pith. sign in

arxiv: 2505.16785 · v1 · pith:GAJBJY6Znew · submitted 2025-05-22 · 💻 cs.CR · cs.AI

CoTSRF: Utilize Chain of Thought as Stealthy and Robust Fingerprint of Large Language Models

classification 💻 cs.CR cs.AI
keywords fingerprintcotsrfllmsfingerprintingrobustsourcestealthyverification
0
0 comments X
read the original abstract

Despite providing superior performance, open-source large language models (LLMs) are vulnerable to abusive usage. To address this issue, recent works propose LLM fingerprinting methods to identify the specific source LLMs behind suspect applications. However, these methods fail to provide stealthy and robust fingerprint verification. In this paper, we propose a novel LLM fingerprinting scheme, namely CoTSRF, which utilizes the Chain of Thought (CoT) as the fingerprint of an LLM. CoTSRF first collects the responses from the source LLM by querying it with crafted CoT queries. Then, it applies contrastive learning to train a CoT extractor that extracts the CoT feature (i.e., fingerprint) from the responses. Finally, CoTSRF conducts fingerprint verification by comparing the Kullback-Leibler divergence between the CoT features of the source and suspect LLMs against an empirical threshold. Various experiments have been conducted to demonstrate the advantage of our proposed CoTSRF for fingerprinting LLMs, particularly in stealthy and robust fingerprint verification.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. FLIPS: Instance-Fingerprinting for LLMs via Pseudo-random Sequences

    cs.LG 2026-06 unverdicted novelty 8.0

    FLIPS identifies LLM instances with 96% closed-set and 90% open-set accuracy by exploiting biases in generated binary random sequences across 237 instances.

  2. Fingerprinting LLMs via Prompt Injection

    cs.CR 2025-09 conditional novelty 7.0

    LLMPrint generates unique, post-processing-robust fingerprints for base LLMs and their variants via optimized prompt injection with statistical verification for gray-box and black-box settings.

  3. Copyright Protection for Large Language Models: A Survey of Methods, Challenges, and Trends

    cs.CR 2025-08 accept novelty 7.0

    A survey of LLM copyright protection that unifies text watermarking, model watermarking, and model fingerprinting while presenting new coverage of fingerprint transfer and removal.