How does zero knowledge encryption work?


How secure is zero knowledge encryption?

Topic: Security
Answer this Question


2 total
Vote Up (13)

Zero-knowledge proof

"In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true. For cases where the ability to prove the statement requires some secret information on the part of the prover, the definition implies that the verifier will not be able to prove the statement to anyone else. Notice that the notion only applies if the statement being proven is the fact that the prover has such knowledge (otherwise, the statement would not be proved in zero-knowledge, since at the end of the protocol the verifier would gain the additional information that the prover has knowledge of the required secret information). This is a particular case known as zero-knowledge proof of knowledge, and it nicely illustrates the essence of the notion of zero-knowledge proofs: proving that one possesses a certain knowledge is in most cases trivial if one is allowed to simply reveal that knowledge; the challenge is proving that one has such knowledge without revealing it or without revealing anything else.

For zero-knowledge proofs of knowledge, the protocol must necessarily require interactive input from the verifier, usually in the form of a challenge or challenges such that the responses from the prover will convince the verifier if and only if the statement is true (i.e., if the prover does have the claimed knowledge). This is clearly the case, since otherwise the verifier could record the execution of the protocol and prove it to someone else, contradicting the fact that proving the statement requires knowledge of some secret on the part of the prover.
Some forms of non-interactive zero-knowledge proofs of knowledge exist,[1] but the validity of the proof relies on computational assumptions (typically the assumptions of an ideal cryptographic hash function)."

Vote Up (9)

I think it is the best solution for cloud storage data security. All of your data is encrypted, and the cloud storage provider doesn’t have the key, only you, the user does. In other words, the provider has “zero knowledge” of the encryption key. It also goes a long way towards keeping your data secure against government snooping. For example, Google may have to comply with a “request” to share your data, but all they would be able to share is encrypted and there is nothing they can do about it.

Ask a question

Join Now or Sign In to ask a question.
Corporate employees are taking a surprisingly lax approach towards security issues raised by the business use of personally owned mobile devices.
In the battle to keep your personal information private, it's not just hackers you have to worry about but lax security and stupidity.
Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications.
Microsoft updated the Certificate Trust List in Windows to revoke trust for a certificate authority operated by the Indian government after it improperly issued at least 45 SSL certificates for domains owned by Google and Yahoo.
Cybercriminals are trying to create a new botnet based on what is likely a modification of Gameover Zeus, a sophisticated Trojan program whose command-and-control infrastructure was taken over by law enforcement agencies at the beginning of June.
Google is going to tour Europe with a band of external advisers this fall to discuss a landmark ruling by Europe's top court that gave people the right to have personal information excluded from search engine listings in Europe.
Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.
The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.
Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.
In wake of psychological experiment, group challenges users to take a Facebook break and find out if it makes them happier.
Join us: