Security Analysis of Ripple Consensus

TL;DR

This paper provides a detailed analysis of the Ripple consensus protocol, revealing potential safety and liveness issues under certain network conditions, which were previously not well understood.

Contribution

It offers the first detailed, source-code-derived description of Ripple consensus and highlights its potential vulnerabilities to safety and liveness violations.

Findings

The protocol may violate safety in simple executions.

The protocol may violate liveness under benign network assumptions.

Provides a comprehensive, source-code-based protocol description.

Abstract

The Ripple network is one of the most prominent blockchain platforms and its native XRP token currently has one of the highest cryptocurrency market capitalizations. The Ripple consensus protocol powers this network and is generally considered to a Byzantine fault-tolerant agreement protocol, which can reach consensus in the presence of faulty or malicious nodes. In contrast to traditional Byzantine agreement protocols, there is no global knowledge of all participating nodes in Ripple consensus; instead, each node declares a list of other nodes that it trusts and from which it considers votes. Previous work has brought up concerns about the liveness and safety of the consensus protocol under the general assumptions stated initially by Ripple, and there is currently no appropriate understanding of its workings and its properties in the literature. This paper closes this gap and makes two contributions. It first provides a detailed, abstract description of the protocol, which has been derived from the source code. Second, the paper points out that the abstract protocol may violate safety and liveness in several simple executions under relatively benign network assumptions.