In 2021 the term “Zero Knowledge Encryption” equates to a complete insurance on your data. We have written this article to inform you, in a simple yet explanatory way about this opportunity to completely protect your private information.
On this page, you’ll find:
- The definition of the different types of encryption, along with their pros and cons.
- What zero-knowledge encryption is and why you need it from the services you use.
- A fairy tale story (i.e. Ali-baba Cave) that simply explains how zero-knowledge technology works.
Why does Zero Knowledge Encryption exist?
Zero Knowledge Encryption means that no one, except you (not even the service provider) can access your secured data.
This is a crucial point, in fact, even with totally encrypted files, if the server has access to the keys, a centralised hacker attack can cause an unrecoverable data breach.
In order to better understand the drivers that brought to design the Zero Knowledge Encryption solution, we have decided to provide a concise, yet exhaustive summary of the pros and cons of the 3 existing alternatives.
Encryption-in-transit vs Encryption-at-rest, what’s the difference?
Encryption-in-transit secures a message, while it is being transmitted between two parties. (i.e. between your computer and the cloud provider)
This means that, while transferring data is secure, stored docs are 100% decrypted.
Encryption-at-rest protects the file or data on the server while not being used.
In short: files are encrypted while stored, but not secure when transferred and unprotected from central attacks on the server. The former is the reason why it’s usually matched together with an encryption-in-transit solution.
The main issue with these 2 options is that if you rely on a not very secure service, just one central attack could uncover all your data.
Let’s now examine a more secure solution, one that goes beyond the security “façade”.
What is End-to-end Encryption
End-to-end encryption is a system of communication where only the communicating users (who have the key) can read the messages. User data is decrypted but only on their personal device, never on the server.
Nowadays this is the most used way to protect yourself from data breaches, but, as the name says, it works from “one end to the other”. This means that it is warmly suggested, but you can employ it only when using a “communication system” like Whatsapp or Telegram.
Related reading: End-to-end encryption simply explained
End-to-end encryption really managed to go beyond the vulnerabilities of Encryption-in-transit and Encryption-at-rest solutions, crafting a fortress for communication services.
But what is missing here is a flexible guard, one that is there even if the “two ends” does not exist, like when you store data in the Cloud.
Here is the driver of the design of Zero-Knowledge Encryption, a solution that deals with this matter by hiding (100%) the encryption key, even to the storage provider, resulting in an authentication request without any password exchange.
“Nobody, not even us, can access your files” is the motto of the service providers of this sector.
What is Zero Knowledge Proof: an example
But how does Zero Knowledge Encryption work? Let's now explain this concept easily, by means of a short childhood story.
Before beginning, let’s set the final goal and the roles:
- The final goal is to prove the statement “I know the secret word to open the magic door in the cave” (the password).
- Bob is the verifier, the person that has to control if Alice knows the secret word.
- Alice is the prover, she has to prove that she knows the secret word without actually revealing it.
“Imagine we are in this fairytale world where a ring-shaped cave exists with two entrances/exits respectively named “A” and “B”, internally connected by a magic door.
Only Alice knows the secret word to open that hidden passage and to be able to exit from both ways.
At this point the test begins with the 3 hereafter steps:
- Bob closes his eyes and Alice enters the cave.
- Bob doesn’t know from where she entered, he just opens his eyes and shouts her to exit from “A”
- Alice knows the secret word and she can exit from “A” without any problem at all, even if she entered from “B”
Someone could argue that she entered from “A” and that it was a matter of luck, 50% probability, ok. But what if they repeat this process multiple times, asking her to exit from “A” or “B” at random? For sure Bob can verify that she knows the key without actually learning what the actual “magic word” was.”
The concept here was that Alice, the prover, had to demonstrate that she knew the secret key to Bob, the verifier, without actually showing him the real password.
How? In this story he had the “power” to choose from which exit Alice should have got out, but only she knew how to pass through the magic door.
In fact, Bob didn’t know the magic word and he didn’t hear it while used, but at the end he was sure 100% that Alice owned the secret key.
To summarize: in a nutshell Zero-Knowledge Encryption, means that you, and only you, own the password and there is no other way to have access to the data. Not even the service provider has the power.
Zero Knowledge Protocol
Just like in the story above, to enter in an account you have to prompt the precise password. In the hyperconnected world we are currently living in, it is common practice to let the server already know your secret key and see if it matches.
Instead, as we have just discovered, there is another, more secure way, to manage this delicate process and this is called Zero Knowledge Architecture.
The Zero Knowledge Proof relies on three main requirements:
- Complete: if the prover demonstrates that she is able to complete the process in the required way, the verifier will have the confirmation that she actually possesses the right password.
- Sound: the verifier will be able to confirm, if and only if the prover owns the correct password.
- Zero Knowledge: the verifier must not be able to know and to learn the right key.
But how is it possible to comply with these 3 tricky requirements?
Let’s move back to the story: Bob didn’t know the key, but he was able to judge, from outside the cave, whether Alice knew it or not. Basically what happens here is that the system will check if you are able to demonstrate your knowledge multiple times, answering to different requirements (the two different exits). Only in this way it will be possible to apply the Zero Knowledge Encryption successfully, with no need at all to show your secret code.
Wondering what are the real benefits of applying this theoretical system? Check out Cloudstorageinfo's review of Cubbit, zero-knowledge cloud storage.
Pros and Cons of the Zero Knowledge Encryption
Before concluding we would like to make a round up of the pros and cons of Zero Knowledge Encryption.
- High control on data handling: your files will not only be encrypted, but also stored in a flexible and handy cloud.
- If nobody can access your data, you don’t even need to trust your provider. It’s not about trust, it’s about maths.
- Even the harshest hacker attacks cannot compromise the privacy of your data.
- Just one, if you lose both your password and your recovery phrase, there's no way to retrieve your files.
That is actually a concrete demonstration of the extreme protection that is guaranteed by the Zero Knowledge Encryption solution, where not even the system admins can recover your password.
Related reading: How to protect your privacy online: 5 actionable tips!
Onboard a Zero Knowledge cloud storage: What is Cubbit and how it works.
At Cubbit we chose to leverage the Zero Knowledge Architecture to create the first 100% private, secure and green cloud storage solution running on a distributed network.
Cubbit’s infrastructure revolves around 3 players:
- The user: You, accessing the cloud through your device.
- The Swarm: a distributed, P2P network of nodes where data is stored.
- The coordinator: a “team” of machine learning algorithms guaranteeing security and organisation.
For every file stored you get 3 layers of security:
- Each file is encrypted with military grade protocols (AES 256 key).
- It is split into chunks, that are multiplied to show redundancy and continuous uptime.
- All these chunks are spread across Cubbit’s Zero Knowledge Network.
A network where nobody, not even the provider, can access your files! This guarantees you all the peace of mind you’ll ever need.
This is Cubbit. The only cloud storage that is not dependent on expensive and polluting data-centres. Where your most precious files will be secured, forever.