Architecture

The Lido Withdrawal Key Generation Ceremony

The <a href="https://lido.fi/">Lido</a> DAOs first set of withdrawal keys were generated during a ceremony that took place between December 13th and 16th, 2020, performed by a group of the industry’s most trusted builders.  Chorus One, Staking Facilities, Certus One, Argent, Banteg (yearn.finance), Alex Svanevik (Nansen), Anton Bukov (1inch), Michael Egorov (Curve/Nucypher), Rune Christensen (MakerDAO), Will Harborne (DeversiFi) and Mustafa Al-Bassam (LazyLedger) came together over a four-day event to generate threshold signatures for Lido’s withdrawal keys in a secure environment on air-gapped machines. Everything went smoothly and participants and the broader Ethereum community are thanked for their efforts and constant support. <figure class="kg-card kg-embed-card"><blockquote class="twitter-tweet" data-width="550">After a lot of QR code scanning and a couple of sleepless night, the distributed key generation ceremony for <a href="https://twitter.com/lidofinance?ref_src=twsrc%5Etfw">@lidofinance</a> is complete. DKG identifier: ae7f71bb34b74eab0cea8c2931d4b0b2 PubKey: tnrKcfBLZzA3tUAJt2Dxlh84NuVxQUHIkq/bdewINNzmeE2ccu2K19syjP+P6fE+ <a href="https://t.co/6umMmEUJ9j">pic.twitter.com/6umMmEUJ9j</a>— banteg (@bantg) <a href="https://twitter.com/bantg/status/1338914169408655365?ref_src=twsrc%5Etfw">December 15, 2020</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> </figure> DKG identifier: ae7f71bb34b74eab0cea8c2931d4b0b2PubKey: tnrKcfBLZzA3tUAJt2Dxlh84NuVxQUHIkq/bdewINNzmeE2ccu2K19syjP+P6fE+ <h3 id="why-was-a-ceremony-necessary">Why was a ceremony necessary?</h3><a href="https://ethereum.org/en/eth2/">Ethereum 2.0</a> doesn’t have any contract execution functionality right now, which means you can’t deploy smart contracts or set up a multisig. When you stake your ETH you need to specify an ETH 2.0 key called withdrawal credentials. In order to make liquid staking work, a solution was necessary for who will hold this key and, more importantly, how to transition it to the Lido DAO.  That is why a distributed custody solution for the beacon chain was developed by Lido and audited by Sigma Prime: <a href="https://github.com/lidofinance/dc4bc">https://github.com/lidofinance/dc4bc</a>. All deposits into Lido are delineated by 32 ETH and assigned to node operators who validate using these deposits. Funds are deposited to the Lido protocol smart contract and then are locked into the Ethereum proof-of-stake deposit contract. Initially, withdrawal credentials for deposited ether will be set to Lido’s threshold signature of distributed custody. This threshold signature account controlled by the Lido DAO is specified as a staking withdrawal address.  In practice, this means that users would need to trust this withdrawal address to return the ETH to which they have a claim. This is not the preferred solution but is a (temporary) reality for all the liquid staking protocols due to ETH 2.0’s staking design, and so it was designed and developed in the way that seemed like the best practical solution at the time. The reason Lido’s participants went to the lengths of a several-day distributed custody key generation event was to decrease the amount of trust required. The withdrawal key was split into 11 different parts, each held by a different participant. Instead of one party now having access to these withdrawal keys, it would instead require collusion of many parties from those who participated in the ceremony. Many other liquid staking protocols are instead relying on a single party to hold these keys which is believed to be an inferior solution. <figure class="kg-card kg-embed-card"><blockquote class="twitter-tweet" data-width="550">Verifying: I have submitted my public keys for participation in the Distributed Key Generation ceremony for <a href="https://twitter.com/lidofinance?ref_src=twsrc%5Etfw">@lidofinance</a> withdrawal credentials: lI+5jYVEif+dmJpWAi0v2eZd0oAQ3yMHQ7/cF1cODbrkr/R0U0K6IgZX9INuhiNu <a href="https://t.co/5rj43I6Wjs">https://t.co/5rj43I6Wjs</a>— Mustafa Al-Bassam (@musalbas) <a href="https://twitter.com/musalbas/status/1338116087536291841?ref_src=twsrc%5Etfw">December 13, 2020</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> </figure> The preferred solution would require eth1 withdrawal addresses to be accepted by the Ethereum community. If/when this happens, the withdrawal credentials will instead be set to an upgradeable smart contract that will handle withdrawals when they are enabled -- an entirely non-custodial liquid staking solution. This should happen in the near future and the feasibility to migrate to this kind of solution as soon as it's practical will be evaluated from time to time. <h3 id="why-lido-s-distributed-custody-is-a-better-approach">Why Lido’s distributed custody is a better approach</h3> Distributing custody based on threshold signatures by some of the most respected and reputable people in DeFi seems like a much better solution for Lido to adopt at this time than having the withdrawal credentials owned by one single holder.  When it becomes technically feasible to transition to a fully non-custodial solution, the only purpose of this distributed custody will be to rotate withdrawal credentials to an autonomous withdrawal smart contract. <h3 id="here-s-what-is-targeted-in-the-future">Here's what is targeted in the future</h3> In the near future, when ETH 1 withdrawal credentials are available on ETH 2, Lido should move away from distributed custody to a fully non-custodial solution. Read more: <a href="https://ethresear.ch/t/simple-eth1-withdrawals-beacon-chain-centric/8256.">https://ethresear.ch/t/simple-eth1-withdrawals-beacon-chain-centric/8256.</a> The Ethereum community seems to recognise and agree that a fully centralised solution isn't the best choice to depend on for the security of the largest smart contract platform, and trusts Lido DAO and Lido to always provide the best feasible solution for the Ethereum liquid staking. Any feedback or questions on this is welcome. <h3 id="stake-with-lido">Stake with Lido</h3>Lido has launched. Stake with Lido now: <a href="https://stake.lido.fi/">stake.lido.fi</a>.

