SLIP: Securing LLMs IP Using Weights Decomposition
Yehonathan Refael, Adam Hakim, Lev Greenberg, Satya Lokam, Tal Aviv, Ben Fishman, Shachar Seidman, Racchit Jain, Jay Tenenbaum
TL;DR
SLIP is a practical, secure hybrid inference protocol that protects large language model IP on edge devices without sacrificing accuracy or incurring significant latency, by partitioning models across secure and vulnerable resources.
Contribution
SLIP introduces the first practical, provably secure hybrid inference method for LLMs that preserves accuracy and minimizes latency by partitioning models using matrix decomposition.
Findings
SLIP effectively prevents model IP theft on edge devices.
SLIP incurs minimal latency overhead.
SLIP maintains model accuracy during inference.
Abstract
Large language models (LLMs) have recently seen widespread adoption in both academia and industry. As these models grow, they become valuable intellectual property (IP), reflecting substantial investments by their owners. The high cost of cloud-based deployment has spurred interest in running models on edge devices, but this risks exposing parameters to theft and unauthorized use. Existing approaches to protect model IP on the edge trade off practicality, accuracy, or deployment requirements. We introduce SLIP, a hybrid inference algorithm designed to protect edge-deployed models from theft. SLIP is, to our knowledge, the first hybrid protocol that is both practical for real-world applications and provably secure, while incurring zero accuracy degradation and minimal latency overhead. It partitions the model across two computing resources: one secure but expensive, and one…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital Rights Management and Security