Generating Privacy-Preserving Personalized Advice with Zero-Knowledge Proofs and LLMs
Hiroki Watanabe, Motonobu Uchikoshi
TL;DR
This work tackles privacy in personalized LLM advice by minimizing data exposure through zero-knowledge proofs and zkVM. It proposes a two-entity architecture and a prompting strategy that partitions user traits into verifiable ($d_1$) and unverifiable ($d_0$) components to generate outputs $A_prop$ and $A_exp$. The approach enables secure verification of user traits without disclosing sensitive data while producing consistent, actionable guidance. Empirical results demonstrate practical feasibility: zkVM can support real-world rule-based inferences with acceptable proof times, and the prompting strategy can yield aligned proposals and explanations, though cross-model behavior under conflicting contexts warrants further study.
Abstract
Large language models (LLMs) are increasingly utilized in domains such as finance, healthcare, and interpersonal relationships to provide advice tailored to user traits and contexts. However, this personalization often relies on sensitive data, raising critical privacy concerns and necessitating data minimization. To address these challenges, we propose a framework that integrates zero-knowledge proof (ZKP) technology, specifically zkVM, with LLM-based chatbots. This integration enables privacy-preserving data sharing by verifying user traits without disclosing sensitive information. Our research introduces both an architecture and a prompting strategy for this approach. Through empirical evaluation, we clarify the current constraints and performance limitations of both zkVM and the proposed prompting strategy, thereby demonstrating their practical feasibility in real-world scenarios.