Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing
More options …

Listening to Whispers of Ripple: Linking Wallets and Deanonymizing Transactions in the Ripple Network

Pedro Moreno-Sanchez / Muhammad Bilal Zafar / Aniket Kate
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0049

Abstract

The decentralized I owe you (IOU) transaction network Ripple is gaining prominence as a fast, low-cost and efficient method for performing same and cross-currency payments. Ripple keeps track of IOU credit its users have granted to their business partners or friends, and settles transactions between two connected Ripple wallets by appropriately changing credit values on the connecting paths. Similar to cryptocurrencies such as Bitcoin, while the ownership of the wallets is implicitly pseudonymous in Ripple, IOU credit links and transaction flows between wallets are publicly available in an online ledger. In this paper, we present the first thorough study that analyzes this globally visible log and characterizes the privacy issues with the current Ripple network. In particular, we define two novel heuristics and perform heuristic clustering to group wallets based on observations on the Ripple network graph. We then propose reidentification mechanisms to deanonymize the operators of those clusters and show how to reconstruct the financial activities of deanonymized Ripple wallets. Our analysis motivates the need for better privacy-preserving payment mechanisms for Ripple and characterizes the privacy challenges faced by the emerging credit networks.

Keywords: Credit Networks; Ripple; deanonymization; linking wallets; crypto-currencies

References

  • [1] Becoming a Ripple Gateway. Ripple online documentation. https://ripple.com/build/gateway-guide/#becoming-aripple-gateway.Google Scholar

  • [2] Becoming a Stellar Gateway. Stellar online documentation. https://www.stellar.org/developers/learn/integration-guides/gateway.html.Google Scholar

  • [3] Bitcoin Wiki: Mixing Services. https://en.bitcoin.it/wiki/Category:Mixing_Services.Google Scholar

  • [4] Executive Summary for Financial Institutions. Ripple online documentation. https://ripple.com/integrate/executivesummary-for-financial-institutions/.Google Scholar

  • [5] Hot and Cold Wallets. Ripple online documentation. https://ripple.com/build/gateway-guide/#hot-and-cold-wallets.Google Scholar

  • [6] Litecoin. https://litecoin.org/.Google Scholar

  • [7] Namecoin. http://namecoin.org/.Google Scholar

  • [8] Ripple brochure. https://ripple.com/files/ripple-brochure.pdf.Google Scholar

  • [9] Ripple names with their balance of XRP. Reddit. https://www.reddit.com/r/XRPTalk/comments/2c66wl/ripple_names_with_their_balance_of_xrp/.Google Scholar

  • [10] Ripple Website. https://ripple.com/.Google Scholar

  • [11] Terracoin. http://terracoin.sourceforge.net/.Google Scholar

  • [12] Ripple privacy. Ripple Forum, Nov 2012. https://forum.ripple.com/viewtopic.php?f=1&t=4.Google Scholar

  • [13] CoinJoin: Bitcoin Privacy for the Real World. Post on Bitcoin Forum, Aug. 2013. https://bitcointalk.org/index.php?topic=279249.Google Scholar

  • [14] Dividend Rippler. Ripple Forum, Jun 2013. https://forum.ripple.com/viewtopic.php?t=3084.Google Scholar

  • [15] Introducing Goodwill. Ripple Forum, May 2013. https://forum.ripple.com/viewtopic.php?t=2895&t=2895.Google Scholar

  • [16] Introducing Ripple Currency: DYM. Bitcointalk Forum, Mar 2013. https://bitcointalk.org/index.php?topic=149533.0.Google Scholar

  • [17] Ripple allows payments to any Bitcoin address straight from its client. Gigaom Blog, Jul 2013. https://gigaom.com/2013/07/02/ripple-allows-payments-to-any-bitcoin-addressstraight-from-its-client/.Google Scholar

  • [18] Are XRP or STR effective at preventing ledger spam?. Ripple Forum, Aug 2014. https://forum.ripple.com/viewtopic.php?f=1&t=7614.Google Scholar

  • [19] [Closing] Peercover. Ripple Forum, Mar 2014. https://forum.ripple.com/viewtopic.php?t=5875&p=44441&t=5875&p=44441.Google Scholar

  • [20] Fidor Bank: Testing the ’Auslandsüberweisung über Ripple’. Archive from XRPTalk Forum, Aug 2014. http://archive.is/BTATe.Google Scholar

  • [21] Fidor Becomes First Bank to Use Ripple Payment Protocol. CoinDesk Blog, May 2014. http://www.coindesk.com/fidorbecomes-first-bank-to-use-ripple-payment-protocol/.Google Scholar

