Introduction
Blox Staking is an open-source, fully non-custodial platform for staking on Ethereum. The platform serves as an easy and accessible way to stake Ether and earn rewards, while ensuring participants retain complete control over their private keys. Blox Staking has been built is to simplify staking while ensuring Ethereum stays fair and decentralized.
Under the hood, the platform consists of three main components:
Blox Staking facilitates ETH staking by providing a streamlined way to set up and run a validator from a self-contained Desktop App, Blox Live. Validator keys are kept completely segregated and secured in KeyVault – a remote signer powered by Hashicorp Vault with a proprietary plugin for signing functionalities featuring built-in slashing protection. Blox Infra nodes ensure consistent connectivity to the blockchain and manage signing requests for each user’s personal KeyVault instance. This configuration empowers validators to optimize staking performance, minimize risks, and keep complete control over their assets.
Blox Staking was built for security-conscious crypto stakers. Many staking services claim to be non-custodial, yet maintain custody over one, or both private keys. Blox’s solution is entirely non-custodial, offering participants the chance to stake on Ethereum with the utmost privacy and security.
What is Ethereum 2.0
Ethereum 2.0 (Eth2) or “Serenity” are legacy terms for the Ethereum blockchain’s transition to a new consensus algorithm. The release of the Beacon Chain was the first step towards adopting a Proof of Stake (PoS) consensus algorithm, increasing network decentralization and accessibility for a broader audience of contributors.
The consensus upgrade is essentially ‘evening the playing field’ for participation in Ethereum as the PoS protocol no longer relies upon mining for the proliferation of the blockchain. On the Ethereum mainchain today, a Proof of Work (PoW) consensus algorithm requires miners to consistently expend hash power in order to compete against each other to sign blocks. The cost and difficulty of participating in PoW blockchains is therefore exceptionally high due to the need for expensive mining equipment, ever-increasing computing power, and high electrical energy wastage.
Another caveat of the existing PoW mechanism is that at present, the blockchain can only process ±15 transactions per second. This is simply unsustainable long term and would inhibit the network from scaling appropriately.
The Ethereum consensus upgrade on the other hand is being developed with full decentralization and scalability in mind, paving the way for increased possibilities to participate in the network and larger volumes of transactions as the network grows. Rather than miners expending resources to compete to sign blocks, The Proof of Stake consensus algorithm randomly calls upon validators to take turns proposing and validating emerging blocks in order to grow the network and earn rewards. In later phases, ‘shard chains’ will be introduced whereby transactions on the Beacon Chain will be partitioned across multiple blockchains to further increase scalability.
Why Stake on Ethereum
As in Ethereum mining where miners are rewarded for their contributions to the network, validators are rewarded with ETH on the Beacon Chain. Unlike miners, validators have no need for expensive and energy-wasting mining equipment to grow the network. All that is required is the honest performance of duties assigned by the blockchain. Current estimates foresee 15-18% annual percentage yield for validators during the first year of staking, and 8-10% the following year.
How to Stake on Ethereum
Validator Requirements
In order to become an Ethereum validator one must lock-up 32 ETH in the network. Following this commitment, one must ensure a stable and honest connection with the appropriate staking infrastructure. A validator must be consistently connected to the Beacon Chain & Eth1.
Rewards, Penalties & Slashing
Validators are incentivized by a reward and penalty system imposed on the ETH that they have at stake. A validator is rewarded with ETH for correctly performing their assigned duties. This is a financial instrument that ensures annualized earnings for validators – assuming they are optimally performing their duties.
Validators are penalized by deductions of staked ETH for participating in behaviors that are not in the interests of the network. Such behaviors include time spent disconnected from the network and malicious or incorrect proposals and attestations. In the most severe cases, malicious behaviors are penalized by ‘slashing’ – a significant reduction in staked ETH and complete removal from the network.
Securing Your Validator
A major concern for Ethereum staking is ensuring optimal security of private keys while maintaining 100% connectivity to the network. As validators are expected to be active at all times, validator keys are effectively ‘hot keys’ that must always be available to perform validator duties.
A common method for storing Ethereum hot keys is encrypted directly on the validator. Storing private keys directly on a validator ties key management with validator signing processes; this connected logic could potentially harm the security of validator private keys.
