Kraken suspends staking services, a comprehensive look at the relationships and differences between the 4 staking options

Written by: 0xTodd, Partner at Nothing Research

Source: Deep Tide

Today, taking advantage of the news that Kraken has suspended Staking, I want to provide a popular science explanation & analysis of Staking:

1) Essentially, the most important aspect of Staking is to look at the ownership of the two private keys.

2) Due to the different ownership of the two private keys, four types of Staking solutions have emerged.

I believe that after reading this article, you will have a deeper understanding of Lido, Rocket, Coinbase, Kraken, SSV, and Ebunker.

If we consider Ethereum as a company, the validators responsible for Staking are the employees. Their job is to verify the legitimacy of transactions and then package blocks onto the chain (although the task of constructing blocks has gradually been outsourced to MEV service providers).

1) First, as a validator, you need to prove your employee identity. After all, not everyone can just verify; after depositing 32 ETH as collateral, you need to hold a certificate (i.e., [validator key]). Theoretically, the first step in Staking is to create a validator key. Then, holding your validator key, which is your work ID, you can stamp each transaction.

2) Second, Ethereum thoughtfully designed a second private key for receiving the aforementioned collateral (32 ETH). When you become a validator, you will need to fill in a "withdrawal address." This is the address where you will withdraw your principal and salary in the future, and the private key for that address should theoretically be in your hands (i.e., [withdrawal key]). For example, this is your salary card.

So, the uses of the two private keys: ① validator key (work ID), ② withdrawal key (salary card) should be clear to everyone.

Next, based on the different ownership of the two private keys, four Staking solutions have emerged:

• CEX type
• Large pool type (Pooled Staking)
• SaaS type (Staking as a Service)
• Solo type

Solution 1: CEX type / Fully Managed

If you use an exchange Staking solution, such as Binance, Coinbase, or Kraken, which just announced the suspension of its Staking service today, you will find that you have never created a [validator key] or filled in a [withdrawal key]; this is a standard "fully managed" solution.

So where are these two keys?

1) The validator key is in the Binance Pool or Coinbase Pool.

2) The withdrawal key is in the cold wallets of Binance and Coinbase.

You don't have to work (participate in validation), and the salary card is kept by the exchange for you. This solution is the most worry-free and has a guaranteed return.

However, it is not suitable for those who pursue decentralization, as FUD arises frequently, and it seems that the U.S. may not even allow you to operate this way.

Solution 2: Large Pool Staking (Pooled Staking)

This is the Staking solution of Lido and Rocket Pool. You still do not need to create those two keys; they are managed by Lido and Rocket. So what is the difference from exchanges?

First, let's talk about the validator key:

Exchanges: Obviously, they have only one operator, which is themselves.

Lido: Lido 1.0 has 29 operators, and Lido entrusts the management of ETH to them, so the validator key is relatively decentralized, with each of the 29 operators holding some. In other words, Lido is a group with a powerful team of 29 workers; you don’t have to work yourself, letting the professionals help you. Thus, the operators take a 5% cut, and Lido takes another 5%.

Rocket Pool: Rocket Pool can have countless operators; anyone with a machine/cloud server and 16 ETH can become an operator. In other words, Rocket Pool is a crowdsourcing platform with a bunch of delivery riders who bring their own electric vehicles (machines/cloud servers) and data centers to help you run nodes. Naturally, they also take a cut.

Now let's talk about the withdrawal key:

Here, it is necessary to add another principle: What is the process of Staking withdrawal? I briefly introduced Shanghai Upgrade and Withdrawal in my previous post.

As we know, Ethereum consists of two chains:

• Ethereum 1.0 (execution layer)
• Beacon Chain (consensus layer)

When you Stake, the first step is to transfer ETH to the Ethereum 1.0 Beacon treasury address for locking, and then the Beacon Chain generates the corresponding ETH for you on the consensus layer.

