diff --git a/src/pages/guide/node/validator-config-v2.mdx b/src/pages/guide/node/validator-config-v2.mdx index 94fbbecb..c2752f8b 100644 --- a/src/pages/guide/node/validator-config-v2.mdx +++ b/src/pages/guide/node/validator-config-v2.mdx @@ -112,6 +112,54 @@ The returned `Validator` struct fields are: ## Operator guide +### Initial registration + +To register a new validator, you must provide the following values to the Tempo team: + +| Value | Format | Description | +|-------|--------|-------------| +| **Validator address** | Ethereum address (`0x…`) | The control address for your validator. Used to authorize on-chain operations (IP updates, rotation, ownership transfer). | +| **Public key** | `0x`-prefixed 32-byte hex | Your ed25519 identity key. Generate one with `tempo consensus generate-private-key` (see [below](#generating-a-signing-key)). | +| **Ingress** | `IP:port` | The inbound address other validators use to reach your node. Must be unique across all active validators. | +| **Egress** | `IP` | The outbound IP address your node uses to connect to other validators. | +| **Fee recipient** | Ethereum address (`0x…`) | The address that receives transaction fees from blocks your validator proposes. If you are not prepared to accept fees, use `0x0000000000000000000000000000000000000000`. | +| **Signature** | `0x`-prefixed hex | An ed25519 signature proving you control the signing key. See below. | + +#### Generating a signing key + +Generate an ed25519 keypair: + +```bash +tempo consensus generate-private-key --output +``` + +Verify the public key: + +```bash +tempo consensus calculate-public-key --private-key +``` + +The public key should match the output of the `generate-private-key` command. + +#### Creating the add-validator signature + +The signature proves ownership of the ed25519 key being registered. Generate it with: + +```bash +tempo consensus create-add-validator-signature \ + --signing-key \ + --validator-address \ + --public-key \ + --ingress \ + --egress \ + --fee-recipient \ + --chain-id-from-rpc-url https://rpc.tempo.xyz +``` + +This outputs a hex-encoded signature. Provide this signature along with the values above to the Tempo team to complete registration. + +Once the Tempo team adds your validator on-chain, it will enter the active set in the [next epoch](#validator-states). + ### Update IP addresses If your node's network endpoints change, update them on-chain. The change takes effect at the next finalized block. @@ -136,7 +184,7 @@ Ingress addresses must be unique across all active validators. The transaction w ### Rotate validator identity -V2 lets you rotate to a new ed25519 key while keeping your validator index stable. This is useful for key rotation or recovery without leaving and re-joining the committee. +V2 lets you rotate to a new ed25519 key while keeping your validator index stable. This is useful for key rotation or recovery without leaving and re-joining the committee. [Generate a new signing key](#generating-a-signing-key) first. The simplest way to rotate is using the `tempo` CLI, which handles signature creation and the on-chain transaction in one step: @@ -164,16 +212,6 @@ tempo consensus validators-info --rpc-url https://rpc.tempo.xyz Once the old validator shows `in_committee = false`, it is safe to shut down. ::: -#### Initial registration - -When registering a new validator, generate the add-validator signature and provide it to the Tempo team: - -```bash -tempo consensus create-add-validator-signature \ - --signing-key \ - --rpc-url https://rpc.tempo.xyz -``` - ### Transfer validator ownership Rebind your validator entry to a new control address: diff --git a/src/pages/guide/node/validator.mdx b/src/pages/guide/node/validator.mdx index 87619d29..cb699fba 100644 --- a/src/pages/guide/node/validator.mdx +++ b/src/pages/guide/node/validator.mdx @@ -4,11 +4,11 @@ description: Configure and run a Tempo validator node. Generate signing keys, pa # Running a validator node -:::info -The management of the active validator set is currently permissioned by the Tempo team. If you are interested in becoming a validator, please [get in touch](mailto:partners@tempo.xyz) with the Tempo team. -::: +Validator nodes secure Tempo by validating blocks and participating in consensus. -Validator nodes secure Tempo by validating blocks and transactions, then using [Threshold Simplex](https://docs.rs/commonware-consensus/0.0.61/commonware_consensus/threshold_simplex/index.html) to reach consensus. They distribute signing shares among themselves to collectively sign block approvals and finalizations. +## Deploying a validator + +The active validator set is currently permissioned. If you are interested in becoming a validator, please [get in touch](mailto:partners@tempo.xyz) with the Tempo team. See [Initial registration](/guide/node/validator-config-v2#initial-registration) for technical details. ## Cryptographic key hierarchy @@ -18,22 +18,6 @@ All validators have two kinds of keys: The signing key is static. Pre-T2, it can only be rotated by removing and re-creating a validator on-chain with the Tempo team. Post-T2, [ValidatorConfig V2](/guide/node/validator-config-v2) enables self-service rotation via the `rotateValidator` precompile. The signing share is dynamic and is updated periodically on each DKG ceremony. Once updated, it will be saved to disk. Currently, the DKG ceremony is scheduled to run on-chain every ~3 hours. -## Generating a signing key - -You can generate an ED25519 keypair using the following command: - -```bash -tempo consensus generate-private-key --output -``` - -Once the private key is generated, you can calculate/verify the public key by running: - -```bash -tempo consensus calculate-public-key --private-key -``` - -The public key should match the output of the `generate-private-key` command. - ## Running the validator The process for running a validator node is very similar to [running a full node](/guide/node/rpc). @@ -49,7 +33,7 @@ tempo node --datadir \ --telemetry-url ``` -If you are not prepared to accept fees, we recommend setting the `--consensus.fee-recipient` field to `0x0000000000000000000000000000000000000001` as that will funnel the funds to a non-user controllable wallet (there is no known private key for the address). +If you are not prepared to accept fees, we recommend setting the `--consensus.fee-recipient` field to `0x0000000000000000000000000000000000000000` as that will funnel the funds to a non-user controllable wallet (there is no known private key for the address). ### Optional flags diff --git a/vocs.config.ts b/vocs.config.ts index 77c68a8a..25703259 100644 --- a/vocs.config.ts +++ b/vocs.config.ts @@ -664,14 +664,13 @@ export default defineConfig({ }, { text: 'Running a validator', - link: '/guide/node/validator', - }, - { - text: 'Operating your validator', - collapsed: true, items: [ { text: 'Overview', + link: '/guide/node/validator', + }, + { + text: 'Operation', link: '/guide/node/operate-validator', }, {