Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Robust Multi-bit Natural Language Watermarking through Invariant Features

KiYoon Yoo, Wonhyuk Ahn, Jiho Jang, Nojun Kwak

TL;DR

The paper tackles robust, multi-bit watermarking for natural language by identifying invariant semantic and syntactic features to anchor watermark positions, reducing vulnerability to corruption. It introduces a two-phase framework where Phase 1 selects robust mask positions and Phase 2 encodes the watermark via an infill model, augmented by a robust infill training regime. Empirical results across four diverse texts show sizable robustness gains (+16.8 percentage points) over prior methods and favorable payloads, with semantic quality maintained and human fluency deemed acceptable. The work clarifies the trade-offs between automatic semantic metrics and human judgments, and positions invariant-feature embedding as a promising direction for copyright protection and misuse tracing in NL content.

Abstract

Recent years have witnessed a proliferation of valuable original natural language contents found in subscription-based media outlets, web novel platforms, and outputs of large language models. However, these contents are susceptible to illegal piracy and potential misuse without proper security measures. This calls for a secure watermarking system to guarantee copyright protection through leakage tracing or ownership identification. To effectively combat piracy and protect copyrights, a multi-bit watermarking framework should be able to embed adequate bits of information and extract the watermarks in a robust manner despite possible corruption. In this work, we explore ways to advance both payload and robustness by following a well-known proposition from image watermarking and identify features in natural language that are invariant to minor corruption. Through a systematic analysis of the possible sources of errors, we further propose a corruption-resistant infill model. Our full method improves upon the previous work on robustness by +16.8% point on average on four datasets, three corruption types, and two corruption ratios. Code available at https://github.com/bangawayoo/nlp-watermarking.

Robust Multi-bit Natural Language Watermarking through Invariant Features

TL;DR

The paper tackles robust, multi-bit watermarking for natural language by identifying invariant semantic and syntactic features to anchor watermark positions, reducing vulnerability to corruption. It introduces a two-phase framework where Phase 1 selects robust mask positions and Phase 2 encodes the watermark via an infill model, augmented by a robust infill training regime. Empirical results across four diverse texts show sizable robustness gains (+16.8 percentage points) over prior methods and favorable payloads, with semantic quality maintained and human fluency deemed acceptable. The work clarifies the trade-offs between automatic semantic metrics and human judgments, and positions invariant-feature embedding as a promising direction for copyright protection and misuse tracing in NL content.

Abstract

Recent years have witnessed a proliferation of valuable original natural language contents found in subscription-based media outlets, web novel platforms, and outputs of large language models. However, these contents are susceptible to illegal piracy and potential misuse without proper security measures. This calls for a secure watermarking system to guarantee copyright protection through leakage tracing or ownership identification. To effectively combat piracy and protect copyrights, a multi-bit watermarking framework should be able to embed adequate bits of information and extract the watermarks in a robust manner despite possible corruption. In this work, we explore ways to advance both payload and robustness by following a well-known proposition from image watermarking and identify features in natural language that are invariant to minor corruption. Through a systematic analysis of the possible sources of errors, we further propose a corruption-resistant infill model. Our full method improves upon the previous work on robustness by +16.8% point on average on four datasets, three corruption types, and two corruption ratios. Code available at https://github.com/bangawayoo/nlp-watermarking.
Paper Structure (26 sections, 5 equations, 5 figures, 20 tables, 1 algorithm)

This paper contains 26 sections, 5 equations, 5 figures, 20 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Problem Formulation of Watermarking
  4. Corruptions on $X_{\text{wm}}$
  5. Infill Model
  6. Framework for Robust Natural Language Watermarking
  7. Phase 1: Mask Position Selection
  8. Phase 2: Watermark Encoding
  9. Robust Infill Model
  10. Experiment
  11. Main Experiments
  12. Semantic Scores of Watermark
  13. Discussion
  14. Comparison with ContextLS
  15. Pitfalls of Automatic Semantic Metrics
  16. ...and 11 more sections

Figures (5)

  • Figure 1: Leftmost shows an example of a cover text and its keyword and syntactic dependency components (only partially shown due to space constraint); Middle shows Phase 1 and Phase 2; Rightmost shows an example of a valid watermark sample.
  • Figure 2: Robustness of $g_1$ and the difference between robustness of $g_1$ and $g_2$ under 5% corruption rate on IMDB.
  • Figure 3: Robustness of $g_1$ at higher corruption rate.
  • Figure 4: A screenshot of human evaluation survey evaluating fluency.
  • Figure 5: A screenshot of human evaluation survey evaluating semantics compared to the original cover text.