Register and Run a Human Node

Human Network Mainnet Alpha is currently only open to the 200 operators with the most restaked ETH on Ethereum mainnet. If you are not one of these 200 operators, please wait for an announcement of the Permissionless Mainnet.

As an external operator, you'll be asked to run a multiplier/attester node. To onboard, you'll be asked to perform the 3 following steps:

  1. Registration as EigenLayer or Symbiotic operator through Othentic CLI

  2. Registration on Human Network smart contract

  3. Run the docker image with docker compose

Prerequisites

Hardware requirements

Component
Requirement

CPU

16 vCPU

Memory (RAM)

16GB

Storage

256GB SSD

Networking

50 Mbps

Cloud Provider Instance Types

Provider
Instance Type

AWS

m7i.xlarge

GCP

e2-medium

Azure

Standard_B2s

OVH

Operator Key Setup

Human Network is an AVS built using the Othentic Stack. This architecture enhances security by allowing Operators to separate key usage.

There are two key types:

  • The Controller key, which uses ECDSA cryptography

  • The Consensus key, which uses BLS cryptography

To generate these keys, download the othentic-cli tool:

> npm i -g @othentic/othentic-cli
> othentic-cli -V
othentic-cli version 1.x.y

Once you've installed the CLI, refer to this guide for instructions on generating separate Controller and Consensus keys.

Note: Only the Consensus key is required for ongoing node operations. Therefore, it is highly recommended the host machine contains only the Consensus key, while the Controller key is kept in a highly-secure, separate airgapped environment.

After you've saved both keys in separate keystore files, you're ready to proceed to the next section.

Prepare Host Machine

We recommend running the operator node software on a linux-based server with fast and reliable network connectivity. Any offer from a major cloud provider would be sufficient.

Software Environment

The officially supported approach to running the operator node software is through a Docker Compose setup.

Make sure you have correctly set up the following:

  • Docker Engine v24+ with Docker Compose.

  • Functioning wget1 and wcurl.

  • R/W Access to home dir (~/)

  • Access to private RPC nodes for Ethereum mainnet and base

User Permissions

Make sure the docker user has permission to read and write to the node working directory.

Ports

Make sure the ports in use are open to the internet on the host machine, and verify security group settings.

Step 1: Registration with Othentic

  • Copy the following environment variables and save as .env, and set the missing variables.

# ======================
# Cryptographic Secrets
# ======================
RSA_SEED=<your_rsa_private_key_seed_hex>
SECP256K1_SEED=<your_secp256k1_private_key_seed_hex> # please do not modify it after registration
PRIVATE_KEY=<your_node_private_key_hex>
PRIVATE_KEY_ATTESTER=<your_attester_private_key_hex> # can be same as PRIVATE_KEY
OPERATOR_ADDRESS=<your_controller_key_address> # in case you are using different controller and consensus keys

# ======================
# Node Configuration
# ======================
NODE_TYPE=Prover
NODE_MULTIADDR=/ip4/<your_node_ip>/udp/<xxxx>/quic-v1 #use registered multiadder(PeerRegistry Contract)
TCP_PORT=<xxxx> # the same port that is being registered in smart contract
UDP_PORT=<xxxx> #  the same port that is being registered in smart contract

# ======================
# Blockchain Connections
# ======================
L1_RPC=Mainnet private RPC endpoint # please use private and not public endpoint
L2_RPC=Base private RPC Endpoint # please use private and not public endpoint

# ======================
# Redis Connection
# ======================
REDIS_URL=redis://0.0.0.0
REDIS_PASSWORD=<add_your_redis_password_here>

# ======================
# IPFS Configuration
# ======================
IPFS_HOST=https://humannetwork.mypinata.cloud/ipfs/

# ======================
# Network Configuration
# ======================
OTHENTIC_RPC_URL=http://52.22.195.106:8545/
OTHENTIC_BOOTSTRAP_ID=12D3KooWBNFG1QjuF3UKAKvqhdXcxh9iBmj88cM5eU2EK5Pa91KB
OTHENTIC_BOOTSTRAP_SEED=97a64de0fb18532d4ce56fb35b730aedec993032b533f783b04c9175d465d9bf

# ======================
# Contract Addresses (Eth Mainnet & Base)
# ======================
AVS_GOVERNANCE_ADDRESS=0x42F15F9E4dF4994317453477e80e24797CC1A929
ATTESTATION_CENTER_ADDRESS=0xAF11912F9D7f6F3B9AE190439d2E41e972801EA2
PEER_REGISTRY_ADDRESS=0x46589681fA8dbe5B7a11B0a74aF2633E170fCfbB

