CryptPeer Glossary — Technical Definitions & Terminology

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

AEAD (Authenticated Encryption with Associated Data)

Definition: Authenticated encryption with associated data. Combines encryption and authentication in a single operation, guaranteeing confidentiality and integrity.

In CryptPeer: CryptPeer® uses AEAD algorithms (AES-256-GCM, ChaCha20-Poly1305) for message and file encryption.

APT (Advanced Persistent Threat)

Definition: Sophisticated persistent threat. Attacker who maintains a long-term presence in a network to exfiltrate data or sabotage systems.

In CryptPeer: Sovereign architecture, E2E encryption, and absence of a single central point reduce attractiveness and attack surface against APTs.

A2 Export Control

Definition: European regulation (Annex II) on export control of dual-use goods (civil/military), including cryptographic technologies.

In CryptPeer: CryptPeer® complies with the A2 framework and provisions applicable to dual-use encryption technologies.

AES-256-GCM

Definition: Advanced Encryption Standard symmetric encryption algorithm with 256-bit key in Galois/Counter Mode (GCM). Provides both encryption and data authentication.

In CryptPeer: CryptPeer® uses AES-256-GCM for message, file, and metadata encryption. This mode guarantees data integrity and confidentiality.

Sovereign Language Assistance

Definition: Genuine sovereign free Translator tool and multilingual writing assistance (50+ languages) integrated into the communication system, fully self-hosted and operating offline, with no text sent to cloud services or external AIs.

In CryptPeer: CryptPeer® integrates a genuine sovereign free Translator tool for messaging and e‑mail, aligned with Sovereignty by Design and Operator Exclusivity. Compatible with voice recognition (Android/Apple) for text input; file import (.txt, .odt, .docx, .pptx, .pdf, etc.) with embedded OCR. Voice recognition also enables auto‑typing for messages and e‑mails. No leakage to LLMs or cloud translators — cybersecurity and confidentiality gain, especially when traveling abroad.

Air-gap

Definition: Computer network physically isolated, without connection to the Internet or other external networks. Also called "closed network" or "isolated network".

In CryptPeer: CryptPeer® can operate in air-gap mode, enabling secure communications in a completely isolated environment, without any Internet connection.

Sovereign Architecture

Definition: Independent IT architecture, without dependence on external providers, cloud services, or third-party intermediaries. Ensures total control of data and infrastructure.

In CryptPeer: CryptPeer® is based on a sovereign architecture: zero intermediaries, zero delegation, zero collection. The user maintains total control of their infrastructure.

Self-hosted

Definition: Solution where the user hosts and controls the infrastructure themselves (server, data) on their own equipment, without depending on an external service.

In CryptPeer: CryptPeer® is 100% self-hosted. The relay server can be installed on your own infrastructure, from Raspberry Pi 5 to enterprise server.

B

Encrypted Backup 3.2.1

Definition: Redundant backup strategy: 3 copies of your data, on 2 different media types, including 1 off-site copy. All backups are encrypted.

In CryptPeer: Redundant encrypted backup system allowing you to back up your data across multiple media (USB, SSD, cloud, NAS, external drive). Automatic timestamping prevents overwriting.

Reinforced sovereign bubble

Definition: Sovereign bubble with additional mechanisms: link failover, automatic purge, autonomous relay server backup, operational continuity.

In CryptPeer: A reinforced sovereign bubble combines a sovereign autonomous server with an autonomous relay server and failover mechanisms.

Sovereign bubble

Definition: Autonomous perimeter of infrastructure and governance, operated by an entity, where communications and data remain under sovereign control (rules, access, operations, continuity).

In CryptPeer: A sovereign bubble can be embodied by a sovereign autonomous server, reinforced by an autonomous relay server and failover mechanisms.

Link failover

Definition: Continuity mechanism that switches relay/access points without long service interruption, to keep communications running in constrained environments.

In CryptPeer: Link failover enables continuity across multiple sovereign relays, aligned with server-hopping and multi-server management.

C

ChaCha20-Poly1305

Definition: AEAD encryption algorithm combining ChaCha20 stream cipher and Poly1305 MAC. Fast alternative to AES-GCM, especially on hardware without AES acceleration.

In CryptPeer: ChaCha20-Poly1305 can be used for communication encryption, compatible with WireGuard.

