Programmable Key Pairs (PKPs) with Lit Protocol: A Comprehensive Guide To Unlocking New Possibilities in Decentralized Key Management

9 min readJul 17, 2023

Introduction

In the world of decentralized applications (dApps) and blockchain technology, secure key management is a critical aspect of maintaining the integrity and privacy of user data.

Programmable Key Pairs (PKPs) offered by Lit Protocol are a powerful tool that revolutionizes key management, enabling developers to build secure and customizable wallets and integrate programmable signing capabilities into their applications.

The importance of robust key management cannot be overstated, especially in the context of blockchain applications and decentralized systems. Traditional key management approaches often rely on centralized entities or single private keys, introducing vulnerabilities and limiting flexibility. In contrast, PKPs leverage the capabilities of the Lit Protocol to provide a more secure and customizable solution.

One of the key advantages of PKPs is their programmability. By utilizing Lit Actions, developers can define specific logic and conditions for key signing, enabling fine-grained control over cryptographic operations. This programmability allows PKPs to adapt to various use cases and specific business requirements, providing a high level of flexibility and customization.

PKPs offer enhanced security compared to traditional key management approaches. With PKPs, private keys are distributed across multiple entities within the Lit Network, reducing the risk of a single point of failure or compromise. The decentralized nature of PKPs adds an extra layer of protection to cryptographic operations, making them more resistant to attacks.

PKPs also simplify the integration of advanced authentication methods such as social login, WebAuthn, and email/SMS verification. These authentication mechanisms can be seamlessly integrated with PKPs, enhancing the user experience and ensuring secure access to applications and services.

In this educational guide, we will delve deeper into the functionality and benefits of Programmable Key Pairs (PKPs) using Lit Protocol. We will explore their working principles, examine various use cases where PKPs can be employed, and provide a quick start section to assist developers in implementing PKPs within their own applications.

By the end of this guide, you will have a solid understanding of PKPs and be well-equipped to leverage their power for secure and customizable key management.

How PKPs Work

PKPs, or Programmable Key Pairs, provide a unique approach to key management by combining the power of cryptographic key pairs with the distributed architecture of the Lit Protocol. Understanding how PKPs work involves grasping the concept of PKPs, their components, and how they leverage the Lit Protocol for secure and distributed key management.

At its core, a PKP consists of a public-private key pair, much like traditional cryptographic key pairs. However, what sets PKPs apart is their programmability and the ability to define custom signing logic. This programmability is made possible through the use of Lit Actions, which allow developers to specify conditions and logic for key signing.

The Lit Protocol forms the underlying infrastructure for PKPs. It operates in a decentralized network of nodes, ensuring the security and integrity of key management operations. The Lit Protocol distributes the private key components of a PKP across multiple nodes within the network. This distribution ensures that no single entity or node has complete access to the private key, significantly reducing the risk of key compromise or unauthorized use.

Lit Actions play a crucial role in defining the programmable signing logic for PKPs. They are essentially code snippets or scripts that contain the conditions and instructions for key signing. Developers can define rules and requirements that must be met before a PKP can be used for signing operations. This programmability enables developers to implement custom business logic, enforce security measures, and add additional layers of verification.

When a signing operation is triggered, the Lit Protocol orchestrates the interaction between the PKP and the Lit Actions defined for that particular PKP. The distributed nodes within the network collaborate to execute the defined logic and validate the conditions set by the Lit Actions. This distributed approach ensures the integrity and security of the signing process, as multiple nodes validate the request and prevent any single point of failure.

By leveraging Lit Actions and the distributed architecture of the Lit Protocol, PKPs provide developers with a powerful tool for secure and customizable key management. The combination of programmable signing logic and distributed key storage enables developers to build applications with enhanced security, flexibility, and adaptability.

In the following sections, we will explore various use cases where PKPs excel, diving deeper into the benefits and practical applications of this innovative approach to key management.

Use Cases for PKPs:

a. Social Login Integration:

PKPs can be utilized for social login authentication, providing a secure and customizable approach to user authentication with platforms like Google and Discord OAuth. With PKPs, developers can enhance the security of social logins while maintaining control over the authentication process.

