![[2602.15323] Unforgeable Watermarks for Language Models via Robust Signatures](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.15323] Unforgeable Watermarks for Language Models via Robust Signatures
Summary
The paper presents a novel watermarking scheme for language models that ensures unforgeability and recoverability, enhancing content provenance and attribution.
Why It Matters
As language models produce increasingly human-like text, the need for robust verification tools becomes critical. This research addresses the challenge of false attribution and strengthens content ownership, which is vital for creators and organizations relying on AI-generated content.
Key Takeaways
- Introduces unforgeability and recoverability as key properties for watermarking language models.
- Develops a robust watermarking scheme that prevents false positives in content attribution.
- Utilizes a new cryptographic primitive, robust digital signatures, to enhance security.
Computer Science > Cryptography and Security arXiv:2602.15323 (cs) [Submitted on 17 Feb 2026] Title:Unforgeable Watermarks for Language Models via Robust Signatures Authors:Huijia Lin, Kameron Shahabi, Min Jae Song View a PDF of the paper titled Unforgeable Watermarks for Language Models via Robust Signatures, by Huijia Lin and 2 other authors View PDF HTML (experimental) Abstract:Language models now routinely produce text that is difficult to distinguish from human writing, raising the need for robust tools to verify content provenance. Watermarking has emerged as a promising countermeasure, with existing work largely focused on model quality preservation and robust detection. However, current schemes provide limited protection against false attribution. We strengthen the notion of soundness by introducing two novel guarantees: unforgeability and recoverability. Unforgeability prevents adversaries from crafting false positives, texts that are far from any output from the watermarked model but are nonetheless flagged as watermarked. Recoverability provides an additional layer of protection: whenever a watermark is detected, the detector identifies the source text from which the flagged content was derived. Together, these properties strengthen content ownership by linking content exclusively to its generating model, enabling secure attribution and fine-grained traceability. We construct the first undetectable watermarking scheme that is robust, unforgeable, and recoverable...