Jump to ContentJump to Main Navigation
Show Summary Details

Proceedings on Privacy Enhancing Technologies

2 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing




Listening to Whispers of Ripple: Linking Wallets and Deanonymizing Transactions in the Ripple Network

Pedro Moreno-Sanchez
  • Purdue University
  • :
/ Muhammad Bilal Zafar
  • MPI-SWS
  • :
/ Aniket Kate
  • Purdue University
  • :
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0049

Abstract

The decentralized I owe you (IOU) transaction network Ripple is gaining prominence as a fast, low-cost and efficient method for performing same and cross-currency payments. Ripple keeps track of IOU credit its users have granted to their business partners or friends, and settles transactions between two connected Ripple wallets by appropriately changing credit values on the connecting paths. Similar to cryptocurrencies such as Bitcoin, while the ownership of the wallets is implicitly pseudonymous in Ripple, IOU credit links and transaction flows between wallets are publicly available in an online ledger. In this paper, we present the first thorough study that analyzes this globally visible log and characterizes the privacy issues with the current Ripple network. In particular, we define two novel heuristics and perform heuristic clustering to group wallets based on observations on the Ripple network graph. We then propose reidentification mechanisms to deanonymize the operators of those clusters and show how to reconstruct the financial activities of deanonymized Ripple wallets. Our analysis motivates the need for better privacy-preserving payment mechanisms for Ripple and characterizes the privacy challenges faced by the emerging credit networks.

Keywords: Credit Networks; Ripple; deanonymization; linking wallets; crypto-currencies

References

  • [1] Becoming a Ripple Gateway. Ripple online documentation. https://ripple.com/build/gateway-guide/#becoming-aripple-gateway.

  • [2] Becoming a Stellar Gateway. Stellar online documentation. https://www.stellar.org/developers/learn/integration-guides/gateway.html.

  • [3] Bitcoin Wiki: Mixing Services. https://en.bitcoin.it/wiki/Category:Mixing_Services.

  • [4] Executive Summary for Financial Institutions. Ripple online documentation. https://ripple.com/integrate/executivesummary-for-financial-institutions/.

  • [5] Hot and Cold Wallets. Ripple online documentation. https://ripple.com/build/gateway-guide/#hot-and-cold-wallets.

  • [6] Litecoin. https://litecoin.org/.

  • [7] Namecoin. http://namecoin.org/.

  • [8] Ripple brochure. https://ripple.com/files/ripple-brochure.pdf.

  • [9] Ripple names with their balance of XRP. Reddit. https://www.reddit.com/r/XRPTalk/comments/2c66wl/ripple_names_with_their_balance_of_xrp/.

  • [10] Ripple Website. https://ripple.com/.

  • [11] Terracoin. http://terracoin.sourceforge.net/.

  • [12] Ripple privacy. Ripple Forum, Nov 2012. https://forum.ripple.com/viewtopic.php?f=1&t=4.

  • [13] CoinJoin: Bitcoin Privacy for the Real World. Post on Bitcoin Forum, Aug. 2013. https://bitcointalk.org/index.php?topic=279249.

  • [14] Dividend Rippler. Ripple Forum, Jun 2013. https://forum.ripple.com/viewtopic.php?t=3084.

  • [15] Introducing Goodwill. Ripple Forum, May 2013. https://forum.ripple.com/viewtopic.php?t=2895&t=2895.

  • [16] Introducing Ripple Currency: DYM. Bitcointalk Forum, Mar 2013. https://bitcointalk.org/index.php?topic=149533.0.

  • [17] Ripple allows payments to any Bitcoin address straight from its client. Gigaom Blog, Jul 2013. https://gigaom.com/2013/07/02/ripple-allows-payments-to-any-bitcoin-addressstraight-from-its-client/.

  • [18] Are XRP or STR effective at preventing ledger spam?. Ripple Forum, Aug 2014. https://forum.ripple.com/viewtopic.php?f=1&t=7614.

  • [19] [Closing] Peercover. Ripple Forum, Mar 2014. https://forum.ripple.com/viewtopic.php?t=5875&p=44441&t=5875&p=44441.

  • [20] Fidor Bank: Testing the ’Auslandsüberweisung über Ripple’. Archive from XRPTalk Forum, Aug 2014. http://archive.is/BTATe.

