cloud computing Cloud computing is the on-demand availability of computer system resources, especially data storage ( cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over m ...

, the term zero-knowledge (or occasionally no-knowledge or zero access) refers to an

online service An online service provider (OSP) can, for example, be an Internet service provider, an email provider, a news provider (press), an entertainment provider (music, movies), a search engine, an e-commerce site, an online banking site, a health site, ...

that stores,

transfers Transfer may refer to: Arts and media * ''Transfer'' (2010 film), a German science-fiction movie directed by Damir Lukacevic and starring Zana Marjanović * ''Transfer'' (1966 film), a short film * ''Transfer'' (journal), in management studies ...

or manipulates

data In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpret ...

in a way that maintains a high level of

confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...

, where the data is only accessible to the data's owner (the

client Client(s) or The Client may refer to: * Client (business) * Client (computing), hardware or software that accesses a remote service on another computer * Customer or client, a recipient of goods or services in return for monetary or other valuabl ...

), and not to the service provider. This is achieved by

encrypting In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...

the

raw data Raw data, also known as primary data, are ''data'' (e.g., numbers, instrument readings, figures, etc.) collected from a source. In the context of examinations, the raw data might be described as a raw score (after test scores). If a scientis ...

at the client's side or

end-to-end End-to-end or End to End may refer to: * End-to-end auditable voting systems, a voting system * End-to-end delay, the time for a packet to be transmitted across a network from source to destination * End-to-end encryption, a cryptographic paradigm ...

(in case there is more than one client), without disclosing the

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

to the service provider. This means that neither the service provider, nor any third party that might intercept the data, can decrypt and access the data without prior permission, allowing the client a higher degree of

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

than would otherwise be possible. In addition, zero-knowledge services often strive to hold as little metadata as possible, holding only that data that is functionally needed by the service. The term "zero-knowledge" was popularized by backup service

SpiderOak SpiderOak is a US-based collaboration tool, online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server, offered by a company of the same name. Its first offering, its online backup se ...

, which later switched to using the term "no knowledge" to avoid confusion with the

computer science Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to practical disciplines (includin ...

concept of

zero-knowledge proof In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information a ...

. Providers of zero-knowledge services include: *

Bitwarden Bitwarden is a freemium open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The platform offers a variety of client applications including a web interface, desktop applica ...

* Cubbit * DekkoSecure * LucidLink *

NordLocker NordLocker is a file encryption software integrated with end-to-end encrypted cloud storage. It is available on Windows and macOS. NordLocker is developed by Nord Security, a company behind the NordVPN virtual private network, and is based in th ...

NordPass NordPass is a proprietary password manager launched in 2019. It is meant to help its users to organise their passwords and secure notes, keeping them in a single place — an encrypted password vault. This service comes in both free and premium vers ...

* ProtonMail *

Signal In signal processing, a signal is a function that conveys information about a phenomenon. Any quantity that can vary over space or time can be used as a signal to share messages between observers. The '' IEEE Transactions on Signal Processing' ...

* Sync.com *

Tarsnap Tarsnap is a secure online backup service for UNIX-like operating systems, including BSD, Linux, and OS X. It was created in 2008 by Colin Percival. Tarsnap encrypts data, and then stores it on Amazon S3. Service The service is designed for ...

Skiff (email service) Skiff is an email service startup company and collaboration tool, that provides privacy-friendly end-to-end encrypted ''Email'' and ''Cloud services''. The company's commercial strategy is focused in offering to its clients a Source-Availabl ...

Tresorit Tresorit is a cloud storage service with end-to-end encryption. Founded in 2011, Tresorit closed an €11.5M Series B financing round in 2018 and was featured on FT1000 by Financial Times 2020 as the fifth fastest-growing cybersecurity company i ...

Memento Cloud

Disadvantages

Most

cloud storage Cloud storage is a model of computer data storage in which the digital data is stored in logical pools, said to be on "the cloud". The physical storage spans multiple servers (sometimes in multiple locations), and the physical environment is ty ...

services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicat ...

; but since zero-knowledge services ''do not'' store copies of clients' passwords, if a client loses their password then their data cannot be decrypted, making it practically unrecoverable. Most

services are also able to furnish access requests from

law enforcement Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term ...

agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.

References

{{reflist, * * * {{Cite news , last=Farivar , first=Cyrus , date=2016-10-04 , title=FBI demands Signal user data, but there's not much to hand over , language=en-us , work=Ars Technica , url=https://arstechnica.com/tech-policy/2016/10/fbi-demands-signal-user-data-but-theres-not-much-to-hand-over/ , access-date=2021-05-29 Privacy Computer security Backup software Secure communication Internet terminology