In the current user-server interaction paradigm of prompted generation with large language models (LLM) on cloud, the server fully controls the generation process, which leaves zero options for users who want to keep the generated text to themselves. We propose LatticeGen, a cooperative framework in which the server still handles most of the computation while the user controls the sampling operation. The key idea is that the true generated sequence is mixed with noise tokens by the user and hidden in a noised lattice. Considering potential attacks from a hypothetically malicious server and how the user can defend against it, we propose the repeated beam-search attack and the mixing noise scheme. In our experiments we apply LatticeGen to protect both prompt and generation. It is shown that while the noised lattice degrades generation quality, LatticeGen successfully protects the true generation to a remarkable degree under strong attacks (more than 50% of the semantic remains hidden as measured by BERTScore).

翻译：在当前用户-服务器交互范式下，基于云端大语言模型(LLM)的提示生成过程中，服务器完全控制生成流程，这导致希望将生成文本保留私密的用户毫无选择余地。我们提出LatticeGen这一协作框架，其中服务器仍承担大部分计算任务，而用户则控制采样操作。其核心思想是：用户将真实生成序列与噪声标记混合，并将其隐藏于加噪格结构中。针对假设存在的恶意服务器攻击及用户防御策略，我们提出重复束搜索攻击与混合噪声方案。实验表明，我们将LatticeGen应用于保护提示与生成内容。结果显示，尽管加噪格结构会降低生成质量，但在强攻击下LatticeGen仍能显著保护真实生成内容（经BERTScore测量，超过50%的语义内容保持隐藏状态）。