Numerous studies have highlighted the privacy risks associated with pretrained large language models. In contrast, our research offers a unique perspective by demonstrating that pretrained large language models can effectively contribute to privacy preservation. We propose a locally differentially private mechanism called DP-Prompt, which leverages the power of pretrained large language models and zero-shot prompting to counter author de-anonymization attacks while minimizing the impact on downstream utility. When DP-Prompt is used with a powerful language model like ChatGPT (gpt-3.5), we observe a notable reduction in the success rate of de-anonymization attacks, showing that it surpasses existing approaches by a considerable margin despite its simpler design. For instance, in the case of the IMDB dataset, DP-Prompt (with ChatGPT) perfectly recovers the clean sentiment F1 score while achieving a 46\% reduction in author identification F1 score against static attackers and a 26\% reduction against adaptive attackers. We conduct extensive experiments across six open-source large language models, ranging up to 7 billion parameters, to analyze various effects of the privacy-utility tradeoff.

翻译：众多研究已揭示预训练大语言模型存在的隐私风险。相比之下，我们的研究提出了独特视角，证明预训练大语言模型能够有效助力隐私保护。我们提出了一种名为DP-Prompt的局部差分隐私机制，该机制利用预训练大语言模型和零样本提示的能力，在最小化对下游任务效用影响的同时，应对作者去匿名化攻击。当DP-Prompt与ChatGPT（gpt-3.5）等强语言模型配合使用时，我们观察到去匿名化攻击的成功率显著降低，表明尽管设计更简单，其性能仍大幅超越现有方法。例如，在IMDB数据集上，DP-Prompt（基于ChatGPT）完美恢复了原始情感F1分数，同时对静态攻击者的作者识别F1分数降低46%，对自适应攻击者降低26%。我们在六个参数量高达70亿的开源大语言模型上进行了广泛实验，分析了隐私-效用权衡的多种影响。