When “being decentralized” isn’t quite what it seems

Also known as “how do we arrive at consensus?”

Unfortunately with the big run up in the price of cryptocurrencies as a whole towards the end of 2017, we’ve seen the entrance of a lot of new people to the cryptocurrency space. This in itself is not inherently a bad thing, however the unfortunate side-effect is that a large number of people doing-so are not technical and often regurgitate the dribble they’ve been fed.

Think carefully and analytically about anything you read that’s cryptocurrency / blockchain related! I say this about DigiByte too. It’s not just a matter of “don’t take my word for it, do your own research”, but rather this is more of a “presume Chilling_Silence is wrong (which is why I reference so many 3rd party sites), presume everything you read is biased, and presume everybody is out to take your money”. With that attitude, you’ll be skeptical enough to survive the scams that seem so rampant.

Now with that warning out of the way, here’s what’s prompted this today:


Apparently Ripple is “way more decentrallzed”. At this point I’m not sure if they’re comparing against DigiByte or Bitcoin, but that’s mostly a moot point. I nearly died laughing at the ridiculousness of this statement.

You see: XRP is a 100% pre-mined coin that currently has 21 validators / block producing nodes

This means that the one entity started with full control of ALL of the currency, every single one of the 100 billion XRP!

Now there’s nothing wrong with that in and of itself, this is how ICO’s basically work, however ICO’s aren’t trying to misrepresent themselves as being decentralized. In addition, they often use the underlying Ethereum network (and it’s Proof-of-Work consensus model) for security.

This can’t be for real right?

Seems it is, I got curious to see if this was a once-off mistake or not, but it seems this user has been talking about how decentralized XRP is for a while. I found a bunch of other references to the main Ripple website spewing this nonsense!

Let me show you just how disingenuous they are:


So what they’re showing is not even remotely close to an “apples to apples” comparison. A better way of comparing this would be to use the following mining distribution of Bitcoins:


Well, in the image on the Ripple website, they’re showing how many people would be needed to collaborate to perform a 51% attack. They’re then showing how much Ripple themselves control.

Again, this is still not quite an “apples to apples” comparison. You see, that’s for mining, which is the initial confirmation of all transactions from the mempool, being placed into a block. It requires specialized ASIC mining hardware. What Ripple are showing in theirs is the “validator” nodes, which are also able to “validate” the transactions.

There are 9300 Bitcoin Core nodes publicly accessible, plus another 500-odd running other software according to https://coin.dance/nodes and all of those validate the blockchain.

A list of Bitcoin nodes 20181017

In the default list, Ripple currently has 10 of the 21 nodes (Previously more, but, they’ve shut down some of their own). This is basically the “mining” though due to the way that block creation works in XRP. You have a default list of “approved” nodes, and you must implicitly define any additional nodes. This is called the “UNL” (Unique Node List), and up until June 2018, this list was 100% Ripple Labs controlled servers (Read it back to me as “100% Centralized”):


There’s more information about the default list here: https://www.xrpchat.com/topic/25543-where-to-find-ripples-unl-list/

Now this is very different to Bitcoin / DigiByte in a number of ways, and I’ll focus specifically on Bitcoin here due to the fact it’s the oldest blockchain and there’s a good reason why many Altcoins are based from it:

The default list is obtained through a DNS Seed where you don’t know of any valid nodes. Any publicly accessible node that’s serving up the blockchain will be added to that list after a while.

Your Bitcoin node will attempt to find both some nodes that are “near” you for performance of downloading the chain, as well as some on a far side of the globe, to ensure you’re not victim to either an isolation attack or a sybil attack.

As mentioned there are 9800 public Bitcoin nodes that you can connect to, a damn sight better than the handful that you get with Ripple.

Trusting people is dangerous, and that’s the whole entire point of Bitcoin, and how the “Don’t trust: Verify” motto was coined, because you the idea is that you can do an international transfer of value without having to trust ANYBODY along the way.

Because must “trust” people you connect to, you can’t be manually adding any random node. You see on the list of Ripple Validators, there’s a large number that are not in agreement:


Although there may be over 150 in the list, at the time of writing there’s only 24 nodes that actually “agree”. That means that the majority (including the TestNet) do not agree. That means that under 20% of nodes in that list actually agree (15% if my math is right). So can you “trust” adding all those nodes, even though they’re in the validated UNL list? Heck no! That would put you far, far short of the 80% consensus required.

Where can you find the default UNL?

Here: https://vl.ripple.com/

(see here for more info)

Who controls that?

Ripple Labs…

Want to be added?

You better hope they like you, because they centrally and single-handedly control that default list.

Don’t like it? Tough shit, that’s how it is.

Compare this to Bitcoin where ANYBODY can spin up a node, and if your node is found to disagree with the others that you connect to, those other nodes will simply stop talking to you.

So what we can see above is that only 15% agree of the nodes in the full UNL agree what the “correct” chain is. Those in the default UNL that Ripple controls will not only give you a copy of the chain, but also decide on “what transactions have occurred”.

Bitcoin separates this, with miners having to do complex cryptographic / mathematical tasks, coupled with an element of randomness, to determine what transactions are or are not valid.

So looking at the above graph of “miners”, they don’t actually run “7%”, because that’s of ALL the XRP default UNL’s, they control 43% of the default list.

Bitcoin miners by comparison, anybody can contribute at any time, and join the pools, no permission is required at all. No trust is required. The only certainty is that anybody else on the network will act in their own interests, and they will exploit the network any opportunity they get.

21… A paltry 21 nodes that are approved that have the “correct” version of the blockchain.

Of that, Ripple controls 43% (9), which means they only need to coerce two other node operators to agree with a transaction (though they lose consensus at 80%).

controls that list by the way? Oh that’s right, Ripple do!

Compare this with Bitcoin where you’re basically up against almost 10,000 other nodes, confirming what is a “true” record of history, plus the fact you need billions of dollars worth of mining equipment to try and “rewrite history”.

In conclusion

Ripple still “owns” the XRP network, hands down. Sure they’ve been making efforts to bring on more 3rd parties, but their entire model is total centralization, from the creation of those tokens through to who is a validator node, through to controlling the list of default “approved” nodes that your software connects to.

Bitcoin and DigiByte are 100% permissionless. Anybody can contribute. Anybody can attempt to maliciously attack the network, and the protocols in-place don’t require that you trust any single person on the network.

The consensus is derived from the “most people who agree that these blocks that were mined are valid”. Again, it requires no trust, but rather cryptographic verification.

I’ll also add this in here, for comparisons sake:

DigiByte, distribution of the last 1000 blocks mined

Bitcoin and DigiByte are truly decentalized, with DigiByte clearly taking the lead over Bitcoin.

XRP is centralized.

Let’s not kid ourselves about this…



I write interesting things about cryptocurrency, especially DigiByte

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Josiah Spackman

I write interesting things about cryptocurrency, especially DigiByte