Paper 2023/1883

The statistical nature of leakage in SSE schemes and its role in passive attacks

Marc Damie, French Institute for Research in Computer Science and Automation, University of Twente
Jean-Benoist Leger, Université de technologie de Compiègne
Florian Hahn, University of Twente
Andreas Peter, Carl von Ossietzky University of Oldenburg, University of Twente

Encrypted search schemes have been proposed to address growing privacy concerns. However, several leakage-abuse attacks have highlighted the shortcomings of these schemes. The literature remains vague about the consequences of these attacks for real-world applications: are these attacks dangerous in practice? Is it safe to use these schemes? Do we even need countermeasures? This paper introduces a novel mathematical model for attackers' knowledge using statistical estimators. Our model reveals that any attacker's knowledge is inherently noisy, which limits attack effectiveness. This inherent noise can be considered a security guarantee, a natural attack mitigation. Capitalizing on this insight, we develop a risk assessment protocol to guide real-world deployments. Our findings demonstrate that limiting the index size is an efficient leverage to bound attack accuracy. Finally, we employ similar statistical methods to enhance attack analysis methodology. Hence, our work offers a fresh perspective on SSE attacks and provides practitioners and researchers with novel methodological tools.

Available format(s)
Attacks and cryptanalysis
Publication info
Searchable EncryptionPassive attacksRisk assessmentStatistics
Contact author(s)
marc damie @ inria fr
2023-12-08: approved
2023-12-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marc Damie and Jean-Benoist Leger and Florian Hahn and Andreas Peter},
      title = {The statistical nature of leakage in SSE schemes and its role in passive attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1883},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.