Schlagwortarchiv für: Ripple

The Stellar Development Foundation (SDF) which maintains Stellar, a network built on a modified version of the Ripple code base, recently published a post claiming flaws in the Ripple consensus algorithm. We take any reports about possible security issues very seriously and after reviewing the information conclude that there is no threat to the continued operation of the Ripple network. We’d like to share our thoughts.

Quoting the post in question:

Issue 1: Sacrificing safety over liveness and fault tolerance—potential for double spends

The Fischer Lynch Paterson impossibility result (FLP) states that a deterministic asynchronous consensus system can have at most two of the following three properties: safety (results are valid and identical at all nodes), guaranteed termination or liveness (nodes that don’t fail always produce a result), and fault tolerance (the system can survive the failure of one node at any point). This is a proven result.

This is correct.

 

Any distributed consensus system on the Internet must sacrifice one of these features.

This is potentially misleading. The FLP result shows that no system can provide those guarantees and reach consensus in bounded time. Real-world implementations of consensus like Paxos and Ripple however use probability to achieve safety, liveness and fault tolerance within a given time limit with very high likelihood.

If consensus is not achieved in this timeframe, the algorithm will retry and once again achieve consensus with very high likelihood and so on. In statistical terms, consensus will eventually be reached with probability 1, satisfying liveness under a probabilistic model. In practice, progress is usually made every round and two or more rounds are very rarely needed.

This means that distributed consensus systems like the Ripple network and Google’s Spanner database exist and can provide extremely high availability if configured correctly.

 

The existing Ripple/Stellar consensus algorithm is implemented in a way that favors fault tolerance and termination over safety.

This is incorrect. We have not reviewed Stellar’s modified version of Ripple consensus, but as far as the Ripple consensus algorithm is concerned, the protocol provides safety and fault tolerance assuming the validators are configured correctly. For a detailed proof, please see our consensus white paper.

 

This means it prioritizes ledger closes and availability over everyone actually agreeing on what the ledger is—thus opening up several potential risk scenarios.

This is incorrect. If a quorum cannot be reached, validators will retry until connectivity has been restored.

 

Issue 2: Provable correctness

Prof. David Mazières, head of Stanford’s Secure Computing Group, reviewed the Ripple/Stellar consensus system and reached the conclusion that the existing algorithm was unlikely to be safe under all circumstances.

We look forward to reading Prof. Mazières’ findings once they are published.

 

Based these findings, we decided to create a new consensus system with provable correctness.

As mentioned before, a proof of Ripple’s correctness is available in the form of the Ripple consensus white paper.

As Ripple Labs’ chief cryptographer and the original developer of Ripple consensus David Schwartz pointed out yesterday, there cannot be two conflicting majority sets without overlap. For bootstrapping with a small set of trusted validators, it is appropriate to use a crash-recovery fault model, meaning a simple majority such as three out of five is sufficient. In other words, it is impossible for the Ripple network to experience an unintentional ledger fork as Stellar’s did because our nodes require votes from a majority of validators. In the future, we will generally recommend a supermajority greater than two thirds to account for Byzantine faults (validators that act arbitrarily or maliciously), but otherwise the same concepts apply.

In either case, anyone wishing to join a specific set of mutually consenting validators in the Ripple topology can do so by configuring their local Ripple node appropriately. We recognize the immense task of building the world’s first global consensus graph. It is a hard problem, but not an impossible one. Like the transition from Arpanet to the distributed routing topology of the modern internet, it will require time, education and a great deal of caution. But thanks to our amazing partners and colleagues, we are ready to tackle this challenge.

The Ripple network and its distributed ledger have used the Ripple consensus protocol to operate reliably for two years and currently manage $ 1.4 million in daily volume. We continue to invest in scaling Ripple to support the world’s cross-border transactions with bank partners in the U.S. and Europe actively integrating today.

Ripple

ripple-earthport-2

Ripple Labs is thrilled to announce a partnership with Earthport, a regulated financial institution whose cross-border platform represents the largest open network for global bank payments.

