alt Hacker NewsIs that what they mean in the Wally paper post by
> In previous private search systems, for each client query, the server must perform at least one expensive cryptographic operation per database entry.
?
Is that what they mean in the Wally paper post by
> In previous private search systems, for each client query, the server must perform at least one expensive cryptographic operation per database entry.
?
Exactly. (I had only looked at the homomorphic encryption post, not the Wally post.) Wally tries to work around this limitation by only using homomorphic encryption for a subset of the database, and reducing the resulting information leakage by using an anonymous network to hide which client is querying which subset. They say this network is operated by a third party, but ultimately you still have to trust that the network operator isn't colluding with the server operator to deanonymize your queries. That's a weaker privacy guarantee, but at least it's not painfully slow.