Cryptology ePrint Archive: Report 2017/046

Practical Passive Leakage-Abuse Attacks Against Symmetric Searchable Encryption

Matthieu Giraud and Alexandre Anzala-Yamajako and Olivier Bernard and Pascal Lafourcade

Abstract: The problem of securely outsourcing client data with search functionality has given rise to efficient solutions called Symmetric Searchable Encryption (SSE) schemes. These schemes are provably secure with respect to an explicit leakage profile; however, determining how much information can be inferred in practice from this leakage remains difficult. First, we refine and formalize the leakage hierarchy introduced by Cash et al. in 2015. Second, we further extend the analysis of existing attacks to better understand their real-world efficiency and the practicality of their hypothesis. Finally, we present the first complete practical attacks on L4, L3 and L2 leakage profiles. Our attacks are passive and only assume the very realistic knowledge of a small sample of plaintexts; moreover, we show their devastating effect on real-world datasets.

Category / Keywords: symmetric searchable encryption, leakage, passive attacks

Date: received 20 Jan 2017, last revised 20 Jan 2017

Contact author: matthieu giraud at uca fr

Available format(s): PDF | BibTeX Citation

Version: 20170120:222918 (All versions of this report)

Short URL: ia.cr/2017/046

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]