CryptPeer Glossary — Technical Definitions & Terminology

Terminology - no-account third-party transfer

No-account third-party sharing: encrypted file delivery to external recipients without creating a CryptPeer account.

Random password: automatically generated secret used to open the transfer securely.

Configurable retention: adjustable retention period before link expiry and deletion.

Automatic destruction: scheduled deletion of transferred data at end of lifecycle.

Compartmentalized metadata: metadata separation and encryption to minimize correlation risks.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Administrator

Definition: A user entrusted with a delegated management role in CryptPeer to administer the instance on a day-to-day basis, under the authority of the super administrator.

In CryptPeer: The administrator can manage certain accounts, categories, requests, direct contacts, and routine operational tasks, without ever accessing the plaintext content of communications, since encryption is performed upstream on user terminals. The administrator does not have the power to delete an account and has no access to server logs. Any sensitive request falling under those prerogatives remains subject to validation by, or exclusive action from, the super administrator.

AEAD (Authenticated Encryption with Associated Data)

Definition: Authenticated encryption with associated data. Combines encryption and authentication in a single operation, guaranteeing confidentiality and integrity.

In CryptPeer: CryptPeer® uses AEAD algorithms (AES-256-GCM, ChaCha20-Poly1305) for message and file encryption.

APT (Advanced Persistent Threat)

Definition: Sophisticated persistent threat. Attacker who maintains a long-term presence in a network to exfiltrate data or sabotage systems.

In CryptPeer: Sovereign architecture, E2E encryption, and absence of a single central point reduce attractiveness and attack surface against APTs.

A2 Export Control

Definition: European regulation (Annex II) on export control of dual-use goods (civil/military), including cryptographic technologies.

In CryptPeer: CryptPeer® complies with the A2 framework and provisions applicable to dual-use encryption technologies.

AES-256-GCM

Definition: Advanced Encryption Standard symmetric encryption algorithm with 256-bit key in Galois/Counter Mode (GCM). Provides both encryption and data authentication.

In CryptPeer: CryptPeer® uses AES-256-GCM for message, file, and metadata encryption. This mode guarantees data integrity and confidentiality.

Sovereign Language Assistance

Definition: Genuine sovereign free Translator tool and multilingual writing assistance (50+ languages) integrated into the communication system, fully self-hosted and operating offline, with no text sent to cloud services or external AIs.

In CryptPeer: CryptPeer® integrates a genuine sovereign free Translator tool for messaging and e‑mail, aligned with Sovereignty by Design and Operator Exclusivity. Compatible with voice recognition (Android/Apple) for text input; file import (.txt, .odt, .docx, .pptx, .pdf, etc.) with embedded OCR. Voice recognition also enables auto‑typing for messages and e‑mails. No leakage to LLMs or cloud translators — cybersecurity and confidentiality gain, especially when traveling abroad.

Air-gap

Definition: Computer network physically isolated, without connection to the Internet or other external networks. Also called "closed network" or "isolated network".

In CryptPeer: CryptPeer® can operate in air-gap mode, enabling secure communications in a completely isolated environment, without any Internet connection.

Sovereign Architecture

Definition: Independent IT architecture, without dependence on external providers, cloud services, or third-party intermediaries. Ensures total control of data and infrastructure.

In CryptPeer: CryptPeer® is based on a sovereign architecture: zero intermediaries, zero delegation, zero collection. The user maintains total control of their infrastructure.

See also: Autonomous relay serverstyle="color: #00c2a8;">Self-hosted, Zero intermediary

Self-hosted

Definition: Solution where the user hosts and controls the infrastructure themselves (server, data) on their own equipment, without depending on an external service.

In CryptPeer: CryptPeer® is 100% self-hosted. The relay server can be installed on your own infrastructure, from Raspberry Pi 5 to enterprise server.

B

Encrypted Backup 3.2.1

Definition: Redundant backup strategy: 3 copies of your data, on 2 different media types, including 1 off-site copy. All backups are encrypted.

In CryptPeer: Redundant encrypted backup system allowing you to back up your data across multiple media (USB, SSD, cloud, NAS, external drive). Automatic timestamping prevents overwriting.

