Listening to Whispers of Ripple: Linking Wallets and Deanonymizing Transactions in the Ripple Network

Authors: Pedro Moreno-Sanchez (Purdue University), Muhammad Bilal Zafar (MPI-SWS), Aniket Kate (Purdue University)

Volume: 2016
Issue: 4
Pages: 436–453
DOI: https://doi.org/10.1515/popets-2016-0049

Download PDF

Abstract: The decentralized I owe you (IOU) transaction network Ripple is gaining prominence as a fast, lowcost and efficient method for performing same and crosscurrency payments. Ripple keeps track of IOU credit its users have granted to their business partners or friends, and settles transactions between two connected Ripple wallets by appropriately changing credit values on the connecting paths. Similar to cryptocurrencies such as Bitcoin, while the ownership of the wallets is implicitly pseudonymous in Ripple, IOU credit links and transaction flows between wallets are publicly available in an online ledger. In this paper, we present the first thorough study that analyzes this globally visible log and characterizes the privacy issues with the current Ripple network. In particular, we define two novel heuristics and perform heuristic clustering to group wallets based on observations on the Ripple network graph. We then propose reidentification mechanisms to deanonymize the operators of those clusters and show how to reconstruct the financial activities of deanonymized Ripple wallets. Our analysis motivates the need for better privacypreserving payment mechanisms for Ripple and characterizes the privacy challenges faced by the emerging credit networks.

Keywords: Credit Networks, Ripple, deanonymization, linking wallets, crypto-currencies

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.