The London-based firm, which has offices in New York and Dubai, will integrate the Ripple protocol alongside its existing payments network. Through this global partnership, Earthport’s customers will be able to leverage Ripple’s friction-free cross-border payments solution and benefit from lower liquidity management costs, all while maintaining the robust standards of compliance that regulators expect.

“We constantly evaluate new technologies to reduce costs and delays associated with global bank payments for our clients, but require these innovations to meet our high, exacting standards for compliance,” said Hank Uberoi, CEO of Earthport. “Ripple is a new technology and, once integrated in our payments service could bring benefits in efficiency and speed to global transfers. Earthport will apply its existing compliance framework, rule sets and secure payments network to any Earthport clients transacting using the Ripple protocol.”

Growth in international trade, e-commerce, and demographic shifts in population have driven both corporate and consumer demand for faster, cost-efficient, reliable and transparent cross-border payment solutions.

earthport-graph

Earthport is the largest open network for global bank payments, servicing businesses and financial institutions across 60 countries around the world. (Image: Earthport)

Ripple Labs is incredibly proud to have a partner at the forefront of the payments industry. Earthport was awarded the B2B Payments Innovation of the Year 2014 at the second annual FStech/Retail Systems Payments Awards. The company—which is listed on the Alternative Investment Market (AIM) on the London Stock Exchange and is authorised and regulated by the Financial Conduct Authority under the Payment Service Regulations 2009—services major institutional clients in over sixty countries.

“Traditional cross-border payments are inefficient today because both the technology and compliance frameworks underpinning them were built country by country decades ago,” said Chris Larsen, co-founder and CEO of Ripple Labs, the developer of the Ripple protocol. “The Earthport and Ripple partnership brings together the leading global payments and technology infrastructures to immediately transform and modernise the global payments industry.”

Earthport’s proven compliance platform provides an immense opportunity for international scalability given their expertise in navigating local regulations. For Ripple Labs, the partnership represents another major milestone as part of the company’s mission to develop and expand the Ripple network by plugging into the existing financial system.

Follow Ripple on Twitter

Ripple

lawsky

Superintendent Ben Lawsky hasn’t shied away from maintaining an open dialogue with the community.

While the early days of the web provide an intuitive roadmap for how the emergence of digital payment protocols and the ecosystem that surrounds them will evolve over time, there’s one defining difference between the evolving state of finance today and the Internet of the 80s: Regulations.

There’s a lot more at stake when transferring value versus information. It’s why finance is the most heavily regulated industry on the planet. It’s also why the internet-of-value has taken such a long time to materialize. The bar is just that much higher.

As these emerging technologies push us further into uncharted territory, navigating these regulatory waters has become a core component of our mission here at Ripple Labs. And as creators of an open source protocol, we’re committed to being transparent about that process. To provide insight on our perspective, we’re publishing our BitLicense comments (pdf), which we recently submitted to regulators.

The Ripple Labs perspective

Our position on regulations is straightforward. An effective regulatory framework opens the door to mainstream adoption. The goal is to provide necessary protections for end users without stifling innovation by burdening developers and small businesses. Instead, smart regulations can level the playing field, legitimize a burgeoning industry, and empower entrepreneurs.

But getting regulations right is an immense task. That’s why it’s pertinent that Ripple Labs works intimately with regulators, our numerous stakeholders, and the industry-at-large in helping to collectively shape the rules that will define the way forward.

BitLicense

It’s incredibly encouraging that the U.S. government appears up to the task with Superintendent Ben Lawsky of the New York State Department of Financial Services leading the way by maintaining an open dialogue and recently, drafting the first proposal of BitLicense, a set of rules that aim to bring clarity to how government officials and businesses deal with cryptocurrencies.

As the only U.S. regulator to step up to the plate—at both state and federal levels—Superintendent Lawsky should be commended for assuming this monumental responsibility. BitLicense elevates the industry as a whole, putting us in the same club as the big banks. Most of all, throughout Lawsky’s numerous interactions with the community—including his speech at Money20/20 in Las Vegas last month—it’s clear that New York’s first Superintendent of Financial Services not only comprehensively understands and respects the awesome potential of these new technologies but also what’s at stake.

