Insaanity provides a decentralized and scalable infrastructure for secure data sharing and access control. It enables data owners to maintain control over their encrypted data while allowing selective and privacy-preserving access to authorized users. The nodes that provide this service are called Insaanity-Proxy nodes.

These nodes play a crucial role in providing access control and data privacyand are responsible for performing the re-encryption operations and managing access policies on behalf of data owners. They act as intermediaries between the data owners and data consumers.

The architecture of Proxy Re-encryption involves the following components:

1. Data Owner:

   • Data owners are entities that possess the data and want to securely share it while maintaining control over access.

   • Data is encrypted and stored securely in distributed storage.

2. Proxy Nodes:

   • Proxy nodes form the backbone of the Insaanity-TPRE network. They handle re-encryption operations and enforce access policies on behalf of data owners.

   • Each proxy node is operated by an independent operator and has a unique cryptographic key pair.

   • The proxy nodes communicate with others to maintain consistency and handle access control operations.

3. TPRE API:

   • Proxy nodes expose API’s that data consumers can interact with to request access to encrypted data.

   • The API allows data consumers to submit access requests, provide necessary credentials, and receive re-encrypted data for decryption.

4. Access Control:

   • When a data consumer wants to access encrypted data, they submit an access request to the proxy nodes through the TPRE API.

   • The proxy nodes validate the access request against the access policies defined by the data owner.

   • If the access request is valid, the proxy nodes perform re-encryption on the encrypted data to make it accessible to Bob.

5. Cryptographic Operations:

   • Proxy Re-encryption is a cryptographic operation performed by the proxy nodes.

   • The proxy nodes transform the encrypted data from the data owner into a new encrypted form that can be decrypted by the authorized data consumer.

   • Re-encryption is done without revealing the underlying data to the nodes or requiring access to the data owner's private key.