  • [22] Ripple Labs Signs First Two US Banks. Ripple Blog, Sep 2014. https://ripple.com/blog/ripple-labs-signs-first-two-usbanks/.Google Scholar

  • [23] Ripple Privacy - details on proxy payments or alternative? Ripple Forum, Nov 2014. https://forum.ripple.com/viewtopic.php?f=1&t=8304&p=57936.Google Scholar

  • [24] Using multi-signature transactions to provide privacy. Ripple Forum, Oct 2014. https://forum.ripple.com/viewtopic.php?f=2&t=8215.Google Scholar

  • [25] Australia’s Commonwealth Bank Latest to Experiment With Ripple. CoinDesk Blog, May 2015. http://www.coindesk.com/australia-commonwealth-bank-ripple-experiment/.Google Scholar

  • [26] Bank-Wise Analysis of Blockchain Activity. Let’s Talk Payments Blog, Aug 2015. http://letstalkpayments.com/bank-wise-analysis-of-blockchain-activity.Google Scholar

  • [27] Breaking the taboo on private Ripple ledgers. Ripple Forum, Jul 2015. https://forum.ripple.com/viewtopic.php?f=1&t=10597&p=65410.Google Scholar

  • [28] How EarthPort and Ripple are teaming up to make crossborder payments instant. PYMNTS.com Blog, Aug 2015. http://www.pymnts.com/in-depth/2015/how-earthportand-ripple-are-teaming-up-to-make-cross-border-paymentsinstant/.Google Scholar

  • [29] How Marco Montes is Empowering Migrant Workers. Ripple Blog, Feb 2015. https://ripple.com/blog/how-marco-montesis-empowering-migrant-workers/.Google Scholar

  • [30] Implementing the Interledger Protocol in Ripple. Ripple blog, Oct 2015. https://ripple.com/insights/implementing-theinterledger-protocol/.Google Scholar

  • [31] Microsoft Explores Adding Ripple Tech to Blockchain Toolkit. CoinDesk Blog, Dec 2015. http://www.coindesk.com/microsoft-hints-future-ripple-blockchain-toolkit/.Google Scholar

  • [32] Ripple Gateway List. Ripple online documentation, Nov 2015. https://ripple.com/knowledge_center/gatewayinformation/.Google Scholar

  • [33] Ripple Labs Joins International Payments Framework Association. Ripple Blog, Mar 2015. https://ripple.com/blog/ripplelabs-joins-international-payments-framework-association/.Google Scholar

  • [34] Ripple Labs joins the Center for Financial Services Innovation. Ripple Blog, Feb 2015. https://ripple.com/blog/ripplelabs-joins-the-center-for-financial-services-innovationnetwork-cfsi-network/.Google Scholar

  • [35] Ripple Labs Joins W3C Web Payment Interest Group to Help Set Standards for the Value Web. Ripple online documentation, Feb 2015. https://ripple.com/ripple_press/ripplelabs-joins-w3c-web-payment-interest-group-to-help-setstandards-for-the-value-web/.Google Scholar

  • [36] Ripple Labs Named a Technology that by World Economic Forum. Ripple Blog, Aug 2015. https://ripple.com/blog/ripple-labs-awarded-as-technology-pioneer-by-worldeconomic-forum-2/.Google Scholar

  • [37] Santander: Distributed Ledger Tech Could Save Banks $20 Billion a Year. Ripple Blog, Jun 2015. https://ripple.com/blog/santander-distributed-ledger-tech-could-save-banks-20-billion-a-year/.Google Scholar

  • [38] StellarVerse’s Cold Wallet Generator. Stellar Forum, Jan 2015. https://stellarverse.org/cold_wallet_generator/.Google Scholar

  • [39] What would you like to see in Ripple? Ripple Forum, Jun 2015. https://forum.ripple.com/viewtopic.php?f=1&t=8930&p=60341.Google Scholar

  • [40] World Economic Forum Report: The Rise of Non-Traditional Payment Systems. Ripple Blog, Jul 2015. https://ripple.com/blog/world-economic-forum-report-the-rise-of-nontraditional-payment-systems/.Google Scholar

  • [41] Earthport launches distributed ledger hub via Ripple, 2016. http://www.bankingtech.com/420912/earthport-launchesdistributed-ledger-hub-via-ripple/.Google Scholar

  • [42] Japan’s SBI Holdings Teams With Ripple to Launch New Company. CoinDesk Blog, Jan 2016. http://www.coindesk.com/sbi-holdings-ripple-new-company/.Google Scholar

