Cape: Context-Aware Prompt Perturbation Mechanism with Differential Privacy

TL;DR

Cape is a novel differential privacy mechanism for large language models that improves privacy-utility trade-offs by using context-aware prompt perturbation and a hybrid utility function, enabling more efficient and private inference.

Contribution

It introduces a context-aware prompt perturbation mechanism with a hybrid utility function and bucketized sampling, advancing privacy-preserving inference for LLMs.

Findings

Outperforms prior methods in privacy-utility trade-off

Effective in handling large sampling spaces

Demonstrates robustness across multiple datasets

Abstract

Large Language Models (LLMs) have gained significant popularity due to their remarkable capabilities in text understanding and generation. However, despite their widespread deployment in inference services such as ChatGPT, concerns about the potential leakage of sensitive user data have arisen. Existing solutions primarily rely on privacy-enhancing technologies to mitigate such risks, facing the trade-off among efficiency, privacy, and utility. To narrow this gap, we propose Cape, a context-aware prompt perturbation mechanism based on differential privacy, to enable efficient inference with an improved privacy-utility trade-off. Concretely, we introduce a hybrid utility function that better captures the token similarity. Additionally, we propose a bucketized sampling mechanism to handle large sampling space, which might lead to long-tail phenomenons. Extensive experiments across multiple datasets, along with ablation studies, demonstrate that Cape achieves a better privacy-utility trade-off compared to prior state-of-the-art works.