What is Zero-Knowledge Encryption?

What is Zero-Knowledge Encryption?

Trusting personal information to online services makes us vulnerable to abuse. However, unless you’re an IT professional, it is very hard to understand what “safety” means for each service you use. If you want to make sure that you are truly protecting your private data – you should go for services that use Zero-Knowledge encryption. From this article, you will learn what “Zero Knowledge” is, how Zero-Knowledge encryption works and why we believe this is the best way you can protect your information online.

In a nutshell, Zero-Knowledge encryption means that service providers know nothing about the data you store on their servers. But, to better grasp the term, let’s go over how encryption works in general.

A trip to the Zero-Knowledge Hotel

Usually, online services should be protected with some sort of encryption – in other words, when we enter our data on a website or app, our information is encoded in such a way that it can only be accessed by authorized persons with a secret key or password. Like with door locks, this encryption can be very basic or very strong.

Let’s imagine we are on a business trip. We are done with cheap motels where our key works for several guest rooms. We actually picked a good hotel with solid security measures, check in, leave our photo camera in the room, lock the door and head for a meeting. We can almost be sure that our camera will be safe because we trust the administrators of the hotel and we know that our door’s lock is really secure.
Now, let’s put it in context with our online usage:

  • the camera is the private information we upload to the cloud
  • the room is our account
  • the lock on the door is the encryption system used to protect our data
  • the key to open the lock is our password
  • the hotel is our service provider

Because of encryption, the locks used by many cloud-based services are so strong that it would take huge computational resources to identify a single key. But, what if instead of trying to pick the lock, a thief or hacker attacks the hotel reception and gets access to the master key?

This would cause a data breach. If the keys of all the rooms can be stolen from the reception, then it doesn’t matter how secure the door locks are.

This is where Zero-Knowledge encryption enters the picture. If we want our private documents (or our precious camera) to be safe, we’ll need to choose a hotel that doesn’t have any extra copy of our key – just like we need to use online service providers with “zero knowledge” about our passwords.

What is a Zero-Knowledge Proof?

To log into a web server, you need to show that you are authorized to access by entering your key or password. Traditionally, the server already has an encoded version of your key and if it matches, the door opens and you can get in. But, there’s a problem: the server has knowledge of your keys, too. Therefore, the security of your data depends on the server not being compromised.

Back in the 1980s, MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff were working on a way in which someone (a “prover”) has to prove to someone else (a “verifier”) that they know the answer to a particular mathematical problem (the password), without actually revealing it. Today, this complex (but possible) process is known as Zero-Knowledge Proof or ZK Protocol.
According to Goldwasser, Micali and Rackoff, Zero-Knowledge Proof must meet the following criteria:

  • Completeness: If the prover is providing the right password, the verifier will be convinced that it’s actually the right password.
  • Soundness: The verifier will be convinced, if and only if the prover is entering the right password.
  • Zero-Knowledgeness: The verifier must not learn the password.

But, how is it possible to prove that we have the right password without actually telling it to the service administrators? The complicated answer is: The “private” password of the proofer and the “public” password that the verifier knows are mathematically linked. This way the verifier can check whether they belong together. But the verifier still can’t track back or generate the private password from this knowledge.

Confused? Let’s go back to our Zero-Knowledge Hotel. Their solution is a bit easier: When you check into the hotel, they wouldn’t give you a key. Instead, the receptionist just would assign a room for you and encourage you to bring your very strong own padlock to secure it.

This way, each guest has a private lock, no copies of the keys are kept in the reception and no one has to rely on the hotel securing the key. Because they know that the best way to protect your valuables is keeping them out of reach even for their most trusted staff members. If at any point, hackers try to steal the keys, they will just find an empty drawer.

Safety shouldn’t be a matter of trust

If a hotel keeps a copy of your key in the reception, you have to trust that they won’t use it, protect it very well and never give it to others. As we all know, we can never be completely sure about that.

At Tresorit, we believe that security shouldn’t be a matter of trust. Although it is very hard to achieve, Tresorit leverages Zero-Knowledge protocols to keep your data safe. Unlike other services, our engineers have been able to guarantee that our service is protected by Zero-Knowledge encryption from anywhere you decide to access – even your browser. It is virtually impossible for anyone to have access to your private documents. No one other than you has access to your key, not even Tresorit administrators. In other words: We know nothing.

Zero-Knowledge standards enhance our end-to-end encryption as they ensure that we never have access to our users’ files and encryption keys in a readable format. It is the most secure way to protect your privacy online. Now you know that whenever you choose an online service, you should look out for an alternative that comes with Zero-Knowledge encryption. Your files and information are yours and you should be the only one who can access them.

Discover how Tresorit protects confidential files

Learn more about security features