What problem does this paper attempt to address?

This paper aims to solve the problem of how to embed watermarks with provable guarantees in the text generated by language models. Specifically, the author focuses on designing a watermarking scheme that can satisfy the following two key properties: 1. **Undetectability**: According to the cryptographic concept introduced in [CGZ24], the watermarked language model output is computationally indistinguishable from the actual output distribution of the model. This means that no polynomial - time algorithm can distinguish the outputs of the two by querying the watermarked model or the actual model multiple times. 2. **Robustness to Edits**: The watermarking scheme needs to be robust against channels that introduce a constant proportion of adversarial insertions, substitutions, and deletions. Early schemes could only handle random substitutions and deletions, while the goal of this paper is to achieve a natural and more appealing robustness guarantee for edit distance. ### Main Contributions The main contribution of the paper is to propose a watermarking scheme that achieves both undetectability and robustness to edits when the alphabet size of the language model is allowed to grow polynomially with the security parameter. To achieve this goal, the author adopts the following methods: 1. **Pseudorandom Codes (PRCs)**: First, construct pseudorandom codes that satisfy the undetectability and robustness properties. The symbols of these codes are interpreted as indices in the codewords, called Indexing Pseudorandom Codes. 2. **Conversion from a Large Alphabet to an Arbitrary Language Model**: Show how to convert these codes on a large alphabet into a watermarking scheme applicable to any language model. ### Technical Roadmap The technical route of the paper is as follows: 1. **Design Pseudorandom Codes on a Binary Alphabet**: Under Assumption 3.1, design a pseudorandom code on a binary alphabet that is robust against a constant proportion of adversarial substitutions (Theorem 3.2). 2. **Universal Conversion**: Give a universal conversion method to convert a pseudorandom code on a binary alphabet that is robust against substitutions into a pseudorandom code on a polynomial - size alphabet that is robust against a constant proportion of substitutions, insertions, and deletions (Theorem 4.1). 3. **Conversion from Pseudorandom Codes to a Watermarking Scheme**: Establish a universal conversion method to convert a pseudorandom code on a large alphabet that is robust against substitutions, insertions, and deletions into a watermarking scheme with similar robustness (Theorem 5.1). ### Main Results The main results of the paper (the informal version of Theorem 1.1) show that, under standard cryptographic assumptions, there exists a watermarking scheme that has the following properties for model outputs of polynomial length on a polynomial - size alphabet: - Soundness - Undetectability for polynomial - time algorithms - Robustness against a constant proportion of substitutions, insertions, and deletions ### Related Work - **Early Watermarking Work**: Early work mainly focused on embedding watermarks by subtly changing the text, but these methods usually significantly change the distribution of the generated content. - **Recent Work**: Some recent work embeds watermarks by preferentially generating certain tokens during the generation process, but these methods may introduce some obvious biases. - **Undetectability vs. Distortion - free**: Undetectability requires that no polynomial - time algorithm can distinguish the outputs of the watermarked model and the original model, while distortion - free requires that the distribution of a single text sample is exactly the same. Undetectability provides a stronger guarantee and is more suitable for practical applications. In conclusion, this paper successfully solves the problem of embedding watermarks with provable robustness in the text generated by language models by introducing new pseudorandom code techniques and universal conversion methods.