LatticeGen: A Cooperative Framework which Hides Generated Text in a Lattice for Privacy-Aware Generation on Cloud

TL;DR

LatticeGen introduces a privacy-preserving framework for cloud-based language model generation, allowing users to hide their generated text within a noised lattice, balancing privacy and generation quality.

Contribution

It presents a novel cooperative framework that enables user-controlled privacy in cloud-based LLM generation by embedding true outputs in a noised lattice with defense mechanisms against server attacks.

Findings

Over 50% of semantic content remains hidden under attack

Noised lattice degrades generation quality but enhances privacy

Effective defense against malicious server attacks

Abstract

In the current user-server interaction paradigm of prompted generation with large language models (LLM) on cloud, the server fully controls the generation process, which leaves zero options for users who want to keep the generated text to themselves. We propose LatticeGen, a cooperative framework in which the server still handles most of the computation while the user controls the sampling operation. The key idea is that the true generated sequence is mixed with noise tokens by the user and hidden in a noised lattice. Considering potential attacks from a hypothetically malicious server and how the user can defend against it, we propose the repeated beam-search attack and the mixing noise scheme. In our experiments we apply LatticeGen to protect both prompt and generation. It is shown that while the noised lattice degrades generation quality, LatticeGen successfully protects the true generation to a remarkable degree under strong attacks (more than 50% of the semantic remains hidden as measured by BERTScore).