Private LoRA Fine-tuning of Open-Source LLMs with Homomorphic Encryption

TL;DR

This paper presents a method for private fine-tuning of open-source LLMs using Low-Rank Adaptation and Homomorphic Encryption, enabling confidential training with minimal local resources and demonstrating practical feasibility.

Contribution

It introduces an interactive protocol combining LoRA with HE for privacy-preserving fine-tuning of LLMs, including implementation on a 1.3B parameter model and performance evaluation.

Findings

Feasibility of HE-based private fine-tuning demonstrated on Llama-3.2-1B.

Achieved convergence with HE-compatible quantization techniques.

Performance benchmarks show practical HE computation on GPU hardware.

Abstract

Preserving data confidentiality during the fine-tuning of open-source Large Language Models (LLMs) is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation (LoRA) technique for private fine-tuning. Homomorphic Encryption (HE) protects the confidentiality of training data and gradients handled by remote worker nodes performing the bulk of computations involving the base model weights. The data owner orchestrates training, requiring minimal local computing power and memory, thus alleviating the need for expensive client-side GPUs. We demonstrate feasibility by fine-tuning a Llama-3.2-1B model, presenting convergence results using HE-compatible quantization and performance benchmarks for HE computations on GPU hardware. This approach enables applications such as confidential knowledge base question answering, private codebase fine-tuning for AI code assistants, AI agents for drafting emails based on a company's email archive, and adapting models to analyze sensitive legal or healthcare documents.