Certifiably Robust Image Watermark

TL;DR

This paper introduces a novel image watermarking technique with provable robustness guarantees against removal and forgery attacks, leveraging randomized smoothing to enhance security of AI-generated content.

Contribution

It extends randomized smoothing to image watermarking, providing the first certifiably robust watermarking method with theoretical guarantees and comprehensive evaluation.

Findings

Achieves certified robustness against removal and forgery attacks.

Demonstrates strong empirical robustness in extensive evaluations.

Provides publicly available code for implementation.

Abstract

Generative AI raises many societal concerns such as boosting disinformation and propaganda campaigns. Watermarking AI-generated content is a key technology to address these concerns and has been widely deployed in industry. However, watermarking is vulnerable to removal attacks and forgery attacks. In this work, we propose the first image watermarks with certified robustness guarantees against removal and forgery attacks. Our method leverages randomized smoothing, a popular technique to build certifiably robust classifiers and regression models. Our major technical contributions include extending randomized smoothing to watermarking by considering its unique characteristics, deriving the certified robustness guarantees, and designing algorithms to estimate them. Moreover, we extensively evaluate our image watermarks in terms of both certified and empirical robustness. Our code is available at \url{https://github.com/zhengyuan-jiang/Watermark-Library}.