To address the challenge of balancing privacy preservation and query efficiency in large-scale private database search, this paper proposes Wally—a scalable system achieving $(varepsilon,delta)$-differential privacy under high concurrency. Wally integrates four key techniques: (i) an adaptive dummy-query attenuation mechanism—where the number of dummy queries decreases with the number of honest users; (ii) Tor-based anonymous routing; (iii) randomized query submission timing; and (iv) lightweight homomorphic encryption. This design ensures that per-query privacy overhead asymptotically approaches zero as system scale increases. To our knowledge, Wally is the first system to enable efficient private search at the scale of ten million database entries and one million concurrent users. Experiments on a 3.2-million-entry dataset show that Wally achieves 7–28× higher QPS than Tiptoe while reducing communication overhead by 6.69–31×.

This paper presents Wally, a private search system that supports efficient search queries against large databases. When sufficiently many clients are making queries, Wally's performance is significantly better than previous systems while providing a standard privacy guarantee of $(epsilon, delta)$-differential privacy. Specifically, for a database with 3.2 million entries, Wally's queries per second (QPS) is 7-28x higher, and communication is 6.69-31x smaller than Tiptoe, a state-of-the-art private search system. In Wally, each client adds a few fake queries and sends each query via an anonymous network to the server at independently chosen random instants. We also use somewhat homomorphic encryption (SHE) to reduce the communication size. The number of fake queries each client makes depends inversely on the number of clients making queries. Therefore, the overhead of fake queries vanishes as the number of honest clients increases, enabling scalability to millions of queries and large databases.