Paper 2016/718

Leakage-Abuse Attacks Against Searchable Encryption

David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart


Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood. To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server’s prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these 'leakage-abuse attacks' and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.

Note: This version corrects some inconsistencies and errors in the previous version of the paper. See the final paragraph of the introduction for a full explanation of the changes. 2019-09-05 revision: typo fixes

Available format(s)
Publication info
Published elsewhere. MAJOR revision.ACM Conference on Computer and Communications Security (CCS) 2015
Searchable encryptionleakage
Contact author(s)
pag225 @ cornell edu
2019-09-05: last of 2 revisions
2016-07-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Cash and Paul Grubbs and Jason Perry and Thomas Ristenpart},
      title = {Leakage-Abuse Attacks Against Searchable Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/718},
      year = {2016},
      doi = {10.1145/2810103.2813700},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.