Update Obol DVT guide for DKG and Relayer setup#121
Open
ulieth wants to merge 3 commits into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
There are multiple sidecars. Each sidecar runs along the corresponding obol node. Maybe show this on picture. Now it looks like a single sidecar.
| ``` | ||
| You should see `node0/`, `node1/`, and `node2/` directories. | ||
| :::custom-warning[Protect Your Key Shares] | ||
| Backup the `.charon/cluster/` directory. Someone with access to these files could get the validators slashed. |
Contributor
There was a problem hiding this comment.
It reads like backup will protect me from leaking key shares. It will not. Backup is for another purpose.
I would separate this paragraph into 2: one for backups, another for leaking keys.
|
|
||
| :::custom-warning[Block Reward Recipient Address] | ||
| Replace `[ENTER YOUR BLOCK REWARD RECIPIENT ADDRESS HERE]` inside `docker-compose.yml` file with your Block reward recipient address. | ||
| The `docker-compose.yml` launches a full Obol/Charon distributed validator stack for Ethereum mainnet, consisting of Geth (execution client), Lighthouse (consensus client), mev-boost, Charon (relay + 3 nodes), and validator clients (3× Teku, one per Charon node: vc0/vc1/vc2). |
Contributor
There was a problem hiding this comment.
mev-boost
needs capitalizing
MEV-Boost
| The operators create the validator key shares together through a DKG ceremony, so the full key is never assembled on any machine. Follow Obol's [Create a DV with a group ↗](https://docs.obol.org/run-a-dv/start/create-a-dv-with-a-group) guide — it walks each operator through generating an ENR, building the `cluster-definition.json`, running the ceremony, and starting their node. | ||
|
|
||
| :::custom-warning[StakeWise addresses] | ||
| When creating the cluster definition, set the `--withdrawal-addresses` to your **Vault contract address** and the `--fee-recipient-addresses` to your **Block reward recipient**: |
Contributor
There was a problem hiding this comment.
Maybe repeat this warning in 'Create a DV Alone' section above
| Validators have a single public-private key pair (the validator key) for consensus participation (block proposals, attestations) and a withdrawal address that determines where staked funds are sent upon exit. Validator keys must stay online continuously, making them vulnerable to compromise. | ||
|
|
||
| DVT addresses this vulnerability by encrypting and splitting the validator key into shares distributed across multiple nodes. Stakers can keep the original key in cold storage while the network operates using these shares. A threshold number of shares (e.g., 3 out of 4) can collectively produce valid signatures, meaning one node can fail without disrupting validator operations. The system relies on distributed key generation, threshold signature schemes, and multiparty computation to ensure no single node ever possesses the complete key. | ||
| DVT addresses this vulnerability by distributing the validator key across multiple nodes as a group of BLS private keys that together operate as a threshold key for participating in proof-of-stake consensus. Each node signs with its own key share, producing a signature share. A threshold number of shares (e.g., 3 out of 4) can collectively produce valid signatures, so the validator keeps signing even if some nodes go offline. |
Contributor
There was a problem hiding this comment.
Problem stated above:
Validator keys must stay online continuously, making them vulnerable to compromise.
Solution in next paragraph:
so the validator keeps signing even if some nodes go offline.
Problem does not match to a solution. I think "vulnerable to compromise" should be replaced with "vulnerable to network issues" or smth like that.
| - For the exit signature, splits that full signature into a new set of shares — one per Oracle — and encrypts each with that Oracle's public key; the raw exit signature is never exposed. The deposit signature is kept whole. It then fills in the signatures on the pending validators, and the **encrypted Oracle shares** are available through the Relayer API. | ||
| 5. The Operator Service repeats the registration request each block, polling until the Relayer has reconstructed every validator's signatures and returned the **Validators Manager signature** that authorizes the registration. | ||
| 6. The Operator Service requests approval from the StakeWise Oracles, forwarding the validators and their encrypted Oracle shares. The Oracles validate the data and return a combined **approval** once enough of them vote. | ||
| 7. The Operator Service submits the registration to the Vault contract, providing both authorizations: the **Oracles' approval** and the **Validators Manager signature**. The Vault deposits the stake, and the validators join the Beacon Chain's activation queue. They become active once the queue clears, which depends on how many deposits the network is currently processing. |
Contributor
There was a problem hiding this comment.
once the queue clears
it seems queue never clears https://www.validatorqueue.com/
The right words could be: once deposit is processed, ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.