What is Zero-Knowledge Encryption, and How Does It Work?

Written by

Zero-knowledge encryption is arguably one of the most secure ways of protecting your data. In a nutshell, it means that cloud storage or backup providers know nothing (i.e. have “zero-knowledge”) about the data you store on their servers.

The recent wave of data breaches has put a spotlight on encryption and how it can help protect sensitive information. The most promising type is zero-knowledge encryption, which allows for greater security with less computational overhead than the traditional secret-key cryptography offered by RSA or Diffie-Hellman schemes.

Zero-knowledge encryption ensures privacy even when used insecurely because the encrypted data cannot be deciphered without the secret key. Here, I explain the basics of how zero-knowledge encryption works and how you can start using it to protect your data online.

The Basics Types of Encryption

There are different ways of encrypting your data and each will provide a certain level and type of protection.

Think of encryption as a way of putting armor around your data and locking it in unless a particular key is used to open it.

There are 2 types of encryption: 

  1. Encryption-in-transit: This protects your data or message while it's being transmitted. When you're downloading something from the cloud, this will protect your information while it travels from the cloud to your device. It's like storing your info in an armored truck.
  2. Encryption-at-rest: This type of encryption will protect your data or files on the server while it is not being used (“at rest”). So, your files remain protected while they are stored however if it's unprotected during a server attack, well…you know what happens.

These types of encryption are mutually exclusive, so data protected in encryption-in-transit is susceptible to central attacks on the server while it's stored.

At the same time, data that are encrypted at rest is susceptible to interceptions.

Usually, these 2 are matched together to give users like YOU better protection.

What is Zero-Knowledge Proof: The Simple Version

It's easy to remember what zero-knowledge encryption does to your data.

It protects your data by making sure everybody else has zero knowledge (get it?) about your password, encryption key, and most importantly, whatever you've decided to encrypt.

Zero-Knowledge Encryption ensures that ABSOLUTELY no one can access whatever data you've secured with it. The password is for your eyes only.

This level of security means that only YOU have the keys to access your stored data. Yes, that also prevents the service provider from looking at your data.

Zero-knowledge Proof is an encryption scheme proposed by MIT researchers Silvio Micali, Shafi Goldwasser, and Charles Rackoff in the 1980s and it's still relevant today.

For your reference, the term zero-knowledge encryption is often used interchangeably with the terms “end-to-end encryption” (E2E or E2EE) and “client-side encryption” (CSE).

However, there are a few differences.

Is Zero-Knowledge Encryption the Same As End-to-End Encryption?

Not really.

Imagine that your data is locked away in a vault and only the communicating users (you and the friend you're chatting with) have the key to opening those locks.

Because the decryption only happens on your personal device, hackers won't get anything even if they try to hack the server where the data passes or try to intercept your information while it's being downloaded to your device.

The bad news is that you can only use zero-knowledge encryption for communication systems (i.e., your messaging apps like Whatsapp, Signal, or Telegram).

E2E is still incredibly useful, though.

I always make sure the apps I use to chat and send files have this kind of encryption work, especially if I know I'm likely to send personal or sensitive data.

Types of Zero-Knowledge Proof

Interactive Zero-Knowledge Proof

This is a more hands-on version of zero-knowledge proof. To access your files, you'll have to perform a series of actions required by the verifier.

Using the mechanics of math and probabilities, you must be able to convince the verifier that you know the password.

Non-Interactive Zero-Knowledge Proof

Instead of performing a series of actions, you'll be generating all the challenges at the same time. Then, the verifier will respond to see if you know the password or not.

The benefit of this is it prevents the possibility of any collusion between a possible hacker and the verifier. However, the cloud storage or storage provider will have to use additional software and machines to do this.

Why Is Zero-Knowledge Encryption Better?

We'll compare how encryption works with and without zero knowledge so you understand the benefits of using private encryption.

The Conventional Solution

The typical solution you'll encounter for preventing data breaches and protecting your privacy is password protection. However, this works by storing a copy of your password on a server.

When you want to access your information, the service provider you're using will match the password you just entered with what's stored on their servers.

If you got it right, you'll have gained access to open the “magic door” to your information.

So What's Wrong With This Conventional Solution?

