What problem does this paper attempt to address?

This paper aims to solve the trade - off problem between attack robustness and security robustness in watermarking algorithms for text generation by large - language models (LLMs). Specifically, current watermarking algorithms usually achieve high - precision detection by adding additional watermark logits to the logits of the LLM at each generation step. However, these algorithms face a dilemma: the number of watermark logits depends on the number of previous tokens. If this number is small, the security is low; if it is large, the attack robustness is insufficient. To solve this problem, the author proposes a semantically - invariant watermarking method that can provide both attack robustness and security robustness simultaneously. The core of this method is that the generation of watermark logits no longer depends on the specific identities of the previous few tokens, but on the semantics of all previous tokens. In terms of specific implementation, the author uses an auxiliary embedded LLM to generate semantic embeddings of all previous tokens, and then converts these semantic embeddings into watermark logits through a trained watermark model. In this way, even if semantically - invariant modifications such as synonym replacement or text restatement are made to the text, the watermark logits will not be significantly affected, thereby improving attack robustness. At the same time, since the generation of watermark logits depends on complex semantic information rather than simple token identities, it also increases the difficulty of cracking the watermark rules and improves security robustness. The paper verifies the robustness of this method under various semantically - invariant attacks through experiments and shows its superior performance in terms of security robustness. Overall, the method proposed in this paper effectively solves the trade - off problem between attack robustness and security robustness in existing watermarking algorithms.