Alice encrypts her secret, and splits up the decryption key
She sends the decryption key shares to the Trustees
Similar to trustees, validators ensure that only legitimate persons can access a secret. They also observe the ledger and respond to legitimate requests.
If or when Bob needs access to the information, he submits a decryption request to the ledger
Trustees see the request and publish their secret shares
Once a threshold number of trustees have published their shares, Bob can reconstruct the data
With our protocol, it’s possible for a sharer (Alice) to have certainty that a secret has not been decrypted by the recipient (Bob) until he chooses to decrypt it.
Trustees are the partially trusted keepers of the means of accessing Alice’s secret. The means of decryption are spread across multiple trustees, so that no one entity can control access. They observe the ledger for access requests and share the means of access.
Central to the transparency of decryption in PAD is the ledger. By observing this ledger, Alice can determine whether and by whom, a secret has been decrypted.
When Bob needs to access the secret, he posts his request to the accountability ledger. The trustees respond automatically with their secret shares - Alice does not need to participate in an additional transaction.