Version 1.0 — January 2026

Operation Guide

PERPETUA CRYPTOGRAPH
01

Getting Started

Perpetua Cryptograph runs on your Apple Watch. Your iPhone is the companion: it shows your portfolio and initiates transactions, but the watch is the authority. All signing and security settings changes happen on your wrist.

Requirements

  • Apple Watch Series 6 or later (watchOS 10+)
  • iPhone with iOS 17+
  • Watch passcode enabled
  • Wrist detection enabled

Phone & Watch Connectivity

Connected Disconnected ready no connection

Fig. N — Connection Indicator

The dot within the Perpetua logo indicates whether your phone has a live connection to your watch (and vice versa).

  • A green dot means connected: transactions and settings changes will work normally.
  • A red dot means disconnected: you won't be able to approve transactions until the connection is restored.

When troubleshooting, make sure both devices have Bluetooth enabled and are within range. The Apple Watch is quite clever about power saving; if you see a red dot, try raising your wrist as though you're checking the time. This is often enough to restore a live connection.

Creating a New Wallet

Creating a new wallet generates your keys on your Apple Watch and secures them with an encryption key stored in its Secure Enclave. Your wallet is assigned a serial number (like 0042 - 2026). This serial number proves your keys were generated on-device, not imported from elsewhere.

During setup, you'll be required to create and print a Recovery Sheet. This isn't optional; Cryptograph requires that your verify your backup. There's no "skip" button.

Recovering or Importing a Wallet

There are two ways to restore access to an existing wallet:

Recover Wallet Scan Recovery Sheet A Enter Seed Phrase

Fig. N — Recover Wallet options

Recover from Recovery Sheet:Tap Scan Recovery Sheet on your watch. A sheet will appear to scan the QR code with your iPhone, then enter the PIN you created when you printed the sheet. Your watch will ask you to confirm the fingerprint code printed on your Recovery Sheet to cryptographically verify that the QR code hasn't been tampered with. This restores your wallet with its original serial number and Time Lock settings.
Word 1/12 EX A C E H I O P T 23 words

Fig. N — BIP-39 word picker

Import from seed phrase: Enter your 12 or 24 words directly on your watch using the BIP-39 word picker. Rotate the Crown to select letters; matching words appear as you type. Repeat this process for each word in the seed phrase.

Imported wallets display NO SERIAL instead of a serial number, indicating their keys weren't generated on this device. You won't be required to print a new Recovery Sheet for imported wallets.

Supported Chains

Cryptograph supports the following blockchains:

  • Bitcoin (BTC)
  • Ethereum (ETH)
  • Base (Ethereum L2)
  • Solana (SOL)
  • Zcash (ZEC) - including shielded transactions

Use the Digital Crown on your watch to switch between chains.

02

Recovery Sheet

MLZBOOIG

Fig. N — Recovery Sheet

Your Recovery Sheet is an encrypted backup of your wallet. It's a printable page with a QR code that you can scan to restore your wallet on a new device.

Despite printing through your phone, your phone never sees your unencrypted keys. The QR code is generated and encrypted on your watch with your PIN - only the encrypted data is passed to your phone for printing. When recovering, your phone scans the QR but passes the data directly to your watch, where it's decrypted with your PIN.

How It Works

  1. You create a 6-10 digit PIN on your watch
  2. Your seed is encrypted with this PIN (the PIN only applies to this specific sheet; not the app, not previously printed sheets, and not sheets you print in the future)
  3. You print the encrypted QR code from your phone
  4. (During Setup Only) You verify you have the sheet by answering a question about the printed code

What's Backed Up

Your Recovery Sheet backs up more than a typical seed phrase:

  • Your serial number
  • Time Lock settings (delay and spend limit)
  • Trusted Locations (for Location Lock)

When recovering, your Time Lock settings are restored automatically. You'll be asked whether to restore Trusted Locations, since they contain personal geographic data.

