Stacker News AMA

**Title: We are the team building the Validating Lightning Signer - Ask us anything AMA** Hello fellow stackers! 👋 We are the team working on the [Validating Lightning Signer (VLS)](https://vls.tech) FOSS project: @devrandom, @ken6, @JackRonaldi VLS is a nifty piece of software that helps boost the security of the Bitcoin Lightning Network. 🛡️ Here's how it works: usually, your private keys are stored on your Lightning node, but if a hacker gets into your node, they could snatch your funds. To avoid this, VLS keeps your private keys separate from your node. So, even if the bad guys compromise your node, your funds are safu. VLS doesn't stop there, though. When you're making transactions, instead of your lightning node signing the transactions internally, they are forwarded to VLS running on a secure signing device. VLS double-checks everything and confirms that the transaction does not steal or lose funds before it signs. This extra layer of security significantly reduces the attack surface for a lightning network user. It's a real game-changer. Plus, VLS opens the door to using multi-signature setups in the Lightning Network, much like the multi-signature wallets you might know from Bitcoin L1. The idea here is that, just like a bank vault needing two keys to open, a transaction would need more than one signature to go through. This makes it even harder for anyone with bad intentions to get their hands on your funds. Topics to ask us about: * What is VLS? * Why is VLS important? * How does VLS work? * How can I try VLS? * How do we work with you? * What does our roadmap look like? * Wen multi-sig? * What is the airspeed velocity of an unladen swallow? * What is the answer to the ultimate question of the life, the universe and everything? We'll do our best to answer questions for the rest of the day. Let's go! ⚡️ ## Questions from social media & other places so far **We can use these to get ready for the AMA** 1. **Which node implementations will VLS work with?** CLN yes, LDK yes, LND maybe someday, ACINQ maybe someday 2. **Will VLS work on an NFC card?** **[ken - I don't think an NFC card w/o a display is a good idea]** We have not tested this ourselves. Here are the technical requirements to be able to run a VLS signer: * 3. **If a channel peer tries to cheat in Lightning and you have a multi-sig setup, do you need a quorum of signers to publish the justice transaction to the blockchain?** Yes, you would need a quorum of signers to publish the justice transaction to the Bitcoin blockchain 4. **How is this different from what Greenlight is doing?** It's not ;) Greenlight is using VLS to separate the signer from the Lightning node. 5. **Why do I need VLS if I already have my Lightning node on an Umbrel at home?** That's a ultimately a personal decision for each Lightning network user wrt to how much risk they are willing to accept. Some users may be ok with keeping small amounts of funds on an Umbrel or similar product, without worrying about theft or malicious nodes. Users who are worried about this can run VLS on a signer for as little as $10. 6. **What's the use case? Who are the target customers?** Bitcoin Lightning companies, or merchants/enterprises accepting a large volume of payments over Lightning would find value in VLS because it would help to secure their funds (they can store their keys on a hardened server or HSM), and would also allow them to segregate duties between the node operator and the person (people once LN multi-sig is ready) who holds the keys. 7. **Will we release a BOLT for this?** We are looking into releasing a [BLIP](https://github.com/lightning/blips) for VLS. 8. **What are the bandwidth requirements of a Validating Lightning Signer (VLS)? Is it fairly low/intermittent? Is it safe to operate one over mesh or radio?** [Have we measured this? ken - I don't think we have measured this yet, certainly depends on the activity level of the node] I think it's safe to operate over mesh or radio ... but there are privacy issues. 9. **Can VLS be installed on current LN nodes or do we need to install a new node from scratch?** There is currently no mechanism for migrating a non-VLS node to using VLS; it needs to capture important parts of the channel state as the channel progresses. 10. **How's the LDK integration look like right now?** We have a [sample LDK node running VLS](https://gitlab.com/lightning-signer/lnrod) built. We would be interested in working with a team that is using an LDK based node and needs VLS functionality built in so that we can flush out any remaining requirements to have this production ready. 11. **How does VLS compare to the ACINQ solution or the LND signer from NYDIG?** We are working to understand the security solutions that ACINQ and LND teams are working on, and will report back when we have more info. 12. **When will Lightning multi-sig be ready?** This depends on the maturity of the Lightning network implementations of Taproot, Musig2 and FROST. We expect this is at least 12 months out. 13. **Can you run VLS in the Apple Secure Enclave or Android Trust Zone of a mobile phone?** Not yet. We are looking for developers with Apple Secure Area or Android Trust Zone expertise who can help us to configure VLS to run within these environments. 14. **Can I run VLS on Umbrel/MyNode/Raspiblitz/Start9 Embassy?** Not yet. We are looking for developers who can helps us build VLS docker images so it can work on Docker compatible services like Umbrel. 15. **Does VLS work with LND? If not, when will it support LND?** LND does not currently support VLS, we'd love to help make that happen.