On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark

• URL: http://arxiv.org/abs/2502.04901v1
• Date: Fri, 07 Feb 2025 13:11:28 GMT
• Title: On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark
• Authors: Jaiden Fairoze, Guillermo Ortiz-Jiménez, Mel Vecerik, Somesh Jha, Sven Gowal,
• Abstract summary: No existing scheme combines robustness, unforgeability, and public-detectability.<n>It is intractable to build certain components of our scheme without a leap in deep learning capabilities.<n>We propose research directions that need to be addressed before we can practically realize robust and publicly-verifiable provenance.
• Score: 31.42459678324617
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: This work investigates the theoretical boundaries of creating publicly-detectable schemes to enable the provenance of watermarked imagery. Metadata-based approaches like C2PA provide unforgeability and public-detectability. ML techniques offer robust retrieval and watermarking. However, no existing scheme combines robustness, unforgeability, and public-detectability. In this work, we formally define such a scheme and establish its existence. Although theoretically possible, we find that at present, it is intractable to build certain components of our scheme without a leap in deep learning capabilities. We analyze these limitations and propose research directions that need to be addressed before we can practically realize robust and publicly-verifiable provenance.

Related papers

• In-Context Watermarks for Large Language Models [71.29952527565749]
  In-Context Watermarking (ICW) embeds watermarks into generated text solely through prompt engineering.<n>We investigate four ICW strategies at different levels of granularity, each paired with a tailored detection method.<n>Our experiments validate the feasibility of ICW as a model-agnostic, practical watermarking approach.
  arXiv  Detail & Related papers  (2025-05-22T17:24:51Z)
• LLM Watermarking Using Mixtures and Statistical-to-Computational Gaps [3.9287497907611875]
  Given a text, can we determine whether it was generated by a large language model (LLM) or by a human?<n>We propose an undetectable and watermarking scheme in the closed setting.<n>Also, in the harder open setting, where the adversary has access to most of the model, we propose an unremovable watermarking scheme.
  arXiv  Detail & Related papers  (2025-05-02T16:36:43Z)
• On-Device Watermarking: A Socio-Technical Imperative For Authenticity In The Age of Generative AI [0.0]
  We argue that we are adopting the wrong approach, and should instead focus on watermarking via cryptographic signatures. For audio-visual content, in particular, all real content is grounded in the physical world and captured via hardware sensors.
  arXiv  Detail & Related papers  (2025-04-15T20:36:52Z)
• WMCopier: Forging Invisible Image Watermarks on Arbitrary Images [21.17890218813236]
  We propose WMCopier, an effective watermark forgery attack that operates without requiring prior knowledge of or access to the target watermarking algorithm.<n>Our approach first models the target watermark distribution using an unconditional diffusion model, and then seamlessly embeds the target watermark into a non-watermarked image.<n> Experimental results demonstrate that WMCopier effectively deceives both open-source and closed-source watermark systems.
  arXiv  Detail & Related papers  (2025-03-28T11:11:19Z)
• Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning [58.57194301645823]
  Large language models (LLMs) are increasingly integrated into real-world personalized applications.<n>The valuable and often proprietary nature of the knowledge bases used in RAG introduces the risk of unauthorized usage by adversaries.<n>Existing methods that can be generalized as watermarking techniques to protect these knowledge bases typically involve poisoning or backdoor attacks.<n>We propose name for harmless' copyright protection of knowledge bases.
  arXiv  Detail & Related papers  (2025-02-10T09:15:56Z)
• Let Watermarks Speak: A Robust and Unforgeable Watermark for Language Models [0.0]
  We propose an undetectable, robust, single-bit watermarking scheme.<n>It has a comparable robustness to the most advanced zero-bit watermarking schemes.
  arXiv  Detail & Related papers  (2024-12-27T11:58:05Z)
• Certifiably Robust Image Watermark [57.546016845801134]
  Generative AI raises many societal concerns such as boosting disinformation and propaganda campaigns. Watermarking AI-generated content is a key technology to address these concerns. We propose the first image watermarks with certified robustness guarantees against removal and forgery attacks.
  arXiv  Detail & Related papers  (2024-07-04T17:56:04Z)
• Black-Box Detection of Language Model Watermarks [1.9374282535132377]
  We develop rigorous statistical tests to detect, and estimate parameters, of all three popular watermarking scheme families. We experimentally confirm the effectiveness of our methods on a range of schemes and a diverse set of open-source models. Our findings indicate that current watermarking schemes are more detectable than previously believed.
  arXiv  Detail & Related papers  (2024-05-28T08:41:30Z)
• No Free Lunch in LLM Watermarking: Trade-offs in Watermarking Design Choices [20.20770405297239]
  We show that common design choices in LLM watermarking schemes make the resulting systems surprisingly susceptible to attack. We propose guidelines and defenses for LLM watermarking in practice.
  arXiv  Detail & Related papers  (2024-02-25T20:24:07Z)
• Publicly-Detectable Watermarking for Language Models [45.32236917886154]
  We present a publicly-detectable watermarking scheme for LMs.<n>We embed a cryptographic signature into LM output using rejection sampling.<n>We prove that this produces unforgeable and distortion-free text output.
  arXiv  Detail & Related papers  (2023-10-27T21:08:51Z)
• An Unforgeable Publicly Verifiable Watermark for Large Language Models [84.2805275589553]
  Current watermark detection algorithms require the secret key used in the watermark generation process, making them susceptible to security breaches and counterfeiting during public detection. We propose an unforgeable publicly verifiable watermark algorithm named UPV that uses two different neural networks for watermark generation and detection, instead of using the same key at both stages.
  arXiv  Detail & Related papers  (2023-07-30T13:43:27Z)
• Reversible Quantization Index Modulation for Static Deep Neural Network Watermarking [57.96787187733302]
  Reversible data hiding (RDH) methods offer a potential solution, but existing approaches suffer from weaknesses in terms of usability, capacity, and fidelity. We propose a novel RDH-based static DNN watermarking scheme using quantization index modulation (QIM) Our scheme incorporates a novel approach based on a one-dimensional quantizer for watermark embedding.
  arXiv  Detail & Related papers  (2023-05-29T04:39:17Z)
• Did You Train on My Dataset? Towards Public Dataset Protection with Clean-Label Backdoor Watermarking [54.40184736491652]
  We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data. By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders. This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
  arXiv  Detail & Related papers  (2023-03-20T21:54:30Z)
• Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
  The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack. We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
  arXiv  Detail & Related papers  (2021-08-05T04:27:15Z)
• Malware Traffic Classification: Evaluation of Algorithms and an Automated Ground-truth Generation Pipeline [8.779666771357029]
  We propose an automated packet data-labeling pipeline to generate ground-truth data. We explore and test different kind of clustering approaches which make use of unique and diverse set of features extracted from this observable meta-data.
  arXiv  Detail & Related papers  (2020-10-22T11:48:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.