Paper 2024/1597
An undetectable watermark for generative image models
, University of California, Berkeley, University of California, Berkeley, University of California, BerkeleyAbstract
We present the first undetectable watermarking scheme for generative image models. Undetectability ensures that no efficient adversary can distinguish between watermarked and un-watermarked images, even after making many adaptive queries. In particular, an undetectable watermark does not degrade image quality under any efficiently computable metric. Our scheme works by selecting the initial latents of a diffusion model using a pseudorandom error-correcting code (Christ and Gunn, 2024), a strategy which guarantees undetectability and robustness. We experimentally demonstrate that our watermarks are quality-preserving and robust using Stable Diffusion 2.1. Our experiments verify that, in contrast to every prior scheme we tested, our watermark does not degrade image quality. Our experiments also demonstrate robustness: existing watermark removal attacks fail to remove our watermark from images without significantly degrading the quality of the images. Finally, we find that we can robustly encode 512 bits in our watermark, and up to 2500 bits when the images are not subjected to watermark removal attacks. Our code is available at https://github.com/XuandongZhao/PRC-Watermark.
Note: Revision 10/9/2024: Fixed typo in Theorem 1
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- Watermarkinggenerative AIpseudorandomness
- Contact author(s)
-
gunn @ berkeley edu
xuandongzhao @ berkeley edu - History
- 2024-10-09: revised
- 2024-10-08: received
- See all versions
- Short URL
- https://ia.cr/2024/1597
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1597,
author = {Sam Gunn and Xuandong Zhao and Dawn Song},
title = {An undetectable watermark for generative image models},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1597},
year = {2024},
url = {https://eprint.iacr.org/2024/1597}
}