Reinforced sovereign bubble

Definition: Sovereign bubble with additional mechanisms: link failover, automatic purge, autonomous relay server backup, operational continuity.

In CryptPeer: A reinforced sovereign bubble combines a sovereign autonomous server with an autonomous relay server and failover mechanisms.

Sovereign bubble

Definition: Autonomous perimeter of infrastructure and governance, operated by an entity, where communications and data remain under sovereign control (rules, access, operations, continuity).

In CryptPeer: A sovereign bubble can be embodied by a sovereign autonomous server, reinforced by an autonomous relay server and failover mechanisms.

Link failover

Definition: Continuity mechanism that switches relay/access points without long service interruption, to keep communications running in constrained environments.

In CryptPeer: Link failover enables continuity across multiple sovereign relays, aligned with server-hopping and multi-server management.

See also: Server-hopping, Server Manager,

C

Civil/Military

Definition: Dual-use dimension of technologies: applicable to both civil (business, individuals) and military (defense, intelligence) uses.

In CryptPeer: CryptPeer® fits a civil/military approach: secure messaging for all, compatible with regalian requirements.

Default category

Definition: The onboarding category to which all new users belong as soon as their account is created. It allows them to see only the admin account and submit questions or requests to the administrator.

In CryptPeer: The default category remains active even when the user is added to other categories. It guarantees a minimal access channel and a continuous link between users and the administrator.

Authenticated Encryption

Definition: Encryption mode that simultaneously guarantees confidentiality and integrity of data. Detects any unauthorized modification.

In CryptPeer: AES-256-GCM and ChaCha20-Poly1305 provide authenticated encryption for all content.

Hybrid Cryptography

Definition: Combination of classical and post-quantum algorithms to ensure security against quantum computers while maintaining compatibility.

In CryptPeer: CryptPeer® applies a quantum-informed approach (AES-256, SHA3-512) providing quantum resilience by design (symmetric) and remaining compatible with future PQC hybridization if needed.

Encryption

Definition: Process of transforming readable data (plaintext) into unreadable data (ciphertext) using an algorithm and a key. Only the key holder can decrypt the data.

In CryptPeer: All messages, files, and metadata are encrypted before transmission. Encryption is performed on the user's device; the server never sees plaintext content.

See also: Decryption, E2E, Over-encryption

Direct contacts

Definition: Administrative communication mechanism allowing the administrator to individually connect one or more users to a specific authorized contact without creating a shared category or group. Each connected user can communicate only with that designated contact and has no access to the other connected users.

In CryptPeer: Direct contacts provide a compartmentalized communication model in which the administrator creates several isolated one-to-one links around a single central contact (organizer, coordinator, support desk, control point, or event manager). Connected users remain invisible to one another and cannot communicate among themselves. This preserves organizational isolation while enabling controlled individual exchanges. Each modification is recorded in the logs.

Ephemeral Key

Definition: Temporary encryption key, used once or for a limited duration, then destroyed. Each message uses its own unique key.

In CryptPeer: Ephemeral key system per message: each message is encrypted with a unique key. Compromising one message provides no information about others.

Segmented Key

Definition: Key management system where a master key is derived into several distinct keys, one per conversation or group. Patented system in CryptPeer®.

In CryptPeer: Each conversation/group has its own derived key. Combined with ephemeral keys per message, this ensures total isolation between conversations.

Shared Key

Definition: Key derived deterministically for a conversation or group, enabling E2E encryption without key exchange between participants. All participants derive the same key independently.

In CryptPeer: The shared key is derived via PBKDF2 (100,000 iterations) from user and conversation/group identifiers. Message format: Base64(IV + ciphertext + authTag). Exported file format: [Salt][IV][Ciphertext].

Typological Isolation

Definition: Strict separation of communication flows by categories or user types. Each category is isolated and cannot access others.

In CryptPeer: Access is strictly controlled by categories. A user in one category cannot see or communicate with users in other categories, ensuring opposable separation of flows.

