Large language models (LLMs) have recently seen widespread adoption in both academia and industry. As these models grow, they become valuable intellectual property (IP), reflecting substantial investments by their owners. The high cost of cloud-based deployment has spurred interest in running models on edge devices, but this risks exposing parameters to theft and unauthorized use. Existing approaches to protect model IP on the edge trade off practicality, accuracy, or deployment requirements. We introduce SLIP, a hybrid inference algorithm designed to protect edge-deployed models from theft. SLIP is, to our knowledge, the first hybrid protocol that is both practical for real-world applications and provably secure, while incurring zero accuracy degradation and minimal latency overhead. It partitions the model across two computing resources: one secure but expensive, and one cost-effective but vulnerable. Using matrix decomposition, the secure resource retains the most sensitive portion of the model's IP while performing only a small fraction of the computation; the vulnerable resource executes the remainder. The protocol includes security guarantees that prevent attackers from using the partition to infer the protected information. Finally, we present experimental results that demonstrate the robustness and effectiveness of our method, positioning it as a compelling solution for protecting LLMs.

翻译：近年来，大型语言模型（LLMs）在学术界与工业界得到广泛应用。随着模型规模的增长，其已成为体现所有者巨额投资的重要知识产权（IP）。基于云的部署成本高昂，促使在边缘设备上运行模型的需求增加，但这可能导致模型参数面临窃取与未授权使用的风险。现有保护边缘模型知识产权的方法往往在实用性、精度或部署要求之间进行权衡。本文提出SLIP，一种旨在保护边缘部署模型免遭窃取的混合推理算法。据我们所知，SLIP是首个兼具实际应用可行性、可证明安全性、且不引入精度损失与仅有极低延迟开销的混合协议。该算法将模型划分至两种计算资源：一种安全但昂贵，另一种经济但易受攻击。通过矩阵分解，安全资源保留模型知识产权中最敏感的部分，仅执行少量计算；易受攻击的资源则执行剩余计算。协议包含安全保证机制，可防止攻击者利用划分信息推断受保护内容。最后，我们通过实验结果验证了该方法的鲁棒性与有效性，表明其是保护大型语言模型知识产权的有力解决方案。