In the current user-server interaction paradigm of prompted generation with large language models (LLM) on cloud, the server fully controls the generation process, which leaves zero options for users who want to keep the generated text to themselves. We propose LatticeGen, a cooperative framework in which the server still handles most of the computation while the user controls the sampling operation. The key idea is that the true generated sequence is mixed with noise tokens by the user and hidden in a noised lattice. Considering potential attacks from a hypothetically malicious server and how the user can defend against it, we propose the repeated beam-search attack and the mixing noise scheme. In our experiments we apply LatticeGen to protect both prompt and generation. It is shown that while the noised lattice degrades generation quality, LatticeGen successfully protects the true generation to a remarkable degree under strong attacks (more than 50% of the semantic remains hidden as measured by BERTScore).

翻译：在当前云端大语言模型（LLM）提示生成的用户-服务器交互范式中，服务器完全控制生成过程，这使得希望将生成文本保留给自己的用户别无选择。我们提出LatticeGen，一种协作框架，其中服务器仍处理大部分计算，而用户控制采样操作。关键思想是，用户将真实生成序列与噪声令牌混合，并将其隐藏在加噪格中。考虑假设的恶意服务器可能发起的攻击以及用户如何防御，我们提出了重复束搜索攻击和混合噪声方案。在我们的实验中，我们应用LatticeGen来保护提示和生成。结果表明，虽然加噪格降低了生成质量，但LatticeGen在强攻击下成功保护了真实生成（据BERTScore衡量，超过50%的语义仍处于隐藏状态）。