ML Anthology

WaterMax: Breaking the LLM Watermark Detectability-Robustness-Quality Trade-Off

Eva Giboulot, Teddy Furon
NeurIPS 2024
doi:10.52202/079017-0597 /neurips/2024/giboulot2024neurips-watermax/

Abstract

Watermarking is a technical means to dissuade malfeasant usage of Large Language Models.This paper proposes a novel watermarking scheme, so-called WaterMax, that enjoys high detectability while sustaining the quality of the generated text of the original LLM.Its new design leaves the LLM untouched (no modification of the weights, logits or temperature).WaterMax balances robustness and computational complexity contrary to the watermarking techniques of the literature inherently provoking a trade-off between quality and robustness.Its performance is both theoretically proven and experimentally validated.It outperforms all the SotA techniques under the most complete benchmark suite.

PDF NeurIPS OpenReview Semantic Scholar

Cite

Text

Giboulot and Furon. "WaterMax: Breaking the LLM Watermark Detectability-Robustness-Quality Trade-Off." Neural Information Processing Systems, 2024. doi:10.52202/079017-0597

Markdown

[Giboulot and Furon. "WaterMax: Breaking the LLM Watermark Detectability-Robustness-Quality Trade-Off." Neural Information Processing Systems, 2024.](https://mlanthology.org/neurips/2024/giboulot2024neurips-watermax/) doi:10.52202/079017-0597

BibTeX

@inproceedings{giboulot2024neurips-watermax,
  title     = {{WaterMax: Breaking the LLM Watermark Detectability-Robustness-Quality Trade-Off}},
  author    = {Giboulot, Eva and Furon, Teddy},
  booktitle = {Neural Information Processing Systems},
  year      = {2024},
  doi       = {10.52202/079017-0597},
  url       = {https://mlanthology.org/neurips/2024/giboulot2024neurips-watermax/}
}