└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Watermark papers 2 | 3 | This repo includes papers about the watermarking for text and images. 4 | 5 | ## Text watermark 6 | 7 | * **Watermarking Training Data of Music Generation Models.** Preprint. 8 | * Pascal Epple, Igor Shilov, Bozhidar Stevanovski, Yves-Alexandre de Montjoye 9 | * https://arxiv.org/abs/2412.08549 10 | 11 | * **WaterPark: A Robustness Assessment of Language Model Watermarking** Preprint. 12 | * Jiacheng Liang, Zian Wang, Lauren Hong, Shouling Ji, Ting Wang 13 | 14 | * https://arxiv.org/abs/2411.13425 15 | 16 | * **A Novel Access Control and Privacy-Enhancing Approach for Models in Edge Computing.** Preprint. 17 | * Peihao Li 18 | * https://arxiv.org/abs/2411.03847 19 | 20 | * **Embedding Watermarks in Diffusion Process for Model Intellectual Property Protection.** Preprint. 21 | * Jijia Yang, Sen Peng, Xiaohua Jia 22 | * https://arxiv.org/abs/2410.22445 23 | 24 | * **Unharmful Backdoor-based Client-side Watermarking in Federated Learning.** Preprint. 25 | * Kaijing Luo, Ka-Ho Chow 26 | * https://arxiv.org/abs/2410.21179 27 | 28 | * **Segmenting Watermarked Texts From Language Models.** Preprint. 29 | * Xingchi Li, Guanxun Li, Xianyang Zhang 30 | * https://arxiv.org/abs/2410.20670 31 | 32 | * **Is Watermarking LLM-Generated Code Robust?** Tiny ICLR 2024 33 | 34 | * Tarun Suresh, Shubham Ugare, Gagandeep Singh, Sasa Misailovic 35 | 36 | * https://arxiv.org/abs/2403.17983 37 | 38 | 39 | * **Towards Better Statistical Understanding of Watermarking LLMs.** Preprint. 40 | 41 | * Zhongze Cai, Shang Liu, Hanzhao Wang, Huaiyang Zhong, Xiaocheng Li 42 | 43 | * https://arxiv.org/abs/2403.13027 44 | 45 | * **WatME: Towards Lossless Watermarking Through Lexical Redundancy.** ACL 2024. 46 | * Liang Chen, Yatao Bian, Yang Deng, Deng Cai, Shuaiyi Li, Peilin Zhao, Kam-fai Wong 47 | * https://arxiv.org/abs/2311.09832 48 | 49 | 50 | * **TRAP: Targeted Random Adversarial Prompt Honeypot for Black-Box Identification.** ACL 2024 (findings). 51 | 52 | * Martin Gubri, Dennis Ulmer, Hwaran Lee, Sangdoo Yun, Seong Joon Oh 53 | 54 | * https://arxiv.org/abs/2402.12991 55 | 56 | 57 | * **Topic-based Watermarks for LLM-Generated Text.** Preprint. 58 | 59 | * Alexander Nemecek, Yuzhou Jiang, Erman Ayday 60 | 61 | * https://arxiv.org/abs/2404.02138 62 | 63 | * **A Statistical Framework of Watermarks for Large Language Models: Pivot, Detection Efficiency and Optimal Rules.** Preprint. 64 | 65 | * Xiang Li, Feng Ruan, Huiyuan Wang, Qi Long, Weijie J. Su 66 | 67 | * https://arxiv.org/abs/2404.01245 68 | 69 | 70 | * **WaterJudge: Quality-Detection Trade-off when Watermarking Large Language Models.** Preprint. 71 | 72 | * Piotr Molenda, Adian Liusie, Mark J. F. Gales 73 | 74 | * https://arxiv.org/abs/2403.19548 75 | 76 | * **Duwak: Dual Watermarks in Large Language Models.** Preprint. 77 | 78 | * Chaoyi Zhu, Jeroen Galjaard, Pin-Yu Chen, Lydia Y. Chen 79 | 80 | * https://arxiv.org/abs/2403.13000 81 | 82 | * **Lost in Overlap: Exploring Watermark Collision in LLMs.** Preprint. 