Change Operator Set

Use this flow when a validator was created with DKG and you need to move it to a different operator set without recreating the validator from scratch.

The command for this is called reshare. The reshare flow creates new key shares for a new operator set by using the original ceremony proofs and a new DKG ceremony.

To prove that the same owner is authorizing the reshare, use the original proofs.json file for that validator or validator set.

Prerequisites

Proofs: the relevant proofs.json
Operator Data: the operator information you need for the new ceremony
Command or Config: the required command or YAML configuration details
Owner Wallet: access to the wallet that signed the original ceremony as the owner

Depending on the ceremony output, proofs.json may be inside the validator subfolder or available as a top-level combined file.

Without the required proofs.json, you cannot complete this reshare flow.

Flow of the Ceremony

On a high-level the process consists of six steps:

Generate Reshare message
Sign the message
Generate new Key Shares
Remove old Key Shares
Wait for 2-3 epochs
Register new Key Shares

Generate Reshare Message

1. Select the new operators

Choose the new operator set and prepare the required operator information as described in Operators Data. For the related command inputs and config fields, see Commands and Config.

2. Prepare config

Required inputs

proofs.json for the validator or validator set you are resharing
newOperatorIDs with the new set of operators
Operator Data for both old and new operators
Owner wallet access
nonce of the owner address. Source the current nonce from the SSV Subgraph

validators: 10✎
operatorIDs: [1, 2, 3, 4✎]
newOperatorIDs: [1, 2, 3, 5✎]
withdrawAddress: 0xaA184b86B4cdb747F4A3BF6e6FCd5e27c1d92c5a✎
owner: 0xa1a66CC5d309F19Fb2Fda2b7601b223053d0f7F5✎
nonce: 10✎
network: "hoodi✎"
operatorsInfoPath: ./data/operators_info.json✎
proofsFilePath: ./data/output/ceremony-2024-11-18--16-04-55.529/proofs.json✎ 
tlsInsecure: true

3. Generate the message to sign

docker run --rm -v ${PWD}✎:/ssv-dkg/data/  
  -it "ssvlabs/ssv-dkg:latest✎" generate-reshare-msg  
  --configPath ./data/config.yaml✎

4. Sign the generated message

Sign the generated message with the wallet that matches the original ceremony owner address:

For EOA: you can sign through a tool such as Etherscan Verified Signatures.
For multisig or smart-contract: provide an ERC-1271 compatible signature.
The resulting signature is required for the next step.

Reshare ceremony

5. Start the reshare ceremony

Run the reshare command to generate the new key shares, using the same config.yaml from the previous step:

docker run --rm -v ${PWD}✎:/ssv-dkg/data/  
  -it "ssvlabs/ssv-dkg:latest✎" reshare  
  --configPath ./data/config.yaml✎  
  --signatures 0x...✎

6. Use the new ceremony output

To understand the generated artifacts, see Ceremony Output Summary.

After the reshare succeeds:

Review the generated files in the new ceremony-... folder.
Keep the new proofs.json output for future maintenance.
Remove old key shares from SSV Network
Use the new keyshares.json to register the validator with the new operator set.

Backup Output Files

Securely save output files on a separate device. They might be needed later, if you need to Change Operator Set or Update Owner Nonce.

Prerequisites​

Flow of the Ceremony​

Generate Reshare Message​

1. Select the new operators​

2. Prepare config​

3. Generate the message to sign​

4. Sign the generated message​

Reshare ceremony​

5. Start the reshare ceremony​

6. Use the new ceremony output​