Paper 2024/1840

Ideal Pseudorandom Codes

Omar Alrabiah, University of California, Berkeley
Prabhanjan Ananth, University of California, Santa Barbara
Miranda Christ, Columbia University
Yevgeniy Dodis, New York University
Sam Gunn, University of California, Berkeley
Abstract

Pseudorandom codes are error-correcting codes with the property that no efficient adversary can distinguish encodings from uniformly random strings. They were recently introduced by Christ and Gunn [CRYPTO 2024] for the purpose of watermarking the outputs of randomized algorithms, such as generative AI models. Several constructions of pseudorandom codes have since been proposed, but none of them are robust to error channels that depend on previously seen codewords. This stronger kind of robustness is referred to as adaptive robustness, and it is important for meaningful applications to watermarking. In this work, we show the following. - Adaptive robustness: We show that the pseudorandom codes of Christ and Gunn are adaptively robust, resolving a conjecture posed by Cohen, Hoover, and Schoenbach [S&P 2025]. Our proof involves several new ingredients, combining ideas from both cryptography and coding theory and taking hints from the analysis of Boolean functions. - Ideal security: We define an ideal pseudorandom code as one which is indistinguishable from the ideal functionality, capturing both the pseudorandomness and robustness properties in one simple definition. We show that any adaptively robust pseudorandom code for single-bit messages can be bootstrapped to build an ideal pseudorandom code with linear information rate, under no additional assumptions. - CCA security: In the setting where the encoding key is made public, we define a CCA-secure pseudorandom code in analogy with CCA-secure encryption. We show that any adaptively robust public-key pseudorandom code for single-bit messages can be used to build a CCA-secure pseudorandom code with linear information rate, in the random oracle model. Together with the result of Christ and Gunn, it follows that there exist ideal pseudorandom codes assuming the $2^{O(\sqrt{n})}$-hardness of LPN. This extends to CCA security in the random oracle model. These results immediately imply stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song (2024).

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
error correctionpseudorandomnessmachine learninggenerative AIlarge language modelswatermarkingsteganography
Contact author(s)
oalrabiah @ berkeley edu
prabhanjan @ cs ucsb edu
mchrist @ cs columbia edu
dodis @ cs nyu edu
gunn @ berkeley edu
History
2024-11-11: approved
2024-11-08: received
See all versions
Short URL
https://ia.cr/2024/1840
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1840,
      author = {Omar Alrabiah and Prabhanjan Ananth and Miranda Christ and Yevgeniy Dodis and Sam Gunn},
      title = {Ideal Pseudorandom Codes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1840},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1840}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.