Abstract

The present disclosure relates to watermarking techniques for neural network models that embed verifiable ownership information into model parameters. In one aspect, floating-point weight parameters are quantized and least significant bits are biased during rounding such that the bits collectively encode a pseudorandom error-correcting code derived from a digital signature of a model owner. In another aspect, a pseudorandom codeword generated from the digital signature is directly embedded by replacing least significant bits of quantized weight parameters. In both cases, the watermark is cryptographically verifiable and remains detectable even after model perturbations, fine-tuning, or partial retraining. Ownership verification is performed by extracting least significant bits, reconstructing the encoded sequence, and decoding the error-correcting code to recover the digital signature. The disclosed techniques provide efficient, architecture-agnostic, and tamper-resistant watermarking suitable for large-scale neural networks, enabling model owners to demonstrate authorship and deter misappropriation.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS