基于拉格朗日插值的大语言模型文本水印方法 (LLM-Text Watermarking based on Lagrange Interpolation)

The rapid advancement of LLMs (Large Language Models) has established them as a foundational technology for many AI and ML-powered human computer interactions. A critical challenge in this context is the attribution of LLM-generated text -- either to the specific language model that produced it or to the individual user who embedded their identity via a so-called multi-bit watermark. This capability is essential for combating misinformation, fake news, misinterpretation, and plagiarism. One of the key techniques for addressing this challenge is digital watermarking. This work presents a watermarking scheme for LLM-generated text based on Lagrange interpolation, enabling the recovery of a multi-bit author identity even when the text has been heavily redacted by an adversary. The core idea is to embed a continuous sequence of points $(x, f(x))$ that lie on a single straight line. The $x$-coordinates are computed pseudorandomly using a cryptographic hash function $H$ applied to the concatenation of the previous token's identity and a secret key $s_k$. Crucially, the $x$-coordinates do not need to be embedded into the text -- only the corresponding $f(x)$ values are embedded. During extraction, the algorithm recovers the original points along with many spurious ones, forming an instance of the Maximum Collinear Points (MCP) problem, which can be solved efficiently. Experimental results demonstrate that the proposed method is highly effective, allowing the recovery of the author identity even when as few as three genuine points remain after adversarial manipulation.

翻译：大语言模型（LLMs）的快速发展已使其成为许多人机交互中由人工智能和机器学习驱动的应用的基础技术。在此背景下，一个关键挑战是对LLM生成文本的溯源——即确定文本是由哪个特定语言模型生成的，或者是由哪个通过所谓的多比特水印嵌入了自身身份信息的个体用户生成的。这种能力对于打击虚假信息、假新闻、错误解读和剽窃至关重要。应对这一挑战的关键技术之一是数字水印。本文提出了一种基于拉格朗日插值的LLM生成文本水印方案，即使文本被对手大量删改，也能恢复出多比特的作者身份信息。其核心思想是嵌入一系列位于同一条直线上的连续点$(x, f(x))$。其中$x$坐标是通过将前一个词元的身份标识与一个秘密密钥$s_k$拼接后，应用密码学哈希函数$H$进行伪随机计算得到的。关键之处在于，$x$坐标不需要嵌入到文本中——只有对应的$f(x)$值被嵌入。在提取阶段，算法会恢复原始点以及许多虚假点，从而形成一个最大共线点（MCP）问题实例，该问题可以被高效求解。实验结果表明，所提方法非常有效，即使在对手篡改后仅剩三个真实点的情况下，也能成功恢复作者身份。