Recovering

  1. Install Cryptograph on a new Apple Watch
  2. Choose "Recover"
  3. Scan the QR code with your iPhone
  4. Enter your PIN on your watch
  5. Verify the code matches your printed sheet
  6. Choose whether to restore your Trusted Locations
Keep your Recovery Sheet safe. Store it like cash or jewelry. Never photograph it. If someone has both your sheet and your PIN, they have your funds.

Seed Phrase

Settings Recovery Recovery Sheet Seed Phrase

Fig. N — Settings → Recovery

You can also view your raw 24-word seed phrase in Settings. This is less secure than the Recovery Sheet since anyone who finds your phrase immediately has your funds, but it's there if you need it for compatibility with other wallets. Cryptograph can also import raw seed phrases, but we recommend using an encrypted Recovery Sheet.

03

Time Lock

Time Lock is an anti-coercion feature. It forces a waiting period before large transactions or sensitive operations can complete.

Settings

  • Delay: Off, 1 day, 3 days, or 7 days
  • Spend Limit: The maximum you can spend within a rolling window equal to your delay period

The spend limit is a rolling cap, not a per-transaction filter. If your delay is 3 days and your limit is $1,000, you can spend up to $1,000 total over any rolling 72-hour window. Once you hit the limit, you'll need to wait for older transactions to age out before you can send more, or start the Time Lock countdown to unlock a larger send.

What's Protected

When Time Lock is enabled, the following actions require waiting through your delay:

  • Spending beyond your rolling limit
  • Viewing your seed phrase
  • Generating a Recovery Sheet
  • Changing Time Lock settings to be less restrictive

How the Timer Works

There's a single countdown for all protected actions. Start the countdown, wait, then claim one action. After that, it resets.

If you started a countdown under duress and the attacker leaves, use "Lock Now" to cancel without using your unlock.

Making it stricter is instant. You can increase your delay or lower your spend limit immediately. Making it less restrictive requires waiting through your current delay.

Location Lock

Location Lock adds geographic context to Time Lock. It enables a tighter spend limit when you're away from trusted locations, protecting against coercion scenarios where an attacker forces you away from home.

  • Away Limit: A secondary, lower spend limit that applies when you're not at any trusted location
  • Trusted Locations: Places (like Home or Office) where your normal spend limit applies

When you're at a trusted location, your normal Time Lock spend limit applies. When you're away from all trusted locations, or if GPS is unavailable, the lower Away Limit kicks in.

Managing Trusted Locations

From Settings → Location Lock:

  • Add: Tap "Trust This Location" to save your current GPS location with a name (Home, Office, or custom)
  • Remove: Swipe to delete a location from the list
Removing your last trusted location requires waiting through your Time Lock delay. This prevents an attacker from quickly clearing all locations to bypass your Away Limit.

Like Time Lock, lowering your Away Limit is instant (more restrictive), but raising it requires waiting through your delay.

04

Watch Controls

Calibers

Cryptograph has three caliber designs. Availability depends on your watch size; larger screens can fit more information. Change your caliber in Settings → Caliber (when multiple calibers are available).

Watch Size Available Calibers
Ultra (49mm) Cryptograph, Databank, Cartouche
41mm - 48mm Databank, Cartouche
40mm and below Cartouche
  • Cartouche: Minimal, clean. Inspired by classic dress watches.
  • Databank: LCD aesthetic with detailed readouts. Retro digital.
  • Cryptograph: Sub-dials showing 52-week, 24-hour, and portfolio data.

Cryptograph Caliber — Element Reference

1 A 1 Z P 1 E P 5 Q G E F I 2 D M P T F T L 5 S L M V 7 D I V F N A NO. 00059 - 2026 GENESIS EDITION Cryptograph $261.0K ZEC $68 Z 52W +10% EXP +6% 24H -1.4% Address Ring Tap → QR code Connection Indicator Serial Number Tap → Settings Fiat Balance Tap → Privacy Mode Chain Indicator Crown → Switch chain 52W Chart Tap → Expand Exposure Tap → Breakdown 24H Chart Tap → Expand Fig. 3 — Cryptograph caliber (Ultra only)

