Validators

Validator Security

Security best practices for BitSong validators, including key management, HSM usage, and sentry node architecture

BitSong encourages Validators to run their operations independently to ensure diverse setups to increase network resilience. However, these are some general guidelines and information to help secure your infrastructure.

Key Management - HSM

Validator key security is absolutely paramount. If a Validator's key becomes compromised, their entire staked pool, including delegated BTSG, is at risk. Hardware security modules (HSM) are hardware-based key management solutions that help to offset the risk of a breach.

Security Risk Please note that the YubiHSM can protect a private key but cannot ensure in a secure setting that it won't sign the same block twice.

HSM modules must support ed25519 signatures for the BitSong blockchain. The YubiHSM2 supports ed25519 and a compatible library is available.

YubiHSM Library

Access the YubiKey library for Rust on GitHub.

We are also working on extending our Ledger Nano S application to support validator signing. This app can store recent blocks and mitigate double signing attacks. We will update this page when more key storage solutions become available.

Sentry Nodes (DDoS Protection)

Validators have a responsibility to ensure that the network can withstand denial of service (DoS) attacks. Validators can mitigate these risks by carefully structuring their network topology in a so-called sentry node architecture.

Architecture Overview

Validator nodes should only connect to full nodes they trust—either because they operate the nodes themselves or because the nodes are run by other validators they know socially.

A validator node typically runs in a data center, most of which are linked directly to the networks of major cloud providers.
The validator can use those links to connect to sentry nodes, which run in the cloud.
This setup shifts the responsibility of denial-of-service from the validator's node directly to its sentry nodes.

It is possible to spin up sentry nodes or change their IP addresses relatively quickly. Because the links to the sentry nodes exist in private IP space, an internet-based DoS attack does not affect them directly.

This setup will ensure that validator block proposals and votes are always transmissible to the rest of the network.

Configuration

Follow these steps to set up your sentry node architecture.

Configure Validator Nodes

Validators nodes should edit their configuration to maintain persistent connections to the sentries and disable peer exchange.

config.toml

# Comma separated list of nodes to keep persistent connections to
# Do not add private peers to this list if you don't want them advertised
persistent_peers = ["list_of_sentry_nodes"]

# Set true to enable the peer-exchange reactor
pex = false

Configure Sentry Nodes

Sentry Nodes should edit their configuration to keep the validator's ID private so it is not gossiped to other peers.

config.toml

# Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
# Example ID: 3e16af0cead27979e1fc3dac57d03df3c7a77acc@3.87.179.235:26656
private_peer_ids = "node_ids_of_private_peers"

Edit this pageorReport an issue

Validator FAQ

Frequently asked questions about becoming and running a validator on the BitSong network.

IBC Channels

Official BitSong IBC (Inter-Blockchain Communication) channels.