Private LoRA Fine-tuning of Open-Source LLMs with Homomorphic Encryption
This enables sensitive applications like confidential knowledge base question answering and private fine-tuning for legal or healthcare documents, but it is incremental as it builds on existing LoRA and HE techniques.
The paper tackles the problem of preserving data confidentiality during fine-tuning of open-source LLMs by introducing an interactive protocol that adapts LoRA with Homomorphic Encryption to protect training data and gradients, demonstrating feasibility by fine-tuning a Llama-3.2-1B model with convergence results and performance benchmarks.
Preserving data confidentiality during the fine-tuning of open-source Large Language Models (LLMs) is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation (LoRA) technique for private fine-tuning. Homomorphic Encryption (HE) protects the confidentiality of training data and gradients handled by remote worker nodes performing the bulk of computations involving the base model weights. The data owner orchestrates training, requiring minimal local computing power and memory, thus alleviating the need for expensive client-side GPUs. We demonstrate feasibility by fine-tuning a Llama-3.2-1B model, presenting convergence results using HE-compatible quantization and performance benchmarks for HE computations on GPU hardware. This approach enables applications such as confidential knowledge base question answering, private codebase fine-tuning for AI code assistants, AI agents for drafting emails based on a company's email archive, and adapting models to analyze sensitive legal or healthcare documents.