Researchers from the College of Bern have launched a report claiming Ripple’s consensus protocol “ensures neither safety nor liveness.”
In a weblog posted yesterday from the college’s Cryptology and Knowledge Safety Analysis Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić launched an evaluation alleging the cost agency’s consensus protocol might enable customers to probably “double-spend a token” and halt the processing of transactions.
The trio arrange examples of the Ripple protocol utilizing completely different numbers and varieties of nodes as an example potential violations of security and liveness (a time period for the community persevering with to course of transactions and makes progress). In keeping with their models, the presence of defective or malicious nodes might have “devastating effects on the health of the network.”
“Our findings present that the Ripple protocol depends closely on synchronized clocks, well timed message supply, the presence of a fault-free community, and an a-priori settlement on widespread trusted nodes with the [Unique Node List] signed by Ripple,” stated the researchers.
“If a number of of those situations are violated, particularly if attackers turn into energetic contained in the community, then the system may fail badly.”
David Schwartz, chief expertise officer at Ripple, rapidly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a state of affairs was “impractical,” stating any attacker would have “to both partition the network” and management a part of its Distinctive Node Listing, or UNL, to do because the researchers proposed.
I welcome papers like this and recognize having any weaknesses recognized and identified. Any alternative to enhance XRPL’s consensus protocol or the safety and reliability of blockspace usually is an efficient factor. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The overall philosophy of the UNL is that attackers get one chance to jeopardize liveness and then they are forever off the UNL,” stated Schwartz. He added:
“Assaults on security additionally require vital management over the propagation of messages on the community, which makes them impractical. Because of this Bitcoin’s full lack of partition tolerance isn’t a sensible downside.”
Not one of the researchers have but responded to the Ripple CTO’s criticism of their findings. The group admitted within the unique evaluation thathe assaults have been “purely theoretical and have not been demonstrated with a live network.”