RoboSignature: Robust Signature and Watermarking on Network Attacks

TL;DR

This paper introduces a novel watermarking method for generative images, reveals vulnerabilities through an adversarial attack, and proposes a tamper-resistant fine-tuning algorithm to enhance robustness against such attacks.

Contribution

It presents a new watermarking approach for generative models, demonstrates a novel adversarial attack exposing vulnerabilities, and proposes a tamper-resistant fine-tuning method to improve watermark robustness.

Findings

Adversarial fine-tuning can disrupt watermark embedding in generative models.

The proposed tamper-resistant fine-tuning enhances watermark robustness.

Vulnerabilities in existing watermarking methods are significant and exploitable.

Abstract

Generative models have enabled easy creation and generation of images of all kinds given a single prompt. However, this has also raised ethical concerns about what is an actual piece of content created by humans or cameras compared to model-generated content like images or videos. Watermarking data generated by modern generative models is a popular method to provide information on the source of the content. The goal is for all generated images to conceal an invisible watermark, allowing for future detection or identification. The Stable Signature finetunes the decoder of Latent Diffusion Models such that a unique watermark is rooted in any image produced by the decoder. In this paper, we present a novel adversarial fine-tuning attack that disrupts the model's ability to embed the intended watermark, exposing a significant vulnerability in existing watermarking methods. To address this, we further propose a tamper-resistant fine-tuning algorithm inspired by methods developed for large language models, tailored to the specific requirements of watermarking in LDMs. Our findings emphasize the importance of anticipating and defending against potential vulnerabilities in generative systems.