In the context of a host-proof storage service, is there an encryption scheme that allows me to prove to the server that I own the secret key to decrypt the ciphertext I am currently uploading but (indeed) without revealing the key nor the plaintext message?
Said differently, is there a way for the server to be sure that 1) an uploaded file is encrypted and that 2) the user owns the key to decrypt that file?
Most standard algebraic encryption scheme admit such zero-knowledge proof of knowledge of the secret key. For example, if the encryption scheme is ElGamal (over a suitable group, e.g. an elliptic curve) with public key $(G,H)$, proving knowledge of the secret key is just proving knowledge of a value $s$ such that $G^s = H$, which is the standard Schnorr proof (the latter is only honest-verifier zero-knowledge, but it can be modified to be full-fledged zero-knowledge). Similar proof systems exist for other public-key encryption schemes, e.g. Goldwasser-Micali or Paillier (for those, it amounts to proving knowledge of the factors of an RSA modulus, which can be done but is significantly less efficient).