Civil/Military

Definition: Dual-use dimension of technologies: applicable to both civil (business, individuals) and military (defense, intelligence) uses.

In CryptPeer: CryptPeer® fits a civil/military approach: secure messaging for all, compatible with regalian requirements.

Authenticated Encryption

Definition: Encryption mode that simultaneously guarantees confidentiality and integrity of data. Detects any unauthorized modification.

In CryptPeer: AES-256-GCM and ChaCha20-Poly1305 provide authenticated encryption for all content.

Hybrid Cryptography

Definition: Combination of classical and post-quantum algorithms to ensure security against quantum computers while maintaining compatibility.

In CryptPeer: CryptPeer® applies a quantum-informed approach (AES-256, SHA3-512) providing quantum resilience by design (symmetric) and remaining compatible with future PQC hybridization if needed.

Encryption

Definition: Process of transforming readable data (plaintext) into unreadable data (ciphertext) using an algorithm and a key. Only the key holder can decrypt the data.

In CryptPeer: All messages, files, and metadata are encrypted before transmission. Encryption is performed on the user's device; the server never sees plaintext content.

See also: Decryption, E2E, Over-encryption

Ephemeral Key

Definition: Temporary encryption key, used once or for a limited duration, then destroyed. Each message uses its own unique key.

In CryptPeer: Ephemeral key system per message: each message is encrypted with a unique key. Compromising one message provides no information about others.

Segmented Key

Definition: Key management system where a master key is derived into several distinct keys, one per conversation or group. Patented system in CryptPeer®.

In CryptPeer: Each conversation/group has its own derived key. Combined with ephemeral keys per message, this ensures total isolation between conversations.

Shared Key

Definition: Key derived deterministically for a conversation or group, enabling E2E encryption without key exchange between participants. All participants derive the same key independently.

In CryptPeer: The shared key is derived via PBKDF2 (100,000 iterations) from user and conversation/group identifiers. Message format: Base64(IV + ciphertext + authTag). Exported file format: [Salt][IV][Ciphertext].

Typological Isolation

Definition: Strict separation of communication flows by categories or user types. Each category is isolated and cannot access others.

In CryptPeer: Access is strictly controlled by categories. A user in one category cannot see or communicate with users in other categories, ensuring opposable separation of flows.

CryptPeer Defense

Definition: Specialized version of CryptPeer® reserved for regalian uses. Autonomous service with its own engine and optimized relay server. Learn more →

Features: Segmented and ephemeral key encryption, tunnel mode, end-to-end volatile memory, RAM-only encryption, volatile key management, zero logs, total absence of exploitable metadata and persistent digital traces. No storage: tunneled encryption with direct transfer of encrypted messages and files without storage.

Closed Network

Definition: Isolated computer network, without connection to the Internet or other external networks. Synonym of air-gap network.

In CryptPeer: CryptPeer® can operate on a local closed network, in local-only mode, without any Internet connection.

Cyberattack

Definition: Malicious computer attack aimed at compromising, disrupting, or destroying computer systems, networks, or data. Cyberattacks can target critical infrastructure, email servers, user accounts, or sensitive data.

In CryptPeer: CryptPeer®'s sovereign architecture, with its autonomous servers, end-to-end encryption, and absence of a single central point, significantly reduces the attack surface and the likelihood of successful compromise.

Compromise

Definition: Situation where a system, account, or data has been accessed, modified, or controlled by an unauthorized attacker. Compromise can result from an exploited vulnerability, a hacked account, or an intrusion into a server.

In CryptPeer: Even if a relay server were compromised, data remains protected thanks to end-to-end encryption. The server never sees plaintext content, and the federated architecture allows isolation between sovereign bubbles.

D

Defensive doctrine

Definition: Design approach prioritizing protection and resilience against threats. Minimizes attack surface and limits impact of compromise.

In CryptPeer: CryptPeer® integrates a defensive doctrine: E2E encryption, segmented keys, zero exploitable metadata, federated architecture without single point of failure.

Dual-Use

Definition: Character of a technology applicable to both civil and military uses. Subject to export control (A2).

In CryptPeer: CryptPeer® is a dual-use technology: secure messaging for businesses and individuals, compatible with regalian requirements.

Decryption

Definition: Reverse process of encryption: transformation of encrypted data (unreadable) into readable data (plaintext) using the appropriate key.

