SLIP-SEC: Formalizing Secure Protocols for Model IP Protection

Large Language Models (LLMs) represent valuable intellectual property (IP), reflecting significant investments in training data, compute, and expertise. Deploying these models on partially trusted or insecure devices introduces substantial risk of model theft, making it essential to design inference protocols with provable security guarantees. We present the formal framework and security foundations of SLIP, a hybrid inference protocol that splits model computation between a trusted and an untrusted resource. We define and analyze the key notions of model decomposition and hybrid inference protocols, and introduce formal properties including safety, correctness, efficiency, and t-soundness. We construct secure inference protocols based on additive decompositions of weight matrices, combined with masking and probabilistic verification techniques. We prove that these protocols achieve information-theoretic security against honest-but-curious adversaries, and provide robustness against malicious adversaries with negligible soundness error. This paper focuses on the theoretical underpinnings of SLIP: precise definitions, formal protocols, and proofs of security. Empirical validation and decomposition heuristics appear in the companion SLIP paper. Together, the two works provide a complete account of securing LLM IP via hybrid inference, bridging both practice and theory.

Key Contributions

• Formal definitions of hybrid inference protocols for LLMs with properties including safety, correctness, efficiency, and t-soundness
• Secure inference protocol based on additive decomposition of weight matrices combined with masking techniques, achieving information-theoretic security against honest-but-curious adversaries
• Formal proof of robustness against malicious adversaries with negligible soundness error via probabilistic verification

🛡️ Threat Analysis

Details

Similar Papers