Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PRISM: Privacy-Aware Routing for Adaptive Cloud-Edge LLM Inference via Semantic Sketch Collaboration

Junfei Zhan, Haoxun Shen, Zheng Lin, Tengjiao He

TL;DR

PRISM addresses privacy in cloud‑edge LLM inference by enabling context‑aware routing that balances privacy with utility. It introduces an edge‑driven sensitivity profiling step, entropy‑regularized soft gating for route selection, and an adaptive two‑layer local differential privacy mechanism paired with cloud‑edge semantic sketch collaboration. The framework demonstrates superior privacy–energy–latency trade-offs across diverse domains and heterogeneous model deployments, while maintaining high output quality under strong privacy constraints. The work is validated on realistic prompts, energy measurements, and cloud‑edge setups, highlighting practical impact for privacy‑preserving LLM inference at scale.

Abstract

Large Language Models (LLMs) demonstrate impressive capabilities in natural language understanding and generation, but incur high communication overhead and privacy risks in cloud deployments, while facing compute and memory constraints when confined to edge devices. Cloud-edge inference has emerged as a promising paradigm for improving privacy in LLM services by retaining sensitive computations on local devices. However, existing cloud-edge inference approaches apply uniform privacy protection without considering input sensitivity, resulting in unnecessary perturbation and degraded utility even for non-sensitive tokens. To address this limitation, we propose Privacy-aware Routing for Inference with Semantic Modulation (PRISM), a context-aware framework that dynamically balances privacy and inference quality. PRISM executes in four stages: (1) the edge device profiles entity-level sensitivity; (2) a soft gating module on the edge selects an execution mode - cloud, edge, or collaboration; (3) for collaborative paths, the edge applies adaptive two-layer local differential privacy based on entity risks; and (4) the cloud LLM generates a semantic sketch from the perturbed prompt, which is then refined by the edge-side small language model (SLM) using local context. Our results show that PRISM consistently achieves superior privacy-utility trade-offs across various scenarios, reducing energy consumption and latency to 40-50% of baseline methods such as Uniform and Selective LDP, while maintaining high output quality under strong privacy constraints. These findings are validated through comprehensive evaluations involving realistic prompts, actual energy measurements, and heterogeneous cloud-edge model deployments.

PRISM: Privacy-Aware Routing for Adaptive Cloud-Edge LLM Inference via Semantic Sketch Collaboration

TL;DR

PRISM addresses privacy in cloud‑edge LLM inference by enabling context‑aware routing that balances privacy with utility. It introduces an edge‑driven sensitivity profiling step, entropy‑regularized soft gating for route selection, and an adaptive two‑layer local differential privacy mechanism paired with cloud‑edge semantic sketch collaboration. The framework demonstrates superior privacy–energy–latency trade-offs across diverse domains and heterogeneous model deployments, while maintaining high output quality under strong privacy constraints. The work is validated on realistic prompts, energy measurements, and cloud‑edge setups, highlighting practical impact for privacy‑preserving LLM inference at scale.

Abstract

Large Language Models (LLMs) demonstrate impressive capabilities in natural language understanding and generation, but incur high communication overhead and privacy risks in cloud deployments, while facing compute and memory constraints when confined to edge devices. Cloud-edge inference has emerged as a promising paradigm for improving privacy in LLM services by retaining sensitive computations on local devices. However, existing cloud-edge inference approaches apply uniform privacy protection without considering input sensitivity, resulting in unnecessary perturbation and degraded utility even for non-sensitive tokens. To address this limitation, we propose Privacy-aware Routing for Inference with Semantic Modulation (PRISM), a context-aware framework that dynamically balances privacy and inference quality. PRISM executes in four stages: (1) the edge device profiles entity-level sensitivity; (2) a soft gating module on the edge selects an execution mode - cloud, edge, or collaboration; (3) for collaborative paths, the edge applies adaptive two-layer local differential privacy based on entity risks; and (4) the cloud LLM generates a semantic sketch from the perturbed prompt, which is then refined by the edge-side small language model (SLM) using local context. Our results show that PRISM consistently achieves superior privacy-utility trade-offs across various scenarios, reducing energy consumption and latency to 40-50% of baseline methods such as Uniform and Selective LDP, while maintaining high output quality under strong privacy constraints. These findings are validated through comprehensive evaluations involving realistic prompts, actual energy measurements, and heterogeneous cloud-edge model deployments.

Paper Structure

This paper contains 11 sections, 2 theorems, 18 equations, 4 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Framework Design
  3. Sensitivity Profiling for Context-Aware Routing
  4. Soft Gating with Entropy-Regularized Routing
  5. Adaptive Two‐Layer Local Differential Privacy
  6. Cloud-Edge Semantic Sketch Collaboration
  7. Analysis
  8. Evaluation
  9. Evaluation Setting
  10. Results
  11. Conclusion

Key Result

Theorem 1

Let $M$ be the adaptive two-layer mechanism applied to a sensitive entity $e_i$ with category $c_i \in \mathcal{C}$ (of size $K_1$) and value domain $\mathcal{V}_{c_i^*}$ (of size $K_2$). The mechanism sequentially applies: Then $M = M_2 \circ M_1$ satisfies $(\epsilon_1 + \epsilon_2)$-local differential privacy over the pair $(c_i, e_i)$.

Figures (4)

  • Figure 1: PRISM workflow example illustrating privacy-preserving prompt processing and transformation stages.
  • Figure 2: Illustration of the PRISM routing phase, where the edge-side controller analyzes prompt sensitivity and softly routes requests across cloud, edge, or collaborative paths.
  • Figure 3: Adaptive Two-Layer LDP for Entity Obfuscation
  • Figure 4: Comparison of privacy-preserving methods across privacy budgets on three dimensions: (a) energy consumption in Joules, (b) completion time in seconds, and (c) inference quality evaluated by LLM as a judge.

Theorems & Definitions (4)

  • Theorem 1: Two-Layer LDP Privacy Guarantee
  • proof
  • Theorem 2: Effect of Sensitivity Weight on Budget Allocation
  • proof