XRP Censorship Resistance and State-Sponsored Attacks

No comments

During a talk on the BlockWorks Group YouTube channel, one of the more interesting topics of conversation between David Schwartz and Charlie Shrem were attack scenarios on both the XRP Ledger and Bitcoin. As XRP community members, we are frequently exposed to many of the detractions and limitations of the Bitcoin mining process, but we rarely hear substantive criticism on potential vulnerabilities of the XRP Ledger’s consensus process, and the technical means by which these weak points are mitigated.

They also addressed the often-militant nature of cryptocurrency fanaticism. XRP proponents, particularly the more aggressively vocal ones, are often referred to as the XRP Army. Schwartz suggested that the reason for this particularly aggressive response by XRP holders was that the ledger is often the target of a great deal of unjust criticism. As such, proponents of the cryptocurrency (the XRP Army) have taken to aggressively, and often with a touch too much antagonism, deconstructing posts and comments it views as FUD.


The community’s mean behavior has also, in the past, been shunted towards some of their own members. Tiffany Hayden was so bothered by her treatment at the hands of some of the members of the XRP community that she scrubbed her public support for the ledger entirely.

It’s hard to tell how much of this behavior is coming from real people. Twitter, including the XRP Crypto Twitter, has a huge bot problem, so the unreasonable voices tend to get amplified. There’s also a large degree of factionalism within the community, with Twitter users aggressively supporting their own favorite Ripple content creators and viewing the others as an unreasonable enemy of some kind.

A little self-awareness within the larger XRP community would healthy at this point. If we can manage to chase away prominent supporters, ordinary people will no doubt suffer the same fate when the XRP army descends on them like locusts. And we need ordinary people. They’re more important to the adoption of XRP than the aggressive technocrat echo chamber that we currently have.

Censorship Resistance

One of the fascinating aspects of cryptocurrency governance is that its problems mirror issues in the traditional political sphere. David Schwartz stated that his primary feature of import for a cryptocurrency is censorship resistance.


The ability to censor transactions, to decide who gets to send money, when, and where, is akin to censoring speech and shaping public opinion. The XRP ledger, as he states, was created with censorship resistance in primacy. Schwartz’s statements on censorship reminded me of something said by Christopher Hitches:

Bear in mind ladies and gentleman that every time you violate or propose to violate the free speech of someone else, you, in potencia, you are making a rod for your own back….Who is going to decide, to whom do you award the right to decide which speech is harmful, or who is the harmful speaker, or to determine in advance what the harmful consequences are going to be that we know enough in advance to prevent? To whom would you give this job; to whom are you going to award the task of being the censor?”

Censoring hateful speech, fake news, and conspiracy theories, are prevalent in the current cultural ethos. But as many others have noted, these structures, while fine when in the hands of reasonable people, become cudgels once someone bad takes control. And when they do, these structures of censorship will be turned upon us.

Decentralized blockchains are a technological attempt to solve problems of censorship, which have stubbornly persisted throughout human history, despite the many examples of the authoritarian ethos run awry. We now have blockchain-based social media platforms like Steemit. Decentralized currencies solve financial censorship – which can be an extension of speech censorship, and smart contracts can be applied towards greater judicial and economic equality.

But these systems are not perfect. Similar to traditional systems of governance, they have structural weak points, some of which we have seen fray fairly recently. Like the attempted hostile takeover of the Steemit blockchain.

In a similar vein, Charlie Shrem posed the question on the possibility of a double-spend attack on the XRP ledger:


“Why would the exchanges support a chain that has censorship?”

In certain instances, exchanges may not have a choice. Cryptocurrencies sidestep issues of international sanctions. North Korea has often used Bitcoin and other cryptocurrencies to launder money and fund its weapons programs bypassing international sanctions. With the majority of the hash rate of Bitcoin blockchain locked in Chinese mining pools, the North Koreans probably aren’t worried about some of the consequences of a 51% attack like transaction censorship or rolling back transactions, but if the majority of the hash rate were located in the United States, they might be more reluctant to use Bitcoin as a major funding source.

Depending on the geographic distribution of the exchanges, a group of colluding nation-states could coerce the majority of exchanges to support a ledger fork with censorship enabled. An attack of this nature would only occur in cases where XRP was used to bypass economic sanctions or if there was a formal conflict, and a coalition of nations decided that the censorship-resistant aspect of the chain needed to be destroyed to attack an adversary on the world stage.

