Update Owner Nonce in Key Shares

Use this flow when you need to keep the same validator public key and the same operator set, but change the signed owner-and-nonce metadata inside keyshares.json.

This is not an operator-change flow. It refreshes only the signed metadata portion of the key shares. This flow is also not a withdrawal-credential or compounding-mode migration path for an existing validator.

If you need to move a validator to a different operator set, use Change Operator Set and Reshare Validator Key Shares.

Prerequisites

Proofs: the relevant proofs.json
Operator Data: the operator information you need for the new ceremony
Command or Config: the required command or YAML configuration details
Owner Wallet: access to the wallet that signed the original ceremony as the owner

Depending on the ceremony output, proofs.json may be inside the validator subfolder or available as a top-level combined file.

Without the required proofs.json, you cannot complete this resign flow.

Generate Resign Message

1. Prepare the inputs

If you need help preparing operator information, see Operators Data. For the related command inputs and config fields, see Commands and Config.

Required inputs

proofs.json for the validator or validator set you are updating
the current owner value, or the new owner value if you are changing the owner
nonce of the owner address. Source the current nonce from the SSV Subgraph
config.yaml with the configuration for the ceremony

Example YAML:

validators: 10✎
operatorIDs: [1, 2, 3, 4✎]
withdrawAddress: 0xaA184b86B4cdb747F4A3BF6e6FCd5e27c1d92c5a✎
owner: 0xa1a66CC5d309F19Fb2Fda2b7601b223053d0f7F5✎
nonce: 0✎
network: "hoodi✎"
operatorsInfoPath: ./data/operators_info.json✎
proofsFilePath: ./data/output/ceremony-2024-11-18--16-04-55.529/proofs.json✎
tlsInsecure: true

2. Generate the message to sign

docker run --rm -v ${PWD}✎:/ssv-dkg/data/  
  -it "ssvlabs/ssv-dkg:latest✎" generate-resign-msg  
  --configPath ./data/config.yaml✎

3. Sign the generated message

Sign the generated message with the wallet that matches the original ceremony owner address:

For EOA: you can sign through a tool such as Etherscan Verified Signatures.
For multisig or smart-contract: provide an ERC-1271 compatible signature.
The resulting signature is required for the next step.

Resign ceremony

4. Run the `resign` command

Run the resign command to generate the new key shares, using the same config.yaml from the previous step:

docker run --rm -v ${PWD}✎:/ssv-dkg/data/  
  -it "ssvlabs/ssv-dkg:latest✎" resign  
  --configPath ./data/config.yaml✎  
  --signatures 0x...✎

5. Review the output and continue

After the command succeeds, review the generated files and use the updated keyshares.json in the next step that required the corrected owner-and-nonce payload.

For output details, see Ceremony Output Summary.

Backup Output Files

Securely save output files on a separate device. They might be needed later, if you need to Change Operator Set or Update Owner Nonce.

Prerequisites​

Generate Resign Message​

1. Prepare the inputs​

2. Generate the message to sign​

3. Sign the generated message​

Resign ceremony​

4. Run the resign command​

5. Review the output and continue​