The math behind the Quantum Score, factor by factor.
The Quantum Score (0-100) is a deterministic function defined in our published methodology (currently qortrace-method-v0.2, available at /methodology). Lower is worse.
Inputs we look at
For Bitcoin-family chains:
- Address type — P2PK / P2PKH / P2SH / P2WPKH / P2TR (Taproot)
- Pubkey exposure — has the pubkey been broadcast in any prior signature?
- UTXO age — older UTXOs sit on weaker primitives statistically
- Balance at risk — USD value sitting on exposed pubkeys
- Re-use behaviour — number of signatures from the same pubkey
For EVM chains: pubkey is deterministically recoverable from the first transaction, so we instead score on:
- Signature scheme — ECDSA (vulnerable) vs ED25519 (faster Shor break) vs hash-protected schemes
- KMS/HSM exposure — does the wallet sign through an HSM? (lower risk)
- Nonce reuse history — any prior signature reuse?
How factors combine
Each factor produces a sub-score and a weight. The overall score is the weighted geometric mean — meaning a single critical factor can drag the whole score down (we don't let one good metric whitewash a fatal one).
Tiers
| Tier | Range | Action recommended |
|---|---|---|
| Critical | 0-39 | Migrate now — funds materially at risk |
| High | 40-59 | Plan migration within Q1 |
| Moderate | 60-79 | Schedule migration in your annual roadmap |
| Low | 80-100 | Monitor — best-practice posture |
Reproducibility
Every score is stamped with the methodology version it was computed under (e.g. qortrace-method-v0.2). Future bumps don't retroactively re-score older reports — you can always reproduce the original score from the methodology archive at /methodology/v0.2.