If a nation had large XRP currency reserves or used the ledger for a significant amount of economic activity, an adversary or group of adversaries with a larger ledger economic presence could force a plurality of the exchanges to support the new censorship enabled chain in order to freeze a belligerent nation’s cryptocurrency reserves. The sanctioned nation and their exchanges would not accept the new fork, but if they represented a minority on the ledger, the economic incentive could flip, and any country they wanted to purchase goods from could well have transitioned to the new censorship-enabled chain. The non-censorship enabled chain would drop in value, reducing their purchasing power.

As Schwartz indicated, the coalition supporting the new censorship enabled chain would be destroying one of the primary aspects that makes the XRP ledger desirable. The question I have is, would they care? It would seem to depend on how much of a negative economic impact it would have on their economy versus that of their opponents. If firms that were previously using XRP to transact internationally or locally stopped doing so, it would significantly impact commerce within these states.

Suppose the United States and the EU decided to collude to fork the ledger in this manner to injure a foreign adversary and agreed not to use this punitive measure amongst themselves, by modifying the chain so that both had to vote to agree on censoring transactions. Would firms within these states or economic blocs stop using XRP altogether? They might. But then again, I’m not entirely convinced they would.

The biggest issue with this scenario is that if a nation-state knew that an adversary could use greater economic interest to fork the XRP ledger and freeze funds, holding a massive war chest in XRP wouldn’t make much sense, nor would tying a large amount of economic activity to a ledger where this was a likely scenario. The transaction speed of XRP makes this even less likely, as holding large amounts of the currency would not occur, there would be no need.

Assuming XRP was used as a bridge-asset for foreign commerce, this attack would likely only trap money within a country, forcing them to seek other alternatives to transact internationally. If there were other competing digital-assets used as a bridge-currency for foreign commerce, attacking the XRP ledger in this manner would not accomplish much, as the target nation-state could simply switch to one of the other cryptocurrencies to resume normal activities.

The attack could also only be used in a scenario where the affected nation’s XRP ledger related activity was significant enough locally to be an impact when censored, but insignificant enough internationally so that censorship wouldn’t tank the value of the cryptocurrency drastically for their own constituents. As such, it’s unlikely that this punitive measure would be used in cases of economic integration with any of the world’s major economies.

If the target nation-state was a major economy like China, and a group of adversaries decided to collude to censor funds there, they would certainly tank the price of both chains (new and old) and harm local firms just as much as Chinese firms, which would make them very reluctant to do so unless the breakdown in international order was of such an extent to warrant a drastic response. Of course, if they were desperate enough to do something of this nature, I would expect that there would be some kind of formal military conflict either imminent or already in progress. In the case of such a conflict, the value proposition of a digital asset with censorship resistance would be the least of anyone’s concern.

The internet didn’t evolve into the egalitarian and democratic panacea that some expected. Instead, we wound up with monoliths controlled by corporations like Google and Facebook, applying censorship and causing staggering privacy breaches that allowed advertisers and governments a glimpse into the daily lives of citizens that was not possible prior to the advent of the net.

I’m not certain that the functioning of digital assets will follow the same trajectory, but if one thing has been made clear with the evolution of utopian ideas, particularly those of digital anarchists, it’s that these concepts and these models change when they come into contact with the real world. They mutate and twist themselves in ways that their technical proponents did not envision and did not expect.

There was an article featured on Reddit yesterday about massive layoffs at Mozilla. Firefox represents one of the last major open-sourced browsers not based on Chromium. Internet users have largely chosen convenience at the expense of privacy, much to the chagrin of technocrats around the world. It may be that censorship resistance of the robust kind we are accustomed to falls to a similar death by a thousand cuts that internet privacy has, rather than any formal state-sponsored attack.

Deconstructing censorship-resistant chains may seem insane to us, but so did people voluntarily giving companies like Facebook, Google, and Amazon access to everything ranging from their private correspondence via email to their dinner table conversations.

Denial of Service Attacks

The second scenario Schwartz proposed was a denial of service attack on the validators, preventing the chain from making forward progress. As he indicated, the community could switch validators on the fly, but there have been questions previously about the robustness of some of the non-Ripple run validators. If the security of the organizations hosting the validators is also poorly handled, an attacker may be able to knock many of them offline. The worst-case scenario would be a software vulnerability that an attacker could use to knock a large number of validators offline.

Ripple has a good track record with these things, but that does not make such an attack impossible. Attacking the validator amendment process is probably more trouble than it’s worth. Any amendment would require a signalling period of two weeks before an amendment was adopted. It would be very obvious if the validator’s operator were being coerced, and the community could simply stop listening to that particular validator. This kind of attack would also be obvious the moment the validators began signalling censorship supporting amendments.

Leave a Reply