According to researchers at the University of Bern, the presence of faulty or malicious nodes on the Ripple network could have “devastating effects.”
Researchers from the University of Bern have released a report claiming Ripple’s consensus protocol “ensures neither safety nor liveness.”
In a blog posted yesterday from the university’s Cryptology and Data Security Research Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić released an analysis alleging the payment firm’s consensus protocol could allow users to potentially “double-spend a token” and halt the processing of transactions.
The trio set up examples of the Ripple protocol using different numbers and types of nodes to illustrate possible violations of safety and liveness (a term for the network continuing to process transactions and makes progress). According to their models, the presence of faulty or malicious nodes could have “devastating effects on the health of the network.”
“Our findings show that the Ripple protocol relies heavily on synchronized clocks, timely message delivery, the presence of a fault-free network, and an a-priori agreement on common trusted nodes with the [Unique Node List] signed by Ripple,” said the researchers.
“If one or more of these conditions are violated, especially if attackers become active inside the network, then the system may fail badly.”
David Schwartz, chief technology officer at Ripple, quickly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a situation was “impractical,” stating any attacker would have “to both partition the network” and control part of its Unique Node List, or UNL, to do as the researchers proposed.
I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The overall philosophy of the UNL is that attackers get one chance to jeopardize liveness and then they are forever off the UNL,” said Schwartz. He added:
“Attacks on safety also require significant control over the propagation of messages on the network, which makes them impractical. This is why Bitcoin’s complete lack of partition tolerance isn’t a practical problem.”
None of the researchers have yet responded to the Ripple CTO’s criticism of their findings. The group admitted in the original analysis thathe attacks were “purely theoretical and have not been demonstrated with a live network.”
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.