PFID: Privacy First Inference Delegation Framework for LLMs

TL;DR

PFID is a privacy-preserving framework for LLMs that localizes user data through model sharding and SVD, reducing privacy risks and computational load while maintaining performance.

Contribution

The paper introduces PFID, a novel framework that localizes user data and camouflages prompts in LLMs using model sharding and hidden state compression.

Findings

Maintains comparable performance to traditional LLM services.

Reduces privacy risks by localizing data and camouflaging prompts.

Improves communication efficiency and reduces server computation.

Abstract

This paper introduces a novel privacy-preservation framework named PFID for LLMs that addresses critical privacy concerns by localizing user data through model sharding and singular value decomposition. When users are interacting with LLM systems, their prompts could be subject to being exposed to eavesdroppers within or outside LLM system providers who are interested in collecting users' input. In this work, we proposed a framework to camouflage user input, so as to alleviate privacy issues. Our framework proposes to place model shards on the client and the public server, we sent compressed hidden states instead of prompts to and from servers. Clients have held back information that can re-privatized the hidden states so that overall system performance is comparable to traditional LLMs services. Our framework was designed to be communication efficient, computation can be delegated to the local client so that the server's computation burden can be lightened. We conduct extensive experiments on machine translation tasks to verify our framework's performance.