Open-Source Lightning Innovation with Ken Sedgwick from VLS – Blockstream Talk 30

Welcome back to blockchain talk today We're speaking with Ken Cedric from VLS The validating lightning signer project An open source project looking to build A body of software that anyone can use To improve the security of lightning Nodes through fully validated remote Signing the basic concept is to split Out private keys from the node by asking A remote signer to sign the necessary Messages allowing VLS to protect the Node's funds even if the node itself has Been completely compromised Ken Discusses why operating a lightning node Is significantly more challenging than Operating a Bitcoin hot wallet and how One application could be having VLS Software running in a signing device Lightning network security is probably Not an issue at the Forefront of a lot Of users Minds at the moment but given The growth of the lightning Network both In terms of total Bitcoin capacity and Just broader market adoption this is an Issue that will probably be more in Focus and have more attention paid to it Over time especially as we get more Retailers more users and more bigger Nodes on the network I think Ken does a Really good job communicating some of These rather complex ideas enjoy the Show and let us know what you think in The comments below Thank you

I show You how To Make Huge Profits In A Short Time With Cryptos! I show You how To Make Huge Profits In A Short Time With Cryptos! Welcome to the Future of Money

Thank you Ken welcome to the show thanks it's Great to be here good to have you to Start off do you mind giving us a quick Introduction to who you are and what You're working on now my name is Ken Sedgwick and I'm working on the VLS Project I was a consultant for many many Years got into Bitcoin around 2013 wrote A Android wallet because I wanted to Learn how it worked actually my goals Were to learn things and meet people I Think I succeeded in both of those the Wallet didn't go very far but I did meet Dev random who's the other uh co-founder Of the VLS project and we've been Working on and off on many different Projects since but this is the most Serious and BLS has been going on for I Think three years and a bit I've watched One of the presentations that you have Online and I think this is maybe a good Way to get into kind of the security Focus of VLS what makes running a Lightning node more challenging than say Running a hot wallet for Bitcoin um so The the main strategy for an exchange or A broker or anyone who's dealing with a Significant amount of Bitcoin and a hot Wallet is to keep most of the funds out Of the house so Typically in exchange you'll have 95 or 98 of their funds cold at any time and They only move into the hot wallet what

They need for a given Um day's activity or weeks activity or Or you name it Um and that works very well because if a Hacker attacks they get two percent or Five percent or something so they don't Get it all now lightning doesn't work That way in order to make lightning Useful the liquidity needs to be tied up On the chain on chain and it needs to be Able to move funds by re-signing Commitment transactions and exchanging Them with your channel peer sort of at Any time uh for example if the fee Market changes that will cause Commitments to get Rewritten today so That they have different fees So those funds need to be online hot They cannot be removed they can't be Cold and if you took like an online Retailer or a really big company that Had say a million channels each with a Hundred dollars in it now you've got a Hundred million dollars on a server or Collection of servers which is connected To the internet and is busy you know Chatting with peers you know uh uh fear Ferociously so that's an actual pretty Challenging uh security environment uh You can't make it cold and you have lots And lots of communications going on There's lots and lots of features being Added to the code so the code has a Pretty rapid velocity

Um So Dev Rendon my and I looked at that And decided that that was pretty scary We had to do something about it and Since you can't take the funds cold Which is what the basic approach is Usually going to be with layer one in Layer Two instead we're going to try to Protect the keys and protect the signing Operation so not just keys but any other Secrets that are involved are kept Separate from the node and when the node Needs uh signing operations or other Similar operations it submits them to The signer and the signer signs them and In this fashion the signer can be run in A a compute environment which is much More controlled so it may have many Fewer processes isn't communicating with Any any other things uh in some cases You can connect a small embedded Processor with a Serial line to Um a node and then that becomes really Difficult to attack so this seems like Overtime is going to become a bigger Issue right because if you look at Lightning network capacity in Bitcoin Terms it's just still up and to the Right right so all of these nodes Presumably are getting bigger and at the Same time we're getting more nodes added To the network all the time I mean the Lightning network is still very very Early and so the attack targets aren't

