This paper introduces RoSe, the first-of-its-kind ML/Crypto codesign watermarking framework that regulates LLM-generated code to avoid intellectual property rights violations and inappropriate misuse in software development. High-quality watermarks adhering to the detectability-fidelity-robustness tri-objective are limited due to codes' low-entropy nature. Watermark verification, however, often needs to reveal the signature and requires re-encoding new ones for code reuse, which potentially compromising the system's usability. To overcome these challenges, RoSe obtains high-quality watermarks by training the watermark insertion and extraction modules end-to-end to ensure (i) unaltered watermarked code functionality and (ii) enhanced detectability and robustness leveraging pre-trained CodeT5 as the insertion backbone to enlarge the code syntactic and variable rename transformation search space. In the deployment, RoSe uses zero-knowledge proofs for secure verification without revealing the underlying signatures. Extensive evaluations demonstrated RoSe achieves high detection accuracy while preserving the code functionality. RoSe is also robust against attacks and provides efficient secure watermark verification.
翻译:本文提出了RoSe,首个基于机器学习与密码学协同设计的水印框架,用于规范LLM生成的代码,以避免软件开发中的知识产权侵犯与不当滥用。由于代码固有的低熵特性,同时满足可检测性-保真度-鲁棒性三重目标的高质量水印方案存在局限。此外,水印验证通常需要公开签名,且在代码复用场景中需重新编码新水印,这可能损害系统的可用性。为应对这些挑战,RoSe通过端到端训练水印嵌入与提取模块来获取高质量水印,确保:(i)水印代码功能保持不变;(ii)利用预训练的CodeT5作为嵌入主干网络,扩大代码语法与变量重命名变换的搜索空间,从而增强可检测性与鲁棒性。在部署阶段,RoSe采用零知识证明实现安全验证,无需公开底层签名。大量实验评估表明,RoSe在保持代码功能完整的同时实现了高检测精度。该框架能有效抵御各类攻击,并提供高效的安全水印验证机制。