WaterMax: breaking the LLM watermark detectability-robustness-quality trade-off

TL;DR

WaterMax introduces a novel LLM watermarking method that achieves high detectability and robustness without modifying the model, effectively balancing quality and security as validated through theoretical analysis and extensive experiments.

Contribution

WaterMax is the first watermarking scheme that maintains high detectability and robustness without altering the LLM's weights or sampling methods.

Findings

Outperforms state-of-the-art watermarking techniques in benchmarks.

Maintains high text quality while ensuring detectability.

Theoretically proven robustness against various attacks.

Abstract

Watermarking is a technical means to dissuade malfeasant usage of Large Language Models. This paper proposes a novel watermarking scheme, so-called WaterMax, that enjoys high detectability while sustaining the quality of the generated text of the original LLM. Its new design leaves the LLM untouched (no modification of the weights, logits, temperature, or sampling technique). WaterMax balances robustness and complexity contrary to the watermarking techniques of the literature inherently provoking a trade-off between quality and robustness. Its performance is both theoretically proven and experimentally validated. It outperforms all the SotA techniques under the most complete benchmark suite. Code available at https://github.com/eva-giboulot/WaterMax.