WaterMax: breaking the LLM watermark detectability-robustness-quality trade-off
This addresses the need for effective watermarking to prevent misuse of LLMs, offering a novel solution that breaks existing trade-offs, though it is incremental in improving watermarking techniques.
The paper tackles the problem of balancing detectability, robustness, and quality in watermarking for large language models, proposing WaterMax, which achieves high detectability while maintaining text quality and outperforms state-of-the-art methods in benchmarks.
Watermarking is a technical means to dissuade malfeasant usage of Large Language Models. This paper proposes a novel watermarking scheme, so-called WaterMax, that enjoys high detectability while sustaining the quality of the generated text of the original LLM. Its new design leaves the LLM untouched (no modification of the weights, logits, temperature, or sampling technique). WaterMax balances robustness and complexity contrary to the watermarking techniques of the literature inherently provoking a trade-off between quality and robustness. Its performance is both theoretically proven and experimentally validated. It outperforms all the SotA techniques under the most complete benchmark suite. Code available at https://github.com/eva-giboulot/WaterMax.