Keys in the Weights: Transformer Authentication Using Model-Bound Latent Representations

TL;DR

This paper presents MoBLE, a novel decoder-binding property in Transformer autoencoders that enables model-based authentication through latent representations, facilitating secure AI deployment without secret injection.

Contribution

It introduces ZSDN as a formal decoder-binding metric and demonstrates its application for model authentication and access control in Transformer models.

Findings

Self-decoding achieves over 0.91 exact match

Zero-shot cross-decoding drops to chance levels

Weight-space and attention diagnostics support binding hypothesis

Abstract

We introduce Model-Bound Latent Exchange (MoBLE), a decoder-binding property in Transformer autoencoders formalized as Zero-Shot Decoder Non-Transferability (ZSDN). In identity tasks using iso-architectural models trained on identical data but differing in seeds, self-decoding achieves more than 0.91 exact match and 0.98 token accuracy, while zero-shot cross-decoding collapses to chance without exact matches. This separation arises without injected secrets or adversarial training, and is corroborated by weight-space distances and attention-divergence diagnostics. We interpret ZSDN as model binding, a latent-based authentication and access-control mechanism, even when the architecture and training recipe are public: encoder's hidden state representation deterministically reveals the plaintext, yet only the correctly keyed decoder reproduces it in zero-shot. We formally define ZSDN, a decoder-binding advantage metric, and outline deployment considerations for secure artificial intelligence (AI) pipelines. Finally, we discuss learnability risks (e.g., adapter alignment) and outline mitigations. MoBLE offers a lightweight, accelerator-friendly approach to secure AI deployment in safety-critical domains, including aviation and cyber-physical systems.