Researcher at the University of Bern: „Ripple block chain is designed to be error-prone
The conceptual design of Ripple could lead to „serious mistakes“, as researchers at the University of Bern believe.
Researchers at the University of Bern have produced a new study in which they conclude that the consensus method used on the Ripple network „does not guarantee safety or liveliness“.
In a corresponding blog entry by the university’s research group for data security and cryptography, the authors Christian Cachin, Ignacio Amores-Sesar and Jovana Mićić write in a pre-published summary of their study that the block chain protocol of the major Bitcoin Investor crypto payment service provider has conceptual weaknesses that allow for so-called „double spending“, i.e. the malicious issuing of one and the same currency unit, and could impair the processing of transactions.
In order to prove this, the research trio has constructed a model of the ripple protocol, from which conclusions can be drawn about the security and „liveness“ of the block chain by using different numbers and types of nodes. „Liveness“ (translated here as liveliness) describes the ability of the network to continuously process transactions or to remain „alive“. The researchers conclude that faulty and malicious nodes can have „serious effects on the health of the network“.
„Our study shows that the Ripple protocol is highly dependent on time synchronicity, punctuality of messages, a faultless network and the prior definition of trusted nodes [via the Unique Node List] by Ripple,“ the researchers continue, from which they conclude:
„If one or more of these conditions are not met, and especially if attackers are active on the network, the system could make serious mistakes.
David Schwartz, Ripple’s technical director, responded by posting on Twitter to challenge the research group’s findings
The Ripple CTO believes that the scenarios the study is based on are „unrealistic“, because attackers would have to „partition the network“ and have the Unique Node List (UNL) under their control in order to carry out such an attack.
I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8
– David Schwartz (@JoelKatz) December 3, 2020
„The philosophy behind the UNL is that aggressors are given a maximum of one chance to endanger its vitality, after which they are removed forever from the UNL,“ as Schwartz continues to defend his project.
„Attacks on security also require significant control over the distribution of messages on the network, which makes them unrealistic. This is why, for example, the lack of partition tolerance in Bitcoin is not a realistic problem“.
The Swiss researchers have not yet responded to the equivalent of Ripple. However, they admit beforehand that the attacks they have run through are „purely theoretical and have not yet been proven in practical operation of the network“.