We introduce a cryptographic method to hide an arbitrary secret payload in the response of a Large Language Model (LLM). A secret key is required to extract the payload from the model's response, and without the key it is provably impossible to distinguish between the responses of the original LLM and the LLM that hides a payload. In particular, the quality of generated text is not affected by the payload. Our approach extends a recent result of Christ, Gunn and Zamir (2023) who introduced an undetectable watermarking scheme for LLMs.
Excuse me, sir? Your language model is leaking (information)
A cryptographic method enables hiding a secret payload in Large Language Model responses without affecting text quality or detectability.
- Year
- 2024
- Venue
- arXiv 2024
- Authors
- 1
- Hosting
- Abstract onlyARXIV-DEFAULT
Cite
Notes
Only stored in your browser.
Attribution
- Abstract & full text
- arxiv.org/abs/2401.10360ARXIV-DEFAULT
- TL;DR
- Semantic Scholar