Go to ICLR 2026 Conference homepageSEAL: Entangled White-box Watermarks on Low-Rank Adaptation
Keywords: Low Rank Adaptation, passport-based watermarking, white-box verification, DNN watermarking
TL;DR: We introduce SEAL, passport-based white box watermarking scheme for Low-Rank Adaptation.
Abstract: Among parameter-efficient fine-tuning (PEFT) methods, LoRA has become widely adopted due to its effectiveness and lack of additional inference costs. Its small adapter weights also make LoRA practical as intellectual property (IP) that can be trained, exchanged, and disputed.
However, watermarking techniques for LoRA remain underexplored.
We introduce \scheme, a white-box watermarking scheme for LoRA based on \emph{entangled dual passports}.
During training, non-trainable _passport matrices_ for ownership verification are inserted between the LoRA up/down matrices _without auxiliary losses_ and become jointly entangled with the trainable weights; after training they are factorized so that the released adapter is indistinguishable from standard LoRA. Public verification accepts a claim only when the submitted passports reconstruct the released adapter and the _fidelity gap_—the performance difference between the two submitted passports, evidencing entanglement—is near zero under predeclared thresholds that control false positives. Across Large Language Models (LLMs), Vision–Language Models (VLMs), and text-to-image synthesis, SEAL preserves task performance and shows empirical resilience to pruning, fine-tuning, structural obfuscation, and ambiguity attacks.
By watermarking the LoRA weights, SEAL aligns with real-world PEFT workflows and supports practical IP claims over trained LoRA weights. We also provide a minimal compatibility check on one LoRA variant.
Supplementary Material: zip
Primary Area: transfer learning, meta learning, and lifelong learning
Submission Number: 13239
Loading