Document collaboration applications, such as Google Docs or Microsoft Office Online, need to ensure that all collaborators have a consistent view of the shared document, and usually achieve this by relying on a trusted server. Other existing approaches that do not rely on a trusted third party assume that all collaborating devices are trusted. In particular, when inviting a new collaborator to a group, one needs to choose between a) keeping past edits private and sending only the latest state (a snapshot) of the document; or b) allowing the new collaborator to verify her view of the document is consistent with other honest devices by sending the full history of (signed) edits. We present a new protocol which allows an authenticated snapshot to be sent to new collaborators while both hiding the past editing history, and allowing them to verify consistency. We evaluate the costs of the protocol by emulating the editing history of 270 Wikipedia pages; 99% of insert operations were processed within 11.0 ms; 64.9 ms for delete operations. An additional benefit of authenticated snapshots is a median 84% reduction in the amount of data sent to a new collaborator compared to a basic protocol that transfers a full edit history.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 Niko Barić and Birgit Pfitzmann. Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In Advances in Cryptology – EUROCRYPT ’97 pages 480–494. Springer 1997.
 Josh Benaloh and Michael De Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology – EUROCRYPT ’93 pages 274–285. Springer 1993.
 Eric A. Brewer. Towards Robust Distributed Systems. In Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing PODC 2000 page 7. ACM 2000.
 Philippe Camacho Alejandro Hevia Marcos Kiwi and Roberto Opazo. Strong accumulators from collision-resistant hashing. International Journal of Information Security 11(5):349–363 2012.
 Jan Camenisch Markulf Kohlweiss and Claudio Soriente. An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials. In Public Key Cryptography – PKC 2009 pages 481–500. Springer 2009.
 Dario Catalano and Dario Fiore. Vector commitments and their applications. In Public-Key Cryptography – PKC 2013 pages 55–72. Springer 2013.
 Scott A. Crosby and Dan S. Wallach. Efficient Data Structures for Tamper-evident Logging. In Proceedings of the 18th USENIX Security Symposium pages 317–334. USENIX Association 2009.
 John Day-Richter. What’s different about the new Google Docs: Making collaboration fast 2010.
 David Derler Christian Hanser and Daniel Slamanig. Revisiting cryptographic accumulators additional properties and relations to other primitives. In Topics in Cryptology – CT-RSA 2015 pages 127–144. Springer 2015.
 Benjamin Dowling Felix Günther Udyani Herath and Douglas Stebila. Secure Logging Schemes and Certificate Transparency. In Computer Security – ESORICS 2016 pages 140–158. Springer 2016.
 Clarence A. Ellis and Simon J. Gibbs. Concurrency Control in Groupware Systems. In Proceedings of the 1989 ACM SIGMOD International Conference on Management of Data volume 18 pages 399–407. ACM 1989.
 Ariel J. Feldman William P. Zeller Michael J. Freedman and Edward W. Felten. SPORC: Group Collaboration Using Untrusted Cloud Resources. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation OSDI 2010 pages 337–350. USENIX Association 2010.
 Dennis Felsch Christian Mainka Vladislav Mladenov and Jörg Schwenk. SECRET: On the Feasibility of a Secure Efficient and Collaborative Real-Time Web Editor. In Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security AsiaCCS 2017 pages 835–848. ACM 2017.
 Seth Gilbert and Nancy Lynch. Brewer’s Conjecture and the Feasibility of Consistent Available Partition-Tolerant Web Services. ACM SIGACT News 33(2):51–59 2002.
 Abdessamad Imine Pascal Molli Gérald Oster and Michaël Rusinowitch. Proving Correctness of Transformation Functions in Real-Time Groupware. In ECSCW 2003 pages 277–293. Springer 2003.
 Abdessamad Imine Michaël Rusinowitch Gérald Oster and Pascal Molli. Formal design and verification of operational transformation algorithms for copies convergence. Theoretical Computer Science 351(2):167–183 2006.
 Robert Johnson David Molnar Dawn Song and David Wagner. Homomorphic signature schemes. In Topics in Cryptology – CT-RSA 2002 pages 244–262. Springer 2002.
