Dear respected peers,

Today's global society strongly relies on collaborative document editing, which 
plays an increasingly large role in sensitive workflows. While other 
collaborative venues, such as secure messaging, have seen secure protocols 
being standardized and widely implemented, the same cannot be said for 
collaborative document editing. Popular tools such as Google Docs, Microsoft 
Office365 and Etherpad are used to collaboratively write reports and other 
documents which are frequently sensitive and confidential, in spite of the 
server having the ability to read and modify text undetected.

Capsule is the first formalized and formally verified protocol standard that 
addresses secure collaborative document editing. Capsule provides 
confidentiality and integrity on encrypted document data, while also 
guaranteeing the ephemeral identity of collaborators and preventing the server 
from adding new collaborators to the document. Capsule also, to an extent, 
prevents the server from serving different versions of the document being 
collaborated on.

A proposal of Capsule is available here:

In this paper, I provide a full protocol description of Capsule. I also provide 
formal verification results on the Capsule protocol in the symbolic model. 
Finally, I present a full software implementation of Capsule, which includes a 
novel formally verified signing primitive implementation.

As it stands, Capsule is by no means a finalized protocol, and all that is 
presented in the preprint linked above is preliminary and very open to 

Capsule is by no means a protocol as involved or innovative as some others, 
such as the Signal protocol. However, I believe that it is valuable to see such 
a protocol solidly proposed and formalized, given that its targeted use case is 
underserved despite its legitimacy.

I welcome your feedback on the current Capsule draft. I enjoy working on this 
project and hope to make of it a good software soon. Let's discuss it and share 
our opinions!


Sent from my computer
Messaging mailing list

Reply via email to