CryptPeer Defense

Definition: Specialized version of CryptPeer® reserved for regalian uses. Autonomous service with its own engine and optimized relay server. Learn more →

Features: Segmented and ephemeral key encryption, tunnel mode, end-to-end volatile memory, RAM-only encryption, volatile key management, zero logs, total absence of exploitable metadata and persistent digital traces. No storage: tunneled encryption with direct transfer of encrypted messages and files without storage.

Closed Network

Definition: Isolated computer network, without connection to the Internet or other external networks. Synonym of air-gap network.

In CryptPeer: CryptPeer® can operate on a local closed network, in local-only mode, without any Internet connection.

Cyberattack

Definition: Malicious computer attack aimed at compromising, disrupting, or destroying computer systems, networks, or data. Cyberattacks can target critical infrastructure, email servers, user accounts, or sensitive data.

In CryptPeer: CryptPeer®'s sovereign architecture, with its autonomous servers, end-to-end encryption, and absence of a single central point, significantly reduces the attack surface and the likelihood of successful compromise.

Compromise

Definition: Situation where a system, account, or data has been accessed, modified, or controlled by an unauthorized attacker. Compromise can result from an exploited vulnerability, a hacked account, or an intrusion into a server.

In CryptPeer: Even if a relay server were compromised, data remains protected thanks to end-to-end encryption. The server never sees plaintext content, and the federated architecture allows isolation between sovereign bubbles.

D

Defensive doctrine

Definition: Design approach prioritizing protection and resilience against threats. Minimizes attack surface and limits impact of compromise.

In CryptPeer: CryptPeer® integrates a defensive doctrine: E2E encryption, segmented keys, zero exploitable metadata, federated architecture without single point of failure.

Dual-Use

Definition: Character of a technology applicable to both civil and military uses. Subject to export control (A2).

In CryptPeer: CryptPeer® is a dual-use technology: secure messaging for businesses and individuals, compatible with regalian requirements.

Decryption

Definition: Reverse process of encryption: transformation of encrypted data (unreadable) into readable data (plaintext) using the appropriate key.

In CryptPeer: Decryption is performed only in volatile memory (RAM) on the user's device. No decrypted data is stored persistently.

E

ECC (Elliptic Curve Cryptography)

Definition: Elliptic curve cryptography. It uses the mathematical properties of elliptic curves to provide shorter keys than RSA at equivalent security levels.

In CryptPeer: ECC can be used for certain key exchange, signature, and authentication mechanisms depending on security and interoperability requirements.

Entropy

Definition: Measure of unpredictability or randomness of a source. High entropy is required to generate secure cryptographic keys.

In CryptPeer: Master passphrase and ephemeral keys are derived from high-entropy sources. PBKDF2 and HKDF use entropy to strengthen keys.

Operator Exclusivity

Definition: Principle where a single operator controls and manages their CryptPeer infrastructure, without sharing or delegating to third parties.

In CryptPeer: CryptPeer® relies on operator exclusivity: each organization operates its own relay server, ensuring data sovereignty.

E2E (End-to-End)

Definition: End-to-end encryption. Data is encrypted on the sender's device and decrypted only on the recipient's device. No intermediary (server, provider) can see plaintext content.

In CryptPeer: All messages, audio/video calls, and files are E2E encrypted. The relay server never sees plaintext content; it only relays encrypted data.

EviEngine

Definition: Freemindtronic technology that enables automation of actions in web services without using servers or databases. Allows hardware-based software license management, not based on a person's identity. Learn more about EviEngine.

In CryptPeer: EviEngine is embedded in CryptPeer® for license management without servers or databases. The license system is based on the computer's motherboard serial number, preserving anonymity since the license is linked to hardware and not identity. CryptPeer® can thus operate in local network even offline, without dependency on external services.

Data Exfiltration

Definition: Process by which an attacker transfers stolen data from a compromised system to an external server controlled by the attacker. Exfiltration is often the final objective of a cyberattack.

In CryptPeer: Thanks to end-to-end encryption, even if an attacker managed to exfiltrate data from a relay server, it would remain unreadable without the decryption keys held only by users.

