Zhifan Luo (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Shuo Shao (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Su Zhang (Huawei Technology), Lijing Zhou (Huawei Technology), Yuke Hu (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Chenxu Zhao (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Zhihao Liu (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Zhan Qin (State Key Laboratory of Blockchain and Data Security, Zhejiang University and Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security)

The Key-Value (KV) cache, which stores intermediate attention computations (Key and Value pairs) to avoid redundant calculations, is a fundamental mechanism for accelerating Large Language Model (LLM) inference. However, this efficiency optimization introduces significant yet underexplored privacy risks. This paper provides the first comprehensive analysis of these vulnerabilities, demonstrating that an adversary can reconstruct sensitive user inputs directly from the KV-cache. We design and implement three distinct attack vectors: a direct Inversion Attack, a more broadly applicable and potent Collision Attack, and a semantic-based Injection Attack. These methods demonstrate the practicality and severity of KV-cache privacy leakage issues. To mitigate this, we propose KV-Cloak, a novel, lightweight, and efficient defense mechanism. KV-Cloak uses a reversible matrix-based obfuscation scheme, combined with operator fusion, to secure the KV-cache. Our extensive experiments show that KV-Cloak effectively thwarts all proposed attacks, reducing reconstruction quality to random noise. Crucially, it achieves this robust security with virtually no degradation in model accuracy and minimal performance overhead, offering a practical solution for trustworthy LLM deployment.

View More Papers

WCDCAnalyzer: Scalable Security Analysis of Wi-Fi Certified Device Connectivity...

Zilin Shen (Purdue University), Imtiaz Karim (The University of Texas at Dallas), Elisa Bertino (Purdue University)

Read More

MEVisor: High-Throughput MEV Discovery in DEXs with GPU Parallelism

Weimin CHEN (The Hong Kong Polytechnic University (PolyU)), Xiapu Luo (The Hong Kong Polytechnic University)

Read More

IsolatOS: Detecting Double Fetch Bugs in COTS RTOS by...

Yingjie Cao (Sun Yat-sen University and The Hong Kong Polytechnic University), Xiaogang Zhu (Adelaide University), Dean Sullivan (University of New Hampshire, US), Haowei Yang, Lei Xue (Sun Yat-sen University), Xian Li (Swinburne University of Technology, Australia), Chenxiong Qian (University of Hong Kong, China), Minrui Yan (Swinburne University of Technology, Australia), Xiapu Luo (The Hong Kong…

Read More