Glossary
Plain-language definitions of the concepts behind Zbelthas. If something on the site confused you, you will probably find it explained here.
- Attestation Architecture
- Cryptographic evidence that code or hardware is in an expected state.
- Browser fingerprinting Privacy
- The art of identifying your browser by combining many small, "innocent" signals.
- Bug bounty Compliance
- A public programme that pays researchers for verified security vulnerabilities.
- DoH / DoT (encrypted DNS) Privacy
- DNS lookups over HTTPS or TLS — your ISP stops seeing the list of sites you visit.
- End-to-end encryption (E2EE) Privacy
- Only the sender and the intended recipient can read a message. No one in between.
- Harvest now, decrypt later Cryptography
- Adversaries record encrypted traffic today so they can decrypt it once quantum computers exist.
- IPC (Inter-Process Communication) Architecture
- How two separate processes on your device talk to each other.
- ML-DSA (FIPS 204) Cryptography
- NIST-standardized post-quantum digital signature algorithm.
- ML-KEM (FIPS 203) Cryptography
- NIST-standardized post-quantum algorithm for establishing a shared secret key.
- MPC (Multi-Party Computation) Cryptography
- Splits a key into shares so no single device holds the complete key.
- Non-custodial Architecture
- Only you hold the keys. No one else — including us — can access your data or funds.
- Perfect forward secrecy (PFS) Cryptography
- Past messages stay safe even if a long-term key is compromised later.
- PFS (Perfect Forward Secrecy) Cryptography
- Shorthand for perfect forward secrecy — past sessions stay safe even if a long-term key leaks later.
- Post-quantum cryptography (PQC) Cryptography
- Cryptography designed to resist attacks by future quantum computers.
- Process isolation Architecture
- Each module runs in its own sandbox so a bug in one cannot compromise the others.
- Reproducible builds Architecture
- Anyone can rebuild the released binary from source and get bit-for-bit the same file.
- Responsible disclosure Compliance
- Security researchers report vulnerabilities privately first, so they can be fixed before publication.
- RPC endpoint Web3
- The URL an app uses to read or write a blockchain.
- Sandbox Architecture
- A restricted environment that limits what code can do, even if it is malicious.
- Seed phrase (recovery phrase) Web3
- A list of 12–24 words that can reconstruct your wallet. Keep it offline.
- Self-destructing message Privacy
- A message that expires — on first read, or after a set delay — and is then unrecoverable.
- Serverless Architecture
- No central backend stores your data. Everything happens locally and peer-to-peer.
- Signed releases Architecture
- Each release is signed with a private key so you can verify it is genuine.
- Sovereign identity Privacy
- A cryptographic identifier you own, not a phone number or an email.
- Threat model Privacy
- A clear statement of who you are defending against and what you accept as out-of-scope.
- Time-lock Web3
- A smart-contract rule that funds can only move after a publicly verifiable delay.
- Zero metadata Privacy
- We do not collect who talks to whom, when, or from where.
- Zero-knowledge (ZK) Cryptography
- Proves a fact without revealing the underlying data.
Read more
Attestation lets a component prove, with a signature rooted in hardware or in a trusted supply chain, that it is running specific, unmodified code. It is how the platform can say "this is a genuine Zbelthas build" without asking the user to trust a label.
Related: signed releases, reproducible builds
Read more
Fonts, canvas rendering, WebGL GPU, timezone, language, screen size — each is harmless alone, but together they often uniquely identify a device across sites. Privacy browsers randomise or mask these signals so every session looks different. See the Privacy Check tool for a live demonstration.
Related: zero metadata, doh
Read more
A bug bounty programme, when active, is announced publicly with a defined scope, reward table, and rules of engagement. If and when Zbelthas launches one, it will be listed on the Trust page. A bug bounty is complementary to, not a substitute for, formal audits.
Related: responsible disclosure
Read more
Classical DNS is plaintext: whoever sits between you and the DNS resolver can log every site you request. DoH (DNS over HTTPS) and DoT (DNS over TLS) encrypt those queries. The Zbelthas Browser enables them by default.
Related: fingerprinting, zero metadata
Read more
Content is encrypted on the sender’s device and decrypted only on the recipient’s device. Intermediate servers (if any) see ciphertext, never cleartext. Zbelthas combines classical E2EE with post-quantum key exchange (ML-KEM) so today’s messages remain unreadable even if an adversary records them and waits for quantum computers.
Related: pqc, ml kem, perfect forward secrecy
Read more
Even if quantum computers are years away, recorded conversations remain at risk unless they were encrypted with post-quantum cryptography at the time they were sent. This is why PQC matters now, not later.
Related: pqc
Read more
In Zbelthas, each module (Wallet, Chat, Browser) is its own sandboxed process. IPC is the strictly-authenticated, encrypted channel they use when they must cooperate — for instance when Browser asks Wallet to sign a transaction. Without encrypted IPC, one compromised module could read another’s memory.