Note that these ETH are locked, not destroyed on 1.0 or cross-chained to the Beacon Chain; they are merely locked and mapped. The schematic is as follows:

After the Shanghai upgrade, withdrawals will be a new type of transaction. When you withdraw:

1. Your node notifies the Beacon Chain and sends a withdrawal signal.
2. Queue up.
3. After your turn, the Beacon Chain notifies the Ethereum 1.0 treasury.
4. The Ethereum 1.0 treasury address transfers funds to your specified address, such as 0xTodd.eth.

So, the so-called [withdrawal key] is essentially the private key of the address "0xTodd.eth."

The withdrawals from Lido/Rocket add three more layers:

1. You notify Lido/RPL that you want to withdraw.
2. Lido/RPL notifies the operator that a certain node wants to withdraw.
3. The operator notifies the Beacon Chain that a certain node wants to withdraw.
4. Queue up.
5. The Beacon Chain notifies the Ethereum 1.0 treasury.
6. The Ethereum 1.0 treasury address transfers funds to Lido/RPL's withdrawal treasury.
7. You burn stETH/rETH, and the Lido/RPL smart contract transfers funds to your address.

PS: If it were an exchange, step 7 would be CZ/Armstrong directly adding balance to your Binance/Coinbase central account.

For large pool solutions, steps 1, 4, 5, 6, and 7 are flawless and are purely on-chain operations.

The weak link is in steps 2 and 3.

Theoretically, large pool solutions can refuse your withdrawal; for example, if you are sanctioned by the U.S. OAFC for using Tornado Cash, they can simply not relay the message in steps 2 and 3.

I call it a "large pool" solution because all nodes' withdrawal addresses are filled with the same address, which is the Lido/RPL withdrawal treasury smart contract address.

Of course, for CEX, they still have made significant progress.

However, due to the operational space in steps 2 and 3, this type of solution becomes very close to a "fully managed" solution. After all, the withdrawal key theoretically still belongs to the large pool; what you hold is just the "withdrawal address" of the "withdrawal address."

Therefore, for solutions that do not control the final destination of funds, I tend to categorize them as "fully managed."

Some Rocket Pool supporters often claim it is completely decentralized, and this advertising slogan is deeply ingrained.

But after reading this article, you will know that it has achieved decentralization in the validator key part, where anyone can become a validator (Lido V2 is also working hard to achieve this).

However, in the withdrawal key part, as a user, you still cannot participate; your assets still quietly lie in a third-party wallet.

Of course, compared to exchanges, Lido and Rocket Pool only require one or two more steps but are more decentralized, making them a good compromise. Especially Lido, whose stETH liquidity is excellent (currently far surpassing all other LSD solutions), is an important plus.

Solution 3: SaaS (Staking as a Service) / Small Pool Type

In the third solution, Staking becomes more purist. I personally have a certain degree of decentralization obsession, especially after experiencing a series of CEX explosions.

Earlier, I made an analogy: the validator key is a work ID; the withdrawal key is a salary card. So, people naturally wonder, is there a solution that allows someone else to work for me while I receive the salary?

Such a good thing does not exist in real life, but it does in the Ethereum network, which is SaaS or VaaS (Validator as a Service). Let's take the non-custodial pool @ebunker_eth as an example.

What we first need to do is turn the validator key into a keystore and give it to the Ebunker Pool. Next, the professional pool will maintain the block production of this node. Meanwhile, the withdrawal address is filled with my own, meaning I control the final withdrawal rights on Ethereum.

To summarize:

• [Validator key], I have one copy, and the pool has one copy;
• [Withdrawal key], only I have it.

That is: the pool works / I take the money / the pool takes a cut.

What is the difference between this solution and the large pool type? The difference is:

• In the Pooled type, the withdrawal address is unified (i.e., Lido/RPL treasury), so it is a "large pool."
• In the SaaS type, the withdrawal address is filled in by each person individually, so it is a "small pool."

PS: The terms large pool and small pool are ones I coined; I think they are very illustrative and easy to understand.

