On the Privacy of Counting Bloom Filters Under a Black-Box Attacker

Counting Bloom Filters (CBFs) are approximate membership checking data structures, and it is normally believed that at most an approximate reconstruction of the underlying set can be derived when interactingwith a CBF. This paper decisively refutes this assumption. In a recent paper, we considered the privacy ofCBFswhen the attacker has access to the implementation details and thus, it sees the filter as a white-box. In that setting, we showed that the attacker may be able to extract the elements stored in the filter when the number of false positives over the entire universe is not significantly larger than the number of elements stored in the filter. In thiswork, we consider a black-box attacker that can only performuser interactions on the CBF to insert, remove and query elements with no knowledge of the filter implementation details. We show that even in this case, an attackermay be able to extract information from the filter at the cost of using more complex and time-consuming attack algorithms. The proposed algorithms have been implemented and compared with the white-box attack, showing that inmost cases, almost the same information can be extracted fromthe filter.