LLMs Can Understand Encrypted Prompt: Towards Privacy-Computing Friendly Transformers

LLMs Can Understand Encrypted Prompt: Towards Privacy-Computing Friendly Transformers
Photo by Google DeepMind / Unsplash


Original Paper: https://arxiv.org/abs/2305.18396

By: Xuanqi LiuZhuotao Liu

Abstract:

The community explored to build private inference frameworks for transformer-based large language models (LLMs) in a server-client setting, where the server holds the model parameters and the client inputs its private data (or prompt) for inference.

However, these frameworks impose significant overhead when the private inputs are forward propagated through the original LLMs.

In this paper, we show that substituting the computation- and communication-heavy operators in the transformer architecture with privacy-computing friendly approximations can greatly reduce the private inference costs while incurring very minor impact on model performance.

Compared to state-of-the-art Iron (NeurIPS 2022), our privacy-computing friendly model inference pipeline achieves a 5× acceleration in computation and an 80% reduction in communication overhead, while retaining nearly identical accuracy.

Summary Notes

Enhancing Privacy in Language Models: A New Approach to Private Inference

Language models like GPT-3 have transformed how machines interpret human language, playing a pivotal role in services from automated support to personalized content. However, their use in handling sensitive data has sparked privacy concerns, primarily because they require plaintext inputs, risking data exposure to service providers.

A new study presents a novel method for private inference, allowing language models to process encrypted data, safeguarding user privacy.

This post aims to provide AI engineers with an in-depth look at this development, highlighting its significance in enhancing privacy in AI applications.

The Challenge with Private Inference in Transformers

As language models become more common, the need for better privacy protections has become urgent. Traditional models need unencrypted queries, posing a significant privacy risk.

Private inference offers a solution by encrypting user inputs so that they can be processed without decryption.

However, the complex nature of transformer-based models, which many modern language models use, makes private inference challenging due to their computational demands.

Previous Methods for Preserving Privacy

Earlier efforts to maintain privacy during inference used Homomorphic Encryption (HE) and Secure Multiparty Computation (MPC).

HE faced difficulties with the non-linear operations in language models, causing high computational costs. While MPC and polynomial encoding provided alternatives, they lacked in efficiency and scalability.

A New Framework for Privacy

The study introduces a framework designed for private inference on transformers, using privacy-computing friendly operators to reduce computational load without losing accuracy.

This method cleverly replaces expensive operations with more efficient ones and uses secret-sharing for inputs and weights, fitting well with transformer models.

Techniques for Private Transformer Inference

  • Linear Operations: The framework uses encrypted matrix multiplication protocols to keep data encrypted during linear operations.
  • Non-linear Operations: It approximates non-linear functions like GELU, softmax, and layer normalization with privacy-friendly operations, using cryptography to ensure computation privacy.

Efficiency Optimization Techniques

The framework employs several techniques to boost efficiency:

  • Communication Efficiency: It optimizes matrix multiplication protocols to reduce the required data size for transmission, enhancing speed.
  • Hardware Utilization: Using GPU acceleration for homomorphic encryption operations significantly improves efficiency, making private inference feasible for enterprise use.

Performance Insights

Performance tests on models like BERT-Tiny have shown notable improvements in speed and communication efficiency. Compared to existing systems like Iron, this new framework excels at performing privacy-friendly model inference.

Looking Ahead

This study marks a significant step forward in addressing privacy concerns with language models, offering a method for efficient private inference on transformer models.

As technology evolves, we anticipate further enhancements and practical applications of these techniques, leading to a new phase of privacy-focused AI development.

The potential for this research to influence future work in the field is considerable, promising improved privacy safeguards in our increasingly data-centric world.

Further Exploration

For those interested in the technical details, supplementary materials and an extensive list of references are available for a deeper dive into the study. This information provides valuable insight into the research's comprehensive approach, highlighting the ongoing efforts to enhance privacy in language models through private inference.

As AI becomes more intertwined with our digital existence, protecting sensitive information remains crucial, underscoring the importance of continued innovation in privacy computing.

Read more