Since your password is still stored somewhere, hackers can get a copy of it. And if you're one of those people who uses the same passkey for multiple accounts, you're in for a world of trouble.

At the same time, the service providers themselves also have access to your passkey. And while they are unlikely to use it, you can never be too certain.

Over the past years, there have still been issues with passkey leaks and data breaches that make users question the reliability of cloud storage for maintaining their files.

The biggest cloud services are Microsoft, Google, etc., which are mostly located in the US.

The problem with providers in the US is they are required to comply with the CLOUD Act. This means that if Uncle Sam ever comes knocking, these providers have no choice but to hand over your files and passcodes.

If you've ever taken a look at the terms and conditions we normally just skip over, you'll notice something way in there.

For example, Microsoft has a stipulation there that says:

“We will retain, access, transfer, disclose, and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders on OneDrive), when we have a good faith belief that doing so is necessary to do any of the following: e.g. Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.”

This means these cloud storage providers openly admit to their ability and willingness to access your fails, even if it's protected by a magic word.

Zero-Knowledge Cloud Storage

So, you see why zero-knowledge services are a compelling way to go if users want to protect their data from the prying eyes of the world.

Zero-knowledge works by not storing your key. This takes care of any possible hacking or untrustworthiness on the part of your cloud provider.

Instead, the architecture works by asking you (the prover) to prove that you know the magic word without actually revealing what it is.

This security all works by using algorithms that run through several random verifications to prove you know the secret code.

If you successfully pass the authentication and prove you have the key, you'll be able to enter the vault of protected information.

Of course, this is all done in the background. So in reality, it feels just like any other service that uses passwords for its security.

The Principles of Zero-Knowledge Proof

How do you prove you have the password without actually revealing what it is?

Well, Zero-knowledge proof has 3 main properties. Remember that the verifier stores how you know the passcode by making you prove a statement is true again and again.

#1 Completeness

This means the prover (you), has to accomplish all the required steps in the manner the verifier requires you to do them.

If the statement is true and both the verifier and prover have followed all the rules to a tee, the verifier will be convinced you have the password, without the need for any external help.

#2 Soundness

The only way the verifier will confirm you know the passcode is if you can prove you have the correct one.

This means that if the statement is false, the verifier will never be convinced that you have the passcode, even if you say the statement is true in a small probability of cases.

#3 Zero Knowledge

The verifier or service provider must have zero knowledge of your password. Moreover, it must be unable to learn your password for your future protection.

Of course, the effectiveness of this security solution largely depends on the algorithms being used by your chosen service provider. Not all are made equal.

Some providers will provide you with much better encryption than others.

Remember this method is more than just about hiding a key.

It's about ensuring nothing will get out without YOUR say-so, even if the government comes banging on their company's doors demanding that they hand over your data.

Benefits of Zero-Knowledge Proof

We live in an age where everything is stored online. A hacker can completely take over your life, gain entry to your money and social security details, or even cause devastating harm.

This is why I think zero-knowledge encryption for your files is ABSOLUTELY worth it.

Summary of benefits:

  • When done right, nothing else can give you better security.
  • This architecture ensures the highest level of privacy.
  • Even your service provider will be unable to learn the secret word.
  • Any data breach won't matter because leaked information remains encrypted.
  • It's simple and does not involve complex encryption methods.

I've raved about the incredible protection this kind of technology can provide you. You don't even need to trust the company you're spending your money on.

All you need to know is whether they use fantastic encryption or not. That's it.

This makes zero-knowledge encryption perfect for storing sensitive information.

The Downside to Zero-Knowledge Encryption

Every method has a con. If you're aiming for god-level security, you need to be prepared to make some adjustments.

I've noticed that the biggest cons of using these services are:

  • Lack of retrieval
  • Slower loading times
  • Less than ideal experience
  • Imperfect

The Key

Remember your entry to the zero-knowledge cloud storage is completely dependent on the secret word you will use to access the magic door.

These services only store proof that you have the secret word and not the actual key itself.

Without the password, you're done for. This means that the biggest downside is that once you lose this key, there's no way you can retrieve it anymore.

Most will offer you a recovery phrase that you can use if this happens but note this is your last chance to give your zero-knowledge proof. If you also lose this, that's it. You're finished.

