p>In the era of remote coordination, collaborative software has become the digital nervous system of both global enterprises and localized activist groups. However, tools like Google Docs, Notion, Slack, and Airtable require a fundamental compromise: to facilitate real-time co-authoring and data synchronization, users must entrust their plaintext data to centralized servers. While end-to-end encryption has successfully normalized secure, private communication in one-to-one and group messaging applications like Signal and WhatsApp, extending this cryptographic defense to complex, mutable multi-user databases has historically been a monumental hurdle.
On June 11, 2026, the Applied Social Media Lab (ASML) at Harvard University’s Berkman Klein Center for Internet & Society officially launched Encrypted Spaces. Developed in close collaboration with Microsoft Research’s Cryptography Group and independent researchers, this groundbreaking open-source project introduces a technical whitepaper and a functional prototype designed to bring robust, cryptographically verifiable end-to-end encryption to collaborative web applications, effectively removing the requirement of server trust.
The Genesis: From Signal Group Chats to Universal Collaboration
The origins of Encrypted Spaces trace back to a specific engineering challenge within the Signal Messenger ecosystem around 2019 and 2020. At the time, Signal’s development team was working to enhance the privacy profile of its group chats. Specifically, they wanted the Signal server to coordinate group chat states and memberships without actually possessing an unencrypted, plaintext record of who belonged to which group.
To resolve this, Signal’s engineering lead Nora Trapp (now an applied cryptographer at ASML) and Signal Protocol co-creator Trevor Perrin collaborated with Greg Zaverucha of Microsoft Research’s Cryptography Group. Together, they developed an “anonymous credentials” system leveraging zero-knowledge proofs (ZKPs), which successfully shielded group metadata on untrusted server infrastructures. This breakthrough sparked an ambitious, overarching question: if group memberships could be managed cryptographically, why couldn’t the entire state of a collaborative application be handled the same way?
Over a seven-year development cycle, this question evolved into Encrypted Spaces. Guided by ASML Principal Investigator and Harvard Computer Science Professor James Mickens and ASML Director Meg Marco, the core research team—including Trapp, Perrin, Zaverucha, and Michele Orrù from the French National Centre for Scientific Research (CNRS)—reconstructed the cloud sync engine from first principles.
Designing a Secure Backend: The Mechanics of Multi-User End-to-End Encryption
The primary technical bottleneck in translating end-to-end encryption to collaborative systems is the mutable nature of shared state. In messaging, data is typically static: once sent, it is decrypted by the recipient and stored locally. Conversely, in database-driven tools, multiple users continuously read, append, delete, and alter overlapping fields. Managing these permissions, reconciling concurrent edits, and preventing malicious or compromised servers from manipulating the state requires a highly specialized cryptographic architecture.
Encrypted Spaces operates on the baseline assumption that the hosting cloud server is completely untrusted. Rather than viewing the server as an authoritative database engine, Encrypted Spaces treats it purely as a blind, append-only storage and synchronization medium. To achieve this, the architecture is modularized into five core components:
- Membership State Management: This component governs who is authorized to read or write to a specific collaboration space. Membership is maintained dynamically, utilizing cryptographic credentials that verify a user’s standing in the group without exposing their identity or metadata to the server.
- Authenticated Append-Only Database History: Also referred to as a cryptographically verifiable changelog, this system stacks changes sequentially. Because states are built as a sequence of historical updates, any attempt by a server to rewrite past edits, delete files, or inject unauthorized modifications will immediately break the hash chain and trigger client-side verification failures.
- Advanced Key Management: Keys must adapt fluidly as users enter or leave the workspace. This system ensures that cryptographic keys are distributed securely across the client devices without relying on central key custodians.
- Key Retention: A key retention layer is integrated to securely store and index previous generations of keys. This allows active, authorized users to decrypt and inspect historical versions of a document or database without having to re-encrypt the entire repository every time the membership pool changes.
