SLIP-SEC: Formalizing Secure Protocols for Model IP Protection

TL;DR

This paper introduces SLIP, a formal framework for secure model inference that splits computation between trusted and untrusted resources, ensuring provable security for protecting large language model IP.

Contribution

It provides the formal definitions, security proofs, and theoretical foundations for hybrid inference protocols that safeguard model IP against various adversaries.

Findings

Achieves information-theoretic security against honest-but-curious adversaries.

Provides robustness against malicious adversaries with negligible soundness error.

Defines formal properties like safety, correctness, efficiency, and t-soundness for hybrid inference protocols.

Abstract

Large Language Models (LLMs) represent valuable intellectual property (IP), reflecting significant investments in training data, compute, and expertise. Deploying these models on partially trusted or insecure devices introduces substantial risk of model theft, making it essential to design inference protocols with provable security guarantees. We present the formal framework and security foundations of SLIP, a hybrid inference protocol that splits model computation between a trusted and an untrusted resource. We define and analyze the key notions of model decomposition and hybrid inference protocols, and introduce formal properties including safety, correctness, efficiency, and t-soundness. We construct secure inference protocols based on additive decompositions of weight matrices, combined with masking and probabilistic verification techniques. We prove that these protocols achieve information-theoretic security against honest-but-curious adversaries, and provide robustness against malicious adversaries with negligible soundness error. This paper focuses on the theoretical underpinnings of SLIP: precise definitions, formal protocols, and proofs of security. Empirical validation and decomposition heuristics appear in the companion SLIP paper. Together, the two works provide a complete account of securing LLM IP via hybrid inference, bridging both practice and theory.