ripple: let's test it!

[markm]

Wouldn't the total balance no longer be zero?

Unless they also faked origins for the newly appeared assets?

(That is, issuing accounts with negative balances equal in absolute value to the total positive balances of that asset?)

-MarkM-

[1715033144]

1715033144

[1715033144]

1715033144

[moocowpong1]

Wouldn't the total balance no longer be zero?

Unless they also faked origins for the newly appeared assets?

(That is, issuing accounts with negative balances equal in absolute value to the total positive balances of that asset?)

-MarkM-

I don't see an obstacle to such an attacker, for example, zeroing their debt with all their creditors, or causing somebody to trust them and owe them money (although there's no reason to believe that person would pay that debt), or transferring arbitrarily large amounts of XRP from other accounts, or even creating XRP (although if they broke the 100 billion XRP cap, I don't know if validators would consider it valid). As far as I can tell, they can rewrite the ledger at will, so long as it appears valid afterwards.

[JoelKatz]

In Bitcoin, because you can verify the validity of the entire blockchain and a valid transaction contains proof that the sender authorized it, you can in principle trace your coins back to their origin and have a proof of authorization for each step along the way. This means that if your coins ever end up disappearing, it must be because either a) they were double-spent at some point, and the current longest chain includes the other transaction or b) the block they originated in isn't part of the longest chain. This also means there's no way to end up controlling coins that you didn't control before except by receiving them or by mining a block, which puts limitations on the kinds of attacks possible. (An attacker must legitimately control coins in order to double spend them, for example – they can't just print money.)

That's correct, though it doesn't protect against many kinds of attacks. For example, someone with sufficient hash power can alternately deposit and withdraw Bitcoins at a large exchange and then rewrite the block chain to turn his deposits into double spends. This might undo a large number of transactions made by other people who withdrew from that same exchange. So even though he can't touch Bitcoins that never moved, he could contaminate a huge fraction of Bitcoins that do move. (By invalidating prior transactions that they depend on.)

In Ripple I understand that validators only needs the most recent ledger, meaning there isn't any guarantee that such a chain of proof exists.

Strictly speaking, that's all they need. But a validator can demand whatever proof it wants. Of course, if it doesn't agree with the majority, it won't do much good. But validators can get together to instill any rules they wish for how to determine the valid ledger.

Are there any attacks that have the rough form

... -> valid ledger -> valid ledger -> -> superficially valid ledger with incorrect balances -> ...

We don't think so. Should this ever be an issue, a validator can adopt a policy to defend. While your policy could be to accept any ledger that has the majority rule, your policy could also be to be the "valid minority" if the apparent majority can't prove the validity of the ledger it claims. It is the validator's job to, in consultation with the other validators, declare the valid ledger. If you don't like a validator's policy, you are free to ignore it.

All of these policies work. If some vulnerability were ever spotted in the policy, it can easily be changed with no need to get everyone to agree on the change. The current code goes with a strict majority and does not demand a chain of proof. We're investigating whether this is the ideal approach.

The advantage of the Bitcoin approach is that the result is unambiguous and (barring bugs like the one that caused the recent split) everyone with the same data should agree on the same result. This does guarantee that if you don't try to move your coins, they stay safe. The advantage of the Ripple approach is that validators can be flexible and you're immune to attacks based on people who gather hash power. If someone does cheat, a consensus can revert the ledger just as was done with the bug that create Bitcoins out of thin air. The disadvantage of the Ripple approach is that unless validators adopt a policy of always demanding proof, you can theoretically lose coins you never moved. Of course, validators could insist on such proof before allowing a rejoin after a split.

Ripple is much more flexible than Bitcoin in this regard. That is both an advantage and a disadvantage.

That is, is there some event like a massive power outage or a network split or colluding validators which somebody could exploit to update balances in their favor? Perhaps it might go like this: a power outage makes it so that a colluding set of validators is temporarily the majority, and they propose a ledger with malicious changes. Several ledger closes go by before the rest of the validators are up again, and when they look at the network they see that the current ledger includes the malicious changes. Because no record of a transaction needs to exist for a balance to be considered valid, there's no way to prove that the new balances are illegitimate, and the malicious ledger looks valid.

Right, that would be the type of attack you'd have to try to make work. It can be defeated by validators demanding proof of a valid chain. We do need to investigate what the right policy is. I think it's that you just go with the majority on startup but that if you see things change while you are running, you demand to see a proof chain and be the "correct minority" if you cannot get it. (Of course, while you remain in the minority among nodes you choose to trust, you have to pronounce the network "broken" this protects those who trust you from transacting on a split network. Failures should not be silent.)