So, if you're the type of user who loses or forgets their passcode quite a bit, you'll have difficulty remembering your secret key.

Of course, a password manager will help you remember your passkey. However, it's critical that you also get a password manager that has zero-knowledge encryption.

Otherwise, you're risking a massive data breach across all your accounts.

At least this way, you'll have to remember one passkey: the one to your manager app.

The Speed

Normally, these security providers layer zero-knowledge proof with other kinds of encryption to keep everything secure.

The process of authentication by passing through providing zero-knowledge proof then passing all other security measures takes quite a bit of time, so you'll notice it all takes longer than a less secure company site would take.

Every time you upload and download info to your cloud storage provider of choice, you'll have to go through several privacy checks, provide authentication keys, and more.

While my experience only involved entering the password, I did have to wait a little longer than usual to complete my upload or download.

The Experience

I also noticed a lot of these cloud providers don't have the best user experience. While their focus on securing your information is fantastic, they are lacking in some other aspects.

For example, Sync.com makes it impossible to preview pictures and documents because of its extremely strong encryption.

I just wish this kind of technology didn't have to impact the experience and usability so much.

Why We Need Zero-Knowledge Encryption in Blockchain Networks

Many financial companies, digital payment systems, and cryptocurrencies use blockchain to process information. However, many blockchain networks still use public databases. 

This means that your files or info is accessible to anybody who has an internet connection.

It's way too easy for the public to see all the details of your transaction and even your digital wallet details, though your name may be hidden.

So, the main protection offered by cryptography techniques is to keep your anonymity. Your name is replaced by a unique code that represents you on the blockchain network.

However, all the other details are fair game.

Moreover, unless you're highly knowledgeable and careful about these kinds of transactions, any persistent hacker or motivated attacker, for example, can and will locate your IP address associated with your transactions.

And as we all know, once you have that, it's way too easy to figure out the real identity and location of the user.

Considering how much of your personal data is used when you make financial transactions or when you use cryptocurrency, I've found this way too lax for my comfort.

Where Should They Implement Zero-Knowledge Proof in the Blockchain System?

There are plenty of areas I wished zero-knowledge encryption was integrated. Most importantly though, I want to see them in the financial institutions I transact with and transact through.

With all my sensitive information in their hands and the possibility of cyber theft and other dangers, I wish I saw zero-knowledge encryption in the following areas.

Messaging

As I've mentioned, end-to-end encryption is critical for your messaging applications.

This is the only way you can protect yourself so that no one BUT YOU will read the private messages you send and receive.

With zero-knowledge proof, these apps can build an end-to-end trust in the messaging network without leaking any additional information.

Storage Protection

I've mentioned that encryption-at-rest protects information while it's stored.

Zero-knowledge protection levels this up by implementing protocols to safeguard not just the physical storage unit itself, but also any information in it.

Moreover, it can also protect all the access channels so that no hacker can get in or out no matter how hard they try.

File System Control

Similar to what I said cloud storage services do in the earlier portions of this article, the zero-knowledge proof will add a much-needed additional layer to protect the files you send whenever you make blockchain transactions.

This adds various layers of protection to the files, users, and even logins. In effect, this will make it quite difficult for anyone to hack or manipulate the stored data.

Protection for Sensitive Information

The way blockchain works are that each group of data is grouped into blocks and then transmitted onwards to the next step in the chain. Hence, its name.

Zero-knowledge encryption will add a higher level of protection to each block containing sensitive banking information, such as your credit card history and details, bank account information, and more.

This will let banks manipulate the needed blocks of information whenever you request it while leaving the rest of the data untouched and protected.

This also means when someone else is asking the bank to access their information, YOU won't be affected.

Final Words

Zero-knowledge encryption is the top-level protection I wish I found in my most important apps.

Everything's complicated nowadays and while simple apps, like a free-to-play game that requires a login, may not need it, it's certainly critical for my files and financial transactions.

In fact, my top rule is that anything online that requires the use of my REAL details such as my full name, address, and more so my bank details, should have some encryption.

I hope this article sheds some light on what zero-knowledge encryption is about and why you should get it for yourself.

References

Join our newsletter

Subscribe to our weekly roundup newsletter and get the latest industry news & trends

By clicking 'subscribe" you agree to our terms of use and privacy policy.