It works via the DHT, like BitTorrent. Basically it’s kinda like a broadcast network hunting for the other user.
So let’s say I connect to 8 random peers on my mobile. Then my hosting machine connects to 8 random peers. When we start up an instance we announce to our peers what our keys are and they add it to their DHT (big hash table of peers basically).
Then when I scan the QR of my hosting machine, I ping out to my nearest 8 peers for anyone who has seen the hosting key. If we share no peers in common, then they pass it on to the next set of peers that they are connected to, then through “6 degrees of Kevin Bacon” we eventually cross on a peer that has heard my request, and also heard the hosting machine’s key earlier. (This might realistically only need one or two hops, maybe the DHT of my nearest node already has the update from the host, but not necessary)
Then when I find my host via mobile (this is where I’m less certain about specifics) then both machines do a “hole punching” method where the host and the mobile both try to establish connections from either direction using any available port. Again, a kind of “guess and check” method not so unlike finding a peer with random broadcasting. Then the connection is established, keys exchanged, and viola, P2P direct encrypted connection for whatever you want to do.
There are probably more specifics that I’m missing, but as I understand it, this is the general idea. Hope this helps.