Indeed, the implications of BitLicense will have far broader implications beyond the crypto-community, as Lawsky alluded to during his Vegas keynote, noting that his framework for Bitcoin regulations will eventually serve as a model for all regulated institutions. Along those lines, this isn’t merely about the future of Bitcoin or Ripple, it’s about the future of finance as a whole—one in which the lines between new technologies and the existing system continue to blur.

Again, for his fearless and influential leadership, Lawsky deserves to be commended. Even so, he could do more—especially if he and the rest of the state’s ruling body want New York to become a hub for technological innovation. Below is a summary of our comments and suggestions that we believe could help BitLicense reach its ultimate goals while still maintaining an environment that supports and fosters innovation and small businesses.

Reduce barriers of entry. New York should support developers who need the freedom to build. Costly compliance requirements create huge barriers of entry for small businesses. To accommodate innovation, we suggest a “registration regime” versus a “licensing regime” with a threshold for smaller firms, significantly reducing potential upfront costs and waiting around that often deters new businesses. This way, entrepreneurs can begin the regulatory process in good faith and start their business right away.

Create a level playing field. A key criticism of the initial BitLicense proposal is that it didn’t create a level playing field between cryptocurrencies and everyone else. There are arguments to be made why cryptocurrencies should be held to a higher standard their unique properties, but if that’s the case, those arguments need to be explicitly mapped out to each special feature individually relative to existing rulesets. With the initial draft, it’s often unclear why increased controls are being implemented only for cryptocurrencies.

The rules regarding information security is one example, which requires third-party code verification. In this case, rather than opting for a more organic approach, Lawsky went from 0-60 with these baseline regulations. While it may be true that this new rule could very well be a “coming attraction for all banks,” emerging technologies shouldn’t have to serve as the canary in the coal mine. If a new rule is believed to be beneficial to the public’s interests, it should be applied to all relevant parties on day one rather than arbitrarily to the new kids on the block. Otherwise, BitLicense undermines a sense of fairness by appearing to favor established interests.

The overall scope is too broad. Such is the nature of emerging technologies with few past precedents, they can be difficult to properly define, but even under that context, the way BitLicense defines these new technologies is far too general and vague. If the purpose of regulations is to provide clarity, the proposal as it currently exists risks further muddying the waters by leaving far too much to subjective interpretation. The first step then is to provide a concise definition of the technology at hand. The approach we prefer is to highlight the technology’s fundamental distinctions. In the case of virtual currencies, this is the first time we’ve seen assets exist in a digital context (as opposed to liabilities).

Beyond reaching consensus on a proper definition, we believe that limiting the scope of these new regulations requires a more balanced and organic approach to how we assess risk. It’s logical to focus on the risks added by new technologies, but it’s just as important to take into consideration existing risks that innovation helps to mitigate. In that sense, BitLicense should not only temper negative characteristics, but also foster and expand positive traits. In current form, the former is at times, over the top, while the latter is lacking.

The way forward

Overall, the development of BitLicense represents a huge step in the right direction, despite being imperfect as regulators and industry participants continue to work together toward a meaningful and mutually beneficial consensus.. That governments are dedicating these resources toward legitimizing new businesses is a huge stamp of approval for technologies that only a few short years ago didn’t even exist.

At Ripple Labs, we’re deeply cognizant of our responsibility to our partners, our community, and the industry, and we take great pride in participating in this ongoing process, one we believe will have a huge impact on our ability to deliver these breakthrough technologies to people around the world.

That last part is key. Even if the U.S. will, at times, lead the way, the scope and reach of Ripple and other digital payment protocols in general transcends borders. As such, our regulatory work extends to a global scale. Last Friday, our team submitted a letter to the Australian Parliament regarding the regulation of digital currencies, which is available on their website for download. (We are submission #21.) We are also in the process of engaging with other foreign regulators.

As always—as an ongoing conversation and an evolving process—we are open to any and all feedback. We look forward to hearing from you.

Follow Ripple on Twitter

Ripple

codius1

Ripple Labs CTO Stefan Thomas and software engineer Evan Schwartz present Codius.

