Encrypted Spaces is a research project (opens in new tab) exploring an architecture for building collaborative applications where data is encrypted and all operations are cryptographically verifiable. We pursue this work in close collaboration with academic, industry, and civil‑society partners, motivated by shared concerns about the limitations of today’s trust models for collaborative software. The project builds new foundations for collaborative applications — such as document editors, messaging systems, filesystems, and databases — that can support rich, real‑time shared state where servers see only the data users choose.

Most modern collaboration software relies on centralized servers to store, mediate, and synchronize shared state across users and devices. Even where end‑to‑end encryption is applied, it is typically limited to message streams and does not generalize cleanly to collaborative data structures such as documents, tables, or filesystems. As a result, servers often retain broad visibility into sensitive user data, exposing users to risks from breaches, misuse, or legal compulsion.

Encrypted Spaces proposes a different trust model. Collaboration takes place inside cryptographically protected spaces in which only authorized participants can read or modify application data. The server acts as a centralized data store and synchronization point, but is not trusted with plaintext user data. Integrity, authorization, and history are enforced end‑to‑end through proofs rather than server trust.

What is an Encrypted Space?

An Encrypted Space is a shared collaboration environment with dynamic membership, authenticated history, and a verifiable database representing current state. Each space manages both application data and system state — such as membership records, keys, and access‑control rules — inside the same authenticated structure.

Applications interact with a space using database‑like operations: inserting, updating, deleting, and querying shared data. Every operation is recorded in an append‑only changelog and applied to an authenticated data structure. Clients verify that each server response is consistent with the committed history and database state before accepting it.

Encrypted Spaces combines ideas from verifiable data structures, secure group key management, and transparency systems to support collaborative state over untrusted infrastructure.

Group membership and encryption keys evolve over time as users are added or removed. Keys are rotated and distributed using verifiable encryption techniques, enabling forward secrecy, post‑removal security, and scalable retention policies without requiring re‑encryption of stored data.

User and Developer Experience

For users, applications built on encrypted spaces allow them to easily set up a trustworthy environment to collaborate with small groups and have assurance that only they have access to the contents of the space.  As with most effective security technologies, users should not have to take special steps to benefit; we aim for their experience to mirror that in apps they are already used to.

A central goal of the project is to make strong cryptographic guarantees compatible with practical application development. Encrypted Spaces aims to provide a developer experience comparable to modern backend platforms. Developers interact with high‑level abstractions — tables, lists, text buffers, and files — while the SDK transparently handles encryption, proof verification, synchronization, and key management.

This approach allows developers to focus on application logic rather than bespoke cryptographic protocol design, while giving users the security expectation that collaboration does not require trusting servers with plaintext data.

Working with Project Resolve

As part of exploring real‑world impact, the Encrypted Spaces project is working with Project Resolve to investigate how encrypted collaboration spaces could support community‑driven, multi‑stakeholder workflows involving sensitive data.

Project Resolve studies how community organizations, health workers, and partner institutions coordinate care across organizational boundaries while respecting trust, autonomy, and privacy. We are exploring how Encrypted Spaces could provide a secure substrate for these collaborations, without requiring a single trusted data custodian.

Research Directions

The Encrypted Spaces project is an active research effort. Ongoing and future work includes more efficient zero‑knowledge batching of long histories, richer access‑control models, privacy‑preserving query mechanisms, and integration with external identity systems while maintaining deniability.

By bringing together cryptographic verifiability and privacy in a usable way, Encrypted Spaces explores how end‑to‑end encryption can become a practical baseline for the next generation of collaborative software.

Resources

Project website: https://encryptedspaces.org/ (opens in new tab)

GitHub project: https://github.com/encrypted-spaces/prototype (opens in new tab)

White paper: https://encryptedspaces.org/whitepapers/encrypted-spaces.pdf (opens in new tab)