Zero-Knowledge Encryption: Everything You Need to KnowBySydney Butler-August 30, 2018 188 Ignorance is something we generally think is a bad thing Regardless of how you feel about the word in a context of security ignorance is in fact a very important concept. A similar concept known as “zero-knowledge” occurs in the computer security world. Typically zero awareness is something you’ll want as a consumer. However many of the internet services we use in a zero-knowledge environment wouldn’t work well (or at all). Before we dig into that core problem let’s talk first of all about what zero-knowledge means.
The concept of zero-knowledge
The proper academic denotative sense of “zero-knowledge” applies to a circumstance where the “prover” can demonstrate to the “verifier” that the statement is true without actually providing more information. When someone is told to provide a service of “zero-knowledge,” it usually means that they are disconnected from your information. Those you want to know are the only ones who can know the quality of your knowledge. This usually means, in practice and in a cryptographic sense, that only you are keeper of the keys to your knowledge. Let’s take a look at some examples of use cases using the zero-knowledge method.
Zero-Knowledge Proofs
That’s the authentication function in which the two people at each end of the encrypted line can be sure that they both really are who they think they are. A conventional assault on encryption is known as the “man-in – the-middle” attack. Here, somebody slips between the two legitimate communicators and simply passes on the information. They get the details to be decrypted without anyone finding out that something is wrong. This problem was largely solved through the technology for public key encryption. Where a trusted key authority helps to authenticate on the level that everyone is at. That still poses a problem for some since the main authority has access to everything. We have to believe they will do the right thing and have strong enough security measures. Although it is not quite feasible in a realistic way yet researchers have been working on proofs of zero-knowledge for authentication use. There is however a sub-class of application of zero-knowledge that has seen some use. This is known as passwordproof azero-knowledge. It allows one party (the prover) to show that they know the other party’s password without actually having to send them the password itself. Alternatively, password-derived information is sent to the verifier, who can then confidently say the proof was given without ever seeing the password. Zero-Knowledge in the Cloud
189 As for online cloud storage, we’re all pretty spoiled for choice. Services such as DropBox and Google Drive have revolutionized how we do business and share information. There is one catch though. The companies that provide these services have full access to your data. Nothing prevents them from indexing everything that you upload. Analyze it for insights into your behaviour, or just to steal information. That’s not the same thing as saying that these companies are actually doing those things they could just if they wanted to.Vpns are internet services which provide unparalleled privacy and security for users. When you use a good Vpn (e.g. ExpressVpn) all of your internet connection is protected against surveillance outside. Yet the Vpn service can see exactly what you’re doing. What a Vpn service is doing with that capacity is of great concern to users. A Vpn can’t really be zero-knowledge by definition since the Vpn server has to be in the middle to encrypt and decrypt traffic for you. Which means you still have to place confidence in the Vpn provider that they will not capture your activity and share it. Nevertheless some Vpn providers have designed their systems in such a way that they never capture or store any information. And even if they were compromised or told by somebody to turn over user data they actually don’t have it. Because you believe this is what you should be searching for in any Vpn provider, the Vpn provider. The Vpn known as “no-logs.”