Go to ICLR 2026 Conference homepagePisces: Cryptography-based Private Retrieval-Augmented Generation with Dual-Path Retrieval
Keywords: Retrieval-Augmented Generation, Privacy-Preserving, Cryptography
TL;DR: We propose the first cryptography-based RAG framework that protects both queries and documents, while supporting dual-path retrieval.
Abstract: Retrieval-augmented generation (RAG) enhances the response quality of large language models (LLMs) when handling domain-specific tasks, yet raises significant privacy concerns. This is because both the user query and documents within the knowledge base often contain sensitive or confidential information. To address these concerns, we propose $\texttt{Pisces}$, the first practical cryptography-based RAG framework that supports dual-path retrieval, while protecting both the query and documents. Along the semantic retrieval path, we reduce computation and communication overhead by leveraging a coarse-to-fine strategy. Specifically, a novel oblivious filter is used to privately select a candidate set of documents to reduce the scale of subsequent cosine similarity computations. For the lexical retrieval path, to reduce the overhead of repeatedly invoking labeled PSI, we implement a multi-instance labeled PSI protocol to compute term frequencies for BM25 scoring in a single execution. $\texttt{Pisces}$ can also be integrated with existing privacy-preserving LLM inference frameworks to achieve end-to-end privacy. Experiments demonstrate that $\texttt{Pisces}$ achieves retrieval accuracy comparable to the plaintext baselines, within a 1.14% margin.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 17937
Loading