Key Evolving Signatures (KES) are the cryptographic keys a stake pool uses to sign the blocks it produces. The keys evolve forward at the start of each KES period; the previous key state is deleted and cannot be recovered. This limits the damage from a compromised hot key: an attacker who steals it can sign only future blocks within the remaining lifetime, never rewrite history.
Operators rotate KES keys periodically to keep them within the protocol's accepted lifetime. Mainnet currently allows 62 KES periods of about 36 hours each, giving each key set a useful life of roughly 93 days before a fresh one must be issued.
Explore next
- Stake PoolA server node that participates in the Cardano network by validating transactions and producing blocks.View term
- VRFA cryptographic function that produces a verifiably random output; Cardano uses it inside Ouroboros as a private per-slot lottery, letting each pool check whether it won the right to produce a block, fairly and unpredictably.View term