University's epic burn: Researchers say Ripple's protocol ‘may fail badly’

Published at: Dec. 4, 2020

Researchers from the University of Bern have released a report claiming Ripple’s consensus protocol “ensures neither safety nor liveness.”

In a blog posted yesterday from the university’s Cryptology and Data Security Research Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić released an analysis alleging the payment firm’s consensus protocol could allow users to potentially “double-spend a token” and halt the processing of transactions.

The trio set up examples of the Ripple protocol using different numbers and types of nodes to illustrate possible violations of safety and liveness (a term for the network continuing to process transactions and makes progress). According to their models, the presence of faulty or malicious nodes could have “devastating effects on the health of the network.”

“Our findings show that the Ripple protocol relies heavily on synchronized clocks, timely message delivery, the presence of a fault-free network, and an a-priori agreement on common trusted nodes with the [Unique Node List] signed by Ripple," said the researchers.

“If one or more of these conditions are violated, especially if attackers become active inside the network, then the system may fail badly.”

David Schwartz, chief technology officer at Ripple, quickly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a situation was “impractical,” stating any attacker would have “to both partition the network” and control part of its Unique Node List, or UNL, to do as the researchers proposed.

I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8

— David Schwartz (@JoelKatz) December 3, 2020

“The overall philosophy of the UNL is that attackers get one chance to jeopardize liveness and then they are forever off the UNL,” said Schwartz. He added:

“Attacks on safety also require significant control over the propagation of messages on the network, which makes them impractical. This is why Bitcoin’s complete lack of partition tolerance isn’t a practical problem.”

None of the researchers have yet responded to the Ripple CTO’s criticism of their findings. The group admitted in the original analysis thathe attacks were “purely theoretical and have not been demonstrated with a live network.”

Tags
Business
Xrp
Universities
Consensus
Related Posts
Ripple pins hopes on Biden administration as co-founder sells 28.6M XRP
After ending 2020 facing a lawsuit from the U.S. Securities and Exchange Commission under Donald Trump’s administration, Ripple’s leadership is looking to the new year and a new U.S. President to bring a change in regulations more favorable to the firm. According to a post on the Ripple website featuring comments from key executives, the firm is predicting the incoming Biden administration will most likely “bring a renewed focus on regulation and enforcement” in the crypto space. “As we’ve seen, a lack of a clear regulatory framework over the last four years in the U.S. especially has left fintech and …
Business / Jan. 20, 2021
SEC set to sue Ripple with XRP in the crosshairs
Ripple will be sued by the United States Security and Exchange Commission for allegedly selling unlicensed securities in the form of XRP tokens, according to Fortune. In a move reminiscent of Coinbase's recent front-running of a New York Times expose of its alleged treatment of employees of color, Ripple CEO Brad Garlinghouse has taken the unusual step of posting to Twitter to seemingly legislate the issue in the court of public opinion. Today, the SEC voted to attack crypto. Chairman Jay Clayton - in his final act - is picking winners and trying to limit US innovation in the crypto …
Blockchain / Dec. 22, 2020
MoneyGram suspends trading on Ripple, citing SEC lawsuit
Global money transfer service MoneyGram says it has changed its relationship with blockchain payments firm Ripple amid the latter's litigation with the Securities and Exchange Commission. According to MoneyGram's quarterly outlook, the company is "not planning for any benefit from Ripple market development fees" for the first quarter of 2021. MoneyGram said it had a more than $12 million net expense benefit from Ripple in the same quarter last year. "Due to the uncertainty concerning their ongoing litigation with the SEC, the Company has suspended trading on Ripple's platform," said MoneyGram. The collaboration between the two firms largely began three …
Sec / Feb. 22, 2021
Why Santander Doesn’t Want to Use Ripple for International Payments Yet
Santander, the large scale Spanish bank and one of Ripple’s major partners, is still hesitant to adopt XRP as part of its international payment network, One Pay FX. The company reasoned that the token “was not actively traded in enough markets” to support the company’s banking needs. During an interview with the Financial Times, Cedric Menager, chief executive officer of One Pay FX, explained that Santander wants to provide the “best [user experience] as quickly as possible.” He also said that the bank hopes to “operate in as many currencies and corridors as possible from the beginning.” Ripple clarified that …
Adoption / Aug. 13, 2020
Ripple wants to bring Ethereum smart contracts to the XRP Ledger
Ripple users may be able to interact with Ethereum-compatible decentralized applications (DApps) in the future following the launch of a test phase of Ripple’s new XRP Ledger sidechain. The launch of the sidechain was shared in a Tweet by blockchain development firm Peersyst Technologies on Oct. 17, noting that the new sidechain is compatible with Ethereum Virtual Machine (EVM). This means that Ripple users could eventually have access to decentralized applications like Uniswap (should it port over) and Web3 wallets such as Metamask and XUMM Wallet. The new sidechain also comes with a cross-chain bridge built to transfer XRP and …
Adoption / Oct. 18, 2022