Encrypted Spaces offers an architecture for building collaborative applications where data is encrypted and all operations are cryptographically verifiable.

Vision

The project is part of an open research effort to explore a future where servers provide collaboration tools that are able to store, inspect, and process only the data that we choose.

A trustworthy collaborative application can run on untrusted servers. Through careful use of cryptography, the application can ensure confidentiality and let users verify that servers act correctly; through careful application design, neither users nor developers need be exposed to low-level cryptographic details.

An encrypted space is a shared, persistent data system where:

  • The server acts as a centralized data store and synchronization point, but is not trusted with plaintext user data.
  • An application data schema defines what is encrypted, and what the server can see to support rich queries.
  • Each server response carries a cryptographic proof of the server’s activities; users verify proofs to ensure that servers behave properly.
  • The system enforces membership and access control, and handles key management and encryption.
  • Participants know who can read and modify data, and all changes are attributed to their author.

Why This Matters

The cloud transformed collaboration—but trust still belongs with you.

Tools that were once private, local, and single-user (e.g., word processors, spreadsheets, and design editors) are now multi-user systems built on centralized backends. Centralized, cloud-accessible servers make collaboration easy, but force users to trust the servers that store and manipulate sensitive data.

Risks

Exposure

Anything held in plaintext on a server can be read by an attacker who breaks in, by an insider with access they shouldn’t have, or by a party who compels its disclosure. The privacy loss is felt by the people whose data was exposed.

Loss of control

In traditional server-based applications, policies for data sharing and retention are ultimately decided by servers, not users. Policies may change over time, deletion is rarely as final as it appears, and what was shared with a small group can quietly become input to external algorithms for recommendation, ranking, or model training.

Self-censorship

Because users cannot know how a server will handle private data, they often hold back what they would otherwise share. Sensitive conversations move to other channels, or do not happen at all.

For journalists, activists, patients, and social-service organizations, these risks are not theoretical—they shape what can safely be said, shared, or built.

How It Works

An encrypted space is a cloud-based storage backend for building collaborative applications. User information in an encrypted space is encrypted with keys that servers do not know; those keys evolve as membership changes, providing forward secrecy, post-member-removal security, and scalable retention without re-encrypting stored data. Furthermore, every server operation is cryptographically verifiable by users. To support verification, an encrypted space pairs the encrypted database with an authenticated append-only history. Servers store data and synchronize user access to that data, but servers must also generate proofs while doing so; those proofs allow a user client to efficiently verify that servers (and other group members) are properly handling data.

An encrypted space is extensible: developers can define custom data operations and access control rules, with the encrypted space’s proof system being flexible enough to provide security guarantees for the developer-created functionality. Developers interact with the encrypted space using familiar, high-level abstractions like tables, files, and key/value stores, with the encrypted space’s SDK handling the low-level details of encryption, key management, data synchronization, and proof generation.

Who Can Benefit

Encrypted Spaces supports anyone seeking spaces for encrypted collaboration, including:

  • Journalists
  • Activists
  • Patients
  • Social-service organizations

News

WIRED: Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

“The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance…”

Keep reading

June 11, 2026

WHITEPAPER: Encrypted Collaboration Spaces

“In this paper, we introduce encrypted collaboration spaces (or encrypted spaces for short), a new storage architecture that layers secure collaboration protocols atop untrusted servers. To developers, an encrypted space looks like a sync engine (middleware that ensures multiple clients have consistent views of shared state), with built-in support for group management. Behind the scenes, the space automatically implements cryptographic protocols to encrypt data, manage keys and users, and verify the authenticity and integrity of the data…”

Keep reading.

June 11, 2026

Get Involved

Read the whitepaper, try the prototype, or get in touch if you want to work on this with us. We’re building a broader constellation of research around these ideas, and we only send updates when there is something meaningful to share. Email connect@encryptedspaces.org for collaboration, questions, and other inquiries.

Team

Encrypted Spaces is an active research effort developed in collaboration with the Cryptography Group at Microsoft Research and independent researchers. The core team is Nora Trapp (Applied Social Media Lab, Berkman Klein Center for Internet & Society, Harvard University), Greg Zaverucha (Microsoft Research), Trevor Perrin (independent), and Michele Orrù (CNRS).

James Mickens

Principal Investigator

Nora Trapp

Senior Engineer

Meg Marco

Senior Director