Multiple owners in the pool, signing registration-certificate

I am in the process of setting up a pool that has multiple owners. The operator will not have control over the signing key of the other owners.

Now I am running into the issue that in order to sign the Pool registration-certificate, it MUST be signed by all owners.
Failing to include the owner’s skey gives an error with “MissingVKeyWitnessesUTXOW”. At least, this is my assumption based on the specs: https://hydra.iohk.io/build/902246/download/1/delegation_design_spec.pdf#subsubsection.3.4.4

So,

  • Am I correct that I need the signingKey of all the owners ?
  • What is the best way to get this transaction signed with signingKeys I have no control over?
  • Or should I just ask the other owners for the signingKey? (I have no idea yet what the abuse potential is of having a signingKey of someone else)
  • Or is there a way to sign a transaction in multiple steps? (send the transaction to the other owners to be signed).

Thanks in advance!

Yes, you will need to sign the transaction with all stake skeys

I believe each owner can sign transaction individually, but I have not attempted this. Worst case, I personally see no real danger in requesting the owner to provide their stake keys. From an adversarial perspective, the worst you could do as a malicious actor is either un-delegate their stake or re-delegate to another pool, either of which action would tank your pool pledge. You as the operator with the pool cold keys could disrupt the pool regardless, so therefore I don’t see an issue.

As long as the other owner does not share payment address keys, those funds will be safe.

3 Likes

Just tried it and basically signed the transaction with two stake.skeys where Bob and Alice contribute to pledge:
cardano-cli shelley transaction sign
–tx-body-file tx.raw
–signing-key-file payment.skey
–signing-key-file Alicestake.skey
–signing-key-file Bobstake.skey
–signing-key-file cold.skey
–mainnet
–out-file tx.signed

1 Like

Hey Frog, how do you create multiple keys for multiple pool owners? Creating multiple keys seems simple enough but how do you associate these multiple keys to my one pool?

I am using coincashew and it provides no guidance on this topic thanks in advance.

How did you go about partially signing the registration? I am in a similar situation but wont be able to get access to the pledge’s payment signing key (So I cannot abuse the funds)

you don’t need the pledge payment signing key - any arbitrary payment address can be use to pay the transaction fees / deposits associated with submitting the transaction

first - simply create multiple address keys with different names

For example:

1 rewards.skey, rewards.vkey, rewards.addr
2 pledge1.skey, pledge1.vkey, pledge1.addr
3 pledge2.skey, pledge2.vkey, pledge2.addr

Make sure to register each stake addresses as well as create delegation certs for each stake address

Pool registration params will look something like this:


–pool-reward-account-verification-key-file ~/path/to/rewards.vkey \
–pool-owner-stake-verification-key-file ~/path/to/pledge1.vkey \
–pool-owner-stake-verification-key-file ~/path/to/pledge2.vkey \

1 Like

And of course, do not forget to sign the tx with as many secrets keys as addresses involved.

1 Like

Thanks for your reply frog :smiley:
I hadn’t thought about another payment address :sweat_smile:, but what can be done about the stake.skey? Is it critical that this key is cold?

While it’s not best practice to throw stake keys around, the worst a malicious actor could really do is re-delegate your stake (or unregister your stake address) without your permission - meaning you would simply need to move the funds to a new address (hence new stake key) - this could harm the pool, but I don’t see many cases where you would trash your own operation by re-delegating your partners stake keys. If you were to run off and create a separate pool using them all the other party would need to do is send the funds to a new address which would effectively make the stake keys useless.

With that being said, you can sign in counterparts using witnesses assuming the other party is sophisticated enough to use the cli. I don’t have an example offhand but I’m sure I could dig something up if that’s the route you want to go.

Let me know - I will have some time tomorrow to help

Your friend, FROG

And widthdraw your rewards if any :slight_smile:

2 Likes

Thanks for the explanation that helps alot :smiley:
If you don’t mind, an example of using a witness would be great thanks. I cant seem to find many resources online explaining this process, so learning how to do so would be super helpful regardless. :pray:

Yep - but only if the relevant stake address correlates the rewards address registered for the pool. This would not be the case with a pledge (owner address) that is different than the registered rewards address.

Buy absolutely true otherwise for a regular delegated stake address (non-pool owner address)

1 Like