 Martin Kleppmann and Alastair R. Beresford. A Conflict-Free Replicated JSON Datatype. IEEE Transactions on Parallel and Distributed Systems 28(10):2733–2746 2017.
 Nadim Kobeissi. Capsule: A protocol for secure collaborative document editing. IACR Cryptology ePrint 2018/253 2018.
 Ben Laurie Adam Langley and Emilia Kasper. RFC 6962: Certificate Transparency. IETF 2013.
 Prince Mahajan Lorenzo Alvisi and Mike Dahlin. Consistency Availability and Convergence. Technical Report UTCS TR-11-22 Department of Computer Science The University of Texas at Austin 2011.
 Prince Mahajan Srinath Setty Sangmin Lee Allen Clement Lorenzo Alvisi Mike Dahlin and Michael Walfish. Depot: Cloud Storage with Minimal Trust. ACM Transactions on Computer Systems 29(4):12:1–12:38 2011.
 Ralph C. Merkle. A Digital Signature Based on a Conventional Encryption Function. In Advances in Cryptology – CRYPTO ’87 pages 369–378. Springer 1988.
 Brice Nédelec Pascal Molli Achour Mostefaoui and Emmanuel Desmontils. LSEQ: an Adaptive Structure for Sequences in Distributed Collaborative Editing. In Proceedings of the 2013 ACM Symposium on Document Engineering DocEng 2013 pages 37–46. ACM 2013.
 Lan Nguyen. Accumulators from Bilinear Pairings and Applications. In Topics in Cryptology – CT-RSA 2005 pages 275–292. Springer 2005.
 David A. Nichols Pavel Curtis Michael Dixon and John Lamping. High-Latency Low-Bandwidth Windowing in the Jupiter Collaboration System. In Proceedings of the 8th Annual ACM Symposium on User Interface Software and Technology UIST 1995 pages 111–120. ACM 1995.
 Gérald Oster Pascal Urso Pascal Molli and Abdessamad Imine. Proving correctness of transformation functions in collaborative editing systems. Technical Report RR-5795 INRIA 2005.
 Nuno Preguiça Joan Manuel Marques Marc Shapiro and Mihai Letia. A Commutative Replicated Data Type for Cooperative Editing. In 29th International Conference on Distributed Computing Systems ICDCS 2009 pages 395–403. IEEE 2009.
 Michael O. Rabin. Probabilistic Algorithm for Testing Primality. Journal of Number Theory 12(1):128–138 1980.
 Paulo Ribenboim. The Little Book of Bigger Primes. Springer 2004.
 Hyun-Gul Roh Myeongjae Jeon Jin-Soo Kim and Joonwon Lee. Replicated abstract data types: Building blocks for collaborative applications. Journal of Parallel and Distributed Computing 71(3):354–368 2011.
 Marc Shapiro Nuno Preguiça Carlos Baquero and Marek Zawirski. A comprehensive study of convergent and commutative replicated data types. Technical Report RR-7506 INRIA 2011.
 Marc Shapiro Nuno Preguiça Carlos Baquero and Marek Zawirski. Conflict-free Replicated Data Types. In Stabilization Safety and Security of Distributed Systems SSS 2011 pages 386–400. Springer 2011.
 Ron Steinfeld Laurence Bull and Yuliang Zheng. Content Extraction Signatures. In Information Security and Cryptology – ICISC 2001 pages 285–304. Springer 2001.
 Roberto Tamassia. Authenticated data structures. In Algorithms – ESA 2003 pages 2–5. Springer 2003.
 Stéphane Weiss Pascal Urso and Pascal Molli. Logoot: A Scalable Optimistic Replication Algorithm for Collaborative Editing on P2P Networks. In 29th IEEE International Conference on Distributed Computing Systems ICDCS 2009 pages 404–412. IEEE 2009.
 Stéphane Weiss Pascal Urso and Pascal Molli. Logoot-Undo: Distributed Collaborative Editing System on P2P Networks. IEEE Transactions on Parallel and Distributed Systems 21(8):1162–1174 2010.