Skip to main content

Overview

Public Testnet on Solana Devnet for stress testing. Real computations; no economic value.
As a testnet operator, you’ll set up your own ARX node to participate in the Arcium network. This guide walks you through each step of the process. First, you’ll prepare your environment by installing the necessary tools and generating security keys. Then, you’ll get your node registered onchain and configure it to run. Finally, you’ll connect to other nodes in a cluster and start doing computations. By the end, you will:
  • Install the Arcium tooling
  • Generate required keypairs
  • Fund accounts with Devnet SOL
  • Initialize onchain node accounts
  • Configure for Devnet
  • Join or create a testnet cluster
  • Deploy your node with Docker

Prerequisites

Before starting, ensure you have the following installed: You’ll also need:
  • A reliable internet connection
  • Basic familiarity with command-line tools
Windows Users: Arcium doesn’t run natively on Windows yet. Use Windows Subsystem for Linux (WSL2) with Ubuntu to follow this guide.

Step 1: Set Up Your Workspace

Create a dedicated folder for your node setup to keep everything organized: 
mkdir arcium-node-setup
cd arcium-node-setup
Stay in this directory for all remaining steps. All file paths and Docker commands assume you’re working from arcium-node-setup/.
You’ll also need to know your public IP address for the next steps. Here’s a quick way to find it: 
curl https://ipecho.net/plain ; echo

Step 2: Install Arcium Tooling

The Arcium tooling suite includes the CLI and ARX node software. Install it using the automated installer: 
curl --proto '=https' --tlsv1.2 -sSfL https://install.arcium.com/ | bash
This script will:
  • Check for all required dependencies
  • Install arcup (Arcium’s version manager)
  • Install the latest Arcium CLI
  • Install the ARX node software
Verify the installation: 
arcium --version && arcup --version
If you prefer manual installation, see the installation guide for detailed instructions.

Step 3: Generate Required Keypairs

Your ARX node needs four different keypairs for secure operation. Create these in your arcium-node-setup directory:

3.1 Node Authority Keypair

This Solana keypair identifies your node and handles onchain operations: 
solana-keygen new --outfile node-keypair.json --no-bip39-passphrase
The --no-bip39-passphrase flag creates a keypair without a passphrase for easier automation.

3.2 Callback Authority Keypair

This Solana keypair signs callback computations and must be different from your node keypair for security separation: 
solana-keygen new --outfile callback-kp.json --no-bip39-passphrase

3.3 Identity Keypair

This keypair handles node-to-node communication and must be in PKCS#8 format: 
openssl genpkey -algorithm Ed25519 -out identity.pem

3.4 BLS Keypair

This keypair is used for BLS (Boneh-Lynn-Shacham) threshold signatures on MPC computation callbacks. Generate it using the Arcium CLI: 
arcium gen-bls-key bls-keypair.json
This creates a 32-byte private key stored as a JSON array format.
Keep these keypairs safe and private. Back them up to a secure location outside your VPS - you’ll need them to restore your node if something goes wrong. Never share them with anyone.

Step 4: Fund Your Accounts

Your node and callback accounts need Devnet SOL for transaction fees.
The Devnet faucet has rate limits. Request only 1-2 SOL at a time and wait between requests if needed.
Fund each account and verify the balance: 
# Fund and verify node account
solana airdrop 2 "$(solana address --keypair node-keypair.json)" -u devnet && \
  solana balance "$(solana address --keypair node-keypair.json)" -u devnet

# Fund and verify callback account (needs more SOL for computation fees)
solana airdrop 2 "$(solana address --keypair callback-kp.json)" -u devnet && \
  solana balance "$(solana address --keypair callback-kp.json)" -u devnet
If the airdrop doesn’t work, use the web faucet at faucet.solana.com instead - it’s often more reliable than the CLI.

Step 5: Initialize Node Accounts

Now we’ll register your node with the Arcium network by creating its onchain accounts. This step tells the blockchain about your node and its capabilities.
Set your Solana CLI to Devnet once so you can avoid passing --rpc-url <rpc-url> repeatedly: solana config set --url https://api.devnet.solana.com
For guidance on choosing a reliable endpoint, see the Devnet RPC Provider Recommendations. Use the init-arx-accs command to initialize all required onchain accounts for your node: 
arcium init-arx-accs \
  --keypair-path node-keypair.json \
  --callback-keypair-path callback-kp.json \
  --peer-keypair-path identity.pem \
  --bls-keypair-path bls-keypair.json \
  --node-offset <your-node-offset> \
  --ip-address <your-node-ip> \
  --rpc-url https://api.devnet.solana.com

Required Parameters:

  • --keypair-path: Path to your node authority keypair
  • --callback-keypair-path: Path to your callback authority keypair
  • --peer-keypair-path: Path to your identity keypair (PEM format)
  • --bls-keypair-path: Path to your BLS keypair (JSON array format)
  • --node-offset: Your node’s unique ID number on the network. Choose any unique number. If you get an error during setup saying your number is already taken, just pick a different one and try again.
  • --ip-address: Your node’s public IP address
  • --rpc-url: Solana Devnet RPC endpoint
If successful, you’ll see confirmation that your node accounts have been initialized onchain.

Step 6: Configure Your Node

The configuration file specifies which network to connect to, how to communicate with other nodes, and various operational settings. Create a node-config.toml file in your arcium-node-setup directory: 
[node]
offset = <your-node-offset>  # Your node offset from step 5
hardware_claim = 0  # Currently not required to specify, just use 0
starting_epoch = 0
ending_epoch = 9223372036854775807

[network]
address = "0.0.0.0" # Bind to all interfaces for reliability behind NAT/firewalls

[solana]
endpoint_rpc = "<your-rpc-provider-url-here>"  # Replace with your RPC provider URL or use default https://api.devnet.solana.com
endpoint_wss = "<your-rpc-websocket-url-here>"   # Replace with your RPC provider WebSocket URL or use default wss://api.devnet.solana.com
cluster = "Devnet"
commitment.commitment = "confirmed"  # or "processed" or "finalized"
If your node is behind NAT or a cloud firewall, ensure ports 8001 and 8002 are forwarded and allowed inbound on your public IP. Use your public IP for --ip-address during initialization; network.address controls the local bind address. Using "0.0.0.0" ensures the process binds to all local interfaces while peers connect to the public IP you registered during init-arx-accs.

Step 7: Cluster Operations

Clusters are groups of nodes that collaborate on MPC computations. For background on cluster concepts, see Clusters Overview. Most testnet operators should join an existing cluster. Only create your own cluster if you’re coordinating a group of nodes.
  • Join Existing Cluster
  • Create New Cluster
To join an existing cluster, you must first be proposed by the cluster authority. Once proposed, accept the invitation:
arcium join-cluster true \
  --keypair-path node-keypair.json \
  --node-offset <your-node-offset> \
  --cluster-offset <cluster-offset> \
  --rpc-url https://api.devnet.solana.com
Parameters:
  • true: Accept the join request (use false to reject)
  • --node-offset: Your node’s offset
  • --cluster-offset: The cluster’s offset you’re joining
You cannot join a cluster unless the cluster owner has first proposed you using propose-join-cluster.

Submit Aggregated BLS Key (Required After Cluster is Full)

The command will verify that all cluster slots are filled before submitting. If nodes are still pending, it will fail with an error.
Once all nodes have joined the cluster, one node must aggregate and submit the combined BLS public key. This enables threshold BLS signatures for computation callbacks: 
arcium submit-aggregated-bls-key \
  --keypair-path node-keypair.json \
  --cluster-offset <cluster-offset> \
  --node-offset <your-node-offset> \
  --rpc-url https://api.devnet.solana.com
Parameters:
  • --keypair-path: Your node authority keypair (must be a node in the cluster)
  • --cluster-offset: The cluster’s offset
  • --node-offset: Your node’s offset within the cluster
Only one node needs to run this command. The CLI will automatically fetch all node BLS public keys from the cluster and aggregate them.

Step 8: Deploy Your Node

Before running Docker, prepare your environment and verify you have all required files: 
mkdir -p arx-node-logs
ls  # Should show: node-keypair.json, callback-kp.json, identity.pem, bls-keypair.json, node-config.toml
Now start the container: 
docker run -d \
  --name arx-node \
  -e NODE_IDENTITY_FILE=/usr/arx-node/node-keys/node_identity.pem \
  -e NODE_KEYPAIR_FILE=/usr/arx-node/node-keys/node_keypair.json \
  -e CALLBACK_AUTHORITY_KEYPAIR_FILE=/usr/arx-node/node-keys/callback_authority_keypair.json \
  -e BLS_PRIVATE_KEY_FILE=/usr/arx-node/node-keys/bls_keypair.json \
  -v "$(pwd)/node-config.toml:/usr/arx-node/arx/node_config.toml" \
  -v "$(pwd)/node-keypair.json:/usr/arx-node/node-keys/node_keypair.json:ro" \
  -v "$(pwd)/callback-kp.json:/usr/arx-node/node-keys/callback_authority_keypair.json:ro" \
  -v "$(pwd)/identity.pem:/usr/arx-node/node-keys/node_identity.pem:ro" \
  -v "$(pwd)/bls-keypair.json:/usr/arx-node/node-keys/bls_keypair.json:ro" \
  -v "$(pwd)/arx-node-logs:/usr/arx-node/logs" \
  -p 8001:8001 \
  -p 8002:8002 \
  arcium/arx-node
Ensure ports 8001 and 8002 are open in your OS and cloud provider firewalls.

Step 9: Verify Node Operation

Check that your node is running correctly:

Check Node Status

arcium arx-info <your-node-offset> --rpc-url https://api.devnet.solana.com

Check if Node is Active

arcium arx-active <your-node-offset> --rpc-url https://api.devnet.solana.com

Monitor Logs

If using Docker: 
docker logs -f arx-node

Devnet RPC Provider Recommendations

For better reliability, consider using dedicated RPC providers instead of the default public endpoints. Free tiers are sufficient for testnet - paid plans are NOT required. Recommended providers:
  • Helius - free tier works perfectly for testnet
  • QuickNode - free tier works perfectly for testnet

Troubleshooting

  • Verify all keypair files exist and are readable
  • Check that node-config.toml is valid TOML
  • Ensure your IP address is accessible from the internet
  • Verify you have sufficient SOL for transaction fees (5-10 SOL for callback authority, 1-2 SOL for other accounts)
  • Check that your RPC endpoint is working
  • Ensure node offset is unique
  • Verify you’ve been invited by the cluster authority
  • Check that cluster has available slots
  • Ensure your node is properly initialized
  • Verify Docker is running
  • Check file permissions on mounted volumes
  • Ensure ports are not already in use
Need more help? Join the Arcium Discord for community support, or review the installation troubleshooting guide.

What’s Next

Once your Testnet node is running successfully: