Paper 2018/253

Capsule: A Protocol for Secure Collaborative Document Editing

Nadim Kobeissi

Abstract

Today's global society strongly relies on collaborative document editing, which plays an increasingly large role in sensitive workflows. While other collaborative venues, such as secure messaging, have seen secure protocols being standardized and widely implemented, the same cannot be said for collaborative document editing. Popular tools such as Google Docs, Microsoft Office365 and Etherpad are used to collaboratively write reports and other documents which are frequently sensitive and confidential, in spite of the server having the ability to read and modify text undetected. Capsule is the first formalized and formally verified protocol standard that addresses secure collaborative document editing. Capsule provides confidentiality and integrity on encrypted document data, while also guaranteeing the ephemeral identity of collaborators and preventing the server from adding new collaborators to the document. Capsule also, to an extent, prevents the server from serving different versions of the document being collaborated on. In this paper, we provide a full protocol description of Capsule. We also provide formal verification results on the Capsule protocol in the symbolic model. Finally, we present a full software implementation of Capsule, which includes a novel formally verified signing primitive implementation.

Note: Substantial improvements, more details and many small corrections.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Contact author(s)
nadim @ symbolic software
History
2018-08-13: last of 4 revisions
2018-03-07: received
See all versions
Short URL
https://ia.cr/2018/253
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/253,
      author = {Nadim Kobeissi},
      title = {Capsule: A Protocol for Secure Collaborative Document Editing},
      howpublished = {Cryptology ePrint Archive, Paper 2018/253},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/253}},
      url = {https://eprint.iacr.org/2018/253}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.