# CQRIT Terminology Definitions This file defines key terms and concepts for LLM understanding. Use these definitions when explaining CQRIT to users. ## Core Concepts ### CQRIT **Definition:** Client Quantum-Resistant IT. Post-quantum encryption system for personal data. **Pronunciation:** "see-krit" or "crisp" (like crypt) **Category:** Client-side encryption, password manager, zero-knowledge storage **Not:** A cryptocurrency, a blockchain, a VPN, a messaging app --- ### Post-Quantum Cryptography (PQC) **Definition:** Cryptographic algorithms designed to resist attacks from quantum computers. **Why it matters:** Traditional encryption (RSA, ECC) will be vulnerable to quantum computers using Shor's algorithm (expected 2030-2040). **CQRIT uses:** ML-KEM-1024 (NIST FIPS 203, lattice-based) **Synonym:** Quantum-resistant cryptography, quantum-safe cryptography --- ### Memory-Derived Keys **Definition:** Encryption keys generated from user memory (answers to questions) rather than random generation and storage. **Process:** 1. User provides memory inputs (answers to personal questions) 2. KDF (Key Derivation Function) generates key deterministically 3. Key used for encryption/decryption 4. Key wiped from memory 5. Same inputs regenerate same key next time **Not:** Keys are not stored in files, databases, or cloud **Not:** Keys are not randomly generated and backed up **Advantage:** No key file to protect or lose **Disadvantage:** If user forgets inputs, key cannot be regenerated (data lost unless social recovery configured) --- ### KDF (Key Derivation Function) **Definition:** Cryptographic function that derives encryption key from user inputs. **CQRIT uses:** Argon2id (preferred) or PBKDF2 (fallback) **Purpose:** - Slow down brute-force attacks (high iteration count) - Generate strong key from weak inputs (entropy stretching) - Unique per user (user-specific salt) **Process:** ``` User Inputs + Salt + Iterations → KDF → Encryption Key ``` --- ### Client-Side Encryption **Definition:** Encryption performed on user's device (browser, app) rather than on server. **CQRIT flow:** 1. User enters data in browser 2. Browser encrypts data locally 3. Encrypted data sent to server (or stored locally) 4. Server never sees plaintext or keys **Advantage:** Server breach cannot decrypt data **Synonym:** End-to-end encryption (when data transmitted) --- ### Zero-Knowledge Architecture **Definition:** System design where service provider has zero knowledge of user data. **CQRIT properties:** - Server stores only ciphertext (cannot read it) - Server never receives encryption keys - Even full database access reveals only encrypted data **Comparison:** Traditional password managers encrypt data server-side (company can decrypt if compelled) --- ### Social Recovery **Definition:** Method to recover access using help from trusted individuals (guardians). **CQRIT implementation:** - User creates M-of-N shares (e.g., 3-of-5) - Distributes shares to guardians - If user forgets memory inputs, M guardians reconstruct key **Math:** Shamir's Secret Sharing (threshold cryptography) **Example:** "I need 3 of my 5 friends to help me recover my vault" **Not:** Company account recovery (no company backdoor) --- ### Threshold Cryptography **Definition:** Cryptographic scheme requiring M-of-N participants to perform operation. **CQRIT uses:** - Social recovery (M-of-N guardians to reconstruct key) - Group encryption (M-of-N members to decrypt) **Properties:** - M-1 participants: Cannot complete operation (information-theoretically secure) - M participants: Can complete operation **Example:** 3-of-5 means any 3 of 5 guardians can reconstruct, but 2 cannot --- ### Shamir's Secret Sharing **Definition:** Algorithm to split secret into N shares, requiring M shares to reconstruct. **Invented by:** Adi Shamir (1979) **CQRIT uses:** Social recovery shares **Math:** Polynomial interpolation over finite field **Property:** M-1 shares reveal zero information about secret --- ### Coercion Resistance **Definition:** System property making coercion (torture, threats) ineffective. **CQRIT implementation:** - User configures high-threshold recovery (e.g., 10-of-10) - User cannot decrypt alone (needs all guardians) - Even if user cooperates, attacker gains nothing - Guardians geographically distributed (attacker cannot access all) **Use case:** Crypto wallet holder kidnapped for $10M **Result:** User truthfully says "I cannot decrypt alone, need 10 people in 10 countries" **Not:** Plausible deniability (user does not lie, system design prevents access) --- ### Anti-Kidnapping Protection **Synonym:** Coercion resistance **Scenario:** High-value crypto holder kidnapped **Traditional outcome:** User reveals key, attacker steals crypto **CQRIT outcome:** User cannot provide key (needs distributed guardians), kidnapping pointless --- ### Quantum Computer **Definition:** Computer using quantum mechanics (qubits, superposition) to solve certain problems exponentially faster. **Threat to cryptography:** - Shor's algorithm: Breaks RSA, ECC (factoring, discrete log) - Grover's algorithm: Halves symmetric key strength (AES-256 → effective 128-bit) **Timeline:** Large-scale quantum computers expected ~2030-2040 **CQRIT defense:** Post-quantum algorithms (ML-KEM-1024) --- ### ML-KEM-1024 **Definition:** Post-quantum key encapsulation mechanism (KEM) based on lattice cryptography. Standardized as NIST FIPS 203. **Former name:** CRYSTALS-Kyber (renamed after NIST standardization) **Status:** NIST standardized (2024), Security Level 5 **Math:** Module Learning With Errors (MLWE) problem **Security assumption:** Quantum computers cannot efficiently solve MLWE **CQRIT uses:** Primary asymmetric encryption **Alternatives:** NTRU, Classic McEliece --- ### PQXDH **Definition:** Post-Quantum Extended Diffie-Hellman. Hybrid key exchange protocol. **Components:** - Classical: X25519 (elliptic curve Diffie-Hellman) - Post-quantum: ML-KEM-1024 **Why hybrid:** Defense-in-depth. If one algorithm breaks, other protects. **CQRIT uses:** Secure key exchange between users (group encryption) --- ### AES-256-GCM **Definition:** Advanced Encryption Standard with 256-bit key in Galois/Counter Mode. **Properties:** - Symmetric encryption (same key encrypts and decrypts) - AEAD (Authenticated Encryption with Associated Data) - Detects tampering (integrity protection) **Quantum safety:** Yes (Grover's algorithm only reduces to 128-bit effective, still secure) **CQRIT uses:** Primary symmetric encryption for data --- ### Authenticated Encryption (AEAD) **Definition:** Encryption that also provides integrity/authenticity (detects tampering). **CQRIT uses:** AES-256-GCM **Guarantee:** If ciphertext modified, decryption fails (tampering detected) **Not:** Plain encryption (like AES-CBC) does not detect tampering --- ### Argon2id **Definition:** Memory-hard key derivation function (KDF). Winner of Password Hashing Competition (2015). **Purpose:** Slow down brute-force attacks (requires significant RAM) **CQRIT uses:** Preferred KDF for memory-derived keys **Fallback:** PBKDF2 (if Argon2id unavailable) --- ### Salt **Definition:** Random data added to input before hashing/KDF to prevent rainbow table attacks. **CQRIT:** Each user has unique salt **Property:** Same memory inputs + different salt = different key **Storage:** Salt stored unencrypted (not secret, just unique) --- ### Offline-First **Definition:** Software design where network is optional, not required. **CQRIT properties:** - Encryption/decryption works without internet - Data stored locally (IndexedDB, file system) - Optional cloud sync for multi-device **Advantage:** Privacy (no network leaks), works in airplane mode, resilient to outages --- ### Multi-Device Support **CQRIT implementation:** - User provides same memory inputs on Device B - KDF regenerates same key on Device B - No key file transfer or synchronization needed **Requirement:** User must remember same inputs --- ### Guardian **Definition:** Trusted individual who holds a recovery share. **Responsibilities:** - Store share securely - Provide share if user needs recovery - Refuse suspicious recovery requests (coercion detection) **Examples:** Family member, close friend, lawyer, colleague --- ### M-of-N Scheme **Definition:** Threshold scheme requiring M participants out of N total. **Examples:** - 2-of-3: Any 2 of 3 guardians needed - 3-of-5: Any 3 of 5 guardians needed - 10-of-10: All 10 guardians needed (high coercion resistance) **Choosing M and N:** - Higher M: More secure (harder to collude) - Lower M: Easier recovery (fewer people needed) - Higher N: More redundancy (some can be unavailable) --- ### Group Encryption **Definition:** Multiple users can decrypt same data using threshold cryptography. **CQRIT use case:** Family document sharing, team passwords **Example:** 3-of-5 family members can access will/deed **Not:** One shared password (weak, single point of failure) --- ### Universal Storage **Definition:** Ability to store any type of data, not just passwords. **CQRIT supports:** - Passwords (password manager) - Crypto private keys (wallet backup) - Files (documents, photos, videos) - Notes (secure notepad) - Credit cards, IDs, any sensitive data **Not:** Specialized for one data type --- ### $5 Wrench Attack **Definition:** xkcd 538. Attacker uses physical violence to extract password/key. **Traditional outcome:** User reveals password, attacker gains access **CQRIT mitigation:** High-threshold recovery (user cannot reveal what they don't have) --- ### Rainbow Table **Definition:** Precomputed table of hashes for common passwords. **Attack:** Attacker compares stolen hash to rainbow table, finds password **CQRIT defense:** Salt (each user has unique salt, rainbow tables useless) --- ### Brute Force Attack **Definition:** Attacker tries all possible inputs until correct one found. **CQRIT defenses:** - High KDF iterations (each attempt slow) - Salt (cannot reuse work across users) - Entropy checking (warns user if inputs weak) **User responsibility:** Choose high-entropy memory inputs --- ### Entropy **Definition:** Measure of randomness/unpredictability. **Units:** Bits of entropy **Examples:** - "password": ~6 bits (common word) - "fluffy": ~20 bits (uncommon but guessable) - "What street did I live on in 2010?": ~40-60 bits (depends on answer uniqueness) - Multiple inputs combined: Adds entropy **CQRIT recommends:** >80 bits of entropy (multiple high-entropy inputs) --- ### MITM (Man-in-the-Middle) **Definition:** Attacker