Blox Staking – Non-Custodial Staking Overview
In this technology overview, we zoom in to discuss the tech that powers Blox Staking – non-custodial Eth2 staking platform. To get started, let’s look at one of the main challenges with Eth2 validators.
Every Eth2 validator setup has the following basic architecture:
Eth1 and Eth2 (the Beacon Chain) are the infrastructure layer of any setup. A user can choose which versions of nodes to run but they all function in the same fashion (according to Eth1 and Eth2 specs). Another property of the infrastructure layer is that it doesn’t hold any sensitive information.
Eth2 validators are unique in that they require the user’s validator keys to be online at all times, to sign transactions when called upon. This has resulted in challenges around security and privacy, as most dapps still don’t require user keys in order to be online.
The validator itself is a piece of software which has the responsibility of executing duties for a set of public-keys that represent active validators, as defined in the Beacon Chain. To be clear, validator software is actually a validator and a validator wallet. The wallet’s job is to securely store sensitive data, like private keys and slashing protection data. The last item, slashing protection, is a unique construction exclusive to Eth2 and is essential for security purposes.
Hashicorp Vault + Blox Plugin
Blox Staking has implemented a unique approach to keeping the wallet (and it’s internal data) safe by using Hashicorp’s open-source vault platform. A leader in robust key management, Hashicorp employs an always on-disk encryption policy which means that sensitive data is never available in plain-text. On-disk encryption, coupled with advance policy, authentication and years of production deployments, are what makes Vault an ideal solution for an Eth2 validator wallet.
Blox developed a dedicated Vault plugin that supports BLS12-381 (the keys used in Eth2) and built-in slashing protection as an open project, available here.
Blox Plugin for Eth2 SigningBlox Plugin
To keep true with our custody-free (non-custodial) philosophy, Vault (and the Blox plugin) is installed on the user’s own cloud account, solely accessible by the user. Blox will never have independent access to user data.
During the installation process, Vault and the Blox plugin are both verified and installed on the user’s cloud account (after creating a dedicated machine), network configurations are set and specific admin credentials are created for the user.
For Blox to enable Vault to sign duties for the user’s validators, the installation process creates restricted permissions for Blox. Those are completely controlled by the user.
The installation itself and admin management of Vault are managed by Blox Live (see below).
Behind the scenes, Blox’s Vault plugin is an open-source project developed by Blox for all common functionalities needed by an Eth2 validator (key management, slashing protection, validator signer and more). Our code is written in Golang.
The philosophy behind KeyVault is abstraction, well tested and developer oriented. KeyVault is built with abstraction so that it’s easily extendable by any developer, it is focused on core functionality which is not implementation (or use) specific. KeyVault has tested well per the latest eth2.0 spec.
KeyVault is aimed for developers, to provide usability and essential documentation.
Blox Live Desktop App for Non-Custodial StakingBlox Live
Blox Live is an open-source desktop app that bundles together all of the functionality for securely managing Vault, backups, imports and other Blox account functionalities. Live maintains direct connectivity with Blox and the user’s defined cloud service, on which Vault is installed.
All sensitive operations will be carried out through Blox Live, and Blox never requests access to your private keys, seed, mnemonic phrase or any other sensitive information.
As mentioned above, except for the validator wallet, all other components of an Eth2 validator setup are non-sensitive.
For years, Blox has built robust and reliable infrastructure for many blockchains and now we continue our journey with Eth2. Users no longer need to worry about running Eth1 or 2 nodes, which can be expensive and resource intensive (especially with redundancy for a production environment). The KeyVault wallet connects to Blox infrastructure automatically, leveraging all of its operations.
In the background, Blox runs a cluster of nodes (both Eth1 and Eth2) with continuous health checks to make sure they are consistent and have 99.99% uptime.
Written By: Alon Muroch
CEO & Co-Founder of Blox and Blox Staking