As part of an ongoing initiative to better educate the broader community about Ripple technology, behind the scenes developments, as well as our take on the industry at large, Ripple Labs will be releasing a series a tech talks, the first of which is an introduction to Codius.

The tech talk was presented by CTO Stefan Thomas and software engineer Evan Schwartz to a full house on November 20, 2014 at Around the World in 5 Seconds, a special night of demos and celebration at Ripple Labs headquarters in downtown San Francisco.

Codius is a platform developed by Ripple Labs that enables smart contracts technology. But from a broader perspective, it’s a framework for developing distributed applications, what we call “smart programs.” In this tech talk, you’ll learn about:

  • Cryptocurrencies and smart contracts
  • Codius as the ecosystem for smart programs
  • The future of autonomous applications

 

 

Learn more about Codius:

Follow Ripple on Twitter

Ripple

Howard Hinnant

Howard Hinnnant, C++ mensch

The Ripple Labs employee spotlight is on Howard Hinnant this week, who is in Bellevue, Washington for cppcon, the inaugural conference for all things C++.

Howard has been a prolific and long-time contributor to the C++ community as lead author of several C++11 features including move semantics, unique_ptr, and <chrono> API and has authored over 30 C++ committee papers.

During his time at Apple he developed libc++, an open source implementation of the C++11 standard library, which the iPhone maker continues to use. He is also a Library Working Group Chair Emeritus at the Standard C++ Foundation.

Today, as a senior engineer within the 11-person rippled team, Howard is channeling his self-taught expertise to help build the core protocols that will power what we see as the birth of the value web.

rippled is the core, peer-to-peer server component of the Ripple protocol (which already includes a number of C++14 features). It essentially is Ripple—by facilitating the processes that manage and validate transactions.

Moving forward, the team’s priorities are stability, performance, security, and scalability—while introducing new features like m-of-n multisign, additional cryptographic curves, and autobridging, according to rippled project manager Yana Novikova.

At cppcon, the former aerospace engineer will be presenting his latest paper, Types Don’t Know # (N3980). Before Howard left, I sat down with him and Vinnie Falco, team lead of rippled, for a brief fireside chat.

Ripple Labs: So what’s up with cppcon?

Howard: This is the first year so it’s kind of an experiment, but I suspect it will be a success. It has the support of the leading professionals in the industry.

Vinnie: Cppcon is a very technical conference that focuses on the development and growth of the language itself. So a lot of the discussions and presentations will surround the technical aspects of the language and could very well be precursors to new features.

Ripple Labs: What will you be doing at the conference?

Howard: My contribution at this conference is going to be talking about the work we have been doing and implementing in rippled, mainly the parts that concern how to hash things and putting items into unordered containers.

I’ve written a proposal for it, which I’ll be presenting. It hasn’t been accepted yet by the committee, but it’s under consideration at this time. This proposed implementation allows people to easily switch among different hash algorithms.

Vinnie: N3980 addresses a long-standing shortcoming in the hash functions for unordered containers, which can result in suboptimal performance when using a standard library. It basically allows programmers to easily choose between different hash functions such as Murmur, SipHash, SpookyHash, and FNV without changing every call site.

Howard: Now developers have a choice of hash functions without having to rewrite everything. You write the hashing infrastructure once, and with very little effort, you can switch between different algorithms, which wasn’t previously possible.

Vinnie: It’s very relevant to decentralized programs. The result of Howard’s work benefits anyone developing peer-to-peer software.

Howard: It has very wide applications because the hash containers are extremely widely used. You name it, people are hashing things. It’s quite a basic utility.

Vinnie: When it comes to digital finance, hash functions are crucial, along with the performance of these programs. Bitcoin, Ripple, and countless other systems use them.

Ripple Labs: What does it take for a proposal to get accepted by the committee?

Vinnie: Howard has had work accepted in the past, but it’s obviously not a walk in the park. This is serious, very theoretical work—and it needs to improve the language. It’s work so incredibly technical that very few people are even qualified to analyze it.

Having something approved that goes into the language—it can take years, maybe a decade. It’s a very small club.

Ripple Labs: So Howard, how did you get so good at C++?

