What BTX Wallet does

How your keys work

BTX is a quantum-resistant fork of Bitcoin, and BTX Wallet uses post-quantum primitives end to end. Every wallet is derived deterministically from a single 32-byte master seed, which produces two independent, standardized key pairs:

• ML-DSA (FIPS 204, the standard formerly known as CRYSTALS-Dilithium) — a lattice-based signature used for spending and day-to-day login.
• SLH-DSA (FIPS 205, formerly SPHINCS+) — a stateless hash-based signature used as the recovery key, resting on different mathematical assumptions for defense in depth.

Both public keys are committed into one btx1z address as a post-quantum P2MR output, so a quantum-hard signature can authorize a spend. This matters because Shor's algorithm — the reason a large quantum computer would break the elliptic-curve keys Bitcoin uses today — does not break lattice or hash signatures. The wallet is built so your coins stay yours even in that future.

Your master key is the whole wallet

The 32-byte seed, shown to you as a 64-character hex master key, is the only thing needed to reconstruct everything: both key pairs, the address, and full spend authority. It never leaves your device unless you choose to back it up.

• There is no account, no email, no server, and no recovery service. If you lose the master key and all your devices, the coins are gone — that is the honest trade-off of real self-custody.
• You can restore on any machine by entering the master key. The wallet does not blindly accept any 64-hex string: it re-derives and checks the resulting address, so a wrong or foreign key is rejected instead of silently creating an empty wallet.

Several wallets, one app

Keep a daily-spend wallet, a savings wallet, and a throwaway side by side. Each is fully independent — its own seed, address, and balance.

• Pick which to open from the start-screen list, which shows each wallet's name, protection kind, truncated address, and balance.
• Switch the active wallet at any time from the centered header switcher, without returning to the lock screen.
• Each wallet chooses its own protection independently: no passphrase, a passphrase, or a passkey.

Touch ID, Windows Hello, passphrase, or passkey

Whatever method a wallet uses, the 32-byte seed is sealed at rest with AES-256-GCM. What differs is where the unlocking key comes from:

• Passphrase — the key is stretched from your passphrase with Argon2id (64 MiB of memory, 3 passes), a memory-hard function chosen to make brute-forcing expensive even on GPUs. Older wallets sealed with PBKDF2 still open and are transparently upgraded to Argon2id the next time you unlock.
• Passkey — the key is minted inside your platform authenticator through the WebAuthn PRF extension: Touch ID on Mac, Windows Hello on Windows, or a hardware security key. The seed is never stored unprotected, and if PRF is unavailable the wallet fails closed rather than weakening.
• No passphrase — for a trusted personal machine, the seed stays sealed with a device-bound key for one-tap access.

Sending and receiving

Receive shows your btx1z address as a one-line, copyable string and as a QR code rendered locally — nothing is fetched to draw it.

A send builds a real post-quantum transaction: it selects UTXOs, constructs the P2MR inputs, and signs each input with its own sighash commitment using your ML-DSA key. Send all sweeps the entire balance in one transaction.

• Before anything is broadcast you see a preview — the fee, the change, and the input count — and an explicit confirm step.
• A dust guard blocks uneconomical outputs, and a hard 0.02 BTX maximum-fee clamp stops a fat-finger or a bad fee estimate from ever overpaying.

Transaction history

Every confirmed transaction is listed as RECEIVED or SENT with a signed amount, the date, the counterparty address, and a deep link to the block explorer. Direction and amount are computed locally from each transaction's vin/vout deltas against your address — the wallet works it out, it is not handed to you by a server.

Back up and move your wallet

Beyond writing down the master key, you can export a wallet to a recovery file:

• A checksummed BTX-WALLET-RECOVERY text file, written through the native OS save dialog, optionally encrypted with a separate file passphrase (AES-256-GCM).
• Restore reads it back through the native open dialog, validates the magic header and SHA-256 checksum, and refuses foreign or corrupted files — so moving a wallet between machines is easy without exposing the raw key.

Recover funds from a node wallet

If you mined or held BTX with the node (btxd) or the easyBTX built-in wallet, you can bring those funds here — with no node and no sync — from either the recovery .txt or the binary wallet.dat. Many people only kept the .dat; both work.

• It reads the post-quantum descriptor and derives every node address with the same crypto the node uses — verified byte-for-byte against btxd — then scans each address's real balance and shows the total before you move anything.
• Every extracted seed is checked against the descriptor's own fingerprint (SHA256(seed)[:4]), so a parsing slip fails closed rather than trusting a wrong key. Encrypted wallet.dat files are detected and explained, not mis-read.
• On confirmation the funds move into a wallet you already control — the same master key, not a new one — one transaction per address, with a review screen showing the exact amount, fee, and destination first.

Private by design

• The webview that draws the interface never reaches the internet. Every chain request — balance, history, broadcast — is proxied through a single Rust command, so the app has one controlled network surface: the seed stays in the front end, the network stays in the back end.
• The UI is built with safe DOM construction only. No external string is ever injected as HTML, which removes an entire class of injection bugs.
• It runs on Tauri 2 — the operating system's own webview plus a small Rust core — instead of shipping a whole browser, keeping the binary light and the attack surface small.

What's next

• A built-in light-client backend (Neutrino, BIP 157/158) so the wallet can sync against the network with compact block filters instead of relying on an explorer.
• Code signing and notarization on both platforms, which removes the first-run SmartScreen and Gatekeeper warnings.
• Shielded (SMILE) balances alongside the transparent btx1z funds shown today.