Kasper Rasmussen

Architecture

How Lido Works

Lido DAO is a community that builds liquid staking service for Ethereum. Lido allows users to earn staking rewards without locking assets or maintaining staking infrastructure. Staking with Lido is primed to start along with Phase 0 of Ethereum 2.0.Upon depositing ether into Lido's smart contracts, a user receives stETH (staked ETH) ERC20 tokens that represent the user’s staked ETH balance of beacon chain along with staking rewards accrued or penalties inflicted on validators in the beacon chain. When transactions are enabled on the beacon chain - which does not yet have a target date but is estimated to be over 18 months away - users will be able to redeem stETH for unstaked ether together with accumulated rewards directly. Until then, stETH can be transferred or traded, unlike beacon chain ether.Lido has a lot of moving parts by necessity so the system, along with design goals and constraints, are described below in simple terms.<h3 id="design-goals-and-constraints">Design goals and constraints</h3>Staking during the first stages of Ethereum 2.0 means accepting the risk that your ETH will be frozen until transfers are available in Ethereum 2.0 (Phase 1.5 or Phase 2), which is expected to happen next year at the earliest. Until that time, no one will be able to withdraw staked ether or staking rewards and, for example, sell them on an exchange.To validate the beacon chain, a staker needs to deposit 32 ethers, specify a validating public key, and specify a withdrawal address where the staker’s assets and rewards will stay frozen until transfers are enabled. Until then, the only two activities you can do on the beacon chain are to validate and to stop validating. During this time, stakers must run the validation infrastructure, facing the risk of having their stake reduced in the case of misconfiguration.There is a risk of loss or loss of rewards, which occurs if the validator is slashed for misbehaving. This can happen, for example, due to a bug in the validator's node code or due to connectivity issues. This risk makes Ethereum staking especially unattractive in Phases 0 and 1, when the staker has, for a middling reward, to bear market risk while being unable to unstake.Lido aims to allow users to stake ether without losing the ability to trade or otherwise use their tokens. Lido will be a decentralized infrastructure for issuing a liquid token that has a degree of flexibility compared to self-staking.The primary goals of Lido are:<ul><li>To allow users to earn staking rewards without fully locking their capital;</li><li>To offer flexibility to users to earn rewards on deposits smaller than 32 ether, and without restriction on deposits different than a multiple of 32 ether;</li><li>To reduce the risks of losing a staked deposit due to software failures or malicious third-parties;</li><li>To provide the stETH token as a building block for other applications and protocols (e.g., as collateral in lending or other trading DeFi solutions);</li><li>To provide an alternative to exchange staking, self-staking, and other semi-custodial and decentralized protocols.</li></ul>Lido is designed as a simple-to-use protocol with community governance. The protocol has to follow the changes in the underlying blockchain mechanisms.<h3 id="lido-s-structural-components">Lido’s structural components</h3>The following is a broad description of the components of the Lido staking protocol:<ol><li>Staking pool: protocol to manage deposits, staking rewards, and withdrawals</li></ol> a. node operators registry b. withdrawal credentials c. oracles d. rewards 2. stETH: liquid staking token that maintains balance corresponding 1-to-1 to your share of beacon chain ether 3. DAO: Aragon DAO that governs protocol parameters<h3 id="staking-pool">Staking pool</h3>The staking pool is the core smart contract of Lido. The contract is responsible for ether deposits and withdrawals; minting and burning stETH tokens; delegating funds to node operators; applying fees to staking rewards; and accepting updates from the oracle contract. Node operators' manager logic is extracted to a separate contract, NodeOperatorsRegistry.Users will send