Zero-knowledge service

From HandWiki
Not to be confused with zero-knowledge proof.

In cloud computing, the term zero-knowledge (or occasionally no-knowledge or zero-access) is a commonly used term for online services that store, transfer or manipulate data with a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. However, unlike "end-to-end encryption", the term "zero-knowledge" does not imply any specific threat model or security notion, and its use is commonly frowned-upon by the security community.[1][2]

The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge", acknowledging that the previous terminology was not technically accurate.[3]

Disadvantages

Most[citation needed] cloud storage services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of authentication; but since zero-knowledge services do not store copies of clients' passwords,[4] if a client loses their password then their data cannot be decrypted, making it practically unrecoverable.

Most[citation needed] cloud storage services are also able to furnish access requests from law enforcement agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.

References

  1. Soatok. "What To Use Instead of PGP". https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/. 
  2. Albrecht, Martin R.; Paterson, Kenneth G. (November 2024). "Analyzing Cryptography in the Wild: A Retrospective". IEEE Security & Privacy 22 (6): 3. doi:10.1109/MSEC.2024.3441764. https://eprint.iacr.org/2024/532.pdf. Retrieved 7 April 2025. 
  3. SpiderOak. "Why We Will No Longer Use the Phrase Zero Knowledge to Describe Our Software". https://medium.com/@SpiderOak/why-we-will-no-longer-use-the-phrase-zero-knowledge-to-describe-our-software-ddef2593a489. 
  4. Kiefer, Franziskus; Manulis, Mark (2014). "Zero-Knowledge Password Policy Checks and Verifier-Based PAKE". Computer Security - ESORICS 2014. Lecture Notes in Computer Science. 8713. pp. 295–312. doi:10.1007/978-3-319-11212-1_17. ISBN 978-3-319-11211-4. https://eprint.iacr.org/2014/242.pdf. 
  5. Kiss, Jemima (2014-07-17). "Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak" (in en). The Guardian. http://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak. 
  6. O'Sullivan, Fergus (2015-08-25). "What Exactly is Zero-Knowledge in The Cloud and How Does it Work?" (in en). https://www.cloudwards.net/what-exactly-is-zero-knowledge-in-the-cloud-and-how-does-it-work/. 
  7. Farivar, Cyrus (2016-10-04). "FBI demands Signal user data, but there's not much to hand over" (in en-us). Ars Technica. https://arstechnica.com/tech-policy/2016/10/fbi-demands-signal-user-data-but-theres-not-much-to-hand-over/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Zero-knowledge_service&oldid=3986923"