REFERENCE

Glossary of secure-voice and post-quantum terms

A working vocabulary for engineers, procurement teams, and decision-makers in sovereign cybersecurity.

Post-Quantum Cryptography (PQC): Cryptographic algorithms believed to be secure against attacks by quantum computers.
ML-KEM: Module-Lattice Key-Encapsulation Mechanism (formerly Kyber), standardised by NIST as FIPS 203.
ML-DSA: Module-Lattice Digital Signature Algorithm (formerly Dilithium), standardised by NIST as FIPS 204.
AES-GCM: AES in Galois/Counter Mode — authenticated encryption with associated data (AEAD), 256-bit keys.
Trusted Execution Environment (TEE): Isolated processing environment inside a CPU where code and data are protected from the rest of the OS.
ARM TrustZone-M: Hardware security extension for Cortex-M microcontrollers that splits the chip into Secure and Non-Secure worlds.
Secure Element: Tamper-resistant chip that securely stores cryptographic keys and executes sensitive operations.
DMA (Direct Memory Access): Hardware feature that lets peripherals transfer data to/from memory without CPU involvement; can be locked to specific bus masters.
Hardware Security Module (HSM): Dedicated cryptographic appliance that generates, stores, and uses keys without ever exposing them to software.
BYOK (Bring Your Own Key): Pattern where the customer holds the master key and the vendor only handles opaque encrypted material.
FIPS 140-3: US federal standard for cryptographic modules; defines four security levels with hardware-tamper requirements at L3 and L4.
Common Criteria EAL: Evaluation Assurance Level (1–7) under ISO/IEC 15408 measuring rigour of security evaluation.
NATO Restricted: NATO classification level for non-sensitive material whose disclosure would be disadvantageous; many crypto products target this baseline.
EU Restricted: European Union classification analogous to NATO Restricted, used by EU institutions.
NIS2 Directive: EU Directive 2022/2555 raising cybersecurity requirements for essential and important entities across critical sectors.
EU Cyber Resilience Act (CRA): EU regulation imposing cybersecurity requirements on products with digital elements throughout their lifecycle.
Air-Gap: Physical or logical isolation that prevents a system from being reached over any network; the strongest perimeter defence.
Side-Channel Attack: Attack that exploits physical leakage (timing, power, EM emanation) rather than mathematical weakness of an algorithm.
Harvest-Now-Decrypt-Later: Adversary strategy of recording encrypted traffic today so it can be decrypted once quantum computers exist.
Q-Day: Hypothetical day when a cryptographically-relevant quantum computer breaks classical public-key cryptography.
Deepfake: Synthetic audio or video generated by machine-learning models to impersonate a person convincingly.
MEMS Microphone: Microelectromechanical system microphone — the digital MEMS sensor used in most modern earbuds and phones.
Anti-Tamper: Hardware and firmware countermeasures that detect or resist physical attempts to extract secrets from a device.