[cryptography] "Zero knowledge" as a term for end-to-end encryption

ianG iang at iang.org
Tue Feb 12 22:27:54 PST 2013 

On 13/02/13 05:33 AM, Tony Arcieri wrote:
> I have seen several services/people using the phrase "zero knowledge"
> recently, e.g.:
>
> https://spideroak.com/
>
> Based on my understanding of zero knowledge proofs and the traditional
> use of "zero knowledge" in cryptography, this usage seems... novel, to
> put it politely.


Not without some precedent, there was a company called Zero Knowledge  
Systems back in the early 2000s that tried to build what we now would see 
as a Skype or Tor competitor.

> In the case of SpiderOak, they're using it to mean "we
> never see plaintext and we hold no keys to your ciphertexts so there's
> no way we can read them"
>
> I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase
> "least authority" to imply the same thing, which makes sense to me, but
> figuring out what "least authority" means in the context of a
> distributed filesystem may be a tad... indirect.


AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not  
refer to 'zero knowledge' as per cryptographic protocols, but to the  
concept of least authority as derived from the 'capabilities' school of  
security thought.  This school has it in short that once one agent has  
authority over some object (data perhaps) then there is no economic model 
available to us to stop that agent from sharing the authority (by accident 
or intent) and thus breaching security.  Given this 'truth', it derives 
that the best strategy for security is to reduce the amount of authority in 
many and serious ways.

> Is there a better phrase to describe this? End-to-end encryption?
> Client-side encryption? Or is it okay to let people start using the
> phrase "zero knowledge" refer to this idea?


As a technical paradigm, the capabilities school models everything more or 
less in the same way as OO programming.  Every active thing is an object, 
and references (called capabilities) are passed around carefully.  I think 
this fits precisely with what Tahoe-LAFS tries to do (although I'm writing 
from osmosis not real knowledge).  It seems from a quick browser that 
SpiderOak use the same design?


> How do people feel about "zero knowledge" being used in this way?


Although there are parallels, I don't think it helpful to interchange the 
terms 'least authority' and 'zero knowledge' in more technical  
conversations.  They operate at different layers or levels, and achieve  
rather different things.

That said, in the world of marketing, it is far more appropriate to tell  
the customer something they understand.  Least authority isn't meaningful 
to the end-user;  zero knowledge does come much closer to what grandma can 
conceive of.

iang
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list