Zero Knowledge Encryption Explained

Zero Knowledge Encryption

Zero Knowledge Encryption

Zero knowledge encryption is one of the most powerful concepts cryptographers have developed so far. Nobody but yourself is able to access the files in the cloud. Sounds simple enough, but is it? Well, I am sure a lot of you have heard of this before, some of you never and some of you are here to find out more about it. Let’s apply these words to a simple case in the real world. That way we’ll all understand it better.


Building Zero Knowledge Encryption On An Example

Zero Knowledge Encryption

For example, let’s take a heavily guarded mansion. Inside that heavily guarded mansion is a vault with very important information on a random topic. For the purpose of the discussion, let us say that the vault can’t be broken in. You can’t picklock it and you can’t blow the doors open. The only way to get in or out is by using keys.

In case there are 2 keys: One key is with the owner and the other key is with the guards in the mansion. If thieves wanted to get that information from the vault they would first have to steal the key from the guards and then just open the vault.

In case there’s one key: The only key is with the owner and owner is not in the mansion. If thieves were already in the mansion there’s no way that they could have opened that vault, no matter what.

Now let us try to translate that case into a cloud service platform.


Translating Zero Knowledge Encryption To A Cloud Service

The case where there were 2 keys would represent cloud services with no zero knowledge platform. Cloud services like that might encrypt and protect your files, however, they own the keys to your files as well. Your files can be accessed by people that have high authority in that company. If there’s a breach in the system, either by a hacker or an insider, they can just steal the keys and have access to your information(just like with the vault).

And the case with one key would represent the cloud services with a zero knowledge platform. Since the cloud company doesn’t have the keys to your files there’s no way that your files can get compromised. Even if there’s a security breach your files will stay safe since you’re the only one that can open them. That’s the beauty of this system. You have full control of your files.


Importance of Zero Knowledge Encryption

No matter how good internet services protected their servers and files in the past, a breach happened anyways, which resulted in a major exposure of people’s files. According to www.gemalto.com, only in the year of 2015, there were 1,673 breaches which resulted in 707,509,815 records breached in total.

The files that were lost or either exposed included: photos, videos, private and business information like credit cards numbers, phone numbers, addresses, various legal documents and so on.

A few honourable mentions:

  1. Anthem Insurance – This U.S. based health insurance company was attacked in January 2015. The attackers were aiming for people’s private information, which resulted in a theft of 78.8 million records, making it the largest data breach of the year.
  2. General Directorate of Population and Citizenship Affairs – The attackers went for the Turkish government agency this time. The attack was branded as a major identity theft, resulting in 50 million records exposed.
  3. Korea Pharmaceutical Information Center – The South Korean company that makes pharmacy management software was also attacked. Another identity theft breach, which resulted in the exposure of 43 million records.

Companies and agencies that were supposed to be well protected have been breached. What would have happened if they were based off a Zero knowledge encryption? The hackers would get nothing from it.


Best cloud services that use the Zero Knowledge Encryption


pCloud

$4.99/month 500 GB
9.1

Pricing & Plans

9.5/10

Ease of Use

9.0/10

File Syncing

10.0/10

File Sharing

8.5/10

Retrieving Files

8.5/10

Security

9.5/10

Support

9.0/10

Additional Features

9.0/10

Pros

  • Up to 10 GB of free storage
  • Amazing sycing solutions
  • Unlimited transfer speeds
  • Easy to use
  • Unlimited file sizes
  • Client-side encryption
  • Innovative lifetime plans

Cons

  • No client-side encryption in the free plan
  • No dedicated live chat/phone support

pCloud utilises the so-called Crypto Folder to which you can upload your files. Those files are then encrypted by you and only you have access to them. No one, even pCloud’s administrators, will have access to your content. You also have to keep in mind that if you ever forget the password to your Crypto folder all of your files will be lost, since there’s no way to open the folder without it. pCloud also offers lifetime cloud storage plans.

Read the pCloud review here.


Sync.com

$8/month 2000 GB
9.1

Pricing & Plans

9.5/10

Ease of Use

9.0/10

File Syncing

9.0/10

File Sharing

9.5/10

Retrieving Files

9.5/10

Security

10.0/10

Support

8.0/10

Additional Features

8.5/10

Pros

  • Zero-Knowledge platform
  • Not subject to US Patriot Act
  • Client-side encryption
  • 30-day money back guarantee
  • Easy to use, modern platform
  • Great syncing, sharing and file retrieving options
  • Unlimited bandwidth

Cons

  • No live chat/phone support
  • No linux client

Sync uses “Zero Knowledge” platform which guarantees your privacy by encrypting and decrypting your data client-side. Moreover, the encryption keys that are used to encrypt your files aren’t in the hands of Sync, but only you. Even the password to your account is unknown to them.