  • [43] Royal bank of canada teams up with ripple for blockchain remittance system. Coinspeaker Blog, Feb 2016. http://www.coinspeaker.com/2016/02/25/royal-bank-of-canadateams-up-with-ripple-for-blockchain-remittance-system/.Google Scholar

  • [44] Santander Becomes the First U.K. Bank to Use Ripple for Cross-Border Payments. Ripple blog, May 2016. https://ripple.com/insights/santander-becomes-first-uk-bank-useripple-cross-border-payments/.Google Scholar

  • [45] Androulaki, E., Karame, G. O., Roeschlin, M., Scherer, T., and Capkun, S. Evaluating User Privacy in Bitcoin. Financial Cryptography and Data Security: 17th International Conference, FC 2013, pp. 34-51.Google Scholar

  • [46] Barber, S., Boyen, X., Shi, E., and Uzun, E. 16th International Conference Financial Cryptography and Data Security. 2012, ch. Bitter to Better - How to Make Bitcoin a Better Currency, pp. 399-414.Google Scholar

  • [47] Biryukov, A., Khovratovich, D., and Pustogarov, I. Deanonymisation of clients in bitcoin p2p network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), CCS ’14, pp. 15-29.Google Scholar

  • [48] Biryukov, A., and Pustogarov, I. Bitcoin over tor isn’t a good idea. In Security and Privacy (SP), IEEE Symposium on (2015), IEEE, pp. 122-134.Google Scholar

  • [49] Bissias, G., Ozisik, A. P., Levine, B. N., and Liberatore, M. Sybil-resistant mixing for bitcoin. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES ’14, pp. 149-158.Google Scholar

  • [50] Blondel, V., Guillaume, J., Lambiotte, R., and Mech, E. Fast unfolding of communities in large networks. J. Stat. Mech (2008), P10008.Google Scholar

  • [51] Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J. A., and Felten, E. W. Mixcoin: Anonymity for Bitcoin with accountable mixes. In Proc. of the 17th International Conference on Financial Cryptography and Data Security, FC’14, Springer.Google Scholar

  • [52] Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pp. 21-21.Google Scholar

  • [53] Fortunato, S., and Castellano, C. Community Structure in Graphs. In Encyclopedia of Complexity and Systems Science. 2009, pp. 1141-1163.Google Scholar

  • [54] Fugger, R. Money as IOUs in Social Trust Networks & A Proposal for a Decentralized Currency Network Protocol, 2004. http://archive.ripple-project.org/decentralizedcurrency.pdf.Google Scholar

  • [55] Ghosh, A., Mahdian, M., Reeves, D. M., Pennock, D. M., and Fugger, R. Mechanism design on trust networks. In Proceedings of the 3rd International Conference on Internet and Network Economics, WINE’07, pp. 257-268.Google Scholar

  • [56] Hay, M., Miklau, G., Jensen, D., Towsley, D., and Weis, P. Resisting Structural Re-identification in Anonymized Social Networks. Proc. VLDB Endow. 1, 1 (2008), 102-114.Google Scholar

  • [57] Heilman, E., Baldimtsi, F., and Goldberg, S. Blindly signed contracts: Anonymous on-blockchain and offblockchain bitcoin transactions. IACR Cryptology ePrint Archive 2016 (2016), 56.Google Scholar

  • [58] Kaminsky, D. Black Ops of TCP/IP 2011. Black Hat USA 2011. http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011.Google Scholar

  • [59] Karlan, D., Mobius, M., Rosenblat, T., and Szeidl, A. Trust and Social Collateral. The Quarterly Journal of Economics 124, 3 (2009), 1307-1361.CrossrefGoogle Scholar

  • [60] Korayem, M., and Crandall, D. J. De-anonymizing users across heterogeneous social computing platforms. In ICWSM (2013), E. Kiciman, N. B. Ellison, B. Hogan, P. Resnick, and I. Soboroff, Eds., The AAAI Press.Google Scholar

  • [61] Koshy, P., Koshy, D., and McDaniel, P. An Analysis of Anonymity in Bitcoin Using P2P Network Traffic. Financial Cryptography and Data Security: 18th International Conference, FC 2014. pp. 469-485.Google Scholar

  • [62] Kullback, S., and Leibler, R. A. On Information and Sufficiency. The Annals of Mathematical Statistics 22, 1 (1951), 79-86.Google Scholar

  • [63] Meiklejohn, S., and Orlandi, C. Privacy-Enhancing Overlays in Bitcoin. Financial Cryptography and Data Security: FC 2015 International Workshops, BITCOIN. pp. 127-141.Google Scholar

