- University of Bern researchers suggest that Ripple is insecure.
- They say that the blockchain is prone to double spends and forks.
- Ripple CTO David Schwartz has made it clear that such an attack would be difficult to carry out.
Share this article
Researchers at the University of Bern have analyzed the Ripple blockchain and found that the blockchain is lacking in security. Ripple, however, contests those claims.
Ripple Allegedly at Risk
According to the research team, Ripple ensures “neither safety nor liveness” under the assumptions that it makes.
In this context, lack of safety means that Ripple may adequately prevent double spending (ie. counterfeit transactions) and unwanted ledger forks. Lack of liveness means that the blockchain may not continue to process transactions normally.
The team created a model to show that Ripple does not achieve those goals even under “mild adversarial conditions.” Allegedly, the presence of just a few malicious nodes can cause problems, even under standard conditions. Those malicious nodes can send conflicting messages that are missed by correct nodes.
Researchers add that centralization mitigates the issue. Ripple supplies a default Unique Node List, which is currently used by all validators. Though decentralization is usually seen as beneficial in the blockchain community, in this case a centralized trusted list provides better security by providing trusted validators.
Is the Risk Real?
Ripple CTO David Schwartz has responded to the supposed threat. Though he says that he “appreciates having any weaknesses identified and pointed out,” he believes that the attack is impractical.
He argues that Ripple’s approach is more secure than other blockchains because an attacker would need to both partition the network and control part of the Unique Node List. Furthermore, the attackers would only have one chance to jeopardize the Unique Node List before being removed from that list…