Communication-Efficient Verifiable Attention for LLM Inference

22d ago · Global · primary source: export.arxiv.org

A research team has detailed a method called VeriAttn that speeds up verifiable inference for large language models by shifting attention computations to a graphics processor while a trusted execution environment checks the results, according to a paper posted to arXiv on June 15, 2026 [1]. The approach targets a weakness in remote LLM serving: a client cannot easily confirm that a cloud provider ran the requested model faithfully [1]. For conventional deep neural networks, the TEE-shielded DNN partitioning (TSDP) technique already uses a Trusted Execution Environment (TEE) to compute non-linear components and verify the integrity of linear work offloaded to an untrusted GPU [1]. However, applying TSDP directly to Transformer-based LLMs creates heavy TEE computation and communication overhead [1]. VeriAttn changes the division of labor. It offloads both linear and non-linear attention computations to the GPU, while the TEE performs verification [1]. During the prefill stage, the system uses a two-level pipeline to overlap data movement, TEE pre- and post-processing, and GPU computation [1]. For decoding, when the key-value cache grows beyond available GPU memory, VeriAttn partitions attention across the TEE and GPU to cut down repeated key-value transfers [1]. On an Intel TDX platform, VeriAttn delivered 2.60-3.38× acceleration over TSDP for 6k-token prompts during prefill, and 3.86-5.42× acceleration for 10k-token outputs during decoding [1]. The paper does not include quotes from the authors. Trusted execution environments such as Intel SGX create hardware-enforced private memory regions called enclaves, where code and data are decrypted on the fly inside the CPU [8]. Intel deprecated SGX on consumer Core processors starting with the 11th and 12th generations, but continues development on Xeon chips for cloud and enterprise use [8]. The VeriAttn evaluation relied on Intel TDX, a different TEE technology that extends trust boundaries to entire virtual machines [1]. The work arrives as investment in AI has boomed in the 2020s, fueled by the transformer architecture introduced in 2017 and the rapid public release of large language models [5]. Those models are now integrated into sectors ranging from search to autonomous vehicles, raising parallel demands for both faster inference and stronger integrity guarantees [3][5].

infrastructureresearch-papermodel-releaseproduct-launch

Background sources we checked (7)
  • arxiv.org ↗ Computation integrity of remote large language model (LLM) serving can be questionable. For conventional deep neural networks (DNNs), the existing TEE-shielded DNN partitioning (TSDP) approach uses Trusted Execution Environment (TEE) to compute non-linear components and verify th…
  • en.wikipedia.org ↗ Artificial intelligence (AI) is the capability of computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, perception, and decision-making. It is a field of research in engineering, mathematics and computer…
  • en.wikipedia.org ↗ This glossary of artificial intelligence is a list of definitions of terms and concepts relevant to the study of artificial intelligence (AI), its subdisciplines, and related fields. Related glossaries include Glossary of computer science, Glossary of robotics, Glossary of machin…
  • en.wikipedia.org ↗ The history of artificial intelligence (AI) began in antiquity, with myths, stories, and rumors of artificial beings endowed with intelligence by master craftsmen. The study of logic and formal reasoning from antiquity to the present led to the development of the programmable dig…
  • en.wikipedia.org ↗ x87 is a floating-point-related subset of the x86 architecture instruction set. It originated as an extension of the 8086 instruction set in the form of optional floating-point coprocessors (FPU) that work in tandem with corresponding x86 CPUs. These microchips have names ending …
  • en.wikipedia.org ↗ Intel MPX (Memory Protection Extensions) are a discontinued set of extensions to the x86 instruction set architecture. With compiler, runtime library and operating system support, Intel MPX claimed to enhance security to software by checking pointer references whose normal compil…
  • en.wikipedia.org ↗ Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enc…

Sources

Spot something wrong? Report an issue