Pseudorandom error-correcting codes (PRCs), a novel cryptographic primitive recently proposed at CRYPTO 2024, are primarily applied in undetectable watermarking schemes for large generative models.However, the security of PRCs has not yet been systematically analyzed. To fill this gap, we present the first cryptanalysis of PRCs.Specifically, focusing on LDPC-PRC, the only known practical instantiation of PRCs, we propose three novel attacks that challenge its undetectability and robustness.To rigorously demonstrate the practical threat, we analyze the concrete attack complexity under realistic parameters and validate the attack effectiveness on both real-world large language models and generative image models, including DeepSeek and Stable Diffusion.Our analysis shows that the claimed security guarantees of LDPC-PRC are undermined across all practically feasible regimes. For example, our attacks can detect the presence of a watermark with overwhelming probability at a cost of $2^{22}$ operations.Beyond attacks, we further propose three defenses: parameter recommendation, implementation suggestion, and a revised key generation function.However, PRC-based watermarking schemes still fail to achieve 128-bit security due to inherent constraints of large generative models, such as the maximum output length of large language models.Overall, our work clarifies the concrete security limits of PRCs in real-world watermarking applications.

翻译：伪随机纠错码（PRCs）是近期在CRYPTO 2024会议上提出的一种新型密码学原语，主要应用于大型生成模型的不可检测水印方案。然而，PRC的安全性尚未得到系统分析。为填补这一空白，我们首次对PRC进行了密码分析。具体而言，针对PRC唯一已知的实用实例LDPC-PRC，我们提出了三种新型攻击，挑战其不可检测性与鲁棒性。为严谨证明实际威胁，我们分析了实际参数下的具体攻击复杂度，并在真实世界的大语言模型与生成式图像模型（包括DeepSeek和Stable Diffusion）上验证了攻击有效性。分析表明，在所有实际可行场景中，LDPC-PRC声称的安全保证均被削弱。例如，我们的攻击能以压倒性概率检测到水印存在，且计算代价仅为2^{22}次操作。除攻击外，我们进一步提出三种防御措施：参数推荐、实现建议及改进的密钥生成函数。然而，由于大语言模型最大输出长度等大型生成模型的内在限制，基于PRC的水印方案仍未能实现128比特安全。总体而言，本研究明确了PRC在现实水印应用中的具体安全极限。