The Stellar Development Foundation (SDF) which maintains Stellar, a network built on a modified version of the Ripple code base, recently published a post claiming flaws in the Ripple consensus algorithm. We take any reports about possible security issues very seriously and after reviewing the information conclude that there is no threat to the continued operation of the Ripple network. We’d like to share our thoughts.
Quoting the post in question:
Issue 1: Sacrificing safety over liveness and fault tolerance—potential for double spends
The Fischer Lynch Paterson impossibility result (FLP) states that a deterministic asynchronous consensus system can have at most two of the following three properties: safety (results are valid and identical at all nodes), guaranteed termination or liveness (nodes that don’t fail always produce a result), and fault tolerance (the system can survive the failure of one node at any point). This is a proven result.
This is correct.
Any distributed consensus system on the Internet must sacrifice one of these features.
This is potentially misleading. The FLP result shows that no system can provide those guarantees and reach consensus in bounded time. Real-world implementations of consensus like Paxos and Ripple however use probability to achieve safety, liveness and fault tolerance within a given time limit with very high likelihood.
If consensus is not achieved in this timeframe, the algorithm will retry and once again achieve consensus with very high likelihood and so on. In statistical terms, consensus will eventually be reached with probability 1, satisfying liveness under a probabilistic model. In practice, progress is usually made every round and two or more rounds are very rarely needed.
This means that distributed consensus systems like the Ripple network and Google’s Spanner database exist and can provide extremely high availability if configured correctly.
The existing Ripple/Stellar consensus algorithm is implemented in a way that favors fault tolerance and termination over safety.
This is incorrect. We have not reviewed Stellar’s modified version of Ripple consensus, but as far as the Ripple consensus algorithm is concerned, the protocol provides safety and fault tolerance assuming the validators are configured correctly. For a detailed proof, please see our consensus white paper.
This means it prioritizes ledger closes and availability over everyone actually agreeing on what the ledger is—thus opening up several potential risk scenarios.
This is incorrect. If a quorum cannot be reached, validators will retry until connectivity has been restored.
Issue 2: Provable correctness
Prof. David Mazières, head of Stanford’s Secure Computing Group, reviewed the Ripple/Stellar consensus system and reached the conclusion that the existing algorithm was unlikely to be safe under all circumstances.
We look forward to reading Prof. Mazières’ findings once they are published.
Based [on] these findings, we decided to create a new consensus system with provable correctness.
As mentioned before, a proof of Ripple’s correctness is available in the form of the Ripple consensus white paper.
As Ripple Labs’ chief cryptographer and the original developer of Ripple consensus David Schwartz pointed out yesterday, there cannot be two conflicting majority sets without overlap. For bootstrapping with a small set of trusted validators, it is appropriate to use a crash-recovery fault model, meaning a simple majority such as three out of five is sufficient. In other words, it is impossible for the Ripple network to experience an unintentional ledger fork as Stellar’s did because our nodes require votes from a majority of validators. In the future, we will generally recommend a supermajority greater than two thirds to account for Byzantine faults (validators that act arbitrarily or maliciously), but otherwise the same concepts apply.
In either case, anyone wishing to join a specific set of mutually consenting validators in the Ripple topology can do so by configuring their local Ripple node appropriately. We recognize the immense task of building the world’s first global consensus graph. It is a hard problem, but not an impossible one. Like the transition from Arpanet to the distributed routing topology of the modern internet, it will require time, education and a great deal of caution. But thanks to our amazing partners and colleagues, we are ready to tackle this challenge.
The Ripple network and its distributed ledger have used the Ripple consensus protocol to operate reliably for two years and currently manage $ 1.4 million in daily volume. We continue to invest in scaling Ripple to support the world’s cross-border transactions with bank partners in the U.S. and Europe actively integrating today.
https://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.png00christianhttps://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.pngchristian2015-01-08 17:53:102015-01-12 07:24:27Why the Stellar Forking Issue Does Not Affect Ripple
As interest in Ripple increases around the world, the ecosystem continues to steadily expand into untapped markets. Recently, Minsung Park, a former lawyer and technology whiz, launched Pax Moneta, South Korea’s first Ripple gateway.
