A Practical and Privacy-Preserving Framework for Real-World Large Language Model Services

TL;DR

This paper presents a practical framework that enhances user privacy in large language model services by preventing request linkage, using partially blind signatures, with minimal overhead and compatibility with existing systems.

Contribution

It introduces a novel privacy-preserving framework based on partially blind signatures that ensures user anonymity without modifying LLM architectures.

Findings

Framework achieves unlinkability of user requests.

Minimal additional computational and communication overhead.

Compatible with existing LLM service architectures.

Abstract

Large language models (LLMs) have demonstrated exceptional capabilities in text understanding and generation, and they are increasingly being utilized across various domains to enhance productivity. However, due to the high costs of training and maintaining these models, coupled with the fact that some LLMs are proprietary, individuals often rely on online AI as a Service (AIaaS) provided by LLM companies. This business model poses significant privacy risks, as service providers may exploit users' trace patterns and behavioral data. In this paper, we propose a practical and privacy-preserving framework that ensures user anonymity by preventing service providers from linking requests to the individuals who submit them. Our framework is built on partially blind signatures, which guarantee the unlinkability of user requests. Furthermore, we introduce two strategies tailored to both subscription-based and API-based service models, ensuring the protection of both users' privacy and service providers' interests. The framework is designed to integrate seamlessly with existing LLM systems, as it does not require modifications to the underlying architectures. Experimental results demonstrate that our framework incurs minimal computation and communication overhead, making it a feasible solution for real-world applications.