A team of researchers has released a research preview called Encrypted Spaces, an architecture that lets collaborative apps store data on untrusted servers while keeping it encrypted and verifiable. The design treats the server as a synchronization hub but denies it access to plaintext, addressing longstanding trust concerns for journalists, activists and health workers without exposing user keys or metadata.

Encrypted Spaces splits a shared space into five components: membership state, an append‑only verifiable database, key management, key retention, and application‑defined operations. A prototype sync engine mimics Firebase or Supabase APIs, exposing tables, lists and text areas that appear local while the engine encrypts every write and validates server behavior with cryptographic proofs and ensures auditability across revisions for all.

The project draws support from Microsoft Research’s Cryptography Group and the Applied Social Media Lab at Harvard’s Berkman Klein Center, underscoring academic‑industry collaboration on privacy‑preserving tools. Although still experimental, the whitepaper and prototype invite developers to test the model, marking a concrete step toward encrypted, trustworthy cloud collaboration. It also demonstrates how zero‑knowledge proofs can replace trusted execution environments in practice.