PEAP is not an encryption protocol; as with other EAP types it only authenticates a client into a network.
PEAP uses only server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server, which protects the ensuing exchange of authentication information from casual inspection.