Add BLS to ETH1 change request

[mbaranovski]

Description

I staked ETH and set the withdrawal credentials to the BLS ones using Ledger device. Shanghai upgrade is approaching, in order to withdraw the funds from my validators I need to update withdrawal credentials from BLS to ETH1. There are some existing guides like this one, but how do I do it on the ledger device?

Your environment

• OS and version - Mac OS
• Device (Nano S, Nano X, Ledger Blue) - Nano S

[adrienlacombe]

hi @mbaranovski this is currently not possible, we are looking into it.

[ksheni56]

Hello, please make it possible in the spirit of the Ethereum-Community. Thank you

[calaber24p]

@adrienlacombe-ledger please work to make this a high priority within the ledger team in the coming weeks before shanghai. Many of us will be relying on Ledger and Stakefish to work together to make this a reality. Many of us lack the technical ability to do the cli commands ourselves so we are stuck unless something is done.

[adrienlacombe]

@calaber24p I wish I had this kind of power but I don't set priorities at Ledger.

[calaber24p]

@adrienlacombe-ledger At minimum I appreciate letting the team know, I think many of us are just a bit frustrated. Any update on what the team says, or if they decide they will even try and make a fix would be appreciated.

[adrienlacombe]

We know, I understand. I keep you posted.

[ksheni56]

Thank you. From what I read in Ledger reddit channel, the Ledger Nano X already supports BLS signing, so theoretically only the integration for the Ledger Ethereum app would be required? This makes a lot of sense to do I think, and it would be enough for me if we where not forgotten. I like being at "ledger's home" @adrienlacombe-ledger

[jmspinelli]

Thanks @adrienlacombe-ledger ,

It would also be helpful to understand the roughly estimated timeline once known. Many of us have staked and waited a long time already, but just knowing for sure this is a feature that is being worked on, and at least assured it was a feature that is possible so our funds are not locked up forever, would be comforting to say the least!

[adrienlacombe]

@jmspinelli your funds are not locked up for ever, you can always put the mnemonic in an air gapped computer and sign the message there but we would prefer that you don't have to do that. I keep you posted on feasibility for sure.

[jmspinelli]

Ok, thanks. Yes, rather not go down that route, which could be complicated. Not sure air gapped computer method is possible if we used a 3rd party provider such as Staked.US; Stakefish, etc that doesnt hold the private keys (mnemonic) but holds some other component of the keys needed to service the validator.. not like we can access their infrastructure. We'd have to install dependencies for the validators locally onto our machines then?

[ksheni56]

@adrienlacombe-ledger Unfortunately the way with Ethdo isn't working properly (I try'd it with only menomic-ledger-seedphrase on my airgapped laptop) like @jmspinelli told. I was a bit shocked as a non-tech expert when I got the message from ethdo offline: no validator could be found to this mnemonic, it searched 1024 indices. So I used the Ledger Recovery Check app to check my phrase, and at least withdrawal credentials are on my ledger.

Some people used a hardware wallet to create BLS credentials and are now stuck. Because said wallet can't sign a BLS message. Allnodes (which I used to setup my validator - https://wallet.allnodes.com/eth2/generate) and staked.us did it differently and used a BLS public key from a Ledger.

In theory, as long as we have the validator seed phrase, derivation path (this is likely the piece we are missing), and any passphrase (may be applicable if you used this on the ledger), then it is possible to use ethdo today.

All of this are informations that I've received from inquiries in the Ethstaker Discord channel which I like to share with you, but from what I see there is really no other way to get recontrol to our money around without the help from Ledger Team which hopefully can offer us the BLS signing in the ethereum app. I wish you all the best of luck and hope you can do it.

[adrienlacombe]

@jmspinelli @ksheni56 thank you both for these details, indeed this would require work from the staking services, I will share this with the team.

[ksheni56]

With pleasure, if I can be of any further assistance, please let me know.

[bitcoinjesus]

@adrienlacombe-ledger Please accept this as positive criticism as I have been appreciative of Ledger since 2015. How is the company "Ledger" not wayyy far out ahead of this implementation already in expectation of the Shanghai upgrade? Stake.fish is arguably the industry leader in Ethereum Staking. #SomethingSmellsFishy

[adrienlacombe]

Priorities @bitcoinjesus as simple as that. Also, anyone can build the app for this implementation, if anyone is tired of waiting, they can build it, np.

[adrienlacombe]

@jmspinelli some time in June is the ETA

[bitcoinjesus]

Priorities @bitcoinjesus as simple as that. Also, anyone can build the app for this implementation, if anyone is tired of waiting, they can build it, np.

Enabling your user base feasible access to Xbillion dollars of their recently unlocked liquidity should be the highest priority in my opinion. Again, I'm just one voice but I think this rings true for many.

