Robustness Assessment and Enhancement of Text Watermarking for Google's SynthID
This work addresses the problem of robust provenance tracking for AI-generated text, which is crucial for applications like content authentication, but it is incremental as it builds upon existing watermarking methods.
The paper tackles the vulnerability of Google's SynthID-Text watermarking to meaning-preserving attacks like paraphrasing, and proposes SynGuard, a hybrid framework that improves watermark recovery by an average of 11.1% in F1 score compared to SynthID-Text.
Recent advances in LLM watermarking methods such as SynthID-Text by Google DeepMind offer promising solutions for tracing the provenance of AI-generated text. However, our robustness assessment reveals that SynthID-Text is vulnerable to meaning-preserving attacks, such as paraphrasing, copy-paste modifications, and back-translation, which can significantly degrade watermark detectability. To address these limitations, we propose SynGuard, a hybrid framework that combines the semantic alignment strength of Semantic Information Retrieval (SIR) with the probabilistic watermarking mechanism of SynthID-Text. Our approach jointly embeds watermarks at both lexical and semantic levels, enabling robust provenance tracking while preserving the original meaning. Experimental results across multiple attack scenarios show that SynGuard improves watermark recovery by an average of 11.1\% in F1 score compared to SynthID-Text. These findings demonstrate the effectiveness of semantic-aware watermarking in resisting real-world tampering. All code, datasets, and evaluation scripts are publicly available at: https://github.com/githshine/SynGuard.