There in In other words we have to prepare for The future because the future gets Harder and harder as as more and more Money is stored on a machine Um then it becomes more and more of an Attractive Target so if there's again a Hundred million dollars on a machine Then a hacker can spend a million Dollars doing you know various things Um and still it's well worth it as well To attack that machine when there's only Fifty thousand dollars on a machine the Hacker is probably not going to try very Hard so we haven't seen the attacks that We're going to see and we need to get Ready now okay that was going to be my Next question I was going to ask if There's been any big security events on The lightning Network because I don't Think I've really you know nothing comes To mind when I think about it has there Been anything like that yet or is this Something we're kind of future proofing It we're getting ready for something That could potentially happen later on We're getting ready I'm not aware of any Large-scale theft going on Um there were definitely a couple Gotchas that we had you know last year With uh but they're Technical and so Various nodes stopped working and had to Be quickly serviced but no money was Stolen to my knowledge you know when I

Think of some of the the biggest nodes Like bitfinex I think is is the biggest Node in lightning is that you know Obviously a very sophisticated security Focused player but I guess as we get Develop more and we get more you know Retailers or people that don't have you Know the security paranoia and expertise That someone like bitfedex would have That that's going to become increasingly Important right yeah the Evolution for Especially folks who are new to the Lightning network is especially steep so Maybe you're a publisher and you just Try an l402 Gateway in front of your Material and then suddenly you're Getting some Bitcoin everything is great But then someday you start getting a Bunch of Bitcoin maybe you're getting You know 50 000 a day and it's building Up Um suddenly it becomes a concern because You don't want to you know you don't Want to learn the hard way so is that What motivated you for the development Of VLS was that you saw the market Moving in this direction lighting Network getting bigger and bigger and Then there was nothing out there to Really help protect people from a Security perspective that's right it Seems like the fundamental best Principles that are used in other Domains for security needed to be

Applied here now there's what we're Doing is not you know that novel really It's really sort of a standard idea Um but it was actually challenging with Lightning because lightning simply Removing the signing operation is not Good enough and maybe we should spend Some time on that is that uh sure yeah This is blind signing versus uh so it One thing you could do is remove the Signing operation to a separate box and Then the separate box would just sign Everything and that's actually fairly Easy to do and straightforward and had Been done before but the problem is is If the hacker takes over the node then He can submit Various kinds of malicious messages Um the first thing you can do is just if He has access to the RPC he can just Send money to his own address and the Signer will happily sign it and then you Know there you go so another one is he Could propose a closing transaction Um which didn't fairly put either didn't Give you your correct share of the uh The channel split or sent it to the Wrong place So pretty quickly you realize that all The signing operations have a burden That you have to understand what they Mean and you have to know what the Current state is and so you can say all Right if the signer was 40 me if the

Channel was 40 me and 60 you and we go To close it and I get 40 you know modulo Fee and you get 60 then that's okay Because I am getting the beneficial Value from this Channel that I expect And so the signer can sign that but if It sees some other uh horrible mix then It um would not sign that so the idea Essentially is that even if some sort of Malicious actor gets complete control of Your node you're still safe that's Correct our our basic security model is That your node has been compromised and So that's a very scary Um uh thing But by using that as our assumption That's our security assumption for the Most important security level we have Then we have to cover a lot of gaps we Have to go find all the openings and Make sure that we're checking in those Situations that uh money can't leak Money Can't leak Um there's two kinds of issues there too As well uh one is that the hacker might Try to steal the money meaning send it To themselves who do you think is the Primary audience for VLS at the moment Is it is it retailers is it individual Users is it like um you know exchanges Giant nodes well an interesting thing About the um the VLS project and this Didn't occur to us originally originally We were thinking about Enterprise so the

The thing we were thinking of was the Large retailer with 100 million dollars In a machine Let's Go provide something To make that safe but then along the way Someone said oh wow so you've extracted Just the state you need to do custody Um And therefore you're as small as Possible and establishing custody in Terms of state and amount of size and so Then this allows consumer devices which Might you know be a ten dollar Um uh EPS 32 device can now be run the Signer and then the node can be in the Cloud that seems like a really good uh Division of labor because the node has To gossip needs good you know all sorts Of bandwidth and stuff like that and Then the signers can just take care of Making sure the funds are safe and when You're talking about signing devices are You are used to talking about things Like tresors or ledgers or Jades or is It other kinds of Hardware once we Figured that out we said how small can We make it so we've been playing with Um these which is an stm32 relatively Small uh I don't know how much memory a Trezor or a jade has but the screen for Example is exactly the same size as the Trezor and I actually trezor may be an Stm32 I'm not positive I think Jade is An stm32 Anyway by using a sample piece Of of gear we can then make it as small

