Online/Offline accounts and participation key

#1

Hi,
I have some questions about the online offline accounts and participation key hopefully you can (partially) help me with.

  1. To bring an account online you have to generate a participation key for that. What is the idea behind that key being valid between specific rounds? (–roundFirstValid / --roundLastValid)
  2. When the part key expires aka the round last valid passed, the account stays online. I would suspect otherwise? Does it still participate in the consensus protocol after the part key expires?
  3. You can earn rewards if I’m correct by participating in the consensus protocol right? This means being online. But is see offline account who never been online earn (real) small rewards. How does this work?
  4. Is it the part key the only key that needs to be available online when participating in the consensus protocol? What I mean is, can I remove the account being online from my wallet? The part key is still there and account keeps the status online but does it still by participating in the consensus protocol?

And a other question. Will there be a restpath available to see which members where in the verifier set for a specific round (SVr) ?

Thks.

#2

Hi Kasper,

  1. If a machine is compromised in the future we don’t want that to compromise participation keys used to sign votes in the past, so what we do is essentially generate a keypair per each round. So of course this means that the participation key will grow in size according to the number of rounds it is valid. Specifying a validity range will bound that. Another reason for this is to give you the flexibility to implement various secure participation protocols, renewing your participation keys and intervals in a way that makes the most sense for your context.
  2. The account nominally stays online, but this is bad network behavior. You either want to sign a keyreg transaction that marks that key offline, or generate a new participation key for the next valid set of rounds and register that new one before the previous key expires. Note that only one key can be registered for an account at any given time.
  3. More details to come here…
  4. Yes. This allows you to implement a protocol where your private key never has to be online. So you can generate your participation keys on any node, create a keyreg transaction, and then bring that transaction to your air-gapped device to be signed by your private key for that account. Once signed you can broadcast that transaction to the network. Just ensure that your participation node is online with the participation key in the ledger directory (which it should be assuming you generated the partkey on that node using goal).

We currently do not have plans to implement a restpath for this, but would definitely be a cool feature to add! The information required to do this should be in the block certificate.

2 Likes
#3

Thanks Liz for the extensive answer, very helpful.

One more question about the part key. (I’ve tried this with an expired key)
I copied the part key to multiple nodes. On all the nodes the partkey is listed under goal account listpartkeys How will the network respond with multiple online nodes having the same active partkey?

#4

Hi Kasper,

Copying a partkey to multiple nodes is dangerous as it might cause your nodes to inadvertently equivocate votes. So you should always make sure your registered partkey only exists on a single node. And if you believe your partkey was compromised in some way, you should generate and register a new one.

#5

What do you mean by this, @liz?

#6

@ChaseHunter I think that if your nodes land in different partitions of the network, they might have different views of the network, which could cause them to vote differently. For example, if one node sees one block proposal and the other one sees another, they might vote for different blocks. Voting for different things with the same identity (using the same partkeys) breaks one of the rules of Algorand’s consensus protocol.

Probably the safest thing to do if you lose one of your partkeys is to generate and register a new one on the node you want to participate with.

3 Likes
#7

But what are the consequences when it does happen?. When you double sign like in Tezos, or Cosmos a part of your stake will be slashed. How will foul play be punished in Algorand?

#8

According to the Algorand’s consensus protocol, at any time on each node, there is only one valid vote from each part key. If one part key signs multi-votes from multi-nodes, each node may just see a single different vote for some value. This part key should be thought as a bad user.

If such users are rare, it’s no bad effect.
But if such users are majority, the protocol will be broken. The protocol would not produce new block successfully.

According the public information that we can know, no one would be punished. In algorand, miners do not need mortgage anything for mining.