Skip to main content

Hot and Cold Block Production

Block production requires a node connected to the internet, which means the block producer's private key is exposed on an online machine. To mitigate this risk, Mina supports a hot/cold wallet pattern:

  • A hot wallet has its private key on an internet-connected machine. It is used to run the block producer node but should hold minimal funds.
  • A cold wallet has its private key stored offline (e.g. generated on an air-gapped laptop or a hardware wallet like Ledger). It holds the majority of your stake.

By delegating from your cold wallet to your hot wallet, you can produce blocks — and earn all associated rewards — while keeping the bulk of your funds in cold storage.

Setup

You need at least two accounts: one cold wallet and one hot wallet. See Generating a Key Pair for key generation instructions.

1. Create a hot wallet

Generate a key pair on your block producer machine. Do not use a Ledger or other hardware security module (HSM) for this key — the private key must be accessible to the mina daemon.

Take note of your hot wallet public key.

2. Fund the hot wallet

Your hot wallet must be present in the consensus ledger before it can be used for staking.

  • If your hot wallet address is present in the genesis ledger, no further action is needed.
  • Otherwise, send at least enough MINA to cover the account creation fee to your hot wallet address.

3. Create a cold wallet

Generate a key pair using the most secure method available — preferably on a machine disconnected from the internet, or on a hardware wallet.

4. Fund the cold wallet

Your cold wallet must be present in the consensus ledger before its stake can be counted when delegated to your hot wallet.

  • If your cold wallet address is present in the genesis ledger, no further action is needed.
  • Otherwise, send enough MINA to meaningfully participate in consensus to your cold wallet address.

5. Delegate from cold to hot

Delegate your cold wallet's stake to your hot wallet:

mina client delegate-stake \
  --sender $COLD_PUBLIC_KEY \
  --receiver $HOT_PUBLIC_KEY

If your cold wallet is on a Ledger, follow the delegate instructions in the Mina Ledger app README.

6. Start producing blocks

Follow the Getting Started guide using your hot wallet key as the --block-producer-key.

Why can't I use an HSM directly?

You may wonder why Mina can't let you produce blocks directly from a secure enclave or HSM. Two components of block production require the private key in ways that make this impractical:

Finding eligible slots

A block producer determines slot eligibility by evaluating a VRF (verifiable random function) with their private key. The VRF must be evaluated for your account and every account that delegates to you, for all slots within an epoch.

Creating the blockchain SNARK

When a block producer wins a slot, they must create a SNARK proof that the new block is a valid extension of the existing chain. This proof embeds VRF information using the private key — replacing the simple signature that other protocols use. Creating this proof is computationally expensive and relies on advanced cryptography that is extremely difficult, and likely impossible, to perform quickly enough inside today's secure hardware.