Create Publication

We are looking for publications that demonstrate building dApps or smart contracts!
See the full list of Gitcoin bounties that are eligible for rewards.

Article Thumbnail

How to Participate in Algorand State Proof Generation (Register State Proof Keys)

Noah Grossman
Noah Grossman Algorand
March 16, 2022

Overview

Want to participate in Algorand’s pure proof of stake consensus protocol? You’ll be joining a community of node runners that play a crucial role in securing and advancing the blockchain. For information on how to set up a participating node, start here (note: familiarity with your computer’s command-line interface is highly recommended).

As part of our March 2022 upgrade (v3.4.2), we released a new set of Falcon keys that will be used to generate Algorand State Proofs (ASPs), a Post-Quantum secure chain of certificates attesting to the state of the Algorand blockchain. Since the upgrade, participation node runners will generate and register these Falcon keys alongside the participation keys used during consensus. This marks our first major step towards releasing ASPs.

We added a new field to the Key Registration Transaction used to bring accounts online for consensus. The field is a byte array of size 64 with the msgpack name ‘sprfkey’ that represents the merkle root of the Falcon keys which will be used to generate ASPs. It is effectively a “fingerprint” that can be used to verify that Falcon key signatures actually came from your account. A reference implementation for creating a valid transaction using Algorand Go SDK in GoLang can be found here. Starting with the latest upgrade, all key registration transactions require a State Proof key.

When generating keys, make sure to specify a first valid participation round that will have recently occurred after completing registration. For security reasons, we recommend using a period length of 3,000,000 rounds (~ 5 months), with a maximum length of 16,777,215 rounds (2^24 - 1). Note that this process should take a few minutes to execute, and is proportional to the period length, since generating the new Falcon keys is computationally intensive.

Follow the steps below to learn how to bring your account(s) online to participate in consensus, and in the near future, ASP generation.

Table of contents

Participating in consensus requires you to generate and register a set of keys which will be used to vote on block proposals and to generate Algorand State Proofs. There are several ways to do so. Read on to select the best method for your use case.

Note: we recommend using the cold wallet signing method for any MainNet accounts as it is more secure. Hot wallet signing requires you to store your private spending keys on an online node and is only recommended for low-stake accounts or for those on test networks.

To improve the cold wallet method, we have introduced a new algokey command that generates an unsigned key registration transaction directly from the CLI. You no longer have to (but are still welcome to) build your own key registration application from our SDKs in order to use the offline process.

  1. Cold Wallet Signing: Generate and Register Your Keys Offline
  2. Hot Wallet Signing: Renew Your Keys
  3. Hot Wallet Signing: Generate and Register Your Keys

1. Cold Wallet Signing: Generate & Register Your Keys Offline

Generate keys and sign keyReg transactions offline. This process is composed of 3 major steps:

  1. Generating a new set of keys
  2. Creating and signing a key registration transaction
  3. Registering the new keys with the network

This section will be useful for people who want to securely sign keyReg transactions without storing private spending keys on a live node.

A) Generate participation keys offline

Run the algokey part generate command to generate a new set of participation keys, stored in a stand-alone file. You can install these keys on any node that you wish to host the intended account. Specify the account, the first and last round these keys should be valid, and a temporary keyfile to store the new keys. Here is an example:

algokey part generate --first 16532750 --last 19532750 --keyfile testKeyFile --parent MWAPNXBDFFD2V5KWXAHWKBO7FO4JN36VR4CIBDKDDE7WAUAGZIXM3QPJW4

Please stand by while generating keys. This might take a few minutes... /

After a few minutes, you should see a success message displaying information about the newly generated keys.

Participation key generation successful Parent address: MWAPNXBDFFD2V5KWXAHWKBO7FO4JN36VR4CIBDKDDE7WAUAGZIXM3QPJW4 VRF public key: 1V2BE2lbFvS937H7pJebN0zxkqe1Nrv+aVHDTPbYRlw= Voting public key: 87iBW46PP4BpTDz6+IEGvxY6JqEaOtV0g+VWcJqoqtc= State proof key: f0CYOA4yXovNBFMFX+1I/tYVBaAl7VN6e0Ki5yZA3H6jGqsU/LYHNaBkMQ/rN4M4F3UmNcpaTmbVbq+GgDsrhQ== First round: 16532750 Last round: 19532750 Key dilution: 1732 First batch: 9545 First offset: 0

B) Create and sign key registration transaction with offline keys

1. Create the keyRegistrationTxn with your method of choice

NEW! Via algokey part keyreg 

algokey part keyreg --network betanet --firstvalid 16532750 --keyfile testKeyFile -o keyRegTxnFile

Key registration transaction written to 'keyRegTxnFile'.

Or, via your Algorand SDK of choice. For more information, follow these instructions.

