Go to NeurIPS 2025 Workshop Lock-LLM homepageDo Privacy Mechanisms Enable Cheap Verifiable Inference of LLMs? An Initial Exploration
Keywords: LLM, Verifiability, Privacy, Trust
TL;DR: We devise two new protocols that provide cheap verification of LLM inference using privacy mechanisms.
Abstract: As large language models (LLMs) continue to grow in size, users often rely on third-party hosting and inference service providers. However, in this setting, there is a lack of guarantees on the computation performed by the inference provider. For example, a dishonest provider may replace an expensive large model with a cheaper-to-run weaker model and return the results from the weaker model to the user. Existing tools to verify inference typically rely on methods from cryptography such as zero-knowledge proofs (ZKPs), but these typically add significant computational overhead to vanilla inference. In this work, we develop a new insight -- that given a method for performing *private* LLM inference, one can obtain forms of *verified* inference at marginal extra cost. Specifically, we propose two new protocols, the *logit fingerprint* protocol and the *append key* protocol, each of which leverage privacy-preserving LLM inference in order to provide different guarantees over the inference that was carried out. Both approaches are cheap, requiring the addition of a few extra tokens of computation respectively, and have little to no downstream impact. Our work provides novel insights in the connections between privacy and verifiability in the domain of LLM inference.
Submission Number: 31
Loading