The $250 Billion Problem

Yes. Your private key is encrypted with quantum-safe encryption (X-Wing ML-KEM-768) before being uploaded to Arweave. While the encrypted data is publicly visible on the blockchain, it cannot be decrypted without your encryption keys, which are stored only in your iPhone's secure Keychain.

This "hiding in plain sight" approach actually increases security by eliminating private channels where data could be secretly intercepted or exfiltrated. There's no server to hack, no employee with access, and no government subpoena that can reveal your keys—the encryption is mathematically unbreakable without your device.

Think of it like a safe in a public square: everyone can see the safe, but only you have the combination.

Your wallets remain fully accessible. Here's why:

1. All encrypted wallet data is permanently stored on Arweave's decentralized network, not on Q-Ledger servers. Arweave is designed to preserve data for at least 200 years across thousands of independent nodes globally, and data retrieval is free.

2. Standard users can continue using the Q-Ledger app indefinitely (it's installed on your device).

3. Pro users have additional protection: they can export their encryption keys and use public domain recovery scripts published on GitHub to decrypt wallets on any platform (Windows, Linux, web browser) without the app.

4. The encryption format is open and documented—security researchers and developers can create alternative recovery tools at any time.

Q-Ledger's design ensures you're never dependent on the company's continued operation.

Q-Ledger uses X-Wing, a quantum-resistant encryption algorithm built into iOS 26, which combines two layers of protection:

1. ML-KEM-768: A NIST-standardized post-quantum algorithm designed to resist attacks from future quantum computers.

2. X25519: A classical elliptic curve algorithm that provides security against current threats.

This "hybrid" approach means your keys remain secure even if one encryption method is compromised. X-Wing is already used by Google Cloud, Cloudflare, and other major tech companies.

Why this matters: Quantum computers may eventually break today's encryption standards (like AES-256 and RSA). Since Arweave stores data permanently, Q-Ledger protects against "harvest now, decrypt later" attacks where adversaries collect encrypted data today to decrypt in the future.

Important note: If quantum computers ever break Q-Ledger's encryption, they will have already broken the cryptographic signatures protecting Bitcoin, Ethereum, and all other blockchains. Your backup is no more vulnerable than the blockchain itself—and likely more secure due to quantum resistance.

Both versions use quantum-safe encryption, but they differ in flexibility:

STANDARD VERSION (Free):

• Encryption: X-Wing ML-KEM-768 (quantum-safe hybrid encryption)

• Key storage: X-Wing keys locked in iOS Keychain (cannot be exported in raw format)

• Recovery: Requires Q-Ledger app on an iOS device

• Best for: Users who want simple, secure backup with maximum protection against accidental key exposure

PRO VERSION ($7.99 one-time):

• Encryption: Dual-recipient (X-Wing + ML-KEM-768)

• Key storage: X-Wing keys exportable in integrity-checked format, ML-KEM-768 keys exportable in raw format

• Recovery: Q-Ledger app OR external tools using exported ML-KEM-768 key

• Best for: Users who want multi-device access, platform independence, or comprehensive inheritance planning

IMPORTANT: Wallets stored with the Standard version CANNOT be retrieved later using external tools. Best practice is to upgrade to Pro before storing wallets, ensuring external tool compatibility is available if needed in the future—even if you don't export your keys immediately.

This is an important distinction about Q-Ledger's security model:

THE CORE SOLUTION: Q-Ledger stores your encrypted wallet backups permanently on Arweave. Your quantum-safe encryption keys are stored in iOS Keychain and sync automatically via iCloud Keychain. For MOST users, this is the complete solution—no manual key export needed.

THE TRADE-OFF WITH EXPORT: Pro users CAN export their ML-KEM-768 keys for platform independence, but this creates a new private key to secure. This is intentional—you're trading convenience for platform independence.

RECOMMENDED STRATEGIES:

Trust Apple ecosystem (Most Users): Use Pro but DON'T export keys. iCloud Keychain provides automatic sync across devices with no manual key management. This gives you maximum convenience + security.

Platform independence: Export keys if you need access outside Apple' ecosystem or don't want to rely on a single vendor. Accept the trade-off of securing another private key (encrypt exported file with strong encryption like 7-Zip AES-256).

Emergency preparedness: Upgrade to Pro NOW so your wallets use dual-recipient encryption, but delay exporting unless disaster strikes (Apple ecosystem unavailable, App Store shutdown). Think of export as "break glass in emergency" option.

The key insight: Q-Ledger + iCloud Keychain is a complete backup solution without manual key export. Export is an optional feature for specific use cases, not a requirement.

Absolutely not. Here's the complete security model:

• Your private keys are encrypted on your device before leaving your iPhone.

• Q-Ledger never receives your encryption keys—they're stored only in your device's iOS Keychain.

• The encrypted data is uploaded directly to Arweave's decentralized network, not to Q-Ledger servers.

• Even the developer cannot decrypt your wallets. The encryption keys exist only on your device.

• There are no backdoors, master keys, or recovery mechanisms that Q-Ledger controls.

The only way to decrypt your wallets is with your device's encryption keys (Standard) or your exported ML-KEM-768 key (Pro). No employee, hacker, or government agency can access your keys without physical access to your device and biometric authentication (Face ID/Touch ID).

Q-Ledger implements multiple layers of protection:

DEVICE PROTECTION:

• Encryption keys stored in iOS Keychain with .whenUnlockedThisDeviceOnly access control

• Biometric authentication (Face ID/Touch ID) required before displaying retrieved keys

• Private key displays use iOS's .privacySensitive() modifier (prevents screenshots/screen recording)

IF YOUR DEVICE IS STOLEN:

• An attacker would need to bypass your iPhone's passcode/biometric lock

• Then authenticate again with Face ID/Touch ID to view keys within Q-Ledger

• Without these, the encryption keys in Keychain are inaccessible

IF YOU EXPORTED YOUR KEYS (PRO):

• Treat exported key files like you would treat your actual cryptocurrency private keys

• Encrypt exported files using strong passwords (7-Zip AES-256, encrypted disk images, password managers)

• Store encrypted exports in secure locations (encrypted cloud storage, offline USB drives)

• Never share unencrypted key files

BEST PRACTICE: Pro users should only export keys when needed for specific

purposes (backup, inheritance planning, multi-device setup), then secure the

export file with strong encryption.