{"id":"https://openalex.org/W7133357026","doi":"https://doi.org/10.48550/arxiv.2603.01499","title":"Towards Privacy-Preserving LLM Inference via Covariant Obfuscation (Technical Report)","display_name":"Towards Privacy-Preserving LLM Inference via Covariant Obfuscation (Technical Report)","publication_year":2026,"publication_date":"2026-03-02","ids":{"openalex":"https://openalex.org/W7133357026","doi":"https://doi.org/10.48550/arxiv.2603.01499"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.01499","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01499","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.01499","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5127970315","display_name":"Yu Lin","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Lin, Yu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128029691","display_name":"Qizhi Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Qizhi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128021460","display_name":"Wenqiang Ruan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ruan, Wenqiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127979130","display_name":"Daode Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Daode","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127898196","display_name":"Jue Hong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hong, Jue","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127991112","display_name":"Ye Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Ye","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104347699","display_name":"Hanning Xia","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xia, Hanning","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086254999","display_name":"Yunlong Mao","orcid":"https://orcid.org/0000-0001-9024-9544"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mao, Yunlong","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5127975537","display_name":"Sheng Zhong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhong, Sheng","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5127970315"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.31040000915527344,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.31040000915527344,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.16419999301433563,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14347","display_name":"Big Data and Digital Economy","score":0.04610000178217888,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6866999864578247},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.5067999958992004},{"id":"https://openalex.org/keywords/compatibility","display_name":"Compatibility (geochemistry)","score":0.47609999775886536},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.3849000036716461},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.3734999895095825},{"id":"https://openalex.org/keywords/soundness","display_name":"Soundness","score":0.36169999837875366},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.3578999936580658}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7750999927520752},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6866999864578247},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.5067999958992004},{"id":"https://openalex.org/C2778648169","wikidata":"https://www.wikidata.org/wiki/Q967768","display_name":"Compatibility (geochemistry)","level":2,"score":0.47609999775886536},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4163999855518341},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.3849000036716461},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.3734999895095825},{"id":"https://openalex.org/C39920170","wikidata":"https://www.wikidata.org/wiki/Q693083","display_name":"Soundness","level":2,"score":0.36169999837875366},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3578999936580658},{"id":"https://openalex.org/C177225278","wikidata":"https://www.wikidata.org/wiki/Q192674","display_name":"Factoring","level":2,"score":0.350600004196167},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3407999873161316},{"id":"https://openalex.org/C20574231","wikidata":"https://www.wikidata.org/wiki/Q844605","display_name":"Backward compatibility","level":2,"score":0.3240000009536743},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.3156000077724457},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.31360000371932983},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3133000135421753},{"id":"https://openalex.org/C2779791154","wikidata":"https://www.wikidata.org/wiki/Q258040","display_name":"Model transformation","level":3,"score":0.2831000089645386},{"id":"https://openalex.org/C509989072","wikidata":"https://www.wikidata.org/wiki/Q15188241","display_name":"Model-driven architecture","level":4,"score":0.2743000090122223},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.2728999853134155},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26100000739097595},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2540000081062317},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.25290000438690186}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.01499","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01499","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.01499","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.01499","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6616926789283752,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,70,204],"rapid":[1],"development":[2],"of":[3,13,30,80,101,105,184,201,217,225,238,244],"large":[4],"language":[5],"models":[6,258],"(LLMs)":[7],"has":[8,191],"driven":[9],"the":[10,26,99,106,114,128,140,164,199,242,249],"widespread":[11],"adoption":[12],"cloud-based":[14],"LLM":[15,38,88,109,131],"inference":[16,39,71,110,132,172],"services,":[17],"while":[18,117,177],"also":[19],"bringing":[20],"prominent":[21],"privacy":[22,120,176],"risks":[23],"associated":[24],"with":[25,86,181,234],"transmission":[27],"and":[28,57,142,152,159,174,219],"processing":[29],"private":[31],"data":[32,144,151,175],"in":[33,45,66,259],"remote":[34],"inference.":[35,227],"For":[36],"privacy-preserving":[37,108,130],"technologies":[40],"to":[41,63,93,155,170,223,252,256],"be":[42,52,61,74,91],"practically":[43],"applied":[44],"industrial":[46,135,196],"scenarios,":[47],"three":[48],"core":[49],"requirements":[50],"must":[51],"satisfied":[53],"simultaneously:":[54],"(1)":[55],"Accuracy":[56],"efficiency":[58,221],"losses":[59],"should":[60,90],"minimized":[62],"mitigate":[64],"degradation":[65],"service":[67],"experience.":[68],"(2)":[69],"process":[72],"can":[73],"run":[75],"on":[76,206],"large-scale":[77,257],"clusters":[78],"consist":[79],"heterogeneous":[81],"legacy":[82],"xPUs.":[83],"(3)":[84],"Compatibility":[85],"existing":[87,107,182],"infrastructures":[89,183],"ensured":[92],"reuse":[94],"their":[95],"engineering":[96],"optimizations.":[97],"To":[98,241],"best":[100,243],"our":[102,245],"knowledge,":[103,246],"none":[104],"methods":[111],"satisfy":[112],"all":[113],"above":[115],"constraints":[116],"delivering":[118],"meaningful":[119],"guarantees.":[121],"In":[122],"this":[123],"paper,":[124],"we":[125],"propose":[126],"AloePri,":[127],"first":[129,250],"method":[133,251],"for":[134,166,198],"applications.":[136],"AloePri":[137,190,213,229,247],"protects":[138],"both":[139],"input":[141],"output":[143],"by":[145],"covariant":[146],"obfuscation,":[147],"which":[148],"jointly":[149],"transforms":[150],"model":[153,168,208],"parameters":[154],"achieve":[156],"better":[157],"accuracy":[158,173,215],"privacy.":[160],"We":[161],"carefully":[162],"design":[163],"transformation":[165],"each":[167],"component":[169],"ensure":[171],"keeping":[178],"full":[179],"compatibility":[180],"Language":[185],"Model":[186],"as":[187],"a":[188],"Service.":[189],"been":[192],"integrated":[193],"into":[194],"an":[195],"system":[197],"evaluation":[200,205],"mainstream":[202],"LLMs.":[203],"Deepseek-V3.1-Terminus":[207],"(671B":[209],"parameters)":[210],"demonstrates":[211],"that":[212,224],"causes":[214],"loss":[216],"0.0%~3.5%":[218],"exhibits":[220],"equivalent":[222],"plaintext":[226],"Meanwhile,":[228],"successfully":[230],"resists":[231],"state-of-the-art":[232],"attacks,":[233],"less":[235],"than":[236],"5\\%":[237],"tokens":[239],"recovered.":[240],"is":[248],"exhibit":[253],"practical":[254],"applicability":[255],"real-world":[260],"systems.":[261]},"counts_by_year":[],"updated_date":"2026-04-02T13:48:15.688549","created_date":"2026-03-04T00:00:00"}