The NuCypher KMS leverages the power of proxy re-encryption to bring private data to public blockchains.
Alice, the data owner, encrypts data with her public key and uploads it to IPFS, Swarm, S3, or any supported storage layer. To delegate access to valid recipients, she creates and uploads re-encryption keys to the NuCypher KMS network.
Ursula, a miner, receives the re-encryption keys and stands ready to re-key data. She provides this service in exchange for payment in fees and block rewards. The NuCypher KMS network and the storage layer never have access to Alice's plaintext data.
Bob, a valid recipient, sends an access request to the NuCypher KMS network. If a valid re-encryption key exists and specified conditions are met, the data is re-keyed to his public key and he is able to decrypt with his private key.