F

2FA (Two-Factor Authentication)

Definition: Authentication combining two distinct factors: knowledge (password, passphrase) and possession (device, HSM, NFC key).

In CryptPeer: CryptPeer® offers two-step verification via TOTP code (Time-based One-Time Password). Compatible with all TOTP key management software, including PassCypher HSM PGP and PassCypher NFC HSM (SHA1, SHA256, SHA512 algorithms). Enable from user profile. Can be combined with HSM (PassCypher, EviKey NFC) for keyboard-free secure entry.

G

Storage management

Definition: Set of rules and mechanisms controlling data persistence (retention, volumes, priorities, rotation, deletion) to optimize security and continuity.

In CryptPeer: Storage management works with automatic purge and the objectives “zero trace / zero actionable metadata”, depending on the operating modes.

H

HMAC (Hash-based Message Authentication Code)

Definition: Message authentication code based on a hash function. Guarantees integrity and authenticity of data.

In CryptPeer: HMAC-SHA256 is used in PBKDF2 and HKDF for key derivation. ChaCha20-Poly1305 integrates a similar MAC (Poly1305).

HKDF-SHA3-512

Definition: HKDF using SHA3-512 as hash function. Offers enhanced security and superior quantum resistance to HKDF-SHA256.

In CryptPeer: HKDF-SHA3-512 is used for conversation key derivation, ensuring reinforced cryptographic isolation.

HSM (Hardware Security Module)

Definition: Hardware security module, physical device dedicated to secure management of cryptographic keys and encryption operations. Offers superior protection to software solutions.

In CryptPeer: CryptPeer® is compatible with PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP and NFC HSM to over-encrypt data, messages and files upstream before sending. The master passphrase (> 256 bits) can be stored in an HSM.

I

ICE (Interactive Connectivity Establishment)

Definition: Protocol allowing two peers to establish a direct connection by combining STUN and TURN to traverse NATs and firewalls.

In CryptPeer: WebRTC uses ICE for P2P audio/video calls. The relay server can provide STUN/TURN servers for NAT traversal.

Insider Threat

Definition: Threat from a person with legitimate system access (employee, administrator) who abuses their privileges.

In CryptPeer: E2E encryption and segmented keys limit insider threat impact: the server does not hold decryption keys.

Network Undetectability

Definition: System's ability to avoid detection by network monitoring tools, traffic analysis, or filtering. Communications are difficult to trace, block, or censor.

In CryptPeer: Thanks to systematic encryption, local-only mode, isolation, and P2P architecture, CryptPeer® reduces the attack surface and makes detection complex.

Instant Obsolescence

Definition: Security mechanism where a message's key becomes invalid immediately after an interface or system event (tab change, window, scroll, etc.).

In CryptPeer: The message key becomes invalid at any interface/system event. This ensures that once a message is read, it cannot be re-decrypted without a new user action.

J

No terms yet.

K

KDF (Key Derivation Function)

Definition: Key derivation function. Transforms a master key or secret into one or more cryptographic keys. CryptPeer uses PBKDF2-HMAC-SHA256, HKDF-SHA256 and HKDF-SHA3-512.

In CryptPeer: KDFs derive conversation keys from the master passphrase, ensuring cryptographic isolation between conversations and messages.

KUBB Secure Mini Fanless

Definition: French fanless (no-fan) mini-computer, ultra-compact and low-power. Available in N150 and i3-N300 models. Ideal for hosting CryptPeer servers.

In CryptPeer: KUBB Secure Mini is tested and recommended to host CryptPeer. Enables a sovereign, autonomous, and portable deployment—ideal for sensitive environments.

L

LAN (Local Area Network)

Definition: Local network limited to a site (building, office, operational area), used to connect devices within a restricted perimeter.

In CryptPeer: CryptPeer® can operate over LAN (including an isolated intranet), supporting local continuity and operational sovereignty.

Logs

Definition: Technical and administrative records used to trace certain operational, control, or governance actions within the instance.