- Application-Defined Operations: Instead of being restricted to simple text chats, the architecture allows developers to define custom operations. By structuring workflows into tables, lists, text buffers, and directories, the system can enforce application-specific access rules and edit validations on the client side.
The Mathematical Machinery: ZKPs, KZG, and “Fast-Forward” Syncing
To bypass the need for a trusted central server while maintaining real-time collaborative speed, Encrypted Spaces relies on advanced zero-knowledge cryptography. The core system verification logic is programmed in Rust and compiled to run on a RISC Zero zkVM (Zero-Knowledge Virtual Machine). The server is tasked with executing client state changes and generating zero-knowledge proofs (ZKPs) that attest to the validity of those changes. Clients then rapidly verify these proofs, assuring themselves that the server executed the requested operations exactly as intended, without the server ever seeing the underlying decrypted data.
A key contributor to this mathematical framework is Greg Zaverucha, a co-inventor of the KZG polynomial commitment scheme. This cryptographic protocol allows a prover (the server) to commit to a polynomial (the database state) with a highly compact value. Subsequently, the server can mathematically prove to the client that a specific data point at a given index matches the committed state, with exceptional computational efficiency.
Furthermore, the team introduced a critical scalability feature known as fast-forward proofs. In traditional collaborative encryption environments, when a user goes offline and later reconnects, their device must download and individually process every single database transaction that occurred in their absence to reconstruct the current state. This approach is highly inefficient and resource-intensive. Encrypted Spaces circumvents this bottleneck using a mechanism analogous to blockchain ZK-rollups:
- The server aggregates all intermediate changes that occurred while the client was offline.
- The server generates a single, compact “fast-forward” proof confirming that all intermediate states were generated through valid, authorized operations by authenticated group members.
- The returning client verifies this single proof and instantly fast-forwards to the latest state, saving substantial processing power and bandwidth.
This mathematical layer also enables seamless key rotation. When a member is removed from a space, the group generates a new master key. Because of the key retention structure, existing data does not need to be fully re-encrypted. The newly rotated keys apply to all subsequent appends, securing forward secrecy and ensuring post-member-removal security—the removed user is instantly locked out of new updates, while existing members can continue their work uninterrupted.
How Encrypted Spaces Compares to Enclaves, FHE, and MPC
To appreciate the breakthrough of Encrypted Spaces, it is helpful to contrast it with existing paradigms designed to solve the untrusted server problem. Prior to this release, developers looking to build private applications typically turned to three technologies: Trusted Execution Environments (TEEs), Fully Homomorphic Encryption (FHE), and Multiparty Computation (MPC).
Trusted Execution Environments (TEEs), such as Intel SGX or AMD SEV, run database logic inside secure hardware enclaves. While effective on paper, enclaves are plagued by side-channel attacks (e.g., Spectre and Meltdown) and lock developers into specific hardware vendors. Fully Homomorphic Encryption (FHE) allows servers to perform computations directly on encrypted data without decrypting it first. However, FHE remains computationally prohibitive, often performing operations thousands of times slower than plaintext calculations, and does not inherently verify that the server executed the correct program logic. Finally, Multiparty Computation (MPC) requires splitting data among several independent, non-colluding servers. While secure, MPC introduces massive network latency and is logistically complex to deploy for standard consumer web applications.
Encrypted Spaces avoids these pitfalls by combining client-side end-to-end encryption with server-side ZK verification. It does not require specialized hardware, avoids the extreme computational overhead of FHE, and functions over a single, standard cloud server.
Democratic Tech in Action: Project Resolve and the Developer SDK
The Applied Social Media Lab has released Encrypted Spaces as an open-source project, offering developers a functional prototype that mirrors popular Backend-as-a-Service (BaaS) suites like Firebase or Supabase. By packaging these complex cryptographic primitives into a highly accessible Software Development Kit (SDK), the team hopes to catalyze a new wave of privacy-first application development.
Rather than forcing developers to design bespoke cryptographic protocols or worry about low-level mathematics, the SDK provides pre-built, high-level abstractions