Researchers from the University of Bern have released a report claiming Ripple’s consensus protocol “ensures neither safety nor liveness.”
In a blog posted yesterday from the university’s Cryptology and Data Security Research Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić released an analysis alleging the payment firm’s consensus protocol could allow users to potentially “double-spend a token” and halt the processing of transactions.
The trio set up examples of the Ripple protocol using different numbers and types of nodes to illustrate possible violations of safety and liveness (a term for the network continuing to process transactions and makes progress). According to their models, the presence of faulty or malicious nodes could have “devastating effects on the health of the network.”
“Our findings show that the Ripple protocol relies heavily on synchronized clocks, timely message delivery, the presence of a fault-free network, and an a-priori agreement on common trusted nodes with the [Unique Node List] signed by Ripple,” said the researchers.
“If one or more of these conditions are violated, especially if attackers become active inside the network, then the system may fail badly.”
David Schwartz, chief technology officer at Ripple, quickly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a situation was “impractical,” stating any attacker would have “to both partition the network” and control part of its Unique Node List, or UNL, to do as the researchers proposed.
I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
“The overall philosophy of the UNL is that attackers get one chance to jeopardize liveness and then they are forever off the UNL,” said Schwartz. He added:
“Attacks on safety also require significant control over the propagation of messages on the network, which makes them impractical. This is why Bitcoin’s complete lack of partition tolerance isn’t a practical problem.”
None of the researchers have yet responded to the Ripple CTO’s criticism of their findings. The group admitted in the original analysis that the attacks were “purely theoretical and have not been demonstrated with a live network.”