Performance-lossless Black-box Model Watermarking

With the development of deep learning, high-value and high-cost models have become valuable assets, and related intellectual property protection technologies have become a hot topic. However, existing model watermarking work in black-box scenarios mainly originates from training-based backdoor methods, which probably degrade original task performance. To address this, we propose a branch backdoor-based model watermarking protocol to protect model intellectual property, where a construction based on a message authentication scheme is adopted as the branch indicator. We prove the lossless performance of the protocol by reduction. Taking the language generation task as an instance, we show the effectiveness of the proposed protocol.