Integrating PKPs for social login authentication involves the following steps:

Configuring PKP for Social Login: Generate a PKP and associate it with the user’s social login account, such as Google or Discord. This ensures that the PKP is linked to the user’s identity.
OAuth Integration: Implement the OAuth flow for the desired platform (e.g., Google or Discord) to obtain the necessary access tokens and user information.
PKP Authentication: Use the Lit Protocol and Lit Actions to define the signing logic for PKPs. Specify the conditions under which a PKP can be used for authentication, such as validating the OAuth access token.
Verification Process: When a user attempts to log in using social login, verify the OAuth access token, validate the PKP, and execute the defined Lit Actions to confirm the authenticity of the login request.

By following this process and leveraging the power of PKPs and the Lit Protocol, developers can implement a secure and customizable social login integration.

b. WebAuthn Integration:

WebAuthn offers a passwordless authentication mechanism with significant advantages over traditional password-based approaches. By integrating PKPs with WebAuthn, developers can enhance the security and user experience of authentication.

The steps involved in WebAuthn integration with PKPs are as follows:

PKP Registration: Generate a PKP and associate it with the user’s WebAuthn credential. This registration process establishes the link between the PKP and the user’s authentication device.
Authenticating WebAuthn Credentials: When the user attempts to authenticate, prompt them to perform the necessary WebAuthn authentication actions using their registered device. This can include biometric verification, such as fingerprint or facial recognition.
Generating Session Signatures: Utilize the Lit Protocol and Lit Actions to define the signing logic for PKPs during the WebAuthn authentication process. This enables developers to enforce additional security measures and implement custom verification steps.
Session Verification: Validate the generated session signature using the defined Lit Actions, ensuring the authenticity and integrity of the authentication request.

By combining PKPs with WebAuthn, developers can implement a robust and passwordless authentication system that enhances security and user experience.

c. Email/SMS Authentication:

PKPs can also be utilized for email/SMS authentication, providing a secure and reliable method for user registration and verification. The following steps outline the process of implementing email/SMS authentication with PKPs:

User Registration: When a user registers, generate a PKP and associate it with their account. Additionally, collect their email or phone number for verification purposes.
OTP Code Delivery: Send a one-time password (OTP) code to the user’s registered email or phone number. This code serves as the authentication facto
PKP Authentication: Utilize the Lit Protocol and Lit Actions to define the signing logic for PKPs during the email/SMS authentication process. This enables developers to add custom verification steps and enforce security measures.
OTP Code Verification: Prompt the user to enter the received OTP code. Validate the code against the one associated with the PKP using the defined Lit Actions.

By implementing email/SMS authentication with PKPs, developers can establish a secure and user-friendly registration and verification process.

d. Connecting PKPs to dApps:

PKPs can seamlessly connect with decentralized applications (dApps), providing a secure and user-centric approach to accessing blockchain-based services. By integrating PKPs with WalletConnect V2, developers can enable users to interact with dApps using their PKPs.

The process of connecting PKPs to dApps involves the following steps:

Setting up PKPClient: Initialize PKPClient, a library that facilitates the interaction between PKPs and dApps. PKPClient handles session proposals and requests.
PKPWalletConnect Integration: Connect PKPs to WalletConnect V2, which acts as the intermediary between PKPs and dApps. This integration ensures secure and encrypted communication.
Handling Session Proposals and Requests: Implement the necessary code to handle session proposals and requests initiated by dApps. This includes requesting user approval for connecting the PKP with the dApp.

By following this process, developers can enable users to seamlessly connect their PKPs with dApps, expanding the usability and security of blockchain-based services.

In conclusion, PKPs (Private Key Providers) offer a secure and flexible approach to key management when using Lit Protocol. By leveraging PKPs, developers can enhance the security and reliability of their applications while maintaining control over key access and usage.

Here’s a recap of the benefits and potential use cases for PKPs with Lit Protocol:

Benefits of PKPs with Lit Protocol:

Enhanced Security: PKPs keep private keys secure and separate from the application layer, reducing the risk of exposure to potential attacks.
Granular Access Control: With PKPs, developers can define and enforce fine-grained access control policies for key usage, ensuring that only authorized entities can perform specific operations.
Seamless Integration: PKPs, such as PKPEthersWallet, integrate seamlessly with Lit Protocol, making it easier for developers to adopt and leverage the capabilities of Lit Protocol without significant modifications to their existing codebase.
Improved User Experience: By abstracting away the complexities of key management, PKPs simplify the user experience and reduce the friction associated with traditional key management approaches.
Flexibility and Scalability: PKPs enable developers to easily scale their applications and manage a large number of keys without compromising security or performance.