[adrienlacombe]

I agree with you @bitcoinjesus , I am not setting said priorities ;)

[mbaranovski]

Priorities @bitcoinjesus as simple as that. Also, anyone can build the app for this implementation, if anyone is tired of waiting, they can build it, np.

Wow, really professional response. At least we know the ETA now and the official Ledger's statement that we can "do it on our own if we're tired waiting". Thank you!

[ksheni56]

@mbaranovski Jap, I think we should be very thankful for that the company Ledger is helping very significantly. Apparently there are not many in the community that can tinker such an app?

[bitcoinjesus]

@mbaranovski Jap, I think we should be very thankful for that the company Ledger is helping very significantly. Apparently there are not many in the community that can tinker such an app?

This is their entire reason for existence. It was Trezor/BTC and Ledger/ETH for me. I'm beginning to think it needs to be Trezor for all now with this debacle. They had two years to identify this gap requirement and solve it!!

[adrienlacombe]

@mbaranovski Jap, I think we should be very thankful for that the company Ledger is helping very significantly. Apparently there are not many in the community that can tinker such an app?

Ledger doesn't have the people to code and maintain all the apps, most apps are developed and maintained by people outside the company.

[ksheni56]

@adrienlacombe-ledger Ah okay, let's say workers who has sympathy for Ledger. For me, this is one of the most innovative companies in the crypto industry. I'm using it since 2018 and very happy to have my funds securely stored in my Ledger. So let's hope again, that EU-MiCA papers will be turn into a something better than we've seen last year.

[jmspinelli]

Thanks @adrienlacombe-ledger for at least giving an ETA. I would just add a few thoughts:

As you can see many have quite a bit at stake (no pun intended), I think proposing to give updates here on a weekly schedule (every Friday?) would probably go a long way helping the overall communications and give more confidence to the community.

Secondly, since this ETA is quite a bit out from the April Shapella mainnet launch, I think more instructions on a workaround method to perform this BLS conversion on an air-gapped machine should be published. At least a step by step guide to those who are willing to take on some extra steps required to withdraw their ETH (some may need to withdraw sooner than June)

Thanks and appreciate the support.

[bitcoinjesus]

I'm sorry, still dumbfounded that Ledger outsources Bitcoin and Ethereum App development for their hardware. This situation is very eye opening

[adrienlacombe]

I'm sorry, still dumbfounded that Ledger outsources Bitcoin and Ethereum App development for their hardware. This situation is very eye opening

In these 2 apps Ledger employees are still heavily involved but this doesn't prevent external contributions.

[adrienlacombe]

@jmspinelli could this help? https://www.reddit.com/r/ledgerwallet/comments/11ehfy4/comment/jepcyxp/?utm_source=share&utm_medium=web2x&context=3

[jmspinelli]

I don’t think it does. I’m looking to see if anyone that used ledger + stakefish can actually confirm this method has worked? The person that posted the link you sent , StableRare, actually says “no idea if this works”. If you do hear about a set of instructions that have actually worked that would be more helpful as I’m less inclined to try a method that hasnt been confirmed or tested.

I was hoping for a more official guide from Ledger to be honest.

[ksheni56]

I have read about the eip-2333tool, I think it could work if you do it right but you should wait for Ledger because this more the more authentic way to change your address, remember you signed it with your ledgo and hopefully we can do it again, soon. There is no rush and using this as a preferred option for such a substantial process as it really requires very deep understanding, especially with the EIP-2333 tool.

I'd rather wait another 2 or 3 months for Ledger's solution as I'm not stressed about withdrawing the funds yet. For now, I will just declare the rewards on my taxes and of course our tax authority would like to know if I also have access to withdrawal this funds.

[jmspinelli]

Also how has someone from Ledger not validated a workaround using this air-gapped machine BLS conversion on Goerli yet? Is there no workaround? I haven’t heard one instance on any thread where someone with a Ledger was able to accomplish this withdrawal address conversion step.

[jmspinelli]

Thanks @ksheni56 but until someone actually does it, it doesnt work. Theory is always nice but I’m assuming if nobody has actually successfully used it by now it doesnt work.

[adrienlacombe]

We have not validated any workaround and we are focusing on delivering a solution using the Ledger.

[ksheni56]

@jmspinelli Would be of course a fine thing if Ledger could test this and would classify this method as trustworthy? It is a pity that there is not an app like "Recovery Check" where you can read out your private keys that you have stored in your ledger. Many paths lead to Rome. :) Of course, this is just wishful thinking

[jmspinelli]

I understand the focus on the safer, proper solution. But I think having one person on the Ledger team spend an hour or two and validate a manual solution on Goerli is a form of unit testing. If it cant be done manually entering keys, it cant be done in an automated fashion directly from the hardware device. The math is identical, its just a security nuance which shouldn’t matter on Goerli.

[ksheni56]

I'm an optimist. So I don't think we will get a solution that doesn't work for the end customer. Maybe someone will do it soon for a Patreon donation?

