The University of Bern had its researchers release a report recently, one claiming that the consensus protocol used by Ripple ensures neither liveliness nor safety through it.
No Contingencies In Place
The university had its Cryptology And Data Security Research Group publish a blog post yesterday. This blog post, made by researchers Amores-Sesar, Christian Cachin, and Jovana Mićić, gave an analysis claiming that the consensus protocol used by the payment firm could allow a user the potential of either halting a transaction’s processing or even double-spending a token.
The three researchers didn’t come in without proof, however, as they gave examples of the Ripple protocol using different node types and numbers in order to show these possible violations to both liveness and safety. It should be noted that liveness is a term used to describe a network continuing to make progress and process transactions.
As the research of the trio has shown, a devastating impact on the network’s health could be made through the presence of malicious or even just faulty nodes.
A Machine Built With Delicate Parts
The blog explained that Ripple’s protocols make heavy reliance on timely message delivery, synchronized clocks, and a fault-free network in its entirety.
Another factor that Ripple’s network needs is the so-called a-priori agreement amongst common trusted nodes. The unique node lists themselves are signed by Ripple, in turn.
What this means, according to the researchers, is that this system could see a severe failure should one or more of these conditions be violated. This is especially so if attackers became active within the network itself.
The Counter Arguments
The CTO of Ripple, David Schwartz, wasn’t going to just stay quiet about it. He quickly responded to Cachin, in particular, trying to dispute his findings.
I welcome papers like this and appreciate having any weaknesses identified and pointed out. Any opportunity to improve XRPL’s consensus protocol or the security and reliability of blockspace generally is a good thing. 1/8
— David Schwartz (@JoelKatz) December 3, 2020
His main argument was over the alleged impracticality of such an event occurring. He argued that the hackers need to both control part of its Unique Node List (UNL) and partition the network in order to give the effects the researchers presented
Schwartz stated that the UNL’s overall philosophy is built in such a way that attackers only get one chance to put the liveness at risk. From there, these malicious actors are off the UNL for good.
Another counterpoint is the significant levels of control needed over message propagation in order to attack the safety of the network. As such, Schwart argued that it’s simply too impractical to pull off. He cites the Bitcoin Network’s complete lack of partition tolerance, explaining that it has no practical problem.
As it stands now, the only response the group has given to the CTO’s counter-arguments is admitting that these attacks were purely theoretical, with no demonstrations on a live network.