Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
Signal 前员工发布“加密空间”(Encrypted Spaces):一套构建私密协作应用的新系统
End-to-end encryption, in which data is encoded so that only users on either “end” of a conversation can decrypt their communications—and not the server that relays that information or any other interloper—has become the standard for modern privacy on the internet. But its very name suggests a kind of simple pipe with two openings. The metaphor, and often the encryption technology that has enabled that model, doesn’t fit neatly onto the world of Slack, Discord, Google Docs, and the other multiuser, complex, collaborative software where people now live and work.
端到端加密(End-to-end encryption)已成为现代互联网隐私的标准。在这种模式下,数据经过编码,只有对话双方的“终端”用户才能解密通信内容,而负责中转信息的服务器或其他任何第三方都无法窥探。然而,“端到端”这个名字本身暗示了一种只有两个开口的简单管道。这种隐喻,以及支撑该模型的加密技术,往往无法完美适配 Slack、Discord、Google Docs 等人们如今生活和工作中常用的复杂多用户协作软件。
So one group of cryptographers has built what they describe as the foundation for a new generation of end-to-end encrypted apps, with a new metaphor: Instead of a mere pipe, they want to create “spaces” where users can hold group conversations, host information on a server, collectively make changes to it, invite in new collaborators or kick them out, all while maintaining the same strong encryption protections that prevent the server or network eavesdroppers from accessing their data.
因此,一群密码学家构建了他们所称的“新一代端到端加密应用的基础”,并提出了一个新的隐喻:他们不再将其视为简单的管道,而是要创造“空间”(Spaces)。在这些空间里,用户可以进行群组对话、在服务器上托管信息、共同修改内容、邀请新成员加入或将其移除,同时保持强大的加密保护,防止服务器或网络窃听者访问数据。
That cryptographer team, including contributors from Harvard, Microsoft Research, and former developers of the end-to-end encrypted messenger Signal, today release a “preview” of Encrypted Spaces, an early version of a set of open-source code libraries, which is part of an architecture they’ve designed to allow anyone to easily build a rigorously end-to-end encrypted app that nonetheless enables all of the complex collaboration features that users demand from software today.
这支密码学家团队成员来自哈佛大学、微软研究院以及端到端加密通讯软件 Signal 的前开发人员。他们今天发布了“加密空间”(Encrypted Spaces)的预览版,这是一套开源代码库的早期版本。该架构旨在让任何人都能轻松构建出严格端到端加密的应用,同时又能实现用户对现代软件所要求的各种复杂协作功能。
The group says it saw an opportunity in the migration from single-user apps and one-to-one messengers to multiuser collaboration tools. The transition comes at the same time as the advent of new cryptographic tricks—namely, “zero-knowledge proofs”—that enable computers to manipulate and verify the integrity of encrypted data without seeing its contents. “These pieces kind of fall into place to leave us with a moment of technological shift where we can inject encryption and privacy,” says Nora Trapp, an engineer at Harvard’s Applied Social Media Lab who has also worked as a technical lead for Signal. “We want to provide the technological surface area for developers to build all these apps in a privacy-preserving way.”
该团队表示,他们看到了从单用户应用和一对一通讯工具向多用户协作工具迁移过程中的机遇。这种转变恰逢新的密码学技术——即“零知识证明”(zero-knowledge proofs)——的出现,它使计算机能够在不查看内容的情况下,操作并验证加密数据的完整性。“这些技术要素的结合,让我们处于一个可以注入加密和隐私保护的技术变革时刻,”哈佛大学应用社交媒体实验室的工程师、曾担任 Signal 技术负责人的 Nora Trapp 表示,“我们希望为开发者提供技术平台,让他们能以保护隐私的方式构建所有这些应用。”
Among the cryptographers working on the project is Trevor Perrin, the cocreator of the Signal protocol, the open-source encrypted messaging system used not only in the hundred-million-plus phones with Signal installed but also in the billions of devices that use WhatsApp and Facebook Messenger.
参与该项目的密码学家中包括 Trevor Perrin,他是 Signal 协议的共同创建者。该开源加密消息系统不仅被安装在超过一亿部手机的 Signal 应用中,还被 WhatsApp 和 Facebook Messenger 等拥有数十亿用户的设备所采用。
Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging and calls, says Matt Green, a cryptography-focused professor of computer science at Johns Hopkins. “They’ve built a system that’s kind of an extension of what end-to-end encryption can be, where you have an actual architecture for doing end-to-end encrypted collaboration,” says Green, who reviewed a white paper outlining the Encrypted Spaces project and a prototype application. “You can think of it as the Signal protocol for collaboration apps.”
约翰霍普金斯大学专注于密码学的计算机科学教授 Matt Green 表示,从某种意义上说,Encrypted Spaces 是 Signal 协议的下一代,但它适用于超越消息和通话的更复杂、功能更全的工具。“他们构建的系统是对端到端加密能力的一种扩展,提供了一种进行端到端加密协作的实际架构,”审阅了 Encrypted Spaces 项目白皮书及原型应用的 Green 说道,“你可以把它看作是协作应用版的 Signal 协议。”
Unlike Signal, however, the code that the Encrypted Spaces group has released is, for now, not a single, ready-for-use application. Instead, it’s a code repository that the group is inviting cryptography researchers and developers to review, with the goal of eventually allowing coders to build their own encrypted collaborative apps—but without needing any cryptography knowledge. “We want to make it so there’s no reason a developer wouldn’t want to make their application end-to-end encrypted, because it becomes so easy,” Trapp says.
然而,与 Signal 不同的是,Encrypted Spaces 团队目前发布的代码并非一个开箱即用的单一应用程序。相反,这是一个代码库,团队邀请密码学研究人员和开发者进行审查,目标是最终让程序员无需任何密码学知识,就能构建自己的加密协作应用。“我们希望让开发者没有任何理由拒绝为应用添加端到端加密,因为这变得非常简单,”Trapp 说。
Change Logs and Zero-Knowledge Roll-Ups
变更日志与零知识汇总(Zero-Knowledge Roll-Ups)
Encrypted Spaces aims to deal with a crucial limitation of end-to-end encrypted apps: Because the server can’t decrypt users’ data, any manipulation of that information has to take place on the users’ devices. That works well enough when the app is a pipe connecting two users’ phones, each of which holds a key to decrypt their conversation. But when the app is a collaborative platform with dozens or hundreds of users working together, that model of end-to-end encryption creates a severe constraint: The app can’t simply store users’ information on a server and manipulate it in that centralized location as it would for an unencrypted platform like Slack or Google Docs.
Encrypted Spaces 旨在解决端到端加密应用的一个关键局限:由于服务器无法解密用户数据,任何对信息的处理都必须在用户设备上完成。当应用只是连接两个用户手机的“管道”(双方各持有一把解密对话的密钥)时,这种模式运行良好。但当应用是一个有数十甚至数百人共同协作的平台时,这种端到端加密模式就会产生严重的制约:应用无法像 Slack 或 Google Docs 等非加密平台那样,简单地将用户信息存储在服务器上并在中心化位置进行处理。
Encrypted Spaces offers a new model: An app built with it manages data from a centralized server and let users collectively make changes to that information while still keeping it encrypted. More specifically, Encrypted Spaces keeps a change log—a record of every change to encrypted data that the users make over time—that can be shared with the app on every user’s phone or computer, so that the app can implement those changes locally and keep everyone’s version of the information synched and up to date.
Encrypted Spaces 提供了一种新模式:基于此构建的应用从中心化服务器管理数据,并允许用户在保持数据加密的同时共同修改信息。更具体地说,Encrypted Spaces 会维护一个“变更日志”(change log)——记录用户随时间对加密数据所做的每一次更改。该日志可以共享给每个用户手机或电脑上的应用,以便应用在本地执行这些更改,并保持每个人的信息版本同步且处于最新状态。
The server uses zero-knowledge proofs, a relatively new cryptographic technique, to prove to every user’s device that no changes are missing and no rogue changes have been made, but without the server ever accessing the unencrypted data or the changes to it. (Hence “zero knowledge.”) In fact, Encrypted Spaces can use a kind of “roll-up” property of zero-knowledge proofs to ensure that every user has the latest version of their group’s data without actually applying every change in the whole change log. “The server can roll up the changes into a succinct proof that this current state reflects the entire history,” says Perrin. “It can convince you it’s applied the change log correctly without actually having to send it.”
服务器使用一种相对较新的密码学技术——零知识证明,向每个用户的设备证明没有遗漏任何更改,也没有发生恶意篡改,且服务器本身无需访问未加密的数据或更改内容。(因此称为“零知识”。)事实上,Encrypted Spaces 可以利用零知识证明的“汇总”(roll-up)特性,确保每个用户都能获得群组数据的最新版本,而无需实际应用变更日志中的每一项更改。“服务器可以将这些更改汇总成一个简洁的证明,表明当前状态反映了整个历史,”Perrin 说,“它可以在无需发送完整变更日志的情况下,让你确信它已经正确地应用了这些更改。”
The server also uses zero-knowledge proofs to oversee how people’s devices manage the cryptographic keys that allow only authorized users to decrypt and alter the data, allows new users to be invited in, and can pr… 服务器还利用零知识证明来监督用户设备如何管理加密密钥,从而确保只有授权用户才能解密和修改数据,并允许邀请新用户加入……