VLS Documentation (v0.13)

Improving Lightning security with fully validated remote signing.

You can go directly to the code repository for VLS.

You can also go to the VLS website.

Motivation

Lightning nodes are in effect hot wallets with substantial balances that must stay on-chain to provide channel liquidity.

Proposed Solution

We propose to sequester the private keys and secrets in one or more hardened policy signing devices. We have a reference Validating Lightning Signer implementation in Rust. It currently has a gRPC interface, but other APIs are possible.

When run in external signing mode the Lightning node would use an alternate signing module which replaces signing with proxy calls to the policy signing devices.

The external signing device applies a complete set of policy controls to ensure that the proposed transaction is safe to sign. Having a complete set of policy controls protects the funds even in the case of a complete compromise of the node software. This will require some overlap in logic between the node software and the policy signer.

Diagrams

Transaction Signing Diagrams

Roadmap

The development of this approach has several distinct stages. You can see the project roadmap here.

Chat

You can join us on Matrix.

Documents

• Securing Lightning Nodes

• Lightning Signing Policy Controls