In CryptPeer: Decryption is performed only in volatile memory (RAM) on the user's device. No decrypted data is stored persistently.

E

ECC (Elliptic Curve Cryptography)

Definition: Cryptography using mathematical properties of elliptic curves for shorter keys than RSA at equivalent security.

In CryptPeer: ECC can be used for key exchange and signatures. Ed25519 (Curve25519) is used in WireGuard.

Ed25519

Definition: Digital signature algorithm based on Curve25519. Fast, secure, and resistant to side-channel attacks.

In CryptPeer: Ed25519 is used by WireGuard for key exchange and signatures, ensuring peer authentication.

Entropy

Definition: Measure of unpredictability or randomness of a source. High entropy is required to generate secure cryptographic keys.

In CryptPeer: Master passphrase and ephemeral keys are derived from high-entropy sources. PBKDF2 and HKDF use entropy to strengthen keys.

Operator Exclusivity

Definition: Principle where a single operator controls and manages their CryptPeer infrastructure, without sharing or delegating to third parties.

In CryptPeer: CryptPeer® relies on operator exclusivity: each organization operates its own relay server, ensuring data sovereignty.

E2E (End-to-End)

Definition: End-to-end encryption. Data is encrypted on the sender's device and decrypted only on the recipient's device. No intermediary (server, provider) can see plaintext content.

In CryptPeer: All messages, audio/video calls, and files are E2E encrypted. The relay server never sees plaintext content; it only relays encrypted data.

EviEngine

Definition: Freemindtronic technology that enables automation of actions in web services without using servers or databases. Allows hardware-based software license management, not based on a person's identity. Learn more about EviEngine.

In CryptPeer: EviEngine is embedded in CryptPeer® for license management without servers or databases. The license system is based on the computer's motherboard serial number, preserving anonymity since the license is linked to hardware and not identity. CryptPeer® can thus operate in local network even offline, without dependency on external services.

Data Exfiltration

Definition: Process by which an attacker transfers stolen data from a compromised system to an external server controlled by the attacker. Exfiltration is often the final objective of a cyberattack.

In CryptPeer: Thanks to end-to-end encryption, even if an attacker managed to exfiltrate data from a relay server, it would remain unreadable without the decryption keys held only by users.

F

2FA (Two-Factor Authentication)

Definition: Authentication combining two distinct factors: knowledge (password, passphrase) and possession (device, HSM, NFC key).

In CryptPeer: CryptPeer® offers two-step verification via TOTP code (Time-based One-Time Password). Compatible with all TOTP key management software, including PassCypher HSM PGP and PassCypher NFC HSM (SHA1, SHA256, SHA512 algorithms). Enable from user profile. Can be combined with HSM (PassCypher, EviKey NFC) for keyboard-free secure entry.

G

Masked groups

Definition: Discussion groups where participants can remain masked or anonymous. Identities are not exposed to other group members.

In CryptPeer: CryptPeer® allows masked groups, combining masked mode and typological isolation for sensitive uses.

Storage management

Definition: Set of rules and mechanisms controlling data persistence (retention, volumes, priorities, rotation, deletion) to optimize security and continuity.

In CryptPeer: Storage management works with automatic purge and the objectives “zero trace / zero actionable metadata”, depending on the operating modes.

H

HMAC (Hash-based Message Authentication Code)

Definition: Message authentication code based on a hash function. Guarantees integrity and authenticity of data.

In CryptPeer: HMAC-SHA256 is used in PBKDF2 and HKDF for key derivation. ChaCha20-Poly1305 integrates a similar MAC (Poly1305).

HKDF-SHA3-512

Definition: HKDF using SHA3-512 as hash function. Offers enhanced security and superior quantum resistance to HKDF-SHA256.

In CryptPeer: HKDF-SHA3-512 is used for conversation key derivation, ensuring reinforced cryptographic isolation.

HSM (Hardware Security Module)

Definition: Hardware security module, physical device dedicated to secure management of cryptographic keys and encryption operations. Offers superior protection to software solutions.

In CryptPeer: CryptPeer® is compatible with PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP and NFC HSM to over-encrypt data, messages and files upstream before sending. The master passphrase (> 256 bits) can be stored in an HSM.

I

ICE (Interactive Connectivity Establishment)

Definition: Protocol allowing two peers to establish a direct connection by combining STUN and TURN to traverse NATs and firewalls.

