Ethereum 2.0 Keys
Ethereum 2.0 Key overview
Compared to Ethereum 1.0, where users only have a single private key to access their funds, Ethereum 2.0 offers two different keys. The validator private key and the withdrawal private key.
As seen in the cutout below the validator signing key consists of two elements:
- Validator private key
- Validator public key
The purpose of the validator private key is to actively sign on-chain (ETH2) operations such as block proposals and attestations. Therefore these keys have to be held in a hot wallet.
This flexibility has the advantage to move validator signing keys very quickly from one device to another, however, if they have gotten lost or stolen, the thief has the ability to act maliciously in two ways:
The validator public key is included in the deposit data which allows ETH2 to identify the validator.
- Withdrawal private key
- Withdrawal public key
Losing this key means losing access to the validator balance. However, the validator can still sign attestations and blocks since these actions require the validator private key, but there is little to no incentive to do so if the keys are lost.
A: Send another transaction (>=1ETH) to the deposit contract with the validator specific deposit data as the transaction input. After the first deposit-transaction, the unique deposit data is stored on the blockchain and can be found on various explorers.
Note: The deposit contract requires about 150,000 gas limit.
"Old ETH 1.0" path structure and example:
The same logic applies to ETH2.0 Keys, just with different parameters. There is a single "master key" (=Mnemonic phrase) which allows the user to attach as many validators to a single withdrawal key as they want. This way the user can derive all keys from the Mnemonic phrase.
A simplified overview would look like the following:
Credits: Nishant Das for fact-checking