ellipticc
Overview
What Actually Makes a Cloud Storage Service 'Zero-Knowledge'?

What Actually Makes a Cloud Storage Service 'Zero-Knowledge'?

Ilias Abousalim Ilias Abousalim
November 22, 2025
8 min read
Security

Why the Term “Zero-Knowledge” Is Abused to Death

Open any cloud storage marketing page in 2025 and you’ll see it:

“Military-grade zero-knowledge end-to-end encryption”

Cool story. Half the companies saying this have the master keys sitting on the same server that serves your files.

“Zero-knowledge” has become the new “blockchain” or “AI-powered”, a buzzword that sounds smart and sells plans, even when the reality is classic server-side encryption with a fresh coat of paint.

Real zero-knowledge means one thing and one thing only:

Important
The service literally knows zero things that would let it read your data, ever.

Not today, not if they get hacked, not if a court orders them, not if an employee goes rogue.

If they can reset your password and log in as you, it’s not zero-knowledge. Full stop.

What Client-Side Encryption Actually Means (And Why It’s Non-Negotiable)

True zero-knowledge starts and ends with where the keys are generated and used.

In a real ZK system:

  1. Your device creates the encryption keys (never the server).
  2. Your device encrypts the data before it leaves your machine.
  3. The server only ever sees ciphertext + encrypted key material it can’t use.
  4. Your password never hits the wire in plaintext, only a slow hash (Argon2id, scrypt, etc.) for key derivation.

That’s it.

If the provider can send you a “password reset” link that lets you log back in and see your files, they derived or stored your encryption key. That’s not zero-knowledge, that’s “we have your keys, trust us.”

Danger
Forgotten password = permanent data loss

That’s the price of real zero-knowledge. Anyone who offers password recovery is admitting they can decrypt your stuff.

Metadata vs File Contents: The Part Everyone Forgets

Okay, so your file contents are encrypted client-side. Great. You’re 60% of the way there.

Now answer this:

  • Does the server know your file and folder names?
  • Does it know file sizes and MIME types?
  • Does it know directory structure?
  • Does it know who you shared what with and when?
  • Does it know your IP and exact access times?

If the answer to any of these is “yes,” you’re leaking metadata like a sieve.

Metadata is data. In many cases it’s more sensitive than the file contents themselves (think a folder called “2024 Tax Docs – Divorce Lawyer”).

Real zero-knowledge services encrypt metadata too, or at the very least blind the server to most of it. Most don’t.

Why Metadata Leaks Are a Bigger Deal Than You Think

Imagine you’re a journalist in a repressive country. You upload a file called “Interview_with_Dissident.mp3” to your cloud storage. The file contents are perfectly encrypted, but the filename? That’s plaintext on the server.

Now, if the government subpoenas the company, they hand over logs showing:

  • You uploaded a 45MB audio file at 2:17 AM
  • Named “Interview_with_Dissident.mp3”
  • From IP address 192.168.1.100 (your home router)
  • And accessed it 3 times in the last week

That’s enough to get you arrested, even without the file contents.

Or think about business secrets: a folder structure like “Q3_Financials/Competitor_Analysis/Secret_Sauce.pdf” tells competitors everything they need to know about what you’re working on.

True ZK systems use techniques like:

  • Encrypted filenames: Files get random UUIDs on the server, with names only decrypted client-side
  • Padded file sizes: All files look the same size to hide actual content length
  • Blinded timestamps: Access times are obscured or not logged
  • Anonymous sharing: No server-side records of who shared what with whom

It’s not perfect, network timing attacks and traffic analysis can still leak info, but it’s exponentially better than plaintext metadata.

What Most Providers Get Wrong (2025 Edition)

Here are the most common ways companies fake zero-knowledge:

TrickWhat they doWhy it fails ZK
”We encrypt on the server with a key from your password”Server receives plaintext, encrypts itServer saw the data first → not ZK
Password reset that keeps your files accessibleThey store or derive your master keyIf they can log in as you, they have the keys
Unencrypted metadataFile names, sizes, folder tree in plaintextMassive privacy leak
Shared links with server-side decryptionServer decrypts for the recipientServer has keys
”Zero-knowledge” but the client is closed-sourceYou can’t audit what it actually sendsTrusting, not verifying

If you see any of these, run.

Why Real Zero-Knowledge Services Are Insanely Hard to Build

Building actual ZK storage sucks. Here’s why almost no one does it properly:

  • You can’t do password resets → angry support tickets
  • You can’t scan for viruses or generate thumbnails → worse UX
  • You can’t index for search → have fun building encrypted search (Blinq, TSE, etc.)
  • Sharing is a cryptographic nightmare (key re-encapsulation, identity, revocation)
  • Key rotation and account recovery are basically impossible without weakening the model
  • Crypto bugs = permanent data loss, no safety net

Most companies look at that list and quietly decide “good enough” is fine.

