The Kima blockchain relies on a network of validator nodes for its security and consensus. KIMA tokens are distributed to validators as an incentive for their participation in the network.

You can read more about both Kima's incentive model and its innovative security architecture in the White Paper

Two areas of Kima's security architecture stand out:

• Threshold signature schemes (TSSs) allow a group of participants (“cosigners”) to securely generate and control the secret signing key for a digital signature scheme, such that a certain threshold (e.g., 7-out-of-10) cosigners must participate in the signing protocol in order to generate a signature.

• To provide transaction privacy in a blockchain using committee-based consensus, each block producer can run their nodes inside an SGX enclave. Using Intel’s attestation feature, every block producer can verify that all the other committee members are running the authorized blockchain client inside an SGX enclave.

Kima does not rely on the security of Intel SGX to maintain its privacy or safeguard its assets. Instead, Kima uses SGX to complement the security of its system. Kima wardens run the threshold signature scheme inside an SGX enclave, thus the TSS key-shares are not directly accessible to the wardens or their system administrators.

For this reason, would-be validators need to ensure that they either have access to a machine that is compliant with the relevant SGX requirements, either by:

• owning the relevant hardware

• running their node on Azure

Read the validator requirements page for more details.

If you have questions about setup, or would prefer to be guided through the process, get in touch here.

Prerequisites

Programs and applications

curl: You will need curl for fetching the external IP and interacting with various web services. Ensure every team member has it installed and configured properly on their local systems.

git: Essential for version control and collaboration, git allows the team to clone necessary repositories and manage code changes effectively. Make sure all team members have git installed and are familiar with its basic commands.

text editor: Your choice of Vim, Nano, or whatever you are used to using as you will need to make updates to file.

Permissions

Each team member will need sudo privileges to install system packages and perform various secure operations on their machines. This is crucial for maintaining the security and integrity of your development environment.

Each member must have an SSH key set up and linked to their GitHub account for secure repository access. This is essential for cloning private repositories and contributing to your projects securely.

If the team needs to access our private Git repository, please ensure each member has their SSH private key configured correctly. This involves generating an SSH key if they haven't already, adding it to their GitHub account, and ensuring it's accessible to their SSH agent.

If necessary, we can organize a session to assist anyone who hasn't set up their SSH keys or is unfamiliar with the process. It's crucial that everyone can access our repositories without any issues.

Network

Public static IP

Open Ports:

22: SSH (Secure Shell) protocol 26656: Cosmos app CometBFT gossiping port for consensus 26657: Cosmos app CometBFT RPC port 9090: Cosmos app gRPC port 5051: TSS-ECDSA P2P port 5052: TSS-EDDSA P2P port 5053: TSS app EDDSA (Solana chain signer) gossiping port 8081: TSS-ECDSA info address 8082: TSS-ECDSA info address 7070: Cosmos validator management on genesis node port

Initial setup:

Download scripts from the Github repository to your server using any convenient method. git clone git@github.com:kima-finance/kima-external-validator.git

Prepare the scripts:

Make the files executable with: sudo chmod +x setup-validator.sh sudo chmod +x update-config.sh sudo chmod +x run-validator.sh

Prepare the environment:

cd into the validator directory.

Create a new empty .env file: Use the touch command to create a new empty file named .env.

Copy

`touch .env`

Copy the contents of .env.template to .env:

If .env already exists, this will overwrite it, so be sure you want to do this.

