This work identifies a critical location privacy leakage vulnerability in the Privacy-Preserving Ride-Hailing Service (PP-RHS) protocol proposed by Xie et al. at NSS 2022. Through cryptanalysis, we uncover a structural flaw in the protocol’s location encryption mechanism and devise an efficient passive attack: without breaking underlying cryptographic primitives or exploiting security parameters, the attacker recovers the exact geographic coordinates of both passenger and driver for every ride request solely from publicly observable ciphertext structures in protocol interactions. The attack applies universally across all protocol sessions, demonstrating that PP-RHS fails to provide even basic location privacy guarantees. To our knowledge, this is the first work to expose fundamental flaws in both the privacy modeling and cryptographic implementation of PP-RHS, delivering essential security insights and technical guidance for the design of future privacy-preserving mobility systems.

Ride-Hailing Services (RHS) match a ride request initiated by a rider with a suitable driver responding to the ride request. A Privacy-Preserving RHS (PP-RHS) aims to facilitate ride matching while ensuring the privacy of riders' and drivers' location data w.r.t. the Service Provider (SP). At NSS 2022, Xie et al. proposed a PP-RHS. In this work, we demonstrate a passive attack on their PP-RHS protocol. Our attack allows the SP to completely recover the locations of the rider as well as that of the responding drivers in every ride request. Further, our attack is very efficient as it is independent of the security parameter.