![[2509.06326] AttestLLM: Efficient Attestation Framework for Billion-scale On-device LLMs](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2509.06326] AttestLLM: Efficient Attestation Framework for Billion-scale On-device LLMs
Summary
The paper presents AttestLLM, a novel framework for efficiently attesting billion-scale on-device LLMs, ensuring model legitimacy and protecting intellectual property.
Why It Matters
As on-device LLMs gain popularity for their privacy and responsiveness benefits, ensuring their legitimacy becomes crucial. AttestLLM addresses the limitations of existing attestation methods, providing a robust solution to safeguard against model forgery and unauthorized execution, which is vital for developers and manufacturers in the AI field.
Key Takeaways
- AttestLLM is designed specifically for billion-parameter LLMs, addressing existing attestation inefficiencies.
- The framework utilizes a co-design approach to embed watermarking signatures for model verification.
- It optimizes attestation protocols within Trusted Execution Environments to maintain inference performance.
- Extensive evaluations demonstrate AttestLLM's effectiveness against model replacement and forgery attacks.
- The framework enhances the security of on-device AI applications, crucial for device manufacturers.
Computer Science > Cryptography and Security arXiv:2509.06326 (cs) [Submitted on 8 Sep 2025 (v1), last revised 23 Feb 2026 (this version, v2)] Title:AttestLLM: Efficient Attestation Framework for Billion-scale On-device LLMs Authors:Ruisi Zhang, Yifei Zhao, Neusha Javidnia, Mengxin Zheng, Farinaz Koushanfar View a PDF of the paper titled AttestLLM: Efficient Attestation Framework for Billion-scale On-device LLMs, by Ruisi Zhang and 4 other authors View PDF HTML (experimental) Abstract:As on-device LLMs(e.g., Apple on-device Intelligence) are widely adopted to reduce network dependency, improve privacy, and enhance responsiveness, verifying the legitimacy of models running on local devices becomes critical. Existing attestation techniques are not suitable for billion-parameter Large Language Models (LLMs), struggling to remain both time- and memory-efficient while addressing emerging threats in the LLM era. In this paper, we present AttestLLM, the first-of-its-kind attestation framework to protect the hardware-level intellectual property (IP) of device vendors by ensuring that only authorized LLMs can execute on target platforms. AttestLLM leverages an algorithm/software/hardware co-design approach to embed robust watermarking signatures onto the activation distributions of LLM building blocks. It also optimizes the attestation protocol within the Trusted Execution Environment (TEE), providing efficient verification without compromising inference throughput. Extensive proof...
