Source: VaaS and Tendermint Keys Management Explained | by Allnodes Team | Feb, 2023 | Allnodes
This post was created to address the growing discussion about key management, VaaS , and related topics within the Cosmos community. Unfortunately, there have been many confusing and misleading statements made over the past few weeks, often due to a lack of knowledge or a clear misunderstanding of these complex topics. In order to prevent further damage to the community or our company’s reputation, we have decided to clarify some of these important concepts. We believe that educating ourselves and others is crucial to avoiding misunderstandings and making well-informed decisions that benefit the community.
VaaS and key management.
This is by far the most active and also controversial topic that we have found and by far the most error-prone and requires basic, yet accurate knowledge.
What is VaaS?
VaaS stands for “Validator as a Service”, another term is white label solution. It is a service that provides users with access to a pre-configured validator node on a blockchain. VaaS providers allow users to participate in the network without having to set up and maintain their own validator node, which can be very complex and resource-intensive. VaaS providers typically offer a range of services, such as automatic upgrades, monitoring, security, and backup, to ensure that the validator node operates reliably and securely. Allnodes is one of numerous VaaS providers, and to be honest, not the largest in the Cosmos ecosystem (Terra Classic is an outlier due to its unique circumstances).
But if you run my node for me doesn’t that mean you have my keys?
To answer the question of whether a VaaS provider has access to a user’s private keys, it’s necessary to understand some important terms. Let’s start with the basic terminology.
1. Validator’s private key
The private key of the validator node (not to be confused with the mnemonic/seed phrase) is a critical component of its functionality, and VaaS services require access to this key in order to run the node. In other words, if an individual or institution, such as a bank or hedge fund, wants to avoid the complexity of setting up the infrastructure and learn to master Linux to spin up a node, they must be willing to share the key with a VaaS provider. No VaaS provider on any Cosmos blockchain can operate in a different way. It’s important to note that this key has no monetary value and does not provide access to the customer’s funds. To reiterate, its sole purpose is to sign blocks on the network.
2. Owner address mnemonic
The owner address mnemonic (seed phrase) is used to activate a node, participate in governance, and manage the node. It is not uncommon for services in the VaaS industry to have access to this mnemonic. Furthermore, upon our research, we learned that some services may even refuse to provide this key to the customer upon request.
It’s important to emphasize that we at Allnodes DO NOT possess this key for all of our customers that initiated their Cosmos-based nodes through our new non-custodial node-management system launched on January 27th.
Proof (Jan 27, 2023): https://twitter.com/allnodes/status/1619015621727125509
This platform has a user-friendly interface with buttons that link to all of the node management functions. The main reason for developing this system was to increase the security of the network by eliminating the need to store or access the mnemonic, given its critical functions. It also allows us to reduce the manual work involved in situations where the key owner needs to change certain parameters of the node like adjusting commission fees.
Proof (Jan 27, 2023): https://twitter.com/allnodes/status/1619015679876956161
We are confident that Allnodes is one of the very few VaaS providers to offer a convenient non-custodial (in terms of the owner address) method for launching and maintaining Cosmos-based nodes.
Additionally, for customers who launched their node with us prior to January 27, 2023, we offer the option to either remove their seed phrase or even completely redeploy their node through our non-custodial node-management system. Removal of the existing customer mnemonics at Allnodes is required and will be strictly enforced. Our goal is to manage as few keys as possible.
3. Mnemonic of the address that holds the user’s stake
In the case of Tendermint-based networks, it’s common practice to self-stake only a small number of coins from the owner address and delegate the rest from a different wallet. This wallet can be a hardware wallet, for example.
The address that holds the user’s stake, which is delegated to their own node, has never been accessible to Allnodes, as we are a non-custodial service that does not hold custody of the customer’s coins.
Now that we have a solid understanding of these fundamental terms, let’s turn our attention to a word that often comes up in discussions about VaaS providers: “compromised”.
When someone claims that mnemonics are “compromised” on a VaaS, this is inaccurate for two reasons. First, there are no VaaS providers in the industry that do not have access to the validator’s private key, and by this logic, those keys must be considered “compromised” together with mnemonics. Second, the term “compromised” is typically used to describe a security breach. However, Allnodes, for example, handles private keys securely and in accordance with industry standards, with customer consent.
In most industries, not just blockchain-related, service providers must have some level of access to customer systems or data. For example, server providers, even housing solutions, have physical access to the servers in the data centers. Managed server providers even have more privileges on the operating system than the customer himself. While blockchains often are referred to as a trustless environment, this is a perfect world scenario that is unlikely to be achieved.
