Consensus Layer Withdrawal Protection is a community driven project built to add additional security to Ethereum (II) consensus layer by helping set withdrawal addresses by signing messages with both your consensus layer and execution layer deposit address.
It's human nature to learn from our mistakes, and cryptographic key management is no exception.
CLWP #4736 is a team of Devs and users who understand this only too well. Consensus Layer Withdrawal Protection EIP #4736 helps set your withdrawal address as early as possible. Even if you know your keys and validator seed phrase have not been compromised until you set your withdrawal address you cannot be sure your keys won't be compromised in the future. CLWP is the solution to protect your validator & ETH.
We know that technical discussions regarding blockchain protocols can be a bit daunting, so we will do our best to break it down throughout this website, some content may be more technical than others but bear with us as we intend to supply enough documentation so anyone of any technical level will be able to use CLWP.
In essence each node validator should hold three private keys, the “Validator Key” the “Withdrawal Key” also known as the consensus layer (CL) withdrawal key, and the private key for the execution layer (EL) also known as the private key for your Ethereum wallet from where you made your deposit of 32 ETH to the “ETH II Deposit Contract”
CLWP does not require you to ever reveal your seed phrase, please keep this in mind so you are not scammed, we will NEVER ask you to reveal your private key(s).
A user can enable CLWP by signing off-chain messages using these three keys, once these signatures have been signed we can verify your ownership of a validator node. We will supply instructions on how to do this, but in basic terms we will show you how to sign a transaction with each of your keys, this way you will not need to reveal the private keys to anyone, but we will have proof you have these keys in your possession by signing the CLWP EIP protocol. Once confirmed this will enable us to add your user status to a white list which will be broadcast across the Ethereum network the moment the consensus layer supports setting a withdrawal address. This will help set your withdrawal address as early as possible.
Please note: WE WILL NEVER ASK YOU FOR THESE KEYS! If you are ever asked by someone impersonating the CLWP team, you can be sure it’s a hacker, screenshot the conversation, block and report the user right away. Feel free to share the experience in one of our public forums like our discord channel so others are aware. You must stay vigilant and do your best to protect one another.
* Disclaimer: The CLWP will give you the best chance of winning a race should a bad actor have in their possession your keys and attemp to use them against you. However, it is a race condition and there are no gaurantees.
In the best case scenario, no hacker has all three private keys so they could not attempt to claim ownership of your validator. Our research has shown that in most cases only one or two of these keys has been breached, not all three, so with luck no one will contest your ownership and your request will be included automatically into the whitelist which will be broadcast across the network before key rotation and withdrawals are enabled and live on chain.
The worst case scenario we can foresee is a hacker has access to all three of these keys, but this does not mean they will win. Should your verification be contested we will ask you to present evidence of ownership with the hope the community can be convinced. We have partnered with Kleros.io a decentralized arbitration service for blockchain disputes to help you. We believe the bad actor will struggle to present additional on-chain proof of ownership. This is why we must be clear the CLWP EIP is not a gauranteed win for compromised key(s) but is likely the best chance we have for protecting breached validator keys.