Like many innovators building on the Ripple protocol, Minsung’s history and breadth of experience is rich and unique, having helped to draft laws and write software that spurred the mass adoption of public key infrastructure within his home country.
“My parents wanted me to be a lawyer, so I became a lawyer,” said Minsung, who has helped translate various Ripple documents into Korean, such as the Ripple Primer (Korean). “But my basic instinct was toward science. It was my basic instinct that introduced me to the Internet. In my body and my soul, I am focused on this sort of scientific thinking.”
Minsung sees the potential of Ripple to help better connect his country and its citizens to the broader economic machine, reducing friction between neighboring markets, like China and Japan, and beyond.
I was born in 1968 so I am 46. Sometimes I forget my age. I majored in law, with a focus on criminal law and information law. At the time, I remember the Internet was just introduced to Korea while I was in graduate school.
The concept quickly piqued my interest so I started digging. “What is the Internet?” I wanted to know. I discovered Mozilla. At the time, I was able to use a phone to connect to the Internet. One of the first things I did was create an Internet group at my university as part of the computer science and law departments, which ran a web server.
This was how I first came across the idea of a cryptocurrency, around 1996 or 1997, but I didn’t yet fully comprehend the meaning of currency or cryptocurrency. As time went on, I continued my research on the idea of the cryptographic key and kept on learning programming, including languages like C and C++. I ended up creating software for law firms working with government agencies, such as the Korea National Police Agency and the Korea Intelligence Services, as well as other organizations using special cryptography with Western countries. Over time, many companies would integrate PKI, both for commercial and government websites in Korea.
I also ran a trading and development company with a focus in futures and options so I had an opportunity to live in the UK for around three years. Through that experience, I saw that the banking systems of Western countries were very developed and there was a good chance we could introduce these systems to Korea.
Three years ago, I returned to Korea, where I continued my study of cryptography, programming, and electronic trading. That’s when I read an article about Bitcoin, which brought back the idea of a cryptocurrency that I came across during my time with KISDI. I ran to the closest bookstore to learn more. During that search, I found Ripple, another way to transfer value digitally.
That’s when I started working on and developing a Ripple gateway, Pax Moneta, which is the first Ripple gateway in South Korea. Pax Moneta means “peace of money,” a play on words, originating from the term “Pax Romana” or “Pax America”
That’s quite a journey! What ended up attracting you to Ripple?
The reason why I created a Ripple company is simply because the technology is just great. It makes sense. In a way, Bitcoin is about replacing currency like the U.S. Dollar. On the other hand, Ripple is complementary and can help exchange any currency, KRW, CNY, GBP, or USD. That means Ripple can work with governments instead of against them. Personally, I will still use Bitcoin, but Ripple can be used as a method to help exchange value quickly between many countries.
So I have a lot of belief in Ripple, which I feel is supported by my background. I majored in law, but my basic instinct was always based on natural sciences. That’s why I love Ripple and I’m lucky because I think I can understand both areas.
What sort of challenges did you face?
I tried to build a rippled server. It was very difficult, but ultimately, I succeeded. Then I had to figure out how to use rippled, ripple-lib, and gatewayd.
One issue is that Node.js and Angular.js were very new to Koreans. Most developers in Korea are using Java. I couldn’t find a book in Korean for Angular.js so this was a challenge, but I was able to find English resources on the Internet. It was often difficult to sleep. If I’m interested in something, I cannot see anything but this single passion.
After a bit of studying, I was able to better understand gatewayd and ripple-lib. A few months ago, my gateway was nearly ready so I contacted the International Ripple Business Association or IRBA.
Congratulations, that’s a huge accomplishment! Is the Ripple technology being embraced locally?
There have been some difficulties, primarily because most Koreans don’t know the existence of Ripple. We now have a gateway, but many Koreans don’t understand what a gateway is. So one thing we have to do is create a more intuitive Ripple client on top of gatewayd for Koreans to use.
Tell us about your team!