In CryptPeer: WebRTC uses ICE for P2P audio/video calls. The relay server can provide STUN/TURN servers for NAT traversal.

Insider Threat

Definition: Threat from a person with legitimate system access (employee, administrator) who abuses their privileges.

In CryptPeer: E2E encryption and segmented keys limit insider threat impact: the server does not hold decryption keys.

Network Undetectability

Definition: System's ability to avoid detection by network monitoring tools, traffic analysis, or filtering. Communications are difficult to trace, block, or censor.

In CryptPeer: Thanks to systematic encryption, local-only mode, isolation, and P2P architecture, CryptPeer® reduces the attack surface and makes detection complex.

Instant Obsolescence

Definition: Security mechanism where a message's key becomes invalid immediately after an interface or system event (tab change, window, scroll, etc.).

In CryptPeer: The message key becomes invalid at any interface/system event. This ensures that once a message is read, it cannot be re-decrypted without a new user action.

J

No terms yet.

K

KDF (Key Derivation Function)

Definition: Key derivation function. Transforms a master key or secret into one or more cryptographic keys. CryptPeer uses PBKDF2-HMAC-SHA256, HKDF-SHA256 and HKDF-SHA3-512.

In CryptPeer: KDFs derive conversation keys from the master passphrase, ensuring cryptographic isolation between conversations and messages.

KUBB Secure Mini Fanless

Definition: French fanless (no-fan) mini-computer, ultra-compact and low-power. Available in N150 and i3-N300 models. Ideal for hosting CryptPeer servers.

In CryptPeer: KUBB Secure Mini is tested and recommended to host CryptPeer. Enables a sovereign, autonomous, and portable deployment—ideal for sensitive environments.

L

LAN (Local Area Network)

Definition: Local network limited to a site (building, office, operational area), used to connect devices within a restricted perimeter.

In CryptPeer: CryptPeer® can operate over LAN (including an isolated intranet), supporting local continuity and operational sovereignty.

N

NAT traversal

Definition: Techniques allowing peers behind NATs or firewalls to establish direct connections. Uses STUN to discover addresses and TURN as relay fallback.

In CryptPeer: WebRTC and ICE ensure NAT traversal for P2P audio/video calls. The relay server can provide STUN/TURN servers.

NIST PQC (Post-Quantum Cryptography)

Definition: Post-quantum cryptography standards published by NIST. Algorithms designed to resist quantum computers.

In CryptPeer: CryptPeer® uses a quantum-informed approach (AES-256, SHA3-512). Architecture allows evolution toward NIST PQC algorithms (ML-KEM, ML-DSA) for hybrid cryptography.

Collaborative notes

Definition: Feature allowing multiple users to create and edit shared notes in real time, end-to-end encrypted.

In CryptPeer: CryptPeer® offers encrypted collaborative notes, integrated with messaging, with group isolation.

NAS (Network Attached Storage)

Definition: Network storage server, a device connected to a local network that allows sharing files and data between multiple devices.

In CryptPeer: CryptPeer® can be deployed on a Linux-compatible NAS, enabling centralized/self-hosted deployment of the relay server.

Local-only mode

Definition: Operating mode where the system runs only on a closed local network, without Internet connectivity. All communications remain within the private network.

In CryptPeer: CryptPeer® can run entirely in local-only mode via a private Wi-Fi network (closed AP Wi-Fi, no SIM/Internet). Ideal for sensitive environments and air-gapped networks.

Hidden mode (CryptPeer Hidden)

Definition: Autonomous CryptPeer® mode where everything stays encrypted on screen by default. The user can selectively decrypt a conversation via a padlock button, and it automatically re-encrypts.

Benefit: Dramatically reduces the ability to capture an entire conversation, even with shoulder-surfing or screenshots.

M

MITM (Man-in-the-Middle)

Definition: Attack where the attacker intercepts between two communicating parties to intercept or modify exchanges.

In CryptPeer: E2E encryption and peer authentication (Ed25519) make MITM ineffective: the attacker cannot decrypt or forge without the keys.

Threat Model

Definition: Formal representation of threats a system may face, including actors, capabilities, and attack scenarios.

In CryptPeer: CryptPeer® is designed to resist: MITM, APT, insider threat, replay attack, targeted phishing, server compromise.

