Researchers from the College of Bern have launched a report claiming Ripple’s consensus protocol “ensures neither security nor liveness.”In a weblo
Researchers from the College of Bern have launched a report claiming Ripple’s consensus protocol “ensures neither security nor liveness.”
In a weblog posted yesterday from the college’s Cryptology and Information Safety Analysis Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić launched an evaluation alleging the cost agency’s consensus protocol may permit customers to doubtlessly “double-spend a token” and halt the processing of transactions.
The trio arrange examples of the Ripple protocol utilizing completely different numbers and sorts of nodes for instance doable violations of security and liveness (a time period for the community persevering with to course of transactions and makes progress). In accordance with their fashions, the presence of defective or malicious nodes may have “devastating results on the well being of the community.”
“Our findings present that the Ripple protocol depends closely on synchronized clocks, well timed message supply, the presence of a fault-free community, and an a-priori settlement on frequent trusted nodes with the [Unique Node List] signed by Ripple,” mentioned the researchers.
“If a number of of those circumstances are violated, particularly if attackers change into energetic contained in the community, then the system might fail badly.”
David Schwartz, chief know-how officer at Ripple, shortly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a state of affairs was “impractical,” stating any attacker would have “to each partition the community” and management a part of its Distinctive Node Checklist, or UNL, to do because the researchers proposed.
I welcome papers like this and admire having any weaknesses recognized and identified. Any alternative to enhance XRPL’s consensus protocol or the safety and reliability of blockspace typically is an effective factor. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The general philosophy of the UNL is that attackers get one probability to jeopardize liveness after which they’re eternally off the UNL,” mentioned Schwartz. He added:
“Assaults on security additionally require vital management over the propagation of messages on the community, which makes them impractical. This is the reason Bitcoin’s full lack of partition tolerance isn’t a sensible drawback.”
Not one of the researchers have but responded to the Ripple CTO’s criticism of their findings. The group admitted within the unique evaluation thathe assaults had been “purely theoretical and haven’t been demonstrated with a dwell community.”