Lightning Implementations — Final Scoring, Ranking & Analysis

Scope: LDK core, LDK Node, Core Lightning (CLN), Eclair, LND Method: weighted criteria, 0–100 scoring, composite ranking Frame: Bitcoin/FOSS/privacy maximalism + sovereign-stack telos
Interpretation rule: higher scores indicate stronger alignment with Bitcoin-only purity, minimized trust surface, robust security posture, and protocol direction favoring privacy-forward, sovereignty-preserving Lightning usage.

1. Final Criteria & Weights

All criteria are scored 0–100. The composite score is a weighted average. The weight model emphasizes monetary purity, security/consensus integrity, minimized trust surface, and protocol direction.

Criterion Definition Weight
C1 — Monetary / Asset Purity Bitcoin-only scope; no first-party altcoin support; no built-in asset/stablecoin rails. 15%
C2 — Governance & Sponsor Alignment Funding/steering incentives; proximity to token/sidechain/asset business lines; forkability out of misalignment. 10%
C3 — Security & Consensus Integrity Language safety + severe bug history: consensus divergence, fund theft/loss, stable vs beta exposure, and response quality. (See the vulnerability research and disclosures by Morehouse and related threads.) Source 25%
C4 — Trust Surface & Sovereign Topology Ability to run fully self-hosted (Bitcoin Core, full gossip) without required semi-trusted services. Explicitly accounts for RGS/LSP gravity and hub-and-spoke defaults. RGS reference 15%
C5 — Architecture & Runtime Fit Library vs daemon; embeddability; runtime weight (Rust/C/Go vs JVM); suitability for constrained environments. 10%
C6 — Network / Ecosystem Gravity Real-world integration and tooling footprint. This is lightly weighted; popularity does not override misalignment. 5%
C7 — Telos Alignment / Direction Roadmap gravity: privacy-forward, sovereignty-preserving Lightning vs synthetic asset rails and institutionalization. 20%
Total weight: 100% Highest leverage axes: C3 (25%), C7 (20%), C1/C4 (15% each) Output: composite ranking + per-criterion justification

2. Final Scores & Ranking

Scores below are the final, locked-in values (0–100) for each criterion and the weighted composite.

Implementation C1 C2 C3 C4 C5 C6 C7 Composite
LDK core (rust-lightning) 98 90 90 90 95 65 93 91.1
LDK Node 96 90 87 82 90 68 88 87.5
Core Lightning (CLN) 94 80 84 88 88 75 83 85.5
Eclair 96 88 80 85 75 60 88 84.1
LND 55 50 55 70 80 90 45 59.0

Ranking

1) LDK core (rust-lightning)
Top alignment: Bitcoin-only kernel, strong privacy trajectory, sovereign-friendly architecture.
91.1
2) LDK Node
App-embedded node layer with strong protocol support; trust-surface depends on RGS/LSP defaults.
87.5
3) Core Lightning (CLN)
Infra/routing workhorse; plugin model enables minimal hardening but requires discipline.
85.5
4) Eclair
Privacy/UX-forward daemon; JVM runtime and a serious long-lived bug reduce kernel suitability.
84.1
5) LND
Strong ecosystem footprint, but purity, security/consensus history, and telos direction score poorly under this frame.
59.0
Why ecosystem dominance is lightly weighted (C6 = 5%)

A high footprint can be useful for interoperability and tooling, but it does not override monetary purity, minimized trust surface, security/consensus integrity, or long-horizon protocol direction. Under this evaluation frame, “popular but structurally misaligned” is treated as a systemic risk factor rather than a rescue.

3. Implementation Analyses

Each implementation is assessed criterion-by-criterion. Links are embedded inline at the point of use (no appendix-style link dump).

LDK core (rust-lightning) Composite 91.1

Primary project links: GitHub · LDK site · BOLT12 (Offers) announcement

C1 — Monetary / Asset Purity (98)

  • Bitcoin-only Lightning library; permissive dual license (MIT/Apache-2.0) supports forkability and composability (repo).

C2 — Governance & Sponsor Alignment (90)

  • Stewarded within Spiral/Block’s Bitcoin R&D posture; open development and permissive licensing keep escape velocity high (Spiral).

C3 — Security & Consensus Integrity (90)

  • Rust reduces entire classes of memory-safety risk relative to C; risk remains in complex channel/on-chain logic (repo).
  • Security disclosures showed serious claim-processing vulnerabilities (including “Invalid Claims Liquidity Griefing” and beta-era fund-theft variants) with patches and architectural changes to claim logic (analysis).
  • Consensus integrity is not tied to alternative consensus engines; typical deployments use Bitcoin Core for consensus (no known consensus-split incidents in this set).

