Encrypted Collaboration: Harvard ASML Launches New Open-Source Framework

The End of Trust-Me Security: How “Encrypted Spaces” Reinvents Collaborative Software

For more than a decade, digital privacy has been defined by a stark, frustrating dichotomy. On one side of our screens, we enjoy the gold standard of privacy: end-to-end encrypted messaging. Platforms like Signal and WhatsApp have normalized the expectation that our instant messages, voice notes, and private calls are sealed in cryptographic envelopes, unreadable by the servers that route them. Yet, the moment we transition from casual chat to productive work, this shield vanishes. Our documents on Google Docs, team chats on Slack, knowledge bases on Notion, and community servers on Discord all require us to hand over our plaintext data to centralized servers. In this modern paradigm, the promise of secure, encrypted collaboration remains an elusive ideal, held hostage by the architectural demands of real-time multi-user software.

That paradigm received a major disruption on June 11, 2026. The Applied Social Media Lab (ASML) at Harvard University’s Berkman Klein Center for Internet & Society officially launched Encrypted Spaces—an ambitious, open-source project designed to resolve the security trade-offs of modern productivity tools. Developed in lockstep with the Cryptography Group at Microsoft Research and a cohort of independent cryptographers, Encrypted Spaces does not merely seek to launch another alternative app. Instead, it provides a foundational, open-source cryptographic framework and technical whitepaper that allows any developer to build zero-trust, end-to-end encrypted productivity suites.

Why End-to-End Encryption Stalled at Messaging

To understand the breakthrough of Encrypted Spaces, one must first appreciate why encrypted collaboration has been so difficult to engineer. End-to-end encryption (E2EE) is traditionally designed as a “simple pipe with two openings”. If User A wants to message User B, they establish a secure channel, exchange cryptographic keys, and send messages that only their respective devices can decrypt. This works beautifully for linear, asynchronous communication.

However, collaborative productivity tools operate under a vastly more complex state model. Consider a shared document or database:

• Real-time Co-authoring: Multiple users must simultaneously insert, update, or delete content, requiring real-time conflict resolution (typically managed via Conflict-free Replicated Data Types, or CRDTs).
• Dynamic Membership: Teams are fluid. Users are added, removed, or assigned varied permission levels. When a collaborator is removed, they must be instantly cut off from reading future changes, while new additions need access to historical context without exposing old keys.
• Scalability: In a system with hundreds of thousands of document edits, decrypting and re-encrypting the entire database every time a member is removed is computationally impossible for consumer hardware.

To bypass these hurdles, modern SaaS applications rely on centralized servers to act as the ultimate arbiters of truth. Because these servers must reconcile concurrent edits and manage user permissions, they require access to the data in plaintext. Consequently, sensitive communications, medical files, legal briefs, and intellectual property remain permanently vulnerable to data breaches, operator abuse, or state-level legal compulsion.

Introducing Encrypted Spaces: The “Signal Protocol” for SaaS

The Encrypted Spaces project addresses these challenges head-on. Rather than forcing users to rely on the corporate promise of “Do No Evil,” this new architecture enforces “Can’t Do Evil” through mathematics. The project’s lineage explains its rigor. The development team includes:

• Nora Trapp: Applied cryptographer and engineer at Harvard’s ASML, previously a technical lead at the Signal Foundation.
• Trevor Perrin: Independent cryptographer and co-creator of the legendary Signal Protocol.
• Greg Zaverucha: Prominent researcher within Microsoft’s Cryptography and Security group.
• Michele Orrù: Cryptography researcher representing the French National Centre for Scientific Research (CNRS).

Recognizing the magnitude of this architecture, Johns Hopkins University Computer Science Professor Matthew Green heralded the project’s launch, calling it the “Signal protocol for collaboration apps”.

The Technical Blueprint of Encrypted Collaboration

At its core, an “encrypted space” functions as a cloud-based sync engine, serving as middleware that abstractly handles low-level cryptographic verification so developers can focus purely on application logic. The architecture achieves this through three primary pillars: untrusted storage, dynamic key evolution, and cryptographic proof generation.

