Related papers: WaterPool: A Watermark Mitigating Trade-offs among Imperceptibility, Efficacy and Robustness

WaterPool: A Watermark Mitigating Trade-offs among Imperceptibility, Efficacy and Robustness

URL: http://arxiv.org/abs/2405.13517v1
Date: Wed, 22 May 2024 10:22:20 GMT
Title: WaterPool: A Watermark Mitigating Trade-offs among Imperceptibility, Efficacy and Robustness
Authors: Baizhou Huang, Xiaojun Wan,
Abstract summary: This paper utilizes a key-centered scheme to unify existing watermarking techniques by decomposing a watermark into two distinct modules. WaterPool is a simple yet effective key module that preserves a complete key sampling space required by imperceptibility while utilizing semantics-based search to improve the key restoration process.
Score: 45.27908390001244
License: http://creativecommons.org/licenses/by/4.0/
Abstract: With the increasing use of large language models (LLMs) in daily life, concerns have emerged regarding their potential misuse and societal impact. Watermarking is proposed to trace the usage of specific models by injecting patterns into their generated texts. An ideal watermark should produce outputs that are nearly indistinguishable from those of the original LLM (imperceptibility), while ensuring a high detection rate (efficacy), even when the text is partially altered (robustness). Despite many methods having been proposed, none have simultaneously achieved all three properties, revealing an inherent trade-off. This paper utilizes a key-centered scheme to unify existing watermarking techniques by decomposing a watermark into two distinct modules: a key module and a mark module. Through this decomposition, we demonstrate for the first time that the key module significantly contributes to the trade-off issues observed in prior methods. Specifically, this reflects the conflict between the scale of the key sampling space during generation and the complexity of key restoration during detection. To this end, we introduce \textbf{WaterPool}, a simple yet effective key module that preserves a complete key sampling space required by imperceptibility while utilizing semantics-based search to improve the key restoration process. WaterPool can integrate with most watermarks, acting as a plug-in. Our experiments with three well-known watermarking techniques show that WaterPool significantly enhances their performance, achieving near-optimal imperceptibility and markedly improving efficacy and robustness (+12.73\% for KGW, +20.27\% for EXP, +7.27\% for ITS).