In CryptPeer: Server logs fall exclusively within the super administrator’s perimeter. A standard administrator has no access to them. This separation strengthens control over sensitive operations, traceability of critical actions, and internal governance, without affecting the core principle that communication content remains encrypted upstream and inaccessible on the server side.

N

NAT traversal

Definition: Techniques allowing peers behind NATs or firewalls to establish direct connections. Uses STUN to discover addresses and TURN as relay fallback.

In CryptPeer: WebRTC and ICE ensure NAT traversal for P2P audio/video calls. The relay server can provide STUN/TURN servers.

NIST PQC (Post-Quantum Cryptography)

Definition: Post-quantum cryptography standards published by NIST. Algorithms designed to resist quantum computers.

In CryptPeer: CryptPeer® uses a quantum-informed approach (AES-256, SHA3-512). Architecture allows evolution toward NIST PQC algorithms (ML-KEM, ML-DSA) for hybrid cryptography.

Collaborative notes

Definition: Feature allowing multiple users to create and edit shared notes in real time, end-to-end encrypted.

In CryptPeer: CryptPeer® offers encrypted collaborative notes, integrated with messaging, with group isolation.

NAS (Network Attached Storage)

Definition: Network storage server, a device connected to a local network that allows sharing files and data between multiple devices.

In CryptPeer: CryptPeer® can Self-hostedbe deployed on a Linux-compatible NAS, enabling centralized/self-hosted deployment of the relay server.

M

MITM (Man-in-the-Middle)

Definition: Attack where the attacker intercepts between two communicating parties to intercept or modify exchanges.

In CryptPeer: E2E encryption and peer authentication (Ed25519) make MITM ineffective: the attacker cannot decrypt or forge without the keys.

Threat Model

Definition: Formal representation of threats a system may face, including actors, capabilities, and attack scenarios.

In CryptPeer: CryptPeer® is designed to resist: MITM, APT, insider threat, replay attack, targeted phishing, server compromise.

See also: Cyberattack, APT, Insider threat

Metadata

Definition: Data that describes other data: who, when, where, with whom. Examples: sender, recipient, date/time, file size, IP address.

In CryptPeer: CryptPeer® encrypts all metadata upstream. Zero exploitable metadata is visible server-side. The server cannot know who communicates with whom, or when.

Local-only mode

Definition: Operating mode where the system runs only on a closed local network, without Internet connectivity. All communications remain within the private network.

In CryptPeer: CryptPeer® can run entirely in local-only mode via a private Wi-Fi network (closed AP Wi-Fi, no SIM/Internet). Ideal for sensitive environments and air-gapped networks.

Masked Mode (CryptPeer Masked)

Definition: A compartmentalized, autonomous, and isolated communication space within CryptPeer Core, dedicated to sensitive exchanges. Contacts, groups, and content in masked mode remain separated from the standard space, like a second CryptPeer inside the first.

In CryptPeer: Messages are displayed encrypted by default on the terminal. Plaintext access is available only on demand, message by message, through an explicit action on the padlock, with automatic re-encryption afterward. This logic greatly reduces visual exposure of content and limits risks related to shoulder surfing, close-range spying, opportunistic screenshots, automated visual scanning, and certain forms of unauthorized screen observation.

Benefits: Stronger operational compartmentalization, reduced exposure surface, better protection of sensitive exchanges in mobility scenarios, and preservation of user choice for downloading files either encrypted or decrypted depending on the required level of protection.

O

Over-encryption

Definition: Application of an additional layer of encryption on already encrypted data. Double cryptographic protection.

In CryptPeer: CryptPeer® is compatible with HSMs (PassCypher HSM PGP, NFC HSM, DataShielder HSM PGP) to over-encrypt data, messages and files upstream before sending.

P

Peer Negotiation

Definition: Process by which two peers establish a secure connection: key exchange, mutual authentication, parameter negotiation.

In CryptPeer: WebRTC and ICE handle peer negotiation for audio/video calls. Signaling passes through the relay server (blind); content remains E2E encrypted.

Targeted phishing

Definition: Phishing attack targeting a specific person or organization. Uses personal information to deceive the victim.

