Researchers at the University of Bern have developed a new study in which they come to the conclusion that the consensus procedure used on the Ripple network “guarantees neither security nor liveliness”.
In a corresponding blog entry of the university research group for data security and cryptography write the authors Christian Cachin, Ignacio Amores-Sesar and Jovana Mićić in a previously published short version their study that the blockchain protocol of the large crypto payment service provider has conceptual weaknesses, which enable so-called “double-spending”, i.e. the malicious spending of one and the same currency unit, and which could impair the processing of transactions.
To prove this, the research trio constructed a model of the Ripple protocol, from which conclusions can be drawn about the security and “liveness” of the blockchain using various numbers and types of nodes. “Liveness” (translated here as liveliness) describes the network’s ability to continuously process transactions or to remain “alive”. The researchers come to the conclusion that faulty and malicious nodes (i.e. nodes) can have “serious effects on the health of the network”.
“Our study shows that the Ripple protocol depends heavily on temporal synchronicity, punctual message delivery, an error-free network and a prior definition of trustworthy nodes [über die Unique Node List] by Ripple, “the researchers continued, from which they in turn conclude:
“If one or more of these conditions are not met, and especially if attackers are active in the network, the system could make serious mistakes.”
David Schwartz, Ripple’s technical director, answered that question Twitter speak up about the results of the research group to contest. The Ripple CTO thinks that the scenarios played out in the study would be “unrealistic”, since attackers would have to “partition the network” and have the Unique Node List (UNL) under their control in order to be able to implement such an attack .
I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The philosophy behind the UNL is that attackers get a maximum of one chance to endanger the vitality, after which they will be removed from the UNL forever”, as Schwartz defends his project.
“Security attacks also require significant control over the spread of messages across the network, which makes them unrealistic. That is why, for example, the lack of partition tolerance with Bitcoin is not a realistic problem. “
The researchers from Switzerland have not yet responded to the equivalent of Ripple. Indeed they admit in advancethat the attacks they run through are “purely theoretical and have not yet been proven in the practical operation of the network”.
–
