Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Ideal Pseudorandom Codes

Omar Alrabiah, Prabhanjan Ananth, Miranda Christ, Yevgeniy Dodis, Sam Gunn

TL;DR

It follows that there exist ideal pseudorandom codes assuming the 2O(√n)-hardness of LPN, which implies stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song.

Abstract

Pseudorandom codes are error-correcting codes with the property that no efficient adversary can distinguish encodings from uniformly random strings. They were recently introduced by Christ and Gunn [CRYPTO 2024] for the purpose of watermarking the outputs of randomized algorithms, such as generative AI models. Several constructions of pseudorandom codes have since been proposed, but none of them are robust to error channels that depend on previously seen codewords. This stronger kind of robustness is referred to as adaptive robustness, and it is important for meaningful applications to watermarking. In this work, we show the following. - Adaptive robustness: We show that the pseudorandom codes of Christ and Gunn are adaptively robust, resolving a conjecture posed by Cohen, Hoover, and Schoenbach [S&P 2025]. - Ideal security: We define an ideal pseudorandom code as one which is indistinguishable from the ideal functionality, capturing both the pseudorandomness and robustness properties in one simple definition. We show that any adaptively robust pseudorandom code for single-bit messages can be bootstrapped to build an ideal pseudorandom code with linear information rate, under no additional assumptions. - CCA security: In the setting where the encoding key is made public, we define a CCA-secure pseudorandom code in analogy with CCA-secure encryption. We show that any adaptively robust public-key pseudorandom code for single-bit messages can be used to build a CCA-secure pseudorandom code with linear information rate, in the random oracle model. These results immediately imply stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song (2024).

Ideal Pseudorandom Codes

TL;DR

It follows that there exist ideal pseudorandom codes assuming the 2O(√n)-hardness of LPN, which implies stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song.

Abstract

Pseudorandom codes are error-correcting codes with the property that no efficient adversary can distinguish encodings from uniformly random strings. They were recently introduced by Christ and Gunn [CRYPTO 2024] for the purpose of watermarking the outputs of randomized algorithms, such as generative AI models. Several constructions of pseudorandom codes have since been proposed, but none of them are robust to error channels that depend on previously seen codewords. This stronger kind of robustness is referred to as adaptive robustness, and it is important for meaningful applications to watermarking. In this work, we show the following. - Adaptive robustness: We show that the pseudorandom codes of Christ and Gunn are adaptively robust, resolving a conjecture posed by Cohen, Hoover, and Schoenbach [S&P 2025]. - Ideal security: We define an ideal pseudorandom code as one which is indistinguishable from the ideal functionality, capturing both the pseudorandomness and robustness properties in one simple definition. We show that any adaptively robust pseudorandom code for single-bit messages can be bootstrapped to build an ideal pseudorandom code with linear information rate, under no additional assumptions. - CCA security: In the setting where the encoding key is made public, we define a CCA-secure pseudorandom code in analogy with CCA-secure encryption. We show that any adaptively robust public-key pseudorandom code for single-bit messages can be used to build a CCA-secure pseudorandom code with linear information rate, in the random oracle model. These results immediately imply stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song (2024).

Paper Structure

This paper contains 57 sections, 26 theorems, 61 equations, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Pseudorandom codes.
  3. Watermarking.
  4. Oblivious vs adaptive robustness.
  5. This work.
  6. Results
  7. Relationship to watermarking
  8. PRC robustness and watermark robustness.
  9. On robustness to substitutions.
  10. On the alphabet size.
  11. Related work.
  12. Technical overview
  13. Organization
  14. Pseudorandom codes
  15. Adaptively robust public-key PRCs based on LDPC codes
  16. ...and 42 more sections

Key Result

Theorem 1

For any $\varepsilon > 0$, the public-key zero-bit pseudorandom code from CG24 is adaptively $(1/2-\varepsilon)$-robust for appropriate choice of parameters.

Figures (1)

  • Figure 1: Organization of the paper. The red boxes are particular to the LDPC-based public-key PRCs related to CG24, the green boxes are generic in the secret-key setting, and the purple boxes are generic in the public-key setting.

Theorems & Definitions (64)

  • Theorem 1: Adaptively robust zero-bit PRC
  • Theorem 2: Adaptively robust single-bit PRC
  • Theorem 3: Ideal PRC
  • Theorem 4: CCA-secure PRC
  • Corollary 5
  • Remark
  • Definition
  • Definition : \ref{['definition:adaptive-robustness-pk']}, public-key adaptive $\delta$-robustness, informal
  • Remark
  • Lemma : \ref{['lemma:omar']}, informal
  • ...and 54 more