Blox is an open-source, fully non-custodial staking platform for Ethereum 2.0. The platform serves as an easy and accessible way to stake Ether and earn rewards on Eth2, while ensuring participants retain complete control over their private keys. Our goal at Blox is to simplify staking while ensuring Ethereum stays fair and decentralized.
Under the hood, the platform consists of three main components:
Blox facilitates participation in Eth2 by providing a streamlined way to set up and run a validator from a self-contained Desktop App, Blox Live. Validator keys are kept completely segregated and secured in KeyVault – a remote signer powered by Hashicorp Vault with a proprietary plugin for signing functionalities featuring built-in slashing protection. Blox Infra nodes ensure consistent connectivity to the blockchain and manage signing requests for each user’s personal KeyVault instance. This configuration empowers validators to optimize staking returns, minimize risks and keep complete control over their assets.
Blox was built for security-conscious crypto stakers. Many staking services claim to be non-custodial, yet maintain a certain level of custody over user private keys. Blox’s solution is entirely non-custodial, offering participants the chance to stake on Ethereum 2.0 with the utmost security.
Ethereum 2.0 (Eth2) or “Serenity” is the upcoming major upgrade to Ethereum. The release of the Beacon Chain in 2020 represents an advantageous point of entry for joining Ethereum as the blockchain adopts a Proof of Stake (PoS) consensus algorithm, increasing decentralization and accessibility for a broader audience of contributors.
Eth2 is essentially ‘evening the playing field’ for participation in Ethereum as the PoS protocol no longer relies upon mining for the proliferation of the blockchain. In Eth1, like many blockchains today, a Proof of Work (PoW) consensus algorithm requires miners to consistently expend hash power in order to compete against each other to sign blocks. The cost and difficulty of participating in PoW blockchains is therefore exceptionally high due to the need for expensive mining equipment, ever-increasing computing power, and high electrical energy wastage.
Another caveat of Eth1’s PoW mechanism is that at present, the blockchain can only process ±15 transactions per second. This is simply unsustainable long term and would inhibit the network from scaling appropriately.
Eth2 on the other hand is being developed with increasing decentralization and scalability in mind, paving the way for increased possibilities to participate in the network and larger volumes of transactions as the network grows. Rather than miners expending resources to compete to sign blocks, The Proof of Stake consensus algorithm randomly calls upon validators to take turns proposing and validating emerging blocks in order to grow the network and earn rewards. In later phases, ‘shard chains’ will be introduced whereby transactions on the Beacon Chain will be partitioned across multiple servers to further increase scalability.
As in Eth1 where miners are rewarded for their contributions to the network, validators are rewarded with ETH returns in Eth2. Unlike Eth1, validators have no need for expensive and energy-wasting mining equipment to grow the network. All that is required is the honest performance of duties assigned by the blockchain. Current estimates foresee 15-18% annual percentage yield for Eth2 validators during the first year of staking, and 8-10% the following year.
In order to become a validator and participate in Eth2, one must lock-up 32 ETH in the network. Following this commitment, one must ensure a stable and honest connection with the appropriate staking infrastructure. A validator must be consistently connected to the Eth2 Beacon Chain & Eth1.
In Eth2, validators are incentivized by a reward and penalty system imposed on the ETH that they have at stake. A validator is rewarded with ETH for correctly performing their assigned duties. This is a financial instrument that ensures annualized interest earnings for validators – assuming they are optimally performing their duties.
Validators are penalized by deductions of staked ETH for participating in behaviors that are not in the interests of the network. Such behaviors include time spent disconnected from the network and malicious or incorrect proposals and attestations. In the most severe cases, malicious behaviors are penalized by ‘slashing’ – a significant reduction in staked ETH or complete removal from the network.
A major concern for staking on Eth2 is ensuring optimal security of private keys while maintaining 100% connectivity to the network. As validators in Eth2 are expected to be active at all times, validator keys are effectively ‘hot keys’ that must always be available to perform validator duties.
A common method for storing Eth2 hot keys is encrypted directly on the validator. Storing private keys directly on a validator ties key management with validator signing processes; this connected logic could potentially harm the security of validator private keys.
