Running a PoL Watchtower

Steps to run a PoL Watchtower multi-client

The PoL Watchtower is a node in the infinity watch that participates in the PoL (Proof-of-Location) protocol and measures the location claims made by a prover. It can also act as a Prover to prove it's own location claim when challenged.

Witness Chain AVS mainnet Upgrade notes

This note is only for existing Mainnet operators of Witness Chain AVS. If you're new to witness chain watchtower setup, you can skip to Prerequisites

  • This upgrade enables the watchtowers to validate location claims made by various participants over internet, using the internet telemetry.

  • As a part of the upgrade, you are no longer required to run any L1 or L2 nodes, and only run a lightweight watchtower client - significantly reducing the infrastructure provisioning

  • The document that follows describes steps to setup the upgraded watchtower nodes, these require a separate registration (only on our L2) as described below (you can re-register the same watchtower keys though)

  • As earlier, it is recommended using dedicated watchtower keys with no funds in the wallet to minimize the risks. As our chain is completely gasless, you'll not require any token for registration or proof submissions.

  • You are encouraged to register and setup multiple watchtowers (each with it's own unique watchtower key) at every location of your infrastructure operation (read 1 watchtower per region). This will serve 2 purposes in the network:

    • It increases geographical spread of the watchtowers, and hence increasing accuracy and coverage globally for location validation

    • It helps us map out the geographical stake distribution attached to the eigenlayer operator (It's a global stake map for Eigenlayer team to showcase decentralization of their network in a verifiable manner)

  • Avoid using VPNs or other proxies which might add network delays to an external connection to your watchtower node connecting over internet

Prerequisites

Before you begin, ensure you have the following

Running your Watchtower client

Explorer: https://explorer.witnesschain.com

Key Points to consider before proceeding...

  1. We have 2 sets of keys - Operator Key and Watchtower Key.

    1. Operator Key is your EigenLayer Operator Key that you have been using with various AVSes including our Witness Chain AVS. Continue to use that here too. This key is used for registering the Watchtower Key(s).

    2. Watchtower Key - This is the signing key for the PoL Watchtower Client. Create a new Key for the same. Don't reuse the Operator Key for the Watchtower Key. It has to be a ECDSA Key.

  2. You are encouraged to setup as many unique watchtowers as you can support (ideally 1 per region of your infrastructure operating). All of the should be registered with the same operator key in the process described in this doc.

  3. Ports to be opened if using public IP: 

Incoming ports to be opened (TCP & UDP ):

11112
22223
33334
33335
33336
44445
44446
44447
55556

Outgoing ports: Allow all

0. Creating the Watchtower Key

Use ECDSA Keypairs

  1. Create a ECDSA private key using Metamask or other utilities that will be used as Watchtower Key.

  2. Store the watchtower's private key in the file (Make sure you keep track of the file name and its location, as it would be refered later)

echo "YOUR_WATCHTOWER_PRIVATE_KEY" > my_watchtower_private.key

1. Registering the Watchtower Key

You can register the watchtower key easily with the help of our registration cli, to do so

  1. Download our witness-cli 

    curl -sSfL https://witnesschain-com.github.io/install-dcl-cli | bash

    After the installation is completed, register your watchtower key on WitnessChain's Layer 2 Chain: Use the KeyPair that you would have exported or created (watchtower key).

  2. Prepare the config (challenger registration config),

    1. The above command also downloads a template which you can refer to.

    2. Make sure you set the challenger_private_keys attribute in the json file with the key, that you provided in my_watchtower_private.key (watchtower private key)

  3. Run the following command for challenger registration of watchtower

    witness-cli registerChallenger --config-file <path-to-challenger-registration-config.json>

  4. Prepare the config (prover registration config),

    1. The above command also downloads a template which you can refer to

    2. make sure you set the prover_private_keys to the one you provided to the client in my_watchtower_private.key (watchtower private key)

  5. Run the following command for prover registration of watchtower 

    witness-cli registerProver --config-file <path-to-prover-registration-config.json>

2. Setting up the watchtower

  1. Prepare a environment file watchtower.env with the following entries as example shown below:

latitude=37.01511676489697
longitude=-79.0392271449855
radius=1000
privateKey=<my_super_secret_watchtower_private_key>
walletPublicKey=<my_open_operator_public_address>
keyType=ethereum
saveResultsInDatabase=false
submitResultsToContract=true
rpcUrl=https://rpc.witnesschain.com
projectName=eigenlayer-<my_operator_name>

Explanation:

  • 
    "latitude": 37.015, // Latitude of the machine running the watchtower client
    "longitude": -79.039, // Longitude of the machine running the watchtower client
    "radius": 1000 // Optional. Accuracy in km

  • privateKey is your PoL signing key (Watchtower Key)

  • walletPublicKey is the wallet addresses where your contributions go (Operator address)

  • havePublicIPv4Address (and havePublicIPv6Address) set them to true if you have a public IPv4 (or IPv6)

  • havePrivateIPv4Address (and havePrivateIPv6Address) set them to true if you want to force the use of private IP

  • saveResultsInDatabase saves the login, session, and challenge related data in a .sqlite file within the container

  • projectName is the tagging mechanism to ensure we can identify our operators. It is a required field in the format eigenlayer-<your operator name>

We collect various telemetry data from your node, such as the logs etc. You can choose to opt-out by setting TELEMETRY=false in the watchtower.env file

  1. Once you have the config.json ready, the watchtower client can be started with

docker run -d \
  --network=host \
  --name pol-watchtower \
  --env-file ./watchtower.env \
  witnesschain/infinity-watch:1.0.0

you can verify that the watchtower is running by looking at the container status

docker ps

Explanation:

  1. docker run -d: Runs the container in detached mode (in the background).

    • --network=host
Uses the host's network stack.
    • --name pol-watchtower
Names the container as 'pol-watchtower'.
    • witnesschain/infinity-watch:1.0.0: The name of the Docker image to run.

Post Setup

Once the setting up and registration is successful, you can check the logs from the watchtower client ready for challenges. (docker logs pol-watchtower). Congratulations, you are now a part of our Watchtower family!

Troubleshooting

As the only prerequisite is docker, make sure you are running atleast version 23.0.0 or above for the commands mentioned in the doc to work. The days might be rainy or snowy, but we've got umbrellas and sweaters! Join our Discord or Telegram—we're happy to help. :D

PreviousEigenLayer operatorsNextAt-home watchtowers

Last updated