This work addresses the timely yet underexplored problem of performing inference and finetuning of a proprietary LLM owned by a model provider entity on the confidential/private data of another data owner entity, in a way that ensures the confidentiality of both the model and the data. Hereby, the finetuning is conducted offsite, i.e., on the computation infrastructure of a third-party cloud provider. We tackle this problem by proposing ObfuscaTune, a novel, efficient and fully utility-preserving approach that combines a simple yet effective obfuscation technique with an efficient usage of confidential computing (only 5% of the model parameters are placed on TEE). We empirically demonstrate the effectiveness of ObfuscaTune by validating it on GPT-2 models with different sizes on four NLP benchmark datasets. Finally, we compare to a na\"ive version of our approach to highlight the necessity of using random matrices with low condition numbers in our approach to reduce errors induced by the obfuscation.
翻译:本研究针对一个当前重要但尚未充分探索的问题:如何在确保模型与数据双方机密性的前提下,在数据所有方的机密/私有数据上,对模型提供方所有的专有大语言模型进行推理与微调。其中微调过程以离站方式执行,即依托第三方云服务商的计算基础设施。我们通过提出ObfuscaTune来解决该问题,这是一种新颖、高效且完全保持功能效用的方法,其将简单而有效的混淆技术与机密计算的高效运用相结合(仅5%的模型参数置于可信执行环境中)。我们在四个自然语言处理基准数据集上,通过对不同规模的GPT-2模型进行验证,实证证明了ObfuscaTune的有效性。最后,我们与方法的朴素版本进行对比,以凸显在本方法中使用低条件数随机矩阵对于降低混淆引入误差的必要性。