Kyve: Create Transaction Payload

Requirements

  • Quorum PGP Key

  • Air-Gapped Bundle

    • The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

    • The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the vaults repo

  • Linux Workstation (online machine)

    • Any internet connected computer with a Linux shell will suffice

  • Clone the Vaults Repository for your organization to the machine

Procedure

  1. Turn on online linux workstation

  2. Clone the vaults repository if it's not available locally and get the latest changes:

    $ git clone <repository_git_url>
$ git pull origin main

  3. Unseal the SD Card Pack

    Vacuum sealing based tamper proofing

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

    Safe based tamper proofing

    1. Inspect the safe for any signs of tampering

    2. Retrieve items from the safe

  4. Plug a fresh SD card into the online linux workstation

  5. Look for the SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<device_name> /media

  6. Save the vaults repo to the SD card, referred to as the Trove SD card

    $ cp -r ~/trove/ /media

  7. Unplug the Trove SD card

  8. Unseal the tamper proofed bundle

    Vacuum sealing based tamper proofing

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

    Safe based tamper proofing

    1. Inspect the safe for any signs of tampering

    2. Retrieve items from the safe

  9. Insert the AirgapOS SD card into the airgapped machine and turn it on

  10. Once booted, unplug the AirgapOS SD card and place it in High Visibility Storage

  11. Plug in the Trove SD card

  12. Copy the git repo locally from the Trove SD card and change to it

    $ cp -r /media/trove /root
$ cd /root/vaults

  13. Create a new payloads directory in the vaults repository for the date on which the ceremony for the transaction will take place if it doesn't already exist

    • mkdir -p <namespace>/ceremonies/<date>/payloads

    • e.g mkdir -p acme-coin-01/ceremonies/2025-01-01/payloads

  14. Use icepick workflow --help to list the available workflows and options

  15. Plug in the Operator smart card

  16. Use icepick to generate and sign the payload by running one of the following available workflows:

    There may be some difficulty broadcasting a transaction due to the amount of gas consumed, as each Cosmos chain may have different computation power available. The option --gas-factor may be set to a number to multiply the gas by, such as 1.2, to increase the amount of gas for a transaction. The default value is 1, and may be omitted if desired. A value lower than 1 is not recommended.

    The option --chain-name can use kyve, kaon (testnet), and korellia (devnet)

    Stake

    Stake coins on the provided chain towards a validator operator's address.

    $ icepick workflow cosmos stake --delegate-address <delegate-address> --validator-address <validator-address> --chain-name kyve --asset-name KYVE --asset-amount <asset-amount> --gas-factor <gas-factor> --export-for-quorum --sign

    Transfer

    Transfer coins on the cosmos blockchain.

    $ icepick workflow cosmos transfer --from-address <from-address> --to-address <to-address> --chain-name kyve --asset-name <asset-name> --asset-amount <asset-amount> --export-for-quorum --sign

    Withdraw

    Withdraw staked coins from a validator. Staked coins may be held for an unbonding period, depending on the chain upon which they are staked.

    $ icepick workflow cosmos withdraw --delegate-address <delegate-address> --validator-address <validator-address> --chain-name kyve --asset-name KYVE --gas-factor <gas-factor> --export-for-quorum-sign

    Withdraw Rewards

    Withdraw rewards gained from staking to a validator.

    $ icepick workflow cosmos withdraw-rewards --delegate-address <delegate-address> --validator-address <validator-address> --chain-name kyve --gas-factor <gas-factor> --export-for-quorum-sign

  17. Copy the updated ceremonies repo to the SD card

    $ cp -r /root/vaults /media

  18. Transfer the SD card from the air-gapped machine to the online machine

  19. Look for the SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<device_name> /media

  20. Copy the updated repository locally and switch to it:

    $ cp -r /media/trove ~/
$ cd ~/trove

  21. Stage, sign, commit and push the changes to the ceremonies repository:

    $ git add <namespace>/ceremonies/<date>/payloads/*
$ git commit -S -m "add payload signature for payload_<num>.json"
$ git push origin main

  22. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool.

  23. Tamper proof the AirgapOS and Air-gapped laptop

    Vacuum sealing based tamper proofing

    1. Insert object(s) into plastic sealing bag

    2. Fill bag with enough plastic beads that most of the object is surrounded

    3. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

    4. Take photographs of both sides of the sealed object using both the digital and polaroid camera

    5. Date and sign the polaroid photographs and store them in a local lock box

    6. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.

    Safe based tamper proofing

    1. Place items into safe

    2. Ensure the safe is properly locked