Researchers from the College of Bern have launched a report claiming Ripple’s consensus protocol “ensures neither security nor liveness.”

In a weblog posted yesterday from the college’s Cryptology and Information Safety Analysis Group, researchers Christian Cachin, Amores-Sesar, and Jovana Mićić launched an evaluation alleging the cost agency’s consensus protocol might allow customers to probably “double-spend a token” and halt the processing of transactions.

The trio arrange examples of the Ripple protocol utilizing totally different numbers and varieties of nodes for instance doable violations of security and liveness (a time period for the community persevering with to course of transactions and makes progress). In line with their fashions, the presence of defective or malicious nodes might have “devastating results on the well being of the community.”

“Our findings present that the Ripple protocol depends closely on synchronized clocks, well timed message supply, the presence of a fault-free community, and an a-priori settlement on frequent trusted nodes with the [Unique Node List] signed by Ripple,” mentioned the researchers.

“If a number of of those situations are violated, particularly if attackers change into lively contained in the community, then the system might fail badly.”

David Schwartz, chief know-how officer at Ripple, rapidly responded to Cachin on Twitter disputing the findings. The Ripple CTO argued such a scenario was “impractical,” stating any attacker would have “to each partition the community” and management a part of its Distinctive Node Checklist, or UNL, to do because the researchers proposed.

“The general philosophy of the UNL is that attackers get one probability to jeopardize liveness after which they’re perpetually off the UNL,” mentioned Schwartz. He added:

“Assaults on security additionally require vital management over the propagation of messages on the community, which makes them impractical. Because of this Bitcoin’s full lack of partition tolerance isn’t a sensible drawback.”

Not one of the researchers have but responded to the Ripple CTO’s criticism of their findings. The group admitted within the authentic evaluation thathe assaults had been “purely theoretical and haven’t been demonstrated with a reside community.”