  • [64] Meiklejohn, S., and Orlandi, C. Privacy-Enhancing Overlays in Bitcoin. Financial Cryptography and Data Security: FC 2015 International Workshops, BITCOIN. pp. 127-141.Google Scholar

  • [65] Miers, I., Garman, C., Green, M., and Rubin, A. D. Zerocoin: Anonymous distributed e-cash from bitcoin. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (2013), pp. 397-411.Google Scholar

  • [66] Mislove, A., Post, A., Druschel, P., and Gummadi, P. K. Ostra: Leveraging trust to thwart unwanted communication. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, Proceedings, pp. 15-30.Google Scholar

  • [67] Mittal, P., Papamanthou, C., and Song, D. X. Preserving Link Privacy in Social Network Based Systems. In Network and Distributed System Security 2013.Google Scholar

  • [68] Mohaisen, A., Hopper, N., and Kim, Y. Keep your friends close: Incorporating trust into social network-based Sybil defenses. In INFOCOM, 2011 Proceedings IEEE (2011), pp. 1943-1951.Google Scholar

  • [69] Mohaisen, A., Tran, H., Chandra, A., and Kim, Y. Trustworthy distributed computing on social networks. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (2013), pp. 155-160.Google Scholar

  • [70] Moreno-Sanchez, P., Kate, A., Maffei, M., and Pecina, K. Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces. In Network and Distributed System Security 2015.Google Scholar

  • [71] Moreno-Sanchez, P., Zafar, M. B., and Kate, A. Project website. http://crypsys.mmci.uni-saarland.de/projects/LinkingWallets.Google Scholar

  • [72] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. Technical report, 2008. https://bitcoin.org/bitcoin.pdf.Google Scholar

  • [73] Narayanan, A., and Shmatikov, V. De-anonymizing social networks. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 173-187.Google Scholar

  • [74] Post, A., Shah, V., and Mislove, A. Bazaar: Strengthening user reputations in online marketplaces. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (2011), NSDI, pp. 183-196.Google Scholar

  • [75] Reid, F., and Harrigan, M. An analysis of anonymity in the bitcoin system. Security and Privacy in Social Networks 2013.Google Scholar

  • [76] Ripple Charts. http://www.ripplecharts.com/.Google Scholar

  • [77] Ron, D., and Shamir, A. Quantitative Analysis of the Full Bitcoin Transaction Graph. Financial Cryptography and Data Security: 17th International Conference, FC 2013. pp. 6-24.Google Scholar

  • [78] Ruffing, T., Moreno-Sanchez, P., and Kate, A. Coin- Shuffle: Practical Decentralized Coin Mixing for Bitcoin. Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security. pp. 345-364.Google Scholar

  • [79] Sala, A., Zhao, X., Wilson, C., Zheng, H., and Zhao, B. Y. Sharing graphs using differentially private graph models. Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 81-98.Google Scholar

  • [80] Sasson, E. B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. Zerocash: Decentralized anonymous payments from bitcoin. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (2014), pp. 459-474.Google Scholar

  • [81] Spagnuolo, M., Maggi, F., and Zanero, S. BitIodine: Extracting Intelligence from the Bitcoin Network. Financial Cryptography and Data Security: 18th International Conference, FC 2014. pp. 457-468.Google Scholar

  • [82] Tran, N., Min, B., Li, J., and Subramanian, L. Sybilresilient online content voting. Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, pp. 15-28.Google Scholar

  • [83] Valenta, L., and Rowan, B. Blindcoin: Blinded, Accountable Mixes for Bitcoin. FC 2015 International BITCOIN Workshops Financial Cryptography and Data Security. pp. 112-126.Google Scholar

  • [84] Wondracek, G., Holz, T., Kirda, E., and Kruegel, C. A practical attack to de-anonymize social network users. Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 223-238.Google Scholar

  • [85] Zheleva, E., and Getoor, L. Preserving the privacy of sensitive relationships in graph data. Proceedings of the 1st ACM SIGKDD International Conference on Privacy, Security, and Trust in KDD, pp. 153-171.Google Scholar

  • [86] Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N., and Wehrle, K. Coinparty: Secure multi-party mixing of bitcoins. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (2015), pp. 75-86.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01


Citation Information: Proceedings on Privacy Enhancing Technologies, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0049.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

[1]
Yu-Pin Lin, Joy Petway, Johnathen Anthony, Hussnain Mukhtar, Shih-Wei Liao, Cheng-Fu Chou, and Yi-Fong Ho
Environments, 2017, Volume 4, Number 3, Page 50

Comments (0)

Please log in or register to comment.
Log in