Zero-Knowledge Encryption

Zero-knowledge encryption describes a data-processing model in which the provider never has access to unencrypted content. Encryption takes place on the user's device before transmission (client-side). The cryptographic keys are derived locally from the user's password, typically using algorithms such as PBKDF2, Argon2 or bcrypt. The servers store only ciphertexts, which cannot be decrypted without the user-side key.

Even a seizure of the servers, a successful breach of the provider's infrastructure or a government order cannot yield readable data under this architecture, provided the implementation is correct. A precondition is that the software performing the encryption is itself trustworthy; open-source clients and independent audits are therefore widely regarded as a quality marker.

Most mainstream cloud services, including Google Drive, Microsoft OneDrive and Apple iCloud (in default mode), use server-side encryption. Data is encrypted in transit (TLS) and at rest (typically AES-256), but the keys are held by the provider. This means the provider, and under court order also state authorities, can access the content in plaintext.

With zero-knowledge encryption the key never leaves the user's device. The model is also referred to as no-knowledge or client-side encryption. One variant is the bring-your-own-key (BYOK) architecture, in which businesses manage the key on their own hardware.

The terms zero-knowledge and end-to-end encryption (E2EE) overlap but are not identical. E2EE refers to the encryption of communication between two or more endpoints, for example in messengers such as Signal or in encrypted email. Zero-knowledge refers to the architecture of a stored data set (such as a cloud drive) in relation to the provider.

An email secured with OpenPGP is end-to-end encrypted between sender and recipient; a zero-knowledge cloud is encrypted between the user and their own stored data. Providers such as Proton combine both concepts: mailboxes are stored zero-knowledge, and messages between Proton users are additionally end-to-end encrypted.

In its Schrems II ruling the CJEU recognised technical measures as adequate only where they actually prevent access by third-country authorities. Zero-knowledge encryption with user-held keys meets this requirement. When correctly implemented, even a US provider under the CLOUD Act cannot deliver readable data to authorities because it lacks the key.

In practice, several European data protection authorities explicitly recommend zero-knowledge architectures as a safeguard for sensitive data processed in the cloud. The French CNIL and the German Conference of Independent Data Protection Supervisory Authorities have published corresponding guidance.

Zero-knowledge encryption is most commonly used in cloud storage and email. Well-known European providers include Proton Drive (Switzerland), Tresorit (Switzerland), Internxt (Spain), Filen (Germany) and Cryptee (Estonia). In email, Proton Mail, Tutanota and Mailfence apply comparable concepts. Password managers such as Bitwarden, Vaultwarden and Proton Pass also rely on zero-knowledge architectures.

Tradeoffs: when a password is lost, the provider cannot restore access, because it does not know the key. Features such as server-side full-text search and real-time collaborative editing are technically more demanding, because the server cannot analyse the content. Users of zero-knowledge services must therefore manage recovery codes or local backups carefully.