Zero-Knowledge Encryption: Everything You

Zero-Knowledge Encryption: Everything You Need to KnowBySydney Butler-August 30, 2018 188 Ignorance is something we generally think is a bad thing Regardless of how you feel about the word in a context of security ignorance is in fact a very important concept. A similar concept known as “zero-knowledge” occurs in the computer security world. Typically zero awareness is something you’ll want as a consumer. However many of the internet services we use in a zero-knowledge environment wouldn’t work well (or at all). Before we dig into that core problem let’s talk first of all about what zero-knowledge means.

The concept of zero-knowledge

The proper academic denotative sense of “zero-knowledge” applies to a circumstance where the “prover” can demonstrate to the “verifier” that the statement is true without actually providing more information. When someone is told to provide a service of “zero-knowledge,” it usually means that they are disconnected from your information. Those you want to know are the only ones who can know the quality of your knowledge. This usually means, in practice and in a cryptographic sense, that only you are keeper of the keys to your knowledge. Let’s take a look at some examples of use cases using the zero-knowledge method.

Zero-Knowledge Proofs

That’s the authentication function in which the two people at each end of the encrypted line can be sure that they both really are who they think they are. A conventional assault on encryption is known as the “man-in – the-middle” attack. Here, somebody slips between the two legitimate communicators and simply passes on the information. They get the details to be decrypted without anyone finding out that something is wrong. This problem was largely solved through the technology for public key encryption. Where a trusted key authority helps to authenticate on the level that everyone is at. That still poses a problem for some since the main authority has access to everything. We have to believe they will do the right thing and have strong enough security measures. Although it is not quite feasible in a realistic way yet researchers have been working on proofs of zero-knowledge for authentication use. There is however a sub-class of application of zero-knowledge that has seen some use. This is known as passwordproof azero-knowledge. It allows one party (the prover) to show that they know the other party’s password without actually having to send them the password itself. Alternatively, password-derived information is sent to the verifier, who can then confidently say the proof was given without ever seeing the password. Zero-Knowledge in the Cloud

189 As for online cloud storage, we’re all pretty spoiled for choice. Services such as DropBox and Google Drive have revolutionized how we do business and share information. There is one catch though. The companies that provide these services have full access to your data. Nothing prevents them from indexing everything that you upload. Analyze it for insights into your behaviour, or just to steal information. That’s not the same thing as saying that these companies are actually doing those things they could just if they wanted to.Vpns are internet services which provide unparalleled privacy and security for users. When you use a good Vpn (e.g. ExpressVpn) all of your internet connection is protected against surveillance outside. Yet the Vpn service can see exactly what you’re doing. What a Vpn service is doing with that capacity is of great concern to users. A Vpn can’t really be zero-knowledge by definition since the Vpn server has to be in the middle to encrypt and decrypt traffic for you. Which means you still have to place confidence in the Vpn provider that they will not capture your activity and share it. Nevertheless some Vpn providers have designed their systems in such a way that they never capture or store any information. And even if they were compromised or told by somebody to turn over user data they actually don’t have it. Because you believe this is what you should be searching for in any Vpn provider, the Vpn provider. The Vpn known as “no-logs.”

Zero-knowledge Messaging 191 The last example we are going to look at here is zero-knowledge message. End to end encrypted messaging is the proper name for this type of messaging. At the client end, keys are produced and the provider himself has no idea what they are. This has become increasingly important as governments begin to be irritated by people moving away from telephony and over – the-top services. Such applications can’t be “tapped by ear” when they use end-to-end encryption. It’s actually pretty much impossible. Strong end-to-end encryption is used by apps like WhatsApp TelegramSignal to ensure that only you and the person you want to speak know who you are.

Counting Our Words Yes, the term ‘ zero-knowledge ‘ is somewhat misused by the mainstream world, but it is still very important to be aware of this casual meaning. The concept which this mark has earned is still worth seeking out. Ignorance is really bliss, for once.