Another possibility might be to demand proof if you've been down for less than a certain amount of time. If you shut down for ten minutes to reboot a server and all of a sudden a majority is claiming something completely different, you probably should try to build the minority. But things would already be fairly broken if it got to that point.

We have a "clustering" capability to declare nodes that you fully trust. This allows a group of servers under common administration to distribute the cost of ECDSA signature checking. If we're part of a cluster, we could go with other nodes in our own cluster on startup. That would get the node back in service faster.

As I explained earlier in this thread, Bitcoin could pretty easily adopt some of the same techniques Ripple uses to deal with disagreement. While you can't really change the rule that the most PoW is the valid chain, you can at least automatically detect when there's disagreement over the longest chain and stop transaction processing sooner, without requiring the manual intervention that was required in the 0.7/0.8 split.

To summarize: There are two types of ways a system can be attacked or fail. One is due to a bug or design flaw. Systems develop resistance to this type of attack by good design, many eyes looking over the design, and over time. But the other way is due to an understood weakness -- one that you defend against but ultimately must accept as fundamental to the design. For Bitcoin, this would be a Finney attack or a 51% attack. For Ripple, this would be some kind of consensus breaking attack. We believe Ripple is less vulnerable to this type of attack because consensus is more flexible. You can choose who to trust, rather than having to trust whoever has the most hashing power, and you can choose how you use that trust, rather than having to go with the longest chain. There can, however, be endless arguments over what the very best way is to use this flexibility, and we will continue to improve it to make these attacks even more unpossible.

[chriswen]

I believe Ripple would be more resistant to this problem with more validators, but testing in edge cases helps us to make sure the algorithm is robust and reliable. We'd prefer to not process a transaction for a few seconds than claim we had processed one when we didn't, of course. But the issue is more with ensuring we know the current state of the network for things like reporting validated transactions to others. Where, again, a 20 second delay is better than an incorrect report of confirmation.

Well, it seems difficult to host a validator node, or even a regular node for that matter.  How do you do that?

[JoelKatz]

Well, it seems difficult to host a validator node, or even a regular node for that matter.  How do you do that?

Once the server source code has been publicly released, you pretty much just install it, run it, and then tell it to generate a validation key. Then you can publish your validation public key either manually (by telling it to other validators) or by associating it with your domain. (Check out https://ripple.com/ripple.txt or https://weexchange.co/ripple.txt to see how domain association works.)

Validators actually need less horsepower than servers that deal directly with clients. They don't need to keep any history. The don't need to find payment paths. They don't need to handle "expensive" queries for complex information. Theoretically, they only need the current ledger. Of course, they do have to process all transactions. They do have to negotiate with other validators. They do have to sign validations and proposals. They do have the check the signatures on proposals and validations from other validators. They do need to do this fast enough to not hold the consensus process up. If part of a cluster, they can distribute the ECDSA signature checking load.

[moocowpong1]

<snip>

Very interesting, thanks for the detailed reply!

[chriswen]

Well, it seems difficult to host a validator node, or even a regular node for that matter.  How do you do that?

Once the server source code has been publicly released, you pretty much just install it, run it, and then tell it to generate a validation key. Then you can publish your validation public key either manually (by telling it to other validators) or by associating it with your domain. (Check out https://ripple.com/ripple.txt or https://weexchange.co/ripple.txt to see how domain association works.)

Validators actually need less horsepower than servers that deal directly with clients. They don't need to keep any history. The don't need to find payment paths. They don't need to handle "expensive" queries for complex information. Theoretically, they only need the current ledger. Of course, they do have to process all transactions. They do have to negotiate with other validators. They do have to sign validations and proposals. They do have the check the signatures on proposals and validations from other validators. They do need to do this fast enough to not hold the consensus process up. If part of a cluster, they can distribute the ECDSA signature checking load.

Yes something like this is needed.  Like how on bitcoin you can download a p2p client to help the network.

[SebastianJu]

Is it possible to use ripple to get paid by customers for shopitems? Or does it really only work with friends or trustworthy exchanges?
How about moneybooker, paypal and so on? Can they be traded with ripple when you dont have an account there? And is it safer this way?
I still dont find a case where its useful to use ripple.

[dchapes]

Is it possible to use ripple to get paid by customers for shopitems?

Sure, one way would be to set the price of your items in the currency or currencies of your choice, USD, EUR, BTC, whatever. (e.g it'd be a lot easier for an American just to price items in USD rather than always looking up the daily or hourly BTC exchange rate). Generate a QR code and/or a Ripple URI something like https://ripple.com//send?to=r3kmLJN5D28dHuH8vZNUZpMC43pEHpaocV&dt=12345&label=Invoice23&amnt=15.23/USD on your checkout webpage or invoice or whatever.