83 | 84 | * Yiyang Luo, Ke Lin, Chao Gu 85 | 86 | * https://arxiv.org/abs/2403.10020 87 | 88 | * **WaterMax: breaking the LLM watermark detectability-robustness-quality trade-off.** Preprint. 89 | 90 | * Eva Giboulot, Furon Teddy 91 | 92 | * https://arxiv.org/abs/2403.04808 93 | 94 | * **WARDEN: Multi-Directional Backdoor Watermarks for Embedding-as-a-Service Copyright Protection.** Preprint. 95 | 96 | * Anudeex Shetty, Yue Teng, Ke He, Qiongkai Xu 97 | 98 | * https://arxiv.org/abs/2403.01472 99 | 100 | * **EmMark: Robust Watermarks for IP Protection of Embedded Quantized Large Language Models.** Preprint. 101 | 102 | * Ruisi Zhang, Farinaz Koushanfar 103 | 104 | * https://arxiv.org/abs/2402.17938 105 | 106 | * **Token-Specific Watermarking with Enhanced Detectability and Semantic Coherence for Large Language Models.** Preprint. 107 | 108 | * Mingjia Huo, Sai Ashish Somayajula, Youwei Liang, Ruisi Zhang, Farinaz Koushanfar, Pengtao Xie 109 | 110 | * https://arxiv.org/abs/2402.18059 111 | 112 | * **Attacking LLM Watermarks by Exploiting Their Strengths.** Preprint. 113 | 114 | * Qi Pang, Shengyuan Hu, Wenting Zheng, Virginia Smith 115 | 116 | * https://arxiv.org/abs/2402.16187 117 | 118 | * **Multi-Bit Distortion-Free Watermarking for Large Language Models.** preprint. 119 | 120 | * Massieh Kordi Boroujeny, Ya Jiang, Kai Zeng, Brian Mark 121 | * https://arxiv.org/abs/2402.16578 122 | 123 | * **Watermarking Makes Language Models Radioactive.** Preprint. 124 | 125 | * Tom Sander, Pierre Fernandez, Alain Durmus, Matthijs Douze, Teddy Furon 126 | 127 | * https://arxiv.org/abs/2402.14904 128 | 129 | * **Can Watermarks Survive Translation? On the Cross-lingual Consistency of Text Watermark for Large Language Models.** Preprint. 130 | 131 | * Zhiwei He, Binglin Zhou, Hongkun Hao, Aiwei Liu, Xing Wang, Zhaopeng Tu, Zhuosheng Zhang, Rui Wang 132 | 133 | * https://arxiv.org/abs/2402.14007 134 | 135 | * **GumbelSoft: Diversified Language Model Watermarking via the GumbelMax-trick.** Preprint. 136 | 137 | * Jiayi Fu, Xuandong Zhao, Ruihan Yang, Yuansen Zhang, Jiangjie Chen, Yanghua Xiao 138 | 139 | * https://arxiv.org/abs/2402.12948 140 | 141 | * **k-SemStamp: A Clustering-Based Semantic Watermark for Detection of Machine-Generated Text.** Preprint. 142 | 143 | * Abe Bohan Hou, Jingyu Zhang, Yichen Wang, Daniel Khashabi, Tianxing He 144 | 145 | * https://arxiv.org/abs/2402.11399 146 | 147 | * **Proving membership in LLM pretraining data via data watermarks.** Preprint. 148 | 149 | * Johnny Tian-Zheng Wei, Ryan Yixiang Wang, Robin Jia 150 | 151 | * https://arxiv.org/abs/2402.10892 152 | 153 | * **Permute-and-Flip: An optimally robust and watermarkable decoder for LLMs.** Preprint. 154 | 155 | * Xuandong Zhao, Lei Li, Yu-Xiang Wang 156 | * https://arxiv.org/abs/2402.05864 157 | 158 | * **Provably Robust Multi-bit Watermarking for AI-generated Text via Error Correction Code.** Preprint. 159 | * Wenjie Qu, Dong Yin, Zixin He, Wei Zou, Tianyang Tao, Jinyuan Jia, Jiaheng Zhang 160 | * https://arxiv.org/abs/2401.16820 161 | 162 | * **Instructional Fingerprinting of Large Language Models.** Preprint. 163 | * Jiashu Xu, Fei Wang, Mingyu Derek Ma, Pang Wei Koh, Chaowei Xiao, Muhao Chen 164 | * https://arxiv.org/abs/2401.12255 165 | * **Adaptive Text Watermark for Large Language Models.