Efficient Privacy-Preserving Retrieval Augmented Generation with Distance-Preserving Encryption

TL;DR

This paper introduces ppRAG, a novel privacy-preserving retrieval system for LLMs that uses distance-preserving encryption to protect user data in untrusted cloud environments while maintaining efficiency and accuracy.

Contribution

The paper presents CAPRISE, a new encryption scheme that preserves relative distances for secure similarity computation, and combines it with differential privacy to enhance privacy in retrieval-augmented generation.

Findings

Achieves high retrieval accuracy with strong privacy guarantees.

Maintains efficient processing throughput suitable for resource-constrained users.

Effectively defends against vector-to-text, vector analysis, and query analysis attacks.

Abstract

RAG has emerged as a key technique for enhancing response quality of LLMs without high computational cost. In traditional architectures, RAG services are provided by a single entity that hosts the dataset within a trusted local environment. However, individuals or small organizations often lack the resources to maintain data storage servers, leading them to rely on outsourced cloud storage. This dependence on untrusted third-party services introduces privacy risks. Embedding-based retrieval mechanisms, commonly used in RAG systems, are vulnerable to privacy leakage such as vector-to-text reconstruction attacks and structural leakage via vector analysis. Several privacy-preserving RAG techniques have been proposed but most existing approaches rely on partially homomorphic encryption, which incurs substantial computational overhead. To address these challenges, we propose an efficient privacy-preserving RAG framework (ppRAG) tailored for untrusted cloud environments that defends against vector-to-text attack, vector analysis, and query analysis. We propose Conditional Approximate Distance-Comparison-Preserving Symmetric Encryption (CAPRISE) that encrypts embeddings while still allowing the cloud to compute similarity between an encrypted query and the encrypted database embeddings. CAPRISE preserves only the relative distance ordering between the encrypted query and each encrypted database embedding, without exposing inter-database distances, thereby enhancing both privacy and efficiency. To mitigate query analysis, we introduce DP by perturbing the query embedding prior to encryption, preventing the cloud from inferring sensitive patterns. Experimental results show that ppRAG achieves efficient processing throughput, high retrieval accuracy, strong privacy guarantees, making it a practical solution for resource-constrained users seeking secure cloud-augmented LLMs.