According to researchers at the University of Bern, the presence of defective or malicious nodes in the Ripple network can have „devastating effects“.
University’s severe criticism: Researchers say Ripple protocol ‚can fail ugly’NEWS
Researchers at the University of Bern released a report stating that the Ripple consensus protocol „does not guarantee security or vivacity“.
In a post yesterday on the university’s Cryptology and Data Security Research Group blog, researchers Christian Cachin, Amores-Sesar and Jovana Mićić released an analysis claiming that the payment company’s consensus protocol could allow users to „spend the same token twice“ and stop transaction processing.
The trio configured examples of the Ripple protocol using different Italian Formula numbers and types of nodes to illustrate possible security and vividness violations (a term to define the network’s ability to continue processing transactions and make progress). According to their models, the presence of defective or malicious nodes can have „devastating effects on network health“.
„Our findings show that the Ripple protocol relies heavily on synchronized clocks, timely message delivery, the presence of a seamless network, and an a priori agreement on common trusted nodes with the [Single Node List] signed by Ripple,“ the researchers said.
„If one or more of these conditions are violated, especially if invaders become active within the network, the system could fail badly.
David Schwartz, Ripple’s technology director, responded quickly to Cachin on Twitter by challenging the findings. Ripple’s CTO argued that such a situation would be „impractical,“ saying that any invader would have to „sponsor the network“ and control part of its Single Node List, or UNL, to do what the researchers proposed.
„The general philosophy of the UNL is that invaders have a chance to compromise their vivacity and then stay out of the UNL forever,“ Schwartz said. He added:
„Security attacks also require significant control over the spread of messages on the network, which makes them unviable. That is why Bitcoin’s total lack of partition tolerance is not a practical problem. ”
None of the researchers has yet responded to Ripple’s CTO’s criticism of its findings. The group admitted in the original analysis that the attacks were „purely theoretical and were not demonstrated with a live network.