On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark

Jaiden Fairoze, Guillermo Ortiz-Jimenez, Mel Vecerik, Somesh Jha, Sven Gowal
Proceedings of The 28th International Conference on Artificial Intelligence and Statistics, PMLR 258:1891-1899, 2025.

Abstract

This work investigates the theoretical boundaries of creating publicly-detectable schemes to enable the provenance of watermarked imagery. Metadata-based approaches like C2PA provide unforgeability and public-detectability. ML techniques offer robust retrieval and watermarking. However, no existing scheme combines robustness, unforgeability, and public-detectability. In this work, we formally define such a scheme and establish its existence. Although theoretically possible, we find that at present, it is intractable to build certain components of our scheme without a leap in deep learning capabilities. We analyze these limitations and propose research directions that need to be addressed before we can practically realize robust and publicly-verifiable provenance.

Cite this Paper

BibTeX
@InProceedings{pmlr-v258-fairoze25a, title = {On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark}, author = {Fairoze, Jaiden and Ortiz-Jimenez, Guillermo and Vecerik, Mel and Jha, Somesh and Gowal, Sven}, booktitle = {Proceedings of The 28th International Conference on Artificial Intelligence and Statistics}, pages = {1891--1899}, year = {2025}, editor = {Li, Yingzhen and Mandt, Stephan and Agrawal, Shipra and Khan, Emtiyaz}, volume = {258}, series = {Proceedings of Machine Learning Research}, month = {03--05 May}, publisher = {PMLR}, pdf = {https://raw.githubusercontent.com/mlresearch/v258/main/assets/fairoze25a/fairoze25a.pdf}, url = {https://proceedings.mlr.press/v258/fairoze25a.html}, abstract = {This work investigates the theoretical boundaries of creating publicly-detectable schemes to enable the provenance of watermarked imagery. Metadata-based approaches like C2PA provide unforgeability and public-detectability. ML techniques offer robust retrieval and watermarking. However, no existing scheme combines robustness, unforgeability, and public-detectability. In this work, we formally define such a scheme and establish its existence. Although theoretically possible, we find that at present, it is intractable to build certain components of our scheme without a leap in deep learning capabilities. We analyze these limitations and propose research directions that need to be addressed before we can practically realize robust and publicly-verifiable provenance.} }
Endnote
%0 Conference Paper %T On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark %A Jaiden Fairoze %A Guillermo Ortiz-Jimenez %A Mel Vecerik %A Somesh Jha %A Sven Gowal %B Proceedings of The 28th International Conference on Artificial Intelligence and Statistics %C Proceedings of Machine Learning Research %D 2025 %E Yingzhen Li %E Stephan Mandt %E Shipra Agrawal %E Emtiyaz Khan %F pmlr-v258-fairoze25a %I PMLR %P 1891--1899 %U https://proceedings.mlr.press/v258/fairoze25a.html %V 258 %X This work investigates the theoretical boundaries of creating publicly-detectable schemes to enable the provenance of watermarked imagery. Metadata-based approaches like C2PA provide unforgeability and public-detectability. ML techniques offer robust retrieval and watermarking. However, no existing scheme combines robustness, unforgeability, and public-detectability. In this work, we formally define such a scheme and establish its existence. Although theoretically possible, we find that at present, it is intractable to build certain components of our scheme without a leap in deep learning capabilities. We analyze these limitations and propose research directions that need to be addressed before we can practically realize robust and publicly-verifiable provenance.
APA
Fairoze, J., Ortiz-Jimenez, G., Vecerik, M., Jha, S. & Gowal, S.. (2025). On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark. Proceedings of The 28th International Conference on Artificial Intelligence and Statistics, in Proceedings of Machine Learning Research 258:1891-1899 Available from https://proceedings.mlr.press/v258/fairoze25a.html.

Related Material