You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multiple privacy L2s must be compared for an institutional deployment decision.
Throughput, security, and censorship resistance have to be placed side by side across heterogeneous architectures.
A consistent, sourced methodology is needed so that procurement and risk teams can review the same evidence.
avoid-when
The L2 under review has no privacy features; use a general L2 scorecard instead.
A single vendor is already chosen and only vendor docs need verification.
context
both
context_differentiation
i2i
i2u
Between institutions the framework is used by procurement, risk, and ops teams to weigh counterparty-aligned criteria such as force-inclusion SLAs, compliance features, and DA trust assumptions. Both sides can cross-review the filled table.
For user-facing deployments the framework surfaces asymmetries that matter to end users: client proving cost, availability of forced exits without operator cooperation, and whether disclosure can be compelled unilaterally by the operator.
crops_profile
n/a
post_quantum
risk
vector
mitigation
low
The framework itself is a methodology, not a cryptographic primitive. One of its rows (`PQ Security`) flags HNDL exposure in the evaluated systems.
Encourage each system to report post-quantum readiness in its row, and re-evaluate as systems migrate proof systems.
L2Beat open dataset and risk methodology used as a baseline for independently verified metrics
TypeScript
Intent
Give institutions a vendor-neutral, sourced methodology for comparing privacy-preserving L2 solutions across performance and cost, privacy and Data Availability, and security and governance. The framework defines a common workload so that self-reported metrics can be placed next to independent benchmarks on the same axes.
Note: this card is an evaluation framework, not a reusable privacy primitive. pattern-privacy-l2s is the actual L2 pattern; this one documents how to compare privacy L2s. Candidate for relocation to approaches/ or a methodology section in a follow-up.
Components
Self-reported metric sheets collected from each L2 team, with a source link per cell.
Independent benchmarks and risk reviews used to cross-check the self-reported values.
A standardized workload (Simple Value Transfer) that fixes what a transaction means across heterogeneous architectures.
A disclosure convention that records what each metric measures, what is excluded, and whether a value is Pending or N/A.
Protocol
[evaluator] Adopt Simple Value Transfer as the baseline workload.
[evaluator] Request each L2 team to fill the three evaluation tables (performance, privacy and DA, security and governance).
[evaluator] Require a source link for every claim (benchmark run, docs page, or paper).
[evaluator] Mark Pending where data is missing and N/A where the metric does not apply to that architecture.
[evaluator] Produce the comparative view; highlight trade-offs that matter for the target use case.
[evaluator] Re-run the exercise on hard forks, client updates, or when a new benchmark is published.
Evaluation criteria
1. Performance and cost
Metric
Discrete metrics
Max Throughput
Max theoretical TPS, tested peak TPS (with benchmark link). Report TPSPublic and TPSPrivate separately
Transaction cost
Gas usage in L1 gas units + L2 gas units for Simple Value Transfer
Bridging and exit
L2 to L1 withdrawal and forced exit cost (gas units)
Finality time
Soft Finality (L2 inclusion), Hard Finality (L1 commitment + proof), Challenge Period
Centralized, Permissioned Set, Decentralized Auction, Based (L1 Sequencing)
Censorship resistance
Mechanism: Force inclusion, Escape Hatch, Council. User burden: Stateless, Merkle Witness, Full State Reconstruction. Latency: Immediate, Challenge Period
A protocol-native payment where a sender transfers an ERC-20 amount to a single recipient, resulting in a valid state transition. TPSPublic measures transfer semantics that are publicly observable (L2 inclusion plus validity). TPSPrivate measures a full privacy mode that hides sender, recipient, and amount as applicable; optional features are excluded unless they are mandatory in the protocol. Features excluded when reporting TPS must not be implicitly assumed elsewhere. The definition does not equalize DA models, finality, confirmation UX, compliance features, or off-chain coordination.
Guarantees & threat model
Guarantees:
Consistent comparison criteria across heterogeneous L2 architectures.
Separation of self-reported metrics from independently verified metrics.
Clear visibility into what each system hides and from whom.
Traceable claims: every metric requires a source.
Threat model:
Self-reported metrics may be optimistic; the source link is what anchors them.
Some systems do not map cleanly to every row; the N/A marker is load-bearing.
Criteria drift over time; periodic re-evaluation is required.
Trade-offs
The exercise is labor-intensive; automation via a benchmark pipeline helps.
Architectural heterogeneity makes equal-weight scoring misleading; use the tables as input to a weighted decision, not an output score.
Frozen snapshots age quickly; timestamp every filled table and link back to source commits where possible.
Targeted systems
Privacy L2s currently in scope: Aztec, Miden, Intmax, Prividium, Scroll Cloak, EY Nightfall. The framework also applies to privacy app layers on existing chains (shielded pools, enterprise privacy layers, FHE coprocessors), which share DA but not sequencer assumptions.
Results snapshot
Results below are drawn from public documentation and independent sources. Empty cells indicate data not yet publicly available; each published snapshot must be timestamped.
Protocol
Deployment
Privacy model
Proof system
DA
Client proving
Censorship resistance
Aztec
Public L2
Cryptographic (ZK)
UltraHonk
L1 Blobs
Yes (heavy)
Escape Hatch
Miden
Public L2
Cryptographic (ZK)
STARK (Winterfell)
L1 Blobs
Yes (can be delegated)
TBD
Intmax
Public L2
Cryptographic (ZK)
Plonk/Gnark
Stateless (Client-Side)
Yes (light)
Force Inclusion
Prividium
AppChain SDK
Cryptographic (ZK)
Boojum/Plonk
External (Private DB)
No (server)
Operator-dependent
Scroll Cloak
AppChain SDK
Cryptographic (ZK)
Scroll zkEVM
Host chain
No (prover service)
Force Exit to host
EY Nightfall
AppChain SDK
Cryptographic (ZK)
UltraPlonk
L1 Call Data
Yes
TBD
AppChain SDKs have deployment-dependent assumptions (sequencer, DA, governance) that vary by operator. Public L2s offering hybrid modes (Aztec, Miden) let the developer choose between a public account model and a private UTXO note model; stateless or validium designs (Intmax, Prividium, Scroll Cloak) hide balances and transfer data by default.
An OTC settlement team filters the table for cryptographic privacy, requires viewing keys for audit support, compares client proving cost against trust assumptions, and reviews censorship-resistance SLAs before choosing between an AppChain SDK and a public privacy L2.