{"id":1175138,"date":"2026-06-11T06:11:38","date_gmt":"2026-06-11T13:11:38","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&p=1175138"},"modified":"2026-06-11T06:11:41","modified_gmt":"2026-06-11T13:11:41","slug":"encrypted-spaces","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/encrypted-spaces\/","title":{"rendered":"Encrypted Spaces"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t\"encrypted\t\t<\/div>\n\t\t\n\t\t
\n\t\t\t\n\t\t\t
\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\n

<\/h1>\n\n\n\n

Encrypted Spaces<\/strong><\/h1>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n\n\n\n

Encrypted Spaces is a research project (opens in new tab)<\/span><\/a> exploring an architecture for building collaborative applications where data is encrypted and all operations are cryptographically verifiable. We pursue this work in close collaboration with academic, industry, and civil\u2011society partners, motivated by shared concerns about the limitations of today\u2019s trust models for collaborative software. The project builds new foundations for collaborative applications \u2014 such as document editors, messaging systems, filesystems, and databases \u2014 that can support rich, real\u2011time shared state where servers see only the data users choose.<\/p>\n\n\n\n

Most modern collaboration software relies on centralized servers to store, mediate, and synchronize shared state across users and devices. Even where end\u2011to\u2011end encryption is applied, it is typically limited to message streams and does not generalize cleanly to collaborative data structures such as documents, tables, or filesystems. As a result, servers often retain broad visibility into sensitive user data, exposing users to risks from breaches, misuse, or legal compulsion.

Encrypted Spaces proposes a different trust model. Collaboration takes place inside cryptographically protected spaces in which only authorized participants can read or modify application data. The server acts as a centralized data store and synchronization point, but is not trusted with plaintext user data. Integrity, authorization, and history are enforced end\u2011to\u2011end through proofs rather than server trust.<\/p>\n\n\n\n

What is an Encrypted Space?<\/strong><\/h3>\n\n\n\n

An Encrypted Space is a shared collaboration environment with dynamic membership, authenticated history, and a verifiable database representing current state. Each space manages both application data and system state \u2014 such as membership records, keys, and access\u2011control rules \u2014 inside the same authenticated structure.

Applications interact with a space using database\u2011like operations: inserting, updating, deleting, and querying shared data. Every operation is recorded in an append\u2011only changelog and applied to an authenticated data structure. Clients verify that each server response is consistent with the committed history and database state before accepting it.<\/p>\n\n\n\n

Encrypted Spaces combines ideas from verifiable data structures, secure group key management, and transparency systems to support collaborative state over untrusted infrastructure.

Group membership and encryption keys evolve over time as users are added or removed. Keys are rotated and distributed using verifiable encryption techniques, enabling forward secrecy, post\u2011removal security, and scalable retention policies without requiring re\u2011encryption of stored data.<\/p>\n\n\n\n

User and Developer Experience<\/strong><\/h3>\n\n\n\n

For users, applications built on encrypted spaces allow them to easily set up a trustworthy environment to collaborate with small groups and have assurance that only they have access to the contents of the space.  As with most effective security technologies, users should not have to take special steps to benefit; we aim for their experience to mirror that in apps they are already used to.<\/p>\n\n\n\n

A central goal of the project is to make strong cryptographic guarantees compatible with practical application development. Encrypted Spaces aims to provide a developer experience comparable to modern backend platforms. Developers interact with high\u2011level abstractions \u2014 tables, lists, text buffers, and files \u2014 while the SDK transparently handles encryption, proof verification, synchronization, and key management.

This approach allows developers to focus on application logic rather than bespoke cryptographic protocol design, while giving users the security expectation that collaboration does not require trusting servers with plaintext data.<\/p>\n\n\n\n

Working with Project Resolve<\/strong><\/h3>\n\n\n\n

As part of exploring real\u2011world impact, the Encrypted Spaces project is working with Project Resolve<\/a> to investigate how encrypted collaboration spaces could support community\u2011driven, multi\u2011stakeholder workflows involving sensitive data.

Project Resolve studies how community organizations, health workers, and partner institutions coordinate care across organizational boundaries while respecting trust, autonomy, and privacy. We are exploring how Encrypted Spaces could provide a secure substrate for these collaborations, without requiring a single trusted data custodian.<\/p>\n\n\n\n

Research Directions<\/strong><\/h3>\n\n\n\n

The Encrypted Spaces project is an active research effort. Ongoing and future work includes more efficient zero\u2011knowledge batching of long histories, richer access\u2011control models, privacy\u2011preserving query mechanisms, and integration with external identity systems while maintaining deniability.<\/p>\n\n\n\n

By bringing together cryptographic verifiability and privacy in a usable way, Encrypted Spaces explores how end\u2011to\u2011end encryption can become a practical baseline for the next generation of collaborative software.<\/p>\n\n\n\n

Resources<\/strong><\/h3>\n\n\n\n

Project website: https:\/\/encryptedspaces.org\/ (opens in new tab)<\/span><\/a><\/p>\n\n\n\n

GitHub project: https:\/\/github.com\/encrypted-spaces\/prototype (opens in new tab)<\/span><\/a><\/p>\n\n\n\n

White paper: https:\/\/encryptedspaces.org\/whitepapers\/encrypted-spaces.pdf (opens in new tab)<\/span><\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Encrypted Spaces is a research project (opens in new tab) exploring an architecture for building collaborative applications where data is encrypted and all operations are cryptographically verifiable. We pursue this work in close collaboration with academic, industry, and civil\u2011society partners, motivated by shared concerns about the limitations of today\u2019s trust models for collaborative software. The […]<\/p>\n","protected":false},"featured_media":1175173,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-1175138","msr-project","type-msr-project","status-publish","has-post-thumbnail","hentry","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"","related-publications":[],"related-downloads":[],"related-videos":[],"related-groups":[],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"related-researchers":[{"type":"user_nicename","display_name":"Christian Paquin","user_id":31473,"people_section":"Related people","alias":"cpaquin"},{"type":"user_nicename","display_name":"Greg Zaverucha","user_id":31912,"people_section":"Related people","alias":"gregz"},{"type":"user_nicename","display_name":"Larry Joy","user_id":32721,"people_section":"Related people","alias":"ljoy"},{"type":"user_nicename","display_name":"Karen Easterbrook","user_id":32510,"people_section":"Related people","alias":"keaster"},{"type":"user_nicename","display_name":"Radames Cruz Moreno","user_id":38898,"people_section":"Related people","alias":"racruzmo"}],"msr_research_lab":[],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1175138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":9,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1175138\/revisions"}],"predecessor-version":[{"id":1175353,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1175138\/revisions\/1175353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/1175173"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=1175138"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=1175138"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=1175138"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=1175138"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=1175138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}