To put it another way, if we want a world in which even the validator’s key is not shared, we must accept a world in which there are no VaaS providers at all. If all VaaS providers were to suddenly disappear from a network, the consequences could potentially be severe. The sudden disappearance of all VaaS providers could also affect user participation in the network, as it would become more difficult for them to launch and manage their nodes.
If individuals or entities like project builders are able to launch their own node without a significant amount of computer hardware and software knowledge, they may attract a diverse group of delegators. Consequently, they may feel more motivated to promote the network, take part in its development and governance, or be encouraged to attract new end-users.
In addition, large institutions are more likely to invest their funds or resources in a network that has strong service providers (including VaaS). Institutional investors typically prefer to invest in professionally managed and certified businesses. They may be more likely to consider an opportunity above one that does not offer these features. Failing to attract these entities can lead to a variety of challenges and potentially the network’s ultimate demise.
Some VaaS providers are so large can they halt the network?
It is theoretically possible, but at this time we have not been able to find a VaaS provider large enough to accomplish this task. To provide some context on Allnodes capacity, when we released our non-custodial node management system, our customers’ nodes were active on only 7 out of 26 Tendermint-based networks that we support: ATOM, CRO, DVPN, EVMOS, JUNO, LUNC and OSMO. Our cumulative stake on most Tendermint-based networks remains very low and can be observed in the recently published transparency report: Allnodes - Tendermint-based Blockchains Transparency
For example on Cosmos blockchain we have only one customer validator node and our cumulative stake is less than 2% of total stake.
Unethical business attacks based on rumors and false assumptions
At Allnodes, we are proud of our reputation for providing impeccable service, and we attribute our success to our unwavering commitment to customer support, innovation, fairness and integrity. In fact, we believe that human kindness can go a long way in any relationship, which is why it also is a core value of our business. At Allnodes, we are fortunate to have cultivated relationships with tens of thousands of customers around the world.
In today’s business world, competition is fierce, and companies often use various methods to outdo their competitors. While competition can be healthy and beneficial to the industry, unethical practices can have far-reaching negative effects. One such unethical practice is for one company to attack another based on rumors and false assumptions.
Public attacks on competitors are also ethically problematic. When a company publicly attacks its competitors, it may be engaging in unethical behavior, such as spreading false or misleading information. This behavior violates ethical principles such as honesty, fairness and respect for others. In addition, advancing an agenda at the expense of a competitor may be seen as manipulative.
At Allnodes, we are committed to developing tools and finding solutions that allow even new and inexperienced members of the Cosmos-based community to feel at home and actively participate in the network. We have implemented numerous innovations and enhancements to make it easy to participate in governance, staking, and operation of nodes with the click of a button.
Here are just a few of the innovations and improvements that we have made in 2023:
- To decrease our voting power and to encourage redelegation to smaller validators on the Terra Classic network, we announced on December 31, 2022 an increase of our node’s commission from 5% to 10% starting from February 1, 2023.
Proof (Dec 31, 2022): https://twitter.com/Allnodes/status/1609195528117702657
- On January 27, 2023, Allnodes launched our groundbreaking non-custodial node management for Tendermint-based blockchains, which allows users to securely manage their nodes without the need for a third-party. This system allows node owners to effortlessly manage their keys, cast votes, adjust commissions, and perform other actions through a user-friendly interface that requires no deep technical knowledge. The system has already been in development for several months:
Proof (Feb 7, 2023): https://twitter.com/lunc_nymph/status/1623228518736998402
- As we rolled out our new non-custodial node management system, we committed to deleting all remaining owner address seed phrases with our customers’ confirmation that they have securely stored them. We are also encouraging our customers to redeploy their nodes in this new environment. The following screenshot shows an email that was sent to our customers on February 7, 2023.
Proof (Feb 7, 2023): https://twitter.com/vegasmorph/status/1623050230424907776
- To increase overall security and stability of validators we’ve updated our hosting plans for Tendermint-based validator nodes.
Proof (Feb 8, 2023): https://twitter.com/vegasmorph/status/1623422216053350400
- On February 7, 2023 Allnodes (first in staking industry) released a transparency report (updated every 24 hours) for tendermint based networks.
Proof (Feb 7, 2023): https://twitter.com/allnodes/status/1623031835600076801
Let’s come together to overcome the challenges we face and create a community that thrives on open dialogue and communication. By abandoning shouting, hostility, and unfounded accusations, we can create a harmonious environment. Together, we can pave the way for a future built on mutual understanding and respect.
The Allnodes Team