On 13/02/13 05:33 AM, Tony Arcieri wrote:
I have seen several services/people using the phrase zero knowledge
recently, e.g.:
https://spideroak.com/
Based on my understanding of zero knowledge proofs and the traditional
use of zero knowledge in cryptography, this usage seems... novel, to
put it politely.
Not without some precedent, there was a company called Zero Knowledge
Systems back in the early 2000s that tried to build what we now would
see as a Skype or Tor competitor.
In the case of SpiderOak, they're using it to mean we
never see plaintext and we hold no keys to your ciphertexts so there's
no way we can read them
I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase
least authority to imply the same thing, which makes sense to me, but
figuring out what least authority means in the context of a
distributed filesystem may be a tad... indirect.
AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not
refer to 'zero knowledge' as per cryptographic protocols, but to the
concept of least authority as derived from the 'capabilities' school of
security thought. This school has it in short that once one agent has
authority over some object (data perhaps) then there is no economic
model available to us to stop that agent from sharing the authority (by
accident or intent) and thus breaching security. Given this 'truth', it
derives that the best strategy for security is to reduce the amount of
authority in many and serious ways.
Is there a better phrase to describe this? End-to-end encryption?
Client-side encryption? Or is it okay to let people start using the
phrase zero knowledge refer to this idea?
As a technical paradigm, the capabilities school models everything more
or less in the same way as OO programming. Every active thing is an
object, and references (called capabilities) are passed around
carefully. I think this fits precisely with what Tahoe-LAFS tries to do
(although I'm writing from osmosis not real knowledge). It seems from a
quick browser that SpiderOak use the same design?
How do people feel about zero knowledge being used in this way?
Although there are parallels, I don't think it helpful to interchange
the terms 'least authority' and 'zero knowledge' in more technical
conversations. They operate at different layers or levels, and achieve
rather different things.
That said, in the world of marketing, it is far more appropriate to tell
the customer something they understand. Least authority isn't
meaningful to the end-user; zero knowledge does come much closer to
what grandma can conceive of.
iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography