I have seen several services/people using the phrase "zero knowledge" recently, e.g.:
https://spideroak.com/ Based on my understanding of zero knowledge proofs and the traditional use of "zero knowledge" in cryptography, this usage seems... novel, to put it politely. In the case of SpiderOak, they're using it to mean "we never see plaintext and we hold no keys to your ciphertexts so there's no way we can read them" I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase "least authority" to imply the same thing, which makes sense to me, but figuring out what "least authority" means in the context of a distributed filesystem may be a tad... indirect. Is there a better phrase to describe this? End-to-end encryption? Client-side encryption? Or is it okay to let people start using the phrase "zero knowledge" refer to this idea? How do people feel about "zero knowledge" being used in this way? -- Tony Arcieri
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
