In a significant development for the Bitcoin Lightning Network, the Validating Lightning Signer (VLS) the beta version has been announced, aimed at addressing growing security concerns within the network. The VLS solution, an open-source Rust library and reference implementation, separates a user’s private keys from their Lightning node, providing an additional layer of protection against potential compromise and theft of funds. According to the announcement, VLS offers a level of security unmatched by other solutions in the ecosystem.
“We are thrilled to announce the VLS beta, a major step forward for Lightning Network security, and we are excited to share it with developers and businesses across the Bitcoin ecosystem,” the VLS team said. They encouraged developers and businesses to try out the beta version of VLS, participate in the feedback process, and test the software with sample CLN or LDK nodes to help improve the security of the Bitcoin Lightning Network.
The beta version of VLS introduces various features designed to guard against malicious nodes and improve user protection. These features include working with CLN and LDK, encrypted cloud state backup, disaster recovery capabilities, a full set of Layer 2 and Layer 1 validation rules, heartbeat generation, and a checklist. authorization for approved destinations. However, it is important to note that although VLS is protected against common ways of stealing users’ funds, it may not cover all possible scenarios of losing funds. Therefore, the team advises to run VLS in testnet or with limited funds until production release.
VLS offers a unique approach to Lightning Network security by sequestering private keys and secrets in hardened policy signature devices. The reference implementation in Rust ensures that proposed transactions can be securely signed by applying a comprehensive set of validation rules. By incorporating UTXO Set Oracles to provide evidence of unspent UTXOs, VLS provides additional protection even in the event of a complete node software compromise.
Going forward, the VLS roadmap plans to run signers on resource-constrained platforms, improve on-board processor performance, and add features like expanded BOLT-12 support. and VSS integration. Additionally, the team aims to enable the use of multiple signers using multi-sig with Lightning keys, pending the maturity of key protocols like Taproot, MuSig2 and FROST.
The VLS beta represents a significant step forward in securing the Bitcoin Lightning Network and holds promise for developers, businesses, and users looking for better protection of their funds within the network.