WaterMax: Breaking the LLM Watermark Detectability-Robustness-Quality Trade-off

WaterMax achieves high detectability and quality for watermarked text without modifying the original LLM.

Watermarking is crucial for identifying texts generated by LLMs to prevent misuse. Passive and active methods are used for identification, with watermarking offering higher performance. WaterMax introduces a novel watermarking scheme that maintains text quality and detectability. The scheme is theoretically proven and experimentally validated to outperform existing techniques. WaterMax balances robustness and complexity, addressing limitations of current watermarking methods. The scheme does not require modification of LLM weights, logits, temperature, or sampling technique. WaterMax improves text quality and watermark detectability without compromising on either aspect. The watermark size is minimized without compromising on text quality, as shown in Figure 1. WaterMax utilizes sub-sequences of tokens to maintain text entropy and sustain quality. The scheme provides a theoretical model for watermark performance under attack scenarios. WaterMax can be integrated into any standard LLM without fine-tuning, ensuring ease of implementation.

WaterMax balances robustness and complexity contrary to existing watermarking techniques. WaterMax outperforms all state-of-the-art techniques under benchmark suite. WaterMax achieves a small watermark size without compromising on text quality.

"WaterMax balances robustness and complexity contrary to the watermarking techniques of the literature." "Our scheme improves the quality of the generated text and the detectability of the watermark."