Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

by · WIRED

Comment
LoaderSave StorySave this story
Comment
LoaderSave StorySave this story

End-to-end encryption, in which data is encoded so that only users on either “end” of a conversation can decrypt their communications—and not the server that relays that information or any other interloper—has become the standard for modern privacy on the internet. But its very name suggests a kind of simple pipe with two openings. The metaphor, and often the encryption technology that has enabled that model, doesn't fit neatly onto the world of Slack, Discord, Google Docs, and the other multiuser, complex, collaborative software where people now live and work.

So one group of cryptographers has built what they describe as the foundation for a new generation of end-to-end encrypted apps, with a new metaphor: Instead of a mere pipe, they want to create “spaces” where users can hold group conversations, host information on a server, collectively make changes to it, invite in new collaborators or kick them out, all while maintaining the same strong encryption protections that prevent the server or network eavesdroppers from accessing their data.

That cryptographer team, including contributors from Harvard, Microsoft Research, and former developers of the end-to-end encrypted messenger Signal, today release a “preview” of Encrypted Spaces, an early version of a set of open-source code libraries, which is part of an architecture they've designed to allow anyone to easily build a rigorously end-to-end encrypted app that nonetheless enables all of the complex collaboration features that users demand from software today.

The group says it saw an opportunity in the migration from single-user apps and one-to-one messengers to multiuser collaboration tools. The transition comes at the same time as the advent of new cryptographic tricks—namely, “zero-knowledge proofs”—that enable computers to manipulate and verify the integrity of encrypted data without seeing its contents. “These pieces kind of fall into place to leave us with a moment of technological shift where we can inject encryption and privacy,” says Nora Trapp, an engineer at Harvard’s Applied Social Media Lab who has also worked as a technical lead for Signal. “We want to provide the technological surface area for developers to build all these apps in a privacy-preserving way."

Among the cryptographers working on the project is Trevor Perrin, the cocreator of the Signal protocol, the open-source encrypted messaging system used not only in the hundred-million-plus phones with Signal installed but also in the billions of devices that use WhatsApp and Facebook Messenger.

Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging and calls, says Matt Green, a cryptography-focused professor of computer science at Johns Hopkins. “They've built a system that's kind of an extension of what end-to-end encryption can be, where you have an actual architecture for doing end-to-end encrypted collaboration,” says Green, who reviewed a white paper outlining the Encrypted Spaces project and a prototype application. “You can think of it as the Signal protocol for collaboration apps.”

Unlike Signal, however, the code that the Encrypted Spaces group has released is, for now, not a single, ready-for-use application. Instead, it's a code repository that the group is inviting cryptography researchers and developers to review, with the goal of eventually allowing coders to build their own encrypted collaborative apps—but without needing any cryptography knowledge. “We want to make it so there's no reason a developer wouldn't want to make their application end-to-end encrypted, because it becomes so easy,” Trapp says.

Change Logs and Zero-Knowledge Roll-Ups

Encrypted Spaces aims to deal with a crucial limitation of end-to-end encrypted apps: Because the server can't decrypt users' data, any manipulation of that information has to take place on the users' devices. That works well enough when the app is a pipe connecting two users' phones, each of which holds a key to decrypt their conversation. But when the app is a collaborative platform with dozens or hundreds of users working together, that model of end-to-end encryption creates a severe constraint: The app can't simply store users' information on a server and manipulate it in that centralized location as it would for an unencrypted platform like Slack or Google Docs.

Encrypted Spaces offers a new model: An app built with it manages data from a centralized server and let users collectively make changes to that information while still keeping it encrypted. More specifically, Encrypted Spaces keeps a change log—a record of every change to encrypted data that the users make over time—that can be shared with the app on every user's phone or computer, so that the app can implement those changes locally and keep everyone's version of the information synched and up to date.

The server uses zero-knowledge proofs, a relatively new cryptographic technique, to prove to every user's device that no changes are missing and no rogue changes have been made, but without the server ever accessing the unencrypted data or the changes to it. (Hence “zero knowledge.”) In fact, Encrypted Spaces can use a kind of “roll-up” property of zero-knowledge proofs to ensure that every user has the latest version of their group's data without actually applying every change in the whole change log. “The server can roll up the changes into a succinct proof that this current state reflects the entire history,” says Perrin. “It can convince you it's applied the change log correctly without actually having to send it.”

