Skip to main content

How Does Lit Protocol Work


Lit Protocol combines cutting-edge cryptography, sealed confidential hardware, and peer-to-peer networking to provide builders in web3 with the ability to use cryptographic keys and perform private compute jobs. With Lit, developers can:

  1. Securely generate and manage non-custodial keys to build user wallets and signers. This enables you to seamlessly onboard users into your application without relying on a centralized custodian or dealing with the complexities of key management.

  2. Perform data encryption and manage access to data with flexible access control rules and policies.

  3. Write and execute private and immutable functions for cross-chain messaging and transaction automation, enabling the development of protocols that have the ability to read and write data between blockchains.

  4. Create data oracles that have the ability to fetch off-chain data for use in on-chain dApps.

    • Example implementations: coming soon.
  5. Privacy-preserving and fully verifiable LLMs and AI agents.

    • Example implementations: coming soon.
  6. And more…

To learn more about possible ways you can use Lit and to view additional implementation examples, check out the use cases section or follow the links below:

Whitepaper. Open Source Node Code. Audit reports.

Below, we will dive into Lit's core architecture and how things work under the hood:

1. Lit Nodes

Each Lit Node is a sealed encrypted virtual machine running on an independently operated server. The fact that each node is “sealed” means that neither the operator of the Lit Node, nor any other party, can access the interior of the processor.

Each Lit node contains a JavaScript execution environment (Deno) and key shares. Each key share corresponds to a key pair that is "shared" among all participating operators, created using distributed key generation (DKG), covered in more depth below.

Threshold Keys and Distributed Key Generation

As introduced above, each Lit node collectively participates in a DKG to create new public/private key pairs where no one party ever holds the entire key. Instead, each node holds a key share which they use to sign and decrypt data with.

  • Network Consensus: All operations (signing or decryption) are performed in parallel and require participation from two-thirds of network nodes to be executed.
  • Key Distribution: No one node (or client) ever gains access to private keys in their entirety. Decryption and signing operations do not expose the underlying key.
  • Curve Flexibility: The protocol supports multiple cryptographic curves and signature schemes, with the ability to add new ones to enable interoperability with a wide variety of protocols and standards.

Sealed and Confidential Hardware

All Lit node operators run a bare metal install of AMD’s SEV-SNP, ensuring they never have access to any key shares directly, nor the computation processed inside of each node.

  • Trusted Execution Environment (TEE): SEV-SNP is an example of a TEE, which provides advanced hardware-level isolation for all network operations.
  • Code Immutability and Confidentiality: Deployed programs within the TEE are immutable and private, preventing unauthorized changes and maintaining consistent operational integrity.

JavaScript Execution Environment

The JavaScript execution environment that is present in each Lit node enables developers to write immutable programs called Lit Actions that govern signing and encryption operations.

2. The Lit Network

The Lit network is composed of a collection of Lit nodes. All nodes must stake tokens in order to participate in the “active” node operator set, providing crypto-economic security guarantees.

Currently, the Lit network is in Mainnet Beta and a test token is being used for staking. Current node operators include integration partners, project investors, and professional node operators. If you’re interested in becoming a node operator, please reach out.

Node Operators

The current node operators active on the Habanero Mainnet Beta include:

The Lit Protocol Token (LPX)

The Lit Protocol token, LPX, will be used by node operators to meet their staking requirement, as well as a reward token to pay node operators for their service. Developers using Lit will also use the token to pay for transacting on the network.


The LPX token is NOT live, and currently a test token (testLPX) is being used for staking and payment. The official LPX token will be released when the v1 network launches later this year. You can subscribe to updates here.

If you're a developer building on Lit, test tokens can be claimed from the verified faucet.

Learn More

Learn more about how Lit Protocol works by checking out the resources below:


Not finding the answer you're looking for? Share your feedback on these docs by creating an issue in our GitHub Issues and Reports repository or get support by visiting our Support page.