- Person A (Alice) takes data (in this example) and enters it into the computer. She creates a policy describing what people should have access to the data and when it expires.
- The computer (Enrico) generates a symmetric key and encrypts the data; then it encrypts the symmetric key with Alice’s public key (capsule).
- The header (capsule) is essentially a randomly generated key from the computer (Enrico: think password generator) that can decode the data in the rest of the message.
- The encrypted data + header is uploaded to IPFS.
- Person B (Bob), who wants to read the data, downloads the encrypted data + header and sends only the header to a number of proxy re-encryption nodes (Ursula), which re-encrypt the header with Bob’s public key. They send back this header, which Bob can decrypt with his private key thanks to the magic of proxy re-encryption.
- Person B uses the header, which contains the decrypted symmetric key, to read the rest of the data.
Will be adding more explanation and nuance later, but this is a basic walkthrough about how we tried to visualize and understand nuCypher. Please feel free to correct us or connect with us!
For a more in depth explanation, see https://docs.nucypher.com/en/latest/architecture/character.html