Robust and Secure Code Watermarking for Large Language Models via ML/Crypto Codesign

TL;DR

RoSeMary is a novel ML/Crypto codesign framework that embeds secure, robust watermarks into LLM-generated code, ensuring intellectual property protection without compromising code functionality.

Contribution

It introduces an end-to-end trained watermarking system using CodeT5 and zero-knowledge proofs for secure, high-quality code watermarking in large language models.

Findings

High detection accuracy of watermarks

Preserves original code functionality

Robust against various attacks

Abstract

This paper introduces RoSeMary, the first-of-its-kind ML/Crypto codesign watermarking framework that regulates LLM-generated code to avoid intellectual property rights violations and inappropriate misuse in software development. High-quality watermarks adhering to the detectability-fidelity-robustness tri-objective are limited due to codes' low-entropy nature. Watermark verification, however, often needs to reveal the signature and requires re-encoding new ones for code reuse, which potentially compromising the system's usability. To overcome these challenges, RoSeMary obtains high-quality watermarks by training the watermark insertion and extraction modules end-to-end to ensure (i) unaltered watermarked code functionality and (ii) enhanced detectability and robustness leveraging pre-trained CodeT5 as the insertion backbone to enlarge the code syntactic and variable rename transformation search space. In the deployment, RoSeMary uses zero-knowledge proofs for secure verification without revealing the underlying signatures. Extensive evaluations demonstrated RoSeMary achieves high detection accuracy while preserving the code functionality. RoSeMary is also robust against attacks and provides efficient secure watermark verification.