The most secure way to store validator keys is by remote signing, whereby validator keys are stored on a server kept separate from a validator yet are made available at all times to sign incoming requests from the network.
Ethereum Staking Barriers to Entry
Though becoming a validator is theoretically advantageous, barriers to entry are still present. Firstly, it is technically challenging to join the network and start staking. One must become familiar with the basic principles of using and sending ETH and it is recommended to have some coding knowledge as validator set up is complete using the command line.
Following set up, a validator must manage a stable, uninterrupted connection to the Eth1 legacy chain and the Beacon Chain, and ensure the security of their private keys while doing so. Consistent validator monitoring and remote signing management is required in order to maintain this connection. Time spent offline due to technical and maintenance errors translates to missed performance or ‘skipping blocks,’ leading to a reduction in ETH rewards.
In order to maximize performance and avoid potential risks, a validator must also verify that its duties are executed correctly. If a validator falsely proposes or attests, they will suffer slashing penalties and risk losing all of the ETH they have at stake.
Finally, managing a growing number of validators requires additional security and infrastructure considerations in order to orchestrate all of the above responsibilities effectively. Realistically, all of these technical considerations make ETH staking extremely difficult for non-technical individuals. In response, a growing number of staking platforms have been developed to simplify the process.
ETH Staking Services
For those looking for streamlined Ethereum staking, staking services are available. When considering an ETH staking service, it is important to understand how these services manage user private keys. Generally, the more centralized the service, the higher the security risks and penalties its users may face.
Custodial vs. Non-Custodial Staking Services
A major differentiator between staking services is level of custodianship; meaning, how a service stores user private keys. Most staking services are custodial or ‘centralized.’ Custodial staking services manage the entire ETH staking process on behalf of the user and have ‘custody’ over user private keys. Some centralized services only retain access to user validator keys (semi-custodial).
Custodial and semi-custodial staking raises security breach concerns should a hacker gain access to the service and access its user’s assets. Additionally, should the service inadvertently partake in a slashable event, its users face steep penalties given that slashing penalties grow exponentially the more validator keys are involved in an event. The larger the centralized service, the larger the potential penalties.
Alternatively, Non-Custodial staking solutions are available which are intended to provide streamlined validator set-up and management but allow the user to keep control of their private keys.
Blox’s Non-Custodial Staking Solution
From our perspective, in order to be truly non-custodial we had to develop a solution that not only segregates user private keys from Blox, but also ensures that user keys cannot be compromised in any way. The result is an open-source Desktop app, Blox Live, which grants a user management access to an individualized remote signer in which validator keys are securely stored and signing requests are managed. A user can easily set up and monitor one or many validators using Blox Live.
Blox’s proprietary remote signer is called KeyVault. KeyVault is stored on a user’s cloud service account of choice and is based on Hashicorp Vault. Blox Infra nodes ensure optimal connectivity to the Beacon Chain and Eth1, and transmit duties from the blockchain to a user’s personal KeyVault instance. KeyVault features built in slashing protection to ensure that incoming requests are in fact valid, and will only sign if it is safe to do so.
Blox Staking Technology Overview
Blox Live – Desktop App
The Blox Live Desktop App is the gateway to convenient non-custodial staking on Eth2. Admin actions are performed in Blox Live for validator set up and management. Blox Live is run locally, offering the highest level of security and is responsible for the following key features:
- Key Management
- KeyVault Remote Signer Management
- Validator Monitoring Dashboard
Blox Live bundles together all of the functionality for securely managing backups, key imports, creating and managing validators, and more. Live maintains direct connectivity with Blox Infra and the user’s cloud service, on which KeyVault remote signer is installed.
Key Management
Taking inspiration from the industry gold standard for cold wallet management, a user’s seed is generated and encrypted locally using the Blox Live Desktop App. This allows for the secure generation of validator and withdrawal keys on Desktop. Validator and withdrawal keys are never stored on Desktop but can be generated at the user’s request using the seed.
Once generated, validator keys are transferred from the Desktop app to KeyVault remote signer using secure SSH communication. It is important to note that withdrawal and seed information is never transferred to KeyVault, only the validator keys intended to sign emerging blocks.
KeyVault Remote Signer Management
The installation of KeyVault Remote Signer takes place conveniently through Blox Live. The installation wizard walks the user through the creation of KeyVault, set up on the user’s cloud account of choice.
