WaterMax is a novel watermarking scheme designed to enhance the detectability of Large Language Models (LLMs) while maintaining the quality of the generated text. Unlike existing watermarking techniques, WaterMax does not modify the weights, logits, temperature, or sampling techniques of the LLM, ensuring that the original model remains unchanged. The scheme balances robustness and complexity, addressing the trade-off between quality and robustness often seen in other watermarking methods. Key contributions of WaterMax include: 1. **High Detectability and Quality**: WaterMax achieves high detectability without significantly degrading the quality of the generated text. 2. **New Design**: The scheme does not rely on common mechanisms used in literature, such as modifying the next token distribution or sampling temperature, and instead focuses on sub-sequences of tokens (chunks). 3. **Theoretical and Experimental Validation**: The performance of WaterMax is both theoretically proven and experimentally validated, outperforming state-of-the-art techniques in a comprehensive benchmark suite. - **Motivation**: The misuse of LLMs, such as impersonation and fake news generation, necessitates methods to trace the provenance of generated texts. - **State-of-the-Art**: Existing watermarking methods often suffer from limitations such as high false-positive rates, degradation in text quality, and computational complexity. - **WaterMax Approach**: WaterMax generates multiple texts and selects the one with the lowest p-value, ensuring high detectability without compromising text quality. The scheme also includes robustness against various text editing attacks. - **Theoretical Model**: A theoretical model is developed to characterize the false positive and true positive rates of the watermark detector, even under attack. - **Efficient Exploration**: The scheme efficiently explores the space of possible texts by generating chunks of text and selecting the one with the lowest p-value, reducing computational complexity. - **Robustness**: The detector is designed to be robust against attacks, such as token insertion or removal, by using a global score that sums up over all tokens. - **Experiments**: WaterMax is evaluated using the Mark My Words (MMW) benchmark, which includes various attacks. The results show that WaterMax achieves high detectability with minimal impact on text quality, outperforming other state-of-the-art methods. - **Computational Complexity**: While WaterMax has a higher computational cost compared to simpler methods, it remains manageable due to parallelization techniques. WaterMax represents a significant advancement in watermarking LLM-generated text, offering high detectability, robustness, and text quality. The scheme's design and performance make it a promising solution for enhancing the traceability and transparency of AI-generated content.WaterMax is a novel watermarking scheme designed to enhance the detectability of Large Language Models (LLMs) while maintaining the quality of the generated text. Unlike existing watermarking techniques, WaterMax does not modify the weights, logits, temperature, or sampling techniques of the LLM, ensuring that the original model remains unchanged. The scheme balances robustness and complexity, addressing the trade-off between quality and robustness often seen in other watermarking methods. Key contributions of WaterMax include: 1. **High Detectability and Quality**: WaterMax achieves high detectability without significantly degrading the quality of the generated text. 2. **New Design**: The scheme does not rely on common mechanisms used in literature, such as modifying the next token distribution or sampling temperature, and instead focuses on sub-sequences of tokens (chunks). 3. **Theoretical and Experimental Validation**: The performance of WaterMax is both theoretically proven and experimentally validated, outperforming state-of-the-art techniques in a comprehensive benchmark suite. - **Motivation**: The misuse of LLMs, such as impersonation and fake news generation, necessitates methods to trace the provenance of generated texts. - **State-of-the-Art**: Existing watermarking methods often suffer from limitations such as high false-positive rates, degradation in text quality, and computational complexity. - **WaterMax Approach**: WaterMax generates multiple texts and selects the one with the lowest p-value, ensuring high detectability without compromising text quality. The scheme also includes robustness against various text editing attacks. - **Theoretical Model**: A theoretical model is developed to characterize the false positive and true positive rates of the watermark detector, even under attack. - **Efficient Exploration**: The scheme efficiently explores the space of possible texts by generating chunks of text and selecting the one with the lowest p-value, reducing computational complexity. - **Robustness**: The detector is designed to be robust against attacks, such as token insertion or removal, by using a global score that sums up over all tokens. - **Experiments**: WaterMax is evaluated using the Mark My Words (MMW) benchmark, which includes various attacks. The results show that WaterMax achieves high detectability with minimal impact on text quality, outperforming other state-of-the-art methods. - **Computational Complexity**: While WaterMax has a higher computational cost compared to simpler methods, it remains manageable due to parallelization techniques. WaterMax represents a significant advancement in watermarking LLM-generated text, offering high detectability, robustness, and text quality. The scheme's design and performance make it a promising solution for enhancing the traceability and transparency of AI-generated content.