BY Jim McDonald ON Dec 19, 2019

Figure 1: Keys matter

When creating a staking deposit for Ethereum 2 two keys are used to generate the information in the deposit agreement: a validator key and a withdrawal key. This article discusses what these keys are, what they are used for, and the levels of protection that should be applied to each of them.

Ethereum 2 keys

Ethereum 2 keys are similar to Ethereum 1 keys in principle, in that they are generated using elliptic curve cryptography. However, to enable some advanced operations, in Ethereum 2 the parameters of the curve used to generate the keys is different. As a result, Ethereum 1 keys cannot be used in Ethereum 2. This means that until wallet software and hardware are updated to provide support for Ethereum 2 keys, users will need to be more aware of the keys they generate, how best to safeguard them, and the consequences if they are lost or stolen.

The validator key

The validator key is used to sign all on-chain operations that the validator carries out. These include proposing blocks and attesting to others’ blocks (hereafter just called “attesting” for brevity).

It is not possible to use the same validator key for different validators. If multiple deposits are made with the same validator key they will accrue to a single validator (but bear in mind that any balance over 32Ξ will be ignored; see this post for details).

Loss/theft of the validator key

If the validator key is lost the validator can no longer attest. Over time, the validator’s balance will reduce as the validator is punished for lack of participation in the consensus process. Eventually the validator’s balance will be reduced to 16Ξ, at which point it will be ejected from the validator pool. The remaining balance will become eligible for withdrawal after a delay of just over 1 day.

If the validation key is stolen the thief could carry out one of two malicious actions. The first would cause the validator to exit the validation pool through a process known as “voluntary exit”; a voluntary exit results in the validator ending its validation work and its entire balance being returned, becoming eligible for transfer.

The second, more extreme, action would cause a slashing condition. Describing the full technicalities of slashing is beyond the scope of this post, but if attesting is equivalent to voting then a slashing condition can be created by voting twice in the same election for different candidates. When the network detects this condition it will eject the validator from the validator pool through a process known as “forced exit”, and also apply a slashing penalty to the balance before returning it. The cost of the penalty is dependent on a number of network factors, but could be anything up to the entire balance.

The withdrawal key

The withdrawal key is used to sign any request made by a user to transfer funds from the validator once it has exited (either voluntarily or forced).

It is possible to use the same withdrawal key for multiple deposits. In general it is better to have a single withdrawal key, unless the keys are stored in separate locations or be otherwise dispersed.

Loss/theft of the withdrawal key

If the withdrawal key is lost there is no way to obtain access to the funds held by the validator. The funds can continue to be used by the validator, attesting and earning rewards, but without any way of retrieving the balance there is little point to do so beyond an altruistic desire to support the network.

If the withdrawal key is stolen the thief can transfer the validator’s balance, but only once the validator has exited. If the validator key is not under the thief’s control there is a possibility that a user could quickly exit the validator and subsequently transfer their funds before the thief can do so.

Protection and management of keys

The very different functions of the validator and withdrawal keys result in very different security recommendations.

Validator keys must be available for signing at all times, which limits their protection via the traditional means of taking them offline. Validators currently have their own key management systems, however over time it is expected that the development and use of remote signers and standardized wallets will allow the keys to be stored more securely, along with the possibility of using hardware wallets that never disclose private keys. Backups of validator keys should also be available for recovery in relatively short order, to counteract the fact that an offline validator will lose funds all the time it is not attesting.

Withdrawal keys should be stored in a secure location, preferably offline and if not then behind multiple layers of encryption. There is no immediate requirement for withdrawal keys to be available as they have no use until transfer operations are added to Ethereum 2. Multi-party security systems such as Shamir’s secret sharing can be used to provide additional security for the key(s) if required.

As new wallets and custody schemes become available for Ethereum 2 their usefulness for storing validator and withdrawal keys can be evaluated using the above information. Attestant will assess these as they become available, so watch out for updates in the new year.