Go to ICLR 2026 Conference homepageCryptography in Semantic Watermarks: Undetectability and Deployment Implications
Keywords: watermarking, undetectable watermarking, latent diffusion models
TL;DR: new definition of undetectability for watermarks, consequences on existing ones, and practical speed-ups for Gaussian Shading
Abstract: Semantic watermarking methods enable the direct integration of watermarks into
the generation process of latent diffusion models by only modifying the initial
latent noise. One group of watermarks such as Gaussian Shading (GS) and Pseudorandom Codes Watermarks (PRCW) relies on cryptographic primitives to ensure provable undetectability. However, we find that the use of randomness in these schemes has pitfalls, which leads to a flaw in the proof of Gaussian Shading and to ambiguity in the literature.
We propose a novel, general framework based on IND\$-CPA security which highlights the effect of randomness and reveals that reusing it makes watermarks trivially detectable.
As a direct consequence, we obtain an undetectable but inefficient deployment mode for GS. To regain practicability, we propose several speed-ups for GS and provide extensive experiments to compare those with other undetectable watermarks in robustness, speed and quality.
Supplementary Material: zip
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 19875
Loading