Validator Keys

Validator keys are added in several sequential steps. These steps are similar for each time new keys are added.

Generating signing keys

Upon inclusion into the protocol, you should generate and submit a set of [BLS12-381] public keys that will be used by the protocol for making ether deposits to the Ethereum DepositContract. Along with the keys, you must submit a set of the corresponding signatures [as defined in the spec]. The DepositMessage used for generating the signature must be the following:

  • pubkey must be derived from the private key used for signing the message;

  • amount must equal 32 ether;

  • withdrawal_credentials must equal the withdrawal credentials on your assigned operator contract.

Withdrawal Credentials

The withdrawal address is your EigenPod, which can be queried via OperatorDelegator.eigenPod().

You can also obtain the correct withdrawal credentials by querying your operator contract via OperatorDelegator.withdrawalCredentials().

Using staking-deposit-cli

Use the latest release of staking-deposit-cli.

Example command usage:

./deposit new-mnemonic --folder . --num_validators 123 --mnemonic_language english --chain mainnet --eth1_withdrawal_address 0x123

Here, chain is one of the available chain names (run the command with the --help flag to see the possible values: ./deposit new-mnemonic --help) and eth1_withdrawal_address is the withdrawal address from the protocol documentation.

As a result of running this, the validator_keys directory will be created in the current working directory. It will contain a deposit data file named deposit-data-*.json and a number of private key stores named keystore-*.json, the latter encrypted with the password you were asked for when running the command.

If you chose to use the UI for submitting the keys, you’ll need to pass the JSON data found in the deposit data file to the protocol (see the next section). If you wish, you can remove any other fields except pubkey and signature from the array items.

Never share the generated mnemonic and your private keys with anyone, including the protocol members and DAO holders.

Submitting the keys

After generating the keys, you can submit them to the protocol. To do this, use the batch key submitter in the operator dashboard.

The operator dashboard is hosted at

If you’ve used the staking-deposit-cli, you can paste the content of the generated deposit-data-*.json file as-is.

Otherwise, prepare a JSON data of the following structure and paste it to the textarea that will appear in the center of the screen:

    "pubkey": "PUBLIC_KEY_1",
    "withdrawal_credentials": "WITHDRAWAL_CREDENTIALS_1",
    "amount": 32000000000,
    "signature": "SIGNATURE_1",
    "fork_version": "FORK_VERSION_1",
    "eth2_network_name": "ETH2_NETWORK_NAME_1",
    "deposit_message_root": "DEPOSIT_MESSAGE_ROOT_1",
    "deposit_data_root": "DEPOSIT_DATA_ROOT_1"
    "pubkey": "PUBLIC_KEY_2",
    "withdrawal_credentials": "WITHDRAWAL_CREDENTIALS_2",
    "amount": 32000000000,
    "signature": "SIGNATURE_2",
    "fork_version": "FORK_VERSION_2",
    "eth2_network_name": "ETH2_NETWORK_NAME_2",
    "deposit_message_root": "DEPOSIT_MESSAGE_ROOT_2",
    "deposit_data_root": "DEPOSIT_DATA_ROOT_2"

This tool will automatically split the keys into chunks and submit the transactions to your wallet for approval. Transactions will come one by one for signing. Unfortunately, we cannot send a large number of keys in a single transaction. Right now, the chunk size is 100 keys.

Connect your operator's manager wallet, click Validate button, the interface will run required checks. And then click Submit keys button.

When you submit a form, the keys are saved in your browser. This tool checks the new key submits against the previously saved list to avoid duplication. Therefore it is important to use one browser for submitting.

Importing the keys to a Lighthouse validator client

If you’ve used the staking-deposit-cli to generate the keys, you can import them to a Lighthouse validator client by running this command:

docker run --rm -it \
	--name validator_keys_import \
	-v "$KEYS_DIR":/root/validator_keys \
	-v "$DATA_DIR":/root/.lighthouse \
	sigp/lighthouse \
	lighthouse account validator import \
	--reuse-password \
	--network "$NETWORK_NAME" \
	--datadir /root/.lighthouse/data \
	--directory /root/validator_keys

Last updated