As possible and then tell you how many Channels you can have for x amount of uh RAM So yeah you can't have a large routing Node running on one of these small Devices but you don't need one you might Need a dozen channels and you know Moving money a few you know a dozen Times a day so what what is the status Of VLS at the moment are you guys in Beta or is it is it is it ready to go or So in uh June of this year we did a Beta Release and the Beta release was defined As protects your money you know in in as Many ways as possible so it was the bulk Of the protection is in the Beta release And then what we're working on now is Tuning in various specialized uses which Need extra attention so we just finished And or it's not quite released we have An rc1 Of our low reduced resource signer Release so that's meant to run on Smaller things Um a future roadmap item will be to tune It for throughput so that if you're an Enterprise and have a a Cost is No No Object but the question is How can we make the software scale so That if multiple channels are doing Things simultaneously that that can Happen inside the signer simultaneously Get the most routed packets per second Or most received payments per second

Um I don't know if anybody needs to do Bulk sending yet uh that sounds spammy To me but But I could see that publisher that we Were talking about receiving you know Thousands of payments a minute and it Needs to keep up and all of that is Great and so that's we'll have to tune For that and make sure that that that Works yeah I'm sure there's an Application for bulk spending somewhere I'm sure there's a legitimate Application other than yeah It works well at least you're spending Right so yeah that's right yeah there's An economic cost right so yeah and then There are other specialized things so For example routing nodes have some Special policies that we want to work on In particular routing nodes need to be Balanced and they uh you know so the cup There's a couple of administrative Operations that happen on them and the Signer can be given some features which Makes that easy so for example with a Loop out there's a way to prove to the Signer uh that that Loop out is Legitimate and it should send the funds To the loop out Target Um without having to write without a User having to manually approve it every Time I should have mentioned this at the Beginning in the introduction but you Guys are not a company right this is an

Open source project just a project not Not a company at this point Um there isn't a non-profit for you know Whatever organizational region uh Reasons but we are not employees of a Company Um and we're just all contributing Trying to make it make it happen and What about Disaster Recovery um you know If somebody loses uh you know there's Node failure or something like that what Are your plans and abilities in that Kind of situation so our Charter there is to recover in all Situations uh there's actually quite a Few different situations so I should List which ones we're doing now and then Which ones are are on the drawing board The basic Now versus drawing board is Um sometimes you can run a signer in What rust calls STD mode which means it Has access to standard Unix unixie Features like sockets and clocks and Lots of memory and you can write to Disks and things like that when you're In STD mode the signer can do the Recovery itself so you let's say you're Signed you're going along talking to a Node doing your signing and stuff and Then for some reason you decide that the Node is malicious and you no longer want To work with that node you could then Recover your funds by starting the Signer with a command line option and it

Will go and close your channels and Sweep the funds back to the to the Wallet which you control uh that that Works today that's what we've got Another very important thing which which We still have to do is to make it so That if you have an embedded signer or Very small signer that It's not going to be able to connect to The network directly you know on and on And on but what you can do is connect it To a recovery node so you can have a Node whose only purpose it's a program That you run which opens the socket to Talk to the signer but it's only goal in Life is to you know uh liquidate the Wallet close the channels and get your Your funds back Um there's several more subtle things if You are an Enterprise and have your Nodes Exquisitely backed up so you can if a Node fails you could connect to a Different one and it would have the the Correct state which is no small matter In lightning because even in the Slightest difference in state would Cause problems if you've got that Situation the signer can just connect to The new node and all will be well there There's different kinds of failures so Sometimes you just lose everything And other times you're being attacked so Let's take the case where the signer

Itself fails one feature which is in our Beta is that we store State externally As well as local so we're persisting Locally onto whatever storage your Particular signer has but we're also Sending back uh modif any state Modifications to an LSS or VSS server so These are cloud storage servers Basically key value Collections and their version so they Know very carefully that you're being Returned the correct version of Everything uh of course everything is Encrypted and there's an hmac so that we Can tell that the data that you're Getting back was the same data that you Sent out So using that if you had a small Embedded device an esp32 and it died and You could get a new one and then you Would uh you would have to restore your Seed so the the operator will have one Backup Duty which is to record the seed In any of the conventional ways so you May choose to convert it to mnemonics And Hammer it into steel or you know you Might write it down on a Post-It and put It Um but anyway you start with a new Signer you would imbue it with the seed You put the seed in it and then point it To uh the storage server and then it Would be able to recover its state Completely and then continue operating

