To address the high query cost and slow convergence in hard-label black-box adversarial attacks, this paper proposes two efficient ray-search algorithms: ARS-OPT, which accelerates gradient estimation via Nesterov momentum, and PARS-OPT, which incorporates proxy-model priors for gradient-guided search. Both methods are unified under a formulation that minimizes the ℓ₂-norm perturbation along a ray direction; theoretical analysis establishes their faster convergence rates and enhanced stability. Extensive experiments on ImageNet and CIFAR-10 demonstrate that the proposed methods consistently outperform 13 state-of-the-art black-box attacks. While maintaining comparable attack success rates, they reduce average query counts by 42.6%, offering a practical and resource-efficient paradigm for real-world deployment under strict query budgets.

In hard-label black-box adversarial attacks, where only the top-1 predicted label is accessible, the prohibitive query complexity poses a major obstacle to practical deployment. In this paper, we focus on optimizing a representative class of attacks that search for the optimal ray direction yielding the minimum $ell_2$-norm perturbation required to move a benign image into the adversarial region. Inspired by Nesterov's Accelerated Gradient (NAG), we propose a momentum-based algorithm, ARS-OPT, which proactively estimates the gradient with respect to a future ray direction inferred from accumulated momentum. We provide a theoretical analysis of its convergence behavior, showing that ARS-OPT enables more accurate directional updates and achieves faster, more stable optimization. To further accelerate convergence, we incorporate surrogate-model priors into ARS-OPT's gradient estimation, resulting in PARS-OPT with enhanced performance. The superiority of our approach is supported by theoretical guarantees under standard assumptions. Extensive experiments on ImageNet and CIFAR-10 demonstrate that our method surpasses 13 state-of-the-art approaches in query efficiency.