pith. sign in

arxiv: 2508.11563 · v2 · submitted 2025-08-15 · 💻 cs.CR

How Query Distribution Knowledge Breaks Multidimensional Encrypted Range Queries, With Guarantees

Daniel Blackley , Nathaniel Moyer , Charalampos Papamanthou , Evgenios M. Kornaropoulos This is my paper

Pith reviewed 2026-05-18 22:37 UTC · model grok-4.3

classification 💻 cs.CR
keywords encrypted range queriesmulti-dimensional dataaccess pattern leakagefrequency matchingquery distributioncryptanalysisplaintext reconstructionLAMa framework
0
0 comments X

The pith

Knowledge of the query distribution plus access-pattern leakage is enough to reconstruct plaintext coordinates in multi-dimensional encrypted range queries.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that an adversary who knows the distribution from which queries are drawn can use observed access patterns to recover the actual values stored in a multi-dimensional encrypted database. Prior attacks either recovered only the relative ordering of points or required the adversary to insert chosen data; this work removes both limitations by extending frequency matching to arbitrary dimensions. A sympathetic reader would care because the attack supplies concrete coordinates rather than topology and comes with the first formal bounds on how many queries are needed and how accurate the recovery can be. Experiments on real data indicate that the method beats existing techniques while staying within the stated assumptions.

Core claim

Given accurate knowledge of the query distribution, access-pattern leakage alone suffices to reconstruct the plaintext coordinates of records stored in a multi-dimensional encrypted range-query system. The authors present LAMa, a three-component framework that performs multi-dimensional frequency matching without post-hoc coordinate transformations and without any ability to inject or poison database content. They supply the first rigorous analysis of this style of attack, bounding the number of queries required, identifying optimal parameter choices, and characterizing worst-case reconstruction quality.

What carries the argument

LAMa (Leakage-Abuse via Matching), a three-component framework that applies frequency matching across arbitrary dimensions to recover plaintext coordinates from access-pattern leakage.

If this is right

  • Plaintext coordinates are recovered in any number of dimensions without requiring post-processing or data injection.
  • Formal bounds are given on the number of observed queries needed for reconstruction.
  • Optimal choices for the framework’s internal parameters are characterized.
  • Worst-case reconstruction error is bounded under the stated distribution assumption.
  • The method is shown to outperform prior multi-dimensional attacks on real-world datasets.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If query distributions can be estimated from public logs or historical traffic, the attack becomes practical against deployed systems.
  • Encrypted database designs may need mechanisms that hide or randomize query distributions in addition to suppressing access-pattern leakage.
  • The same distribution-knowledge approach could be tested on other leakage profiles such as response-size or volume information.
  • Long-term observation of a live system could allow an adversary to refine its distribution model and thereby tighten the attack over time.

Load-bearing premise

The adversary is assumed to possess an accurate model of the distribution from which queries are drawn.

What would settle it

An experiment in which the query distribution is deliberately altered or hidden from the adversary and LAMa’s coordinate-recovery accuracy falls below the paper’s stated worst-case bounds.

Figures

Figures reproduced from arXiv: 2508.11563 by Charalampos Papamanthou, Daniel Blackley, Evgenios M. Kornaropoulos, Nathaniel Moyer.

Figure 1
Figure 1. Figure 1: Subfigure (A): The probability of retrieving a record with a fixed plaintext value (denoted on 𝑋-axis) when queries come from the uniform query distribution. Subfigure (B): An example of a query distribution for which every record is retrieved with the same probability regardless of its plaintext value. Subfigure (C): The probability of retrieving a pair of records together as part of a response for the sa… view at source ↗
Figure 2
Figure 2. Figure 2: Internal view of Translator identifying matching pairs and generating the formula passed to the Solver. (B) Matching Pairs With the Same Left-Hand Expression Imply Mutually Exclusive Assignments. Staying with our example, notice that the results 𝑓 (𝑒id𝑎 ∩ 𝑒id𝑏 ) = Pr[𝑒4 ∩ 𝑒3] and 𝑓 (𝑒id𝑎 ∩ 𝑒id𝑏 ) = Pr[𝑒3∩𝑒4] imply the mutually exclusive statements (id𝑎 = 4∧id𝑏 = 3) and (id𝑎 = 3 ∧ id𝑏 = 4). In 𝐶, they are j… view at source ↗
Figure 3
Figure 3. Figure 3: Values of a DB in 𝑘=3 dimensions. Red/blue/yellow/black points comprise the associated values of records that are part of rsp. Queries that cover the 2𝑘 = 6 min/max “colored” values from rsp with respect to Attribute-1, Attribute-2, and Attribute-3 must cover all records of rsp with internal values [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: An illustration of how the query distribution by [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Evaluation of the LAMa frequency analysis framework on hospital data from HCUP across different query distributions and plaintext dimensions, using the 𝑇∩ parameterization. of records and add these matches as constraints to the Solver. E.g., in the two dimensional space, if record id1 has the same frequency as values (1, 1) and (2, 2), we add the constraint id1 = (1, 1) ∨ id1 = (2, 2) to the Solver. For br… view at source ↗
read the original abstract

