Towards Higher-Dimensional Attacks on Searchable Symmetric Encryption

Abstract

In recent years, Searchable Symmetric Encryption (SSE) has become a crucial tool for securely storing and querying encrypted documents in the cloud. However, thirdparty cloud servers may act as honest-but-curious adversaries, attempting to infer sensitive information from encrypted queries or documents. Notably, even SSE schemes that are provably secure can remain vulnerable to practical attacks. Such attacks typically exploit the schemes leakage profile in combination with auxiliary information about the encrypted dataset. The effectiveness of an attack depends heavily on both the extent of leakage and the quality of auxiliary knowledge available to the adversary. TWINSSE is a recently proposed SSE scheme that supports conjunctive and disjunctive Boolean queries, but its security guarantees are not fully understood. In this work, we conduct a comprehensive security analysis of TWINSSE under both passive and active adversarial models. We first examine passive attack paths under various search pattern leakage assumptions. We then propose two active attack strategies adapted to different levels of adversarial knowledge. Finally, we present a statistical attack targeting conjunctive queries and demonstrate its practical feasibility via experiments.