Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » Business » Ripple Refutes University of Bern’s Security Findings

Ripple Refutes University of Bern's Security Findings

by

Is the Ripple blockchain truly secure against attacks?

Ripple can bounce above 30 cents

Key Takeaways

  • University of Bern researchers suggest that Ripple is insecure.
  • They say that the blockchain is prone to double spends and forks.
  • Ripple CTO David Schwartz has made it clear that such an attack would be difficult to carry out.

Share this article

Researchers at the University of Bern have analyzed the Ripple blockchain and found that the blockchain is lacking in security. Ripple, however, contests those claims.

Ripple Allegedly at Risk

According to the Bern research team, Ripple ensures “neither safety nor liveness” under the assumptions that it makes.

In this context, lack of safety means that Ripple may not adequately prevent double spending (ie. counterfeit transactions) and unwanted ledger forks. Lack of liveness means that the blockchain may not continue to process transactions normally.

The team created a model to show that Ripple does not achieve those goals even under “mild adversarial conditions.” Allegedly, the presence of just a few malicious nodes can cause problems, even under standard conditions. Those malicious nodes can send conflicting messages that are missed by correct nodes.

Researchers add that centralization mitigates the issue. As a company, Ripple supplies a default Unique Node List, which is currently used by all validators. Though decentralization is usually seen as beneficial, in this case a centralized trusted list provides better security by providing trusted validators.

Is the Risk Real?

Ripple CTO David Schwartz has responded to the supposed threat. Though he says that he “appreciates having any weaknesses identified and pointed out,” he believes that the attack is impractical.

He argues that Ripple’s approach is more secure than other blockchains because an attacker would need to both partition the network and control part of the Unique Node List. Furthermore, the attackers would only have one chance to jeopardize the Unique Node List before being removed from that list permanently.

Schwartz previously acknowledged the possibility of this sort of attack in 2013. There, he additionally noted that validators would refuse to come to consensus with each other and would automatically declare the network unusable. This suggests that Ripple’s design has some level of failsafe beyond what the University of Bern describes.

Ultimately, it is not clear whether the attack could be executed. University of Bern Researchers admit that their attack model is “purely theoretical,” but maintain that it could be put into practice.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.