Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE

TL;DR

This paper critically analyzes the TRACE privacy-preserving ride-hailing protocol, demonstrating that its privacy claims are flawed as it allows entities to uncover sensitive location information through cryptanalysis.

Contribution

We disprove the privacy guarantees of TRACE by developing an attack that exploits shared randomness to recover spatial divisions and exact locations, revealing vulnerabilities in the protocol.

Findings

RCs and RVs can identify the spatial division maintained by RS

RS can determine the exact locations of RCs and RVs

Attack is efficient, with high success rate on standard hardware

Abstract

In a typical ride-hailing service, the service provider (RS) matches a customer (RC) with the closest vehicle (RV) registered to this service. TRACE is an efficient privacy-preserving ride-hailing service proposed by Wang et al. in 2018. TRACE uses masking along with other cryptographic techniques to ensure efficient and accurate ride-matching. The RS uses masked location information to match RCs and RVs within a quadrant without obtaining their exact locations, thus ensuring privacy. In this work, we disprove the privacy claims in TRACE by showing the following: a) RCs and RVs can identify the secret spatial division maintained by RS (this reveals information about the density of RVs in the region and other potential trade secrets), and b) the RS can identify exact locations of RCs and RVs (this violates location privacy). Prior to exchanging encrypted messages in the TRACE protocol, each entity masks the plaintext message with a secret unknown to others. Our attack allows other entities to recover this plaintext from the masked value by exploiting shared randomness used across different messages, that eventually leads to a system of linear equations in the unknown plaintexts. This holds even when all the participating entities are honest-but-curious. We implement our attack and demonstrate its efficiency and high success rate. For the security parameters recommended for TRACE, an RV can recover the spatial division in less than a minute, and the RS can recover the location of an RV in less than a second on a commodity laptop.