Real ZK isn’t a feature. It’s an entire architectural religion.

Axiom
Good zero-knowledge hurts to build.

If the company didn’t bleed for two years writing the client, they probably took shortcuts.

How Users Can Actually Verify Claims (No Trust Required)

Don’t trust marketing. Verify.

Here’s your checklist:

  1. Is the client fully open-source?
    If not, you have no idea what it’s sending.

  2. Can you build and run the client yourself?
    Bonus points if it works against the production servers.

  3. Do they offer password recovery?
    If yes → not zero-knowledge.

  4. Are file names, sizes, and folder structure encrypted?
    Upload a file called “STD_test_results.pdf” and see if it shows up verbatim in the web UI.

  5. Can you inspect the network traffic?
    Everything leaving your browser should look like high-entropy garbage. No plaintext JSON with file lists.

  6. Do they publish a cryptographic threat model?
    Serious teams write one. Posers don’t.

  7. Have they had an independent audit of the client-side crypto?
    Cure53, Trail of Bits, etc. Names matter.

The Cryptographic Building Blocks: How ZK Encryption Really Works

To truly understand zero-knowledge, let’s peek under the hood at the crypto that makes it possible. Don’t worry, no PhD required, just the basics.

1. Key Derivation: Turning Your Password into Crypto Keys

Your password isn’t used directly, that would be weak. Instead, ZK systems use a key derivation function (KDF) like Argon2id or scrypt.

Think of it as a super-slow blender: it takes your password + salt (random data) and mixes them thousands of times to create a strong master key. This key is never stored, it’s derived fresh each time you log in.

Why slow? To resist brute-force attacks. If someone steals the salt, they’d still need weeks to crack a good password.

2. Envelope Encryption: Layers of Protection

ZK storage uses envelope encryption:

  • Inner layer: Your file is encrypted with a random data key (AES-256-GCM, ChaCha20-Poly1305).
  • Outer layer: That data key is encrypted with your master key from the KDF.
  • Result: Server sees only the encrypted file + encrypted data key. Without your password, it’s gibberish.

When you log in:

  1. KDF turns password → master key
  2. Master key decrypts data keys
  3. Data keys decrypt files

The server never sees unencrypted data or keys.

3. Metadata Encryption: Hiding the Invisible

For true ZK, even metadata gets encrypted:

  • Filenames: Encrypted with a separate key, stored as random IDs on server
  • Folder structure: Encrypted tree, decrypted client-side
  • Sizes: Padded to hide real lengths (e.g., all files look 1MB)

Advanced systems use oblivious RAM or private information retrieval to hide access patterns, but that’s cutting-edge.

4. Sharing Without Breaking ZK

Sharing files? Tricky. Real ZK uses key encapsulation:

  • You generate a new key for the share
  • Encrypt it for the recipient’s public key
  • Server sees nothing, just encrypted blobs

No server-side sharing logs. No “who shared what” metadata.

The takeaway? ZK isn’t magic, it’s careful application of proven crypto primitives. AES for bulk encryption, Argon2 for passwords, envelope encryption for keys. Done right, it creates mathematical guarantees the server can’t read your data.

Done wrong? It’s just fancy server-side encryption with extra buzzwords.

The Bottom Line

Zero-knowledge isn’t a marketing slider from 1–10. It’s binary.

Either the server is mathematically incapable of reading your data, or it isn’t.

Everything else is theater.

Stay paranoid. Verify everything. And remember:

Important
If they can save you from your own stupidity, they can also read your stuff.

That’s not a bug. That’s the entire compromise.

The Future: Zero-Knowledge Isn’t Just Storage Anymore

As quantum computers loom, ZK principles are spreading beyond file storage:

  • ZK Email: ProtonMail is close, but metadata leaks (subject lines, sender/recipient) make it incomplete.
  • ZK Messaging: Signal does this well, messages are encrypted end-to-end with no server access.
  • ZK Databases: Systems like CryptDB or Always Encrypted in SQL Server encrypt data so servers can query without decrypting.
  • ZK Proofs: Fancy crypto where you prove something (like “I have enough money”) without revealing the amount.

The core idea remains: minimize what the server knows. In a world of mass surveillance and data breaches, that’s the ultimate privacy hack.

Choose accordingly.

Share:
ellipticc.
ellipticc.
ellipticc.
ellipticc.
ellipticc.
ellipticc.