity 4 / 20

FRI-based STARKs are hash-based and considered PQ-leaning (vs pairing-based SNARKs).

1d_nist_security_category 0 / 20

FRI-STARK is PQ-leaning but not NIST-standardized. No PQC signature scheme deployed.

1e_implementation_quality 2 / 20

2 HNDL Exposure 22 / 100

2a_active_key_exposure 5 / 20

User ECDSA keys exposed on first tx. NFT holdings persist long-term.

2b_cold_key_exposure 6 / 20

NFT holdings often long-dormant (collectibles). Cold ECDSA keys persistent.

2c_signature_longterm_validity 6 / 20

STARK proofs are hash-based and PQ-leaning for state transitions. User ECDSA sigs still Shor-breakable.

2d_encryption_confidentiality 5 / 20

TLS for API. No PQC KEM.

3 Metadata & Privacy Exposure 20 / 100

3a_tx_graph_visibility 5 / 20

Pseudonymous. NFT provenance is fully transparent.

3b_rpc_mempool_concentration 3 / 20

Centralized StarkEx operator runs the mempool/order book.

3c_cross_chain_bridge_correlation 6 / 20

Ethereum bridge visible; deposits/withdrawals linkable.

3d_retroactive_deanon_risk 6 / 20

Non-private by design; low marginal retroactive risk.

4 Migration Architecture 42 / 100

4a_crypto_agility 14 / 20

STARK proof system is modular — FRI parameters, hash choice upgradable. StarkEx governance controls upgrades.

4b_account_abstraction_key_rotation 12 / 20

StarkEx L2 uses L1 Ethereum wallets for tx submission. L1 AA (ERC-4337) leverageable.

4c_hard_fork_track_record 10 / 20

Multi-year StarkEx upgrades (StarkEx → zkEVM). Operator controls upgrades.

4d_hybrid_deployment_readiness 6 / 20

No published hybrid PQC envelope. STARK already PQ-leaning on proof side.

5 Deployment Execution 8 / 100

5a_mainnet_pqc_pct 3 / 20

STARK proof system is hash-based/PQ-leaning, but this is not NIST PQC and user signatures remain ECDSA. Score credits FRI but flags conceptual gap.

Evidence: starkware.co

5b_pqc_code_in_client 0 / 20

No NIST PQC code in client.

5c_validator_pqc_adoption 0 / 20

No validator set — centralized operator.

5d_published_milestones_count 0 / 20

No published PQC migration milestones.

5e_pqc_washing_delta 5 / 20

StarkWare public about 'STARKs are post-quantum' but no user-sig PQC plan. Arguable PQC washing.

6 Supply Chain Vendor Readiness 8 / 100

6a_wallet 2 / 20

6b_bridge 2 / 20

6c_custodian 2 / 20

6d_rpc_hsm 2 / 20

7 Governance & Coordination 25 / 100

7a_validator_stake_distribution 5 / 20

Centralized StarkEx operator. No validator set.

7b_upgrade_cadence_under_pressure 6 / 20

StarkEx operator-controlled upgrades. Transition from StarkEx to zkEVM in progress.

7c_named_coordination_lead 9 / 20

Immutable (James + Robbie Ferguson) + StarkWare. No named PQC lead.

7d_adversarial_coordination_precedent 5 / 20

No PQC-specific precedent.

The X + Y vs Z inequality

X (data shelf life): 5-10 (NFTs can be long-dormant; user sigs mostly short-lived)

Y (migration time): 10-15

Z10 (10% CRQC year): 2036 · Z50 (50%): 2041

Verdict: X+Y > Z (danger).

Four-scenario grid

Scenario	Value preserved	Privacy preserved
quantum never	100%	100%
arrives suddenly pre migration	10%	15%
arrives slowly post migration	80%	70%
arrives slowly mid migration	40%	35%

Peers in the rollup-L2 profile

Order-book view of the 9 chains closest to Immutable X by QRI.

Public artifacts used for this scorecard

Each entry below is a sub-score citation. Clicking the link takes you to the public source. A third party should be able to reconstruct every number on this page from these URLs in 48 hours.

Cryptographic Exposure · 1a_primitive_inventory

StarkEx + StarkNet L2 architecture.

https://docs.immutable.com/docs/x/main-concepts/architecture

Cryptographic Exposure · 1b_shor_grover_pq_tag

https://starkware.co/stark/

Deployment Execution · 5a_mainnet_pqc_pct

STARK proof system is hash-based/PQ-leaning, but this is not NIST PQC and user signatures remain ECDSA. Score credits FRI but flags conceptual gap.

https://starkware.co/stark/

Supply chain snapshot

wallet MetaMask · Immutable Passport · Argent 0 PQC roadmaps

bridge Immutable Bridge · LayerZero · Across 0 PQC roadmaps

custodian Coinbase Custody · Fireblocks · BitGo 0 PQC roadmaps

rpc_hsm Immutable RPC · Alchemy · QuickNode 0 PQC roadmaps

A chain's supply chain cannot migrate faster than its slowest dependency. Zero PQC roadmaps in any of the four categories is a structural blocker, not a lagging indicator.

Analyst notes on the scoring

Small dim1 credit for PQ-leaning STARK proof system. Important caveat: STARK PQ-security is not the same as user key security. Band 2 Acknowledged due to StarkWare's public PQ discourse, but no signature-layer PQC plan found.

Scorecard metadata

Profile: rollup-L2
Scored: 2026-04-18 by layerqu-v2-scoring-agent-3
v1 reference: chainscreen-v1-archive
QRI raw: 19 · after caps: 19
Confidence interval: ±12
PQC washing ratio: 1.1x
Burn-vs-rescue: undeclared

Caps triggered

Mosca (5a<20% → QRI max 60)
Sutor (5d=0 → Migration Stage max 2)
Preskill (several dims <3 artifacts × 0.5)
Casado (3+ vendor tiles pqc=0 → migration_stage max 3)
Hybrid gate FAIL → QRI cap 60