Probably trust a well known gateway like Bitstamp for the currencies you want to accept. This will help ensure Ripple will be able to find a payment path to you.

When people go to pay on you via Ripple the system will see what payment paths are available and give them the option of which of their IOUs to use. E.g. you wanted $15.23 USD and Ripple says I can use $15.468 CAD to pay you. You don't care what currencies I use or if I'm borrowing from a trust line or whatever; you just get what you asked for from one of your trusted sources.

If you're using an automated checkout you'd add a destination field in the payment request URI and wait for payment(s) and adjust the "amount due" field on your customer's page as required until you get the full amount (perhaps I want to pay you $10 USD + 1 DYM + $3.28 CAD using several payments instead of one).

When you want your funds out of Ripple you transfer them to a gateway and have them added to your bank account (or sent to you via BTC).

Or does it really only work with friends or trustworthy exchanges?

Those are the only ways to get value out of or into Ripple.

The same way if you want to use Paypal or Google Wallet as a payment processor you need to trust them until you get the funds in your own account, you need to trust the gateway (or your trust lines) until you can get your money out. With Paypal and Google Wallet you pay high fees and have lots of restrictions, charge backs, limited currency support, etc.

[SebastianJu]

Thanks dchapes for the explaination. It looks i still dont get ripple fully.

What does a buyer need then? A ripple account of course right? But how secure is it that i get the payment? I have a shop where i only offer liberty reserve at the moment. I had paypal, alertpay and moneybookers once but the amount of scams where to high. Chargebacks, stolen accounts and so on. So how secure would such payment be? Can the buyer make a chargeback somehow? Or can the buyer create a new account and scam me with the trust somehow?

Most buyers come to me and ask me if they can pay with paypal. They only have paypal and so on... but the risk for me is too high to accept this. So when such a buyer has a paypal account can he pay me when he opens a ripple account? Could i tell them that they can pay with paypal when they have a ripple account?

It would be great if i could get paid through this without having to fear being scammed and when the buyers could use the system without trouble. I mean i tell them they can use liberty reserve but thats a problem for most. They have to create an account there and have to send money there. I wonder if ripple could help here.

How can i find exchanges to trust? For example is mtgox in ripple? Or Liberty reserve? I tried the trust-part but it wants a username, no search possible it seems.

[Peter Lambert]

Thanks dchapes for the explaination. It looks i still dont get ripple fully.

What does a buyer need then? A ripple account of course right? But how secure is it that i get the payment? I have a shop where i only offer liberty reserve at the moment. I had paypal, alertpay and moneybookers once but the amount of scams where to high. Chargebacks, stolen accounts and so on. So how secure would such payment be? Can the buyer make a chargeback somehow? Or can the buyer create a new account and scam me with the trust somehow?

Most buyers come to me and ask me if they can pay with paypal. They only have paypal and so on... but the risk for me is too high to accept this. So when such a buyer has a paypal account can he pay me when he opens a ripple account? Could i tell them that they can pay with paypal when they have a ripple account?

It would be great if i could get paid through this without having to fear being scammed and when the buyers could use the system without trouble. I mean i tell them they can use liberty reserve but thats a problem for most. They have to create an account there and have to send money there. I wonder if ripple could help here.

How can i find exchanges to trust? For example is mtgox in ripple? Or Liberty reserve? I tried the trust-part but it wants a username, no search possible it seems.

If you only trust the gateways (currently Bitstamp or weexchange) then there should be no way for them to scam you. To get money into the ripple system they would open an account at either of those two gateways, deposit the money, then send it to you in Ripple. You could then withdraw the money through the gateway and send it wherever you want.

The power of Ripple comes in if they have already set up a trust network. Then if anybody who trusts them holds GatewayIOUs then they can send the money to you without having to deal with the gateway directly: the Buyer initiates the transaction, their truster gets BuyerIOUs and you end up with GatewayIOUs. Then you can, as above, withdraw the money using the Gateway.

[Beepbop]

If I understand correctly, each gateway would be free to set terms of service, just like PayPal sets terms of service, limiting who they'd do business with. But thanks to people who transfer IOUs from one service to another, a customer who only has a trust relationship to "PayCheck IOUs" could pay a business who only trusts "CheckPal IOUs" either by a settlement agreement between PaYCheck and CheckPal, or by third company or individual offering a sort of exchange/arbitrage between them (rippling through).

