Distributed Validator Technology - Pilot w/ Obol Network
Exploring Distributed Validator Technology with Obol Network
Lido is excited to share the initial pilot integration with Obol Network, a Distributed Validator Technology (DVT) provider. This pilot demonstrated the benefits of running a Lido validator with DVT, and is a component of our goal to enable permissionless participation in Lidos’ validator set.
Over the past month, eleven Lido node operators (NOs) have participated in a pilot on the Goerli testnet. Since activating, the validators have been performant, and one successfully proposed two blocks.
The Benefits of DVT
Lido puts great effort into creating a high-quality and distributed validator set, and DVT will further increase protection from single points of failure. Validators may experience downtime or underperformance for various reasons, for example, issues caused by client bugs, operator misconfiguration, connectivity issues, hardware failure, etc. While it is possible to mitigate some of the problems by increasing redundancy, it is more costly and can introduce other undesirable risks (e.g. double signing which could lead to a slashing event).
Distributed Validator Technology enables multiple nodes to share the duties of an Ethereum validator; this novel approach improves resilience (safety, liveness, or both) compared to running a validator on a single node. Obol Network’s DVT solution is achieved via middleware called Charon to enable validators to run in a fault-tolerant, distributed manner. This is a major advantage that will allow Lido to scale and open up the permissionless operator set while mitigating relevant single-operator risks.
Lido & Obol Network Pilot
During the pilot, participants were split into two subgroups. The first group consisted of HashQuark, CryptoManufaktur, Nethermind, and Simply Staking; their cluster - HCNS-Lido is a 4-operator setup with a threshold of 3.
The second group included DSRV, Kukis Global, Chorus One, Staking Facilities, Blockscape, Everstake, and Stakely; their cluster - DKCSBES-Lido is a 7-operator setup with a threshold of 5. Two groups of operators created entries in the Lido Node Operator registry by coordinating through a multi-sig.
You may find them on operators.testnet.fi.
The creation of the clusters was done via the Obol DV Launchpad followed by coordinated distributed key generation (DKG) ceremonies to create deposit data and private key shares of the validators. A distributed validator key is a group of BLS private keys that together operate as a threshold key for participating in proof-of-stake consensus. To create a distributed validator that can stay online despite a subset of its nodes going offline, the key shares need to be generated together.
To do this in a secure manner with no one party being trusted to distribute the keys requires what is known as a distributed key generation ceremony. Once created during a DKG, the key share signatures combine to create a validator key signature to propose or attest to a block. No single operator can recreate the validator private key or produce a signature for the validator on their own, nor do they have access to the key shares of others (unless stored improperly and hacked, or explicitly shared).
Since the validators were activated, we see both validators have near-perfect attestation performance. There were occasions when an operator in the cluster experienced connection issues. For instance, on Nov 30th, one operator (twinkling-yesterday) in cluster DKCSBES-Lido was offline between Epoch 138760 and 138768. Despite this we continued to see the validator successfully perform attestation duties without interruption, highlighting one of the many benefits of DVT. We also have seen two successful block proposals by cluster DKCSBES-Lido.
Next Steps
This initial pilot with Obol Network has shown that it's possible to run a secure and reliable distributed validator. We are pleased with the progress made in the past month and will continue additional testing with Obol and SSV Network in the new year.
DVT is a critical component of Lido’s strategy to enable solo operators, and permissionless entry into the node operator set all while further decentralizing the stake in the protocol. We will continue to explore and design solutions that bring us closer to this goal.