Signal Alums Reveal âEncrypted Spaces,â a System for Making Private Collaboration Apps
Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging
Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging and calls, says Matt Green, a cryptography-focused professor of computer science at Johns Hopkins. âThey've built a system that's kind of an extension of what end-to-end encryption can be, where you have an actual architecture for doing end-to-end encrypted collaboration,â says Green, who reviewed a white paper outlining the Encrypted Spaces project and a prototype application. âYou can think of it as the Signal protocol for collaboration apps.â Unlike Signal, however, the code that the Encrypted Spaces group has released is, for now, not a single, ready-for-use application. Instead, it's a code repository that the group is inviting cryptography researchers and developers to review, with the goal of eventually allowing coders to build their own encrypted collaborative appsâbut without needing any cryptography knowledge.
âWe want to make it so there's no reason a developer wouldn't want to make their application end-to-end encrypted, because it becomes so easy,â Trapp says. Change Logs and Zero-Knowledge Roll-Ups Encrypted Spaces aims to deal with a crucial limitation of end-to-end encrypted apps: Because the server can't decrypt users' data, any manipulation of that information has to take place on the users' devices. That works well enough when the app is a pipe connecting two users' phones, each of which holds a key to decrypt their conversation. But when the app is a collaborative platform with dozens or hundreds of users working together, that model of end-to-end encryption creates a severe constraint: The app can't simply store users' information on a server and manipulate it in that centralized location as it would for an unencrypted platform like Slack or Google Docs.
Encrypted Spaces offers a new model: An app built with it manages data from a centralized server and let users collectively make changes to that information while still keeping it encrypted. More specifically, Encrypted Spaces keeps a change logâa record of every change to encrypted data that the users make over timeâthat can be shared with the app on every user's phone or computer, so that the app can implement those changes locally and keep everyone's version of the information synched and up to date. The server uses zero-knowledge proofs, a relatively new cryptographic technique, to prove to every user's device that no changes are missing and no rogue changes have been made, but without the server ever accessing the unencrypted data or the changes to it. (Hence âzero knowledge.â) In fact, Encrypted Spaces can use a kind of âroll-upâ property of zero-knowledge proofs to ensure that every user has the latest version of their group's data without actually applying every change in the whole change log.
The BriefWire