A Nested Watermark for Large Language Models

TL;DR

This paper introduces a nested watermarking technique for large language models that embeds two independent watermarks, enhancing traceability and robustness against key leaks without compromising text quality.

Contribution

The paper proposes a novel nested watermarking scheme with two independent keys, improving authorship attribution and robustness over existing single-key methods.

Findings

High detection accuracy for both watermarks

Maintains text fluency and quality

Robust against key leakage scenarios

Abstract

The rapid advancement of large language models (LLMs) has raised concerns regarding their potential misuse, particularly in generating fake news and misinformation. To address these risks, watermarking techniques for autoregressive language models have emerged as a promising means for detecting LLM-generated text. Existing methods typically embed a watermark by increasing the probabilities of tokens within a group selected according to a single secret key. However, this approach suffers from a critical limitation: if the key is leaked, it becomes impossible to trace the text's provenance or attribute authorship. To overcome this vulnerability, we propose a novel nested watermarking scheme that embeds two distinct watermarks into the generated text using two independent keys. This design enables reliable authorship identification even in the event that one key is compromised. Experimental results demonstrate that our method achieves high detection accuracy for both watermarks while maintaining the fluency and overall quality of the generated text.