MPU: Towards Secure and Privacy-Preserving Knowledge Unlearning for Large Language Models
This addresses privacy concerns for users and organizations deploying large language models, though it is incremental as it builds on existing unlearning algorithms.
The paper tackles the privacy dilemma in machine unlearning for large language models by proposing MPU, a framework that enables secure unlearning without sharing server parameters or client data, achieving comparable performance to noise-free baselines with average degradation below 1% under 10% noise.
Machine unlearning for large language models often faces a privacy dilemma in which strict constraints prohibit sharing either the server's parameters or the client's forget set. To address this dual non-disclosure constraint, we propose MPU, an algorithm-agnostic privacy-preserving Multiple Perturbed Copies Unlearning framework that primarily introduces two server-side modules: Pre-Process for randomized copy generation and Post-Process for update aggregation. In Pre-Process, the server distributes multiple perturbed and reparameterized model instances, allowing the client to execute unlearning locally on its private forget set without accessing the server's exact original parameters. After local unlearning, the server performs Post-Process by inverting the reparameterization and aggregating updates with a harmonic denoising procedure to alleviate the impact of perturbation. Experiments with seven unlearning algorithms show that MPU achieves comparable unlearning performance to noise-free baselines, with most algorithms' average degradation well below 1% under 10% noise, and can even outperform the noise-free baseline for some algorithms under 1% noise. Code is available at https://github.com/Tristan-SHU/MPU.