** Preprint. 166 | * Yepeng Liu, Yuheng Bu 167 | * https://arxiv.org/abs/2401.13927 168 | 169 | * **Excuse me, sir? Your language model is leaking (information)** Preprint. 170 | 171 | * Or Zamir 172 | 173 | * https://arxiv.org/abs/2401.10360 174 | 175 | * **Cross-Attention Watermarking of Large Language Models.** ICASSP2024. 176 | 177 | * Folco Bertini Baldassini, Huy H. Nguyen, Ching-Chung Chang, Isao Echizen 178 | 179 | * https://arxiv.org/abs/2401.06829 180 | 181 | * **Optimizing watermarks for large language models.** Preprint. 182 | 183 | * Bram Wouters 184 | 185 | * https://arxiv.org/abs/2312.17295 186 | 187 | * **Towards Optimal Statistical Watermarking.** Preprint. 188 | 189 | * Baihe Huang, Banghua Zhu, Hanlin Zhu, Jason D. Lee, Jiantao Jiao, Michael I. Jordan 190 | 191 | * https://arxiv.org/abs/2312.07930 192 | 193 | * **A Survey of Text Watermarking in the Era of Large Language Models.** Preprint. Survey paper. 194 | 195 | * Aiwei Liu, Leyi Pan, Yijian Lu, Jingjing Li, Xuming Hu, Lijie Wen, Irwin King, Philip S. Yu 196 | 197 | * https://arxiv.org/abs/2312.07913 198 | 199 | * **On the Learnability of Watermarks for Language Models.** Preprint. 200 | 201 | * Chenchen Gu, Xiang Lisa Li, Percy Liang, Tatsunori Hashimoto 202 | 203 | * https://arxiv.org/abs/2312.04469 204 | 205 | * **New Evaluation Metrics Capture Quality Degradation due to LLM Watermarking.** Preprint. 206 | 207 | * Karanpartap Singh, James Zou 208 | 209 | * https://arxiv.org/abs/2312.02382 210 | 211 | * **Mark My Words: Analyzing and Evaluating Language Model Watermarks.** Preprint. 212 | 213 | * Julien Piet, Chawin Sitawarin, Vivian Fang, Norman Mu, David Wagner 214 | 215 | * https://arxiv.org/abs/2312.00273 216 | 217 | * **I Know You Did Not Write That! A Sampling Based Watermarking Method for Identifying Machine Generated Text.** Preprint. 218 | 219 | * Kaan Efe Keleş, Ömer Kaan Gürbüz, Mucahid Kutlu 220 | 221 | * https://arxiv.org/abs/2311.18054 222 | 223 | * **Improving the Generation Quality of Watermarked Large Language Models via Word Importance Scoring.** Preprint 224 | 225 | * Yuhang Li, Yihan Wang, Zhouxing Shi, Cho-Jui Hsieh 226 | * https://arxiv.org/abs/2311.09668 227 | 228 | * **Performance Trade-offs of Watermarking Large Language Models.** Preprint. 229 | * Anirudh Ajith, Sameer Singh, Danish Pruthi 230 | * https://arxiv.org/abs/2311.09816 231 | 232 | * **WaterBench: Towards Holistic Evaluation of Watermarks for Large Language Models.** ACL 2024. 233 | 234 | * Shangqing Tu, Yuliang Sun, Yushi Bai, Jifan Yu, Lei Hou, Juanzi Li 235 | * https://arxiv.org/abs/2311.07138 236 | * Benchmark dataset 237 | 238 | * **Watermarks in the Sand: Impossibility of Strong Watermarking for Generative Models.** Preprint. 239 | 240 | * Hanlin Zhang, Benjamin L. Edelman, Danilo Francati, Daniele Venturi, Giuseppe Ateniese, Boaz Barak 241 | 242 | * https://arxiv.org/abs/2311.04378 243 | 244 | * **REMARK-LLM: A Robust and Efficient Watermarking Framework for Generative Large Language Models.** Preprint. 