And what about green light have you guys Um done any work with integrating with Green light absolutely we are the signer Inside green line so green light and the Ls project are tightly bound Um we're delivering uh Software versions to them and handling Bug fixes and so on and so forth so That's all coming out you know any day Now so the green light concept is that The bulk of the the node is in the cloud And then the individual has only the Smallest amount necessary to maintain Custody themselves and uh Initiate operations safely so the green Light has a thing called a green light Client GL client and that has the VL Assigner built into it and so It's a little bit like a uh the green Light client will issue commands via Grpc to the green light node and say Hey I want to do this and the node will go Off to make it so but at the point where It needs the signatures it then will Call back to the signer which is in the Glient and say please sign this now the GL client can tell that that message was This pertains to the the command that it Initiated And so it can approve it Um And then the the process goes on so that That's the basic structure can you Explain how utxo oracles work and what

They and what they offer in terms of Security the idea of the utxo set Oracle Is to it to um mitigate a very specific Problem so the the problem is what's Called an eclipse attack so if you've Got a lightning node or a Bitcoin node Or um even a signer Um an eclipse attack means we we cut you Off from the world and and so you don't Have any view of any progress you can't See what's going on you then can do Things Which are bad and the signer can't Respond so for example you could reach a Channel and claim the funds and the Signer can't see it so Um we needed to make sure that the Signer was not breached and we needed to Make sure that it could trust Um what was in the blockchain what what Transactions had happened and could Trust that some had not happened Um so what we do what you do is you take You make an oracle you take a Bitcoin Demon and it builds a data collection Which contains all of the current utxo Set and then it attests to the root of That in a Merkel fashion you know think Bitcoin and it uses compact filters much Like neutrino does it's the same filter Technology Google sets but it's tuned Slightly differently because we're Actually doing something a little Different with it and it builds a proof

Which can then be submitted to the Signer and so the signer can validate The signature uh this is an oracle that I trust and then it can look at the Proof and say okay at this time this Block was the the tip and I can be sure That the utxos that I'm interested in Um did not happen in that block so let Me spend a second on how that works Um normal compact filters are used by Wallets when they're watching things and Want to know when something happens to Them so you're watching your your utxos In your wallet we have situations where We need to know that Um Need to prove that something didn't Happen So that a utxo you care about is not in This block and so we and we invert that In these differently tuned compact Proofs and so if you look at these Proofs and say okay I'm interested in This utxo and this one then if they're Not in there they didn't happen Um There can be false positives if you have A false positive with that kind of proof Then you have to look at the whole block And say yeah my stuff isn't in here but Those are are rare and tunable so we can Make sure they're rare Um Anyway it's a long-winded story but what

It means is that even if you're an Embedded signer with relatively little Resource the The front end of the VLS system which is Running outside the embedded signer can Gather together the information it needs From the utxo set oracles and give you a Proof which you can then use to make Correct decisions about whether a Channel is correctly funded for example Or the something something hasn't been Spent yet you treat XO project a Different project Is also working on a similar or perhaps The same I think their project would Work for us but it's not complete so we Had to do our own thing Um so they're a new thing people we do Not have utxo set oracles today although They would be a good thing and I think Once there are utxo set oracles many Different applications will be able to Take advantage of them because they Allow you to be up to date on the Blockchain state without having a lot of Resources yourself and in terms of the Validation rules implemented in VLS how Can they protect against potential Exploits or fraudulent activities so There's a lot of rules over 50 or Something um And they apply in a lot of different Cases so the closing transaction example I gave earlier you need to make sure

That you get your fair share out of the Closing transaction if you're a routing Node and someone Wants you to send some money to Downstream you need to be able to look Upstream and say ah yes that's because I Received just a little more than that Over here so that's legit and I'm gonna Uh make a little bit not lose anything If I do this Um so all of the rules in essence are Doing but most of them are doing that Another thing that they can do is make Sure that things are well formed so node Peers exchange commitments and you're Protected by the uh commitment that your Counterparty has signed because if you Have to you can sign it yourself and Then go on chain But if they've given you something Invalid In that commitment that they shared with You actually what they're really sharing Is the signature so if a signature is Not valid then Um that's not good you can't actually go Forward you have to uh Rectify that Right where you are because you don't Have a valid uh claim point if you want Think of it that way so so the VLS has Several additional messages which are Not classic signing operations so uh When the peer sends a new version of a Commitment uh the node has to give it to

