Zero Knowledge Encryption

Zero Knowledge Encryption

What is Zero Knowledge Encryption?

Most everyone has heard of encryption in the news, and most have a basic idea of what it is, but the details of encryption and how it is implemented can make the difference between whether your data is truly secure or if you merely have the illusion of security. 

Whatever mathematical algorithm is used to physically encrypt data, it really isn't secure unless the encryption is implemented using something called “Zero Knowledge Encryption”, but what is that?

Encryption is the scrambling of meaningful data in such a way that the information is meaningless to anyone other than the person who encrypted the data and the data’s intended recipients. 

Without going into too much detail on how this is done, this typically means that there is a key that a program uses to encrypt the information and then uses to decrypt the information.  In reality, it is much more complex than that and there are actually multiple keys, but that is beyond the scope of this discussion.

If we think in everyday terms, data and encryption are like valuables in your house. To protect them, you lock your doors using a key.  If you want someone else that you trust to have access to your valuables, you make a copy of your key and you give it to them. 

If you want to take away that access, you change the locks and now have a new key.  The same works with encryption except that your key is a passphrase that you use to encrypt your data.  So far, so good…

Now, what if you locked your door, but then put your key under the welcome mat, or you bought a lock that had the same key for every lock sold?  That’s not so secure, is it?

It is this same kind of thing that happens in the digital world.  Some websites claim to encrypt your data, but they only encrypt it after your upload it to their site. 

Think about that.  Your data is transmitted, possibly wirelessly, to your home router, then through your modem to your service provider’s servers, then through probably 5-6 other servers, until it finally reaches the website that you see on your screen, and then your data is stored un-encrypted on their servers before they encrypt it there with their keys. 

The same keys that they use to encrypt everyone else's data.   Anywhere along this path, anyone can access, copy, and exploit your data.  Oh…and let’s not forget that the site that you uploaded it to has your keys, so they can unencrypt it any time they want.  Not that secure, is it?

The only way for your data to truly be secure is for it to be fully encrypted on your local machine before it leaves your machine and is transferred anywhere.  I should also add that your local machine needs to be scanned for any malware to be sure that it is not being monitored prior to you encrypting your data or the data that you are encrypting could be compromised prior to it being encrypted. 

This method of encrypting your data before it is uploaded so that only you have the keys is called “zero knowledge, end-to-end encryption” because your data is only transferred in an encrypted state and the site to which you upload your data, and all intermediate sites, have zero knowledge of your keys or the actual content of your data.

If you care about the security of your data, it is always important to determine not only how your data is being encrypted, but where and when your data is being encrypted.  If you have sensitive data that you absolutely need to protect, like bank account or digital currency accounts, end-to-end, zero-knowledge encryption is the only way to ensure that your data is truly protected.