Validating Lightning Signer Separates Node Keys – Bitcoin Magazine
Below is a direct excerpt from Marty’s Bent Issue #1264: “Don’t underestimate human creativity.” Sign up for the newsletter here.
It’s true what they say: Bear markets are for building. Here’s a shining example of that via the Sphinx team showing that their Lightning node leverages the Validating Lightning Signer architecture, which separates the keys from the Lightning node using a dedicated signing device. That’s what’s pictured above: the little device hanging out of the socket.
“Why the hell does this matter?” Very good question, freak. Up until this point (well actually earlier this year when Nodl came out with their Nodlito project), running a Lightning Network node has been a very cumbersome process due to the need for 100% uptime to facilitate payments. This need for uptime has pushed many enterprise-level Lightning users to run their nodes in the cloud using server farms that can meet the uptime requirements. This is a bit worrying because it means that these Lynnodes are a bit of sitting ducks. Since it has been common practice up until this point to house the node and keys that allow users to access their Lightning channels in the same hardware, it would be trivial for a motivated attacker to identify and confiscate dedicated Lightning hardware sitting in server farms across of the world, which effectively allows the attacker to confiscate a user’s bitcoin.
Enter schemes like Nodlito and Validating Lightning Signer, which bring a new way of doing things to the market. Instead of housing the keys and the node in the same hardware, thus creating a central point of failure, these projects aim to equip users with the means to separate the two functions and give those users back full control of their bitcoin by ensuring that they can physically hold their keys using dedicated hardware that communicates with the node running in the cloud. Yes, the hardware running the node on a particular server farm can be shut down, but the user will still have their keys and thus access to bitcoin.
This is what the Validating Lightning Signer architecture looks like:
If this type of Lightning node setup becomes common, it could really open the doors for more individuals to participate in building out the network without having to worry about running their own node hardware. Obviously, the most sovereign way to participate in the Lightning Network would be to run your own node, but the uptime requirement to be a legitimate node operator prevents a significant amount of people from fully participating. It seems to me that this is a decent trade-off to get more people to run their node software in the cloud. Yes, these cloud providers are centralized entities. But if you are able to keep your keys, you can operate with the peace of mind that you always have access to your money. And with more freedom-focused cloud providers like Nodl hitting the market, the options available to Bitcoiners seem to be expanding.
Regardless, this kind of architecture is very encouraging to see, and it highlights something that I think many critics of Bitcoin and many die-hard Bitcoiners overlook: The creativity of people building on Bitcoin, Lightning, and every other part of the stack will continue. to surprise us. There is no one on the planet who can tell you what the stack will look like and exactly what it will yield in the future. This is why I often think it’s silly when people take a snapshot of cross-stack activity today and try to project future activity onto the network. We don’t know what we don’t know. And what we don’t know will continue to push the design landscape of what can and will be built on Bitcoin in the future. And that future looks very bright!