Ethereum 2.0 introduces a more complex and secure key management system compared to Ethereum 1.0. While both rely on elliptic curve cryptography, Ethereum 2.0 incorporates enhanced functionality, utilizing different parameters and the BLS (Boneh–Lynn–Shacham) signature scheme. This article explains the key components and their roles in the new Ethereum ecosystem.
Overview of Ethereum 2.0 Keys
In Ethereum 1.0, users access their funds with a single private key. Ethereum 2.0, however, requires two distinct keys: the validator private key and the withdrawal private key. This separation enhances security and operational flexibility for network validators.
Validator Keys
Validator keys consist of two elements:
- Validator private key
- Validator public key
The validator private key must remain accessible for signing on-chain operations, such as block proposals and attestations. As a result, it is typically stored in a hot wallet. This setup allows for quick migration between devices but introduces risks if the key is lost or stolen.
Malicious actors with access to the validator private key can:
Cause the validator to be slashed by:
- Signing two different beacon blocks for the same slot as a block proposer
- Attesting to a surrounding vote as an attestor
- Making two distinct attestations for the same target checkpoint
- Force an early exit, halting validation and granting the withdrawal key owner access to the remaining ETH balance.
The validator public key is included in the deposit data and helps the Ethereum 2.0 network identify the validator.
Withdrawal Keys
The withdrawal key enables the transfer of a validator’s balance once transfers are enabled in Phases 1 and 2. Like validator keys, withdrawal keys include:
- Withdrawal private key
- Withdrawal public key
Losing this key means losing access to the validator’s balance. However, the validator can still sign attestations and blocks using the validator private key, though without the ability to withdraw rewards, the effort is largely futile.
To initiate a withdrawal, the validator must be in an "exited" state.
Managing Multiple Validators in a Single ETH1 Wallet
Each validator has unique deposit data, which the beacon chain uses for identification. A single validator uses four keys.
To replenish a validator’s balance (e.g., when the effective balance is depleted), send another transaction of at least 1 ETH to the deposit contract, using the validator’s specific deposit data as input. This deposit data is stored on the blockchain after the first transaction and can be queried via block explorers.
Note: The deposit contract costs approximately 360,000 gas, but due to refund mechanics, a gas limit between 400,000 and 500,000 is recommended.
Mnemonic Phrases for ETH2.0 Validators
While users are familiar with 12–24 word mnemonic phrases, Ethereum 2.0 initially moves away from this system toward locally stored keys. This change is due to the lack of hardware wallet support for BLS key generation until audits are completed and standards like EIP-2333 and EIP-2334 are implemented. During Phase 0, mnemonic phrases are not available for Ethereum 2.0 keys.
How Key Derivation Works
Mnemonic phrases and derivation paths are well-known concepts in cryptocurrency. Ethereum 2.0 applies similar logic but with different parameters. A parent key (mnemonic) allows users to link multiple validators to a single withdrawal key. From this, users can derive all necessary keys.
👉 Explore key management tools
Path Structure for Ethereum 1.0 and 2.0
Ethereum 1.0 uses the path structure:m/44’/60’/0’/0
Ethereum 2.0 uses a similar hierarchical deterministic wallet structure but with altered parameters to support validator and withdrawal keys.
Frequently Asked Questions
What is the main difference between Ethereum 1.0 and 2.0 keys?
Ethereum 1.0 uses a single private key for accessing funds, while Ethereum 2.0 uses separate validator and withdrawal keys for improved security and functionality.
What happens if I lose my validator private key?
If lost, you cannot perform validator duties. If stolen, an attacker can slashed your validator or force an exit, compromising your staked funds.
Can I use the same mnemonic for Ethereum 2.0 as for Ethereum 1.0?
Not initially. Until hardware wallets support BLS standards, Ethereum 2.0 keys must be managed separately without mnemonic phrases.
How do I withdraw funds as a validator?
You must exit the validator state and use your withdrawal private key to access your balance once transfers are enabled in later phases.
Is it possible to run multiple validators from one Ethereum 1.0 wallet?
Yes, each validator has unique deposit data, but all can be managed from a single wallet if configured correctly.
What gas limit should I use for deposit transactions?
Aim for 400,000–500,000 gas to cover the base cost and potential refunds.