What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve the privacy leakage problem caused by the cache - sharing optimization mechanism during the inference process of large - language models (LLMs). Specifically, the paper focuses on the risk of stealing user input information from LLM services through timing side - channel attacks. #### Main problem background 1. **Cache - sharing optimization**: To improve efficiency, cache - sharing methods such as prefix caching and semantic caching are usually adopted during the LLM inference process. These methods accelerate the processing of the same or similar inference requests by reusing the cached state or response. 2. **Privacy leakage risk**: Although the cache mechanism improves performance, it also brings privacy risks. Since requests from different users may share the same cache, resulting in observable changes in response time, this provides clues for timing - based attacks. #### Core problems of the paper - **Security of the cache mechanism**: The paper points out that the existing cache mechanism may inadvertently leak users' private input information while improving performance. In particular, when the cache hits, the response time is significantly reduced, which can be exploited by attackers to infer the input content of other users. - **Effectiveness of the attack**: The paper proposes a new timing - based side - channel attack method - InputSnatch, which is used to steal user input during the LLM inference process. This method constructs candidate inputs and analyzes response times, identifies cache - hit patterns, and thus realizes partial or complete recovery of user input. #### Solutions and contributions - **Systematic investigation**: For the first time, systematically studied the application of timing - based side - channel attacks in LLM inference, analyzed the privacy leakage risks of two cache mechanisms (prefix caching and semantic caching) and the trade - off between performance and privacy. - **Comprehensive attack framework**: Proposed an attack method that combines multiple input construction strategies (such as machine - learning models, LLM analysis, and optimized search) with robust time analysis (statistical fitting and anomaly detection), demonstrating effective input reconstruction capabilities in various deployment scenarios. - **Practical effect verification**: Through experimental verification, the attack framework achieved a 62% success rate in partial input recovery, a 12.5% success rate in complete input extraction, and showed 79.5% effectiveness in semantic - level content reconstruction. ### Summary This paper reveals the privacy leakage risks brought by the cache - sharing optimization mechanism in LLM inference, and proposes a timing - based side - channel attack method - InputSnatch, emphasizing the importance of privacy and security while pursuing performance optimization.