1. Verifiable, Untrusted Storage

In a standard cloud application, the database server is highly trusted. In an Encrypted Space, the server is treated as an actively hostile or compromised actor. To achieve this, the architecture pairs an encrypted database with an authenticated, append-only history of operations.
Every time a client modifies a document or sends a message, that operation is written as an encrypted block to a cryptographically chained changelog. The database state itself is structured using an authenticated data structure (such as a Merkle tree, implemented in the project’s codebase via the `merk` library). Because every data state change corresponds to a verifiable mathematical proof, the client can instantly verify that the server is returning the correct, complete, and untampered history of the collaboration space.

2. Dynamic Key Evolution Without Re-encryption

Perhaps the most brilliant cryptographic innovation of Encrypted Spaces is how it handles membership changes. Traditionally, if a member is removed from a shared folder, the remaining members must decrypt all files, generate a new shared key, re-encrypt the files, and upload them back to the server.
Encrypted Spaces resolves this with a key rotation and distribution technique that achieves two critical properties:

1. Forward Secrecy: Compromising a current key does not expose historical document states.
2. Post-Member-Removal Security: When a user is kicked out, they cannot decrypt future updates, yet the server does not need to re-encrypt existing static data.

The keys evolve automatically on client devices. When user access is revoked, the system transitions to a new cryptographic epoch. The remaining clients seamlessly generate new epoch keys and distribute them securely among themselves, leaving the removed user completely blind to future changes without placing any decryption overhead on the host server.

3. Cryptographic Verification via Zero-Knowledge Proofs

To keep collaborative documents synced across multiple devices without revealing plaintext, the system relies on zero-knowledge proofs (ZKPs). The centralized server coordinates user access and pushes the latest document versions, but it must generate a mathematical proof of its synchronization actions. When a client receives an update, it verifies this proof to confirm that no unauthorized modifications have occurred, no malicious collaborators have been secretly injected into the space by the server, and no updates have been dropped or rolled back.

Who Benefits Most From This Paradigm Shift?

The practical implications of Encrypted Spaces stretch far beyond corporate security. As the project’s website notes, the risks of centralized cloud surveillance are not theoretical—they actively shape what can safely be shared, said, or built.
Those who stand to benefit include:

• Journalists and Whistleblowers: Collaborative investigation boards and shared leak databases can now be hosted on public cloud infrastructure without fear of server-side subpoena, unauthorized data harvesting, or server compromises.
• Social-Service and Humanitarian Organizations: Entities tracking vulnerable refugees, patients, or legal clients can leverage the efficiency of cloud synchronization while maintaining absolute, mathematically enforced client confidentiality.
• Dissidents and Activists: Grassroots movements operating under authoritarian regimes can coordinate complex operations, manage member roles, and draft manifestos without exposing their entire network if a single device or host server is seized.

By lowering the barrier to entry for building private-by-default software, the creators of Encrypted Spaces hope to foster an ecosystem where metadata-minimizing, end-to-end encrypted productivity apps become the standard rather than the exception.

The Road Ahead: From Research Prototype to Production

Currently, Encrypted Spaces is in its Research Preview phase. The project’s codebase—primarily written in Rust—and its technical whitepapers are fully open-source, hosted on GitHub under the Apache 2.0 license. Along with the core architecture, the team released a basic demo application, “Spaces,” to demonstrate the sync engine’s real-world feasibility.

The immediate challenge is adoption. Building secure collaboration software is notoriously difficult, but by packaging the complex mathematics into a developer-friendly SDK, the team aims to eliminate the friction that has historically prevented small startups and open-source developers from implementing E2EE. In an era where digital sovereignty is increasingly contested, Encrypted Spaces offers a compelling, math-backed alternative to corporate-controlled data silos, proving that true privacy and seamless collaboration do not have to be mutually exclusive.