The troubleshooting functionality monitors the status of a user’s KeyVault instance, automatically identifying any problems or maintenance needs and notifying the user to return to the App to perform management tasks. Once the user opts-in, Blox Live takes care of the technical details. Updates and resets are never completed automatically as it is imperative that a user maintain complete control over the management of their validator.
Validator Monitoring Dashboard
The Dashboard is a convenient way to track all the important information pertaining to a user’s validator (or validators). A user can monitor their Eth2 staking profitability with validator balance and APR. Technical performance parameters are also on display, including a history log of attestations, reported downtime, and technical errors that need to be addressed.
Blox KeyVault
Blox KeyVault is a remote signer powered by Hashicorp Vault. Blox developed a dedicated Vault plugin that supports BLS12-381 Ethereum signing keys. Hashicorp Vault is a leader in secrets and sensitive data management, employing an always on-disk encryption policy ensuring that sensitive data is never available in plain-text.
To ensure that Blox Staking is fully non-custodial, KeyVault is not held on Blox servers, it is kept completely segregated and installed on a user’s personal cloud account. During the installation process, restricted permissions are created for Blox to transmit validator signing duties to KeyVault.
KeyVault has two separate sections of responsibility, that are kept completely independent from each other:
- Validator Key Management
- Validator Signing Management (including slashing protection)
We separate data management and protection from signing functionality for optimum security. In the unlikely event that Blox is hacked, user validator keys will not be compromised as they are stored independently.
Validator Key Management
In order for KeyVault to start signing validator requests, validator keys generated in Blox Live must be securely transferred from Desktop to the user’s private cloud instance. This transfer leverages SSH communication and is only possible from the user’s Desktop app as it is the only entity that has such permissions. Similarly, SSH communication is employed for adding or removing additional validators. The management of requests are conveniently completed in Blox Live by the user, KeyVault is just informed to make changes as per user requests.
Validator Signing Duties
KeyVault is responsible for signing validator duties assigned by the blockchain. It is a remote signing server with requests from the blockchain being sent from Blox Infra nodes using http requests and an access token mechanism. This architecture is the most secure method for managing signing requests; far more so than validator keys stored directly on a validator connected to the Beacon Chain, which is the current industry standard. Blox Infra securely transfers signing requests to KeyVault, KeyVault signs the requests if deemed appropriate, and sends them back to complete the block.
KeyVault Slashing Protection
Arguably one of the most important features of KeyVault is the built-in slashing protection mechanism. KeyVault stores attestation history to ensure that incoming requests are in fact consistent with what is needed to complete the next block. The signing functionality has a gatekeeper analysis function that checks the history logs to ensure that what is being proposed is in fact correct and updated. This means that if a malicious signing request is transferred to KeyVault for signing, KeyVault will not sign it, and effectively avoid participating in a slashable event.
Blox Infra
Validators on the Beacon Chain must be constantly connected to their nodes in order to perform assigned duties. Connection downtime therefore has the potential to negatively impact staking rewards. The validators that are capable of earning the most rewards are those that remain online 24/7.
Backed by 3 years of experience running nodes for 15 different blockchains, Blox nodes are actively maintained by our team for relentless reliability. Blox Infra is a cluster of validators, Eth2 and Eth1 nodes that are constantly connected to Ethereum and ensure sustained communication to the KeyVault remote signers.
KeyVault is assigned duties directly from Blox Infra, but the ultimate decision to sign is decided upon by each user’s personal instance of KeyVault backed by slashing protection.
Conclusion
You have now been exposed to the fundamental principles surrounding Ethereum staking and Blox Staking’s non-custodial solution. As a quick recap, we built Blox Staking with the following main objectives in mind:
- Truly Non-Custodial – you retain control of YOUR assets, we just manage the technical part.
- Easy to Use – we aim to make ETH staking seamless, no coding knowledge required.
- Completely Secure – Zero compromises when it comes to security. ETH staking with Blox is as secure as DIY solutions, if not more.
For product updates, news, and more, check out the Blox Blog and join the conversation on Discord.
If you’re interested in learning more about the tech behind Blox Staking, check out the links below for some advanced reading: Blox Staking Tech Blox Staking Github
