$QRYPT.
The wallet for after Q-Day.

The cryptography under every wallet on Solana and Ethereum was designed for a world without quantum computers. That world is ending.

Solana signs every transaction with Ed25519. Ethereum and every EVM chain sign with ECDSA. Both are elliptic-curve schemes whose safety rests on a single mathematical assumption: a classical computer cannot derive a private key from a public key in practical time. Shor's algorithm breaks that assumption on a sufficiently large quantum computer, in polynomial time, for both.

Qrypt is a post-quantum wallet built from scratch on NIST's 2024 standardised lattice signatures: Falcon (FIPS 206) for Solana, CRYSTALS-Dilithium (FIPS 204) for the EVM, and SPHINCS+ (FIPS 205) as a conservative hash-based fallback. It signs across Solana and every EVM chain. Every signature it produces is verifiable today and survivable tomorrow.

$QRYPT is the utility token of the Qrypt ecosystem, an SPL token on Solana. It pays for hardware, discounts relayer fees, gates priority access to limited-run devices, and prices the post-quantum signing SDK that protocols can build on. It is not a claim on revenue, not a governance vote, and not a yield instrument.

Every public key broadcast to a Solana or Ethereum block is on chain forever. Q-Day turns each one into a recoverable private key.

How a classical wallet signs

A wallet picks a random private key and derives a public key on an elliptic curve: secp256k1 on the EVM, Curve25519 on Solana. To send a transaction, the wallet signs the transaction hash with the private key, producing an ECDSA or Ed25519 signature. A node verifies the signature using the public key and admits the transaction.

The security claim is that no classical algorithm can recover the private key from the public key faster than brute force. For classical hardware in 2026, that claim still holds. It will not hold against a cryptographically relevant quantum computer (CRQC).

The Shor break

Shor's algorithm, run on a sufficiently large quantum computer, computes the discrete logarithm in polynomial time. For ECDSA on secp256k1 and Ed25519 on Curve25519 alike, this means deriving the private key from a known public key. Recent estimates place the quantum resource requirement at roughly 2,000 logical qubits, achievable inside the decade on the published roadmaps of leading quantum hardware programmes.

Why the blockchain makes this worse

In a classical setting, exposing your public key is harmless. On chain, every signed transaction reveals the public key, and the ledger is permanent. The blockchain is a public registry of every key that has ever signed. A CRQC turns that registry into a list of stealable accounts. Solana's throughput makes it worse still: it exposes more public keys in a day than Bitcoin does in a month.

Approximately 6.9 million BTC, a comparable fraction of the ETH supply, and the entire active SOL supply sit in addresses with exposed public keys. Adversaries are recording chain data today and will run the Shor reduction the day the hardware exists. The cryptography community calls this "harvest now, decrypt later." It is already happening.

Why a retrofit is not enough

MetaMask, Phantom, Coinbase Wallet, and every other consumer wallet of consequence is engineered around its classical curve at the lowest layer of the signer. Bolting a post-quantum signature alongside is possible. It is also a second attack surface, a second trust model, and a permanent migration debt.

Qrypt was built post-quantum on day one and exposes the classical curves only as a compatibility shim. The default signature on a Qrypt transaction is a lattice signature. ECDSA or Ed25519 rides along to satisfy verifiers that still expect it. When a chain drops its classical curve, Qrypt drops the shim. Nothing in the user model changes.

Three signing surfaces, one post-quantum key model, every signature governed by what NIST standardised.

One key model

A Qrypt account derives a lattice keypair per chain: Falcon on Solana, Dilithium-3 on the EVM. The private key never leaves the device that generated it. Three product surfaces, the cold wallet, the mobile app, and the browser extension, sign against this same model. There is no second account, no second backup, no second mental model.

Hybrid signing as the migration path

Until every chain natively verifies a lattice signature, Qrypt signs with both the classical and the lattice scheme. On the EVM the transaction carries an ECDSA component plus a Dilithium component; on Solana, an Ed25519 component plus a Falcon component. A Qrypt-aware verifier accepts only when both validate; a classical verifier sees a standard transaction. The security of the transaction is the stronger of the two schemes.

Hybrid mode is the default for v1. As verifiers upgrade across both ecosystems, hybrid becomes optional and lattice-only the default.

What this is not

Qrypt is not a new chain, a new layer-2, or a new consensus mechanism. The cryptography is what changes. Block structure, fee markets, program and contract interfaces, and everything users touch about Solana and the EVM stays exactly the same. Qrypt is the signer, not the chain.

Lattice signatures chosen per chain, plus the classical curves they replace. Standardised by NIST in 2024.

Falcon

An NTRU-lattice signature with the smallest signature size of any standardised post-quantum scheme, standardised by NIST as FIPS 206. Its compactness fits Solana's high throughput, where every byte on chain counts. Qrypt signs Solana transactions with Falcon.

CRYSTALS-Dilithium

A lattice signature whose hardness rests on Module Learning With Errors (MLWE). MLWE has no known quantum shortcut and survives decades of cryptanalysis attention as part of NIST's post-quantum selection process. Dilithium-3 is the NIST-recommended security level (roughly equivalent to AES-192). Qrypt signs EVM transactions with Dilithium-3.