The server also uses zero-knowledge proofs to oversee how people's devices manage the cryptographic keys that allow only authorized users to decrypt and alter the data, allows new users to be invited in, and can provably revoke their access if someone leaves the group. The space's users can also choose to share the full history of the app or to limit a new invitee to new messages or data added after they entered.

The Encrypted Spaces team showed WIRED a demo of a prototype application it calls Spaces, which it also released Thursday. (They recommend the software not be used in its current state but instead treated as a research prototype.) In the demo, the Spaces prototype appeared to be a fully functioning, end-to-end encrypted Slack- or Discord-type app with added group notes, calendar, and file-storage functions, but still lacked certain features like voice calling and search.

Plenty of collaboration tools already offer some sort of end-to-end encryption, to be fair, such as Proton's suite of cloud-based apps including file storage and document editing or similar suites from CryptPad or Nextcloud. Software including Matrix and Nextcloud also offer Slack- or Discord-like end-to-end encrypted group messaging platforms.

Encrypted Spaces, however, provides an open-source, credible foundation for a more rigorous and standardized approach to building those apps or whatever comes next, says Johns Hopkins’ Green—as well as an enormous head start for anyone who wants to securely code an encrypted tool. “I like the idea that we're going to have a standard library for this that a lot of people can review,” says Green. “And if you use this library, you inherit all the security for free.”

From Signal to Spaces

The effort behind Encrypted Spaces originated, at least in part, within the team that develops Signal. In 2019 and 2020, Signal's developers, including Trapp and Perrin, were working on upgrading Signal's group-chat feature to better preserve the privacy of group members, so that Signal's servers could manage who was included in a group but without keeping any unencrypted record of that member list. They ended up partnering with cryptographers at Microsoft Research to build a new “anonymous credentials” system that used zero-knowledge proofs to maintain that member list on the server without ever exposing it.

That server-side, encrypted, verified list of a group chat's participants represented a new security model for Signal, which had otherwise generally kept as much data as possible on users' devices and used servers only as simple pipes for relaying it. At some point, Perrin says, they began to wonder what other features that approach—using zero-knowledge proofs to allow for more manipulation of encrypted data stored on the server—could make possible. “If we're doing this encryption for the membership list in this very consistent, nice, provable way, why couldn't we just kind of do this for everything?” Perrin says. “Why couldn't we just kind of move all of the data into something like this?”

That thinking eventually led them to a more ambitious thought, as Microsoft Research’s Greg Zaverucha describes it: “Why can't we have end-to-end encryption in all the apps we use?”

Seven years of on-and-off work later, Encrypted Spaces has finally released its open-source code repository. Microsoft Research’s Mary Gray, an anthropologist and technologist with a focus on privacy, is also leading an effort to collaborate with Bay Area community and social services groups to develop Encrypted Spaces and build prototypes designed with their needs in mind.

If Encrypted Spaces succeeds in its goal of unleashing a new generation of end-to-end encrypted apps of all kinds, those apps will no doubt be used for less wholesome purposes, too. Mainstream messaging platforms already serve as a conduit for plenty of cybercriminal groups. Encrypted versions of those apps would no doubt stymy law enforcement's ability to surveil some people causing real harm.

But Trapp stresses that the familiar argument about a small minority of bad actors shouldn't stand in the way of creating platforms that better protect everyone's privacy by default, instead of unthinkingly inviting sensitive conversations and collaborations while leaving users vulnerable to surveillance. “We have a general expectation of privacy in our real lives in the physical world,” she says. “We should be afforded that same right in the digital world, instead of building an internet with surveillance as a built-in aspect of its design.”

After all, encryption is already arguably becoming the norm in other realms of the internet, now that practically every website uses HTTPS encryption and Signal has helped to end-to-end encrypt the text and voice conversations on billions of phones and laptops. Why, in the midst of that great migration toward encryption, should your Slack and Google Docs remain as exposed as a postcard?

“In the same way that Signal became the status quo in the messaging space, technologies like this can become the status quo across all of application development,” Trapp says. “I hope that this just becomes how all apps work: that we have end-to-end encryption on every app on our phone and that it's a sort of de facto standard, and it just helps reinforce that privacy is normal.”