This work addresses privacy leakage risks in large language model (LLM) inference, focusing on the fundamental trade-off between privacy protection and model utility. Method: We develop a formal information-theoretic and statistical inference framework that integrates randomized prompt design with adversarial risk modeling to rigorously analyze privacy–utility interplay. Contribution/Results: We propose and prove the first “No-Free-Lunch” theorem for LLM inference, establishing that any randomization mechanism reducing dependence between prompts and private inputs necessarily degrades utility, with a universal, unavoidable lower bound. Our analysis provides the first theoretical limits for privacy-preserving LLM inference, refuting the common assumption that strong privacy guarantees can be achieved without utility loss. The results offer foundational insights for trustworthy LLM deployment.

Individuals and businesses have been significantly benefited by Large Language Models (LLMs) including PaLM, Gemini and ChatGPT in various ways. For example, LLMs enhance productivity, reduce costs, and enable us to focus on more valuable tasks. Furthermore, LLMs possess the capacity to sift through extensive datasets, uncover underlying patterns, and furnish critical insights that propel the frontiers of technology and science. However, LLMs also pose privacy concerns. Users' interactions with LLMs may expose their sensitive personal or company information. A lack of robust privacy safeguards and legal frameworks could permit the unwarranted intrusion or improper handling of individual data, thereby risking infringements of privacy and the theft of personal identities. To ensure privacy, it is essential to minimize the dependency between shared prompts and private information. Various randomization approaches have been proposed to protect prompts' privacy, but they may incur utility loss compared to unprotected LLMs prompting. Therefore, it is essential to evaluate the balance between the risk of privacy leakage and loss of utility when conducting effective protection mechanisms. The current study develops a framework for inferring privacy-protected Large Language Models (LLMs) and lays down a solid theoretical basis for examining the interplay between privacy preservation and utility. The core insight is encapsulated within a theorem that is called as the NFL (abbreviation of the word No-Free-Lunch) Theorem.