Go to ICML 2025 Workshop R2-FM homepageRoMa: A Robust Model Watermarking Scheme for Protecting IP in Diffusion Models
Keywords: Diffusion Models, Robust Watermarking, IP Protection
TL;DR: A robust watermarking scheme for intellectual property protection in diffusion models.
Abstract: Preserving intellectual property (IP) within a pre-trained diffusion model is critical for protecting the model's copyright and preventing unauthorized model deployment. In this regard, model watermarking is a common practice for IP protection that embeds traceable information within models and allows for further verification. Nevertheless, existing watermarking schemes often face challenges due to their vulnerability to fine-tuning, limiting their practical application in general pre-training and fine-tuning paradigms. Inspired by using mode connectivity to analyze model performance between a pair of connected models, we investigate watermark vulnerability by leveraging Linear Mode Connectivity (LMC) as a proxy to analyze the fine-tuning dynamics of watermark performance. Our results show that existing watermarked models tend to converge to sharp minima in the loss landscape, thus making them vulnerable to fine-tuning. To tackle this challenge, we propose RoMa, a **Ro**bust **M**odel w**a**termarking scheme that improves the robustness of watermarks against fine-tuning. Specifically, RoMa decomposes watermarking into two components, including *Embedding Functionality*, which preserves reliable watermark detection capability, and *Path-specific Smoothness*, which enhances the smoothness along the watermark-connected path to improve robustness. Extensive experiments demonstrate that RoMa significantly improves watermark robustness while maintaining generation quality. Notably, our scheme requires at least $(32.83\times)$ more steps to remove the watermark compared to existing baselines.
Submission Number: 114
Loading