Ripple Refutes University of Bern’s Security Findings
Is the Ripple blockchain truly secure against attacks?
- University of Bern researchers suggest that Ripple is insecure.
- They say that the blockchain is prone to double spends and forks.
- Ripple CTO David Schwartz has made it clear that such an attack would be difficult to carry out.
Share this article
Researchers at the University of Bern have analyzed the Ripple blockchain and found that the blockchain is lacking in security. Ripple, however, contests those claims.
Ripple Allegedly at Risk
According to the Bern research team, Ripple ensures “neither safety nor liveness” under the assumptions that it makes.
In this context, lack of safety means that Ripple may not adequately prevent double spending (ie. counterfeit transactions) and unwanted ledger forks. Lack of liveness means that the blockchain may not continue to process transactions normally.
The team created a model to show that Ripple does not achieve those goals even under “mild adversarial conditions.” Allegedly, the presence of just a few malicious nodes can cause problems, even under standard conditions. Those malicious nodes can send conflicting messages that are missed by correct nodes.
Researchers add that centralization mitigates the issue. As a company, Ripple supplies a default Unique Node List, which is currently used by all validators. Though decentralization is usually seen as beneficial, in this case a centralized trusted list provides better security by providing trusted validators.
Is the Risk Real?
Ripple CTO David Schwartz has responded to the supposed threat. Though he says that he “appreciates having any weaknesses identified and pointed out,” he believes that the attack is impractical.
He argues that Ripple’s approach is more secure than other blockchains because an attacker would need to both partition the network and control part of the Unique Node List. Furthermore, the attackers would only have one chance to jeopardize the Unique Node List before being removed from that list permanently.
Schwartz previously acknowledged the possibility of this sort of attack in 2013. There, he additionally noted that validators would refuse to come to consensus with each other and would automatically declare the network unusable. This suggests that Ripple’s design has some level of failsafe beyond what the University of Bern describes.
Ultimately, it is not clear whether the attack could be executed. University of Bern Researchers admit that their attack model is “purely theoretical,” but maintain that it could be put into practice.