Cardinality sketches (e.g., MinHash, linear sketches) exhibit strong statistical guarantees under random queries but suffer severe security degradation under adaptive querying—posing critical risks in privacy-sensitive interactive systems. Method: We propose the first generic attack framework against union-compatible sketches, leveraging adaptive interactions to exploit structural vulnerabilities. Contribution/Results: We prove that any union-compatible sketch can be compromised with only Õ(k⁴) adaptive queries while degrading estimation accuracy. For monotonic or linear sketches, we construct tight attacks achieving the optimal Õ(k²) query complexity and establish a matching Ω(k²) information-theoretic lower bound. Our work unifies and strengthens prior analyses of statistical queries and MinHash security, providing the first systematic characterization of adaptive security thresholds for cardinality sketches. These results yield foundational theoretical guidance for the secure deployment of sketches in adaptive, privacy-critical applications.

Cardinality sketches are compact data structures for representing sets or vectors. These sketches are space-efficient, typically requiring only logarithmic storage in the input size, and enable approximation of cardinality (or the number of nonzero entries). A crucial property in applications is emph{composability}, meaning that the sketch of a union of sets can be computed from individual sketches. Existing designs provide strong statistical guarantees, ensuring that a randomly sampled sketching map remains robust for an exponential number of queries in terms of the sketch size $k$. However, these guarantees degrade to quadratic in $k$ when queries are emph{adaptive}, meaning they depend on previous responses. Prior works on statistical queries (Steinke and Ullman, 2015) and specific MinHash cardinality sketches (Ahmadian and Cohen, 2024) established that this is tight in that they can be compromised using a quadratic number of adaptive queries. In this work, we develop a universal attack framework that applies to broad classes of cardinality sketches. We show that any union-composable sketching map can be compromised with $ ilde{O}(k^4)$ adaptive queries and this improves to a tight bound of $ ilde{O}(k^2)$ for monotone maps (including MinHash, statistical queries, and Boolean linear maps). Similarly, any linear sketching map over the reals $mathbb{R}$ and finite fields $mathbb{F}_p$ can be compromised using $ ilde{O}(k^2)$ adaptive queries, which is optimal and strengthens some of the recent results by~citet{GribelyukLWYZ:FOCS2024}, who established a weaker polynomial bound.