Lit Protocol

Lit Protocol uses Threshold Cryptography to enforce access conditions for encrypted data or digital assets without a central authority. Access Control Conditions (ACCs) are programmable rules (e.g., 'holder of NFT X' or 'after timestamp Y') that must be met for a user to receive a decryption key or authorization. This enables:

• Gated content (articles, videos, files)
• Secure private messaging
• Conditional data sharing in decentralized storage (like IPFS or Arweave)

Lit nodes collectively secure PKPs (Programmable Key Pairs), which are decentralized wallets whose signing authority is governed by ACCs. This enables non-custodial, conditional asset management, such as:

• Automated treasury management (e.g., sign a transaction only if 3 of 5 board members approve)
• Recovery mechanisms for lost wallets
• Time-locked transactions or vesting schedules
• Cross-chain interactions where a signature on one chain triggers an action on another

The network can execute Trusted Off-Chain Compute based on ACCs. Lit nodes perform computations (like fetching and verifying an API result) and produce a verifiable, cryptographically signed proof. This is foundational for:

• Decentralized Oracles: Bringing real-world data (sports scores, weather) on-chain conditionally.
• ZK Proof Generation: Managing keys and generating zero-knowledge proofs in a decentralized manner.
• Dynamic NFT Content: Changing an NFT's metadata based on verifiable off-chain events.

Lit provides the key management layer for encrypting data before it is stored on decentralized file systems. Users can encrypt data with a symmetric key, which is then itself encrypted by the Lit network and stored on-chain against ACCs. This creates a secure pattern for:

• Private medical or legal records on IPFS
• Encrypted decentralized identity credentials
• Secure backup of seed phrases with social recovery logic

Lit Protocol's core innovation is decentralized key generation and threshold signing. A network of nodes collectively holds cryptographic key shares, enabling applications to request signatures based on predefined conditions. This powers features like:

• Conditional decryption of encrypted data.
• Automated, permissioned transactions (e.g., "sign only if NFT is held").
• Cross-chain interoperability by signing messages for different networks.

A primary use case is token-gating digital and physical assets. Developers use Lit's Conditional Signing and Decentralized Access Control (DAC) to restrict access based on on-chain credentials. Common implementations include:

• Gating website content or Discord channels for NFT holders.
• Unlocking encrypted files (e.g., music, ebooks) upon token verification.
• Managing event ticketing with verifiable, revocable credentials.

Lit enables client-side encryption where data is encrypted before being stored on centralized servers (like AWS S3 or IPFS). The decryption keys are never held by a single entity but are managed by the Lit network. This creates a trust-minimized model where:

• Users retain sovereignty over their private data.
• Applications can store sensitive data off-chain without being a custodial risk.
• Access is programmatically enforced by the Lit nodes based on immutable conditions.

A Programmable Key Pair (PKP) is a decentralized identifier minted as an NFT. It represents a signing key controlled by the Lit network, which can be assigned to users, DAOs, or devices. Key properties:

• Self-sovereign: The PKP owner controls the signing capabilities.
• Composable: Can be used across multiple dApps as a universal identity.
• Upgradable: Auth methods (e.g., social logins, wallets) can be added or removed by the owner.

Lit Actions are JavaScript functions that run in a secure, deterministic environment across the Lit node network. They allow for verifiable off-chain computation whose results can be signed. Use cases include:

• Creating complex signing conditions (e.g., check multiple data sources).
• Generating verifiable randomness for on-chain applications.
• Bridging web2 APIs to web3 by having nodes fetch and attest to external data.

The Lit network is a decentralized autonomous organization (DAO) of node operators running threshold cryptography. Key mechanics:

• Staking: Operators stake LIT tokens to run a node and earn fees.
• Consensus: Uses the Threshold Cryptography model, not a traditional blockchain, for signing and decryption requests.
• Fault Tolerance: Requires a threshold of nodes (e.g., 2/3) to agree, ensuring security and liveness even if some nodes are offline or malicious.

The core cryptographic primitive of Lit Protocol. A PKP is a decentralized, non-custodial signing key where the private key is threshold-shared across the Lit network. Signing authority is controlled by on-chain conditions, enabling:

• Decentralized Identity: A wallet address that cannot be lost.
• Conditional Signing: Transactions only execute if predefined rules (e.g., time-locks, DAO votes) are met.
• Multi-Chain Support: A single PKP can sign for any supported blockchain.

