In 2021 the term “Zero Knowledge Encryption” equates to a complete insurance on your data. We have written this article to inform you, in a simple yet explanatory way about this opportunity to completely protect your private information.
On this page, you’ll find:
Zero Knowledge Encryption means that no one, except you (not even the service provider) can access your secured data.
This is a crucial point, in fact, even with totally encrypted files, if the server has access to the keys, a centralised hacker attack can cause an unrecoverable data breach.
In order to better understand the drivers that brought to design the Zero Knowledge Encryption solution, we have decided to provide a concise, yet exhaustive summary of the pros and cons of the 3 existing alternatives.
Encryption-in-transit secures a message, while it is being transmitted between two parties. (i.e. between your computer and the cloud provider)
This means that, while transferring data is secure, stored docs are 100% decrypted.
Encryption-at-rest protects the file or data on the server while not being used.
In short: files are encrypted while stored, but not secure when transferred and unprotected from central attacks on the server. The former is the reason why it’s usually matched together with an encryption-in-transit solution.
The main issue with these 2 options is that if you rely on a not very secure service, just one central attack could uncover all your data.
Let’s now examine a more secure solution, one that goes beyond the security “façade”.
End-to-end encryption is a system of communication where only the communicating users (who have the key) can read the messages. User data is decrypted but only on their personal device, never on the server.
Nowadays this is the most used way to protect yourself from data breaches, but, as the name says, it works from “one end to the other”. This means that it is warmly suggested, but you can employ it only when using a “communication system” like Whatsapp or Telegram.
Related reading: End-to-end encryption simply explained
End-to-end encryption really managed to go beyond the vulnerabilities of Encryption-in-transit and Encryption-at-rest solutions, crafting a fortress for communication services.
But what is missing here is a flexible guard, one that is there even if the “two ends” does not exist, like when you store data in the Cloud.
Here is the driver of the design of Zero-Knowledge Encryption, a solution that deals with this matter by hiding (100%) the encryption key, even to the storage provider, resulting in an authentication request without any password exchange.
“Nobody, not even us, can access your files” is the motto of the service providers of this sector.
But how does Zero Knowledge Encryption work? Let's now explain this concept easily, by means of a short childhood story.
Before beginning, let’s set the final goal and the roles:
“Imagine we are in this fairytale world where a ring-shaped cave exists with two entrances/exits respectively named “A” and “B”, internally connected by a magic door.
Only Alice knows the secret word to open that hidden passage and to be able to exit from both ways.
At this point the test begins with the 3 hereafter steps:
Someone could argue that she entered from “A” and that it was a matter of luck, 50% probability, ok. But what if they repeat this process multiple times, asking her to exit from “A” or “B” at random? For sure Bob can verify that she knows the key without actually learning what the actual “magic word” was.”
The concept here was that Alice, the prover, had to demonstrate that she knew the secret key to Bob, the verifier, without actually showing him the real password.
How? In this story he had the “power” to choose from which exit Alice should have got out, but only she knew how to pass through the magic door.
In fact, Bob didn’t know the magic word and he didn’t hear it while used, but at the end he was sure 100% that Alice owned the secret key.
To summarize: in a nutshell Zero-Knowledge Encryption, means that you, and only you, own the password and there is no other way to have access to the data. Not even the service provider has the power.
Just like in the story above, to enter in an account you have to prompt the precise password. In the hyperconnected world we are currently living in, it is common practice to let the server already know your secret key and see if it matches.
Instead, as we have just discovered, there is another, more secure way, to manage this delicate process and this is called Zero Knowledge Architecture.
But how is it possible to comply with these 3 tricky requirements?
Let’s move back to the story: Bob didn’t know the key, but he was able to judge, from outside the cave, whether Alice knew it or not. Basically what happens here is that the system will check if you are able to demonstrate your knowledge multiple times, answering to different requirements (the two different exits). Only in this way it will be possible to apply the Zero Knowledge Encryption successfully, with no need at all to show your secret code.
Wondering what are the real benefits of applying this theoretical system? Check out Cloudstorageinfo's review of Cubbit, zero-knowledge cloud storage.
Before concluding we would like to make a round up of the pros and cons of Zero Knowledge Encryption.
That is actually a concrete demonstration of the extreme protection that is guaranteed by the Zero Knowledge Encryption solution, where not even the system admins can recover your password.
Related reading: How to protect your privacy online: 5 actionable tips!
At Cubbit we chose to leverage the Zero Knowledge Architecture to create the first 100% private, secure and green cloud storage solution running on a distributed network.
Cubbit’s infrastructure revolves around 3 players:
For every file stored you get 3 layers of security:
A network where nobody, not even the provider, can access your files! This guarantees you all the peace of mind you’ll ever need.
This is Cubbit. The only cloud storage that is not dependent on expensive and polluting data-centres. Where your most precious files will be secured, forever.
Subscribe not to miss new articles and updates about Cubbit.
Cinquanta aziende provenienti da tutto il territorio italiano e da svariati settori - servizi, ICT e tecnologia, industria, meccanica di precisione, consulenza, cooperative e consorzi, PA, agroalimentare e FMCG - hanno aderito al programma della startup bolognese membro di GaiaX. Prende così vita, a partire dall’Italia, la prima rete B2B di cloud storage distribuito in Europa.
Wouter is a patent attorney, formerly at Nokia. After the WeTransfer security flaw, he switched to Cubbit for a file backup with end to end encryption.
Intervistiamo Daniele Righi, Chief Innovation & Business Development Officer di Linkem - riguardo alla sperimentazione Linkem & Cubbit per un nuovo paradigma di cloud distribuito.
Learn how you can secure your files in the safest place on the internet - plus subscriber-only special news and offers.