PFID: Privacy First Inference Delegation Framework for LLMs
This addresses privacy concerns for users of LLM systems by preventing eavesdropping on prompts, though it is an incremental improvement over existing privacy methods.
The paper tackles privacy risks in LLM interactions by introducing PFID, a framework that uses model sharding and singular value decomposition to localize user data and send compressed hidden states instead of prompts, achieving performance comparable to traditional LLM services.
This paper introduces a novel privacy-preservation framework named PFID for LLMs that addresses critical privacy concerns by localizing user data through model sharding and singular value decomposition. When users are interacting with LLM systems, their prompts could be subject to being exposed to eavesdroppers within or outside LLM system providers who are interested in collecting users' input. In this work, we proposed a framework to camouflage user input, so as to alleviate privacy issues. Our framework proposes to place model shards on the client and the public server, we sent compressed hidden states instead of prompts to and from servers. Clients have held back information that can re-privatized the hidden states so that overall system performance is comparable to traditional LLMs services. Our framework was designed to be communication efficient, computation can be delegated to the local client so that the server's computation burden can be lightened. We conduct extensive experiments on machine translation tasks to verify our framework's performance.