How to build a resilient Ethereum 2 infrastructure without duplicating keys.
Attestant's infrastructure has been designed with safety in mind, but the design also adds a high level of resilience. The redundancy built into the design also facilitates upgrading any component without risk of downtime or, much worse, slashing.
A typical Attestant configuration as below shows how a single Vouch validator client operates by talking to multiple Dirk remote signers. This set-up provides resilience, and also a path to allow Attestant to upgrade Dirk without any downtime.
Maintaining and upgrading the Dirk infrastructure is very straight forward, with no downtime and no risk of slashing,
A common Dirk configuration is a 3-of-5 set-up where 5 Dirk signers are run on 5 different boxes and only 3 signatures need to be aggregated to form a valid beacon node signature. The 5 boxes can be located all around the world and one box can be safely removed, for upgrading, without any impact on the operations. Dirk not only provides a superior level of key security but due to its resilience design, it facilitates a simple process for software upgrades.
A single Dirk signer can be stopped, upgraded and restarted without downtime to the Attestant service as long as there are at least 3 other signers running. Once one Dirk signer has been upgraded and restarted, it is run for two epochs (approx 13 minutes) in order to ensure that all keys have signed at least once. After two successful epochs, the next signer can be upgraded safe in the knowledge that the remaining Dirk signers continue to provide full functionality and resilience to one additional signer going offline during maintenance.
Another piece of infrastructure that needs to be updated is the vendor specific beacon nodes and again Attestant's architecture allows this to happen without any downtime. Vouch has the ability to connect to multiple vendor beacon nodes and uses strategies to make sure it uses the best data from multiple beacon nodes when attesting and proposing. This provides a high level of resilience, as if one beacon node fails to return information Vouch ignores it and uses the data from the other nodes. As such, any one of the beacon nodes can be brought down and upgraded while Vouch continues to work uninterrupted.
Attestant's architecture provides safety and resilience at its core, but also gives the benefit that individual components can be updated without stopping operations or risk slashing. Attestant continues to carry out upgrades as required, with no downtime and continued resilience.