# ======================
# Peer Configuration
# ======================
BOOTSTRAP_PEER_ID=16Uiu2HAm9oVBzruma4mcZUXEHkUyQHngCeKRQyDtzKUnbGDheniG
BOOTSTRAP_MULTIADDR=/ip4/52.22.195.106/udp/8080/quic-v1
RELAY_PEER_ID=16Uiu2HAm8e4c5xzGFyff8Rg8FNDQSh95x5jjPRi6iCj7N9eETyeY
RELAY_MULTIADDR=/ip4/44.217.242.218/udp/8081/quic-v1

# ======================
# Web API Configuration
# ======================
AVS_WEBAPI_URL=0.0.0.0
AVS_WEBAPI_PORT=9090
AVS_WEBAPI_URL_ATTESTOR=http://0.0.0.0

# ======================
# Chain IDs
# ======================
L1_CHAIN=1
L2_CHAIN=8453

Note that both chosen TCP and UDP ports must be open along with the ports: 9876 and 8545 as these are required by the attestor node.

Be careful not to add extra space in the .env file.

In case you don't feel comfortable with providing your private key in the .env file, please refer to this section to use keystore instead.

  • Give the team your docker hub email address or username so we can give you access to the docker image and pull image mishtinetwork/operator:mainnetalphaV3

  • Run registration command:

sudo docker run -it mishtinetwork/operator:mainnetalphaV3 othentic-cli operator register --l1-chain mainnet

Then follow the instructions to register. See also: Registering as an Operator to Othentic AVS

Use the AVS governance contract address 0x42F15F9E4dF4994317453477e80e24797CC1A929

Please correctly select you Shared Security Provider (EigenLayer or Symbiotic) by using Space bar on your keyboard before pressing Enter.

Step 2: Registration on Human Network smart contract (0x46589681fA8dbe5B7a11B0a74aF2633E170fCfbB)

Each multiplier node will need to also act as an attester node by verifying the tasks performed by the other multipliers. But the attester part will be run in parallel and doesn't require any additional code.

Register - don't re-register if already registered

First register with the Human Network PeerRegistry smart contract.

  • <rpc-url> URL for an private RPC node, used to send the registration transaction to the blockchain. Use an Ethereum Holesky node when registering for Human Network testnet. Use an Ethereum mainnet node when registering for Human Network mainnet. We recommend to use a private RPC as Alchemy or Quicknode for more reliability.

  • <private-key> should be for the account you have registered as an Othentic operator. It's necessary to send the transaction from your operator account because the PeerRegistry contract needs to associate your wallet address with the rest of your node's metadata.

  • <multiaddr> should be the multiaddr address of your Human node. For example, if your node's IP address is 100.27.208.30 and it is exposed on port 8080, then your multiaddr is /ip4/100.27.208.30/udp/8080/quic-v1.

  • <rpcaddr> should be the RPC address of your Human node. For example, if your node's IP address is 100.27.208.30 and it is exposed on port 8080, then your RPC address is http://100.27.208.30:8080.

docker run --env-file .env mishtinetwork/operator:mainnetalphaV3 ./registry_iface register --rpc-url <rpc-url> --private-key <private-key> --multiaddr <multiaddr> --rpcaddr <rpcaddr>

If the call is successful, you will see a transaction receipt.

When populating your environment variables, make sure your multiaddr and rpcaddr match what you registered.

Step 3: Running a Multiplier/Attester node

Copy the following docker compose file and save as docker-compose.yml

Fill in your announced address for the attestor by entering your public IP of the instance and the Attestor Peer ID (see note below for more details on this as it is different from your PeerRegistry PeerId)

x-operator: &operator
  image: mishtinetwork/operator:mainnetalphaV3
  env_file: .env

x-othentic-cli: &othentic-cli
  <<: *operator
  env_file: .env
  entrypoint: othentic-cli

x-verifier: &verifier
  image: mishtinetwork/operator:mainnetalphaV3
  env_file: .env
  command: [ "./verifier" ]

# Define a custom network with a subnet
networks:
  mishti_network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16 # Define a subnet for the network
services:
  redis:
    image: redis:latest
    container_name: redis_server
    volumes:
      - ./redis_data:/data # Persist Redis data
    ports:
      - 6379:6379
    restart: always
    command: redis-server --requirepass ${REDIS_PASSWORD}  --replicaof no one --maxmemory-policy noeviction
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD} # Define password in environment
    networks:
      mishti_network:
        ipv4_address: 172.28.0.5 # Static IP for Redis
    logging:
      driver: "json-file"
      options:
        max-file: "10"
        max-size: "20m" # file size

