Provable Model Provenance Set for Large Language Models

The growing prevalence of unauthorized model usage and misattribution has increased the need for reliable model provenance analysis. However, existing methods largely rely on heuristic fingerprint-matching rules that lack provable error control and often overlook the existence of multiple sources, leaving the reliability of their provenance claims unverified. In this work, we first formalize the model provenance problem with provable guarantees, requiring rigorous coverage of all true provenances at a prescribed confidence level. Then, we propose the Model Provenance Set (MPS), which employs a sequential test-and-exclusion procedure to adaptively construct a small set satisfying the guarantee. The key idea of MPS is to test the significance of provenance existence within a candidate pool, thereby establishing a provable asymptotic guarantee at a user-specific confidence level. Extensive experiments demonstrate that MPS effectively achieves target provenance coverage while strictly limiting the inclusion of unrelated models, and further reveal its potential for practical provenance analysis in attribution and auditing tasks.

💡 Research Summary

The paper addresses the pressing problem of reliably determining the provenance of large language models (LLMs) in an environment where unauthorized reuse and misattribution are increasingly common. Existing approaches typically rely on heuristic fingerprint‑matching—either threshold‑based similarity scores or trained classifiers—to infer whether a candidate model is a source of a target model. These methods suffer from two major drawbacks: they provide no statistical control over false positives or false negatives, and they assume a single direct source, ignoring the possibility that a model may inherit from multiple ancestors through fine‑tuning chains, merging, or other transformations.

To overcome these limitations, the authors formalize model provenance as a statistical set‑identification problem. Given a target model g and a candidate pool M = {f₁,…,f_M}, they define a distance L_i,t = 1 − s(f_i(x_t), g(x_t)) for each prompt x_t drawn from a distribution Q, where s ∈