In this work, we show how knowledge of the query distribution, combined with access-pattern leakage, is sufficient to break multi-dimensional encrypted range queries, with provable guarantees. Prior attacks either recover only data topology without concrete coordinates for plaintexts (and as a result require post-hoc transformations), or assume adversarial control over database content; a strong and unrealistic threat model. Given knowledge of the query distribution, we revisit frequency matching, one of the earliest cryptanalytic ideas in this area, and push it to its limits in the multi-dimensional regime through LAMa ($\underline{L}$eakage-$\underline{A}$buse via $\underline{Ma}$tching). LAMa is a three-component framework that reconstructs plaintext coordinates in arbitrary dimensions without post-hoc transformations or data injection/poisoning. We complement LAMa with the first rigorous guarantees for multi-dimensional frequency-matching cryptanalysis, covering its query complexity, optimal parameterization, and worst-case reconstruction quality. Experiments on real-world data show that LAMa consistently outperforms the state of the art.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents LAMa, a three-component framework that reconstructs plaintext coordinates for multi-dimensional encrypted range queries by combining access-pattern leakage with knowledge of the query distribution. It revisits frequency matching, extends it to the multi-dimensional setting without post-hoc transformations or data poisoning, and supplies the first rigorous guarantees on query complexity, optimal parameterization, and worst-case reconstruction quality, supported by experiments on real-world data showing consistent outperformance of prior attacks.

Significance. If the central claims hold, the work is significant because it supplies the first formal analysis of multi-dimensional frequency-matching cryptanalysis and demonstrates that query-distribution knowledge alone suffices for coordinate recovery under a realistic threat model. The provision of provable bounds on query complexity and reconstruction quality, together with reproducible experiments on real data, strengthens the contribution relative to prior heuristic attacks.

major comments (2)
  1. [§4.2, Theorem 1] §4.2, Theorem 1 (query-complexity bound): the derivation assumes the adversary possesses the exact query distribution; the proof does not quantify how the bound or the uniqueness of the coordinate assignment degrades when the distribution is only estimated or subject to small perturbations, even though multi-dimensional rectangular leakage couples the marginal frequencies and can admit multiple consistent assignments under mismatch.
  2. [§5.3] §5.3 (experimental evaluation): the reported reconstruction quality and comparison against baselines are obtained under perfect knowledge of the query distribution; no sensitivity analysis or error-propagation experiments are provided for distribution mismatch or sampling error, which directly affects whether the provable worst-case guarantees translate to practical settings.
minor comments (2)
  1. [§3.1] §3.1: the three-component description of LAMa would benefit from an explicit pseudocode listing the steps of the matching procedure across dimensions.
  2. [§4.1] Notation in §4.1: the symbol for the estimated marginal frequency vector is introduced without a clear distinction from the true distribution; a short remark on estimation procedure would improve readability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive comments. We address each major comment below, maintaining the paper's focus on rigorous guarantees under exact query distribution knowledge.

read point-by-point responses

  1. Referee: [§4.2, Theorem 1] §4.2, Theorem 1 (query-complexity bound): the derivation assumes the adversary possesses the exact query distribution; the proof does not quantify how the bound or the uniqueness of the coordinate assignment degrades when the distribution is only estimated or subject to small perturbations, even though multi-dimensional rectangular leakage couples the marginal frequencies and can admit multiple consistent assignments under mismatch.

    Authors: Theorem 1 derives its query-complexity bound and uniqueness guarantees explicitly under the assumption of exact query distribution knowledge, as defined in our threat model. This assumption enables the first rigorous analysis of multi-dimensional frequency matching without post-hoc transformations. We agree that degradation under estimated or perturbed distributions is an interesting question involving stability of the assignment under coupled marginals, but it requires separate technical development (e.g., via robust optimization or concentration bounds) and lies outside the scope of establishing baseline provable guarantees. revision: no

  2. Referee: [§5.3] §5.3 (experimental evaluation): the reported reconstruction quality and comparison against baselines are obtained under perfect knowledge of the query distribution; no sensitivity analysis or error-propagation experiments are provided for distribution mismatch or sampling error, which directly affects whether the provable worst-case guarantees translate to practical settings.

