End-to-end encryption (E2EE) has long been the gold standard for secure communication, ensuring that only the sender and recipient can decrypt their messages. However, this model, often envisioned as a simple pipe, struggles to adapt to the complexities of modern collaborative software. A new initiative, **Encrypted Spaces**, aims to redefine E2EE for these multi-user environments. Instead of a linear pipe, the team envisions "spaces" where users can engage in group conversations, host and collectively modify information on a server, and manage collaborators – all while maintaining stringent encryption protections against server or network eavesdropping. ### The Genesis of Encrypted Spaces The **Encrypted Spaces** project, with contributions from Harvard's Applied Social Media Lab, **Microsoft Research**, and former **Signal** developers, has released a preview of its open-source code libraries. This architecture is designed to enable developers to easily build sophisticated, rigorously E2EE applications that support the complex collaboration features users now expect. Nora Trapp, an engineer at Harvard's Applied Social Media Lab and former technical lead for **Signal**, highlights the opportune timing. "These pieces kind of fall into place to leave us with a moment of technological shift where we can inject encryption and privacy," Trapp states. The project leverages the growing shift from single-user apps to collaborative tools, coupled with advancements in cryptography, particularly zero-knowledge proofs. Among the key cryptographers involved is Trevor Perrin, co-creator of the **Signal protocol**. This foundational open-source system underpins not only **Signal** itself but also the encryption in **WhatsApp** and **Facebook Messenger**, reaching billions of devices globally.  Matt Green, a cryptography professor at Johns Hopkins, describes **Encrypted Spaces** as an evolution of E2EE. "They've built a system that's kind of an extension of what end-to-end encryption can be, where you have an actual architecture for doing end-to-end encrypted collaboration," Green notes. He likens it to "the **Signal protocol** for collaboration apps." Crucially, **Encrypted Spaces** is not a standalone application but a code repository. The team invites cryptography researchers and developers to review and contribute, with the ultimate goal of empowering developers to build encrypted collaborative apps without requiring deep cryptographic expertise. "We want to make it so there's no reason a developer *wouldn't* want to make their application end-to-end encrypted, because it becomes so easy," Trapp explains. ### Overcoming E2EE Limitations with Zero-Knowledge Proofs A significant challenge for E2EE in collaborative settings is that servers cannot decrypt user data. This means any data manipulation typically has to occur on individual user devices. While effective for one-to-one communication, this model becomes cumbersome for platforms with many users. **Encrypted Spaces** introduces a novel approach. It allows an app to manage data from a centralized server while enabling collective user modifications, all under encryption. This is achieved through a "change log" – a record of every alteration to encrypted data. This log is shared with each user's device, allowing the application to implement changes locally and maintain synchronized, up-to-date information across all participants. To ensure data integrity without compromising privacy, the server utilizes zero-knowledge proofs. This cryptographic technique enables the server to demonstrate to each user's device that no changes are missing and no unauthorized alterations have occurred, *without* ever accessing the unencrypted data or the changes themselves. Perrin explains that **Encrypted Spaces** can even use a "roll-up" property of zero-knowledge proofs to efficiently update users with the latest data state without transmitting the entire change log. "The server can roll up the changes into a succinct proof that this current state reflects the entire history," Perrin elaborates. "It can convince you it's applied the change log correctly without actually having to send it." Zero-knowledge proofs are also employed to manage cryptographic keys, ensuring that only authorized users can decrypt and modify data. This system facilitates inviting new users and provably revoking access when someone leaves a group. Additionally, users can control whether new invitees access the full history of the app or only data added after their entry. ### A Glimpse into the Future The **Encrypted Spaces** team demonstrated a prototype application called "Spaces," which, while not production-ready, functions as a research prototype. The demo showcased a fully functional, E2EE **Slack** or **Discord**-like app, complete with group notes, a calendar, and file storage, though features like voice calling and search are still under development. While existing collaboration tools like **Proton's** suite, **CryptPad**, or **Nextcloud** offer some form of E2EE, **Encrypted Spaces** aims to provide a more rigorous, standardized, and open-source foundation. Johns Hopkins' Green emphasizes the benefit: "I like the idea that we're going to have a standard library for this that a lot of people can review," he says. "And if you use this library, you inherit all the security for free." ### From Signal to Spaces The impetus for **Encrypted Spaces** originated, in part, from the **Signal** development team. In 2019 and 2020, developers like Trapp and Perrin were working on enhancing **Signal's** group-chat privacy features, seeking ways for **Signal's** servers to manage group membership without compromising user privacy. This foundational work laid the groundwork for the more expansive vision of **Encrypted Spaces**, bridging the gap between secure messaging and the complex demands of modern collaborative platforms.