c-llm-safety.typ

// #import "t-main.typ": *
// #show: with-setup

// = LLM Safety & Explainability

// #summary[
//     Large language models are more useful than ever, but they also sometimes gives unprecedented results. These can be toxic speech, privacy explosure, or incorrect factual rmks. While most part of LLM is still not understandable, people comes up with several ways to suppress these kinds of consequences. 
// ]

// == General Discussion

// == Differential Privacy

// A very simple motivating eg: a class teacher wants to investigate the average income of his/her/their students, so in a class meeting he/she/they assign a random number to each student, and gives it to the students, each student adds his/her/their family incoming and the assigned number to this number and pass the result to the next student. The class teacher then knows the sum of all student income because he/she/they knows the assigned number to each student. From the perspective of students, if they keep the secret number to themselves, other students will never know their family income. 

// Differential privacy is somehow the same thing, but with even stricter requirements: the data collector should usually be veiled from specific knowledge of each individual. In the motivating case, the numbers can be randomly generated by the teacher, and then shuffled with a random permutation hiden from the teacher. There are also more advanced and general techniques, based on which part of the information should be hidden. 

// For large language models, the hidden information are defined as follows

// #def("Eps-Delta-DP")[
//     A randomized algorithm $cal(A): cal(X)-> cal(Y)$ is $(epsilon, delta)$-differentially private if for all $X,X'in cal(X)$ that differ only on one element, @Wiki:Differential-Privacy. 
// ]