This whitepaper was developed out of Encrypted Spaces, a project from the Applied Social Media Lab, the the Cryptography Group at Microsoft Research, and independent researchers. The project offers an open-source architecture for building collaborative applications where data is encrypted and all operations are cryptographically verifiable, allowing users to receive the benefits of cloud-based services without forcing them to reveal sensitive information to people outside of trusted groups.
In this paper, we introduce encrypted collaboration spaces (or encrypted spaces for short), a new storage architecture that layers secure collaboration protocols atop untrusted servers. To developers, an encrypted space looks like a sync engine (middleware that ensures multiple clients have consistent views of shared state), with built-in support for group management. Behind the scenes, the space automatically implements cryptographic protocols to encrypt data, manage keys and users, and verify the authenticity and integrity of the data. Our architecture aims to be flexible enough to support common collaborative applications such as shared drives and documents, calendars, spreadsheets, source code control, artistic and engineering design applications, and chat forums. An encrypted space also allows developers to extend the verification logic to build applications for small organizations or social groups
with custom workflows.