2. Sign the keyRegistrationTxn using your method of choice.

For a lightweight CLI option, you can use algokey sign.

algokey sign -t keyRegTxnFile -o signedKeyRegTxn -m “[enter your account’s 25 word private key delimited by spaces]”

3. Register the account online

i. Install the keys on the intended node using goal account installpartkey. Note: you may wish to move the keyFile and the signed keyReg transaction to the node’s data directory, if not already there.

goal account installpartkey --partkey testKeyFile --delete-input -d your-data-directory

Participation key installed successfully

ii. (Optional) Verify successful participation key generation: Run goal account listpartkeys to see all of the participation keys in the specified node’s data directory. Since we have not yet registered the new keys with the network via a keyRegistrationTxn, they will be marked as Registered = no. You can view more participation key information with goal account partkeyinfo .

goal account listpartkeys -d your-data-directory

Registered Account ParticipationID Last Used First round Last round no MWAP...PJW4 NUCDODS6... N/A 16532750 19532750 yes MWBI...RENA TQLCNH5G... N/A 16434781 19434757 Yes GFJG...K6JQ FNR5WJHQ... N/A 16435404 19435404

iii. Send the signed key registration transaction to the network, ensuring the keys have been successfully installed on the target node and that the keys and the transaction are valid for the current round. If you’d like to use CLI tools, you can issue signed transactions with goal clerk rawsend .

goal clerk rawsend -f signedKeyRegTxn -d your-data-directory

Raw transaction ID K6XVVB45VAZVTJL2OKAUJFTCOAJML7ERZKASOJYYV5GL4QIHNKHA issued Transaction K6XVVB45VAZVTJL2OKAUJFTCOAJML7ERZKASOJYYV5GL4QIHNKHA still pending as of round 16532751 Transaction K6XVVB45VAZVTJL2OKAUJFTCOAJML7ERZKASOJYYV5GL4QIHNKHA committed in round 16532753

iv. Done! Verify your account’s online status with goal account listpartkeys. Note, the new keys will not be used in consensus for at least 320 rounds after registration.

2. Hot Wallet Signing: Renew Your Keys On An Algorand Node

Use the following method to renew expiring participation and state proof keys directly on a live node that holds your private spending keys.

A. Generate and Register Keys in One Step

Renew an account’s participation and state proof keys using goal account renewpartkey, specifying the account and the keys’ last valid round (after which they expire).

goal account renewpartkey -a PEV3ODSO64CQJIZYW7VQ62XG6FRL7Z5DSBSTTLLIUGV4IOLYDR435L4WHY --roundLastValid 3004300 -d your-data-directory

Please stand by while generating keys. This might take a few minutes... /

After a few minutes, you should see a series of success messages indicating the key was generated and the corresponding keyreg transaction was signed and committed to the network.

Participation key generation successful Transaction id for status change transaction: O6OHEUILWGKK57GAAHAONT4E4D4B4IUXHHKOOGPMOEOEVPFBY3LQ Transaction O6OHEUILWGKK57GAAHAONT4E4D4B4IUXHHKOOGPMOEOEVPFBY3LQ still pending as of round 4385 Transaction O6OHEUILWGKK57GAAHAONT4E4D4B4IUXHHKOOGPMOEOEVPFBY3LQ still pending as of round 4386 Transaction O6OHEUILWGKK57GAAHAONT4E4D4B4IUXHHKOOGPMOEOEVPFBY3LQ committed in round 4387

Done! Verify that your account’s new keys are registered and your old keys are unregistered with goal account listpartkeys . Note, the new keys will not be used in consensus for at least 320 rounds after registration. You can view more participation key information with goal account partkeyinfo .

goal account listpartkeys -d your-data-directory

Registered Account ParticipationID Last Used First round Last round no PEV3...4WHY ZPD4UDTZ... 4463 0 50000 yes 3R6L...KGV4 XTVEXVB4... 4463 1000 3001000 yes PEV3...4WHY DM7EXQKY... N/A 4349 3004300

3. Hot Wallet Signing: Generate And Register Your Keys On An Algorand Node

Generate keys and sign keyReg transactions on the node that will host the online account. This method splits key generation from registration - the newly generated keys will be written to a file that you will install on the intended node, and then register with the network.

A. Generate and install keys on the intended node

Run the goal account addpartkey command on the intended node to generate a new set of keys. Specify the account and the first and last round these keys should be valid.

goal account addpartkey --roundFirstValid 1000 --roundLastValid 3001000 -a OVFPQUAKNPH6AYDR45MTKJBJD3OSMETOEYQX3A5QBHCQOMSTU6OR6PRGBE -d your-data-directory

Please stand by while generating keys. This might take a few minutes... \

After a few minutes, you should see a success message saying

Participation key generation successful

(Optional) Verify successful participation key generation: Run goal account listpartkeys to see all of the participation keys in the specified node’s data directory. Since we have not yet registered the new keys with a keyRegistrationTxn, they will be marked as Registered = no. You can view more participation key information with goal account partkeyinfo .

goal account listpartkeys -d your-data-directory

Registered Account ParticipationID Last Used First round Last round no OVFP...RGBE XTVEXVB4... N/A 1000 3001000

B) Register your keys with the network

Run goal account changeonlinestatus to register the new keys with the network and mark the account online.

goal account changeonlinestatus -a OVFPQUAKNPH6AYDR45MTKJBJD3OSMETOEYQX3A5QBHCQOMSTU6OR6PRGBE -d your-data-directory

You should see a series of messages indicating successful registration. The keyRegistrationTxn will be generated, signed by the account’s private spending key, sent to the network, and written to the blockchain.

Transaction id for status change transaction: RHD45L4TEINQZYWQ57K7EHUP7YREE5PZKCRH2NJCWN3NG5RMFEUQ Transaction RHD45L4TEINQZYWQ57K7EHUP7YREE5PZKCRH2NJCWN3NG5RMFEUQ still pending as of round 4986 Transaction RHD45L4TEINQZYWQ57K7EHUP7YREE5PZKCRH2NJCWN3NG5RMFEUQ still pending as of round 4987 Transaction RHD45L4TEINQZYWQ57K7EHUP7YREE5PZKCRH2NJCWN3NG5RMFEUQ committed in round 4988

Done! Verify your account’s online status with goal account listpartkeys . Note, the new keys will not be used in consensus for at least 320 rounds after registration.