See also: Cyberattack, APT, Insider threat

Metadata

Definition: Data that describes other data: who, when, where, with whom. Examples: sender, recipient, date/time, file size, IP address.

In CryptPeer: CryptPeer® encrypts all metadata upstream. Zero exploitable metadata is visible server-side. The server cannot know who communicates with whom, or when.

Local-only Mode

Definition: Operating mode where the system works only on a closed local network, without Internet connection. All communications remain in the private network.

In CryptPeer: CryptPeer® can operate entirely in local-only mode, via a private Wi-Fi network (closed AP Wi-Fi, without SIM/Internet). Ideal for sensitive environments and air-gap networks.

Masked Mode (CryptPeer Masked)

Definition: Autonomous mode of CryptPeer® where all data remains encrypted on screen by default. The user can selectively decrypt a conversation via a padlock button, which automatically re-encrypts.

Advantage: Significantly reduces the possibility of capturing the entire conversation, even in case of prying eyes or screenshots.

O

Over-encryption

Definition: Application of an additional layer of encryption on already encrypted data. Double cryptographic protection.

In CryptPeer: CryptPeer® is compatible with HSMs (PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP) to over-encrypt data, messages and files upstream before sending.

P

Peer Negotiation

Definition: Process by which two peers establish a secure connection: key exchange, mutual authentication, parameter negotiation.

In CryptPeer: WebRTC and ICE handle peer negotiation for audio/video calls. Signaling passes through the relay server (blind); content remains E2E encrypted.

Targeted phishing

Definition: Phishing attack targeting a specific person or organization. Uses personal information to deceive the victim.

In CryptPeer: Absence of exploitable metadata server-side limits information available for targeted phishing. HSM authentication (2FA) strengthens protection.

Post-Quantum readiness

Definition: Ability of a system to evolve toward post-quantum cryptography (NIST PQC) without major architecture change.

In CryptPeer: CryptPeer® is designed for quantum resilience by design (symmetric: AES-256, SHA3-512) and for PQC readiness: the architecture can evolve toward hybrid schemes (NIST PQC) if needed, without major redesign.

PBKDF2-HMAC-SHA256

Definition: PBKDF2 using HMAC-SHA256 as pseudo-random function. Key stretching standard to derive keys from passwords.

In CryptPeer: PBKDF2-HMAC-SHA256 derives the master key from the passphrase, with configurable iteration count.

P2P (Peer-to-Peer)

Definition: Decentralized network architecture where each node (peer) can be both client and server. No central server; communications pass directly between peers.

In CryptPeer: CryptPeer® is based on a sovereign P2P architecture. Voice/video communications pass directly between peers, without central server or intermediary. The relay server only facilitates the initial connection.

Passphrase

Definition: Secret phrase used to generate or derive cryptographic keys. Longer and more secure than a simple password.

In CryptPeer: The master passphrase (> 256 bits) can be stored in an HSM (PassCypher NFC HSM or PassCypher HSM PGP). Modifiable at will without message loss thanks to the ephemeral key system.

Q

Quantum resilience (by design)

Definition: Ability of a cryptographic system to resist attacks by quantum computers. Symmetric algorithms (AES-256) and hash functions (SHA-256, SHA3-512) provide natural quantum resistance.

In CryptPeer: CryptPeer® uses a “quantum-informed” architecture: AES-256-GCM, SHA-256, SHA3-512, and 256+ bit keys provide natural resistance to quantum attacks (Grover’s algorithm). Segmented keys limit the impact of any future compromise.

R

Sovereign ROI — Methodology and calculation basis (2026)

Definition: The KPI “Sovereign ROI +170% over 36 months” is derived from an accounting expertise approach, not a marketing view. It is based on a comparative TCO (Total Cost of Ownership) study between CryptPeer® On-Prem and an equivalent SaaS stack.

Calculation basis:

Reference SaaS stack (Olvid Business + Proton Business Suite + BlueFiles): indicative cost ≈ €27.65/user/month (public sources 2026), i.e. ≈ €1,000/user over 3 years.
CryptPeer On-Prem (Sovereign Total pack, 3 years): catalogue price €750/user, with volume discounts (25–99 users: −35%; 100–499: −50%; 500+: −55%). Typical scenario 100 users: €375/user/3 years.
ROI formula: ROI = (TCO Savings / CryptPeer Investment) × 100. With 100 users: Savings = €100,000 − €37,500 = €62,500; Investment = €37,500; ROI = 62,500 / 37,500 ≈ 167% → rounded to +170%.

