Security Architecture
How Bearby protects your assets with post-quantum cryptography
Last updated: 2026-04-13
The Quantum Threat to Cryptocurrency Wallets
All major cryptocurrency wallets today — MetaMask, Trust Wallet, Phantom, Coinbase Wallet — rely on Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve. This cryptography is secure against classical computers. However, a sufficiently powerful quantum computer running Shor's algorithm could derive a private key from a public key in polynomial time, breaking ECDSA entirely.
NIST estimates that cryptographically relevant quantum computers (CRQCs) capable of breaking 256-bit ECC may emerge within the next 10–15 years. For long-term asset security, wallets must begin migrating to quantum-resistant algorithms now — before the threat materializes.
NTRU Prime — Post-Quantum Key Encapsulation
Bearby uses NTRU Prime (specifically the Streamlined NTRU Prime variant, sntrup761) as its primary post-quantum key encapsulation mechanism. NTRU Prime was developed by Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Christine van Vredendaal.
NTRU Prime is based on the hardness of lattice problems (NTRU lattice problem), which are believed to be resistant to both classical and quantum attacks. Unlike CRYSTALS-Kyber (NIST FIPS 203), NTRU Prime avoids the algebraic structure of module lattices, offering a more conservative security foundation against potential future cryptanalytic advances.
| Property | NTRU Prime (Bearby) | CRYSTALS-Kyber (NIST FIPS 203) |
|---|---|---|
| Lattice type | NTRU (simpler structure) | Module-LWE |
| NIST standardized | Finalist (Round 4) | Yes (FIPS 203, 2024) |
| Security conservatism | Higher (avoids module structure) | Standard |
| Quantum resistance | Yes | Yes |
Symmetric Encryption — AES-256 and Kuznechik
Private key material at rest is protected by two symmetric ciphers operating in layers:
- AES-256 (NIST FIPS 197) — 256-bit Advanced Encryption Standard, the global standard for symmetric encryption used by governments and financial institutions worldwide. AES-256 provides 128 bits of post-quantum security (Grover's algorithm halves the effective key length, but 128-bit security remains computationally infeasible).
- Kuznechik (GOST R 34.12-2015) — the Russian Federal Standard 128-bit block cipher standardized by the Federal Agency on Technical Regulating and Metrology. As a second independent cipher from a different design lineage, Kuznechik provides defense-in-depth: a cryptanalytic breakthrough against AES would not automatically compromise Kuznechik, and vice versa.
Key Derivation — Argon2
User passwords and seed phrases are processed through Argon2 — the winner of the Password Hashing Competition (PHC, 2015) and the recommended password hashing function per OWASP guidelines. Argon2 is memory-hard: deriving a key requires a configurable amount of RAM, making brute-force attacks on GPUs and ASICs prohibitively expensive.
Bearby uses Argon2id, the hybrid variant that combines:
- Argon2i's resistance to side-channel attacks
- Argon2d's resistance to GPU-based brute-force attacks
On-Device Key Storage
All private keys and seed phrases are generated and stored exclusively on your device. No key material is ever transmitted to Bearby servers (there are none), third-party services, or the blockchain. Transaction signing happens locally before the signed transaction is broadcast to the network.
This architecture means:
- A breach of any server cannot expose your keys — they never leave your device
- Bearby cannot freeze, seize, or access your funds
- Zero data collection: no account, no email, no analytics
Open Source
Bearby's cryptographic core is written in Rust — a memory-safe systems language that eliminates entire classes of vulnerabilities (buffer overflows, use-after-free, data races) at compile time. The full source code is available for inspection at github.com/bearbywallet.
Independent security researchers are encouraged to review the cryptographic implementation and report any findings via GitHub Issues.
References
- NIST FIPS 197 — Advanced Encryption Standard (AES), 2001 & 2023 revision. csrc.nist.gov
- NIST FIPS 203 — Module-Lattice-Based Key-Encapsulation Mechanism Standard (CRYSTALS-Kyber), 2024. csrc.nist.gov
- Bernstein et al. — "NTRU Prime: Reducing Attack Surface at Low Cost", 2016/2019. ntruprime.cr.yp.to
- GOST R 34.12-2015 — Kuznyechik block cipher, Federal standard of the Russian Federation.
- Password Hashing Competition — Argon2 specification, 2015. github.com/P-H-C/phc-winner-argon2
- OWASP Password Storage Cheat Sheet — Argon2id recommendation. owasp.org