Skip to main content

Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE

  • 205 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13143)


In a typical ride-hailing service, the service provider (RS) matches a customer (RC) with the closest vehicle (RV) registered to this service. Ride-hailing services have gained tremendous popularity over the past years, and several works have been proposed to ensure privacy of riders and drivers during ride-matching. TRACE is an efficient privacy-preserving ride-hailing service proposed by Wang et al. (IEEE Trans. Vehicular Technology 2018). TRACE uses masking along with other cryptographic techniques to ensure efficient and accurate ride-matching. RS computes a (secret) spatial division of a region into quadrants. The RS uses masked location information to match RCs and RVs within a quadrant without obtaining their exact locations, thus ensuring privacy. Additionally, an RC only gets to know location of the closest RV finally matched to it, and not of other responding RVs in the region.

In this work, we disprove the privacy claims in TRACE by showing the following: a) RCs and RVs can identify the secret spatial division maintained by RS (this reveals information about the density of RVs in the region and other potential trade secrets), and b) the RS can identify exact locations of RCs and RVs (this violates location privacy). Prior to exchanging encrypted messages in the TRACE protocol, each entity masks the plaintext message with a secret unknown to others. Our attack allows other entities to recover this plaintext from the masked value by exploiting shared randomness used across different messages, that eventually leads to a system of linear equations in the unknown plaintexts. This holds even when all the participating entities are honest-but-curious. We implement our attack and demonstrate its efficiency and high success rate. For the security parameters recommended for TRACE, an RV can recover the spatial division in less than a minute, and the RS can recover the location of an RV in less than a second on a commodity laptop.


  • Location privacy
  • Privacy-preserving protocols
  • Ride-hailing services
  • Cryptanalysis
  • Random masking

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-92518-5_21
  • Chapter length: 23 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-92518-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.


  1. 1.

    The implementation can be accessed at


  1. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001).

    CrossRef  Google Scholar 

  2. Eberly, W., Giesbrecht, M., Giorgi, P., Storjohann, A., Villard, G.: Solving sparse integer linear systems. CoRR abs/cs/0603082 (2006).

  3. EconomicTimes: Bengaluru techie arrested for data theft from Aadhaar website (2017). Accessed 17 June 2021

  4. Hurriyet Daily News: Istanbul taxi drivers hunt down, beat up Uber drivers as tensions rise (2018). Accessed 17 June 2021

  5. Kumaraswamy, D., Murthy, S., Vivek, S.: Revisiting driver anonymity in oride. CoRR abs/2101.06419 (2021)., to appear in SAC 2021

  6. Lu, R., Lin, X., Shen, X.: Spoc: a secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. IEEE Trans. Parallel Distrib. Syst. 24(3), 614–624 (2013).

    CrossRef  Google Scholar 

  7. Luo, Y., Jia, X., Fu, S., Xu, M.: pRide: privacy-preserving ride matching over road networks for online ride-hailing service. IEEE Trans. Inf. Forensics Secur. 14(7), 1791–1802 (2019).

  8. NortonLifeLock: Uber Announces New Data Breach Affecting 57 million Riders and Drivers (2020). Accessed 17 June 2021

  9. Pew Research Center: More Americans Are Using Ride-Hailing Apps (2019). Accessed 17 June 2021

  10. Pham, A., Dacosta, I., Endignoux, G., Troncoso-Pastoriza, J.R., Huguenin, K., Hubaux, J.: ORide: a privacy-preserving yet accountable ride-hailing service. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 1235–1252. USENIX Association (2017).

  11. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. PoPETs 2017(2), 38–56 (2017).

  12. Schneider, T., Treiber, A.: A comment on privacy-preserving scalar product protocols as proposed in SPOC. IEEE Trans. Parallel Distrib. Syst. 31(3), 543–546 (2020).

    CrossRef  Google Scholar 

  13. The Sage Developers: SageMath, the Sage Mathematics Software System (Version 9.0) (2021).

  14. West Dublin gang using hailing apps to target older taxi drivers (2019). Accessed 17 June 2021

  15. Vivek, S.: Attacks on a privacy-preserving publish-subscribe system and a ride-hailing service. CoRR abs/2105.04351 (2021)., to appear in IMACC 2021

  16. Wang, F., et al.: Efficient and privacy-preserving dynamic spatial query scheme for ride-hailing services. IEEE Trans. Veh. Technol. 67(11), 11084–11097 (2018)

    CrossRef  Google Scholar 

  17. Xie, H., Guo, Y., Jia, X.: A privacy-preserving online ride-hailing system without involving a third trusted server. IEEE Trans. Inf. Forensics Secur. 16, 3068–3081 (2021).

    CrossRef  Google Scholar 

  18. Yu, H., Jia, X., Zhang, H., Shu, J.: Efficient and privacy-preserving ride matching using exact road distance in online ride hailing services. IEEE Trans. Serv. Comput. 1 (2020).

  19. Yu, H., Shu, J., Jia, X., Zhang, H., Yu, X.: lpride: lightweight and privacy-preserving ride matching over road networks in online ride hailing systems. IEEE Trans. Veh. Technol. 68(11), 10418–10428 (2019).

  20. Zhao, Q., Zuo, C., Pellegrino, G., Lin, Z.: Geo-locating drivers: a study of sensitive data leakage in ride-hailing services. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019).

Download references


This work was partially funded by the Infosys Foundation Career Development Chair Professorship grant for Srinivas Vivek.

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Kumaraswamy, D., Vivek, S. (2021). Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92517-8

  • Online ISBN: 978-3-030-92518-5

  • eBook Packages: Computer ScienceComputer Science (R0)