Refined statistical attacks against searchable symmetric encryption using non-indexed documents

Searchable symmetric encryption(SSE) schemes allow clients to search encrypted data stored on remote servers but ensure efficient retrieval by revealing specific information about the queries, such as access patterns. Honest but curious servers can then use these leakages to infer keywords queried by users. However, most attack schemes can only achieve considerable recovery accuracy(over 30%) under favorable conditions. When the auxiliary information is weak, the inference attack schemes using statistical information can achieve the same or even better recovery accuracy. In this paper, an attack based on statistical information is proposed. Our attack iteratively solves the quadratic recovery query problem using a linear optimization solver. With a tiny number of known queries(which can be deleted by the server), the query recovery accuracy can reach about 95% without knowing the exact background knowledge of the documents stored by the client. This process not only makes our scheme outperforms other attack schemes in accuracy but also makes our attack execution more efficient than other schemes, up to a maximum difference of 1000 seconds. The attack can still achieve considerable accuracy even when the defense is applied to the SSE scheme; defenses can help the SSE scheme obfuscate the pattern leakages.