You might ask, in the SaaS type, if the pool does not help you broadcast to the Beacon Chain, you still cannot withdraw, right?

The key point is that because you have your [validator key], if the worst-case scenario occurs, such as the pool rugging, you can still run this node yourself and broadcast it personally.

At the same time, you also have the [withdrawal key], so you can withdraw personally and retrieve your principal intact.

In contrast, in the large pool type solution, if the worst-case scenario occurs, you do not have this capability because you have neither the [validator key] nor the [withdrawal key].

You might ask a second question: In the SaaS solution, can a small pool rug your money and run away?

This is the clever design of Ethereum Staking, as when you create a node, you will fill in your own withdrawal address, which the pool cannot alter. Therefore, even if the pool rugs, your principal absolutely cannot be taken by the pool, as stealing it would be as difficult as attacking Ethereum itself.

In contrast, in the large pool solution, if the worst-case scenario occurs, theoretically, it can run away with the funds. It's simple; it just needs to upgrade its treasury contract and transfer its ownership to the attacker. Of course, this is the worst-case scenario, and the probability of it happening is very low.

To counter this, Lido has introduced multi-signature management for smart contract upgrades; however, Rocket Pool seems to be tight-lipped about this matter, and I have not found any discussions regarding contract upgrades.

Therefore, for those who do not want to work (after all, maintaining a node 24/7 is not an easy task) but have security requirements (not letting third parties manage funds), choosing SaaS services is a good option. Besides @ebunker_eth, there are other pools that offer similar "non-custodial" services, which can be checked on Rated.

Of course, there are also drawbacks; all non-custodial SaaS types do not have LSD solutions.

The reason is quite simple: if they do not control your private key, how can they dare to issue you a passbook (LSD)? Of course, some SaaS pools may also offer large pool solutions, which can provide LSD.

In simpler terms: who controls the private key determines whether LSD can be provided. CEX and large pool solutions can, while small pools and Solo cannot.

After the Shanghai upgrade, Ethereum withdrawals may take 1-2 months at most, and the liquidity of SaaS small pool solutions has also been somewhat guaranteed, so this is also my personal favorite solution: worry-free / slightly more effort / not giving private keys to others / decent APR.

Solution 4: Solo Type

Finally, let me introduce the ultimate holy grail, Solo Staking.

Solo, as the name suggests, means doing it yourself without involving any third parties, maximizing decentralization and security.

Solo miners independently hold both the [validator key] and the [withdrawal key].

• The advantages are obvious: security, no one takes a cut, adds diversity to Ethereum, and… satisfies spiritual needs!

• The disadvantages are equally obvious: you have to work personally, which incurs costs: time costs (maintaining it) and capital costs (renting servers/building physical data centers). If you do not maintain it 24/7, your APR will be slightly lower due to penalties.

This distinguishes between being a miner (as long as you can run it) and being a good miner (pursuing high returns).

For example, the current effective block production rate across the network is 97%; Vitalik might be a Solo miner, and even he, being so professional, can only achieve a 96% effective rate, while Rocket Pool is even lower, with an efficiency of only 95%.

Moreover, Solo is the eternal holy grail. If the number is large enough, I strongly recommend researching Solo.

If the number is below 100K, I suggest revisiting the second and third types.

Additionally, let me insert a side note. What is the SSV network for? SSV is actually a researcher of DVT technology, and it is currently not a competitor to the aforementioned four types of solutions but rather a cooperative relationship. DVT is used to split the validator key.

When your validator key is split into four parts, the advantages are:

① If one operator goes offline, the other operators can immediately take over;

② At the same time, each operator does not know the complete validator key, which makes this verification process more decentralized and can strengthen the Lido, SaaS, and Solo solutions.

Finally, I have finished writing this! Although it is long, I hope this analysis can help everyone thoroughly understand the relationships and differences between all Staking solutions. Feel free to mark it for review anytime. Also, feel free to share your favorite Staking solutions and join the discussion.