Existing searchable encryption schemes struggle to simultaneously support Boolean range queries over spatial data while preserving both access and search pattern privacy. This work proposes BRASP, the first scheme to achieve strong privacy guarantees for Boolean range queries on encrypted spatial data. BRASP constructs an encrypted inverted index using Hilbert curve prefix encoding and, under a dual non-colluding server architecture, integrates index shuffling, ID field redistribution, and a forward-secure mechanism to effectively conceal query patterns while supporting dynamic updates. Experimental evaluation on real-world datasets demonstrates that BRASP achieves low computational and communication overhead alongside high practicality. To ensure reproducibility, the implementation has been made publicly available.

Searchable Encryption (SE) enables users to query outsourced encrypted data while preserving data confidentiality. However, most efficient schemes still leak the search pattern and access pattern, which may allow an honest-but-curious cloud server to infer query contents, user interests, or returned records from repeated searches and observed results. Existing pattern-hiding solutions mainly target keyword queries and do not naturally support Boolean range queries over encrypted spatial data. This paper presents BRASP, a searchable encryption scheme for Boolean range queries over encrypted spatial data. BRASP combines Hilbert-curve-based prefix encoding with encrypted prefix--ID and keyword--ID inverted indexes to support efficient spatial range filtering and conjunctive keyword matching. To hide the search pattern and access pattern under a dual-server setting, BRASP integrates index shuffling for encrypted keyword and prefix entries with ID-field redistribution across two non-colluding cloud servers. BRASP also supports dynamic updates and achieves forward security. We formalize the security of BRASP through confidentiality, shuffle indistinguishability, query unforgeability, and forward-security analyses, and we evaluate its performance experimentally on a real-world dataset. The results show that BRASP effectively protects query privacy while incurring relatively low computation and communication overhead. To facilitate reproducibility and further research, the source code of BRASP is publicly available at https://github.com/Egbert-Lannister/BRASP