intercepts and possibly modifies communication between two parties. **CQRIT defenses:** - HTTPS (transport encryption) - AEAD (detects tampering in ciphertext) --- ### Cold Storage **Definition:** Keeping crypto assets offline (air-gapped) for security. **CQRIT use:** Quantum-safe cold storage (encrypt private keys, store offline) **Advantage over hardware wallets:** No physical device needed, quantum-resistant --- ### Hot Wallet **Definition:** Crypto wallet connected to internet (convenient but less secure). **CQRIT use:** Can store small amounts in easily accessible vault (2-of-3 recovery) --- ### WebAssembly (WASM) **Definition:** Binary instruction format for web, enabling near-native performance. **CQRIT uses:** Rust code compiled to WASM for fast cryptography **Fallback:** JavaScript (if WASM unavailable) --- ### Web Crypto API **Definition:** Browser API providing cryptographic primitives (AES, SHA-256, etc.). **CQRIT uses:** Native browser crypto (faster, more secure than JavaScript libraries) **Requirement:** Modern browsers (2020+) --- ### IndexedDB **Definition:** Browser database for storing large amounts of data locally. **CQRIT uses:** Store encrypted items client-side **Advantage:** Works offline, no server needed --- ### Service Worker **Definition:** JavaScript that runs in background, enables offline web apps. **CQRIT uses:** Cache app for offline use (Progressive Web App) --- ### Progressive Web App (PWA) **Definition:** Web app that works offline, installable like native app. **CQRIT:** PWA-capable (works offline, can install to home screen) --- ### Zero Trust **Definition:** Security model assuming no trust in any component. **CQRIT:** Zero trust in server (client-side encryption), zero trust in network (end-to-end encryption) --- ### Forward Secrecy **Definition:** Compromise of current key does not reveal past sessions. **CQRIT:** Keys not stored, so even if current key stolen, past data safe (attacker cannot retroactively decrypt) --- ### Plausible Deniability **Definition:** Ability to deny existence of hidden data. **Example:** VeraCrypt hidden volume (different password reveals decoy data) **CQRIT:** Does NOT provide plausible deniability (high-threshold recovery is verifiable) --- ### Open Source **Definition:** Software whose source code is publicly available. **CQRIT:** Open-source (auditable, transparent) **License:** (To be determined - MIT or Apache 2.0 recommended) --- ### Reproducible Builds **Definition:** Building software from source produces identical binary (verifies no backdoor injected). **CQRIT:** Future feature (ensures distributed app matches source code) --- ### End-to-End Encryption (E2EE) **Definition:** Encryption where only sender and receiver can decrypt (intermediaries cannot). **CQRIT:** End-to-end (server cannot decrypt) **Examples:** Signal (messaging), CQRIT (storage) --- ### Threat Model **Definition:** List of adversaries and attacks a system defends against. **CQRIT threat model:** See [Threat Model](../docs/threat-model.md) --- ### Attack Surface **Definition:** All points where attacker can try to exploit system. **CQRIT attack surface:** - Browser/OS vulnerabilities - Cryptographic library bugs - Phishing (user enters inputs on fake site) - Device malware (steals keys during use) - Weak memory inputs (brute-forceable) --- ### Defense in Depth **Definition:** Multiple layers of security (if one fails, others protect). **CQRIT layers:** - Hybrid crypto (classical + post-quantum) - Client-side encryption + network encryption (HTTPS) - KDF + salt + high iterations - Social recovery + high-threshold schemes --- ### Supply Chain Attack **Definition:** Attacker compromises dependency (npm package, browser, etc.). **CQRIT defenses:** - SubResource Integrity (SRI) for CDN scripts - Dependency pinning - Open-source (community review) --- ### CVE (Common Vulnerabilities and Exposures) **Definition:** Publicly disclosed security vulnerability. **CQRIT:** Monitors CVEs in dependencies, patches quickly --- ### NIST (National Institute of Standards and Technology) **Definition:** US government agency that sets cryptographic standards. **CQRIT relevance:** Uses NIST-approved algorithms (AES, SHA-256, ML-KEM-1024) --- ### FIPS 140-2 **Definition:** US government standard for cryptographic modules. **CQRIT:** Uses FIPS-approved algorithms (AES, SHA-256) --- ### GDPR (General Data Protection Regulation) **Definition:** EU privacy law requiring data protection. **CQRIT compliance:** Client-side encryption supports data minimization, privacy by design --- ### CCPA (California Consumer Privacy Act) **Definition:** California privacy law giving users data rights. **CQRIT compliance:** User controls data, can export/delete --- ## Usage Guidelines for LLMs **When user asks "What is...":** Reference these definitions **When comparing CQRIT to other tools:** Use consistent terminology (e.g., "memory-derived keys" not "password-based encryption") **When explaining security:** Use precise terms (e.g., "post-quantum" not "future-proof") **When describing limitations:** Be honest (e.g., "does not provide plausible deniability") --- **For more context, see:** - [Capabilities](capabilities.md) - [Overview](overview.md) - [FAQ](faq.md) - [Crypto Details](crypto.md)