defense arXiv Jan 30, 2026 · 9w ago
Zhiyuan Cao, Zeyu Ma, Chenhao Yang et al. · Shanghai Key Laboratory of Computer Software Testing and Evaluating · Shanghai Normal University +2 more
Defends LLM user query privacy via embedding-space obfuscation in a semantic null space, blocking server-side input reconstruction
Model Inversion Attack Sensitive Information Disclosure nlp
We propose Obfuscated Semantic Null space Injection for Privacy (OSNIP), a lightweight client-side encryption framework for privacy-preserving LLM inference. Generalizing the geometric intuition of linear kernels to the high-dimensional latent space of LLMs, we formally define the ``Obfuscated Semantic Null Space'', a high-dimensional regime that preserves semantic fidelity while enforcing near-orthogonality to the original embedding. By injecting perturbations that project the original embedding into this space, OSNIP ensures privacy without any post-processing. Furthermore, OSNIP employs a key-dependent stochastic mapping that synthesizes individualized perturbation trajectories unique to each user. Evaluations on 12 generative and classification benchmarks show that OSNIP achieves state-of-the-art performance, sharply reducing attack success rates while maintaining strong model utility under strict security constraints.
llm transformer Shanghai Key Laboratory of Computer Software Testing and Evaluating · Shanghai Normal University · Shanghai Polytechnic University +1 more
ML Security Papers