In CryptPeer: Absence of exploitable metadata server-side limits information available for targeted phishing. HSM authentication (2FA) strengthens protection.

Post-Quantum readiness

Definition: Ability of a system to evolve toward post-quantum cryptography (NIST PQC) without major architecture change.

In CryptPeer: CryptPeer® is designed for quantum resilience by design (symmetric: AES-256, SHA3-512) and for PQC readiness: the architecture can evolve toward hybrid schemes (NIST PQC) if needed, without major redesign.

PBKDF2-HMAC-SHA256

Definition: PBKDF2 using HMAC-SHA256 as pseudo-random function. Key stretching standard to derive keys from passwords.

In CryptPeer: PBKDF2-HMAC-SHA256 derives the master key from the passphrase, with configurable iteration count.

P2P (Peer-to-Peer)

Definition: Decentralized network architecture where each node (peer) can be both client and server. No central server; communications pass directly between peers.

In CryptPeer: CryptPeer® is based on a sovereign P2P architecture. Voice/video communications pass directly between peers, without central server or intermediary. The relay server only facilitates the initial connection.

Administration Panel

Definition: Interface reserved for accounts holding an administrative role, accessible according to the assigned authorization level. It allows management of users, categories, direct contacts, registration requests, operational parameters, and storage.

In CryptPeer: The administration panel never provides access to the content of encrypted communications. It is limited to governance of identities, rights, organizational structure, and operating parameters, depending on the assigned role. Storage management may include disk usage, uploads folder limits, allowed or blocked file types, and auto-purge. Server logs remain exclusively under the super administrator’s prerogatives.

Passphrase

Definition: Secret phrase used to generate or derive cryptographic keys. Longer and more secure than a simple password.

In CryptPeer: The master passphrase (> 256 bits) can be stored in an HSM (PassCypher NFC HSM or PassCypher HSM PGP). Modifiable at will without message loss thanks to the ephemeral key system.

Q

Quantum resilience (by design)

Definition: Ability of a cryptographic system to resist attacks by quantum computers. Symmetric algorithms (AES-256) and hash functions (SHA-256, SHA3-512) provide natural quantum resistance.

In CryptPeer: CryptPeer® uses a “quantum-informed” architecture: AES-256-GCM, SHA-256, SHA3-512, and 256+ bit keys provide natural resistance to quantum attacks (Grover’s algorithm). Segmented keys limit the impact of any future compromise.

R

Sovereign ROI — Methodology and calculation basis (2026)

Definition: The KPI “Sovereign ROI +170% over 36 months” is derived from an accounting expertise approach, not a marketing view. It is based on a comparative TCO (Total Cost of Ownership) study between CryptPeer® On-Prem and an equivalent SaaS stack.

Calculation basis:

Reference SaaS stack (Olvid Business + Proton Business Suite + BlueFiles): indicative cost ≈ €27.65/user/month (public sources 2026), i.e. ≈ €1,000/user over 3 years.
CryptPeer On-Prem (Sovereign Total pack, 3 years): catalogue price €750/user, with volume discounts (25–99 users: −35%; 100–499: −50%; 500+: −55%). Typical scenario 100 users: €375/user/3 years.
ROI formula: ROI = (TCO Savings / CryptPeer Investment) × 100. With 100 users: Savings = €100,000 − €37,500 = €62,500; Investment = €37,500; ROI = 62,500 / 37,500 ≈ 167% → rounded to +170%.

In CryptPeer: This methodology establishes proof that the sovereign ROI +170% is a verifiable and traceable indicator, consistent with an accounting expertise approach.

Key Stretching

Definition: Technique to derive strong cryptographic keys from weak secrets (password, passphrase). Uses iterations to slow brute-force attacks.

In CryptPeer: PBKDF2-HMAC-SHA256 and HKDF-SHA3-512 perform key stretching to derive conversation keys from the master passphrase.

Replay Attack

Definition: Attack where the attacker captures transmitted data and replays it later to deceive the recipient.

In CryptPeer: Authenticated encryption (AEAD) and ephemeral keys per message make replay attacks ineffective: each message is unique and verifiable.

