Ripple vs. Bitcoin (security and privacy)

by Albert Szmigielski

space-1059760_1280

Fairness

Bitcoin’s public ledger, the blockchain, allows any entity to check the transactions in the system. Furthermore, as long as 66.7% of the miners are honest no entity can change the history of transactions. Both of those properties ensure fairness. However in light of recent research into attacks on the Bitcoin network, several double-spending attacks have been identified. Such attacks negate the fairness property.

Ripple has not been studied as extensively as Bitcoin. Ripple relies on ledgers that can be inspected. However, Ripple’s validating nodes are currently run and therefore controlled by Ripple labs, it seems that there are not sufficient incentives to run a Ripple validating node. Double spending attacks have not been identified in Ripple so far. As a result we can currently state that Ripple has the fairness property.

Resistance to impersonation attacks

Both Ripple and Bitcoin use ECDSA (Elliptic Curve Digital Signature Algorithm). In that scheme only a person who holds the private key can sign a transaction. As a result both Ripple and Bitcoin are secure against impersonation attacks.

Non-Repudiation

Non-repudiation is the property that a user who signed a transaction should not be able to deny that transaction. This property follows from the resistance to impersonation attacks property. Both Bitcoin and Ripple guarantee the non-repudiation property.

Accountability

Bitcoin implements a rudimentary accountability system in its implementation. The system punishes misbehaving nodes, eventually banning them for a period of time. This mechanism is not enough, researchers uncovered attacks that are not held accountable under the current Bitcoin implementation. Ripple seems to incorporate some accountability measures (such as the controversial funds freezing). Perhaps being not a truly decentralized system and currently being fully controlled by Ripple Labs, Ripple Labs could make decisions to hold parties accountable. Ripple has not been studied extensively to state with certainty how it would deal with misbehaving actors.

Transaction unlinkability

Bitcoin is a pseudonymous system, as such people thought that it offered a certain degree of privacy. However, researchers have been able to demonstrate that through clever analysis it is possible to link transactions together. Therefore Bitcoin does not offer transaction unlinkability.

Ripple at first followed the lead of Bitcoin where there was a client that required no registration and therefore it was not tied to an identity. In that iteration of the system transaction unlinkability was possible. However, once again, it was not very well researched so we cannot state it with certainty. Following certain developments and a fine (May 2015) by FinCen, Ripple Labs no longer distributes a stand alone client. Users must register on RippleTrade.com and confirm their identity. This development means that transaction unlinkability does not exist in Ripple. Transactions performed by the same account have the same address tied to it.

Transaction Anonymity

Bitcoin can offer anonymity for users who take the necessary precautions all of the time. However to the average user Bitcoin does not offer transaction anonymity. As with transaction unlinkability, researchers using clever techniques, including scouring the internet for publicly posted addresses have been able to link transactions to identities. As a result Bitcoin does not offer transaction anonymity.

Since Ripple’s policy change in June 2015 all transactions made after that date are tied to real identities that are required to open an account. As such Ripple does not offer transaction anonymity.

Leave a Reply

Your email address will not be published. Required fields are marked *