245 | 246 | * Ruisi Zhang, Shehzeen Samarah Hussain, Paarth Neekhara, Farinaz Koushanfar 247 | * https://arxiv.org/abs/2310.12362 248 | 249 | * **Embarrassingly Simple Text Watermarks.** Preprint. 250 | * Ryoma Sato, Yuki Takezawa, Han Bao, Kenta Niwa, Makoto Yamada 251 | * https://arxiv.org/abs/2310.08920 252 | 253 | * **Necessary and Sufficient Watermark for Large Language Models.** Preprint. 254 | * Yuki Takezawa, Ryoma Sato, Han Bao, Kenta Niwa, Makoto Yamada 255 | * https://arxiv.org/abs/2310.00833 256 | 257 | * **Functional Invariants to Watermark Large Transformers.** Preprint. 258 | * Fernandez Pierre, Couairon Guillaume, Furon Teddy, Douze Matthijs 259 | * https://arxiv.org/abs/2310.11446 260 | 261 | * **Watermarking LLMs with Weight Quantization.** EMNLP2023 findings. 262 | * Linyang Li, Botian Jiang, Pengyu Wang, Ke Ren, Hang Yan, Xipeng Qiu 263 | * https://arxiv.org/abs/2310.11237 264 | 265 | * **DiPmark: A Stealthy, Efficient and Resilient Watermark for Large Language Models.** Preprint. 266 | * Yihan Wu, Zhengmian Hu, Hongyang Zhang, Heng Huang 267 | * https://arxiv.org/abs/2310.07710 268 | 269 | * **A Semantic Invariant Robust Watermark for Large Language Models.** Preprint. 270 | * Aiwei Liu, Leyi Pan, Xuming Hu, Shiao Meng, Lijie Wen 271 | * https://arxiv.org/abs/2310.06356 272 | 273 | * **SemStamp: A Semantic Watermark with Paraphrastic Robustness for Text Generation.** Preprint. 274 | * Abe Bohan Hou, Jingyu Zhang, Tianxing He, Yichen Wang, Yung-Sung Chuang, Hongwei Wang, Lingfeng Shen, Benjamin Van Durme, Daniel Khashabi, Yulia Tsvetkov 275 | * https://arxiv.org/abs/2310.03991 276 | 277 | * **Advancing Beyond Identification: Multi-bit Watermark for Language Models.** Preprint. 278 | * KiYoon Yoo, Wonhyuk Ahn, Nojun Kwak. 279 | * https://arxiv.org/abs/2308.00221 280 | * **Three Bricks to Consolidate Watermarks for Large Language Models.** Preprint. 281 | * Pierre Fernandez, Antoine Chaffin, Karim Tit, Vivien Chappelier, Teddy Furon. 282 | * https://arxiv.org/abs/2308.00113 283 | * **Towards Codable Text Watermarking for Large Language Models.** Preprint. 284 | * Lean Wang, Wenkai Yang, Deli Chen, Hao Zhou, Yankai Lin, Fandong Meng, Jie Zhou, Xu Sun. 285 | * https://arxiv.org/abs/2307.15992 286 | * **A Private Watermark for Large Language Models.** Preprint. 287 | * Aiwei Liu, Leyi Pan, Xuming Hu, Shu'ang Li, Lijie Wen, Irwin King, Philip S. Yu. 288 | * https://arxiv.org/abs/2307.16230 289 | * **Robust Distortion-free Watermarks for Language Models.** Preprint. 290 | * Rohith Kuditipudi John Thickstun Tatsunori Hashimoto Percy Liang. 291 | * https://arxiv.org/abs/2307.15593 292 | * **Watermarking Conditional Text Generation for AI Detection: Unveiling Challenges and a Semantic-Aware Watermark Remedy.** Preprint. 293 | * Yu Fu, Deyi Xiong, Yue Dong. 294 | * https://arxiv.org/abs/2307.13808 295 | * **Provable Robust Watermarking for AI-Generated Text.** Preprint. 296 | * Xuandong Zhao, Prabhanjan Ananth, Lei Li, Yu-Xiang Wang. 297 | * https://arxiv.org/abs/2306.17439 298 | * **On the Reliability of Watermarks for Large Language Models.** Preprint. 