The mechanism securing PKP private keys. Using Threshold Signature Scheme (TSS), the signing key is split into shares distributed across Lit network nodes. To produce a valid signature, a threshold (e.g., 2/3) of nodes must collaborate. This ensures:

• No Single Point of Failure: No single node holds the complete private key.
• Byzantine Fault Tolerance: The network can tolerate a subset of malicious or offline nodes.
• Non-Custodial Security: Users retain ultimate control without holding key material directly.

JavaScript functions that define the logic for conditional signing and computation. Deployed to the Lit network, they run in a secure, deterministic environment. Key capabilities include:

• Access Control Logic: Define rules (e.g., "sign only if user holds NFT X").
• Off-Chain Computation: Fetch and verify data from APIs or other chains before signing.
• Composability: Actions can call other actions, enabling complex, trust-minimized workflows.

A system for gating resource access (files, APIs, content) using blockchain state. It leverages PKPs and Lit Actions to create and enforce permissions. The process:

1. Encryption: A resource is encrypted, and the decryption key is stored with the Lit network.
2. Policy Definition: Access conditions (e.g., token-gating, time-based) are set via a Lit Action.
3. Decryption: The Lit network only returns the key if the user's credentials satisfy the policy, enabling persistent encryption across the web.

The decentralized peer-to-peer network of nodes that collectively manage PKPs and execute Lit Actions. It is built for security and liveness.

• Node Operators: Run Lit nodes, stake LIT tokens, and earn fees for signing/decryption services.
• Consensus: Uses a Tendermint-based Proof-of-Stake blockchain to coordinate node committees and finalize state.
• Fault Detection: Malicious behavior by nodes is slashed, ensuring the network's integrity.

Programmable Key Pairs (PKPs) are decentralized, non-custodial cryptographic key pairs where the signing logic is controlled by a Lit network consensus. They are minted as NFTs, enabling ownership transfer and access control. Key features include:

• Decentralized Custody: No single entity controls the private key.
• Conditional Signing: Signing is only permitted when predefined Lit Actions conditions are met.
• Interoperability: A single PKP can be used to sign for multiple blockchains and applications.

Lit Actions are immutable, serverless JavaScript functions that define the conditions under which a PKP can sign or decrypt data. They are executed trustlessly across the Lit network's nodes. Core characteristics:

• Deterministic Execution: All nodes run the same code to reach consensus on the result.
• Off-Chain Logic: Enables complex, real-time conditions (e.g., checking an API, verifying a state) without on-chain gas costs.
• Composability: Actions can call other Actions, enabling modular access control logic.

Lit Protocol uses Threshold Cryptography (specifically Threshold Signature Schemes - TSS) to distribute the control of a private key across its validator network. This means:

• Key Fragments: The private key for a PKP is split into shares held by network nodes.
• M-of-N Signing: A threshold (e.g., 2/3) of nodes must collaborate to produce a valid signature, preventing any single node from acting maliciously.
• Enhanced Security: Eliminates single points of failure and provides Byzantine fault tolerance for key management.

Beyond signing, Lit Protocol provides Conditional Decryption, allowing data to be encrypted such that it can only be decrypted when specific conditions are met. This enables:

• Secure Data Sharing: Encrypt data for a specific user or under specific states (e.g., after payment).
• Cross-Chain Secrets: Store encrypted secrets (like API keys) that are released based on on-chain events.
• Symmetric & Asymmetric Crypto: Supports both AES encryption and standard asymmetric (public/private key) encryption workflows.

Lit Protocol is a foundational primitive for Decentralized Access Control, moving logic away from centralized servers. Use cases include:

• Token-Gated Content: Grant access to websites, files, or features based on NFT ownership.
• Decentralized Identity (DID): Use PKPs as decentralized identifiers that can sign Verifiable Credentials.
• Cross-Chain Authentication: A single cryptographic session can authenticate a user across multiple dApps on different chains.

The Lit Network is a decentralized network of validator nodes that collectively manage PKPs and execute Lit Actions. Its architecture ensures security and liveness:

• Consensus Layer: Built on Cosmos SDK and Tendermint for high-speed Byzantine Fault Tolerant consensus.
• Staking & Slashing: Validators stake LIT tokens and can be slashed for misbehavior.
• Execution Layer: Each node runs a Lit Node client that holds key shares and executes the JavaScript runtime for Lit Actions.