Howard: I was self-taught. I’ve always been interested in programming, but I had only taken a couple courses in Fortran and assembly. I started collecting languages on my own. I taught myself C, Pascal, and Postscript.

Eventually, I picked up C++ and decided I really liked it, better than the other languages that I learned so I kept teaching myself about it.

Ripple Labs: What was so attractive about C++?

Howard: For me, I really like how you can program at a high level and in the same language, program at a low level. C++ offers complete control. It doesn’t require low level languages like C or assembly but still has high level facilities. It allows you to do everything.

Ripple Labs: OK, last question. What’s your favorite C++ feature?

Howard: The destructor. It’s the most elegant form of garbage collection I’ve ever seen.

Connections:

Follow Ripple on Twitter

Ripple

patrick-sibos

Ripple Labs EVP of Business Development Patrick Griffin at Sibos 2013 in Dubai

Ripple Labs will be in Boston at the end of the month for Sibos (Sept. 29 – Oct. 2), the annual financial services conference hosted by SWIFT, where 7000 industry members and thought leaders will gather to contemplate and help shape the future of payments and trade.

Running concurrently throughout the conference is Innotribe program, a SWIFT initiative focused on innovation at the convergence of finance and technology—of which Ripple will play a prominent part. (Check out our interview with Kosta Peric, Innotribe co-founder and former Head of Innovation of SWIFT.)

Ripple Labs CEO and co-founder Chris Larsen will be presenting at the following sessions on Monday, September 29th:

  • Future of Money: The Rise of Cryptocurrencies (9:30AM ET)
  • Disruption: Cryptocurrencies (12:30PM ET)

If you’re interested in learning how Ripple is driving down cross-border transaction costs for banks like Fidor, please contact us at to schedule a meeting with a Ripple Labs representative.

Follow us on Twitter

Ripple

To help accelerate the creation of strong, reliable, and compliant gateways, Ripple Labs will be providing XRP incentives and extended technical support for gateways that meet criteria considered to be critical for the success of a gateway.

Ripple Labs wants every gateway to achieve a gold standard in business planning, technical reliability and stability, regulatory compliance, and liquidity. The Ripple protocol enables the federation and interoperability of many independent payment systems.

As such, we’re actively developing the specifications for Gateway Services APIs and are eager to help gateways with implementation. In the meantime, here are some of the steps and assistance provided by Ripple Labs to help get your gateway to that point.

Gateway business plan development

Successful businesses start with a concept that can be concisely summarized and executed upon. To get things started on the right foot, here is a business plan template for gateways that is freely available. This plan was developed in consultation with new gateways that were exploring the business opportunities on Ripple, so it’s tailored to the needs of an early stage operator.

The template encourages you to carefully consider who your customer is and what value they’ll derive from your service. Simplifying their experience and making the deposit and withdrawal of assets frictionless is critical to driving volume and subsequent revenue.

Serious endeavors should contact Ripple Labs at to coordinate for possible assistance and business planning.

Gatewayd support

Gatewayd has been designed to make deploying a gateway as easy as possible.

It provides the basic functionality to link assets represented in the Ripple network to those held in the outside world. It includes a core database to track deposits and withdrawals and utilizes Ripple REST to issue assets to customer wallets.

Gatewayd plugins

If your gateway needs a custom deposit/withdrawal plugin for an external payment system (such as PayPal, AliPay, etc.), Ripple Labs may consider funding a bounty to create that plugin or build it for you. Plugins are custom pieces of code that are used to monitor and submit transactions to and from external payment systems so that gatewayd can take appropriate action. You can see examples of these kinds of plugins in the repos under gatewayd on GitHub.

Services implementation

Gateway Services APIs make gateways interoperable and provide straightforward calls that clients can use to route payments appropriately. Gateway Services rely on existing web standards like host-meta and webfinger, while making certain functions of the REST API more robust. Please contact us for assistance if you decide to implement these services at your gateway.

XRP for customers of KYC/AML compliant gateways

Ripple Labs may assist with customer acquisition by providing gateways with XRP that can be used for giveaways. Customers who provide a baseline level of KYC information may be eligible to receive up to 2,000 XRP upon registration and making a deposit at your gateway.