    Authors: Section 5.3 evaluates reconstruction quality and comparisons under the exact-distribution setting to align directly with the theoretical claims and threat model. The experiments on real-world data demonstrate consistent outperformance in this regime. Sensitivity analysis to sampling error or mismatch would require additional mismatch models and is not needed to support the paper's stated contributions; we view it as a natural extension for subsequent work rather than a required revision. revision: no

Circularity Check

0 steps flagged

No significant circularity; guarantees are mathematical bounds under explicit assumption

full rationale

The paper states an explicit modeling assumption (accurate knowledge of the query distribution) as a prerequisite for both the LAMa reconstruction and its accompanying guarantees on query complexity, parameterization, and reconstruction quality. No equations or derivations in the abstract or described framework reduce these guarantees to parameters fitted from the same observed access patterns or to self-referential definitions. The guarantees are presented as independent analytical results conditioned on the assumption rather than as outputs that are forced by construction from the reconstruction procedure itself. Self-citations, if present, are not load-bearing for the central claims according to the visible text.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Review performed from abstract only; no explicit free parameters, axioms, or invented entities are stated in the provided text.

pith-pipeline@v0.9.0 · 5721 in / 1098 out tokens · 38601 ms · 2026-05-18T22:37:53.842948+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. TENNOR: Trustworthy Execution for Neural Networks through Obliviousness and Retrievals

    cs.CR 2026-05 unverdicted novelty 7.0

    TENNOR enables efficient private training of wide neural networks in TEEs by recasting sparsification as doubly oblivious LSH retrievals and introducing MP-WTA to cut hash table memory by 50x while preserving accuracy.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages · cited by 1 Pith paper

  1. [1]

    Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS),

    Agency for Healthcare Research & Quality, “Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS), ” www.hcup-us.ahrq.gov/ nisoverview.jsp, 2009

    work page 2009

  2. [2]

    On the Cost of Suppressing Volume for Encrypted Multi-maps,

    M. Ando and M. George, “On the Cost of Suppressing Volume for Encrypted Multi-maps, ”Proc. Priv. Enhancing Technol., vol. 2022, no. 4, pp. 44–65, 2022

    work page 2022

  3. [3]

    Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations,

    G. Asharov, M. Naor, G. Segev, and I. Shahaf, “Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations, ” in Proc. of the 48th ACM STOC , 2016, pp. 1101–1114

    work page 2016

  4. [4]

    Revisiting Leakage Abuse Attacks,

    L. Blackstone, S. Kamara, and T. Moataz, “Revisiting Leakage Abuse Attacks, ” in Proc. of the 27th NDSS , 2020

    work page 2020

  5. [5]

    Understanding Leakage in Searchable Encryption: a Quantitative Approach,

    A. Boldyreva, Z. Gui, and B. Warinschi, “Understanding Leakage in Searchable Encryption: a Quantitative Approach, ”Proc. Priv. Enhancing Technol., vol. 2024, pp. 503–524, 2024

    work page 2024

  6. [6]

    Privacy-Preserving Approximate k-Nearest- Neighbors Search that Hides Access, Query and Volume Patterns,

    A. Boldyreva and T. Tang, “Privacy-Preserving Approximate k-Nearest- Neighbors Search that Hides Access, Query and Volume Patterns, ”Proc. Priv. Enhancing Technol., vol. 2021, no. 4, pp. 549–574, 2021

    work page 2021

  7. [7]

    Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation,

    D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner, “Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation, ” inProc. of the 21st NDSS , 2014

    work page 2014

  8. [8]

    The Locality of Searchable Symmetric Encryption,

    D. Cash and S. Tessaro, “The Locality of Searchable Symmetric Encryption, ” in Proc. of IACR - EUROCRYPT , 2014, pp. 351–368

    work page 2014

  9. [9]

    Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions,

    R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky, “Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions, ” inProc. of the 13th ACM CCS, 2006, pp. 79–88

    work page 2006

  10. [10]

    Searchable encryption with optimal locality: Achieving sublogarithmic read efficiency,

    I. Demertzis, D. Papadopoulos, and C. Papamanthou, “Searchable encryption with optimal locality: Achieving sublogarithmic read efficiency, ” inProc. of the 38th CRYPTO, 2018, pp. 371–406

    work page 2018

  11. [11]

    Practical Private Range Search Revisited,

    I. Demertzis, S. Papadopoulos, O. Papapetrou, A. Deligiannakis, and M. Garo- falakis, “Practical Private Range Search Revisited, ” inProc. of ACM SIGMOD, 2016, pp. 185–198

    work page 2016

  12. [12]

