Open Collections

Abstract

Searchable Symmetric Encryption (SSE) enables keyword search over encrypted data, but practical schemes leak structured information during query execution. Leakage-abuse attacks exploit this information, yet their reported effectiveness depends heavily on assumptions about the attacker’s auxiliary knowledge, the client’s query behaviour, and the types of queries being issued. We examine how realistic current assumptions are and how they shape privacy conclusions. We find that LLM-generated documents are not a viable substitute for real auxiliary corpora to enhance leakage-abuse attacks because they fail to preserve the keyword distributions of domain-specific data. Real point-query traces exhibit temporal dependence and are better captured by a first-order Markov process, although temporal drift limits how well that dependence transfers across time which limits attack effectiveness in practical scenarios. Conjunctive queries expose a substantially stronger attack surface when dependence between keywords is modelled. Taken together, these results show that the apparent privacy of SSE is highly sensitive to the realism of the evaluation setup, and that credible privacy claims therefore require empirically grounded assumptions rather than idealized attack models.