With the rapid development of deep neural networks(DNNs), many robust blind watermarking algorithms and frameworks have been proposed and achieved good results. At present, the watermark attack algorithm can not compete with the watermark addition algorithm. And many watermark attack algorithms only care about interfering with the normal extraction of the watermark, and the watermark attack will cause great visual loss to the image. To this end, we propose DiffWA, a conditional diffusion model with distance guidance for watermark attack, which can restore the image while removing the embedded watermark. The core of our method is training an image-to-image conditional diffusion model on unwatermarked images and guiding the conditional model using a distance guidance when sampling so that the model will generate unwatermarked images which is similar to original images. We conducted experiments on CIFAR-10 using our proposed models. The results shows that the model can remove the watermark with good effect and make the bit error rate of watermark extraction higher than 0.4. At the same time, the attacked image will maintain good visual effect with PSNR more than 31 and SSIM more than 0.97 compared with the original image.

翻译：随着深度神经网络的快速发展，多种鲁棒盲水印算法及框架已被提出并取得良好效果。当前水印攻击算法尚无法与水印嵌入算法相抗衡，同时许多水印攻击算法仅关注干扰水印的正常提取，导致攻击后的图像产生严重视觉损失。为此，我们提出DiffWA——一种基于距离引导的条件扩散模型用于水印攻击，该模型能在移除嵌入水印的同时恢复图像。本方法的核心是在无水印图像上训练图像到图像的条件扩散模型，并在采样时通过距离引导机制对条件模型进行调控，从而使模型生成与原始图像相似的无水印图像。我们在CIFAR-10数据集上采用所提模型进行实验，结果表明：该模型能有效移除水印，使水印提取误码率超过0.4；同时攻击后图像保持良好的视觉效果，相较于原始图像的PSNR超过31，SSIM超过0.97。