C4 — Trust Surface & Sovereign Topology (90)

  • Fully self-hostable: full gossip sync from peers is supported, enabling zero third-party dependency in principle.
  • Rapid Gossip Sync (RGS) is a deliberate semi-trust tradeoff used to compress and serve graph snapshots; optional and self-hostable, but a real topology lever (RGS).

C5 — Architecture & Runtime Fit (95)

  • Library-first design maximizes embeddability into custom nodes, wallets, and hardened systems (docs.rs API).

C6 — Network / Ecosystem Gravity (65)

  • Growing integration footprint (wallets, watchtower tooling, experimental gateways), but not dominant versus LND/CLN.

C7 — Telos Alignment / Direction (93)

  • Protocol direction strongly emphasizes privacy-forward, sovereignty-compatible primitives (BOLT12 Offers, onion messages, blinded paths) (BOLT12).
Role: Canonical Lightning kernel for sovereign systems — maximal control, minimal assumptions, high protocol agility.

LDK Node Composite 87.5

Primary project links: GitHub · Crate overview · RGS

C1 — Monetary / Asset Purity (96)

  • Bitcoin-only node library built on LDK + BDK; no first-party altcoin or asset rails in its core surface (repo).

C2 — Governance & Sponsor Alignment (90)

  • Shares the same sponsor alignment and forkability posture as LDK core (Spiral/Block Bitcoin R&D + permissive licensing) (Spiral).

C3 — Security & Consensus Integrity (87)

  • Inherits LDK’s strengths (Rust) and claim-processing complexity; adds wrapper-layer complexity (wallet, persistence, bindings) (overview).
  • LDK’s disclosed claim logic vulnerabilities and subsequent hardening remain relevant to the underlying engine (analysis).

C4 — Trust Surface & Sovereign Topology (82)

  • Designed to support gossip data via P2P peers or Rapid Gossip Sync; in practice, mobile-friendly deployments often choose hosted RGS, which is optional but materially changes trust topology (note).

C5 — Architecture & Runtime Fit (90)

  • Rust-based, embeddable, opinionated “batteries included” node layer; excellent for applications, slightly heavier than raw LDK for minimal kernel deployments.

C6 — Network / Ecosystem Gravity (68)

  • Accelerating adoption via multi-language bindings and app-embedding patterns (ecosystem).

C7 — Telos Alignment / Direction (88)

  • Strong alignment for non-custodial clients and privacy-forward features via LDK; minor downgrade versus LDK core due to stronger “service topology” gravity in common deployments (RGS/LSP patterns) (RGS).
Role: App-embedded node layer — strong sovereignty potential with conscious hardening of optional service dependencies.

Core Lightning (CLN) Composite 85.5

Primary project links: GitHub · Changelog · Blockstream lightning page

C1 — Monetary / Asset Purity (94)

  • Bitcoin-only Lightning implementation; permissive license (LICENSE).
  • Governance context includes Blockstream’s Liquid sidechain product line; CLN itself is not an asset platform (Liquid).

C2 — Governance & Sponsor Alignment (80)

  • Single major corporate steward (Blockstream) with dual product gravity (Bitcoin infra + Liquid token rails) (Liquid).
  • Open-source, permissive license preserves forkability (repo).

C3 — Security & Consensus Integrity (84)

  • C daemon: strong performance and mature engineering discipline, but memory-unsafe language risks persist.
  • CLN is a leading spec implementation; security assessment does not assume “few headlines” equals “few bugs,” but recognizes absence of recent widely-publicized theft incidents in the evaluated period.

C4 — Trust Surface & Sovereign Topology (88)

  • Daemon can run fully self-hosted with Bitcoin Core and full gossip, no required third-party services.
  • Plugin architecture: enables minimal cores when curated; also a potential attack-surface multiplier when unmanaged (feature context).

C5 — Architecture & Runtime Fit (88)

  • Lean daemon well-suited to dedicated routing boxes; good collapse-style footprint (Linux + Core + CLN).

C6 — Network / Ecosystem Gravity (75)

  • Strong footprint among routing-node operators and infrastructure tooling; typically less ubiquitous than LND in turnkey consumer stacks.

C7 — Telos Alignment / Direction (83)

  • Spec-forward: BOLT12 Offers, onion messages, blinded paths and related features appear prominently in release trajectories (changelog).
  • Minor telos penalty due to the broader Blockstream product gravity toward institutional asset rails (Liquid) (Liquid).
Role: Routing/infra backbone — excellent for dedicated nodes with disciplined plugin curation.