  • [21] Fidor Becomes First Bank to Use Ripple Payment Protocol. CoinDesk Blog, May 2014. http://www.coindesk.com/fidorbecomes-first-bank-to-use-ripple-payment-protocol/.

  • [22] Ripple Labs Signs First Two US Banks. Ripple Blog, Sep 2014. https://ripple.com/blog/ripple-labs-signs-first-two-usbanks/.

  • [23] Ripple Privacy - details on proxy payments or alternative? Ripple Forum, Nov 2014. https://forum.ripple.com/viewtopic.php?f=1&t=8304&p=57936.

  • [24] Using multi-signature transactions to provide privacy. Ripple Forum, Oct 2014. https://forum.ripple.com/viewtopic.php?f=2&t=8215.

  • [25] Australia’s Commonwealth Bank Latest to Experiment With Ripple. CoinDesk Blog, May 2015. http://www.coindesk.com/australia-commonwealth-bank-ripple-experiment/.

  • [26] Bank-Wise Analysis of Blockchain Activity. Let’s Talk Payments Blog, Aug 2015. http://letstalkpayments.com/bank-wise-analysis-of-blockchain-activity.

  • [27] Breaking the taboo on private Ripple ledgers. Ripple Forum, Jul 2015. https://forum.ripple.com/viewtopic.php?f=1&t=10597&p=65410.

  • [28] How EarthPort and Ripple are teaming up to make crossborder payments instant. PYMNTS.com Blog, Aug 2015. http://www.pymnts.com/in-depth/2015/how-earthportand-ripple-are-teaming-up-to-make-cross-border-paymentsinstant/.

  • [29] How Marco Montes is Empowering Migrant Workers. Ripple Blog, Feb 2015. https://ripple.com/blog/how-marco-montesis-empowering-migrant-workers/.

  • [30] Implementing the Interledger Protocol in Ripple. Ripple blog, Oct 2015. https://ripple.com/insights/implementing-theinterledger-protocol/.

  • [31] Microsoft Explores Adding Ripple Tech to Blockchain Toolkit. CoinDesk Blog, Dec 2015. http://www.coindesk.com/microsoft-hints-future-ripple-blockchain-toolkit/.

  • [32] Ripple Gateway List. Ripple online documentation, Nov 2015. https://ripple.com/knowledge_center/gatewayinformation/.

  • [33] Ripple Labs Joins International Payments Framework Association. Ripple Blog, Mar 2015. https://ripple.com/blog/ripplelabs-joins-international-payments-framework-association/.

  • [34] Ripple Labs joins the Center for Financial Services Innovation. Ripple Blog, Feb 2015. https://ripple.com/blog/ripplelabs-joins-the-center-for-financial-services-innovationnetwork-cfsi-network/.

  • [35] Ripple Labs Joins W3C Web Payment Interest Group to Help Set Standards for the Value Web. Ripple online documentation, Feb 2015. https://ripple.com/ripple_press/ripplelabs-joins-w3c-web-payment-interest-group-to-help-setstandards-for-the-value-web/.

  • [36] Ripple Labs Named a Technology that by World Economic Forum. Ripple Blog, Aug 2015. https://ripple.com/blog/ripple-labs-awarded-as-technology-pioneer-by-worldeconomic-forum-2/.

  • [37] Santander: Distributed Ledger Tech Could Save Banks $20 Billion a Year. Ripple Blog, Jun 2015. https://ripple.com/blog/santander-distributed-ledger-tech-could-save-banks-20-billion-a-year/.

  • [38] StellarVerse’s Cold Wallet Generator. Stellar Forum, Jan 2015. https://stellarverse.org/cold_wallet_generator/.

  • [39] What would you like to see in Ripple? Ripple Forum, Jun 2015. https://forum.ripple.com/viewtopic.php?f=1&t=8930&p=60341.

  • [40] World Economic Forum Report: The Rise of Non-Traditional Payment Systems. Ripple Blog, Jul 2015. https://ripple.com/blog/world-economic-forum-report-the-rise-of-nontraditional-payment-systems/.

  • [41] Earthport launches distributed ledger hub via Ripple, 2016. http://www.bankingtech.com/420912/earthport-launchesdistributed-ledger-hub-via-ripple/.