RSA-4096

Definition: RSA asymmetric encryption algorithm with 4096-bit key. Used for key exchange and digital signatures.

In CryptPeer: RSA-4096 can be used for key exchange and compatibility with existing systems (PGP). CryptPeer® favors Ed25519 and ECC for shorter keys and increased quantum resistance.

RAM-only

Definition: Security principle where decryption and processing of sensitive data occurs only in volatile memory (RAM), never on disk or persistent storage.

In CryptPeer: Decryption is performed only in volatile memory. No decrypted data is stored persistently. Buffers are erased immediately after reading (zeroization).

Autonomous Relay Server

Definition: Encrypted communication node designed for continuity: link failover, automatic purge, and storage management.

In CryptPeer: The CryptPeer® relay server operates in transit without exposing plaintext content and integrates into a multi-relay continuity logic (server-hopping / Server Manager), including on mini-computers and Raspberry Pi 5.

Regalian Uses

Definition: Uses related to the State's regalian functions: defense, security, diplomacy, justice, etc. Require maximum level of security and sovereignty.

In CryptPeer: CryptPeer® is designed for regalian and sensitive uses: diplomatic communications, military operations, air-gap networks, sensitive organizations, pseudonym anonymity.

Server-hopping

Definition: The ability to switch instantly from one relay server to another. It enables strong resilience and makes the service harder to censor or disrupt.

In CryptPeer: Via Server Manager, you can instantly switch to another relay (organization server, dedicated relay, or remote instance).

S

Signaling

Definition: Exchange of control messages allowing peers to establish a WebRTC connection (SDP offers/responses, ICE candidates).

In CryptPeer: WebRTC signaling passes through the relay server. Signaling messages are encrypted; the server relays without being able to decode exchange content.

Sovereignty by Design

Definition: Design principle where data and infrastructure sovereignty is integrated from the start, without third-party dependence.

In CryptPeer: CryptPeer® integrates sovereignty by design: self-hosting, zero intermediary, zero cloud, total operator control.

STUN (Session Traversal Utilities for NAT)

Definition: Protocol allowing a client behind a NAT to discover its public IP address and verify connectivity to establish P2P connections.

In CryptPeer: WebRTC uses STUN for NAT traversal of audio/video calls. The CryptPeer relay server can provide or relay STUN servers.

Zeroization

Definition: Secure erasure process of sensitive data in memory. Buffers are overwritten with random values or zeros to prevent recovery.

In CryptPeer: Buffers are erased immediately after reading (zeroization). No trace of decrypted data persists in memory.

Super administrator

Definition: The higher administrative authority of the CryptPeer instance, solely empowered to exercise certain critical prerogatives.

In CryptPeer: The super administrator is the only role authorized to delete a user account. They also validate or reject account deletion requests submitted by an administrator, who does not hold this discretionary power. Server logs fall exclusively within the super administrator’s access and control perimeter. This strict separation of roles strengthens governance, limits privilege abuse, and reduces the impact of a compromise involving a standard administrator account.

T

TURN (Traversal Using Relays around NAT)

Definition: Relay service used to ensure continuity of real-time communications when direct establishment between terminals is not possible.

In CryptPeer: The organization may host its own TURN server in order to control the routing of audio and video calls and maintain a communication chain consistent with a sovereign, self-hosted architecture without dependency on an imposed third-party provider.

Traceability

Definition: The ability to record and retrieve the history of actions performed in a system (who did what, when, and with which parameters). It is essential for auditing, compliance, and security.

In CryptPeer: Traceability of sensitive operations relies on the instance’s logs and control mechanisms. Access to server logs is restricted to the super administrator, which reinforces separation of responsibilities and governance over critical actions.

Contact tokenization

Definition: A mechanism that protects contact identities by substituting real identifiers (e-mail addresses, phone numbers) with anonymous and unique tokens.

In CryptPeer: CryptPeer® uses tokenization to protect contact identities. Tokens are generated locally and reveal no personal information. The relay server never knows the users’ real identities, only their anonymous tokens.

