LoREnc: Low-Rank Encryption for Securing Foundation Models and LoRA Adapters

TL;DR

LoREnc is a training-free framework that enhances the security of foundation models and LoRA adapters by spectral truncation and reparameterization, preventing unauthorized model recovery.

Contribution

It introduces a novel, practical method for securing models without retraining, using spectral truncation and structural obfuscation techniques.

Findings

LoREnc effectively prevents model recovery attacks.

It incurs less than 1% additional computational overhead.

Authorized users retain exact model performance.

Abstract

Foundation models and low-rank adapters enable efficient on-device generative AI but raise risks such as intellectual property leakage and model recovery attacks. Existing defenses are often impractical because they require retraining or access to the original dataset. We propose LoREnc, a training-free framework that secures both FMs and adapters via spectral truncation and compensation. LoREnc suppresses dominant low-rank components of FM weights, compensates for the missing information in authorized adapters, and further applies orthogonal reparameterization to obscure structural fingerprints of the protected adapter. Unauthorized users produce structurally collapsed outputs, while authorized users recover exact performance. Experiments demonstrate that LoREnc provides strong protection against model recovery with under 1% computational overhead.