The Lido Withdrawal Key Generation Ceremony
The Lido DAOs first set of withdrawal keys were generated during a ceremony that took place between December 13th and 16th, 2020, performed by a group of the industry’s most trusted builders.
Chorus One, Staking Facilities, Certus One, Argent, Banteg (yearn.finance), Alex Svanevik (Nansen), Anton Bukov (1inch), Michael Egorov (Curve/Nucypher), Rune Christensen (MakerDAO), Will Harborne (DeversiFi) and Mustafa Al-Bassam (LazyLedger) came together over a four-day event to generate threshold signatures for Lido’s withdrawal keys in a secure environment on air-gapped machines.
Everything went smoothly and participants and the broader Ethereum community are thanked for their efforts and constant support.
After a lot of QR code scanning and a couple of sleepless night, the distributed key generation ceremony for @lidofinance is complete.
— banteg (@bantg) December 15, 2020
DKG identifier: ae7f71bb34b74eab0cea8c2931d4b0b2
PubKey: tnrKcfBLZzA3tUAJt2Dxlh84NuVxQUHIkq/bdewINNzmeE2ccu2K19syjP+P6fE+ pic.twitter.com/6umMmEUJ9j
DKG identifier: ae7f71bb34b74eab0cea8c2931d4b0b2
PubKey: tnrKcfBLZzA3tUAJt2Dxlh84NuVxQUHIkq/bdewINNzmeE2ccu2K19syjP+P6fE+
Why was a ceremony necessary?
Ethereum 2.0 doesn’t have any contract execution functionality right now, which means you can’t deploy smart contracts or set up a multisig. When you stake your ETH you need to specify an ETH 2.0 key called withdrawal credentials. In order to make liquid staking work, a solution was necessary for who will hold this key and, more importantly, how to transition it to the Lido DAO.
That is why a distributed custody solution for the beacon chain was developed by Lido and audited by Sigma Prime: https://github.com/lidofinance/dc4bc.
All deposits into Lido are delineated by 32 ETH and assigned to node operators who validate using these deposits. Funds are deposited to the Lido protocol smart contract and then are locked into the Ethereum proof-of-stake deposit contract. Initially, withdrawal credentials for deposited ether will be set to Lido’s threshold signature of distributed custody. This threshold signature account controlled by the Lido DAO is specified as a staking withdrawal address.
In practice, this means that users would need to trust this withdrawal address to return the ETH to which they have a claim. This is not the preferred solution but is a (temporary) reality for all the liquid staking protocols due to ETH 2.0’s staking design, and so it was designed and developed in the way that seemed like the best practical solution at the time.
The reason Lido’s participants went to the lengths of a several-day distributed custody key generation event was to decrease the amount of trust required. The withdrawal key was split into 11 different parts, each held by a different participant. Instead of one party now having access to these withdrawal keys, it would instead require collusion of many parties from those who participated in the ceremony. Many other liquid staking protocols are instead relying on a single party to hold these keys which is believed to be an inferior solution.
Verifying: I have submitted my public keys for participation in the Distributed Key Generation ceremony for @lidofinance withdrawal credentials: lI+5jYVEif+dmJpWAi0v2eZd0oAQ3yMHQ7/cF1cODbrkr/R0U0K6IgZX9INuhiNu https://t.co/5rj43I6Wjs
— Mustafa Al-Bassam (@musalbas) December 13, 2020
The preferred solution would require eth1 withdrawal addresses to be accepted by the Ethereum community. If/when this happens, the withdrawal credentials will instead be set to an upgradeable smart contract that will handle withdrawals when they are enabled -- an entirely non-custodial liquid staking solution. This should happen in the near future and the feasibility to migrate to this kind of solution as soon as it's practical will be evaluated from time to time.
Why Lido’s distributed custody is a better approach
Distributing custody based on threshold signatures by some of the most respected and reputable people in DeFi seems like a much better solution for Lido to adopt at this time than having the withdrawal credentials owned by one single holder.
When it becomes technically feasible to transition to a fully non-custodial solution, the only purpose of this distributed custody will be to rotate withdrawal credentials to an autonomous withdrawal smart contract.
Here's what is targeted in the future
In the near future, when ETH 1 withdrawal credentials are available on ETH 2, Lido should move away from distributed custody to a fully non-custodial solution.
The Ethereum community seems to recognise and agree that a fully centralised solution isn't the best choice to depend on for the security of the largest smart contract platform, and trusts Lido DAO and Lido to always provide the best feasible solution for the Ethereum liquid staking. Any feedback or questions on this is welcome.
Stake with Lido
Lido has launched. Stake with Lido now: stake.lido.fi.