Lagrange Network AVS Key

First, an operator needs to create a key specific for its operation on the Lagrange Network.

Currently, the same key is used for many workers for a single operator. That simplifies the key management overhead. If a key is compromised, it is enough to de-register and re-register on Lagrange Network with a new key.

To do so, run the following command

docker compose run --rm worker avs new-key

This prompts you for a password to create the encrypted keystore containing the new ECDSA key specific to Lagrange Network. This key has to be distributed to all the workers running under the same operator.

You should see the following:

Input password for Lagrange key:
new Lagrange keystore stored under config/lagr_keystore.json
	public_key = "66779122cb188d1e70889278ffb3ee8ee024d4a23742a59afbdaaa096fc5135c3a14d897de87d1c56adbe029619c231416e7dfb3f1de0a542dd8ac7f4748ce07"

Registration on Lagrange AVS Contract

Now that there is an operator key, the operator needs to register is to the Lagrange Network contracts.

For this, the operator needs to gather both:

  • The main ECDSA AVS key generated during the first EigenLayer registration as encrypted keystore

  • The Lagrange specific ECDSA key generated just above

This method will register the fact that the operator is operating for Lagrange AVS to EigenLayer contract while notifying Lagrange contracts of the specific key !

  1. Add the Ethereum keystore under config/priv_key.json. This is the operator keystore generated by EigenLayer cli.

  2. Run the following

docker compose run --rm worker avs register

The is the only time where Lagrange binary needs to read the main ECDSA operator key. It does not store it and can be safely kept away after this step !

You can remove the key from the config/ folder !

Contracts Registration

For the most curious reader, you can look at our registration function

function registerOperator(
        PublicKey calldata publicKey,
        ISignatureUtils.SignatureWithSaltAndExpiry calldata operatorSignature
) external onlyWhitelist(msg.sender) ensureValidPublicKey(publicKey) {

The public key argument is the lagrange public key, encoded in affine coordinates. The `operatorSignature` is the usual EigenLayer requested signature that gets verified on their smart contract.

Last updated