[2401.00870] ConfusionPrompt: Practical Private Inference for Online Large Language Models

Computer Science > Cryptography and Security arXiv:2401.00870 (cs) [Submitted on 30 Dec 2023 (v1), last revised 8 Apr 2026 (this version, v5)] Title:ConfusionPrompt: Practical Private Inference for Online Large Language Models Authors:Peihua Mai, Youjia Yang, Ran Yan, Rui Ye, Yan Pang View a PDF of the paper titled ConfusionPrompt: Practical Private Inference for Online Large Language Models, by Peihua Mai and 4 other authors View PDF HTML (experimental) Abstract:State-of-the-art large language models (LLMs) are typically deployed as online services, requiring users to transmit detailed prompts to cloud servers. This raises significant privacy concerns. In response, we introduce ConfusionPrompt, a novel framework for private LLM inference that protects user privacy by: (i) decomposing the original prompt into smaller sub-prompts, and (ii) generating pseudo-prompts alongside the genuine sub-prompts, which are then sent to the LLM. The server responses are later recomposed by the user to reconstruct the final output. This approach offers key advantages over previous LLM privacy protection methods: (i) it integrates seamlessly with existing black-box LLMs, and (ii) it delivers a significantly improved privacy-utility trade-off compared to existing text perturbation methods. We also develop a $(\lambda, \mu, \rho)$-privacy model to formulate the requirements for a privacy-preserving group of prompts and provide a complexity analysis to justify the role of prompt decomposition....