In CryptPeer: This methodology establishes proof that the sovereign ROI +170% is a verifiable and traceable indicator, consistent with an accounting expertise approach.

Key Stretching

Definition: Technique to derive strong cryptographic keys from weak secrets (password, passphrase). Uses iterations to slow brute-force attacks.

In CryptPeer: PBKDF2-HMAC-SHA256 and HKDF-SHA3-512 perform key stretching to derive conversation keys from the master passphrase.

Replay Attack

Definition: Attack where the attacker captures transmitted data and replays it later to deceive the recipient.

In CryptPeer: Authenticated encryption (AEAD) and ephemeral keys per message make replay attacks ineffective: each message is unique and verifiable.

RSA-4096

Definition: RSA asymmetric encryption algorithm with 4096-bit key. Used for key exchange and digital signatures.

In CryptPeer: RSA-4096 can be used for key exchange and compatibility with existing systems (PGP). CryptPeer® favors Ed25519 and ECC for shorter keys and increased quantum resistance.

RAM-only

Definition: Security principle where decryption and processing of sensitive data occurs only in volatile memory (RAM), never on disk or persistent storage.

In CryptPeer: Decryption is performed only in volatile memory. No decrypted data is stored persistently. Buffers are erased immediately after reading (zeroization).

Autonomous Relay Server

Definition: Server that facilitates the initial connection between peers in a P2P architecture, then relays encrypted data. Self-hosted and autonomous.

In CryptPeer: The CryptPeer® relay server is autonomous, self-hosted, and low consumption. Compatible with Raspberry Pi 5, mini-PC, NAS, Linux VPS. Blind transit role only.

Repudiation

Definition: Action of removing or canceling a contact's access. Messages sent by the repudiated contact remain accessible, but they lose access to responses.

In CryptPeer: Feature allowing to repudiate a contact: messages sent by the repudiated remain accessible; they lose access to the other's responses.

Revocation

Definition: Administrative action to remove a user's or contact's access. Revocation is instantaneous and irreversible by the administrator.

In CryptPeer: The administrator can revoke a contact in 1 click: the contact immediately loses access to servers.

Regalian Uses

Definition: Uses related to the State's regalian functions: defense, security, diplomacy, justice, etc. Require maximum level of security and sovereignty.

In CryptPeer: CryptPeer® is designed for regalian and sensitive uses: diplomatic communications, military operations, air-gap networks, sensitive organizations, pseudonym anonymity.

Server-hopping

Definition: Ability to instantly switch from one relay server to another. Enables high resilience and increased difficulty to censor or stop the service.

In CryptPeer: Via Server Manager, you can instantly switch to another relay (organization, client server, remote instance).

S

Signaling

Definition: Exchange of control messages allowing peers to establish a WebRTC connection (SDP offers/responses, ICE candidates).

In CryptPeer: WebRTC signaling passes through the relay server. Signaling messages are encrypted; the server relays without being able to decode exchange content.

Sovereignty by Design

Definition: Design principle where data and infrastructure sovereignty is integrated from the start, without third-party dependence.

In CryptPeer: CryptPeer® integrates sovereignty by design: self-hosting, zero intermediary, zero cloud, total operator control.

Super administrator

Definition: Superior administrative role with exclusive authorization to delete user accounts. The standard administrator can activate or deactivate accounts, but not delete them.

In CryptPeer: This separation of powers limits the damage potential of a compromised administrator: even with stolen admin access, the attacker cannot delete accounts without super administrator approval.

STUN (Session Traversal Utilities for NAT)

Definition: Protocol allowing a client behind a NAT to discover its public IP address and verify connectivity to establish P2P connections.

In CryptPeer: WebRTC uses STUN for NAT traversal of audio/video calls. The CryptPeer relay server can provide or relay STUN servers.

Zeroization

Definition: Secure erasure process of sensitive data in memory. Buffers are overwritten with random values or zeros to prevent recovery.

In CryptPeer: Buffers are erased immediately after reading (zeroization). No trace of decrypted data persists in memory.

Q

No terms yet.

T

TURN (Traversal Using Relays around NAT)

Definition: Relay protocol used when STUN cannot establish a direct P2P connection. The TURN server relays traffic between peers.

