var img = document.createElement('img'); img.src = "https://analytics.zks-standard.org/matomo.php?idsite=1&rec=1&url=https://zks-standard.org" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content
Version: 1.0-RC1 / CANDIDATE STANDARD

Provider-Side Data Absence (PSDA)

An Optional Property Beyond ZKS Requirements

Version: 1.0 Status: Position Paper Audience: Security Architects, CISOs, Compliance Officers

Executive Summary

Provider-Side Data Absence (PSDA) is an architectural property where service providers never store user ciphertext on their infrastructure. PSDA is not required for ZKS compliance but provides additional security benefits for implementations that achieve it.

PropertyZKS RequirementSecurity Benefit
Provider cannot decryptRequiredProtects confidentiality
Provider never holds ciphertextOptional (PSDA)Eliminates data exposure entirely

Key insight: ZKS ensures providers cannot decrypt. PSDA ensures providers never possess the encrypted data in the first place.

Definitions

Zero-Knowledge Sovereignty (ZKS)

ZKS requires that providers cannot reconstruct decryptability:

"No provider may control the components necessary to reconstruct decryptability - now or in the future."

A ZKS-compliant system may store ciphertext on provider infrastructure, provided the provider never controls key components.

Provider-Side Data Absence (PSDA)

PSDA requires that providers never store user ciphertext:

"No provider-operated service stores user ciphertext at rest. User data exists only on user-controlled endpoints and user-controlled storage substrates."

A PSDA-compliant system ensures ciphertext never resides on provider infrastructure.

The Orthogonal Relationship

ZKS and PSDA answer different questions:

PropertyQuestionZKS-Only SystemZKS + PSDA System
ZKS"Who can ever decrypt?"Only the userOnly the user
PSDA"Who ever possesses the encrypted data?"Provider holds ciphertextOnly user-controlled systems

These properties are orthogonal - each can be achieved independently:

Logical Component Model & Sovereignty Boundary

Why PSDA Matters

Threat Scenarios: ZKS-Only vs. ZKS + PSDA

ThreatZKS-Only ResponseZKS + PSDA Response
Subpoena for user dataProvider produces ciphertext (encrypted, but exposed)Provider has nothing to produce
Provider infrastructure breachAttacker exfiltrates ciphertextNo user data to exfiltrate
Insider threatInsider can access ciphertextNo user data for insider to access
Long-term cryptographic riskCiphertext available for future attacksNo ciphertext accumulation
Data retention demandsProvider must retain ciphertext per regulationNothing to retain
Jurisdiction conflictsCiphertext subject to storage location lawsNo data residency concerns

The "Harvest Now, Decrypt Later" Problem

ZKS-Only:

Adversary strategy:
1. Breach provider infrastructure
2. Exfiltrate all ciphertext
3. Wait for cryptographic advances
4. Decrypt in the future

Provider status: ZKS-compliant (cannot decrypt today)
Adversary status: Patient (may decrypt tomorrow)
User risk: Non-zero (ciphertext exposed)

ZKS + PSDA:

Adversary strategy:
1. Breach provider infrastructure
2. Find no ciphertext to exfiltrate
3. No "harvest" possible

Provider status: ZKS-compliant + PSDA-compliant
Adversary status: Unable to harvest
User risk: Zero (no ciphertext on provider)

PSDA Architecture

Data Flow: ZKS-Only (Common Pattern)

Logical Component Model & Sovereignty Boundary

Data Flow: ZKS + PSDA

Logical Component Model & Sovereignty Boundary

PSDA Criteria

A system satisfies PSDA if and only if:

Criterion 1: No Ciphertext at Rest

No service operated by the provider stores user ciphertext at rest.

CompliantNon-Compliant
Provider stores only metadataProvider stores encrypted files
Provider stores only wrapped keysProvider stores encrypted messages
Provider stores only coordination dataProvider stores encrypted database

Criterion 2: No Ciphertext Caching

No service operated by the provider caches user ciphertext beyond immediate delivery.

CompliantNon-Compliant
Fire-and-forget message relayMessage queue with persistence
Stateless data relayCDN caching of ciphertext
Ephemeral transport onlyTemporary storage for delivery

Criterion 3: User-Controlled Data Flow

User ciphertext flows only between user-controlled endpoints and user-controlled storage.

CompliantNon-Compliant
Device-to-device P2PDevice-to-server-to-device
Device-to-user's-cloud-storageDevice-to-provider-storage
Relay without inspection or storageStore-and-forward with persistence

Criterion 4: Provider Role Limited to Coordination

The provider's role is limited to coordination, key delivery, and transport facilitation - not data storage.

