Abstract
As major progress in LLM-based long-form text generation enables paradigms such as retrieval-augmented generation (RAG) and inference-time scaling, safely incorporating private information into the generation remains a critical open question. We present InvisibleInk, a highly scalable long-form text generation framework satisfying rigorous differential privacy guarantees with respect to the sensitive references. It interprets sampling from the LLM's next-token-distribution as the exponential mechanism over the LLM logits with two innovations. First, we reduce the privacy cost by isolating and clipping only the sensitive information in the model logits (relative to the public logits). Second, we improve text quality by sampling from a small superset of the top-$k$ private tokens. Empirical evaluations demonstrate a consistent $8\times$ reduction in computation cost over state-of-the-art baselines to generate long-form private text of the same utility across privacy levels. In summary, InvisibleInk is able to generate private long-form text at less than $10\times$ the computation cost of non-private generation.
Abstract (translated)
随着基于大型语言模型(LLM)的长文本生成技术取得了重大进展,诸如检索增强生成(RAG)和推理时间缩放等范式也随之出现。然而,在生成过程中安全地整合私有信息仍然是一个关键且未解决的问题。我们提出了InvisibleInk,这是一个高度可扩展的长文本生成框架,能够对敏感参考数据提供严格的差分隐私保证。 InvisibleInk通过两个创新方法解释了从LLM下一个标记分布中采样的过程:首先,将差分隐私机制应用于模型的对数(logits)上。具体来说,我们通过对私有信息进行隔离和裁剪来减少隐私成本,这些信息相对于公共信息而言是敏感的。其次,通过从一个包含前$k$个私有标记的小超集里采样,提高了文本质量。 实证评估表明,在生成具有相同效用的长篇私人文本时,与最先进的基线方法相比,InvisibleInk在各个隐私级别上将计算成本减少了8倍。总而言之,InvisibleInk能够在不到非私有生成10倍的计算成本的情况下生成私有长文本。
URL
https://arxiv.org/abs/2507.02974