  • [42] Japan’s SBI Holdings Teams With Ripple to Launch New Company. CoinDesk Blog, Jan 2016. http://www.coindesk.com/sbi-holdings-ripple-new-company/.

  • [43] Royal bank of canada teams up with ripple for blockchain remittance system. Coinspeaker Blog, Feb 2016. http://www.coinspeaker.com/2016/02/25/royal-bank-of-canadateams-up-with-ripple-for-blockchain-remittance-system/.

  • [44] Santander Becomes the First U.K. Bank to Use Ripple for Cross-Border Payments. Ripple blog, May 2016. https://ripple.com/insights/santander-becomes-first-uk-bank-useripple-cross-border-payments/.

  • [45] Androulaki, E., Karame, G. O., Roeschlin, M., Scherer, T., and Capkun, S. Evaluating User Privacy in Bitcoin. Financial Cryptography and Data Security: 17th International Conference, FC 2013, pp. 34-51.

  • [46] Barber, S., Boyen, X., Shi, E., and Uzun, E. 16th International Conference Financial Cryptography and Data Security. 2012, ch. Bitter to Better - How to Make Bitcoin a Better Currency, pp. 399-414.

  • [47] Biryukov, A., Khovratovich, D., and Pustogarov, I. Deanonymisation of clients in bitcoin p2p network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), CCS ’14, pp. 15-29.

  • [48] Biryukov, A., and Pustogarov, I. Bitcoin over tor isn’t a good idea. In Security and Privacy (SP), IEEE Symposium on (2015), IEEE, pp. 122-134.

  • [49] Bissias, G., Ozisik, A. P., Levine, B. N., and Liberatore, M. Sybil-resistant mixing for bitcoin. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES ’14, pp. 149-158.

  • [50] Blondel, V., Guillaume, J., Lambiotte, R., and Mech, E. Fast unfolding of communities in large networks. J. Stat. Mech (2008), P10008.

  • [51] Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J. A., and Felten, E. W. Mixcoin: Anonymity for Bitcoin with accountable mixes. In Proc. of the 17th International Conference on Financial Cryptography and Data Security, FC’14, Springer.

  • [52] Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pp. 21-21.

  • [53] Fortunato, S., and Castellano, C. Community Structure in Graphs. In Encyclopedia of Complexity and Systems Science. 2009, pp. 1141-1163.

  • [54] Fugger, R. Money as IOUs in Social Trust Networks & A Proposal for a Decentralized Currency Network Protocol, 2004. http://archive.ripple-project.org/decentralizedcurrency.pdf.

  • [55] Ghosh, A., Mahdian, M., Reeves, D. M., Pennock, D. M., and Fugger, R. Mechanism design on trust networks. In Proceedings of the 3rd International Conference on Internet and Network Economics, WINE’07, pp. 257-268.

  • [56] Hay, M., Miklau, G., Jensen, D., Towsley, D., and Weis, P. Resisting Structural Re-identification in Anonymized Social Networks. Proc. VLDB Endow. 1, 1 (2008), 102-114.

  • [57] Heilman, E., Baldimtsi, F., and Goldberg, S. Blindly signed contracts: Anonymous on-blockchain and offblockchain bitcoin transactions. IACR Cryptology ePrint Archive 2016 (2016), 56.

  • [58] Kaminsky, D. Black Ops of TCP/IP 2011. Black Hat USA 2011. http://www.slideshare.net/dakami/black-ops-of-tcpip-2011-black-hat-usa-2011.

  • [59] Karlan, D., Mobius, M., Rosenblat, T., and Szeidl, A. Trust and Social Collateral. The Quarterly Journal of Economics 124, 3 (2009), 1307-1361. [Crossref]

  • [60] Korayem, M., and Crandall, D. J. De-anonymizing users across heterogeneous social computing platforms. In ICWSM (2013), E. Kiciman, N. B. Ellison, B. Hogan, P. Resnick, and I. Soboroff, Eds., The AAAI Press.

  • [61] Koshy, P., Koshy, D., and McDaniel, P. An Analysis of Anonymity in Bitcoin Using P2P Network Traffic. Financial Cryptography and Data Security: 18th International Conference, FC 2014. pp. 469-485.

  • [62] Kullback, S., and Leibler, R. A. On Information and Sufficiency. The Annals of Mathematical Statistics 22, 1 (1951), 79-86.