At the moment, we have four people to cover programming, design, and marketing, but we are actively recruiting. We’re still small. We’re a startup.
Since one of the main challenges for Pax Moneta is Ripple mindshare in Korea, do you have an explicit marketing strategy?
As you know, Korea is located between China and Japan. Traditionally, KRW and USD has been essential to the Korean economy. I want to help Korea become a bridge between the USA and China. So in the long view, Pax Moneta should focus on these two countries.
There are many Koreans who own factories in China and there are also many Chinese people who want to come to Korea so there is high demand for exchange between KRW and CNY.
What’s the regulatory climate surrounding these technologies like in Korea?
There was a recent government petition on virtual currencies. In general, the view seems to be that virtual currencies are convenient, like Ripple, which is fast and operates within the law, but the price is not stable. So at the moment, the Bank of Korea does not have any explicit plan to support it.
As you may know, in Korea, the government plays a significant role in supporting companies so the issues of regulation are very important. But I believe it will be similar to the adoption of the Internet. Today, the Internet is used by the Korean government. In the future, I think Ripple will be used, too. When my son and my grandchildren become parents, they will use virtual currencies.
The Korean government does block certain things, but in general, they want to support innovation, like with AG Pay and Kakao Pay. We’re entering a new era and I think there will be many chances in front of us if we are prepared for the future.
Any final thoughts?
Yes, just this: “If all roads lead to Rome, then all values lead to Ripple.”
https://kinematec.de/wp-content/uploads/2015/01/paxmoneta_logo_Blog2.png586777christianhttps://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.pngchristian2015-01-08 04:16:472015-01-12 07:24:34Pax Moneta: South Korea’s First Ripple Gateway
Explaining what Ripple is can be hard. To make things a little easier, we made a video!
For Ripple Labs, it’s an opportunity to share our vision of the Internet of money, show how Ripple fits into the equation, and highlight the tools and technology we’re building to make that vision a reality. It’s also a chance to show the world who we really are.
https://kinematec.de/wp-content/uploads/2015/01/anna-vahe.jpg435777christianhttps://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.pngchristian2015-01-07 21:47:182015-01-12 07:24:39Building the Internet of Money (Video)
Throughout 2014 we’ve talked to businesses all over the world, both big and small, who are interested in tapping into Ripple’s increasing liquidity and settlement capabilities. For exchanges dealing in bitcoins and other assets, the value proposition is clear – deeper orderbooks and the ability for customers to hop between different assets instantly is a major boon to their service. The natural follow-up question is how to get started.
As such, we’ve developed a high-level integration guide for exchanges that covers the basic accounting concepts of operating a gateway on Ripple and some of the API calls you can use to interact with the network. For the purposes of this guide, we’ve outlined an example integration for the fictional Acme Bitcoin Exchange. While specifically referencing bitcoins as the asset handled by this gateway, note that the concepts are applicable to other forms of value such as physical commodities, securities, fiat currencies, and more.
Feel free to email us at with any questions or thoughts on how this could be improved.
https://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.png00christianhttps://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.pngchristian2015-01-07 12:53:212015-01-12 07:24:45Turn your exchange into a Ripple Gateway
For Ripple Labs, 2014 was the year in which we not only clarified our strategy for building the Internet of money but also made large strides in turning that vision into reality. From breakthrough partnerships to ecosystem expansion to the continued evolution of the underlying technology, 2014 has been a banner year. This is our year in review.
By the numbers
Major partnership announcements: 4 (3 banks, 1 network)
IRBA-certified Ripple gateways around the world: 16
24-hour network trade volume (all-time record): >$ 6.5 million
24-hour network trade volume (average, last 30 days): >$ 2 million
The New York Times, The Wall Street Journal, Bloomberg, Bloomberg Businessweek, CNBC, USA Today, Fox Business, The Financial Times, Fortune, Institutional Investor, Forbes, Business Insider, International Business Times, Entrepreneur, VentureBeat, American Banker, TechCrunch, GigaOm, PandoDaily
Navigating a startup working on brand new technology can be a perilous process. It can, at times, feel like you’re walking in the dark. But while it’s impossible to predict the future, we can look to the past for clues. In that regard, we see the state of payments tracking the history of the information web.