  multiplier:
    <<: *operator
    container_name: multiplier
    command: >
      sh -c
        "sleep 2; \
         ./mishti_node --bootstrap-peer-id ${BOOTSTRAP_PEER_ID} --bootstrap-multiaddr ${BOOTSTRAP_MULTIADDR} --relay-peer-id ${RELAY_PEER_ID} --relay-multiaddr ${RELAY_MULTIADDR} --port ${TCP_PORT} --redis redis://:${REDIS_PASSWORD}@172.28.0.5:6379/0 | bunyan"
    ports:
      - "${TCP_PORT}:${TCP_PORT}" # TCP
      - "${UDP_PORT}:${UDP_PORT}/udp" # UDP
    environment:
      - BOOTSTRAP_PEER_ID=${BOOTSTRAP_PEER_ID}
      - BOOTSTRAP_MULTIADDR=${BOOTSTRAP_MULTIADDR}
      - RELAY_PEER_ID=${RELAY_PEER_ID}
      - RELAY_MULTIADDR=${RELAY_MULTIADDR}
      - TCP_PORT=${TCP_PORT}
      - UDP_PORT=${UDP_PORT}
      - RSA_SEED=${RSA_SEED}
      - SECP256K1_SEED=${SECP256K1_SEED}
      - NODE_TYPE=${NODE_TYPE}
      - NODE_MULTIADDR=${NODE_MULTIADDR}
      - REDIS_PASSWORD=${REDIS_PASSWORD} # Pass password to redis service
    volumes:
      - ./node_state:/state
    networks:
      mishti_network:
        ipv4_address: 172.28.0.10 # Static IP for multiplier
    depends_on:
      - redis # Ensure Redis starts first
    logging:
      driver: "json-file"
      options:
        max-file: "10"
        max-size: "20m" # file size

  avswebapi:
    <<: *verifier
    container_name: avs_web_api
    environment:
      - IPFS_HOST=${IPFS_HOST}
      - REDIS_URL=redis://:${REDIS_PASSWORD}@172.28.0.5:6379/0
      - L1_RPC=${L1_RPC}
      - REDIS_PASSWORD=${REDIS_PASSWORD} # Pass password to redis service
    ports:
      - "${AVS_WEBAPI_PORT}:${AVS_WEBAPI_PORT}"
    networks:
      mishti_network:
        ipv4_address: 172.28.0.20 # Static IP for avs_web_api
    depends_on:
      - redis
    logging:
      driver: "json-file"
      options:
        max-file: "10"
        max-size: "20m" # file size

  attestor:
    <<: *othentic-cli
    container_name: attestor
    command:
      - "node"
      - "attester"
      # multiaddress of the aggregator node
      - "/ip4/52.22.195.106/tcp/9876/p2p/${OTHENTIC_BOOTSTRAP_ID}"
      - "--json-rpc"
      - "--json-rpc.custom-message-enabled"
      - "--avs-webapi"
      - "http://172.28.0.20" # Static IP of avswebapi
      - "--avs-webapi-port"
      - "${AVS_WEBAPI_PORT}"
      - "--l1-chain"
      - "mainnet"
      - "--l2-chain"
      - "base"
      - "--metrics"
      - "--p2p.datadir"
      - "data/peerstore/attester"
      - "--p2p.port"
      - "9876"
      - "--announced-addresses"
      # the actual ip and the peer id of your attestor
      - "/ip4/<YOUR_IP>/tcp/9876/p2p/<YOUR_OTHENTIC_PEER_ID_NOT_PEER_REGISTRY_ONE>"
    environment:
      - PRIVATE_KEY=${PRIVATE_KEY_ATTESTER}
      - OTHENTIC_BOOTSTRAP_ID=${OTHENTIC_BOOTSTRAP_ID}
      - AVS_WEBAPI_PORT=${AVS_WEBAPI_PORT}
      - LOG_DIR=data/logs/attester
    ports:
      - 9876:9876
      - 8545:8545
    volumes:
      - ./data/peerstore/attestor:/app/data/peerstore/attestor
      - ./data/logs/attestor:/app/logs/peerstore/attestor
    networks:
      mishti_network:
        ipv4_address: 172.28.0.30 # Static IP for attestor
    depends_on:
      - avswebapi
    logging:
      driver: "json-file"
      options:
        max-file: "10"
        max-size: "20m"

You can figure out the value of Peer_id for the --announced-addresses via two ways: - Run node for the first time with --announced-addresses commented out in docker-compose.yml and in the logs search for the Libp2p node started with peer id: phrase using command: sudo docker logs attestor | grep "Libp2p node started with peer id:" - Or, you can get the PeerId by running the command: docker run -it mishtinetwork/operator:mainnetalphaV3 othentic-cli node get-id --node-type attester

Run the docker compose with following command:

sudo docker-compose up --build -d

PreviousMainnets and TestnetsNextUse Keystore for private key encryption

Last updated