OSNIP: Breaking the Privacy-Utility-Efficiency Trilemma in LLM Inference via Obfuscated Semantic Null Space

TL;DR

OSNIP introduces a client-side encryption method for LLM inference that balances privacy, utility, and efficiency by injecting perturbations into a high-dimensional null space, ensuring privacy without sacrificing model performance.

Contribution

It formalizes the Obfuscated Semantic Null Space concept and develops a lightweight, user-specific perturbation technique for privacy-preserving LLM inference.

Findings

Reduces attack success rates significantly.

Maintains high model utility under strict security.

Achieves state-of-the-art privacy-utility trade-offs.

Abstract

We propose Obfuscated Semantic Null space Injection for Privacy (OSNIP), a lightweight client-side encryption framework for privacy-preserving LLM inference. Generalizing the geometric intuition of linear kernels to the high-dimensional latent space of LLMs, we formally define the ``Obfuscated Semantic Null Space'', a high-dimensional regime that preserves semantic fidelity while enforcing near-orthogonality to the original embedding. By injecting perturbations that project the original embedding into this space, OSNIP ensures privacy without any post-processing. Furthermore, OSNIP employs a key-dependent stochastic mapping that synthesizes individualized perturbation trajectories unique to each user. Evaluations on 12 generative and classification benchmarks show that OSNIP achieves state-of-the-art performance, sharply reducing attack success rates while maintaining strong model utility under strict security constraints.