Zero-knowledge service

Last updated April 12, 2025

In cloud computing, the term zero-knowledge (or occasionally no-knowledge or zero access) is a commonly-used term for online services that store, transfer or manipulate data with a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. However, unlike "end-to-end encryption", the term "zero-knowledge" does not imply any specific threat model or security notion, and its use is commonly frowned-upon by the security community.^[1]^[2]

The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge", acknowledging that the previous terminology was not technically accurate.^[3]

Disadvantages

Most^{[ citation needed ]} cloud storage services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of authentication; but since zero-knowledge services do not store copies of clients' passwords,^[4] if a client loses their password then their data cannot be decrypted, making it practically unrecoverable.

Most^{[ citation needed ]} cloud storage services are also able to furnish access requests from law enforcement agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.

References

↑ Soatok. "What To Use Instead of PGP". Dhole Moments. Retrieved 7 April 2025.
↑ Albrecht, Martin R.; Paterson, Kenneth G. (November 2024). "Analyzing Cryptography in the Wild: A Retrospective" (PDF). IEEE Security & Privacy. 22 (6): 3. doi:10.1109/MSEC.2024.3441764 . Retrieved 7 April 2025.
↑ SpiderOak. "Why We Will No Longer Use the Phrase Zero Knowledge to Describe Our Software". Medium. Retrieved 7 April 2025.
↑ Kiefer, Franziskus; Manulis, Mark (2014). "Zero-Knowledge Password Policy Checks and Verifier-Based PAKE" (PDF). Computer Security - ESORICS 2014. Lecture Notes in Computer Science. Vol. 8713. pp. 295–312. doi:10.1007/978-3-319-11212-1_17. ISBN 978-3-319-11211-4.
Kiss, Jemima (2014-07-17). "Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak". The Guardian. Retrieved 2021-05-29.
O'Sullivan, Fergus (2015-08-25). "What Exactly is Zero-Knowledge in The Cloud and How Does it Work?". Cloudwards. Retrieved 2021-05-29.
Farivar, Cyrus (2016-10-04). "FBI demands Signal user data, but there's not much to hand over". Ars Technica. Retrieved 2021-05-29.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Soatok. "What To Use Instead of PGP". Dhole Moments. Retrieved 7 April 2025.

[2] Albrecht, Martin R.; Paterson, Kenneth G. (November 2024). "Analyzing Cryptography in the Wild: A Retrospective" (PDF). IEEE Security & Privacy. 22 (6): 3. doi:10.1109/MSEC.2024.3441764 . Retrieved 7 April 2025.

[3] SpiderOak. "Why We Will No Longer Use the Phrase Zero Knowledge to Describe Our Software". Medium. Retrieved 7 April 2025.

[4] Kiefer, Franziskus; Manulis, Mark (2014). "Zero-Knowledge Password Policy Checks and Verifier-Based PAKE" (PDF). Computer Security - ESORICS 2014. Lecture Notes in Computer Science. Vol. 8713. pp. 295–312. doi:10.1007/978-3-319-11212-1_17. ISBN 978-3-319-11211-4.

[5] Kiss, Jemima (2014-07-17). "Snowden: Dropbox is hostile to privacy, unlike 'zero knowledge' Spideroak". The Guardian. Retrieved 2021-05-29.

[6] O'Sullivan, Fergus (2015-08-25). "What Exactly is Zero-Knowledge in The Cloud and How Does it Work?". Cloudwards. Retrieved 2021-05-29.

[7] Farivar, Cyrus (2016-10-04). "FBI demands Signal user data, but there's not much to hand over". Ars Technica. Retrieved 2021-05-29.

[1]

[2]

[3]

[4]