In CryptPeer: The CryptPeer relay server can be configured as a TURN server for WebRTC calls when direct connection fails.

U

Zero Exploitable Metadata

Definition: Principle where no exploitable metadata is stored or accessible in plaintext. All metadata is encrypted.

In CryptPeer: CryptPeer® encrypts all metadata upstream. No exploitable data is visible server-side. The server cannot know who communicates with whom, or when.

V

VPS (Virtual Private Server)

Definition: Private virtual server, a virtual machine hosted on a shared physical server. Provides dedicated hosting with full control over the OS and applications.

In CryptPeer: CryptPeer® can be deployed on a Linux VPS, enabling remote hosting with full control over the infrastructure.

Vulnerability

Definition: Weakness in a system, software, or configuration that can be exploited by an attacker to compromise security. Vulnerabilities can be software bugs, incorrect configurations, or architectural weaknesses.

In CryptPeer: CryptPeer®'s sovereign and decentralized architecture reduces the impact of vulnerabilities: even if a relay server is compromised, end-to-end encryption protects data, and the absence of a single central point limits propagation.

W

WebRTC (Web Real-Time Communication)

Definition: Real-time communication protocol enabling audio/video calls directly between browsers or apps, without plugins. Uses encrypted P2P connections.

In CryptPeer: WebRTC is used for end-to-end encrypted audio/video calls. Communications go directly peer-to-peer through a secure WireGuard tunnel.

WireGuard

Definition: Modern, fast, secure VPN protocol. Uses state-of-the-art cryptography (ChaCha20, Poly1305, Curve25519, BLAKE2s) to build secure tunnels.

In CryptPeer: WireGuard creates the secure VPN tunnel used for WebRTC video calls. Without WireGuard, only messaging is available.

WAN (Wide Area Network)

Definition: Wide network connecting multiple geographically separated sites (carrier links, interconnections, remote access).

In CryptPeer: CryptPeer® can be operated in WAN contexts while keeping sovereign operations and the ability to fail over between relays.

X

No terms yet.

Z

Zero-Knowledge Proof

Definition: Cryptographic protocol allowing proof of knowledge of a secret without revealing it. Guarantees confidentiality and authenticity.

In CryptPeer: The Zero Trust principle and E2E encryption draw on zero-knowledge logic: the server never knows the content of exchanges.

Zero Trust

Definition: Security principle where no user, device, or network is implicitly trusted. Each access must be verified and authenticated.

In CryptPeer: CryptPeer® applies Zero Trust: each message is encrypted individually, each conversation is isolated, and authentication is required for each action.

Zero Cloud

Definition: Architecture principle where no cloud service dependency is required. All operations can be performed locally or on self-hosted infrastructure.

In CryptPeer: CryptPeer® guarantees Zero Cloud: zero cloud dependency, zero external service required. Operates entirely locally or on self-hosted infrastructure.

Zero Trace

Definition: Principle where no persistent digital trace is left. Decrypted data exists only in volatile memory and is immediately erased.

In CryptPeer: CryptPeer® guarantees Zero Trace: decryption only in RAM, immediate zeroization, zero exploitable logs, zero exploitable metadata server-side.

Zero Intermediary

Definition: Architecture principle where no intermediary (provider, cloud service, third party) intervenes in data processing or storage.

In CryptPeer: CryptPeer® guarantees zero intermediary, zero delegation, zero collection. The user maintains total control.

2026 Updates

The following categories were added or enriched in January 2026:

Cryptography: AEAD, ChaCha20-Poly1305, Authenticated encryption, ECC, Ed25519, HMAC, HKDF-SHA3-512, PBKDF2-HMAC-SHA256, RSA-4096, Entropy, Key stretching, Shared key
Quantum: Quantum resilience, PQC readiness, NIST PQC, Hybrid cryptography
Architecture & sovereignty: Sovereignty by Design, Operator exclusivity, Reinforced sovereign bubble
Cybersecurity: Threat model, MITM, APT, Insider threat, Replay attack, Targeted phishing, Zero-Knowledge Proof
Communication: STUN, TURN, ICE, NAT traversal, Signaling, Peer negotiation
Features: 2FA, Collaborative notes, Masked groups
Doctrine: Dual-Use, Defensive doctrine, A2 Export Control, Civil/Military