[loosferatu]

I've had a good enough experience with Stakefish to be optimistic that they are investigating a workaround, in the case of there not being a solution from Ledger by the time of the upgrade. That being said, it is disappointing that Ledger, the most prominent company for hardware wallets, is not "prioritizing" this very important feature for the second-largest cryptocurrency.

[jmspinelli]

There is a workaround, but in order to generate the proper private key that was used to sign the original contract, we would need the derivation address stakefish used, in combination with the ledger mnemonic.

https://www.reddit.com/r/ledgerwallet/comments/11ehfy4/is_ledger_working_on_updating_their_devices_to/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1

[yzhuang]

There is a workaround, but in order to generate the proper private key that was used to sign the original contract, we would need the derivation address stakefish used, in combination with the ledger mnemonic.

https://www.reddit.com/r/ledgerwallet/comments/11ehfy4/is_ledger_working_on_updating_their_devices_to/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1

1. stakefish uses m/12381/3600/0/0.
2. stakefish does not officially support any workarounds other than what Ledger supports officially. Please use caution and use 3rd party workarounds at your own risk. (Typing your secret phrase in an online environment or into any 3rd-party app that you did not vet the source code or compile from the source is potentially unsafe. Doing so defeats the purpose of using a hardware wallet.)

[ksheni56]

@adrienlacombe-ledger Maybe interesting for your team internally?https://github.com/wealdtech/ethdo/issues/79)

[jagmot]

Allnodes uses the default derivation path.

[ksheni56]

Goods news @adrienlacombe-ledger After long testing, I got my bls-to-execution-change.json with the StakingCLI guide from Allnodes. StakingCLI support passphrase. https://help.allnodes.com/en/articles/7235575-how-to-change-your-ethereum-withdrawal-credentials-from-0x00-to-0x01-deposit-cli But I've to use one Validator ID for each run. I'm will wait for the Ledger's solution as I would like to test it out because for this I bought a nanoX

[loosferatu]

@yzhuang I know stakefish won't officially endorse a method like this but as far as you know, would this process be the same for a stakefish user? https://help.allnodes.com/en/articles/7235575-how-to-change-your-ethereum-withdrawal-credentials-from-0x00-to-0x01-deposit-cli

[ksheni56]

@loosferatu I think you can't use stakingCLI because I couldn't see a option to choose random derivation path. You'll need ethdo with eip2333 tool, because stakefish uses non-standard path like allnodes did. I hope this will work for you.

1. Prepare offline file: ./ethdo validator credentials set --prepare-offline (optionally, you can use --connection to set your own endpoint, otherwise it defaults to the Attestant RPC endpoint).
2. Use eip2333-tool (with offline computer) and generate private key using ledger mnemonic + passphrase with the non-standard derivation address: m/12381/3600/0/0 -->Put 0x before the derived Private Ley, called Secret Key under the m/0 path of Derived Keys at the bottom (https://github.com/iancoleman/eip2333-tool/releases/tag/0.2.0)
3. Use the above derived private key in ethdo using an offline computer: ./ethdo validator credentials set --offline (optional, use if doing offline) --private-key=0x0123...cdef --withdrawal-address=0x0123…cdef --validator=123 (optional, should automatically find all validators without this and put in a single json. Use if you need individual jsons for something like CLWP)
4. This will prepare the bls2execution json file for those validators called change-operations.json. Can then submit this either via beaconcha.in (https://beaconcha.in/tools/broadcast) or your own node CL

[loosferatu]

@ksheni56 thank you! I think I understand for the most part, but could you go into further detail about what I need to install on a windows machine to run the ethdo commands?

[ksheni56]

@loosferatu Sure, Allnodes has also a tutorial for ethdo. You only need ethdo and cmd that's it. However, start with "A. Instructions for Windows" part, you actually already have the instructions https://help.allnodes.com/en/articles/7173647-how-to-change-your-ethereum-withdrawal-credentials-from-0x00-to-0x01-ethdo

Don't forget to do it on a 100% offline computer

[loosferatu]

@ksheni56 Just here to report that your instructions worked! Thanks again

[ksheni56]

Use beaconcha.in/tools/broadcast?

[jmspinelli]

@loosferatu those instructions above worked for a stakefish/ledger 0x00 to 0x01 conversion?

[loosferatu]

@ksheni56 Yes. @jmspinelli Yes. Just use these directions through step 8 (Windows): https://help.allnodes.com/en/articles/7173647-how-to-change-your-ethereum-withdrawal-credentials-from-0x00-to-0x01-ethdo

After step 8, read @ksheni56's instructions above. You can ignore his step 1 because you will have already done that.

[jmspinelli]

Very promising! Thanks for being a trailblazer @loosferatu ! So just to be clear this is just for the withdrawal address conversion right? What about the actual withdrawals ? Will you be able to exit on beaconcha.in? Or does this have ti be via Stakefishes interface?