This paper introduces \textit{Federated Retrieval-Augmented Generation (FRAG)}, a novel database management paradigm tailored for the growing needs of retrieval-augmented generation (RAG) systems, which are increasingly powered by large-language models (LLMs). FRAG enables mutually-distrusted parties to collaboratively perform Approximate $k$-Nearest Neighbor (ANN) searches on encrypted query vectors and encrypted data stored in distributed vector databases, all while ensuring that no party can gain any knowledge about the queries or data of others. Achieving this paradigm presents two key challenges: (i) ensuring strong security guarantees, such as Indistinguishability under Chosen-Plaintext Attack (IND-CPA), under practical assumptions (e.g., we avoid overly optimistic assumptions like non-collusion among parties); and (ii) maintaining performance overheads comparable to traditional, non-federated RAG systems. To address these challenges, FRAG employs a single-key homomorphic encryption protocol that simplifies key management across mutually-distrusted parties. Additionally, FRAG introduces a \textit{multiplicative caching} technique to efficiently encrypt floating-point numbers, significantly improving computational performance in large-scale federated environments. We provide a rigorous security proof using standard cryptographic reductions and demonstrate the practical scalability and efficiency of FRAG through extensive experiments on both benchmark and real-world datasets.
翻译:本文提出\textit{联邦检索增强生成(FRAG)},这是一种专为日益由大语言模型驱动的检索增强生成系统发展需求而设计的新型数据库管理范式。FRAG使互不信任的参与方能够对加密查询向量和分布式向量数据库中存储的加密数据协同执行近似$k$最近邻搜索,同时确保任何参与方都无法获取其他方的查询或数据信息。实现该范式面临两大关键挑战:(一)在实际假设下(例如避免采用参与方非共谋等过度乐观的假设)确保强安全保证,如选择明文攻击下的不可区分性;(二)保持与传统非联邦RAG系统相当的性能开销。为解决这些挑战,FRAG采用单密钥同态加密协议以简化互不信任参与方间的密钥管理。此外,FRAG提出\textit{乘性缓存}技术来高效加密浮点数,显著提升了大规模联邦环境下的计算性能。我们通过标准密码学归约方法给出了严格的安全性证明,并在基准数据集和真实数据集上通过大量实验验证了FRAG的实际可扩展性与高效性。