Copy

`cp .env.template .env`

Edit the .env file with your preferred text editor to add the path to your SSH key:

Copy

`SSH_PRIVATE_KEY_PATH="/home/yourusername/.ssh/id_rsa"`

Replace /home/yourusername/.ssh/id_rsa with the actual path to your SSH key. Save and exit

Add the blockchain networks configuration

Also in the .env file, you will need to add configuration details for each blockchain network you intend to connect with. This includes RPC and WSS endpoints, for example:

Copy

`ETH_RPC_HOST="https://mainnet.infura.io/v3/YOUR_INFURA_API_KEY"`
`ETH_WSS_HOST="wss://sepolia.infura.io/ws/v3/ YOUR_INFURA_API_KEY"`

Replace "https://mainnet.infura.io/v3/YOUR_INFURA_API_KEY" and "https://bsc-dataseed1.binance.org" with the actual network URLs and your API keys or relevant connection details. Again, save your changes and exit your text editor.

For Testnet API keys, you can consider services like Alchemy, QuickNode, and Ankr as alternatives to Infura, providing support for various chains including Ethereum, Polygon, AVAX, BSC, Arbitrum, Optimism, Solana, and Tron.

See the for details of how to acquire testnet API keys and network urls from these services.

Additionally, each blockchain's official documentation may offer public testnet endpoints or other API services suitable for development and testing purposes. Note that these may change, so always make sure you are consulting the latest version of the documentation

Remember, these are templates, and you might need to adjust paths, keys, and configuration details based on your specific environment and requirements.

Execute the first script:

Run: ./setup-validator.sh <validator-node-name>

This script installs all necessary components and starts the software installation process.

After successful installation, the status will look like this:

Your node will now synchronise with the blockchain network. This might take some time. Monitor the progress:

Copy

watch -n 1 'kimad status | jq .SyncInfo'

You should see something like this:

Once synchronization is complete, your screen should look like this:

Execute the second script:

This is the final step. Run: ./run-validator.sh

This will complete the validation node setup. Upon successful completion, you will become a validator for the Kima Network blockchain.

How to configure access to blockchain networks with a managed service

To get up and running quickly on the Kima testnet, it is probable that you will use a managed service such as Infura, Alchemy, Quicknode or Ankr, which are a practical solution because they abstract away the complexities of managing blockchain infrastructure.

These services provide RPC endpoints for different blockchains that you are able to access with API keys you create through the service.

Here is how to create API keys with each of the services.

Infura

Visit the Infura website and create an account. You will be prompted to create an API key.

When you select the networks you need to connect to, ensure that you check the boxes for the networks that Kima supports - see the list here.

Alchemy

For Alchemy, the process is slightly different. Sign up for an account here. Navigate to the dashboard and select Apps in the left-hand navigation. You will be prompted to create an App. Select your network(s) and once you have saved your App, your API key will be revealed at the top right of the page.

Quicknode

Visit Quicknode and sign up for an account. You will then be prompted to create your first endpoint on a screen that looks like this:

Ankr

To use the Ankr API, visit the Ankr website and in the Products menu in the top navigation bar, click on Web3 API. This will prompt you to set up an account and then you can navigate here and create an endpoint.

Because of the very specific nature of Kima's security model, explained in the validators intro and in the Kima White Paper, you need to ensure you meet the following hardware requirements before you become a Kima validator:

Must be an Intel XEON E-series or any other XEON supporting SGX-SPS (Server Platform Services). The motherboard must also support SGX.

CPU: 4vCPU (8vCPU recommended)

RAM: 16GB (32GB recommended)

Storage: 512GB HDD (1TB recommended)

Operating System: Ubuntu 22.04

SGX requirements

Must be an Intel XEON E-series or any other XEON supporting SGX-SPS (Server Platform Services). The motherboard must also support SGX. The below list of supported SGX-compliant CPUs List is current for the first half of 2024

Compliant CPUs

• Intel XEON E-2174G

• Intel XEON E-2176G

• Intel XEON E-2178G

• Intel XEON E-2186G

• Intel XEON E-2188G

• Intel XEON E-2274G

• Intel XEON E-2276G

• Intel XEON E-2278G

• Intel XEON E-2286G

• Intel XEON E-2288G

• Intel XEON E-2334G

• Intel XEON E-2386G

• Intel XEON E-2388G

Compliant servers