Go to TMLR homepageSLIP: Securing LLM’s IP Using Weights Decomposition
Abstract: Large language models (LLMs) have recently seen widespread adoption, in both academia
and industry. As these models grow, they become valuable intellectual property (IP), reflecting
enormous investments by their owners. Moreover, the high cost of cloud-based
deployment has driven interest towards deployment to edge devices, yet this risks exposing
valuable parameters to theft and unauthorized use. Current methods to protect models’
IP on the edge have limitations in terms of practicality, loss in accuracy, or suitability to
requirements. In this paper, we introduce a novel hybrid inference algorithm, named SLIP,
designed to protect edge-deployed models from theft. SLIP is the first hybrid protocol that
is both practical for real-world applications and provably IP-preserving, while having zero
accuracy degradation and minimal impact on latency. It involves partitioning the model
between two computing resources, one secure but expensive, and another cost-effective but
untrusted. This is achieved through matrix decomposition, ensuring that the secure resource
retains a maximally sensitive portion of the model’s IP while performing a minimal amount
of computations, and vice versa for the untrusted resource. Importantly, the protocol includes
guarantees that prevent attackers from exploiting the partition to infer the model
weights. Finally, we present experimental results that show the robustness and effectiveness
of our method, positioning it as a compelling solution for protecting LLMs.
Submission Type: Regular submission (no more than 12 pages of main content)
Assigned Action Editor: ~Alain_Durmus1
Submission Number: 6696
Loading