WaterMax: breaking the LLM watermark detectability-robustness-quality trade-off

Eva Giboulot; Teddy Furon

WaterMax: breaking the LLM watermark detectability-robustness-quality trade-off

Eva Giboulot, Teddy Furon

Published: 25 Sept 2024, Last Modified: 06 Nov 2024NeurIPS 2024 posterEveryoneRevisionsBibTeXCC BY 4.0

Keywords: machine learning security, llm watermarking

Abstract: Watermarking is a technical means to dissuade malfeasant usage of Large Language Models. This paper proposes a novel watermarking scheme, so-called WaterMax, that enjoys high detectability while sustaining the quality of the generated text of the original LLM. Its new design leaves the LLM untouched (no modification of the weights, logits or temperature). WaterMax balances robustness and computational complexity contrary to the watermarking techniques of the literature inherently provoking a trade-off between quality and robustness. Its performance is both theoretically proven and experimentally validated. It outperforms all the SotA techniques under the most complete benchmark suite.

Supplementary Material: zip

Primary Area: Safety in machine learning

Submission Number: 17001

Loading