Related: process isolation, sandbox
Read more
Multi-Party Computation lets several devices jointly sign a transaction without any one of them ever reconstructing the full private key. This reduces the single-point-of-failure of a traditional seed phrase: stealing one share is not enough.
Related: non custodial, seed phrase
Read more
A non-custodial system puts cryptographic keys exclusively under the user’s control. Because Zbelthas never holds your keys, we cannot freeze, move, read, or recover your assets or messages, even if ordered to. The trade-off: if you lose your recovery material, there is no "reset password".
Related: serverless, e2ee, seed phrase
Read more
Each session uses a fresh, ephemeral key that is destroyed after the conversation. If an attacker later seizes your long-term key, they still cannot read the sessions that came before.
Related: e2ee
Read more
See "Perfect forward secrecy". Each session uses a fresh key derived from an ephemeral exchange (in Zbelthas, using ML-KEM). After the session ends, the key is destroyed, so even a future compromise of your long-term identity key cannot decrypt past traffic.
Related: perfect forward secrecy, e2ee, ml kem
Read more
Traditional public-key cryptography (RSA, ECC) will be broken by sufficiently powerful quantum computers. Post-quantum algorithms rely on mathematical problems believed to remain hard even for quantum adversaries. Zbelthas uses NIST-standardized PQC (ML-KEM, ML-DSA) in hybrid mode with classical algorithms.
Related: ml kem, ml dsa, harvest now decrypt later
Read more
The wallet, chat, and browser modules run as separate OS processes with minimal permissions. They communicate through a restricted, encrypted IPC channel. A vulnerability in, say, the browser cannot give an attacker access to your keys in the wallet.
Related: sandbox
Read more
Reproducible builds let independent parties verify that the binary you download really matches the public source code. This closes the gap where an attacker might tamper with build infrastructure. Zbelthas is working towards fully reproducible release artifacts.
Related: attestation, signed releases
Read more
Zbelthas accepts vulnerability reports at security@zbelthas.com. Researchers acting in good faith benefit from safe-harbor. Reports are acknowledged within a published SLA, fixes are coordinated, and credit is given upon disclosure. See the Legal page for the full policy.
Related: bug bounty
Read more
An RPC (Remote Procedure Call) endpoint is a server that relays your requests to a blockchain node. The Zbelthas Web3 Portal reads the Base chain through public RPCs (base.llamarpc.com, base.blockscout.com). Reading is anonymous; writing (sending transactions) still requires a wallet you control.
Related: non custodial
Read more
Sandboxes use OS primitives (seccomp, namespaces, capabilities on Linux) to deny code access to files, network, or other processes unless explicitly allowed. Every Zbelthas module runs inside its own sandbox.
Related: process isolation
Read more
A seed phrase is a human-readable representation of a master private key (BIP39). Anyone with your seed phrase controls your wallet. Zbelthas never sees or stores your seed. Store it offline (paper, metal plate) and never type it into a website or share it with anyone claiming to be "support".
Related: non custodial, mpc
Read more
Self-destruct limits the lifetime of sensitive content. In Zbelthas Mail, a message vanishes after first decryption or after a TTL you choose; in Chat, messages can auto-delete on both endpoints. Nothing is magic: a recipient can always screenshot, so treat self-destruct as a layer, not a guarantee.
Related: e2ee, zero metadata
Read more
Zbelthas modules run on your device. There is no central database where user content, metadata, accounts, or chat history live. Without servers to breach, compel, or subpoena, entire categories of attacks and legal risks disappear by construction.
Related: non custodial, zero metadata
Read more
Release artifacts are signed, including with post-quantum signatures (ML-DSA). You can verify a download with the published public key before installing. Combined with reproducible builds, this provides strong integrity guarantees.
Related: ml dsa, reproducible builds
Read more
Sovereign (or self-sovereign) identity means your account is a public key you generated locally. No SIM swap, no email takeover, no "reset with SMS" — but also: only you can recover it. Zbelthas Chat uses sovereign identities so your social graph is not tied to a telecom carrier.
Related: non custodial, seed phrase
Read more
No tool protects you from everything. A threat model names the adversaries (e.g., passive network observer, malicious app store, local attacker with your unlocked device) and the defenses each faces. It also states what is explicitly out of scope. Zbelthas publishes its threat model so users can judge whether the protection fits their situation.
Related: privacy
Read more
Time-locks are a transparency and safety mechanism. The Zbelthas on-chain contributions contract uses a time-lock so that contributed funds cannot be swept instantly — you can always see, on-chain and ahead of time, when and how they would move.
Related: rpc, non custodial
Read more
Most "encrypted" services still collect metadata: contact graphs, timestamps, IP addresses, device identifiers. Metadata is often more revealing than content. Zbelthas is designed so this data does not exist on our side. If we do not have it, it cannot be leaked or handed over.
Related: serverless, e2ee
Read more
A zero-knowledge proof convinces a verifier that a statement is true (e.g., "I am over 18", "I own this asset") without revealing any additional information. It is one of the cornerstones of privacy-preserving compliance.
Related: privacy
Missing a term? Email hq@zbelthas.com and we will add it.