299 | * John Kirchenbauer, Jonas Geiping, Yuxin Wen, Manli Shu, Khalid Saifullah, Kezhi Kong, Kasun Fernando, Aniruddha Saha, Micah Goldblum, Tom Goldstein. 300 | * https://arxiv.org/abs/2306.04634 301 | * **Undetectable Watermarks for Language Models.** Preprint. 302 | * Miranda Christ, Sam Gunn, Or Zamir. 303 | * https://arxiv.org/abs/2306.09194 304 | * **Watermarking Text Data on Large Language Models for Dataset Copyright Protection.** Preprint. 305 | * Yixin Liu, Hongsheng Hu, Xuyun Zhang, Lichao Sun. 306 | * https://arxiv.org/abs/2305.13257 307 | * **Baselines for Identifying Watermarked Large Language Models.** Preprint. 308 | * Leonard Tang, Gavin Uberti, Tom Shlomi. 309 | * https://arxiv.org/abs/2305.18456 310 | * **Who Wrote this Code? Watermarking for Code Generation.** Preprint. 311 | * Taehyun Lee, Seokhee Hong, Jaewoo Ahn, Ilgee Hong, Hwaran Lee, Sangdoo Yun, Jamin Shin, Gunhee Kim. 312 | * https://arxiv.org/abs/2305.15060 313 | * **Robust Multi-bit Natural Language Watermarking through Invariant Features.** ACL 2023. 314 | * KiYoon Yoo, Wonhyuk Ahn, Jiho Jang, Nojun Kwak. 315 | * https://arxiv.org/abs/2305.01904 316 | * **Are You Copying My Model? Protecting the Copyright of Large Language Models for EaaS via Backdoor Watermark.** ACL 2023. 317 | * Wenjun Peng, Jingwei Yi, Fangzhao Wu, Shangxi Wu, Bin Zhu, Lingjuan Lyu, Binxing Jiao, Tong Xu, Guangzhong Sun, Xing Xie. 318 | * https://arxiv.org/abs/2305.10036 319 | * **Watermarking Text Generated by Black-Box Language Models.** Preprint. 320 | * Xi Yang, Kejiang Chen, Weiming Zhang, Chang Liu, Yuang Qi, Jie Zhang, Han Fang, Nenghai Yu. 321 | * https://arxiv.org/abs/2305.08883 322 | * **Protecting Language Generation Models via Invisible Watermarking.** ICML 2023. 323 | * Xuandong Zhao, Yu-Xiang Wang, Lei Li. 324 | * https://arxiv.org/abs/2302.03162 325 | * **A Watermark for Large Language Models.** ICML 2023. Outstanding Paper Award 326 | * John Kirchenbauer, Jonas Geiping, Yuxin Wen, Jonathan Katz, Ian Miers, Tom Goldstein. 327 | * https://arxiv.org/abs/2301.10226 328 | * **Distillation-Resistant Watermarking for Model Protection in NLP.** EMNLP 2022 329 | * Xuandong Zhao, Lei Li, Yu-Xiang Wang. 330 | * https://arxiv.org/abs/2210.03312 331 | * **CATER: Intellectual Property Protection on Text Generation APIs via Conditional Watermarks.** NeurIPS 2022 332 | * Xuanli He, Qiongkai Xu, Yi Zeng, Lingjuan Lyu, Fangzhao Wu, Jiwei Li, Ruoxi Jia. 333 | * https://arxiv.org/abs/2209.08773 334 | * **Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding.** IEEE S&P 2021 335 | * Sahar Abdelnabi, Mario Fritz. 336 | * https://arxiv.org/abs/2009.03015 337 | * **Watermarking GPT Outputs.** slides 2023 338 | * Scott Aaronson, Hendrik Kirchner 339 | * https://www.scottaaronson.com/talks/watermark.ppt 340 | * **Watermarking the Outputs of Structured Prediction with an Application in Statistical Machine Translation.** EMNLP 2011 341 | * Ashish Venugopal, Jakob Uszkoreit, David Talbot, Franz Och, Juri Ganitkevitch. 342 | * https://aclanthology.org/D11-1126/ 343 | 344 | 345 | ## Image watermark 346 | 347 | * **Conceptwm: A Diffusion Model Watermark for Concept Protection.** Preprint. 