Related papers

A Nested Watermark for Large Language Models [6.702383792532788]
Large language models (LLMs) can be misused to generate fake news and misinformation.<n>We propose a novel nested watermarking scheme that embeds two distinct watermarks into the generated text.<n>Our method achieves high detection accuracy for both watermarks while maintaining the fluency and overall quality of the generated text.
arXiv Detail & Related papers (2025-06-18T05:49:05Z)
Watermarking Degrades Alignment in Language Models: Analysis and Mitigation [8.866121740748447]
This paper presents a systematic analysis of how two popular watermarking approaches-Gumbel and KGW-affect truthfulness, safety, and helpfulness.<n>We propose an inference-time sampling method that uses an external reward model to restore alignment.
arXiv Detail & Related papers (2025-06-04T21:29:07Z)
MorphMark: Flexible Adaptive Watermarking for Large Language Models [49.3302421751894]
Existing watermark methods often struggle with a dilemma: improving watermark effectiveness comes at the cost of reduced text quality.<n>We develop MorphMark method that adaptively adjusts the watermark strength in response to changes in the identified factor.<n>MorphMark achieves a superior resolution of the effectiveness-quality dilemma, while also offering greater flexibility and time and space efficiency.
arXiv Detail & Related papers (2025-05-14T13:11:16Z)
Entropy-Guided Watermarking for LLMs: A Test-Time Framework for Robust and Traceable Text Generation [58.85645136534301]
Existing watermarking schemes for sampled text often face trade-offs between maintaining text quality and ensuring robust detection against various attacks. We propose a novel watermarking scheme that improves both detectability and text quality by introducing a cumulative watermark entropy threshold.
arXiv Detail & Related papers (2025-04-16T14:16:38Z)
Can you Finetune your Binoculars? Embedding Text Watermarks into the Weights of Large Language Models [33.051248579713736]
Indistinguishability of AI-generated content from human text raises challenges in transparency and accountability. We propose a strategy to finetune a pair of low-rank adapters of a model, one serving as the text-generating model, and the other as the detector. In this way, the watermarking strategy is fully learned end-to-end.
arXiv Detail & Related papers (2025-04-08T21:34:02Z)
Let Watermarks Speak: A Robust and Unforgeable Watermark for Language Models [0.0]
We propose an undetectable, robust, single-bit watermarking scheme. It has a comparable robustness to the most advanced zero-bit watermarking schemes.
arXiv Detail & Related papers (2024-12-27T11:58:05Z)
Ensemble Watermarks for Large Language Models [1.89915151018241]
We propose a multi-feature method for generating watermarks for large language models (LLMs)<n>We combine acrostica and sensorimotor norms with the established red-green watermark to achieve a 98% detection rate.<n>After a paraphrasing attack, the performance remains high with 95% detection rate.
arXiv Detail & Related papers (2024-11-29T09:18:32Z)
WaterPark: A Robustness Assessment of Language Model Watermarking [40.50648910458236]
We develop WaterPark, a unified platform that integrates 10 state-of-the-art watermarkers and 12 representative attacks. We conduct a comprehensive assessment of existing watermarkers, unveiling the impact of various design choices on their attack robustness. Using a generic detector alongside a watermark-specific detector improves the security of vulnerable watermarkers.
arXiv Detail & Related papers (2024-11-20T16:09:22Z)
Can Watermarked LLMs be Identified by Users via Crafted Prompts? [55.460327393792156]
This work is the first to investigate the imperceptibility of watermarked Large Language Models (LLMs) We design an identification algorithm called Water-Probe that detects watermarks through well-designed prompts. Experiments show that almost all mainstream watermarking algorithms are easily identified with our well-designed prompts.
arXiv Detail & Related papers (2024-10-04T06:01:27Z)
Universally Optimal Watermarking Schemes for LLMs: from Theory to Practice [35.319577498993354]
Large Language Models (LLMs) boosts human efficiency but also poses misuse risks. We propose a novel theoretical framework for watermarking LLMs. We jointly optimize both the watermarking scheme and detector to maximize detection performance.
arXiv Detail & Related papers (2024-10-03T18:28:10Z)
WaterSeeker: Pioneering Efficient Detection of Watermarked Segments in Large Documents [65.11018806214388]
WaterSeeker is a novel approach to efficiently detect and locate watermarked segments amid extensive natural text. It achieves a superior balance between detection accuracy and computational efficiency. WaterSeeker's localization ability supports the development of interpretable AI detection systems.
arXiv Detail & Related papers (2024-09-08T14:45:47Z)
Duwak: Dual Watermarks in Large Language Models [49.00264962860555]
We propose, Duwak, to enhance the efficiency and quality of watermarking by embedding dual secret patterns in both token probability distribution and sampling schemes. We evaluate Duwak extensively on Llama2, against four state-of-the-art watermarking techniques and combinations of them.
arXiv Detail & Related papers (2024-03-12T16:25:38Z)
TokenMark: A Modality-Agnostic Watermark for Pre-trained Transformers [67.57928750537185]
TokenMark is a robust, modality-agnostic, robust watermarking system for pre-trained models. It embeds the watermark by fine-tuning the pre-trained model on a set of specifically permuted data samples. It significantly improves the robustness, efficiency, and universality of model watermarking.
arXiv Detail & Related papers (2024-03-09T08:54:52Z)
Proving membership in LLM pretraining data via data watermarks [20.57538940552033]
This work proposes using data watermarks to enable principled detection with only black-box model access. We study two watermarks: one that inserts random sequences, and another that randomly substitutes characters with Unicode lookalikes. We show that we can robustly detect hashes from BLOOM-176B's training data, as long as they occurred at least 90 times.
arXiv Detail & Related papers (2024-02-16T18:49:27Z)
Unbiased Watermark for Large Language Models [67.43415395591221]
This study examines how significantly watermarks impact the quality of model-generated outputs. It is possible to integrate watermarks without affecting the output probability distribution. The presence of watermarks does not compromise the performance of the model in downstream tasks.
arXiv Detail & Related papers (2023-09-22T12:46:38Z)
Hybrid Design of Multiplicative Watermarking for Defense Against Malicious Parameter Identification [46.27328641616778]
We propose a hybrid multiplicative watermarking scheme, where the watermark parameters are periodically updated. We show that the proposed approach makes it difficult for an eavesdropper to reconstruct the watermarking parameters.
arXiv Detail & Related papers (2023-09-05T16:56:53Z)
Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models [72.9364216776529]
We propose a novel watermark removal attack from a different perspective. We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations. Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
arXiv Detail & Related papers (2020-09-18T09:14:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.