A group of researchers from the University of Bern claims that Ripple's distributed Ledger does not meet the basic requirements for blockchains.
They identify "security" and "viability"as two such requirements. The first is necessary so that "something bad does not happen", for example, the chain is not subjected to a fork or an attacker does not re-spend tokens. "Viability" describes all the "good" things that happen on the network, allowing it to skip transactions and move on.
According to the authors of the study, the Ripple system does not have any of these two characteristics. Even under "extremely mild hostile conditions", the Ripple Protocol does not reach consensus, which can lead to re-spending of tokens, stopping transactions and "devastating consequences" in General, they say.
The reason for this, in their opinion, is that Ripple is moving away from the generally accepted practice of using a single set of validator nodes and instead allows each node to individually choose which nodes it trusts, using the so-called unique list of nodes (UNL). During the transaction validation process, the Ripple node trusts only those nodes that are included in its UNL.
In practice, this means that the network can be forked if even a small number of malicious nodes get into UNL. They can simply send conflicting messages to normal nodes and thus cause the registry to be divided into several independent chains. Restoring the system's performance after such interventions will require a manual reboot, the University of Bern found.
The exclusion of malicious nodes from the list is achieved due to the fact that Ripple itself supplies a standard UNL, which it recommends to use for all validators. Using this approach is another stone in the direction of Ripple, which is often criticized for the low decentralization of the system. However, the authors admit that the use of this model is quite reasonable in the case of Ripple, since without it, validators would have left the consensus much more often.
Ripple responds
Ripple's technical Director, David Schwartz, responded to the allegations, calling the vulnerability described "impractical." "The UNL philosophy is that an attacker will have one chance to compromise viability, after which they will be permanently excluded from UNL. Security attacks also require significant control over the progress of messages on the network. This is why bitcoin's complete lack of resistance to divisions is not a problem, " he wrote.
Ripple also continues to insist that their network is decentralized. Separately, Schwartz wrote that if the cryptocurrency community decides to burn the billions in XRP reserves in order to prevent the risks of selling on the market and the associated depreciation, it will not be able to prevent it in any way.
"If nodes, validators and the community as a whole get together and decide that 50 billion XRP is better to burn, will it be feasible?» one user asked.
"Yes. Ripple will not be able to do anything to prevent this," replied Schwartz – " Public blockchains are very democratic. If the majority wants to change the rules, there is nothing the minority can do to stop them."
Sales of XRP by the company have long been considered as one of the factors exerting negative pressure on the cryptocurrency market. As of the beginning of 2020, Ripple had 48.9 billion XRP in its reserves. In recent months, the company has reduced sales, stopping sending cryptocurrency to exchanges.
The concerns of market participants in this case are quite understandable, since with the current volume of the cryptocurrency at 45.3 billion units, a sudden influx of coins from the Issuer can easily bring down its rate. At the time of publication, XRP is trading at $0.60, having added more than 150% to the price over the past 30 days.