348 | * Liangqi Lei, Keke Gai, Jing Yu, Liehuang Zhu, Qi Wu 349 | * https://arxiv.org/abs/2411.11688 350 | 351 | * **CLUE-MARK: Watermarking Diffusion Models using CLWE.** Preprint. 352 | * Kareem Shehata, Aashish Kolluri, Prateek Saxena 353 | * https://arxiv.org/abs/2411.11434 354 | 355 | * **GaussianMarker: Uncertainty-Aware Copyright Protection of 3D Gaussian Splatting.** Preprint. 356 | * Xiufeng Huang, Ruiqi Li, Yiu-ming Cheung, Ka Chun Cheung, Simon See, Renjie Wan 357 | * https://arxiv.org/abs/2410.23718 358 | 359 | * **Shallow Diffuse: Robust and Invisible Watermarking through Low-Dimensional Subspaces in Diffusion Models.** Preprint. 360 | * Wenda Li, Huijie Zhang, Qing Qu 361 | * https://arxiv.org/abs/2410.21088 362 | 363 | * **Flexible and Secure Watermarking for Latent Diffusion Model.** MM23. 364 | * Cheng Xiong, Chuan Qin, Guorui Feng, Xinpeng Zhang 365 | * https://dl.acm.org/doi/abs/10.1145/3581783.3612448 366 | 367 | * **Leveraging Optimization for Adaptive Attacks on Image Watermarks.** Preprint. 368 | * Nils Lukas, Abdulrahman Diaa, Lucas Fenaux, Florian Kerschbaum 369 | * https://arxiv.org/abs/2309.16952 370 | 371 | * **Catch You Everything Everywhere: Guarding Textual Inversion via Concept Watermarking.** Preprint. 372 | * Weitao Feng, Jiyan He, Jie Zhang, Tianwei Zhang, Wenbo Zhou, Weiming Zhang, Nenghai Yu 373 | * https://arxiv.org/abs/2309.05940 374 | 375 | * **Hey That's Mine Imperceptible Watermarks are Preserved in Diffusion Generated Outputs.** Preprint. 376 | * Luke Ditria, Tom Drummond 377 | * https://arxiv.org/abs/2308.11123 378 | 379 | * **Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis.** Preprint. 380 | * Yihan Ma, Zhengyu Zhao, Xinlei He, Zheng Li, Michael Backes, Yang Zhang 381 | * https://arxiv.org/abs/2306.07754 382 | 383 | * **Invisible Image Watermarks Are Provably Removable Using Generative AI.** Preprint. 384 | * Xuandong Zhao, Kexun Zhang, Zihao Su, Saastha Vasan, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna, Yu-Xiang Wang, Lei Li. 385 | * https://arxiv.org/abs/2306.01953 386 | 387 | * **Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust.** Preprint. 388 | * Yuxin Wen, John Kirchenbauer, Jonas Geiping, Tom Goldstein. 389 | * https://arxiv.org/abs/2305.20030 390 | 391 | * **Evading Watermark based Detection of AI-Generated Content.** CCS 2023. 392 | * Zhengyuan Jiang, Jinghuai Zhang, Neil Zhenqiang Gong. 393 | * https://arxiv.org/abs/2305.03807 394 | 395 | * **The Stable Signature: Rooting Watermarks in Latent Diffusion Models.** ICCV 2023. 396 | * Pierre Fernandez, Guillaume Couairon, Hervé Jégou, Matthijs Douze, Teddy Furon. 397 | * https://arxiv.org/abs/2303.15435 398 | 399 | * **Watermarking Images in Self-Supervised Latent Spaces.** ICASSP 2022. 400 | * Pierre Fernandez, Alexandre Sablayrolles, Teddy Furon, Hervé Jégou, Matthijs Douze. 401 | * https://arxiv.org/abs/2112.09581 402 | 403 | # Contributing to this paper list 404 | 405 | First, think about which category the work should belong to. 406 | 407 | Second, use the same format as the others to describe the work. 408 | --------------------------------------------------------------------------------