Introduction to Decentralized Access Control

Introduction to decentralized access control, powered by Lit Protocol.

Introduction to Decentralized Access Control
image generated using dall-e.

Lit Protocol provides Decentralized Access Control but what does that actually mean?  With Lit Protocol, you can set on-chain conditions like "user must hold an NFT" and then the network will provision signatures and decryption keys for users that meet those conditions.  If you're building a web3 application, Lit Protocol handles key management and provisioning for you.

On-chain conditions and credentials are things like:

  • User is a member of a DAO
  • User holds an NFT in a collection
  • User holds at least 0.1 ETH
  • The result of any smart contract function call
  • User owns a specific wallet address
  • Using boolean operations (AND + OR) for any of the above

But how?  The Lit Protocol is powered by a bunch of machines known as nodes.  These nodes perform a process called Distributed Key Generation that creates a public/private keypair, but nobody knows the full private key.  Instead, each node only has a private key share.  With this key share, nodes can do everything that they would with a normal private key, like sign and decrypt.  The difference is that the user must collect these decryption or signature shares from the nodes to create the final decryption key or signature.  This is known as Threshold Cryptography.

Below, you can see this visualized with the blockchain on the left, the Lit Protocol nodes in the middle, and the user who wants to access some resource on the right.

When a user wants to access something that has been protected with Lit Protocol, they sign a message with their wallet to prove they own the wallet.  They upload the signature, and information about the thing they want to access to all the nodes.  Each node checks the wallet signature, then checks with the blockchain to make sure that the wallet meets the condition that was originally set by the person who protected the resource with Lit Protocol.

If the user meets the condition, then each node uses its private key share to either decrypt or sign, which produces a decryption share or a signature share.  The user collects these shares and is able to create either a decryption key or a network signature.

What can you do with Lit Protocol?

As shown in the image above, the user can be provisioned either a decryption key or JWT (aka network signature) when they meet the on-chain conditions. These two outputs are useful for different kind of use cases, some of which are mentioned below:


The decentralized web is open and public by default and design. In order to add permissions and privacy to the decentralized web, encryption is required. With the encryption service provided by Lit Protocol, you can store permissions (aka encrypted) resources on public networks that can only be decrypted based on selected on-chain conditions. In the developer docs, this use-case is called "Static Content". Here are some examples of resources that can be encrypted and decrypted with decentralized access control:

  • Media files (images, videos, pdfs, etc)
  • Self-contained lockable HTML NFTs
  • dWeb document encryption (Ceramic, etc)
  • Private user data that is NOT custodied by a 3rd party
  • Build the puzzle from Ready Player One

JWT (Network Signature)

For applications that want to use a web3 credential (e.g. does someone hold an NFT) and want to use this credentials to provision access resource that's stored on a server, applications can leverage the JWT that is provisioned to the user to grant access to the following, and more:

  • Dynamic content loaded from a server
  • Web2 experiences (e.g. a gated Google doc, Zoom meetings, Shopify discounts)
  • Paid access to a web2 API
  • User permissions within an application
  • Content that receives frequent updates (i.e. a webpage with real-time price analysis)

Features of Lit Protocol

Once you take a look at the Lit Protocol SDK, you'll see the following features are available for building the next great web3 system or application:

  • Provision an encryption key or JWT
  • Boolean logic ("and" / "or" conditions)
  • Updatable or permanent conditions
  • Multi-chain support
  • Use your preferred storage solution including Ceramic, Tableland, IPFS/Filecoin, Arweave, Sia, Storj, or centralized storage

Developers, get started via the SDK

This is all possible via the Lit Protocol JS SDK, which is documented here:

The SDK works in the browser and on the backend and is designed to be very easy to use, and feedback is alway appreciated!

Want to learn more or get in touch?

Join our Discord here or get in touch.