Databank Caliber — Element Reference

PERPETUA NO. 00059 · 2026 CONNECTED SECURE ENCLAVE 52W 24H 30D EXP ▸ SOLANA +4.2% $1.69M SOL: $198 86xCnPeV69n...DdaMpo2MMY CRYPTOGRAPH Serial Number Tap → Settings Connection Indicator Chain Name Crown → Switch Sparkline Charts Tap corner labels 24H Change Fiat Balance Tap → Privacy Mode Address Tap → QR Code Exposure View Tap → Breakdown Fig. 4 — Databank caliber (41mm - 48mm)

Cartouche Caliber — Element Reference

B C 1 Q S T X 0 K 3 T I N N 0 N D 5 H 6 Y M P 7 Y Z 8 A T E M P 9 9 U 9 U X B Q PERPETUA $1.35M $104,723.47 +2.3% No. 00059 · 2026 CRYPTOGRAPH Top Edge Tap → Exposure Connection Indicator Left Edge Tap → 52W Chart Asset Price Serial Number Tap → Settings Address Ring Tap → QR Code Chain Icon Crown → Switch Fiat Balance Tap → Privacy Mode Right Edge Tap → 24H Chart 24H Change Bottom Edge Tap → 30D Chart Fig. 5 — Cartouche caliber (40mm and below)

Basic Controls

  • Digital Crown: Rotate to switch between chains (BTC → ETH → Base → SOL → ZEC)
  • Tap fiat value: Toggle Privacy Mode, which redacts all monetary values (balances, transaction amounts)
  • Tap address area: Show your receive QR code
  • Tap serial number: Open Settings

Advanced Controls

Each caliber provides access to sparkline charts and exposure views. How you access them depends on your caliber.

  • 52W Sparkline: Price of the chain's native asset over the last year
  • 30D Sparkline: Price over the last month (on calibers that support it)
  • 24H Sparkline: Price over the last day
  • Exposure: Your asset exposure broken down by chain or asset class. Asset classes recognize derivatives, so liquid staking tokens like stETH count as ETH exposure. Stablecoins are a separate class. Swipe to switch between Chain and Asset views; tap again to dismiss.

Accessing by caliber:

  • Cryptograph: Tap the sub-dials on the dial face to open each view
  • Databank: Tap the labels (52W / 30D / 24H / Exp) around the display
  • Cartouche: Hidden tap targets preserve the minimal aesthetic. Tap the top edge for Exposure, right edge for 24H, bottom edge for 30D, left edge for 52W

Approving Transactions

Approve ETH via Uniswap Unlimited USDC approval requested to Uniswap V2 Router Reject Hold to Approve

Fig. N — Transaction approval

When a transaction is pending, your watch shows the details: amount, recipient, gas fee, total. Hold the green button to approve, or tap the red button to reject. The phone can reject transactions, but only the watch can approve. This is by design.

Transaction data is decoded directly on your watch, checked against a list of verified tokens and smart contracts embedded in Cryptograph itself. This trusted list can only change with a new app release; it can't be modified remotely. Verified contracts show a green banner; unverified ones show an orange warning.

Wherever possible, we decode the balance change each transaction will have on your wallet and display it clearly, so you know what you're actually agreeing to before you sign.

Complications

Cryptograph provides watch face complications so you can see your portfolio at a glance without opening the app. Available data includes:

  • Portfolio total: Your total balance across all chains
  • Portfolio change: Percentage change (24h)
  • Native token prices: BTC, ETH, SOL, or ZEC price

Add them like any other complication: edit your watch face and select Cryptograph. Complications are available in circular, corner, and inline styles to fit different watch faces.

Update timing: Complication updates are managed by watchOS power-saving measures, so they may lag behind the balances shown in the app. Open the app for the most current data.
05

iPhone App

The Cryptograph iPhone app is your companion for viewing your portfolio and initiating transactions. While the watch remains the authority (all signing happens there), the phone provides a larger screen for details.

