Validating Lightning Signer v0.13.0: Enhanced Configuration, Better Testing and Security
Validating Lightning Signer (VLS) is a library and reference implementation for a signer module to secure Lightning nodes. It separates your Lightning private keys and security rule validation from your Lightning node into a separate signing device, enhancing security by reducing the attack surface.
"We're thrilled to announce VLS v0.13 "Celestial Citadel"! This release brings a fresh wave of improvements designed to enhance configuration, boost security, and streamline our core functionalities," announced the project.
Download VLS v0.13 and try it on testnet. Highlights of this release include:
- Enhanced Configuration. Users can configure SimplePolicy values via
vlsd2.toml. - Robust Core Improvements. New methods for channel ID derivation and tighter controls on database IDs to safeguard channel creation.
- Better Testing and Security. Added basic fuzzing for
vls-coreand updates to critical components like the STM32 signer and time crate. - Streamlined Architecture. Refactored lightning-storage-server and updated dependencies (including LDK 0.0.123 with
rust-bitcoin0.30) for improved performance and maintainability.
"While we address common LN attack vectors, v0.13 isn’t a full production release yet. We recommend using it on testnet or with limited funds until you’re comfortable it covers your use case," said the project.
- Upcoming updates for the project include Disaster Recovery, extended protocol support, and advanced multi-signer capabilities.
- Developers and Lightning enthusiasts are invited to test the release with a sample CLN or LDK node, and share feedback and join the discussions on Matrix and GitLab issues page.
What's new
- configure SimplePolicy values using vlsd2.toml.
- fuzz: basic fuzzing of the vls-core crate.
- developer flag for dev messages and fields.
- core: oid derivation for ldk channel id.
- protocol: implement
sign_holder_htlc_txfor LDK / phase-2 code path. - core: Add new and oid methods to ChannelId and remove the
oid/channel_idutility methods. - LSS: split lightning-storage-server into library and lssd.
- deps: update to LDK version 0.0.123 with rust-bitcoin 0.30.
- removed sled references.
- fix: core: enforce dbids are monotonic when creating channels to protect against reuse.
- fix: core: use peer node id for channel creation.
- fix: stm32 signer for latest nightly bump relevant deps.
- fix: missing macros feature on time crate.
Learn more about the VLS project here.
