Cape: Context-Aware Prompt Perturbation Mechanism with Differential Privacy
This work addresses privacy concerns for users of LLM inference services like ChatGPT, representing an incremental improvement in privacy-enhancing technologies.
The paper tackles the problem of sensitive user data leakage in large language model inference services by proposing Cape, a context-aware prompt perturbation mechanism with differential privacy, which achieves a better privacy-utility trade-off compared to prior state-of-the-art methods.
Large Language Models (LLMs) have gained significant popularity due to their remarkable capabilities in text understanding and generation. However, despite their widespread deployment in inference services such as ChatGPT, concerns about the potential leakage of sensitive user data have arisen. Existing solutions primarily rely on privacy-enhancing technologies to mitigate such risks, facing the trade-off among efficiency, privacy, and utility. To narrow this gap, we propose Cape, a context-aware prompt perturbation mechanism based on differential privacy, to enable efficient inference with an improved privacy-utility trade-off. Concretely, we introduce a hybrid utility function that better captures the token similarity. Additionally, we propose a bucketized sampling mechanism to handle large sampling space, which might lead to long-tail phenomenons. Extensive experiments across multiple datasets, along with ablation studies, demonstrate that Cape achieves a better privacy-utility trade-off compared to prior state-of-the-art works.