Neural language models are increasingly deployed into APIs and websites that allow a user to pass in a prompt and receive generated text. Many of these systems do not reveal generation parameters. In this paper, we present methods to reverse-engineer the decoding method used to generate text (i.e., top-$k$ or nucleus sampling). Our ability to discover which decoding strategy was used has implications for detecting generated text. Additionally, the process of discovering the decoding strategy can reveal biases caused by selecting decoding settings which severely truncate a model's predicted distributions. We perform our attack on several families of open-source language models, as well as on production systems (e.g., ChatGPT).

翻译：神经语言模型日益广泛地部署于API和网站中，允许用户输入提示词并接收生成的文本。许多此类系统未公开生成参数。本文提出一种方法，用于逆向分析生成文本时使用的解码方法（即top-$k$采样或核采样）。识别解码策略的能力对检测生成文本具有应用价值。此外，发现解码策略的过程可揭示因选择严重截断模型预测分布的解码设置而导致的偏差。我们对多个开源语言模型家族及生产系统（如ChatGPT）进行了攻击实验。