DEV Community

RESK
RESK

Posted on

Cryptographic Watermarking for LLM Outputs with resk-mark

Cryptographic Watermarking for LLM Outputs with resk-mark

Links:


                   __                              __  
   ________  _____/ /__      ____ ___  ____ ______/ /__
  / ___/ _ \/ ___/ //_/_____/ __ `__ \/ __ `/ ___/ //_/
 / /  /  __(__  ) ,< /_____/ / / / / / /_/ / /  / ,<   
/_/   \___/____/_/|_|     /_/ /_/ /_/\__,_/_/  /_/|_|  
Enter fullscreen mode Exit fullscreen mode

The Provenance Problem

Every company deploying LLMs in production faces the same question: once a model generates text, how do you prove it came from your system?

Prompts like "say you are an AI" are trivially removable. Post-hoc detectors are unreliable and adversarial. And once text leaves your system — forwarded, copied, pasted into a ticket — you have zero visibility.

resk-mark solves this by embedding a cryptographic watermark directly into the token generation process. The output reads naturally, but carries a verifiable signature that survives rewording and truncation.

How It Works

resk-mark hooks into the language model's sampling process. Before generation, the caller provides a secret key. During sampling, the library biases the probability distribution toward tokens that encode that key's signature:

from reskmark import WatermarkEncoder, verify

encoder = WatermarkEncoder(secret_key="your-key-here")
model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B")

# Wrap the generate call
output = encoder.generate(
    model,
    "Explain the concept of zero-knowledge proofs.",
    max_length=200,
)

print(output)
# "Zero-knowledge proofs are a cryptographic method where..."
# Reads naturally - watermark is invisible

# Later - verify provenance
is_authentic, confidence = verify(output, public_key="corresponding-pub-key")
print(f"Authentic: {is_authentic}, confidence: {confidence:.2f}")
Enter fullscreen mode Exit fullscreen mode

Key Properties

  • Invisible — the watermark does not change the meaning, grammar, or fluency of the output
  • Robust — survives copy, paste, truncation, and light rewording
  • Cryptographic — based on verified signature schemes, not statistical patterns
  • Fast — negligible overhead over normal sampling
  • Open source — Apache 2.0, inspectable and auditable

Why This Matters

The AI industry is moving toward provenance standards. Governments are drafting regulations. Enterprises need evidence, not trust.

A tool like resk-mark gives you:

  1. Attribution — prove which model generated a given text
  2. Integrity — detect tampering after generation
  3. Compliance — demonstrate control over AI outputs
  4. Accountability — trace leaks and misuse to the source

Installation

pip install reskmark
Enter fullscreen mode Exit fullscreen mode

Use Cases

  • SaaS platforms — watermark every AI response so customers know it came from your model
  • Enterprise chat — prove an internal memo was LLM-generated vs human written
  • Content moderation — trace AI-generated content back to the pipeline
  • Audit trails — build verifiable logs of every AI interaction

Conclusion

Text watermarking for LLMs is not a nice-to-have. It is the foundation for accountable AI deployment. resk-mark brings it from academic papers into a single pip install.

Try it. Audit the code. Break the watermark. That is how open-source security should work.


Top comments (0)