This makes it a pretty powerful idea, but it might raise some challenges in addition to the problem of rippling defaults, namely to do with regulatory compliance. Let's say CheckPal has a stricter ToS than PayCheck but CheckPay has more businesses using them - how would CheckPay stop their IOUs from being part of transactions that are illegal or decided to be against he ethics of its owners?

[ahbritto]

... - how would CheckPay stop their IOUs from being part of transactions that are illegal or decided to be against he ethics of its owners?

See: https://ripple.com/wiki/Authorized_accounts

[Beepbop]

Thanks for the link. The tl;dr is that they can't easily do what I asked about - they could limit who holds their IOUs, but it seems the only way to prevent people from rippling their IOUs for ToS-breaking transactions is to watch how their IOUs move through the network and ban any users who facilitate those transactions after the fact. (A bit like how Dwolla is closing down accounts which are used for BTC transactions.)

[SebastianJu]

That means they have to create accounts with bitfountain or weexchange. I doubt they will be happy doing this because it would be the same like creating an account for liberty reserve. They would have to load up money to the site after registering too. So i dont see much advantage. I believe very few people will have an account there anyway. And when they have they would be able to pay with bitcoins too.
So paypal, alertpay or moneybookers dont have a ripple account right?

[Peter Lambert]

That means they have to create accounts with bitfountain or weexchange. I doubt they will be happy doing this because it would be the same like creating an account for liberty reserve. They would have to load up money to the site after registering too. So i dont see much advantage. I believe very few people will have an account there anyway. And when they have they would be able to pay with bitcoins too.
So paypal, alertpay or moneybookers dont have a ripple account right?

No, they wouldn't need to use btc. For Weexchange, they could use AUD or USD, for Bitstamp I think they could use USD or EUR.

[Beepbop]

They would need an account on an exhcange, or have enough credit with a friend or friend-of-a-friend who has an account on the exchange.

Ripple does provide a bitcoin-like way to transfer USD, EUR and other currencies, but at the moment they would need both a Ripple account and an exchange account to get started with paying, so it doesn't really make things simpler for them, or you.

As more gateways and web stores using Ripple come into being, this should become easier for both end users and merchants, since integrated solutions would be offered, like web stores that both sell products, sell IOUs, offer a Ripple client, and takes care of transaction costs behind the scenes by quoting them in USD or including them in the shipping and handling fee, and automatically aquiring the needed XRPs on the user's behalf.

[JoelKatz]

Thanks for the link. The tl;dr is that they can't easily do what I asked about - they could limit who holds their IOUs, but it seems the only way to prevent people from rippling their IOUs for ToS-breaking transactions is to watch how their IOUs move through the network and ban any users who facilitate those transactions after the fact. (A bit like how Dwolla is closing down accounts which are used for BTC transactions.)

In principle, they can have any redemption agreements with their customers that they want. But if they insist on terms like "we can refuse to redeem anytime we want for any reason" (and they actually start exercising that right capriciously) they'll start to reduce their own value drastically. Nobody's going to want to deposit $100 and get a balance that's worth significantly less than that. Nobody's going to want to accept a balance at a gateway in good faith reliance on their redemption agreement and have to worry about the gateway refusing to redeem that balance. Gateways will have to work out their policies and we hope competition and ingenuity will produce a wonderful result.

[SebastianJu]

They would need an account on an exhcange, or have enough credit with a friend or friend-of-a-friend who has an account on the exchange.

Ripple does provide a bitcoin-like way to transfer USD, EUR and other currencies, but at the moment they would need both a Ripple account and an exchange account to get started with paying, so it doesn't really make things simpler for them, or you.

As more gateways and web stores using Ripple come into being, this should become easier for both end users and merchants, since integrated solutions would be offered, like web stores that both sell products, sell IOUs, offer a Ripple client, and takes care of transaction costs behind the scenes by quoting them in USD or including them in the shipping and handling fee, and automatically aquiring the needed XRPs on the user's behalf.

So if i would offer such service at the moment i would have to advertise it like they need a rippleaccount and one of the exchanges i gave trust to. Ill have to list all these exchanges because i cant trust that they have a friend that have an account there.

Edit: Looks like i misread the paypal involvement of bitpay. Then ripple probably wont be of much use to me. I guess very few of my customers could use it.

[weisoq]

Couple of newbie questions:

I opened a ripple wallet but everytime I try to open it again receive 'Wallet not found (Username / Password is wrong)' error. If I then go for the use key option it works, with the same username/password that didn't work previously I get in. This happens every time. Am I missing something? (this in firefox)

Will email confirmations for the ripple forum come when new site is launched? Thanks