Portfolio Overview

The home screen shows your total balance across all chains, with individual chain cards below. Each card displays the chain's balance, native token price, and a sparkline. Tap the sparkline to cycle between 24-hour, 30-day, and 52-week views. Tap a chain card to see its full details.

Chain Details

Drill into any chain to see your token holdings, balances, and transaction history. Tap a token to send or receive. Tokens are sorted by value, with spam and unpriced tokens collapsed at the bottom. Swipe left on any token to mark it as spam.

Transaction History

Your transaction history shows sends, receives, swaps, approvals, and contract interactions. Transactions are decoded to show what actually happened, not just raw blockchain data. Tap any transaction to see full details and a link to the block explorer.

Privacy Mode

Tap the portfolio total at the top of the screen to toggle Privacy Mode. All monetary values (balances, transaction amounts) are replaced with ****. Token names, transaction types, and addresses remain visible. Tap again to reveal values.

Privacy Mode on the phone is independent from the watch; each device has its own toggle.

06

Sending & Receiving

Sending

Sending is initiated from the iPhone app. You cannot start a send from the watch, but you must approve it there.

  1. Open a chain and tap a token in the iPhone app
  2. Tap Send
  3. Enter the recipient address (or scan a QR code)
  4. Enter the amount
  5. Review the transaction summary (amount, recipient, gas fee, total)
  6. Tap Approve & Send
  7. Approve on your watch by holding the green button

The watch shows the full transaction details before you approve: amount in fiat and crypto, recipient address, gas fee, and total. If something looks wrong, tap the red button to reject.

Receiving

There are two ways to get your receive address.

From the iPhone app:

  1. Tap a chain card
  2. Tap a token
  3. Tap Receive

The app contacts your watch to verify the receive address against your private keys. This guards against address poisoning attacks — if malware replaced your clipboard address, verification would fail. Look for the green "Verified by Watch" badge before sharing your address.

From your Apple Watch:

Tap the address ring (or address field) to display a QR code. Some wallets can scan this directly to fill in a recipient address. Swipe left to display your address in plain text, should you need to verify it manually.

07

WalletConnect

WalletConnect lets you use Cryptograph with decentralized apps (dApps): swap tokens on Uniswap, provide liquidity, use DeFi protocols, mint NFTs, and more. Cryptograph supports WalletConnect on Ethereum and Solana.

Connecting

  1. Open the dApp you want to use (in your browser or its native app)
  2. Select "WalletConnect" as your wallet
  3. In the Cryptograph iPhone app, tap the WalletConnect icon (top right) and scan the QR code

Signing

When a dApp requests a transaction:

  1. Your phone shows a notification
  2. Review the summary on your phone
  3. Full details appear on your watch
  4. Approve on your watch (or reject from either device)

Verified contracts show a green banner with the contract name. Unverified contracts show an orange warning. Only approve if you trust the source.

08

Security

Requirements

Cryptograph enforces strict security requirements. You cannot create or import a wallet unless both of these are enabled:

  • Watch passcode
  • Wrist detection

If wrist detection is disabled after setup, Cryptograph will block access until you re-enable it. You can still receive funds to your addresses, but you won't be able to send, sign, or access the app.

If you disable your watch passcode, watchOS will permanently destroy your keys. This is operating system behavior; the same thing happens to cards added to Apple Pay. Use your Recovery Sheet to restore.

Threat Model

Cryptograph is designed to protect against specific threats. Understanding what it does and doesn't defend against helps you make informed decisions about your security.

Your private keys are generated on your Apple Watch and secured with an encryption key stored in its Secure Enclave, a hardware-isolated security chip. Your private keys never leave your watch, other than in an end-to-end encrypted QR code when printing your Recovery Sheet.