    Practical Private Range Search in Depth,

    I. Demertzis, S. Papadopoulos, O. Papapetrou, A. Deligiannakis, M. N. Garofalakis, and C. Papamanthou, “Practical Private Range Search in Depth, ”ACM Trans. Database Syst., vol. 43, no. 1, pp. 2:1–2:52, 2018

    work page 2018

  13. [13]

    Fast Searchable Encryption With Tunable Locality,

    I. Demertzis and C. Papamanthou, “Fast Searchable Encryption With Tunable Locality, ” inProc. of ACM SIGMOD, 2017, pp. 1053–1067

    work page 2017

  14. [14]

    Rich Queries on Encrypted Data: Beyond Exact Matches,

    S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, and M. Steiner, “Rich Queries on Encrypted Data: Beyond Exact Matches, ” inProc. of the 20th ESORICS , 2015, pp. 123–145

    work page 2015

  15. [15]

    Full Database Reconstruction in Two Dimensions,

    F. Falzon, E. A. Markatou, Akshima, D. Cash, A. Rivkin, J. Stern, and R. Tamassia, “Full Database Reconstruction in Two Dimensions, ” inProc of the 27th ACM CCS , 2020

    work page 2020

  16. [16]

    Range search over encrypted multi-attribute data,

    F. Falzon, E. A. Markatou, Z. Espiritu, and R. Tamassia, “Range search over encrypted multi-attribute data, ”Proc. VLDB Endow., vol. 16, no. 4, pp. 587–600,

    work page

  17. [17]

    Available: https://www.vldb.org/pvldb/vol16/p587-falzon.pdf

    [Online]. Available: https://www.vldb.org/pvldb/vol16/p587-falzon.pdf

    work page

  18. [18]

    Structured Encryption and Dynamic Leakage Suppression,

    M. George, S. Kamara, and T. Moataz, “Structured Encryption and Dynamic Leakage Suppression, ” inProc. of IACR - EUROCRYPT , 2021, pp. 370–396

    work page 2021

  19. [19]

    Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks,

    P. Grubbs, M. Lacharité, B. Minaud, and K. G. Paterson, “Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks, ” inProc. of the 40th IEEE S&P, 2019, pp. 496–512

    work page 2019

  20. [20]

    Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries,

    ——, “Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries, ” inProc. of the 25th ACM CCS , 2018, pp. 315–331

    work page 2018

  21. [21]

    Encrypted Databases: New Volume Attacks against Range Queries,

    Z. Gui, O. Johnson, and B. Warinschi, “Encrypted Databases: New Volume Attacks against Range Queries, ” inProc. of the 26th ACM CCS , 2019, pp. 361–378

    work page 2019

  22. [22]

    MAPLE: markov process leakage attacks on encrypted search,

    S. Kamara, A. Kati, T. Moataz, J. DeMaria, A. Park, and A. Treiber, “MAPLE: markov process leakage attacks on encrypted search, ” Proc. Priv. Enhancing Technol., vol. 2024, no. 1, pp. 430–446, 2024

    work page 2024

  23. [23]

    SoK: Crypt- analysis of Encrypted Search with LEAKER - A Framework for LEakage Attack Evaluation on Real-World Data,

    S. Kamara, A. Kati, T. Moataz, T. Schneider, A. Treiber, and M. Yonli, “SoK: Crypt- analysis of Encrypted Search with LEAKER - A Framework for LEakage Attack Evaluation on Real-World Data, ” inProc. of the 7th IEEE European Symposium on Security and Privacy (EuroS&P) , 2022, pp. 90–108

    work page 2022

  24. [24]

    Structured Encryption and Leakage Suppression,

    S. Kamara, T. Moataz, and O. Ohrimenko, “Structured Encryption and Leakage Suppression, ” inProc. of the 38th CRYPTO , 2018, pp. 339–370

    work page 2018

  25. [25]

    Parallel and Dynamic Searchable Symmetric Encryption,

    S. Kamara and C. Papamanthou, “Parallel and Dynamic Searchable Symmetric Encryption, ” inProc. of the 17th International Conference in Financial Cryptography and Data Security – FC , 2013, pp. 258–274

    work page 2013

  26. [26]

    Dynamic Searchable Symmetric Encryption,

    S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic Searchable Symmetric Encryption, ” inProc. of the 19th ACM CCS , 2012, pp. 965–976

    work page 2012

  27. [27]