Compliance resources

Ripple Labs regularly issues Gateway Bulletins as new features are released or on topics related to compliance and risk. Those bulletins are shared with the developer community including gateway operators and IRBA members. In addition to Gateway Bulletins, Ripple Labs publishes Compliance Resources that may be helpful for gateway operators in understanding local and global standards on KYC/AML policies, as well as opinions or guidance on virtual currency.

Since rules on KYC/AML policies and guidance on virtual currency vary by jurisdiction, gateways should obtain legal advice on how these rules apply to their business and country of operation. Be aware that regulatory standards are evolving rapidly. While Ripple Labs makes every effort to update the Gateway Bulletins and Compliance Resources regularly, gateways should seek legal advice and understand changes to regulation as it may vary based on geography and the products that you offer.

Generating liquidity

Ripple Labs understands that it may be difficult for new gateways to generate the liquidity needed to provide a compelling service to their customers. To do so, it is important to meet the aforementioned technical and compliance standards to have a popular, well-capitalized gateway. Transaction volume drives liquidity so Ripple Labs may facilitate introductions for operational gateways to market makers who can enable assets issued by your gateway to trade freely at competitive exchange rates.

Feedback is welcome

The Ripple protocol’s success will be largely determined by the ecosystem of gateways that are providing the onramps and off-ramps for value. As such, Ripple Labs continues to support gateway developers and entrepreneurs in their projects to build gateways.

We’d love to hear your feedback on what’s most useful and other tools that you’d like to see. We look forward to working alongside you to build the value web!

Ripple

US Banks

Ripple Labs is thrilled to have signed its first two U.S. banks to use the Ripple protocol for real-time, cross-border payments.

Cross River Bank, an independent transaction bank based in New Jersey, and CBW Bank, a century-old institution founded in Kansas, join Fidor Bank on the Ripple network, which continues to grow.

Both banks are excited to leverage the technology in order to provide greater efficiency and innovation to their customers.

“Our business customers expect banking to move at the speed of the Web, but with the security and confidence of the traditional financial system,” said Gilles Gade, president and CEO of Cross River Bank.

“Ripple will help make that a reality, enabling our customers to instantly transfer funds internationally while meeting all compliance requirements and payments rules. We are excited to be amongst the very first banks in the U.S. to deploy Ripple as a faster, more affordable and compliant payment rail for our customers.”

“Today’s banks offer the equivalent of 300-year-old paper ledgers converted to an electronic form – a digital skin on an antiquated transaction process,” said Suresh Ramamurthi, chairman and CTO of CBW Bank.

“Ripple addresses the structural problem of payments as IP-based settlement infrastructure that powers the exchange of any types of value. We’ll now be one of the first banks in the world to offer customers a reliable, compliant, safe and secure way to instantly send and receive money internationally.  As part of our integration with Ripple, we are rolling out Yantra’s cross-border, transaction-specific compliance, risk-scoring, monitoring and risk management system.”

But these new partnerships aren’t just great for Cross River Bank and CBW Bank customers, it’s great for everyone in the U.S. and Europe by essentially opening up a corridor between ACH and SEPA. Any U.S. bank can now use Cross River or CBW Bank as a correspondent to move funds in real-time to any other institution in Europe via Germany-based Fidor.

The deals will also help expand liquidity and trade volume on the protocol and generally improve the network effects of the system—which will continue to make Ripple more attractive for both market makers and developers.

Ultimately, this announcement is the culmination of many months of hard work and further validation for the Ripple Labs vision. The most exciting part? This is only just the beginning.

Follow us on Twitter

Ripple

Two U.S. banks, New Jersey-based Cross River Bank and Kansas-based CBW Bank, are set to announce their use of the Ripple currency protocol, which would allow instant and free cross-border payments on the network…

Ripple

Payment network Ripple Labs just snagged is to U.S. banks closer to its goal of frictionless payments worldwide.  CBW Bank and Cross River Bank, based in Kansas and New Jersey respectively, will be using Ripple to making global money transfers and payments…

Ripple