Using Lit Actions for Access Control

Learn how to use Lit Actions to extend the functionality of your access control conditions.

Using Lit Actions for Access Control
image generated using dall-e.

Introduction

Lit Protocol offers generalizable key management infrastructure that provides developers with two main services: access control via threshold encryption, and programmatic signing supported by Lit’s PKPs and Lit Actions feature. We are excited to announce additional composability between these two services as we introduce Lit Action Access Control Conditions, known as Lit Action Conditions in the docs. This feature will serve to offer additional use cases for decentralized access control, enabling developers to use off-chain data in their ACCs. Continue reading to learn how this feature works, and how devs can easily implement it within their existing product offerings to add additional functionality.

Overview of Decentralized Access Control

Lit powers decentralized access control, allowing users to set on-chain conditions (such as “must hold an NFT from X collection…”) as gates for protecting encrypted content.

Alice starts by generating a symmetric key and encrypting some content with it. This key is generated in shares that get distributed across the Lit network. Alice sets rules (referred to as Access Control Conditions) dictating the parameters under which the Lit network should provision the symmetric key. When Bob attempts to access the content encrypted by Alice, the network will first check that he meets the required conditions by prompting him to sign a message with his wallet. Once Lit verifies that the conditions are met, the decryption key is provisioned to Bob and he is able to unlock the content.

A Primer on Lit Actions and Programmable Key Pairs

As a distributed key management network, Lit provides developers with the ability to add programmable signing to their applications and wallets. These distributed wallets are known as Programmable Key Pairs (PKPs) and the application logic that dictates when and why that key-pair will sign is known as a Lit Action.

More specifically, Lit Actions are immutable JavaScript programs that run across the network to sign data via a PKP. In this way they can be thought of as the permissionless rules that govern each PKP’s signing automation. Actions are blockchain agnostic, giving them the inherent capacity to communicate data across blockchains and facilitate interoperability between previously disconnected ecosystems.

They can also use off-chain data sources in their computation by making arbitrary HTTP requests. For example, calling an off-chain price feed (without requiring a third-party oracle) for conditional signing use cases.

A toy example would be a Lit Action and corresponding PKP that checks if a number is prime, and only signs it if it is prime. Think of it as a sort of “prime number” certification service. Since the Lit Action is immutable, and since you can permanently assign a PKP to a Lit Action, there is a provable chain of trust. This means you could present the signature and a number to someone, and they could simply check the signature against the public key of the PKP to see if the number is actually prime, instead of having to do all the math to ensure that the number is actually prime. The signature acts as a proof that the number is prime.

Using Lit Actions for Access Control

The newest addition to the Lit network gives developers the ability to use Lit Actions to create custom access control conditions where decryption rights may be granted upon a Lit Action returning the boolean value ‘True’.

📌
NOTE: Serrano Testnet Only

This feature currently only works on the Serrano Testnet. You must make sure you install the Serrano version of the Lit Protocol SDK, and connect to the Serrano Testnet. This is because the Jalapeno Mainnet does not have Lit Action support yet.

Below, we will explore an example Lit Action Condition that pulls in data from the National Weather Service using their public API. This condition will only return ‘True’ if the temperature is forecasted to be 40 degrees.

Lit Action code:

const go = async (maxTemp) => {
  const url = "<https://api.weather.gov/gridpoints/LWX/97,71/forecast>";
  try {
    const response = await fetch(url).then((res) => res.json());
    const nearestForecast = response.properties.periods[0];
    const temp = nearestForecast.temperature;
    return temp < parseInt(maxTemp);
  } catch (e) {
    console.log(e);
  }
  return false;
};

The Lit Action code is used to define the specific data source being used and the parameters that should be checked for. This code will be saved to IPFS and used as an input in your access control condition, defined below:

Access Control code:

var accessControlConditions = [
  {
    contractAddress: "ipfs://QmcgbVu2sJSPpTeFhBd174FnmYmoVYvUFJeDkS7eYtwoFY",
    standardContractType: "LitAction",
    chain: "ethereum",
    method: "go",
    parameters: ["40"],
    returnValueTest: {
      comparator: "=",
      value: "true",
    },
  },
];

The code above checks the Lit Action that we stored on IPFS at the CID "QmcgbVu2sJSPpTeFhBd174FnmYmoVYvUFJeDkS7eYtwoFY” and runs the go() function. The parameter ‘40’ is used with the comparator ‘=’. This means that the value ‘true’ will only be returned if the response received from the Lit Action is equal to 40 degrees.

The input for the contractAddress field is a string, the address of the contract that will be queried. For the Lit Action code stored on IPFS, this will follow the format: ipfs://{IFPS_HASH}

*Note that all parameters must be strings. You can use the parseInt() function to convert the string to a number to check it against the forecast temperature.

The full working example can be found here.

Conclusion

In this guide, we introduced using Lit Actions as an input for your Access Control Conditions. This opens up a ton of new use cases and additional functionality for Lit’s decentralized access control offering, including the ability to use off-chain data in your ACCs. You can get started with Lit Actions Conditions in our developer docs.

We are excited to see what gets built with this new feature. If you’d like to contribute to the Lit community, check out our Request for Ecosystem Proposals and Grants program. You can also learn more about becoming a Lit Ambassador here.

For developer support (or if you just want to say hey!) join our community on Discord.

Resources

💻 Developer Documentation: https://developer.litprotocol.com/

👾 Discord: https://litgateway.com/discord

🧑‍💻 GitHub: https://github.com/LIT-Protocol

🕊 Twitter: https://twitter.com/LitProtocol

🖥 Website: https://litprotocol.com/