Benefits: Stronger privacy protection, anonymity of communications, impossibility of reconstructing a social graph, and reinforced GDPR compliance.

U

Zero Exploitable Metadata

Definition: Principle where no exploitable metadata is stored or accessible in plaintext. All metadata is encrypted.

In CryptPeer: CryptPeer® encrypts all metadata upstream. No exploitable data is visible server-side. The server cannot know who communicates with whom, or when.

V

VPS (Virtual Private Server)

Definition: Private virtual server, a virtual machine hosted on a shared physical server. Provides dedicated hosting with full control over the OS and applications.

In CryptPeer: CryptPeer® can be deployed on a Linux VPS, enabling remote hosting with full control over the infrastructure.

Vulnerability

Definition: Weakness in a system, software, or configuration that can be exploited by an attacker to compromise security. Vulnerabilities can be software bugs, incorrect configurations, or architectural weaknesses.

In CryptPeer: CryptPeer®'s sovereign and decentralized architecture reduces the impact of vulnerabilities: even if a relay server is compromised, end-to-end encryption protects data, and the absence of a single central point limits propagation.

W

WebRTC (Web Real-Time Communication)

Definition: Real-time communication technology enabling audio calls, video calls, and certain direct data exchanges between browser-compatible terminals.

In CryptPeer: WebRTC is used for audio and video calls within CryptPeer’s secure environment. Access to the instance is provided through a secure HTTPS URL, while a self-hosted TURN server can be used to guarantee connectivity when a direct link between terminals is not possible.

WAN (Wide Area Network)

Definition: Wide network connecting multiple geographically separated sites (carrier links, interconnections, remote access).

In CryptPeer: CryptPeer® can be operated in WAN contexts while keeping sovereign operations and the ability to fail over between relays.

X

No terms yet.

Y

No terms yet.

Z

Zero-Knowledge Proof

Definition: Cryptographic protocol allowing proof of knowledge of a secret without revealing it. Guarantees confidentiality and authenticity.

In CryptPeer: The Zero Trust principle and E2E encryption draw on zero-knowledge logic: the server never knows the content of exchanges.

Zero Trust

Definition: Security principle where no user, device, or network is implicitly trusted. Each access must be verified and authenticated.

In CryptPeer: CryptPeer® applies Zero Trust: each message is encrypted individually, each conversation is isolated, and authentication is required for each action.

Zero Cloud

Definition: Architecture principle where no cloud service dependency is required. All operations can be performed locally or on self-hosted infrastructure.

In CryptPeer: CryptPeer® guarantees Zero Cloud: zero cloud dependency, zero external service required. Operates entirely locally or on self-hosted infrastructure.

Zero Trace

Definition: Principle where no persistent digital trace is left. Decrypted data exists only in volatile memory and is immediately erased.

In CryptPeer: CryptPeer® guarantees Zero Trace: decryption only in RAM, immediate zeroization, zero exploitable logs, zero exploitable metadata server-side.

Zero Intermediary

Definition: Architecture principle where no intermediary (provider, cloud service, third party) intervenes in data processing or storage.

In CryptPeer: CryptPeer® guarantees zero intermediary, zero delegation, zero collection. The user maintains total control.

2026 Updates

The following categories were added or enriched in 22 march 2026:

Cryptography: AEAD, ChaCha20-Poly1305, Authenticated encryption, ECC, Ed25519, HMAC, HKDF-SHA3-512, PBKDF2-HMAC-SHA256, RSA-4096, Entropy, Key stretching, Shared key
Quantum: Quantum resilience, PQC readiness, NIST PQC, Hybrid cryptography
Architecture & sovereignty: Sovereignty by Design, Operator exclusivity, Reinforced sovereign bubble
Cybersecurity: Threat model, MITM, APT, Insider threat, Replay attack, Targeted phishing, Zero-Knowledge Proof
Communication: STUN, TURN, ICE, NAT traversal, Signaling, Peer negotiation
Features: 2FA, Collaborative notes, Masked groups
Doctrine: Dual-Use, Defensive doctrine, A2 Export Control, Civil/Military