An Efficient Private GPT Never Autoregressively Decodes

TL;DR

This paper introduces a privacy-preserving GPT inference method that leverages public models for decoding and secure verification, significantly reducing latency while maintaining privacy and quality.

Contribution

It proposes a novel approach combining public decoding with secure verification, optimized private sampling, and model alignment to accelerate private GPT inference.

Findings

Achieves 2.1x to 6.0x speedup over standard secure decoding.

Maintains privacy and generation quality comparable to traditional methods.

Effective across multiple model pairs and network conditions.

Abstract

The wide deployment of the generative pre-trained transformer (GPT) has raised privacy concerns for both clients and servers. While cryptographic primitives can be employed for secure GPT inference to protect the privacy of both parties, they introduce considerable performance overhead.To accelerate secure inference, this study proposes a public decoding and secure verification approach that utilizes public GPT models, motivated by the observation that securely decoding one and multiple tokens takes a similar latency. The client uses the public model to generate a set of tokens, which are then securely verified by the private model for acceptance. The efficiency of our approach depends on the acceptance ratio of tokens proposed by the public model, which we improve from two aspects: (1) a private sampling protocol optimized for cryptographic primitives and (2) model alignment using knowledge distillation. Our approach improves the efficiency of secure decoding while maintaining the same level of privacy and generation quality as standard secure decoding. Experiments demonstrate a $2.1\times \sim 6.0\times$ speedup compared to standard decoding across three pairs of public-private models and different network conditions.