Qryo

Under the Hood

A short walkthrough of how Qryo protects your secrets.

The threat we're protecting against

Qryo's design starts from a simple assumption. Someone might end up holding one of your QR codes. That could mean physically, photographically, or pulled from a backup. The promise is that the code, on its own, doesn't unlock the message.

An attacker who has…
…learns
Fewer codes than the threshold
Nothing Not the message. Not whether their password guesses are right.
The threshold, but no password
Nothing For password-locked messages, brute-forcing the password is the only path forward, and it is deliberately expensive.
The password but no codes
Nothing The password isn't a secret on its own. Without enough shares to assemble the data key, there is nothing to test it against.
The threshold and the password
The message As intended. This is the legitimate-recipient case.

No server. No account. No network.

Encryption happens entirely on your phone. There is no Qryo server in the flow. There is no Qryo server at all. No sign-up, no profile, no analytics, no crash-reporting SDK. Airplane mode works. Every cryptographic claim below assumes the secret never leaves the device, because it doesn't.

How encryption happens, in one picture

Two independent inputs have to come together before the message can be encrypted. The codes you will distribute, and the password you set. Neither side is sufficient on its own.

Qryo encryption flow On encrypt, the message is compressed. A random key is split into shares. The password is strengthened through a slow function. The two derived keys are combined into a single key that encrypts the compressed message into n QR codes. Message Key Password Your message Random key made on the device Your password if you set one Compress Split into shares k-of-n Strengthen slow & memory-hungry Combine one path can't unlock Encrypt sealed & verified n QR codes · one share each
Encryption only proceeds once both paths have met at the combiner.

The building blocks

The cryptography is standard, off-the-shelf, and well-studied. The interesting bit is the combination, not the individual pieces.

  • Password strengthening. When you set a password, it goes through a deliberately slow, memory-hungry function for good reasons. Built on Argon2id , the winner of the 2015 Password Hashing Competition .
  • Secret sharing. A key can be split into pieces such that any k of them reconstruct it, and any fewer reveal mathematically nothing. Not "a little less", but information-theoretically nothing. The classical construction is Shamir's scheme  from 1979.
  • Key combination. The share-derived path and the password-derived path are merged into a single key, so neither path is sufficient on its own. A single stolen code is not a password verifier.
  • Authenticated encryption. The cipher both encrypts and signs the output, so tampering with any byte of the code's structure breaks the verification and fails the decrypt. We use standard authenticated encryption . Widely used and reviewed.

No public-key cryptography

Most "secure sharing" tools rely on public-key cryptography somewhere, whether to exchange keys, sign messages, or wrap session keys. Those algorithms (RSA, elliptic-curve Diffie-Hellman) are vulnerable to Shor's algorithm  on a sufficiently large quantum computer. Such machines don't exist today. The working assumption is that secrets being protected now should outlast their arrival.

Qryo has none. Every primitive in the section above is symmetric or memory-hard. The strongest known quantum attack against the cipher family we use is Grover's algorithm , which only halves the effective key strength. That is still well beyond any plausible attack budget. This is a structural property of the design, not a roadmap claim.

It's the little things

A handful of smaller details that round off the picture.

  • The app-switcher card is obscured. Swap to another app and iOS captures a placeholder, not your decrypted message.
  • Decrypted copies expire on a short timer and don't sync to your Mac or other devices via Universal Clipboard.
  • The keyboard doesn't learn what you type into the secret field. Your message won't reappear as a QuickType suggestion in another app later.
  • The encode password isn't offered to iCloud Keychain. No "Use Strong Password" sheet that would quietly sync your Qryo password to your Apple ID.

…and many more.