Cryptograph helps protect you against:

  • Compromised phone: Malware on your iPhone cannot sign transactions, because your private keys are not on the device.
  • Phishing dApps: Every transaction is decoded and displayed on your watch before signing. Contracts are checked against a hardcoded registry in in the app. You see exactly what you're approving, not what the dApp claims.
  • Remote attackers: Keys exist only in your Apple Watch Keychain and Secure Enclave. There's no server to breach, no cloud backup to steal, no remote access to exploit.
  • Coercion and panic signing: Time Lock forces a waiting period before large transactions. An attacker can't drain your wallet in a single encounter.
  • Lost or stolen iPhone, Apple Watch in your possession: Your funds remain secure. The phone is just a display; the watch holds the keys.
  • Lost or stolen Apple Watch, iPhone in your possession: Your funds remain secure. Only your paired iPhone can propose transactions to its Apple Watch, and your watch must have a passcode. Brute-force attempts on Apple Watches are specifically designed to be time-consuming and difficult. For further peace of mind, you can turn on a Setting which erases your Apple Watch after repeated failed attempts.
  • Lost or stolen Apple Watch and iPhone: Your funds remain secure, unless the the thief also coerces you to reveal both your Apple Watch passcode and your iPhone passcode.
Zcash privacy note: For Zcash, your iPhone stores a Unified Full Viewing Key (UFVK) that allows it to read your shielded balances and transaction history. If your phone alone is stolen and unlocked, an attacker could see your Zcash balances — though they still cannot spend your funds without your watch.

Cryptograh cannot protect you against:

  • Physical possession + sustained coercion: If an attacker has your watch and can compel you to approve transactions for a sustained period longer than your Time Lock delay, they can eventually coerce you to access funds. Time Lock buys time; it doesn't make you invincible.
  • Weak Recovery Sheet storage: If someone finds your Recovery Sheet and guesses your PIN, they have your wallet. Store it securely, never photograph it or store it online, and choose your PIN wisely.
  • watchOS platform compromise: Cryptograph trusts watchOS and the Secure Enclave. A fundamental compromise of Apple's security architecture would affect us. There has been no public Apple Watch jailbreak since 2018 / Apple Watch 3 / watchOS 3.1.3; however, this doesn't mean that no such exploit exists.

Cryptograph Does Not Use Cloud Backups

Your wallet keys are stored with settings that prevent them from being included in any backup, iCloud, iTunes, or otherwise. This is intentional. Your keys exist only on your watch and in your Recovery Sheet.

This means watchOS backup and restore will not transfer your wallet to a new watch. You must use your Recovery Sheet.

Recovery Scenarios

Watch lost, stolen, or destroyed:

Your keys are gone with the watch. Use your Recovery Sheet to restore your wallet on a new Apple Watch. Your phone cannot sign transactions; it never held your keys.

Zcash privacy note: While your phone cannot spend funds, it does hold a viewing key for Zcash. If you lose your phone and the attacker can unlock it, consider that your Zcash balance and transaction history could be visible to whoever has it.

Phone lost, stolen, or destroyed:

Your keys are still on your watch, but pairing a new iPhone requires unpairing your watch, which erases your keys. Use your Recovery Sheet to restore your wallet after pairing with the new phone.

Upgrading to a new watch:

Your keys do not transfer via watchOS backup; they're excluded by design. Use your Recovery Sheet to restore your wallet on the new watch.

Upgrading to a new phone:

Pairing your watch with a new iPhone requires unpairing it first, which erases your watch. Use your Recovery Sheet to restore your wallet after pairing with the new phone.

Imported Wallets

If you import a wallet using a seed phrase (instead of a Recovery Sheet), your wallet displays NO SERIAL instead of a serial number. This indicates the keys weren't generated on-device and their provenance can't be verified.

Why does provenance matter? With a Cryptograph-generated wallet, your keys are exported only as an encrypted Recovery Sheet, unless you view your seed phrase on the watch and deliberately copy it to another medium. This means there's far less possibility of your private key existing somewhere else on the Internet, vulnerable to a leak or exploit, or loss of control of cleartext physical copies. An imported wallet doesn't have this guarantee.

Want the technical details? See our Technical Security Overview for a deep dive into key management, Secure Enclave encryption, signing authorization, and cryptographic design.

Questions? Email support@perpetua.watch