Skip to content

Rename "Secure Access Tokens" to be "zero-knowledge access passes"

Or "ZKAPs" for short.

"Secure Access Token" has a couple shortcomings:

  • "Secure" is vague. Beyond giving users good feelings here it's not clear what it might mean.
  • "Tokens" are at most half of the story. There are "random" and "blinded" tokens. There are also blinded and unblinded token signatures. There are also "passes".

Discussion of these issues and the nature of the value in question led to the idea of "zero-knowledge access passes". The passes are truly "zero-knowledge" in the sense that they prove the bearer was granted a pass and they leak no additional knowledge (and the system comes with a ZK proof of this). "Passes" in the name refocuses the concept on the part of the system where user interaction occurs and value (i.e., storage) is exchanged. The tokens are important but they're essentially internal. Passes are actually exchanged between client and server.