The NuCypher network is a decentralized network of nodes that perform threshold cryptography operations serving users with secrets management and dynamic access control. nucypher is the python library and CLI for interacting with the decentralized threshold cryptography network.

How does NuCypher work?


1. Alice, the data owner, grants access to her encrypted data to anyone she wants by creating a policy and uploading it to the NuCypher network.

2. Alice gets information about the group of n Ursulas associated with the policy, which are nodes on the NuCypher network. Each Ursula provides their encrypting key, and Alice creates n re-encryption key shares (kFrag), each of which is encrypted with a different Ursula’s encrypting key. The Ursulas in the group stand ready to re-encrypt data in exchange for payment in fees and token rewards. The list of Ursulas and their associated encrypted re-encryption key shares are stored in a treasure map. Alice subsequently encrypts the treasure map for Bob. The treasure map provides Bob the requisite information and cryptographic material to successfully request the NuCypher network to re-encrypt the data shared by Alice – such that he can decrypt it with his private key.

3. Each policy created by Alice has an associated encryption key, which can be used by any entity (Enrico) to encrypt data on Alice’s behalf. This entity could be an IoT device in her car, a collaborator assigned the task of writing data to her policy, or even a third-party creating data that belongs to her – for example, a lab analyzing medical tests. The resulting encrypted data can be uploaded to IPFS, Swarm, S3, or any other storage layer.

4. Bob, a data recipient, uses the treasure map to determine the list of Ursulas to contact and the associated re-encryption key share to send to Ursula for the re-encryption operation. Bob obtains the encrypted data from the storage layer and sends a re-encryption request to the relevant Ursulas on the NuCypher network. If the policy is satisfied, Ursula decrypts the provided re-encryption key share and re-encrypts the data to Bob’s public key. Bob can subsequently decrypt the data with his private key.

  1. Ursulas earn fees and token rewards for being available to perform re-encryption operations.

More detailed information:



“NuCypher - A proxy re-encryption network to empower privacy in decentralized systems” by Michael Egorov, David Nuñez, and MacLane Wilkison - NuCypher


“NuCypher Network: Staking Protocol & Economics” by Michael Egorov, MacLane Wilkison, Arjun Hassard - NuCypher

“NuCypher Network: Pricing Protocol & Economics” by Arjun Hassard - NuCypher


“Umbral A Threshold Proxy Re-Encryption Scheme” by David Nuñez - NuCypher

Indices and Tables