Keepin' the Ranch Safe!
There’s all kinds of threats out there in the great open plains, but those ain’t necessarily the worst dangers one can encounter. If ya think real long and hard about it, you’ll come to the realization that the worst dangers are those you ain’t prepared for.
Heck, you may not even know what to expect! So, as we here in New Buckland say, ‘Expect the unexpected.’ Yeah, of course if you expect somethin’ unexpected, you expect it, so it ain’t unexpected…uh anyways, analogies aside, the fact is…it’s better to be safe than sorry (maybe that’s the mantra we should follow instead?)
Validator security ain’t no laughin’ matter. Nope, any validator that is compromised in any way can threaten the network and bring the whole darn thing to a grindin’ halt if one ain’t careful! That’s why one of the first considerations we made when we set out to build Bearmint was findin’ better methods of increasing validator security with regard to their key pairs.
Suffice to say, there’s two possible approaches any discernin’ individual can take. In today’s blog, we’ll take a brief look at each of these and discuss the approach we ended up pickin’ (and why of course!)
Puttin’ All Your Eggs In One Basket
The first approach results in the least amount of friction, but as you can imagine, some significant security drawbacks exist since if a single key pair is lost, as a validator, you are fully compromised, and there is absolutely no way of meaningfully rectifying this.
In this scenario, validators use the same key pair for both forging blocks and authorizing on-chain tasks such as sending a transaction, making it impossible to intervene and prevent any further damage if this single key pair is lost.
Consequently, while this approach is indeed more convenient for validators, it makes little to no sense in today’s crypto landscape in which there is an ever-increasing number of financial reasons to sabotage or compromise validators in order to gain access to their tokens or cause irrepairable damage to a network.
As time goes by, security becomes a greater concern as hackers and malicious actors employ more sophisticated techniques to deprive individuals and businesses of their sensitive personal information. It therefore stands to reason that further layers of security, even relatively simple ones, can make a massive difference and act as a safeguard against those parties that may have less than noble intentions.
Sharin’ the Burden
The second option is indeed less convenient but greatly enhances security for a number of reasons (which we will discuss in more detail in just a moment). Using this approach, validators use one key pair for forging blocks and another for authorizing on-chain tasks such as sending a transaction.
So, what exactly are the benefits of using this method? Well, to be frank, there are several:
- If a validator’s forging key pair is compromised, their funds remain safe. This key pair is unable to authorize on-chain tasks such as sending a transaction and is therefore useless beyond forging blocks
- If your account key pair is compromised, your validator remains intact. This key pair is unable to forge blocks and therefore cannot cause any kind of harm to the network
- Either of these key pairs can be compromised, but as long as you have access to both of them, you will be able to resign your validator, effectively shutting it down and rendering any further abuse impossible
This final point is particularly important, and for a real good reason - if an attacker only possesses one of the key pairs, you can step in and put an end to their shenanigans lickety split! It’s for this very reason that the trade-off is more than worthwhile.
For the price of a little less convenience and a tad more friction, we can significantly bolster the security of individual validators and, therefore, the network as a whole. Coupled with the improved consensus model that provides greater resilience, this particular approach makes it virtually impossible for hackers to infiltrate the network and engage in acts of deliberate subterfuge.
And How About the User Experience Amigo?
The best part of all this is that the user experience for a validator doesn’t change much at all. All they need to do is store two key pairs and take note of which key pair pertains to which activity - forging or authorizing transactions.
In most cases, you’ll simply store your forging key pair once on your forging and backup machines (take the time to set these up partner…don’t be irresponsible!) However, when it comes to security, we strongly believe you should choose sane standards and stick to them instead of making it highly configurable.
Bearmint does its utmost to remain as unopinionated and modular as possible. Having said this, we reckon that, in this case, the added inconvenience of needing to store two key pairs is undeniably worth the trouble. Buckley may be a simple bear, but he knows he stands to lose a small fortune if he ain’t careful. It’s for this very reason that he puts up with a little extra hassle to make sure no one (and I mean nobody) undermines his highly lucrative minin’ operation!