Potential Use Cases for PKPs with Lit Protocol:

Secure Data Encryption: PKPs can be used to encrypt sensitive data and manage access control conditions, ensuring that only authorized parties can decrypt and access the encrypted data.
Permissioned Token Generation: PKPs allow for the generation of permissioned tokens or signed tokens, enabling secure and controlled access to specific resources or functionalities within an application.
Digital Asset Management: PKPs can be used to manage the keys associated with digital assets, ensuring secure ownership and transfer of assets on the Lit Protocol.
Identity and Access Management: PKPs enable developers to implement robust identity and access management solutions, controlling access to resources based on predefined conditions and policies.

Check out more use cases here

Here’s a quick start guide to getting started with Lit Protocol and PKPs

Step 1: Install Dependencies

To use PKPs with Lit Protocol, you’ll need to install the necessary dependencies. The main dependency is the Lit Protocol SDK, which provides the tools and functionality for interacting with the Lit Protocol. You can install it using npm or yarn:

npm install @lit-protocol/lit-node-client

Step 2: Initialize PKPEthersWallet

Once you have the dependencies installed, you can initialize PKPEthersWallet, which is a PKP implementation using ethers.js. PKPEthersWallet allows you to interact with the Lit Protocol using an Ethereum wallet.

Here’s an example code snippet for initializing PKPEthersWallet:

import { PKPEthersWallet } from '@lit-protocol/pkps';

// Initialize PKPEthersWallet
const wallet = new PKPEthersWallet({
  chain: 'ethereum',
  providerUrl: 'https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID',
  privateKey: 'YOUR_PRIVATE_KEY',
});

Make sure to replace 'YOUR_INFURA_PROJECT_ID' with your actual Infura project ID, and 'YOUR_PRIVATE_KEY' with your private key.

Step 3: Perform Common Operations

Once you have initialized PKPEthersWallet, you can use it to perform common operations with Lit Protocol, such as saving a signing condition, getting a signed token, or encrypting data.

Here are some example code snippets for common operations:

Saving a Signing Condition:

const unifiedAccessControlConditions = [
  {
    conditionType: 'evmBasic',
    contractAddress: '',
    standardContractType: '',
    chain: 'ethereum',
    method: 'eth_getBalance',
    parameters: [':userAddress', 'latest'],
    returnValueTest: {
      comparator: '>=',
      value: '10000000000000',
    },
  },
];

// Save a signing condition
await wallet.saveSigningCondition({
  unifiedAccessControlConditions,
  resourceId: 'YOUR_RESOURCE_ID',
});

Getting a Signed Token:

const unifiedAccessControlConditions = [
  {
    conditionType: 'evmBasic',
    contractAddress: '',
    standardContractType: '',
    chain: 'ethereum',
    method: 'eth_getBalance',
    parameters: [':userAddress', 'latest'],
    returnValueTest: {
      comparator: '>=',
      value: '10000000000000',
    },
  },
];

// Get a signed token
const signedToken = await wallet.getSignedToken({
  unifiedAccessControlConditions,
  resourceId: 'YOUR_RESOURCE_ID',
});

Encrypting Data:

const unifiedAccessControlConditions = [
  {
    conditionType: 'evmBasic',
    contractAddress: '',
    standardContractType: '',
    chain: 'ethereum',
    method: 'eth_getBalance',
    parameters: [':userAddress', 'latest'],
    returnValueTest: {
      comparator: '>=',
      value: '10000000000000',
    },
  },
];

const message = 'This is a secret message';

// Encrypt data
const encryptedData = await wallet.encryptData({
  unifiedAccessControlConditions,
  data: message,
});

These are just a few examples of what you can do with PKPEthersWallet and Lit Protocol. You can explore the SDK documentation for more information on available methods and functionalities.

Remember to handle errors and exceptions appropriately in your code and ensure that you have the necessary permissions and authorizations for the operations you perform.

That’s it! You now have a basic understanding of how to get started with Lit Protocol and PKPs using PKPEthersWallet so feel free to explore more features and functionalities of Lit Protocol and customize your integration as needed.

As a developer, exploring and leveraging PKPs with Lit Protocol can significantly enhance the security and reliability of your applications.

By adopting PKPs, you can simplify key management, strengthen access controls, and ensure the confidentiality and integrity of your data and assets.

We encourage you to dive deeper into PKPs and the capabilities offered by Lit Protocol to unlock the full potential of secure key management in your applications.

Remember to follow best practices for key security, including storing private keys in secure environments and protecting them with appropriate access controls while ensuring the confidentiality and integrity of sensitive data.

Happy coding and building with PKPs and Lit Protocol!