  • [63] Meiklejohn, S., and Orlandi, C. Privacy-Enhancing Overlays in Bitcoin. Financial Cryptography and Data Security: FC 2015 International Workshops, BITCOIN. pp. 127-141.

  • [64] Meiklejohn, S., and Orlandi, C. Privacy-Enhancing Overlays in Bitcoin. Financial Cryptography and Data Security: FC 2015 International Workshops, BITCOIN. pp. 127-141.

  • [65] Miers, I., Garman, C., Green, M., and Rubin, A. D. Zerocoin: Anonymous distributed e-cash from bitcoin. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (2013), pp. 397-411.

  • [66] Mislove, A., Post, A., Druschel, P., and Gummadi, P. K. Ostra: Leveraging trust to thwart unwanted communication. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, Proceedings, pp. 15-30.

  • [67] Mittal, P., Papamanthou, C., and Song, D. X. Preserving Link Privacy in Social Network Based Systems. In Network and Distributed System Security 2013.

  • [68] Mohaisen, A., Hopper, N., and Kim, Y. Keep your friends close: Incorporating trust into social network-based Sybil defenses. In INFOCOM, 2011 Proceedings IEEE (2011), pp. 1943-1951.

  • [69] Mohaisen, A., Tran, H., Chandra, A., and Kim, Y. Trustworthy distributed computing on social networks. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (2013), pp. 155-160.

  • [70] Moreno-Sanchez, P., Kate, A., Maffei, M., and Pecina, K. Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces. In Network and Distributed System Security 2015.

  • [71] Moreno-Sanchez, P., Zafar, M. B., and Kate, A. Project website. http://crypsys.mmci.uni-saarland.de/projects/LinkingWallets.

  • [72] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. Technical report, 2008. https://bitcoin.org/bitcoin.pdf.

  • [73] Narayanan, A., and Shmatikov, V. De-anonymizing social networks. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 173-187.

  • [74] Post, A., Shah, V., and Mislove, A. Bazaar: Strengthening user reputations in online marketplaces. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (2011), NSDI, pp. 183-196.

  • [75] Reid, F., and Harrigan, M. An analysis of anonymity in the bitcoin system. Security and Privacy in Social Networks 2013.

  • [76] Ripple Charts. http://www.ripplecharts.com/.

  • [77] Ron, D., and Shamir, A. Quantitative Analysis of the Full Bitcoin Transaction Graph. Financial Cryptography and Data Security: 17th International Conference, FC 2013. pp. 6-24.

  • [78] Ruffing, T., Moreno-Sanchez, P., and Kate, A. Coin- Shuffle: Practical Decentralized Coin Mixing for Bitcoin. Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security. pp. 345-364.

  • [79] Sala, A., Zhao, X., Wilson, C., Zheng, H., and Zhao, B. Y. Sharing graphs using differentially private graph models. Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 81-98.

  • [80] Sasson, E. B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. Zerocash: Decentralized anonymous payments from bitcoin. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (2014), pp. 459-474.

  • [81] Spagnuolo, M., Maggi, F., and Zanero, S. BitIodine: Extracting Intelligence from the Bitcoin Network. Financial Cryptography and Data Security: 18th International Conference, FC 2014. pp. 457-468.

  • [82] Tran, N., Min, B., Li, J., and Subramanian, L. Sybilresilient online content voting. Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, pp. 15-28.

  • [83] Valenta, L., and Rowan, B. Blindcoin: Blinded, Accountable Mixes for Bitcoin. FC 2015 International BITCOIN Workshops Financial Cryptography and Data Security. pp. 112-126.

  • [84] Wondracek, G., Holz, T., Kirda, E., and Kruegel, C. A practical attack to de-anonymize social network users. Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 223-238.

  • [85] Zheleva, E., and Getoor, L. Preserving the privacy of sensitive relationships in graph data. Proceedings of the 1st ACM SIGKDD International Conference on Privacy, Security, and Trust in KDD, pp. 153-171.

  • [86] Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N., and Wehrle, K. Coinparty: Secure multi-party mixing of bitcoins. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (2015), pp. 75-86.


Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01


Citation Information: Proceedings on Privacy Enhancing Technologies. Volume 2016, Issue 4, Pages 436–453, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0049, July 2016

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. (CC BY-NC-ND 4.0)

Comments (0)

Please log in or register to comment.