Skip to main content

Zero-knowledge vs end-to-end encryption

They sound like the same thing. They are not. The difference comes down to one question: who holds the keys?

5 min read Zeromatics

The short answer

End-to-end encryption (E2EE) means only the two ends of a conversation can read it — the sender and the receiver — and nothing in the middle can. Zero-knowledge means the provider that stores your data holds none of the keys, so it cannot read what it stores. They overlap, but they answer different questions: E2EE is about data moving between people; zero-knowledge is about data sitting on a server.

Note one thing first: "zero-knowledge" here is an architecture and a term of art, not a formal standard. It is unrelated to academic "zero-knowledge proofs", which are a separate area of cryptography.

The honest part about "end-to-end"

E2EE is a strong promise — but the label alone does not tell you who controls the keys. In many products marketed as end-to-end, the provider still manages the keys behind the scenes: it generates them, stores them, or can recover them on your behalf. The message is encrypted in transit, yet the provider could, in principle, hold the means to unlock it.

This is the custody nuance that vendors gloss over. "End-to-end encrypted" describes the path the data travels. It does not, by itself, guarantee that the company cannot read the data — that depends entirely on who holds the keys and how they are managed.

Following one note through both lenses

Say you save a note: "Settlement offer — £40,000."

  • Through the E2EE lens: if you send that note to a colleague, only the two of you can read it on the way. Good. But where does the key come from, and could the provider reproduce it? That question is left open by the term.
  • Through the zero-knowledge lens: the note is encrypted on your device into ciphertext like "k7Qx…9fA" before it is stored, and the key was derived from your password on your device. The provider has the ciphertext and no key. The question of custody is answered: the provider cannot read it.

The strongest products are both. They encrypt data on your device (client-side), keep it encrypted end-to-end as it moves, and store it on servers that hold no keys (zero-knowledge). Each idea closes a gap the other leaves open.

Key takeaways
  • E2EE is about data in motion between two ends; zero-knowledge is about data at rest on a server.
  • The real difference is key custody — who can technically unlock the data.
  • Some "E2EE" products still let the provider manage or recover keys. Ask who holds them.
  • "Zero-knowledge" is an architecture, not a formal standard, and not the same as zero-knowledge proofs.

A worked example of the gap

Two apps both say "end-to-end encrypted". In the first, when you set up your account, the app makes your keys on its own servers and keeps a copy so it can help you if you forget your password. Your "Settlement offer — £40,000" is encrypted on the way to your colleague — but the company that runs the app could, if compelled or compromised, reach into its key store and read it. The promise on the box is true; the custody underneath is not in your hands.

In the second app, your key is derived from your password on your device and never sent. The same note is encrypted before it leaves you, and the company has no key store to reach into. Both apps are "end-to-end". Only the second is zero-knowledge. That is the whole difference in one picture.

How they line up

A simple way to keep them straight: end-to-end encryption answers "can someone in the middle read this while it moves?" Zero-knowledge answers "can the company holding my data read it while it sits there?" A messaging app can be E2EE without being zero-knowledge about your backups. A storage app can be zero-knowledge about your files without being a messaging product at all.

Under the hood the building blocks are the same in both: authenticated encryption such as XChaCha20-Poly1305 to scramble and protect each item, and a key exchange such as X25519 to pass keys between people without exposing them. The difference is not the maths — it is who ends up holding the keys.

It also helps to know which one your situation needs. If your main risk is someone tapping the line between two people — a chat, a call, a file transfer — end-to-end encryption is the property to look for. If your main risk is the data sitting on a vendor's servers for years, where a breach or a subpoena or a curious employee could reach it, zero-knowledge is the property that matters. Most business tools carry the second risk far more than the first, which is why zero-knowledge storage is the harder and more valuable promise.

What to ask a vendor

Do not accept the label. Ask three questions: Where are encryption keys created? Can your company derive, store or recover those keys? If our entire database leaked, what would the attacker actually read? The answers tell you whether "end-to-end" or "zero-knowledge" is a property of the system or just a word on a page. Zeromatics is built so the answer to the last question is always "ciphertext, nothing more" — and you can see exactly how on our <a href="security">security page</a>.

See zero-knowledge working, live.

Watch your own data turn to ciphertext before it leaves the browser. The demo takes two minutes.

Request a demo Read the security architecture