SPHINCS+ 128f

A stateless hash-based signature with no algebraic structure. The conservative choice: if cryptanalysis weakens a lattice scheme over the next decade, SPHINCS+ remains intact, because its security reduces only to hash-function preimage resistance. Qrypt makes SPHINCS+ available as a user-selectable long-term vault signer on either ecosystem, for keys that hold value over multi-decade horizons.

The hybrid envelope

Every Qrypt transaction in v1 carries a hybrid envelope: the chain's classical signature concatenated with a post-quantum signature, bound to the same transaction hash. A verifier that understands the envelope accepts only when both validate. A verifier that does not understand it sees a standard signature.

Three surfaces, one signer. Cold for custody, mobile for daily use, the browser extension for the dApps that already exist.

Cold wallet

An air-gapped hardware wallet. Custom secure element targeted at EAL6+, mono display, QR-only data path. No USB, no Bluetooth, no NFC. The cold wallet signs a Solana or EVM transaction by scanning the QR your phone or extension presents, displays the decoded transaction on its own screen, and returns the signed transaction as a QR. The seed never leaves the device. The device never opens a network connection.

• Falcon (Solana) and Dilithium-3 (EVM) signing on-device
• SPHINCS+ available as a long-term fallback
• EAL6+ target secure element, tamper-evident and anti-glitch
• Open, reproducible firmware: verify before you flash
• 2.4-inch monochrome display for on-device confirmation
• BIP-39 or Shamir recovery, user choice
• Ships Q4 2026, 5,000 first-run units

Qrypt Mobile

A native iOS and Android wallet. Pairs with the cold wallet over QR for hardware signing, or runs standalone with hybrid keys for daily use. The mobile app holds the portfolio view, the on-ramp (Apple Pay, SEPA, third-party aggregators), the swap interface, and the optional debit-card spend integration.

• iOS and Android, native code on both platforms
• Solana and every EVM chain in one feed
• Standalone hybrid keys or paired with the cold wallet
• Buy, spend, and swap interfaces unified on one signer
• TestFlight and Play Store internal track in Q3 2026

Qrypt Wallet

A browser-toolbar wallet for Chromium, Firefox, and Safari. Replaces the classical-only wallet you have today with one that signs the same provider surface using a post-quantum signature underneath. Existing Solana and EVM dApps see a wallet. The signature they receive is hybrid.

• Chromium, Firefox, Safari from one codebase
• EIP-1193 and Solana wallet-standard providers, no dApp changes required
• QR pairing with the cold wallet for hardware-backed signing
• Plain-language transaction decoding before every signature
• Public beta in Q3 2026

$QRYPT is the utility token of the Qrypt ecosystem, an SPL token on Solana. Fairly launched, no team supply, no insider allocation.

Fair launch

One billion $QRYPT, fixed supply, no inflation. There is no team allocation, no advisor allocation, and no team vesting schedule. The token launches into the open market on Solana, and the team buys from the same market as everyone else.

Revenue share

Qrypt apps earn fees: relayer fees, swap routing, on-ramp margin, and hardware sales. Half of that revenue is shared back with the community of $QRYPT holders and stakers. The other half funds development, infrastructure, audits, and the cold wallet program. The exact distribution mechanism, by holding, by staking, or both, is finalized at launch.

• 50% of wallet fee revenue to holders and stakers
• 50% to development and infrastructure

Utility

• Hardware discount: pay for QRYPT.COLD in $QRYPT for a price cut
• Fee credits: hold $QRYPT to reduce fees on transactions sent through Qrypt apps

Post-quantum migration is not a niche. It is the entire crypto industry over the next decade, and the consumer wallet market has no incumbent.

The digital-asset market sits above $3 trillion. Solana and the EVM ecosystems account for the majority of active wallets and daily transactions, and every one of them rides on cryptography that quantum computing will eventually break. The post-quantum signature transition is not a discretionary upgrade; it is a mandatory one on a compressing timeline.

The conditions are unusual. NIST has standardised the cryptography. Regulators in the United States, the European Union, and Singapore have signalled post-quantum resilience as a future compliance requirement. The infrastructure migration has started in adjacent industries (TLS, SSH, government communications) but no consumer-facing post-quantum wallet has reached general availability. The window for a default product is open and shrinking.

Cryptocurrency carries real risk. Read this section.

$QRYPT is a utility token, not a representation of equity in Qrypt Labs. The revenue share described in section 06 is a protocol mechanism funded by wallet fees; it is not a promise of profit, and its final mechanism and availability depend on the regulatory constraints of your jurisdiction. Nothing in this document is investment, legal, or tax advice. Participate only where lawful.

Post-quantum cryptography is a young field by the standards of cryptographic practice. The schemes Qrypt deploys are NIST-standardised in 2024 and considered safe under current cryptanalysis, but no mathematical assumption is risk-free. Qrypt mitigates this by maintaining parallel signers (Falcon, Dilithium, and SPHINCS+, alongside ECDSA and Ed25519 in hybrid) so that the weakening of any one scheme does not compromise the wallet's ability to sign.

Hardware wallets carry hardware risk. Supply chains, secure-element vendors, and firmware signing keys are all attack surfaces. Qrypt addresses these with an EAL6+ target part, reproducible firmware builds, and a tamper-evident enclosure. None of these eliminate hardware risk; they reduce it.

This document describes Qrypt as of May 2026. Specifications, timelines, and token mechanics are subject to change as the protocol moves from testnet to mainnet. Material changes will be published as revisions to this document.