SEAL: Entangled White-box Watermarks on Low-Rank Adaptation
This addresses copyright protection for shared task-specific models, which is an incremental improvement in watermarking techniques for low-rank adaptation.
The authors tackled the problem of copyright protection for LoRA weights by proposing SEAL, a white-box watermarking method that embeds a secret matrix and entangles it with trainable weights, achieving no performance degradation across multiple tasks and demonstrating robustness against various attacks.
Recently, LoRA and its variants have become the de facto strategy for training and sharing task-specific versions of large pretrained models, thanks to their efficiency and simplicity. However, the issue of copyright protection for LoRA weights, especially through watermark-based techniques, remains underexplored. To address this gap, we propose SEAL (SEcure wAtermarking on LoRA weights), the universal whitebox watermarking for LoRA. SEAL embeds a secret, non-trainable matrix between trainable LoRA weights, serving as a passport to claim ownership. SEAL then entangles the passport with the LoRA weights through training, without extra loss for entanglement, and distributes the finetuned weights after hiding the passport. When applying SEAL, we observed no performance degradation across commonsense reasoning, textual/visual instruction tuning, and text-to-image synthesis tasks. We demonstrate that SEAL is robust against a variety of known attacks: removal, obfuscation, and ambiguity attacks.