Peergos encrypts files locally on your device and your keys never leave your device. To log in, your username and password are (locally) hashed through scrypt to derive your root key-pair and root symmetric key. This key-pair is never written to disk, and is only used to decrypt follow requests sent to you. The symmetric key is used to decrypt your entry points into your filesystem. This design allows you to log in from any device. Read more about our technology.

The underlying encryption uses Tweetnacl for both symmetric and asymmetric encryption.

Peergos hides the contents of files, but also the friendship graph. If a user shares a file with another user, the network shouldn't be able to deduce this relationship. A Peergos server doesn't store any sensitive data or metadata.

Quantum Cryptography?

Your entire file system in Peergos is encrypted with symmetric cryptography and the initial keys are derived using cryptographic hashing. Both of these are believed to be resistant to quantum computer attacks. We will be switching the asymmetric cryptography, which is used to share files, to a post-quantum algorithm as soon as a clear candidate arrives.

Threat Models

Peergos is designed to be secure against passive network adversaries, even ones with state level computational resources, who are able to store all data on the Peergos network indefinitely. Despite all the encrypted data being publicly accessible, no one but the intended recipients can deduce any data or friendship graphs.

Peergos does not defend against a compromised user's machine. Currently, Peergos doesn't protect files shared between users from an adversary with a large quantum computer.

Peergos should be secure against attackers with read access to a users machine which is not synchronous with the client being logged in.

The casual user


  1. The Internet's SSL certificate hierarchy and DNS system
  2. That our public server hasn't been compromised
  3. Javascript crypto delivered over https


  1. Can use our public server's web interface over https
  2. Can use our mobile app, created using Electron to bundle the web interface

The cautious user


  1. A copy of Peergos that they downloaded to their device, optionally verifying the signature of.
  2. Javascript crypto delivered over localhost, or in process


  1. Download and run Peergos locally, and use the web interface over localhost in their browser of choice, or the native interface created using Electron

The local only user


  1. A copy of Peergos that they downloaded to their device, and verified the signature of.


  1. Can download and run Peergos locally as an effective local encrypted file store, without the social aspects. They can access through the web interface on localhost, through the native filesystem with a FUSE mount of Peergos, or using the Java api directly.
Back to Top