test2 | 2024-01-19 | Research Paper | Source

Recently, LoRA and its variants have become thede facto strategy for training and sharing task-specific versions of large pretrained mod- els, thanks to their efficiency and simplicity. However, the issue of copyright protection for LoRA weights, especially through watermark- based techniques, remains underexplored. To ad- dress this gap, we propose SEAL (SEcure wAter- marking on LoRA weights), the universal white- box watermarking for LoRA. SEAL embeds a secret, non-trainable matrix between trainable LoRA weights, serving as a passport to claim ownership. SEAL then entangles the passport with the LoRA weights through training, with- out extra loss for entanglment, and distributes the finetuned weights after hiding the passport. When applying SEAL, we observed no performance degradation across commonsense reasoning, tex- tual/visual instruction tuning, and text-to-image synthesis tasks. We demonstrate that SEAL is ro- bust against a variety of known attacks: removal, obfuscation, and ambiguity attacks.