Read the Sync.com review here.


MEGA

€4.99/month 400 GB
8.5

Pricing & Plans

8.5/10

Ease of Use

9.0/10

File Syncing

8.5/10

File Sharing

8.5/10

Retrieving Files

8.0/10

Security

9.5/10

Support

7.5/10

Additional Features

8.5/10

Pros

  • Free 15 GB of storage
  • Excellent security & client-side encryption
  • Well made sync client
  • Useful mobile application
  • Allows FTP connection

Cons

  • Slightly expensive
  • Slow speeds at peak hours
  • Limited support options

Mega is known for its good security protocol. It uses AES encryption to secure files. In addition to that, they don’t keep any of your passwords or master keys, only you have access to them. The only way to recover your lost password is with the master key which you receive upon registration. This makes Mega one of the more secure cloud services on the market.

Read the Mega review here.



What do you think about zero knowledge encryption? Share your opinion in the comment section down below!

Dejan Miladinović

Hey! Welcome to Cloudstorageinfo.org. My name is Dejan Miladinović and hopefully, your go-to guy for all cloud service things considered. I've been extensively testing and researching the cloud service market for the past 4 years and posting various reviews and tips on this very website. Hopefully, you found the post written above useful and intuitive. I would be happy to discuss it more in the comments section. If you have any questions ask them down below and I'll answer them shortly.

5 thoughts on “Zero Knowledge Encryption Explained

  • April 29, 2019 at 09:15
    Permalink

    The reason why non-zero-knowledge-enryption service still exists is very simple. A “common sense” is that zero-knowledge-enryption conflicts with cross-users-data-deduplication, so big players requires data deduplication to reduce its cost, sacrifies zero-knowledge-enryption.
    However, there is a technology called TruPrivacy that can combines both of them perfectly. TruPrivacy breaks the “common sense”, you can get the security from zero-knowledge-enryption and low cost from data deduplication at same time.
    However, most cloud service providers like Dropbox/Google don’t need TruPrivacy. They want to scan user’s data to get more business opportunities.

    Reply
  • March 10, 2017 at 03:06
    Permalink

    Hi Dejan, I had no idea about “zero knowledge encryption”, thanks for the explanation. So I have 2 questions…

    (1) If anyone ever wants a cloud storage, would you say they should always go for a zero-knowledge one? Why should ‘non-zero knowledge” storage services still exist?

    (2) If you are the only owner of the information (for example the key to the mansion)…if you’ve lost the key, what happens? Is it something like “reset password” so that only you can access?

    Thanks for the advice!
    Ray

    Reply
    • March 10, 2017 at 07:47
      Permalink

      Hello Ray,

      Good questions!

      If you’re searching for a cloud storage I would most certanly advise you to pick one that is based on a “zero-knowledge principle. As pointed out in the post this is highest form of privacy that you can have on any cloud storage. Why do non-zero knowledge services still exist? It’s very simple. This form of privacy is still kind of new(a few years). Any older cloud storage like dropbox or google drive simply didn’t have the need for this kind of a system back then, when it was created – And it would be nearly impossible to switch the system now.

      It’s all about supply and demand. As you may have heard cloud storages have been compromised by hackers in the past (Dropbox) which created the need for a more secure system – Zero knowledge. It wasn’t there at the start because the audience didn’t demand it and now it’s too late to change.

      In case you loose the password it varies from storage to storage on how you can retrieve it, if you can retrieve it at all. For example with pCloud crypto – If you lose the password there is no way of retrieving it and all the files will stay locked. This is good from a security standpoint but not so good if you actually lose it.

      Anyways, it’s been fun answering your questions and if you have any more feel free to ask!

      Dejan

      Reply
  • January 25, 2017 at 00:51
    Permalink

    Thanks for this article on zero knowledge encryption. Now, I know what it is, why it’s important, and which sites use it. My only question is, what is the difference between zero knowledge encryption and other types of encryptions. I have my cloud storage service with Google. I wonder what kind of encryption they use.

    Reply
    • January 25, 2017 at 08:39
      Permalink

      Hello Brett,

      The difference between zero-knowledge encryption(client-side) and other types like end-to-end encryption is that the first one is far more secure. Your files are encrypted by you and only you can open them, not even the cloud storage administrators. Check this link – End-To-End Encryption vs Client-Side Encryption – Learn More Today. Google Drive does not use the client-side encryption (zero knowledge). If you would like to make your files more secure you should consider encrypting your files yourself or transferring to one of these cloud storages that do use it.

      Hopefully that answers your question.

      Dejan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *