To address privacy leakage risks in prompt tuning for large language models (LLMs) using private user data, this paper proposes RAPT, a prompt-tuning framework grounded in local differential privacy (LDP). Methodologically, RAPT introduces a private token reconstruction auxiliary task jointly optimized with the downstream task and injects LDP noise at the token level to achieve end-to-end privacy protection. Crucially, it operates without requiring a trusted third party and provides rigorous LDP guarantees against strong adversarial attackers. Experimental results demonstrate that RAPT achieves performance on multiple natural language understanding (NLU) benchmarks that closely matches non-private prompt tuning, substantially outperforming existing LDP-based prompt-tuning baselines. Notably, RAPT is the first method to enable efficient private prompt learning under high privacy budgets (e.g., ε ≥ 4), bridging the long-standing utility–privacy trade-off in private LLM adaptation.

Prompt tuning provides an efficient way for users to customize Large Language Models (LLMs) with their private data in the emerging LLM service scenario. However, the sensitive nature of private data brings the need for privacy preservation in LLM service customization. Based on prompt tuning, we propose Privacy-Preserving Prompt Tuning (RAPT), a framework that provides privacy guarantees for LLM services. extsc{rapt} adopts a local privacy setting, allowing users to privatize their data locally with local differential privacy. As prompt tuning performs poorly when directly trained on privatized data, we introduce a novel privatized token reconstruction task that is trained jointly with the downstream task, allowing LLMs to learn better task-dependent representations. Despite the simplicity of our framework, experiments show that RAPT achieves competitive performance across tasks while providing privacy guarantees against adversaries.