Robustness Assessment and Enhancement of Text Watermarking for Google's SynthID

• URL: http://arxiv.org/abs/2508.20228v2
• Date: Tue, 21 Oct 2025 19:31:09 GMT
• Title: Robustness Assessment and Enhancement of Text Watermarking for Google's SynthID
• Authors: Xia Han, Qi Li, Jianbing Ni, Mohammad Zulkernine,
• Abstract summary: SynGuard is a hybrid framework that embeds watermarks at both lexical and semantic levels.<n>We show that SynGuard improves watermark recovery by an average of 11.1% in F1 score compared to SynthID-Text.
• Score: 12.477209114987376
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Recent advances in LLM watermarking methods such as SynthID-Text by Google DeepMind offer promising solutions for tracing the provenance of AI-generated text. However, our robustness assessment reveals that SynthID-Text is vulnerable to meaning-preserving attacks, such as paraphrasing, copy-paste modifications, and back-translation, which can significantly degrade watermark detectability. To address these limitations, we propose SynGuard, a hybrid framework that combines the semantic alignment strength of Semantic Information Retrieval (SIR) with the probabilistic watermarking mechanism of SynthID-Text. Our approach jointly embeds watermarks at both lexical and semantic levels, enabling robust provenance tracking while preserving the original meaning. Experimental results across multiple attack scenarios show that SynGuard improves watermark recovery by an average of 11.1\% in F1 score compared to SynthID-Text. These findings demonstrate the effectiveness of semantic-aware watermarking in resisting real-world tampering. All code, datasets, and evaluation scripts are publicly available at: https://github.com/githshine/SynGuard.

Related papers

• On Google's SynthID-Text LLM Watermarking System: Theoretical Analysis and Empirical Validation [29.19181601635414]
  Google's SynthID-Text is a production-ready generative watermark system for large language models.<n>This paper presents the first theoretical analysis of SynthID-Text, with a focus on its detection performance and watermark robustness.
  arXiv  Detail & Related papers  (2026-03-03T17:49:01Z)
• PMark: Towards Robust and Distortion-free Semantic-level Watermarking with Channel Constraints [49.2373408329323]
  We introduce a new theoretical framework on watermark-leveling (SWM) for large language models (LLMs)<n>We propose PMark, a simple yet powerful SWM method that estimates the median next sentence dynamically through sampling channels.<n> Experimental results show that PMark consistently outperforms existing SWM baselines in both text quality and paraphrasing.
  arXiv  Detail & Related papers  (2025-09-25T12:08:31Z)
• From Trade-off to Synergy: A Versatile Symbiotic Watermarking Framework for Large Language Models [16.89823786392689]
  We propose a versatile symbiotic watermarking framework with three strategies: serial, parallel, and hybrid.<n>The hybrid framework adaptively embeds watermarks using token entropy and semantic entropy, optimizing the balance between detectability, robustness, text quality, and security.
  arXiv  Detail & Related papers  (2025-05-15T03:12:36Z)
• Defending LLM Watermarking Against Spoofing Attacks with Contrastive Representation Learning [34.76886510334969]
  A piggyback attack can maliciously alter the meaning of watermarked text-transforming it into hate speech-while preserving the original watermark.<n>We propose a semantic-aware watermarking algorithm that embeds watermarks into a given target text while preserving its original meaning.
  arXiv  Detail & Related papers  (2025-04-09T04:38:17Z)
• On Evaluating The Performance of Watermarked Machine-Generated Texts Under Adversarial Attacks [20.972194348901958]
  We first comb the mainstream watermarking schemes and removal attacks on machine-generated texts.<n>We evaluate eight watermarks (five pre-text, three post-text) and twelve attacks (two pre-text, ten post-text) across 87 scenarios.<n>Results indicate that KGW and Exponential watermarks offer high text quality and watermark retention but remain vulnerable to most attacks.
  arXiv  Detail & Related papers  (2024-07-05T18:09:06Z)
• Topic-Based Watermarks for Large Language Models [46.71493672772134]
  We propose a lightweight, topic-guided watermarking scheme for Large Language Model (LLM) output.<n>Our method achieves comparable perplexity to industry-leading systems, including Google's SynthID-Text.
  arXiv  Detail & Related papers  (2024-04-02T17:49:40Z)
• Token-Specific Watermarking with Enhanced Detectability and Semantic Coherence for Large Language Models [31.062753031312006]
  Large language models generate high-quality responses with potential misinformation. Watermarking is pivotal in this context, which involves embedding hidden markers in texts. We introduce a novel multi-objective optimization (MOO) approach for watermarking. Our method simultaneously achieves detectability and semantic integrity.
  arXiv  Detail & Related papers  (2024-02-28T05:43:22Z)
• SemStamp: A Semantic Watermark with Paraphrastic Robustness for Text Generation [72.10931780019297]
  Existing watermarking algorithms are vulnerable to paraphrase attacks because of their token-level design. We propose SemStamp, a robust sentence-level semantic watermarking algorithm based on locality-sensitive hashing (LSH) Experimental results show that our novel semantic watermark algorithm is not only more robust than the previous state-of-the-art method on both common and bigram paraphrase attacks, but also is better at preserving the quality of generation.
  arXiv  Detail & Related papers  (2023-10-06T03:33:42Z)
• Watermarking Conditional Text Generation for AI Detection: Unveiling Challenges and a Semantic-Aware Watermark Remedy [52.765898203824975]
  We introduce a semantic-aware watermarking algorithm that considers the characteristics of conditional text generation and the input context. Experimental results demonstrate that our proposed method yields substantial improvements across various text generation models.
  arXiv  Detail & Related papers  (2023-07-25T20:24:22Z)
• On the Reliability of Watermarks for Large Language Models [95.87476978352659]
  We study the robustness of watermarked text after it is re-written by humans, paraphrased by a non-watermarked LLM, or mixed into a longer hand-written document. We find that watermarks remain detectable even after human and machine paraphrasing. We also consider a range of new detection schemes that are sensitive to short spans of watermarked text embedded inside a large document.
  arXiv  Detail & Related papers  (2023-06-07T17:58:48Z)
• Tracing Text Provenance via Context-Aware Lexical Substitution [81.49359106648735]
  We propose a natural language watermarking scheme based on context-aware lexical substitution. Under both objective and subjective metrics, our watermarking scheme can well preserve the semantic integrity of original sentences.
  arXiv  Detail & Related papers  (2021-12-15T04:27:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.