Eclair Composite 84.1

Primary project links: GitHub · ACINQ · Preimage exploit disclosure

C1 — Monetary / Asset Purity (96)

  • Bitcoin-only Lightning daemon; Apache-2.0 licensing and clear Bitcoin/LN focus in ACINQ’s product line (repo).

C2 — Governance & Sponsor Alignment (88)

  • Single company steward (ACINQ) with Bitcoin/Lightning-only emphasis; no native token/sidechain platform gravity in the Eclair line (ACINQ).

C3 — Security & Consensus Integrity (80)

  • Serious long-lived funds-theft-class bug (preimage extraction) disclosed and fixed in 2025; remediation included new testing and code changes (disclosure).
  • JVM provides memory safety but runtime complexity remains an operational security factor.

C4 — Trust Surface & Sovereign Topology (85)

  • Daemon can be run fully self-hosted with Bitcoin Core and full gossip; no inherent requirement for LSPs or hosted graph services.
  • Trampoline routing is frequently associated with Phoenix deployment patterns; this is a topology choice, not an inherent Eclair requirement (trampoline).

C5 — Architecture & Runtime Fit (75)

  • Scala/JVM runtime: strong for datacenter-style deployments, heavier for minimal or constrained environments (repo).

C6 — Network / Ecosystem Gravity (60)

  • Not dominant as a general LN node stack, but important via Phoenix and ACINQ’s large-node footprint.

C7 — Telos Alignment / Direction (88)

  • Strong privacy/UX direction (trampoline routing and related work) aimed at practical non-custodial usability on constrained devices (Phoenix trampoline).
Role: Privacy/UX-forward daemon and big-node infra — strong in datacenters, weaker as a minimal kernel due to JVM + security history.

LND Composite 59.0

Primary project links: GitHub · Docs · 0.19.0 critical vuln disclosure

C1 — Monetary / Asset Purity (55)

  • Historically supported Litecoin Lightning experiments and non-Bitcoin configurations, indicating first-party multi-chain tolerance (Litening/LND history).
  • Strategic gravity toward asset layers (e.g., Taproot Assets) is treated as misaligned under this evaluation frame (project direction, not merely “optional add-ons”).

C2 — Governance & Sponsor Alignment (50)

  • Single-vendor stewardship with VC/product incentives oriented toward broader financial rails and asset layers; forkability exists but ecosystem gravity is highly centralized.

C3 — Security & Consensus Integrity (55)

  • Multiple critical vulnerabilities (including fund-theft-class bugs) disclosed in 2025 with patches in 0.18.x and 0.19.0; multiple variants required multiple fixes (DelvingBitcoin disclosure).
  • Additional exploit write-ups and incident analyses exist in the broader disclosure ecosystem (Morehouse archive).

C4 — Trust Surface & Sovereign Topology (70)

  • Can be self-hosted; however, many real-world deployments rely on turnkey node stacks and third-party liquidity services rather than hardened, sovereign-first configurations (docs).

C5 — Architecture & Runtime Fit (80)

  • Go daemon with strong API ergonomics (gRPC/REST); runtime is lighter than JVM but more monolithic than library-first designs.

C6 — Network / Ecosystem Gravity (90)

  • Large footprint across consumer node stacks, tooling, and historical LN deployments; strong integration inertia (docs).

C7 — Telos Alignment / Direction (45)

  • Direction is scored as misaligned due to asset-rail gravity and multi-chain tolerance; under this framework, that is treated as synthetic-stack adjacency rather than sovereignty-preserving protocol hardening.
Role: Legacy interoperability and tooling gravity — useful to interface with existing LN ecosystems, but disqualified as a sovereignty-first kernel under this frame.
Notes:
  • All links are placed at the point of use (no appendix dump).
  • Scores are intentionally biased toward Bitcoin-only purity, minimized external trust, and privacy-forward protocol direction.
  • Security scoring reflects both severity/pattern of disclosed issues and quality/velocity of remediation, prioritizing stable-release impact over beta-only exposure.

4. Role Map (Compressed)

LDK core (rust-lightning)
Canonical Lightning kernel for sovereign systems — maximal control, minimal assumptions, high protocol agility.
LDK Node
App-embedded node layer — strong sovereignty potential with conscious hardening of optional service dependencies (e.g., RGS/LSP).
Core Lightning (CLN)
Routing/infra backbone — excellent for dedicated nodes with disciplined plugin curation and minimal external dependencies.
Eclair
Privacy/UX-forward daemon and big-node infra — strong in datacenters; weaker as minimal kernel due to JVM + security history.
LND
High-compatibility legacy bridge — strong ecosystem inertia, but low purity/security/telos alignment under this evaluation frame.
Ranking summary
1) LDK core · 2) LDK Node · 3) CLN · 4) Eclair · 5) LND