Researchers from the College of Bern have launched a report claiming Ripple’s consensus protocol “ensures neither security nor liveness.”
In a weblog posted yesterday from the college’s Cryptology and Knowledge Safety Analysis Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić launched an evaluation alleging the fee agency’s consensus protocol may enable customers to probably “double-spend a token” and halt the processing of transactions.
The trio arrange examples of the Ripple protocol utilizing totally different numbers and sorts of nodes for instance potential violations of security and liveness (a time period for the community persevering with to course of transactions and makes progress). In response to their fashions, the presence of defective or malicious nodes may have “devastating results on the well being of the community.”
“Our findings present that the Ripple protocol depends closely on synchronized clocks, well timed message supply, the presence of a fault-free community, and an a-priori settlement on widespread trusted nodes with the [Unique Node List] signed by Ripple,” mentioned the researchers.
“If a number of of those circumstances are violated, particularly if attackers turn out to be lively contained in the community, then the system could fail badly.”
David Schwartz, chief expertise officer at Ripple, rapidly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a state of affairs was “impractical,” stating any attacker would have “to each partition the community” and management a part of its Distinctive Node Listing, or UNL, to do because the researchers proposed.
I welcome papers like this and respect having any weaknesses recognized and identified. Any alternative to enhance XRPL’s consensus protocol or the safety and reliability of blockspace usually is an effective factor. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The general philosophy of the UNL is that attackers get one likelihood to jeopardize liveness after which they’re without end off the UNL,” mentioned Schwartz. He added:
“Assaults on security additionally require important management over the propagation of messages on the community, which makes them impractical. This is the reason Bitcoin’s full lack of partition tolerance isn’t a sensible downside.”
Not one of the researchers have but responded to the Ripple CTO’s criticism of their findings. The group admitted within the unique evaluation thathe assaults had been “purely theoretical and haven’t been demonstrated with a reside community.”