Improved File-injection Attacks on Searchable Encryption Using Finite Set Theory

Searchable encryption (SE) allows the cloud server to search over the encrypted data and leak information as little as possible. Most existing efficient SE schemes assume that the leakage of search pattern and access pattern is acceptable. A series of work was proposed, instructing malicious users to use this leakage to come up with attacks. Especially, with a devastating attack proposed by Zhang et al., the cloud server can reveal the keywords queried by normal users by using some injected files. From the method of constructing uniform $(k,n)$-set of a finite set $A$ proposed by Cao, we put forward a new file-injection attack. In our attack, the server needs fewer injected files than the previous attack when the size of $T$ is larger than 9 and the size of keyword set is larger than $2T$, where $T$ is the threshold of the number of keywords in each injected file. Our attack is more practical and easier to implement in the real scenario.