Re: [cryptography] "Zero knowledge" as a term for end-to-end encryption
On 13/02/13 05:33 AM, Tony Arcieri wrote:
I have seen several services/people using the phrase "zero knowledge" recently, e.g.:
Based on my understanding of zero knowledge proofs and the traditional use of "zero knowledge" in cryptography, this usage seems... novel, to put it politely.
Not without some precedent, there was a company called Zero Knowledge Systems back in the early 2000s that tried to build what we now would see as a Skype or Tor competitor.
In the case of SpiderOak, they're using it to mean "we never see plaintext and we hold no keys to your ciphertexts so there's no way we can read them"
I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase "least authority" to imply the same thing, which makes sense to me, but figuring out what "least authority" means in the context of a distributed filesystem may be a tad... indirect.
AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not refer to 'zero knowledge' as per cryptographic protocols, but to the concept of least authority as derived from the 'capabilities' school of security thought. This school has it in short that once one agent has authority over some object (data perhaps) then there is no economic model available to us to stop that agent from sharing the authority (by accident or intent) and thus breaching security. Given this 'truth', it derives that the best strategy for security is to reduce the amount of authority in many and serious ways.
Is there a better phrase to describe this? End-to-end encryption? Client-side encryption? Or is it okay to let people start using the phrase "zero knowledge" refer to this idea?
As a technical paradigm, the capabilities school models everything more or less in the same way as OO programming. Every active thing is an object, and references (called capabilities) are passed around carefully. I think this fits precisely with what Tahoe-LAFS tries to do (although I'm writing from osmosis not real knowledge). It seems from a quick browser that SpiderOak use the same design?
How do people feel about "zero knowledge" being used in this way?
Although there are parallels, I don't think it helpful to interchange the terms 'least authority' and 'zero knowledge' in more technical conversations. They operate at different layers or levels, and achieve rather different things. That said, in the world of marketing, it is far more appropriate to tell the customer something they understand. Least authority isn't meaningful to the end-user; zero knowledge does come much closer to what grandma can conceive of. iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
participants (1)
-
ianG