Provider May DoProvider May Not Do
Route messages (ephemeral)Store messages
Deliver wrapped keys (TTL)Store ciphertext
Coordinate sync eventsCache user data
Facilitate P2P connectionsPersist user content

Benefits of PSDA

ScenarioZKS-Only PositionZKS + PSDA Position
Subpoena for data"Here's ciphertext; we can't decrypt""We have no user data"
Data preservation orderMust preserve ciphertextNothing to preserve
Discovery requestProduce ciphertextProduce nothing
Data residency complianceMust ensure ciphertext locationNo data location concerns

Operational Benefits

AspectZKS-OnlyZKS + PSDA
Storage costsProvider bears storage costsUser bears storage costs
ScalingProvider scales storageUser storage scales naturally
Backup responsibilityProvider must backup ciphertextUser controls backups
Data lifecycleProvider manages retentionUser manages retention

Security Benefits

ThreatZKS-Only ExposureZKS + PSDA Exposure
BreachCiphertext exfiltratedNothing to exfiltrate
InsiderCiphertext accessibleNo data to access
Future crypto breaksHistorical ciphertext vulnerableNo historical ciphertext
Metadata correlationStorage patterns visibleNo storage patterns

Implementation Patterns

Pattern 1: Peer-to-Peer with Coordination

Provider role: Signaling, presence, key delivery
Data flow: Direct between user devices
Storage: None on provider

Example: Briar, P2P messaging systems

Pattern 2: User-Controlled Storage Substrate

Provider role: API layer to user's cloud storage
Data flow: User device → User's cloud account
Storage: User's cloud storage (not provider's)

Example: Apps using user's Dropbox/OneDrive/GDrive accounts

Pattern 3: Relay Without Persistence

Provider role: Message relay (fire-and-forget)
Data flow: Through provider but not stored
Storage: Ephemeral only (seconds, not retained)

Example: TURN relays, fire-and-forget messaging

PSDA and ZKS Profiles

PSDA is not required for any ZKS profile, but it can be documented as an additional property:

ProfileZKS RequirementsPSDA
ZKS-CoreA1–A8, common invariantsOptional
ZKS-EnhancedZKS-Core + metadata + transparencyOptional
ZKS-EnterpriseZKS-Enhanced + delegation + splitOptional
ZKS-Core + PSDAZKS-Core + no provider ciphertextDocumented

Documenting PSDA

In compliance assessments, PSDA can be documented as:

## Additional Properties

### Provider-Side Data Absence (PSDA)

This implementation satisfies PSDA criteria:

1. No ciphertext at rest on provider infrastructure
2. No ciphertext caching beyond immediate delivery
3. User data flows only to user-controlled storage
4. Provider role limited to coordination

Provider-operated services handle:
- [Key delivery service] - wrapped keys only, TTL-based
- [Coordination service] - metadata only
- [Relay service] - fire-and-forget, no persistence

Provider-operated services never store:
- User ciphertext
- User plaintext
- User files or content

Limitations

PSDA Does Not Eliminate All Metadata

Even with PSDA, providers may see:

  • Connection metadata (who connects when)
  • Sync patterns (when users are active)
  • Key delivery events (when keys are exchanged)
  • Message relay timing (when messages flow)

PSDA eliminates data exposure, not metadata exposure. A7 (Metadata Minimization) addresses metadata separately.

PSDA Requires User-Controlled Storage

PSDA shifts storage responsibility to users. This requires:

  • Users have cloud storage accounts or other user-controlled storage
  • Users manage storage capacity
  • Users handle backup and redundancy

This may not suit all use cases or users.

PSDA May Increase Complexity

P2P architectures and user-controlled storage introduce complexity:

  • NAT traversal (TURN/STUN)
  • Offline delivery challenges
  • Sync conflict resolution
  • User storage management

ZKS-only architectures with provider ciphertext storage may be simpler to implement.

Case Study: QuodArca

QuodArca is a ZKS-conformant system that also satisfies PSDA:

Architecture

ComponentFunctionData Stored
QKEYSKey deliveryWrapped keys (TTL ≤ 1 week)
QBENDSync coordinationDevice/item UUIDs
QMSVCMessage relayNone (fire-and-forget)
QP2PP2P transportNone (relay only)
CLinksUser storageCiphertext (user's accounts)

PSDA Verification

CriterionQuodArca Implementation
No ciphertext at restCiphertext only on CLinks (user-controlled)
No ciphertext cachingQMSVC is fire-and-forget
User-controlled data flowDevice → CLink → Device
Provider role limitedCoordination only

Security Properties

PropertyStatus
ZKS-Core✅ Conforms
PSDASatisfied

Result: QuodArca combines ZKS compliance with PSDA, achieving both decryptability control and data absence.

Conclusion

Provider-Side Data Absence (PSDA) is an optional property that provides security benefits beyond ZKS:

BenefitZKSPSDA
Provider cannot decrypt
Provider cannot be compelled to produce ciphertextPolicy-dependent✅ (nothing to produce)
No "harvest now, decrypt later" riskCiphertext exposedNo ciphertext to harvest
No data residency concernsCiphertext location mattersNo data on provider

For maximum security: Implement both ZKS (decryptability control) and PSDA (data absence).

For ZKS compliance: PSDA is not required, but its presence can be documented as an additional security property.

References

  • ZKS-1.0: Zero-Knowledge Sovereignty Standard
  • QuodArca ZKS Compliance Assessment
  • "Data Minimization in Security Architecture" (forthcoming)