The most secure way to store validator keys is by remote signing, whereby validator keys are stored on a server kept separate from a validator yet are made available at all times to sign incoming requests from the network.
Though becoming a validator in Eth2 is theoretically advantageous, barriers to entry are still present. Firstly, it is technically challenging to join the network and start staking. One must become familiar with the basic principles of using and sending ETH on Eth1 and it is recommended to have some coding knowledge as validator set up is complete using the command line.
Following set up, a validator must manage a stable, uninterrupted connection to the Eth1 legacy chain and the Beacon Chain, and ensure the security of their private keys while doing so. Consistent validator monitoring and remote signing management is required in order to maintain this connection. Time spent offline due to technical and maintenance errors translates to missed performance or ‘skipping blocks,’ leading to a reduction in ETH rewards.
In order to maximize returns and avoid potential risks, a validator must also verify that its duties are executed correctly. If a validator falsely proposes or attests, they will suffer slashing penalties and risk losing all of the ETH they have at stake.
Finally, managing a growing number of validators requires additional security and infrastructure considerations in order to orchestrate all of the above responsibilities effectively. Realistically, all of these technical considerations make Eth2 staking extremely difficult for non-technical individuals. In response, a growing number of staking platforms have been developed to simplify the process.
For those looking for a streamlined way to participate in Eth2, staking services are available. When considering an Eth2 staking service, it is important to understand how these services manage user private keys. Generally, the more centralized the service, the higher the security risks and penalties its users may face.
A major differentiator between staking services is level of custodianship; meaning, how a service stores user private keys. Most staking services are custodial or ‘centralized.’ Custodial staking services manage the entire ETH staking process on behalf of the user and have ‘custody’ over user private keys.
This level of third party involvement raises security breach concerns. Should a hacker gain access to the service, user assets kept in a centralized fashion may be compromised. Additionally, should the service inadvertently partake in a slashable event, its users face steep penalties given that slashing penalties grow exponentially the more validators are involved in an event. The larger the centralized service, the larger the potential penalties.
Alternatively, Non-Custodial staking services are available which are intended to provide streamlined Eth2 validator set-up and management services but allow the user to keep control of their private keys. To be truly non-custodial and secure is challenging technologically, and many services claiming to be non-custodial do in fact retain some level of custody….
From our perspective, in order to be truly non-custodial we had to develop a solution that not only segregates user private keys from Blox, but also ensures that user keys cannot be compromised in any way. The result of our development journey is an open-source Desktop app, Blox Live, which grants a user management access to an individualized remote signing environment in which validator keys are securely stored and signing requests are properly managed. A user can easily set up and monitor one or many validators using Blox Live.
Blox’s proprietary remote signer is called KeyVault. KeyVault is stored on a user’s cloud service account of choice and is based on Hashicorp Vault. Blox Infra nodes ensure optimal connectivity to the Beacon Chain and Eth1, and transmit duties from the blockchain to a user’s personal KeyVault instance. KeyVault features built in slashing protection to ensure that incoming requests are in fact valid, and will only sign if it is safe to do so.
The Blox Live Desktop App is the gateway to convenient non-custodial staking on Eth2. Admin actions are performed in Blox Live for validator set up and management. Blox Live is run locally, offering the highest level of security and is responsible for the following key features:
Blox Live bundles together all of the functionality for securely managing backups, key imports, creating and managing validators, and more. Live maintains direct connectivity with Blox Infra and the user’s cloud service, on which KeyVault remote signer is installed.
Taking inspiration from the industry gold standard for cold wallet management, a user’s seed is generated and encrypted locally using the Blox Live Desktop App. This allows for the secure generation of validator and withdrawal keys on Desktop. Validator and withdrawal keys are never stored on Desktop but can be generated at the user’s request using the seed.
Once generated, validator keys are transferred from the Desktop app to KeyVault remote signer using secure SSH communication. It is important to note that withdrawal and seed information is never transferred to KeyVault, only the validator keys intended to sign emerging blocks.
The installation of KeyVault Remote Signer takes place conveniently through Blox Live. The installation wizard walks the user through the creation of KeyVault, set up on the user’s cloud service provider of choice.
