My understanding of a Tor circuit:
Outbound Traffic:
User > Entry node > Middle node > Exit Node
Incoming Traffic:
User < Entry node < Middle node < Exit Node
Incoming: Traffic is repeatedly encrypted at each node, starting with the exit node, while each layer is decrypted when it reaches the user.
Outgoing: Traffic is encrypted at the user stage and decrypted when it reaches the Exit node.
Do I understand this correctly?
Mostly. The outgoing traffic is repeatedly encrypted too, with one layer per hop. The client adds all the layers of encryption, and then each relay in the circuit peels off one layer as it processes the cells.
The diagram at Onion routing - Wikipedia might help visualize it.
Iād also recommend reading the Anonymous Routing chapter of Defend Dissent book.
You will find a long explanation about Tor and other cool visualizations like this one:
