Interval-Calibrated Noisy Quantization: A Parameter-Free Defense Against Quantization-Gap Attacks

Abstract

Post-training quantization enables efficient LLM deployment but introduces security vulnerabilities: quantization-gap attacks craft weights that appear benign in full precision but become malicious after quantization. Existing defenses inject Gaussian noise before quantization, but require per-model grid search to determine the noise scale---impractical for deployment. We propose interval-calibrated noisy quantization, which derives noise scale directly from quantization interval half-widths. Our key insight is that the half-width $h$ defines the scale of adversarial vulnerability; noise at $\sigma \approx h$ disrupts malicious weight positioning while minimizing utility impact. We compute $\hat{\sigma}$ as the median of per-layer half-widths, requiring no evaluation data. On the ELQ attack benchmark (Phi-2 + LLM.int8()), our per-layer method achieves 98.77% code security (vs.\ 33.4% without defense), matching grid-search baselines (98.17%) within 0.6 percentage points while preserving utility across HumanEval, MBPP, MMLU, and TruthfulQA. Our parameter-free approach enables practical secure deployment of quantized LLMs.