    Generic Attacks on Secure Outsourced Databases,

    G. Kellaris, G. Kollios, K. Nissim, and A. O’Neill, “Generic Attacks on Secure Outsourced Databases, ” inProc. of the 23rd ACM CCS , 2016, pp. 1329–1340

    work page 2016

  28. [28]

    Leakage inversion: Towards quantifying privacy in searchable encryption,

    E. M. Kornaropoulos, N. Moyer, C. Papamanthou, and A. Psomas, “Leakage inversion: Towards quantifying privacy in searchable encryption, ” inProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022. ACM, 2022, pp. 1829–1842

    work page 2022

  29. [29]

    Data Recovery on Encrypted Databases With 𝑘-Nearest Neighbor Query Leakage,

    E. M. Kornaropoulos, C. Papamanthou, and R. Tamassia, “Data Recovery on Encrypted Databases With 𝑘-Nearest Neighbor Query Leakage, ” inProc. of the 40th IEEE S&P, 2019

    work page 2019

  30. [30]

    The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution,

    ——, “The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution, ” inProc. of the 41th IEEE S&P , 2020

    work page 2020

  31. [31]

    Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks,

    ——, “Response-Hiding Encrypted Ranges: Revisiting Security via Parametrized Leakage-Abuse Attacks, ” inProc. of the 42nd IEEE S&P , 2021

    work page 2021

  32. [32]

    Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage,

    M. S. Lacharité, B. Minaud, and K. G. Paterson, “Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage, ” inProc. of the 39th IEEE S&P , 2018, pp. 1–18

    work page 2018

  33. [33]

    Attacks on encrypted response-hiding range search schemes in multiple dimensions,

    E. A. Markatou, F. Falzon, Z. Espiritu, and R. Tamassia, “Attacks on encrypted response-hiding range search schemes in multiple dimensions, ” Proc. Priv. Enhancing Technol., vol. 2023, no. 4, pp. 204–223, 2023. [Online]. Available: https://doi.org/10.56553/popets-2023-0106

    work page doi:10.56553/popets-2023-0106 2023

  34. [34]

    Reconstructing with Less: Leakage Abuse Attacks in Two Dimensions,

    E. A. Markatou, F. Falzon, R. Tamassia, and W. Schor, “Reconstructing with Less: Leakage Abuse Attacks in Two Dimensions, ” inProc of the 28th ACM CCS , 2021, pp. 2243–2261

    work page 2021

  35. [35]

    Full Database Reconstruction with Access and Search Pattern Leakage,

    E. A. Markatou and R. Tamassia, “Full Database Reconstruction with Access and Search Pattern Leakage, ” inProc. of the 22nd ISC , 2019

    work page 2019

  36. [36]

    Reconstructing with even less: Amplifying leakage and drawing graphs,

    ——, “Reconstructing with even less: Amplifying leakage and drawing graphs, ” in Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, UT, USA, October 14-18, 2024 , B. Luo, X. Liao, J. Xu, E. Kirda, and D. Lie, Eds. ACM, 2024, pp. 4777–4791. [Online]. Available: https://doi.org/10.1145/3658644.3670313

    work page doi:10.1145/3658644.3670313 2024

  37. [37]

    Dynamic Local Searchable Symmetric Encryption,

    B. Minaud and M. Reichle, “Dynamic Local Searchable Symmetric Encryption, ” arXiv–CoRR, vol. abs/2201.05006, 2022

    work page arXiv 2022

  38. [38]

    Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption,

    S. Oya and F. Kerschbaum, “Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption, ” inProc. of the 30th USENIX Security Symposium, 2021, pp. 127–142

    work page 2021

  39. [39]

    CP-SAT,

    L. Perron and F. Didier, “CP-SAT, ” Google

    work page

  40. [40]

    Practical Techniques for Searches on Encrypted Data,

    D. X. Song, D. A. Wagner, and A. Perrig, “Practical Techniques for Searches on Encrypted Data, ” inProc. of the 21st IEEE S&P , 2000, pp. 44–55

    work page 2000

  41. [41]

    Practical Volume-Based Attacks on Encrypted Databases,

    S. Wang, R. Poddar, J. Lu, and R. A. Popa, “Practical Volume-Based Attacks on Encrypted Databases, ” inProc. of the 5th IEEE EuroS&P , 2020

    work page 2020

  42. [42]

    All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption,

    Y. Zhang, J. Katz, and C. Papamanthou, “All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption, ” inProc. of the 25th USENIX Security, 2016, pp. 707–720. 8 APPENDIX 8.1 Prior Attacks via Frequency-Matching The reconstruction attack of Kellaris et al. [26] can be re-framed as an application of our frequency-matching...

    work page 2016