Cardano Stake Pool Owners HW Support
The staking ecosystem in Cardano is growing and maturing. The number of pools that created at least one block increased dramatically in past months and with the growing Cardano price, more people are interested in the staking business on Cardano.
In Cardano stake pool operations there are 2 roles — Operator and Owner. The Operator is operating the stake pool, Owner (or Owners) is holding the keys to the wallet that is providing the Pledge. It is extremely important to protect Owner's private keys because they are holding the pledge and also the pool rewards.
It was impossible to use hardware wallets for managing the stake pool Owner addresses until now but with the latest Cardano Ledger app update (2.1.0) and with the upcoming Trezor model T firmware update (coming 10th February 2021 EDIT: this was successfully released) it will be possible to provide the required stake pool Owner signatures with HW wallet devices.
These features were implemented by Vacuumlabs on behalf of and in cooperation with IOHK.
We at AdaLite decided to bring this feature to life, as simply and safely as we could. To become a stake pool Owner, it normally requires moderate tech skills and it is prone to error. Instead of installing a lot of software on your computer and following long guides with the possibility of losing your funds by exposing private keys, now all it takes is to log in to AdaLite and follow a few simple steps. We will break them down later in this article.
Please note, Operator still needs to build and propagate the pool registration transaction manually using cardano-cli. This new workflow on AdaLite allows obtaining an Owner stake key witness for the pool registration transaction in a user-friendly way. We are currently working with IOHK on HW support for stake pool Operators (Ledger only).
If you are an Operator and Owner in a single person and wish to protect your pledge and rewards using a hardware wallet, you may consider using the new cardano-hw-cli tool. Cardano-hw-cli is a command-line interface for interaction with Ledger and Trezor built by Vacuumlabs for IOHK to be compatible with the cardano-cli tool. You can find a guide for registering a stake pool using cardano-cli and cardano-hw-cli here. Cardano-hw-cli will allow you to obtain the required Owner witness (stake.skey) from the HW device and if you are familiar with the CLI it may be more user-friendly for you instead of the AdaLite GUI.
Disclaimer: At the time of writing, Trezor has not yet released their updated firmware for pool Ownership functionality. The release is planned for 10th February 2021.
More on Stake Pool Owners and Operators
A stake pool Operator is a person who is assigned responsibility for setting up and keeping the stake pool running, which means that they own or rent a server, hold the keys of the stake pool, and hold responsibility for running and monitoring the node. With their key, a stake pool Operator can sign blocks, register, re-register, or retire a stake pool, and post updated certificates. A stake pool Operator is also empowered to exclude some stake pool Owners during re-registration (pool update).
A stake pool Owner is a person who pledges their stake to the pool to increase the pool’s reward earning capacity and desirability. The ability of the Owner to pledge stake provides protection against Sybil attacks. Eventually, one of the Owners can also hold keys to the stake pool rewards address.
The Operator and Owner can be the same person. A staking pool can have multiple stake pool Owners. Due to the Operator’s capabilities, significant trust between the Owner and the Operator is required. Owners do not receive rewards for their pledge automatically but these rewards are awarded to the pool rewards address. Operator or one of the Owners has to manually distribute the accumulated pool rewards between the pool Owners and Operator. The feature we introduce allows Ledger and Trezor wallet users to produce a signature necessary to become a stake pool Owner and therefore pledge to a stake pool and possibly also control stake pool rewards address with the protection of HW wallet. Please note, stake pool Operator can remove Owners or change the rewards address anytime and doesn't need the consent of the existing stake pool Owners.
Becoming a Stake Pool Owner with AdaLite GUI
First, the to-be pool Owner navigates to AdaLite and logs in their hardware wallet.
The future pool Owner then navigates to the Advanced tab in the wallet dashboard, highlighted by the red arrow in the following picture. After that, it is necessary to download the Owner’s Staking key CBOR hex and send it to the stake pool Operator. The stake pool Operator needs this file to specify it as pool Owner’s stake verification key file (stake.vkey) while creating the stake pool registration certificate.
The stake pool Operator must then create the stake pool registration certificate with one or more Owners and must build (not sign) a transaction containing this certificate (tx.raw). The Operator then sends this built transaction to the Owner. In this example, we will call it pool_registration.raw. If there are multiple Owners, the Operator must send it to all of them. The pool Owner, while logged in, proceeds to the pool registration in the Advanced tab:
Initially, the Sign and Download signature buttons are disabled. After receiving pool_registration.raw, the pool Owner presses the Select a transaction file and selects it from their file system, or simply drags the file over the file area. The Sign button becomes active after a valid transaction file is selected.
The user proceeds by clicking the Sign button. Doing so will bring them to a confirmation screen. Here, they can review the pool certificate details, shown in the following picture. It is very important to ensure that all the entries are correct and the pool Owner agrees with all of them.
If the pool Owner is satisfied with all the parameters, they may sign the transaction. After clicking the Sign transaction button, the hardware wallet will ask the user whether they want to start a new transaction. There will be a recap screen for every important stake pool parameter. Review them carefully. After successfully signing the transaction, the Download signature button becomes active. The pool Owner must then download it and send it to the pool Operator. The Operator needs the signatures of all pool Owners to sign the pool registration transaction. After the Operator submits the signed transaction, the pool is registered.
If you’ve made it this far, congratulations! You have now become a stake pool Owner. Depending on the agreement with your stake pool Operator and fellow Owners, somebody has to manually distribute the pool reward. Tread with caution and pick your stake pool Operators carefully.
The development of Trezor and Ledger firmware was funded by IOHK. The development AdaLite stake pool Owner feature was funded by Vacuumlabs. Any donations to support further development of AdaLite are appreciated.