We introduce Model-Bound Latent Exchange (MoBLE), a decoder-binding property in Transformer autoencoders formalized as Zero-Shot Decoder Non-Transferability (ZSDN). In identity tasks using iso-architectural models trained on identical data but differing in seeds, self-decoding achieves more than 0.91 exact match and 0.98 token accuracy, while zero-shot cross-decoding collapses to chance without exact matches. This separation arises without injected secrets or adversarial training, and is corroborated by weight-space distances and attention-divergence diagnostics. We interpret ZSDN as model binding, a latent-based authentication and access-control mechanism, even when the architecture and training recipe are public: encoder's hidden state representation deterministically reveals the plaintext, yet only the correctly keyed decoder reproduces it in zero-shot. We formally define ZSDN, a decoder-binding advantage metric, and outline deployment considerations for secure artificial intelligence (AI) pipelines. Finally, we discuss learnability risks (e.g., adapter alignment) and outline mitigations. MoBLE offers a lightweight, accelerator-friendly approach to secure AI deployment in safety-critical domains, including aviation and cyber-physical systems.
翻译:我们提出了模型绑定潜在交换(MoBLE),这是一种Transformer自编码器中的解码器绑定特性,形式化为零样本解码器不可转移性(ZSDN)。在使用相同数据训练但随机种子不同的同构模型进行身份验证任务时,自解码实现了超过0.91的精确匹配率和0.98的标记准确率,而零样本交叉解码则退化至随机水平且无精确匹配。这种分离现象无需注入密钥或对抗训练即可产生,并通过权重空间距离和注意力散度诊断得到验证。我们将ZSDN解释为模型绑定机制——一种基于潜在表示的认证与访问控制方法,即使在架构和训练方案公开的情况下:编码器的隐藏状态表示能确定性地揭示明文,但仅当使用正确密钥的解码器才能在零样本条件下复现。我们正式定义了ZSDN和解码器绑定优势度量指标,并概述了在安全人工智能(AI)管道中的部署考量。最后,我们探讨了可学习性风险(如适配器对齐)并提出了缓解措施。MoBLE为航空、信息物理系统等安全关键领域提供了一种轻量级、适配加速器的安全AI部署方案。
相关内容
微信扫码咨询专知VIP会员