KoaichJoin waitlist
← All explainers

Zero-knowledge vs. end-to-end encryption: what's the difference?

Two terms often used interchangeably. They're related but not the same — one describes a service's posture, the other describes a cryptographic property. Here's how they connect.

IN PLAIN ENGLISH
Two terms that sound similar but mean different things. End-to-end encryption is a property of how messages travel — sealed on your device, opened only on the recipient's. Zero-knowledge is a stronger claim about the company itself — they don't just choose not to read your data, they're built so they *can't*. Most well-designed zero-knowledge services use end-to-end encryption, but a service can be end-to-end encrypted in one place and still hold readable copies of other things. Worth asking your vendor about specifically.

"Zero-knowledge" and "end-to-end encrypted" are two terms that get used interchangeably in privacy marketing. They're related — every zero-knowledge service is end-to-end encrypted, and most well-designed end-to-end encrypted services are zero-knowledge — but they're not the same property, and the distinction matters when you're evaluating a vendor's claims.

End-to-end encryption: a cryptographic property

End-to-end encryption (E2E) is a property of a system where a message is encrypted on the sender's device, travels through every intermediary as ciphertext, and is decrypted only on the recipient's device. The cryptographic claim is about the data path: at no point between the two endpoints is the data in cleartext.

E2E is verifiable from a system design. If keys are generated on-device and never transmitted, if encryption happens before data leaves the device, if decryption happens only on the recipient device — the system is E2E. If any of those properties break, it isn't.

Zero-knowledge: a service-level claim

"Zero-knowledge" describes a stronger property at the service level: the service provider has no technical capability to access user data, not just for content but for anything related to it. The phrase originates in the cryptographic notion of zero-knowledge proofs — a way to prove you know something without revealing what — but in product context it's used to describe vendors who hold ciphertext, no decryption keys, no recoverable user data, no readable metadata beyond what's strictly necessary to operate the service.

Examples in production: 1Password's data store, Proton Mail's mailboxes, Signal's messages, Bitwarden's vaults. These services are E2E and additionally make a service-level claim that even with full infrastructure access, the provider cannot derive user content.

Why the distinction matters

A service can be technically end-to-end encrypted for message content while still being non-zero-knowledge about other things. For example: WhatsApp messages are E2E, but WhatsApp historically had server-side access to backup encryption keys (until E2E backups became opt-in), and contact graph information is server-visible. The messages are E2E; the service is not fully zero-knowledge.

Marketing copy often conflates the two. A claim of "zero-knowledge encryption" should mean the vendor cannot read or derive any user content. If the vendor can read metadata, recover the account via email link, or train AI on workspace content, then "zero-knowledge" is doing too much work.

How to test a zero-knowledge claim

Ask: if your production servers were fully compromised by an attacker tomorrow, what could the attacker walk away with? If the honest answer is "ciphertext and minimal metadata," the zero-knowledge claim holds. If the answer includes "the keys to decrypt user content," "recoverable plaintext via password-reset path," or "cleartext indexed for search," the claim is overstated.

Vendors that publish a threat model, an architecture document, or a transparency report make this question easier to answer. Vendors that gesture at "bank-grade encryption" without specifics are harder to evaluate. The right standard for evaluation is whether the architectural property is verifiable — not whether the marketing copy sounds reassuring.

Frequently asked questions

Is zero-knowledge the same as end-to-end encryption?

Not exactly. End-to-end encryption is a cryptographic property of the data path (content is encrypted from sender device through to recipient device). Zero-knowledge is a service-level claim that the provider has no technical capability to access user data. Most well-designed zero-knowledge services are end-to-end encrypted; not every end-to-end encrypted service is zero-knowledge.

What does 'zero-knowledge encryption' mean?

When used precisely, it means the service provider holds ciphertext and minimal metadata only — they cannot decrypt user content under any circumstance, including full infrastructure compromise. When used loosely in marketing, it often means just 'end-to-end encrypted,' which is a weaker claim.

Are password managers zero-knowledge?

1Password, Bitwarden, and Proton Pass are designed as zero-knowledge — your vault is encrypted under a key derived from your master password, and the provider holds ciphertext only. Last Pass historically claimed zero-knowledge but had breach exposure that revealed metadata vendors-should-not-hold; the claim and the reality drifted apart.

How can I tell if a service is genuinely zero-knowledge?

Read the threat model. If a full production-infrastructure compromise would yield ciphertext and minimal metadata, the claim holds. If the compromise would yield decryptable content (because the vendor holds the keys or has a recovery-via-email path), the claim is overstated.

Keep reading

What is end-to-end encryption?

Read →

Key custody, explained

Read →

Why workspace tools need the keys

Read →

Workspace privacy, by default.

Get on the Koaich waitlist.

Pre-launch · No spam · Unsubscribe anytime