Large Language Models (LLMs) have demonstrated remarkable capabilities, but their training requires extensive data and computational resources, rendering them valuable digital assets. Therefore, it is essential to watermark LLMs to protect their copyright and trace unauthorized use or resale. Existing methods for watermarking LLMs primarily rely on training LLMs with a watermarked dataset, which entails burdensome training costs and negatively impacts the LLM's performance. In addition, their watermarked texts are not logical or natural, thereby reducing the stealthiness of the watermark. To address these issues, we propose EditMark, the first watermarking method that leverages model editing to embed a training-free, stealthy, and performance-lossless watermark for LLMs. We observe that some questions have multiple correct answers. Therefore, we assign each answer a unique watermark and update the weights of LLMs to generate corresponding questions and answers through the model editing technique. In addition, we refine the model editing technique to align with the requirements of watermark embedding. Specifically, we introduce an adaptive multi-round stable editing strategy, coupled with the injection of a noise matrix, to improve both the effectiveness and robustness of the watermark embedding. Extensive experiments indicate that EditMark can embed 32-bit watermarks into LLMs within 20 seconds (Fine-tuning: 6875 seconds) with a watermark extraction success rate of 100%, which demonstrates its effectiveness and efficiency. External experiments further demonstrate that EditMark has fidelity, stealthiness, and a certain degree of robustness against common attacks.

翻译：大型语言模型（LLMs）展现出卓越的能力，但其训练需要大量数据和计算资源，使其成为具有重要价值的数字资产。因此，对LLMs进行水印嵌入以保护其版权并追踪未经授权的使用或转售至关重要。现有的LLMs水印方法主要依赖于使用带水印的数据集训练模型，这需要高昂的训练成本，并对LLMs的性能产生负面影响。此外，其生成的水印文本缺乏逻辑性与自然度，从而降低了水印的隐蔽性。为解决这些问题，本文提出EditMark，这是首个利用模型编辑技术为LLMs嵌入无需训练、隐蔽且无损性能的水印方法。我们观察到某些问题存在多个正确答案，因此为每个答案分配唯一水印，并通过模型编辑技术更新LLMs的权重以生成对应的问题-答案对。同时，我们改进模型编辑技术以匹配水印嵌入的需求：具体而言，引入自适应多轮稳定编辑策略，并结合噪声矩阵注入，以提升水印嵌入的有效性与鲁棒性。大量实验表明，EditMark能在20秒内（微调方法需6875秒）为LLMs嵌入32位水印，且水印提取成功率达100%，证明了其高效性与有效性。外部实验进一步验证EditMark在保真度、隐蔽性及对常见攻击的鲁棒性方面均表现优异。