In September, Ripple Labs CTO Stefan Thomas published an op-ed in TechCrunch, outlining our vision for how the space will evolve, drawing parallels with the birth of the information web. Stefan breaks this evolution into three phases with each new phase building on the last.
The Infrastructure Phase: The original custodians of information on the Internet were universities and research facilities like CERN. While the network was already open and global in scope, it was still limited from a consumer perspective. In the case of payments, custodians of money, such as banks and governments, will lay the initial groundwork and plumbing for value transfer.
The Federation Phase: By the ‘80s, numerous services popped up to address increasing consumer demand, but these disparate networks originally weren’t interoperable. If you were on AOL, there wasn’t an easy way to connect with your friend on GEnie. This would be solved by the rise of common protocols like HTTP and SMTP that allowed networks to federate, bringing millions of consumers together all in one place. Similar to the Internet of the ‘80s, today’s payment networks aren’t yet federated, lacking a standardized protocol. Innovative services like Paypal, Alipay, and Venmo provide users with new features and convenience, but they also don’t interoperate. If you’re on Paypal, you can’t send your friend money if he or she is on Venmo.
The Independent Value Phase: With everyone on the same network, it wasn’t long before developers and entrepreneurs started building services and businesses like Wikipedia, Google, and Facebook. What’s most exciting is that it’s impossible to predict what inventive, pioneering new industries will blossom. We believe that the same will hold true for the Internet of money.
The year we refined market fit and gained traction
Now that we had a better sense of where we wanted to go, we needed to figure out how to get there. The strategy that we ultimately defined reflects our ongoing commitment at Ripple Labs to create tools and technology that empower financial institutions, businesses, and ultimately developers.
We’re starting where Ripple provides the biggest impact for payments companies, app developers and ultimately consumers—the core. Skipping this essential developmental chapter to deliver these tools and technologies directly to consumers would be putting the cart before the horse. Partnerships with financial institutions establish a platform and market that others can build on higher up the application stack by first producing general utility and stability.
Just as the Internet of information required necessary groundwork before the likes of Peter Thiel and Mark Zuckerberg could change the world with PayPal and Facebook, the Internet of money requires a preliminary framework.
On the one hand, we need the web browser, the smartphone, and ubiquitous Internet access. On the other hand—in the case of moving money—we need liquidity, compliance and scalability. In place of universities and government institutions, we have financial institutions, which custody assets and already move trillions of dollars daily to solidify the foundation of the value web. Because of Ripple’s open nature, builders will be able to leverage the power and potential of the existing system in unimaginable ways. Where today’s systems are closed, tomorrow’s will be more open.
This is an admittedly challenging, painstaking, and laborious process, but fortunately, Ripple Labs—with the help of its supporters, partners, and community—made great headway in 2014.
In May, we announced our partnership with Germany’s Fidor Bank, the first financial institution to integrate the Ripple protocol. Momentum kept building, leading up to Sibos, the annual financial services conference hosted by SWIFT.
To our pleasant surprise, Ripple was a persistent topic throughout the event, which attracted over 7,000 industry members. Where once potential partners worried about the reputational risk of integrating a brand new technology, now they were wondering how they could get started, perceiving innovation as a competitive advantage.
We got the sense that we were reaching a tipping point in terms of awareness within the financial community. This was particularly evident at a leadership workshop hosted by the World Economic Forum, which counted industry leaders like Deloitte, Barclays, and SWIFT. Again, many of the discussions centered around the Ripple protocol. During one presentation, a director of the Bill & Melinda Gates Foundation noted not only how Ripple could make cross-border payments more efficient but also how the technology could help address the ongoing issue of financial inclusion.
Fundamental to this strategy is the core technology that powers the Ripple protocol. In August, Ripple Labs released the consensus whitepaper, which describes the Ripple protocol’s consensus algorithm and properties.