ether to the staking pool contract to be minted stETH tokens in return. That ether will be distributed between node operators to maintain uniform distribution and deposited to be validated by their validators. Withdrawal credentials for that ether will be set either to threshold signature of distributed custody or, if <a href="https://github.com/ethereum/eth2.0-specs/issues/2040">withdrawal to eth1 addresses</a> will get accepted by the community, to an upgradeable smart contract that will handle withdrawals when they are enabled.Node operators also validate transactions on the beacon chain. The DAO selects node operators and adds their addresses to the NodeOperatorsRegistry contract. Authorized node operators have to generate a set of keys for the validation and also provide them with the smart contract. As ether is received from users, it is distributed in chunks of 32 Ether between all active node operators. The staking pool contract contains a list of node operators, their keys, and the logic for distributing rewards between them.<figure class="kg-card kg-image-card"><img src="https://blog.lido.fi/content/images/2020/11/01.png" class="kg-image" alt srcset="https://blog.lido.fi/content/images/size/w600/2020/11/01.png 600w, https://blog.lido.fi/content/images/size/w1000/2020/11/01.png 1000w, https://blog.lido.fi/content/images/2020/11/01.png 1539w" sizes="(min-width: 720px) 720px"></figure>Oracle is a contract that keeps track of balances of the DAO's validators on the beacon chain. The balances can go up because of reward accumulation and can go down due to slashing and staking penalties. Oracles are assigned by the DAO. Data is sent daily and is used to provide an accurate balance of stETH tokens for users. On days where there have been rewards, a small amount of stETH tokens are minted to the node operators and to the DAO's insurance and development fund, representing a reward fee.<figure class="kg-card kg-image-card"><img src="https://blog.lido.fi/content/images/2020/11/02.png" class="kg-image" alt srcset="https://blog.lido.fi/content/images/size/w600/2020/11/02.png 600w, https://blog.lido.fi/content/images/size/w1000/2020/11/02.png 1000w, https://blog.lido.fi/content/images/2020/11/02.png 1545w" sizes="(min-width: 720px) 720px"></figure><h3 id="steth-token">stETH token</h3>stETH is an ERC20 token that represents staked ether in Lido. Tokens are minted upon deposit and burned when redeemed. stETH token balances are pegged 1:1 to the ethers that are staked by Lido. stETH token’s balances are updated when the oracle reports change in total stake every day.<h3 id="lido-dao">Lido DAO</h3>We believe a DAO is an optimal structure for launching Lido. If we were to launch Lido without decentralised governance, users would be required to trust a single point of failure to maintain a 1:1 relationship of ETH to stETH -- similar to how Tether requires trust that the USDT is backed 1:1 by dollars.Instead, we believe by distributing governance of such parameters to a decentralised community you reduce the risk to the user.In addition:<ul><li>Lido is highly dependent on the design and restrictions of the beacon chain;</li><li>Ethereum 2.0 staking protocol may change and therefore Lido should be upgradable;</li><li>An insurance provider must be selected and terms for slashing insurance must be negotiated;</li><li>DAO governance is preferable than one person or a developer's team for making decisions about changes in Lido; and</li><li>A DAO will be able to cover the costs of developing and upgrading the protocol from the DAO token treasury.</li></ul>The DAO will accumulate service fees from Lido, which can be used in the insurance and development funds, distributed by the DAO.Join UsAs we approach launch, we’re opening channels in our discord and inviting collaboration. We think this is a fundamentally important piece of infrastructure in the Ethereum ecosystem, we’d love to build it with you. If you’d like to help build Lido, please email <a href="mailto:[email protected]">[email protected]</a>. Or, join the Lido <a href="https://discord.com/invite/vgdPfhZ">Discord</a>.Thx, VS

Vasiliy Shapovalov

Subscribe to the newsletter to hear about updates and events.