A new paper formally analyzing XRP’s network has concluded that there is “no consensus in the ripple network.”
“Ripple’s protocol does not achieve consensus and may violate safety and liveness, even under extremely mild adversarial conditions. In particular, the network may fork under the standard condition on UNL overlap stated by Ripple and in the presence of only a very small fraction of malicious nodes,” the author says.
As you might know consensus in bitcoin and ethereum is reached permissionlessly through Proof of Work in as far as anyone can join and leave the network and participate provided they use sufficient hash to find a block.
In Byzantine Fault Tolerant systems, access is generally permissioned because the system can’t stand well to malicious actors.
In Ripple, they try a half way solution where users choose the set of nodes they want to follow, the Unique Node List (UNL).
However, this paper shows how the network can irreconcilably break down through a very simple attack. They say:
“The key idea is that the Byzantine node (4) changes its behavior depending on the group of nodes to which it communicates. It will cause nodes 1, 2, and 3 (white) to propose some transaction tx and nodes 5, 6, and 7 (black) to propose a transaction tx0 for the next ledger. No other transaction exists. The Byzantine node (4) follows the protocol as if it had proposed tx when interacting with the white nodes and behaves as if it had proposed tx0 when interacting with the black nodes…
Every correct node subsequently receives five validation messages, from all nodes in its UNL, and finds that 80% among them contain the same ledger (L141). Observe that no node changes its preferred ledger after calling getPreferred. This implies that nodes 1, 2, and 3 fully validate L and execute tx, whereas nodes 5, 6, and 7 fully validate L 0 and execute tx0. Hence, the agreement condition of consensus is violated.”
In short we have a fork scenario here with two networks operating at the same time without the protocol having a way to put them back together.
That’s unlike in bitcoin where although forks do occur, they’re very brief and resolve usually within a block as miners choose the longest chain with the most proof of work, making such fork a non event and as inconvenient as needing to wait for two confirmations or more just in case a block is forked off usually because two valid blocks are found at the same time.
In XRP, however, as there is no proper network wide validation of what is being communicated, nor a way to reconcile conflicting information, “the consensus protocol of the Ripple network is brittle and fails to ensure consensus as commonly understood in computer science and among blockchain practitioners,” the authors say.
They say this work was undertaken by looking at XRP’s own code and by analyzing it based on the assumptions that Ripple itself makes. Even under those conditions, however, this can’t stand up to simple attacks.
“This work has identified relatively simple cases, in which the protocol may violate safety and/or liveness and which have devastating
effects on the health of the network,” they say.
A live attack on XRP has not been seen so far with the authors suggesting that what comes out of academia finds its way into practice.
Nonetheless Ripple remains the third biggest network with a market cap of some $27 billion in part because they allegedly have a massive shill army.
In addition the authors say all validators use the default UNL provided by Ripple Labs, with there being “good reasons for insisting on such a centralized structure in the Ripple network [as] would nodes select the trusted validators on their own, consensus might be violated much more easily.”
Still they claim attacks on XRP’s safety, as in how easily you can double spend it, and on it’s liveness, that being whether it can continue to process transactions and keep running.
Emin Gün Sirer, the distributed networks professor at Cornell, stated that in this paper “formal analysis shows that the consensus protocol used in Ripple/XRP fails to maintain safety and liveness even when their stated assumptions are maintained.”
While Christian Cachin, a cryptographer at the University of Bern, stated that the “new analysis of Ripple’s so-called blockchain consensus protocol behind XRP shows it’s neither safe nor live, under the stated assumptions.”
Making this in effect the most overvalued database on earth because it can’t reach consensus with even “a very small fraction of malicious nodes.”