Excuse me, sir? Your language model is leaking (information)
This addresses security and privacy concerns for users of LLMs by enabling undetectable information hiding.
The paper tackles the problem of covertly embedding secret payloads in LLM outputs without detection, achieving provable indistinguishability from normal responses and maintaining text quality.
We introduce a cryptographic method to hide an arbitrary secret payload in the response of a Large Language Model (LLM). A secret key is required to extract the payload from the model's response, and without the key it is provably impossible to distinguish between the responses of the original LLM and the LLM that hides a payload. In particular, the quality of generated text is not affected by the payload. Our approach extends a recent result of Christ, Gunn and Zamir (2023) who introduced an undetectable watermarking scheme for LLMs.