Skip to main content

What is Zero-Knowledge Encryption?

Encryption where the service provider cannot read your data — ever.

Definition

Zero-knowledge encryption is a security model in which a service provider stores and transmits data in encrypted form, but never has access to the decryption key. The user's key is derived from a password known only to them — it is never sent to the server. This means the provider literally cannot read your data, even if compelled by a court order or hacked.

How It Works

The term 'zero-knowledge' refers to the provider's knowledge of your plaintext content: it is zero. This is distinct from standard encryption, where the provider holds the key and can decrypt data on demand. Zero-knowledge encryption is the gold standard for sensitive data like passwords, seed phrases, and private keys. AES-256-GCM is the most common algorithm used at this level — the same standard used by banks and governments.

How VaultPass Uses This

VaultPass encrypts your vault contents in your browser before anything is sent to our servers, using a random AES-256-GCM key that is then split via Shamir's Secret Sharing. We store only the encrypted ciphertext and encrypted key shards. A database breach alone yields scrambled data, not plaintext.

Common Questions

What is the difference between zero-knowledge encryption and end-to-end encryption?

End-to-end encryption (E2EE) typically refers to communication — messages encrypted so only sender and recipient can read them. Zero-knowledge encryption refers to storage — data encrypted so even the storage provider cannot read it. VaultPass uses both concepts: your vault is zero-knowledge encrypted at rest.

Can zero-knowledge encryption be hacked?

The encryption itself — AES-256-GCM — is considered mathematically unbreakable with current technology. The risk is at the key: a weak or compromised master password. Use a strong, unique master password and store it safely.

Related Terms

Dead Man's SwitchShamir's Secret SharingAES-256-GCM
Protect your crypto →← Back to Glossary