To VLS even though it doesn't need to be Signed but VLS needs to see it so that It can uh know that it's okay to to Allow the state to to move forward on That channel uh similarly when the Counterparty revokes their current Commitment an old commitment we need to See the revocation to make sure that it Correctly revokes the uh old commitment And could be used in case of a um a Breach what is the road map for Developing VLS further what do you guys Have planned in the pipeline well There's a lot of stuff Um one thing we have to do is keep up With lightning protocol changes so uh This month you know so we've done we've Done both low level bolt 12 support There's high level bulk 12 support which Is coming Um but it's not strictly necessary to Operate the high-level bolt 12 support Is along the lines of saying I want to Approve Spending ten dollars over the next two Days because I want to watch this movie And that's going to be in a series of Invoices you know maybe hundreds or Thousands as I watch the movie today Those need you need to work out some way To approve all of those but we'd like to Add a high level both 12 approval where You can approve high level Concepts and Then we'll work it out in the signer to

Make sure oh yeah this is a sub payment For that so that's okay other new Features uh core lining just released uh Splicing uh core lightning now uses uh P2 tap uh P to tr so uh pay to Tap Root Addresses in the for its wallet Operations uh that's not full uh hybrid Support for the commitments yet that's Still coming but for the wallet Addresses when you're holding money in The online wallet they've switched using Taproot what about multi-signature Capabilities that's big everybody wants That and for a couple different reasons Um let's see one let me go over the Reasons why you want it why is it cool So the idea is uh in addition to Removing the signer from the the Taking the keys and secrets and moving Them out of the node you then split it In five ways for example and make a Multi-party computation so as long as Any three of them are honest and Cooperating you can sign things but no One of them has anything uh has all the Required Secrets uh in order to do Anything by itself so you have to have Three cooperating or four you know you You mix these as appropriate for your Thing so it could be much more secure You can build a signer which even can be Parts of it can be attacked but the Whole thing still continues to operate Another reason why multiple signing

Might be cool is you might have signers With different Um Policies or different so imagine more of A green wallet kind of thing where You've got a signer at home which is on All the time and always accepts funds And can do you know sort of stuff that You're not worried about uh Automatically then you've got a signer On your phone on phone which you can use To instigate larger payments and so on And so forth maybe you've got a signer That's offline most of the time and it's Capable of doing bigger things uh anyway Some combination of those can then be Used to to make sure that you have Enough of signing elements present so That we can make progress so there's Hope there's lots of interesting Approaches there where Um things There's lots of tricks in there you can Use that to do asynchronous things you Can use that to add new features Multi-party signing like that is Actually fairly complex it you know uses Taproot it uses Um music and it might use Um Frost so there's a I'm not actually The the right guy to discuss this at Much at length I only know enough to to Get it wrong or be dangerous but but There's a there's a VLS Matrix Group

Which is filled with 20 experts who are Working on this all the times so it's Multi-team so it's folks from all the Different node implementations and we're Trying to figure out what is a minimum Set of stuff that we can roll out Um to do multi-sig originally there were Some daunting problems but I think we Have solutions for most of them I don't Completely understand them myself but uh But Dave random does and the other folks Do how big is the VLS group how many People are working on this two Engineers Are a Jeff random and myself we just Added a third engineer who was a summer Bitcoin student and uh worked out real Well we had a lot of fun working with Them so we're he's going to stay on and Do uh projects for us Um and then we have uh Jack who you've Probably talked to who is in charge of Doing product management and all you Know all sorts of you know Media stuff And representing and he's not an Engineer but he does everything else so For people who want to learn more Developers companies that want to Contribute or you know where can they go So the right place to start is That's our website uh and it's Vls.t-e-c-h Um fairly short it's got further links To all the things you need so the Repositories and some blog uh posts that

Describe you know why VLS and what is Blind signing and stuff like that Um and we need people to help in all Different ways there's plenty to do Technically but there are also a lot of Cases a lot of interesting business Models which should be posed and some Would say wait if you could do that then You could put this there and this could Happen and so we're really interested in Learning about those because each of Those generally comes with a different Tuning requirement you know cost Requirement so we're trying to make sure We're as flexible as possible so what's The appropriate channel for people to Provide feedback on that kind of stuff From the website you'll find pointers to Our Matrix groups and we have uh you Know half dozen of those there's General If you have just general questions stuff Like that there's a Dev group so if You're a developer and you have a you Know development kind of question uh That would belong there the L2 multisig Group is the one which is where the Multi-sig discussions are taking place So if you wanted to know how long that Was going to take or what it might look Like that would be a good place to ask Got it good stuff well I really Appreciate your time today Ken that's Really interesting and I hope we can Have you back in the future as things

Continue to develop with VLS love to Yeah it's been fun being here and it's An exciting time Lots going on Always doesn't seem like there's ever Enough time to sleep but uh but it's Good busy and not bad business that's Great all right thanks a lot thank you

You May Also Like