The troubleshooting functionality constantly monitors the status of a user’s KeyVault instance, automatically identifying any problems or maintenance needs and notifying the user to return to the App to perform management tasks. Once the user opts-in, Blox Live conveniently takes care of the technical details. Updates and resets are never completed automatically as it is imperative that a user maintain complete control over the management of their validator.
The Dashboard is a convenient way to track all the important information pertaining to a user’s validator (or validators). A user can monitor their Eth2 staking profitability with validator balance and APR. Technical performance parameters are also on display, including a history log of attestations, reported downtime, and technical errors that need to be addressed.
Blox KeyVault is a remote signing environment powered by Hashicorp Vault. Blox developed a dedicated Vault plugin that supports BLS12-381 Eth2 signing keys. Hashicorp Vault is a leader in secrets and sensitive data management, employing an always on-disk encryption policy ensuring that sensitive data is never available in plain-text.
To ensure that Blox is fully non-custodial, KeyVault is not held on Blox servers, it is kept completely segregated and installed on a user’s separated cloud account. This cloud server is solely accessible by the user. During the installation process, restricted permissions are created for Blox to transmit validator signing duties to KeyVault.
KeyVault has two separate sections of responsibility, that are kept completely independent from each other:
We separate data management and protection from signing functionality for optimum security. In the unlikely event that Blox is hacked, user validator keys will not be compromised as they are stored independently.
In order for KeyVault to start signing validator requests, validator keys generated in Blox Live must be securely transferred from Desktop to the user’s private cloud instance. This transfer leverages SSH communication and is only possible from the user’s Desktop app as it is the only entity that has such permissions. Similarly, SSH communication is employed for adding or removing additional validators. The management of requests are conveniently completed in Blox Live by the user, KeyVault is just informed to make changes as per user requests.
KeyVault is responsible for signing validator duties assigned by the blockchain. It is a remote signing environment with requests from the blockchain being sent from Blox Infra nodes using http requests and an access token mechanism. This architecture is the most secure method for managing signing requests; far more so than validator keys stored directly on a validator connected to the Beacon Chain, which is the current industry standard. Blox Infra securely transfers signing requests to KeyVault, KeyVault signs the requests if deemed appropriate, and sends them back to complete the block.
Arguably one of the most important features of KeyVault is the built-in slashing protection mechanism. To be truly non-custodial, it is not only imperative that Blox does not have access to user private keys, but also that using our platform cannot harm the user in any way.
KeyVault stores attestation history to ensure that incoming requests are in fact consistent with what is needed to complete the next block. The signing functionality has a gatekeeper analysis function that checks the history logs to ensure that what is being proposed is in fact correct and updated. This means that if a malicious signing request is transferred to KeyVault for signing, KeyVault will not sign it, and effectively avoid participating in a slashable event.
Validators on the Beacon Chain must be constantly connected to their nodes in order to perform assigned duties. Connection downtime therefore has the potential to negatively impact staking rewards. The validators that are capable of earning the most rewards are those that remain online 24/7.
Eth 2 uses the metric inclusion distance when calculating attestation rewards for validators. The inclusion distance of a slot is the difference between the slot in which an attestation is made and the lowest slot number of the block in which the attestation is included. Attestations should be included as soon as possible. A large inclusion distance will reduce the income of a validator significantly.
Backed by 3 years of experience running nodes for 15 different blockchains, Blox nodes are actively maintained by our team for relentless reliability. Blox Infra is a cluster of validators, Eth2 and Eth1 nodes that are constantly connected to Ethereum and ensuring constant connection to the KeyVault remote signers.
KeyVault is assigned duties directly from Blox Infra, but the ultimate decision to sign is decided upon by each user’s personal instance of KeyVault backed by slashing protection.
You have now been exposed to the fundamental principles surrounding Eth2 staking and Blox. As a quick recap, we built Blox with the following main objectives in mind:
Blox Beta will be available September 2020. We have been hard at work following each Eth2 testnet release and optimizing our product for the imminent release of the Beacon Chain in the months to come. For product updates, news, and more, check out the Blox Blog and join the conversation on Discord.
If you’re interested in learning more about our tech, check out the links below for some advanced reading:
Link to tech pillar page