On the Risks of Stealing the Decoding Algorithms of Language Models

Add code
Mar 09, 2023
Ali Naseh, Kalpesh Krishna, Mohit Iyyer, Amir Houmansadr
Figure 1 for On the Risks of Stealing the Decoding Algorithms of Language Models
Figure 2 for On the Risks of Stealing the Decoding Algorithms of Language Models
Figure 3 for On the Risks of Stealing the Decoding Algorithms of Language Models
Figure 4 for On the Risks of Stealing the Decoding Algorithms of Language Models

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

A key component of generating text from modern language models (LM) is the selection and tuning of decoding algorithms. These algorithms determine how to generate text from the internal probability distribution generated by the LM. The process of choosing a decoding algorithm and tuning its hyperparameters takes significant time, manual effort, and computation, and it also requires extensive human evaluation. Therefore, the identity and hyperparameters of such decoding algorithms are considered to be extremely valuable to their owners. In this work, we show, for the first time, that an adversary with typical API access to an LM can steal the type and hyperparameters of its decoding algorithms at very low monetary costs. Our attack is effective against popular LMs used in text generation APIs, including GPT-2 and GPT-3. We demonstrate the feasibility of stealing such information with only a few dollars, e.g., $\$0.8$, $\$1$, $\$4$, and $\$40$ for the four versions of GPT-3.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon