Kyve: Sign and Broadcast Transaction

Requirements

  • For ALL tamper proofed hardware used in the ceremony, both operators MUST print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

    • The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo

  • AirgapOS SD card

  • AirgapOS Laptop

  • Minimum of 1 Operator and 1 Witness

  • Tamper-proofing equipment

  • Linux Workstation (online machine)

    • Any internet connected computer with a Linux shell will suffice

  • High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

  • Quorum PGP key pairs

  • Ceremony SD card

Procedure

  1. Enter the designated location with the quorum of operators and all required equipment

  2. Lock access to the location - there should be no inflow or outflow of people during the ceremony

  3. Place Ceremony SD card in High Visibility Storage

  4. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

  5. Place all contents except for the laptop into High Visibility Storage

Online Machine: Acquire Nonce

  1. Turn on online linux workstation

  2. Retrieve the Ceremony SD card from High Visibility Storage and plug it into the computer

  3. Get the nonce address for the address you are sending from by checking the appropriate <namespace>/<coin>/ directory.

    • e.g vaults/<namespace>/<coin>/0-na.txt

    • Set the nonce address variable:

    $ nonce_address="$(cat vaults/<namespace>/<coin>/<account_id>-na.txt)"

  4. Set ICEPICK_DATA_DIRECTORY:

    Look for your SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<your_device> /media
    $ export ICEPICK_DATA_DIRECTORY=/media/external/

  5. set ICEPICK_CONFIG_FILE

    $ export ICEPICK_CONFIG_FILE=<path_to_icepick_repo>/icepick.toml`

  6. Run the command:

    $ icepick workflow cosmos broadcast --chain-name kyve  --nonce-address=$nonce_address

    The option --chain-name can use kyve, kaon (testnet), and korellia (devnet)

    • Await completion message before removing Ceremony SD card

    • This command will set the computer into "awaiting mode", which will broadcast the signed transaction from the SD card once it's plugged back in after the workflow payloads are signed on the offline machine

Offline Machine: Create and Sign Transaction

  1. Retrieve AirgapOS SD card and plug it into the air-gapped machine

  2. Boot the computer

  3. Unplug the AirgapOS SD card and place it in High Visibility Storage

  4. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine

  5. Look for your SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<your_device> /media

  6. Start Keyfork using the relevant Shardfile:

    $ keyfork recover shard --daemon /media/<device_name>/vaults/<namespace>/shardfile.asc
    • The Shardfile may be named something else. Use find /media/<device_name>/vaults -type f -name '*shardfile*.asc' to list all files.

  7. Follow on screen prompts

  8. Set ICEPICK_DATA_DIRECTORY:

    $ export ICEPICK_DATA_DIRECTORY=/media/<device_name>

  9. Run the icepick command with the transaction payload

    • The payload is located in the appropriate vault location (e.g /media/<device_name>/vaults//ceremonies/...)
    $ icepick workflow --run-quorum <payload>.json --shardfile /media/<device_name>/vaults/<namespace>/shardfile.asc
    • Follow on screen prompts

  10. Unplug the Ceremony SD card and place it in High Visibility Storage

Broadcast Transaction: Online Machine

  1. Retrieve Ceremony SD from High Visibility Storage and plug it into online machine

  2. The still running broadcast command on the online machine will broadcast the transaction automatically

  3. The url that's found in the response after a successful broadcast should be reviewed and committed to the ceremony repository

  4. Remove the transaction files in ICEPICK_DATA_DIRECTORY

    $ rm $ICEPICK_DATA_DIRECTORY/transaction.json
$ rm $ICEPICK_DATA_DIRECTORY/account_info.json

  5. Unplug the Ceremony SD card and place it in High Visibility Storage

Repeat

  1. You may repeat previous steps as many times as necessary to process all workflow payloads

Finalization

  1. Shut down online linux workstation

  2. Shut down the air gapped machine

Sealing

  1. Gather all the original items that were in the air-gapped bundle:

    • Air-gapped computer

    • AirgapOS SD card

  2. Insert object(s) into plastic sealing bag

  3. Fill bag with enough plastic beads that most of the object is surrounded

  4. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

  5. Take photographs of both sides of the sealed object using both the digital and polaroid camera

  6. Date and sign the polaroid photographs and store them in a local lock box

  7. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.