Throughout 2014, the rippled team worked on improving stability, increasing rippled uptime to over 99 percent. The team also rolled out a series of new features and improvements including Account Freeze, transaction memos, and improvements to pathfinding. We’ve also completed development of features like Autobridging, which will be released in early 2015. Meanwhile, senior rippled developer Howard Hinnant completed his proposal relating to hashing infrastructure, which he submitted to the C++ Standards Body.
In all, the team made significant improvements to the stability, robustness, and value of the protocol.
The success we’ve experienced in 2014 in working with the existing industry was matched by grassroots efforts in our growing developer community. Today, developers and businesses have established Ripple gateways in every hemisphere. Along with the community, we also supported the establishment of the International Ripple Business Association, which provides best practice guidance to Ripple gateways and other businesses. The IRBA held its first officer elections this fall.
We realized early on this year that in order to achieve our mission of opening access to finance, we would need to build tools and platforms for business logic and identity management in addition to focusing on funds settlement.
Karen Gifford, chief compliance officer at Ripple Labs, summarized the opportunity for digital identity management in a Huffington Post op-ed. Today’s existing protocols for addressing the issue of identity simply come up short across the board. Not only is the way we deal with identity inefficient and costly, current procedures undermine both security and privacy by placing the onus on entities who aren’t security experts (like retailers and banks).
In collaboration with MIT and dozens of prominent industry members, Ripple Labs contributed to the creation of the Windhover Principles, a set of principles and a framework for approaching new solutions for addressing digital identity, trust, and access to shared, open data.
The other key puzzle piece is smart contracts, which enables the application of rule sets and automated execution of those rules to funds transfer. In July, Stefan Thomas and team unveiled Codius, an open-source, smart contracts platform. From a broader perspective, it’s a framework for developing distributed applications, what we call “smart programs.” Stefan and team member Evan Schwartz presented Codius during a Tech Talk at the Around the World in Five Seconds event last month.
While Ripple Labs has made great headway in 2014, the hard work has only just begun. We look forward to building on the team’s and community’s successes for years to come.
https://kinematec.de/wp-content/uploads/2015/01/yir-2014.jpg500777christianhttps://kinematec.de/wp-content/uploads/2019/10/kinematec_logo.pngchristian2015-01-06 20:29:432015-01-12 07:25:01Ripple Labs 2014: A Year in Review
First of all, happy new year! What a year it has been. With a little luck we’ll surpass last year with an even more awesome year. It’s been too long since I’ve given an update on my side of things and that of the Go team and mostly due to a lack of time. I’ve been so incredibly busy and so many things have happened these past 2 months I’ve hardly had time to sit down and assess it all.
As you may be well aware the audit is looming around the corner and my little baby (go-ethereum!) will undergo it’s full inspection very, very soon. The audit teams will tear it apart and see if the repo contains anything incorrectly implemented as well as search for any major security flaws in the design and implementation. We’ve been pretty solid on tests, testing implementation details as well as consensus tests (thanks to Christoph) and will continue to add more tests over time. We’ll see how they hold up during the audit (though I’m confident we’ll be fine, it’s still a little bit scary (-:)
Development
PoC-7 has been released now for a about a week and has been quite stable (and growing in size!). We’re already hard at work to finalising PoC-8 which includes numerous small changes:
Adjusted block time back to 12s (was 4s)
Op code PREVHASH has become BLOCKHASH( N ) and therefore PREVHASH = BLOCKHASH(NUMBER - 1)
We’ve added an additional pre-compiled contract at address 0x04 which returns the given input (acts like copy / memcpy)
Ongoing
P2P
Felix has been hard at work on our new P2P package which has now entered in to v0.1 (PoC-7) and will soon already undergo it’s first upgrade for PoC-8. Felix has done an amazing job on the design of the package and it’s a real pleasure to work with. Auto-generated documentation can be found at GoDoc.
Whisper
A month or so back I finished the first draft of Whisper for the Go implementation and it’s now passing whisper messages nicely around the network and uses the P2P package mentioned earlier. The Go API is relatively easy and requires almost zero setup.
