SafeStake is a decentralized validation framework for performing ETH2 duties and its backend is designed on top of Lighthouse (ETH2 consensus client) and Hotstuff (a BFT consensus library).
Below is the architecture of SafeStake.
The SafeStake eco-system consists of several important stakeholders: SafeStake Service Provider, Validator, Operator.
In ETH2, anyone can deposit 32 ETH to become a validator, in order to support ETH2's Proof of Stake consensus protocol. A validator is responsible for performing assigned duties and will get rewards if its work is submitted and acknowledged in time. Fail to actively participate in the duties result in penalties (gradually deduction of the initial 32 ETH balance). You can continue to the following links to learn how to become a validator for different nets:
Based on the above introduction, it is critical that a validator should guarantee its availability online for timely responses to assigned duties. Moreover, security is another critical concern: inconsistent, dishonest, or malicious behavior will result in a more serious penalty, called slashing (more on slashing). Therefore, there are two important requirements for maintaining a validator:
-
High Availability
-
Strong security (keep the validation key safe and avoid participating in slashable events)
This is exactly what SafeStake provides under the hood. It proposes a committee of operators (below) to collaborate in running the duties for a validator. Even if some operators are offline, others can still complete the tasks, which achieves high availability. Moreover, the private key is split among the operators, hence even if some of them are malicious or compromised, the private key is still safe and other honest operators can complete the tasks without being slashed, which achieves strong security.
Briefly speaking, an operator is a party who holds a share of a validator's private validation key and signs duties with this key share. SafeStake uses a
Before signing a duty, the committee of operators for a validator need to first agree on the duty to be signed. This requires a consensus protocol. Please be aware that this consensus is NOT the ETH2 Proof of Stake consensus. A BFT consensus protocol is enough for this purpose. SafeStake uses Hotstuff to achieve the duty agreement among the committee of operators.
SafeStake provides services to enable the above features and connects validators to operators. In the core of its system, SafeStake provides a web service where:
-
a user can register as an operator and join our operator pool
-
a user who is a valid validator (has deposited 32 ETH beforehand) can choose a set of
$n$ operators to run its duties.
These two points are detailed in the above architecture (i.e., user X is a validator, user Y is an operator).
In our eco-system, validators are delegating their tasks to operators and there is no need for deployment of validators. Therefore, we will discuss below two relevant deployment sections, one for SafeStake Service Provider, and one for Operator. Please only read the corresponding section for your deployment.
SafeStake service provider contains several components:
-
A web server and frontend
-
A nodejs backend (for necessary communication with operators)
-
A root node service (for peer discovery in a p2p network)
The duty agreement (using Hotstuff) among operators requires that these operators know IP of each other in a p2p network. Therefore, SafeSake provides a root node such that operators can consult and join the p2p network.
- Public Static Network IP
- Hardware(recommend)
- CPU: 4
- Memory: 8G
- Disk: 200GB
- OS
- Unix
- Software
- Docker
- Docker Compose
Port range | Protocol | Source |
---|---|---|
22 | TCP | 0.0.0.0/0 |
9000 | UDP | 0.0.0.0/0 |
Clone this repository:
git clone --recurse-submodules https://github.com/ParaState/SafeStakeOperator dvf
cd dvf
Install Docker and Docker Compose
Build root node:
sudo docker compose build -f docker-compose-boot.yml build
Run the following to start the root node service:
sudo docker compose build -f docker-compose-boot.yml up -d
Get root node enr
docker-compose -f docker-compose-boot.yml logs -f dvf_root_node | grep enr
output
dvf-dvf_root_node-1 | Base64 ENR: enr:-IS4QNa-kpJM1eWfueeEnY2iXlLAL0QY2gAWAhmsb4c8VmrSK9J7N5dfXS_DgSASCDrUTHMqMUlP4OXSYEVh-Z7zFHkBgmlkgnY0gmlwhAMBnbWJc2VjcDI1NmsxoQPKY0yuDUmstAHYpMa2_oxVtw0RW_QAdpzBQA8yWM0xOIN1ZHCCIy0
NOTE: SafeStake should maintain such ENR(s) of root node(s) on its website, so that users who are registering as operators can use them to start operator nodes.
https://github.com/ParaState/SafeStakeOperator
As of now, this project serves mainly proof-of-concepts, benchmarking and evaluation purpose and not for production use. Also implementation have not been fully-reviewed.