Ripple’s consensus algorithm deemed vulnerable

The Ripple protocol’s consensus algorithm “does not provide safety or liveness.” In reaching this conclusion, the Bern University cryptography and data security research group has come to this conclusion.

The report notes that the Ripple consensus algorithm contains the potential for attacks with subsequent double-spending, as well as halting the processing of transactions. It emphasises that the findings are theoretical in nature and have not been tested in real-world conditions.

The researchers ran several configurations of the Ripple protocol with varying numbers and types of nodes. According to their models, the presence of faulty or malicious nodes can lead to “destructive consequences for the network’s operability.”

“We have found that the Ripple protocol largely depends on time synchronization, timely delivery of messages, the availability of a faultless network and a list of trusted nodes. If one or more of these conditions are violated (especially if attackers operate from inside), the system could fail,” the specialists noted.

Ripple’s chief technology officer David Schwartz, commenting on the study, noted the difficulties of implementing the described scenario. In his view, compared with Bitcoin’s blockchain the Ripple network is more robust. In this context, an attacker would have to both partition the network and control the list of trusted nodes. After detecting malicious activity by the attacker Ripple would remove the corresponding node, he added.

XRPL was designed to prioritize safety over liveness. The safety attack is really impractical and an attacker only gets one chance before they get removed from everyone’s UNLs. 4/8

— David Schwartz (@JoelKatz) December 3, 2020

In November, a group of anonymous miners executed a 51% attack on Bitcoin Cash ABC. A similar test was faced by the Grin network.

In August, the Ethereum Classic network was subjected to 51% attacks three times. On the last occasion, the depth of reorganisation reached 7000 blocks, which equates to roughly two days of mining.

Follow ForkLog’s news on Twitter!