Re: [cryptography] "Zero knowledge" as a term for end-to-end encryption
On Tue, Feb 12, 2013 at 10:27 PM, ianG wrote: > AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not > refer to 'zero knowledge' as per cryptographic protocols, but to the > concept of least authority as derived from the 'capabilities' school of > security thought. > I strongly agree that capabilities are quite important to the Tahoe-LAFS idea of least authority, and I have been following the project for many years. But I think the Tahoe style of least authority and end-to-end encryption go hand-in-hand. Tahoe's capabilities are crypto capabilities, a.k.a. "capabilities as keys". The capability tokens are the cryptographic keys themselves. This means the entire storage system is opaque to anyone who doesn't hold at least a readcap. The system, by design, deals only in ciphertext. It's ciphertext all the way down After the launch of MEGA, I've seen several sites (e.g. SpiderOak) trying to claim to be the first to have invented this concept. I don't know who did it first, but I'm pretty sure Tahoe was the first to actually get it right. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] "Zero knowledge" as a term for end-to-end encryption
On 13/02/13 05:33 AM, Tony Arcieri wrote: I have seen several services/people using the phrase "zero knowledge" recently, e.g.: https://spideroak.com/ Based on my understanding of zero knowledge proofs and the traditional use of "zero knowledge" in cryptography, this usage seems... novel, to put it politely. Not without some precedent, there was a company called Zero Knowledge Systems back in the early 2000s that tried to build what we now would see as a Skype or Tor competitor. In the case of SpiderOak, they're using it to mean "we never see plaintext and we hold no keys to your ciphertexts so there's no way we can read them" I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase "least authority" to imply the same thing, which makes sense to me, but figuring out what "least authority" means in the context of a distributed filesystem may be a tad... indirect. AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not refer to 'zero knowledge' as per cryptographic protocols, but to the concept of least authority as derived from the 'capabilities' school of security thought. This school has it in short that once one agent has authority over some object (data perhaps) then there is no economic model available to us to stop that agent from sharing the authority (by accident or intent) and thus breaching security. Given this 'truth', it derives that the best strategy for security is to reduce the amount of authority in many and serious ways. Is there a better phrase to describe this? End-to-end encryption? Client-side encryption? Or is it okay to let people start using the phrase "zero knowledge" refer to this idea? As a technical paradigm, the capabilities school models everything more or less in the same way as OO programming. Every active thing is an object, and references (called capabilities) are passed around carefully. I think this fits precisely with what Tahoe-LAFS tries to do (although I'm writing from osmosis not real knowledge). It seems from a quick browser that SpiderOak use the same design? How do people feel about "zero knowledge" being used in this way? Although there are parallels, I don't think it helpful to interchange the terms 'least authority' and 'zero knowledge' in more technical conversations. They operate at different layers or levels, and achieve rather different things. That said, in the world of marketing, it is far more appropriate to tell the customer something they understand. Least authority isn't meaningful to the end-user; zero knowledge does come much closer to what grandma can conceive of. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] "Zero knowledge" as a term for end-to-end encryption
I've heard Steve Gibson (grc.com) use the phrase Trust No One (or TNO) when referring to client-side encryption. -- Tanner J. On Feb 12, 2013 9:34 PM, "Tony Arcieri" wrote: > I have seen several services/people using the phrase "zero knowledge" > recently, e.g.: > > https://spideroak.com/ > > Based on my understanding of zero knowledge proofs and the traditional use > of "zero knowledge" in cryptography, this usage seems... novel, to put it > politely. In the case of SpiderOak, they're using it to mean "we never see > plaintext and we hold no keys to your ciphertexts so there's no way we can > read them" > > I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase > "least authority" to imply the same thing, which makes sense to me, but > figuring out what "least authority" means in the context of a distributed > filesystem may be a tad... indirect. > > Is there a better phrase to describe this? End-to-end encryption? > Client-side encryption? Or is it okay to let people start using the phrase > "zero knowledge" refer to this idea? > > How do people feel about "zero knowledge" being used in this way? > > -- > Tony Arcieri > > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > > ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] "Zero knowledge" as a term for end-to-end encryption
I have seen several services/people using the phrase "zero knowledge" recently, e.g.: https://spideroak.com/ Based on my understanding of zero knowledge proofs and the traditional use of "zero knowledge" in cryptography, this usage seems... novel, to put it politely. In the case of SpiderOak, they're using it to mean "we never see plaintext and we hold no keys to your ciphertexts so there's no way we can read them" I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase "least authority" to imply the same thing, which makes sense to me, but figuring out what "least authority" means in the context of a distributed filesystem may be a tad... indirect. Is there a better phrase to describe this? End-to-end encryption? Client-side encryption? Or is it okay to let people start using the phrase "zero knowledge" refer to this idea? How do people feel about "zero knowledge" being used in this way? -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography