ZK / Privacy·EVM · Solana · Bitcoin · Cosmos
Lit Protocol
Decentralized key management network for programmable signing and encryption. Programmable Key Pairs (PKPs) are threshold-MPC keys controlled by Lit Actions — JS programs that decide when to sign or decrypt. Use it for cross-chain signing, conditional access control, agent wallets, and identity-based encryption.
- 01programmable signing (PKPs)
- 02conditional access / token gating
- 03decentralized agent wallets
- 04cross-chain signing without bridges
- 05encryption with on-chain conditions
- pnpm add @lit-protocol/lit-node-client @lit-protocol/auth-helpers @lit-protocol/constants
| Variable | Scope | Description |
|---|---|---|
| NEXT_PUBLIC_LIT_NETWORK | Client | Lit network to connect to — typically `naga` (V1 mainnet) or `naga-dev` for dev. |
| LIT_RELAYER_API_KEY | Server | Optional API key for Lit's relayer service (PKP minting, social auth helpers). |
Use Lit Protocol for programmable signing and encryption. Instantiate `new LitNodeClient({ litNetwork: NEXT_PUBLIC_LIT_NETWORK })` and call `.connect()`. Encrypt data with `encryptString({ accessControlConditions, dataToEncrypt }, litNodeClient)` and decrypt with `decryptToString` — Lit nodes only release the key if the on-chain conditions pass. For signing, mint a Programmable Key Pair (PKP), then call `litNodeClient.executeJs({ code: litActionCode, sessionSigs, jsParams })` where the Lit Action invokes `Lit.Actions.signEcdsa` or `signAndCombineEcdsa`. Always pass `sessionSigs` from `getSessionSigs(...)` rather than long-lived auth sigs.
- ⚑Lit V0 (Datil) was deprecated in early 2026 — V1 (Naga) is the current production network. Confirm you're on `litNetwork: 'naga'` (or current mainnet alias) and not a stale tutorial pointing at Datil.
- ⚑Lit is a live decentralized network of node operators — node downtime or DKG churn can affect signing latency. Build retry/backoff and a degraded-mode fallback.
- ⚑Lit Actions run inside the Lit nodes' constrained JS runtime — no arbitrary npm packages, limited fetch (allowlisted), and per-execution gas/time limits. Keep Lit Actions small and pure.
- ⚑Access control conditions are evaluated by Lit nodes against RPC endpoints — flaky or rate-limited RPCs cause condition checks to fail. Use reliable RPCs and add condition redundancy where possible.
- ⚑PKP ownership lives on-chain (Lit's chain) as an NFT — losing the PKP NFT means losing the key. Treat PKP custody as carefully as any private key; consider auth methods + permitted actions for recovery.
- ⚑Cross-chain signing via PKPs is non-custodial threshold MPC, but throughput is bounded by the network — not suitable for high-frequency hot-path signing without batching.