Cloud-based large language models (LLMs) such as ChatGPT have increasingly become integral to daily operations, serving as vital tools across various applications. While these models offer substantial benefits in terms of accessibility and functionality, they also introduce significant privacy concerns: the transmission and storage of user data in cloud infrastructures pose substantial risks of data breaches and unauthorized access to sensitive information; even if the transmission and storage of data is encrypted, the LLM service provider itself still knows the real contents of the data, preventing individuals or entities from confidently using such LLM services. To address these concerns, this paper proposes a simple yet effective mechanism PromptCrypt to protect user privacy. It uses Emoji to encrypt the user inputs before sending them to LLM, effectively rendering them indecipherable to human or LLM's examination while retaining the original intent of the prompt, thus ensuring the model's performance remains unaffected. We conduct experiments on three tasks, personalized recommendation, sentiment analysis, and tabular data analysis. Experiment results reveal that PromptCrypt can encrypt personal information within prompts in such a manner that not only prevents the discernment of sensitive data by humans or LLM itself, but also maintains or even improves the precision without further tuning, achieving comparable or even better task accuracy than directly prompting the LLM without prompt encryption. These results highlight the practicality of adopting encryption measures that safeguard user privacy without compromising the functional integrity and performance of LLMs. Code and dataset are available at https://github.com/agiresearch/PromptCrypt.

翻译：基于云的大语言模型（如ChatGPT）已日益成为日常运营的核心组成部分，广泛应用于各类应用场景。尽管这些模型在可访问性和功能性方面具有显著优势，但也带来了重大隐私问题：用户数据在云基础设施中的传输和存储存在数据泄露及敏感信息未授权访问的实质性风险；即便数据在传输和存储过程中经过加密，大语言模型服务提供商自身仍能获知数据的真实内容，这阻碍了个人或实体放心使用此类大语言模型服务。为应对这些挑战，本文提出了一种简单而有效的机制——PromptCrypt，以保护用户隐私。该机制在将用户输入发送至大语言模型前，使用表情符号对其进行加密，使其在人类或大语言模型的检查下难以辨认，同时保留提示的原始意图，从而确保模型性能不受影响。我们在个性化推荐、情感分析和表格数据分析三项任务上开展了实验。实验结果表明，PromptCrypt能够以既防止人类或大语言模型本身识别敏感数据，又无需额外微调即可维持甚至提升精度的方式，对提示中的个人信息进行加密，实现与未加密提示直接调用大语言模型相当甚至更优的任务准确率。这些结果凸显了采取加密措施在保障用户隐私的同时不损害大语言模型功能完整性与性能的实用性。代码和数据集请参见 https://github.com/agiresearch/PromptCrypt。