Backend
The backend stack of ethereum has also received its first major (well deserved) overhaul. Viktor’s been incredibly hard at work to reimplement the download manager and the ethereum sub protocol.
Swarm
Since the first day Dani joined the team he’s passionately been working on the peer selection algorithm and distributed preimage archive. The DPA will be used for our Swarm tech. The spec is about 95% complete and roughly about 50% has been implemented. Progress is going strong!
Both go-ethereum/p2p and go-ethereum/whisper have been developed in such a way that neither require ethereum to operate. If you’re developing in Go and your application requires a P2P network or (dark) messaging try out the packages. An example sub protocol can be found here and an example on how to use Whisper can be found here.
Ams Hub
Now that the hub is finally set up you’re free to drop by and grab a coffee with us. You can find us in the rather posh neighbourhood of Amsterdam Zuid near Museumplein (Alexander Boerstraat 21).
In my next post I hope I’ll have a release candidate for PoC-8 and perhaps even a draft implementation of swarm. But until then, happy whispering and mining!
Wir können Cookies anfordern, die auf Ihrem Gerät eingestellt werden. Wir verwenden Cookies, um uns mitzuteilen, wenn Sie unsere Websites besuchen, wie Sie mit uns interagieren, Ihre Nutzererfahrung verbessern und Ihre Beziehung zu unserer Website anpassen.
Klicken Sie auf die verschiedenen Kategorienüberschriften, um mehr zu erfahren. Sie können auch einige Ihrer Einstellungen ändern. Beachten Sie, dass das Blockieren einiger Arten von Cookies Auswirkungen auf Ihre Erfahrung auf unseren Websites und auf die Dienste haben kann, die wir anbieten können.
Notwendige Website Cookies
Diese Cookies sind unbedingt erforderlich, um Ihnen die auf unserer Webseite verfügbaren Dienste und Funktionen zur Verfügung zu stellen.
Da diese Cookies für die auf unserer Webseite verfügbaren Dienste und Funktionen unbedingt erforderlich sind, hat die Ablehnung Auswirkungen auf die Funktionsweise unserer Webseite. Sie können Cookies jederzeit blockieren oder löschen, indem Sie Ihre Browsereinstellungen ändern und das Blockieren aller Cookies auf dieser Webseite erzwingen. Sie werden jedoch immer aufgefordert, Cookies zu akzeptieren / abzulehnen, wenn Sie unsere Website erneut besuchen.
Wir respektieren es voll und ganz, wenn Sie Cookies ablehnen möchten. Um zu vermeiden, dass Sie immer wieder nach Cookies gefragt werden, erlauben Sie uns bitte, einen Cookie für Ihre Einstellungen zu speichern. Sie können sich jederzeit abmelden oder andere Cookies zulassen, um unsere Dienste vollumfänglich nutzen zu können. Wenn Sie Cookies ablehnen, werden alle gesetzten Cookies auf unserer Domain entfernt.
Wir stellen Ihnen eine Liste der von Ihrem Computer auf unserer Domain gespeicherten Cookies zur Verfügung. Aus Sicherheitsgründen können wie Ihnen keine Cookies anzeigen, die von anderen Domains gespeichert werden. Diese können Sie in den Sicherheitseinstellungen Ihres Browsers einsehen.
Andere externe Dienste
Wir nutzen auch verschiedene externe Dienste wie Google Webfonts, Google Maps und externe Videoanbieter. Da diese Anbieter möglicherweise personenbezogene Daten von Ihnen speichern, können Sie diese hier deaktivieren. Bitte beachten Sie, dass eine Deaktivierung dieser Cookies die Funktionalität und das Aussehen unserer Webseite erheblich beeinträchtigen kann. Die Änderungen werden nach einem Neuladen der Seite wirksam.
Google Webfont Einstellungen:
Google Maps Einstellungen:
Google reCaptcha Einstellungen:
Vimeo und YouTube Einstellungen:
Datenschutzrichtlinie
Sie können unsere Cookies und Datenschutzeinstellungen im Detail in unseren Datenschutzrichtlinie nachlesen.
