This paper presents Wally, a private search system that supports efficient semantic and keyword search queries against large databases. When sufficiently many clients are making queries, Wally's performance is significantly better than previous systems. In previous private search systems, for each client query, the server must perform at least one expensive cryptographic operation per database entry. As a result, performance degraded proportionally with the number of entries in the database. In Wally, we get rid of this limitation. Specifically, for each query the server performs cryptographic operations only against a few database entries. We achieve these results by requiring each client to add a few fake queries and send each query via an anonymous network to the server at independently chosen random instants. Additionally, each client also uses somewhat homomorphic encryption (SHE) to hide whether a query is real or fake. Wally provides $(\epsilon, \delta)$-differential privacy guarantee, which is an accepted standard for strong privacy. The number of fake queries each client makes depends inversely on the number of clients making queries. Therefore, the fake queries' overhead vanishes as the number of clients increases, enabling scalability to millions of queries and large databases. Concretely, Wally can process eight million queries in just 117 mins. That is around four orders of magnitude less than the state of the art.

翻译：本文提出Wally，一种支持对大规模数据库进行高效语义与关键词搜索查询的私有搜索系统。当有足够多客户端发起查询时，Wally的性能显著优于现有系统。在以往的私有搜索系统中，服务器需为每个客户端查询对每条数据库记录执行至少一次高开销的密码学操作，导致性能随数据库记录数量成比例下降。Wally突破了这一限制：服务器仅需对少量数据库记录执行密码学操作即可处理每个查询。为实现这一目标，我们要求每个客户端添加若干虚假查询，并通过匿名网络在独立选取的随机时刻向服务器发送每个查询。此外，客户端还采用轻度同态加密技术隐藏查询的真实性。Wally提供$(\epsilon, \delta)$-差分隐私保证，这是公认的强隐私保护标准。每个客户端需生成的虚假查询数量与发起查询的客户端总数成反比，因此当客户端数量增加时，虚假查询的开销将趋近于零，从而实现对数百万查询和大规模数据库的可扩展处理。具体而言，Wally仅需117分钟即可处理八百万条查询，比现有最优技术提升约四个数量级。