TimeMark: A Trustworthy Time Watermarking Framework for Exact Generation-Time Recovery from AIGC

Ge Gao; Shangkun Che; Silin Du

arxiv: 2604.12216 · v1 · submitted 2026-04-14 · 💻 cs.CR · cs.CL

TimeMark: A Trustworthy Time Watermarking Framework for Exact Generation-Time Recovery from AIGC

Shangkun Che , Silin Du , Ge Gao This is my paper

Pith reviewed 2026-05-10 16:09 UTC · model grok-4.3

classification 💻 cs.CR cs.CL

keywords trustworthy watermarkingtime watermarkAIGCLLM watermarkgeneration time recoverycryptographic watermarkjudicial evidenceintellectual property

0 comments

The pith

TimeMark recovers the exact generation time of AI-generated text with perfect accuracy by binding timestamps to regulated secret keys and using two-stage encoding plus error correction.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a trustworthy time watermarking framework that embeds generation timestamps into LLM outputs so they can serve as reliable judicial evidence in intellectual property disputes. Unlike prior statistical watermarking methods that only give probabilistic detection and allow forgery, this approach decouples the payload from time, generates random non-stored bits per instance, and relies on time-dependent keys supervised by regulators. A two-stage encoding step combined with error-correcting codes is claimed to deliver theoretically perfect recovery while resisting both user-side statistical attacks and provider-side fabrication. The authors argue that these properties meet the reliability bar needed for court use and provide a concrete path to resolve future AIGC disputes.

Core claim

The framework integrates cryptographic techniques to encode time information into time-dependent secret keys under regulatory supervision, preventing arbitrary timestamp fabrication. The watermark payload is generated as a random, non-stored bit sequence for each instance, eliminating statistical patterns. A two-stage encoding mechanism together with error-correcting codes enables reliable recovery of the generation time with theoretically perfect accuracy.

What carries the argument

Two-stage encoding mechanism combined with error-correcting codes that operates on random payloads derived from time-dependent secret keys under regulatory supervision.

If this is right

AI-generated text can be timestamped in a way that satisfies judicial standards for evidence in copyright and IP cases.
Model providers lose the ability to fabricate arbitrary generation times because keys are externally supervised.
Statistical detection attacks become ineffective because payloads carry no distributional patterns.
The same reliability guarantees extend to multi-bit information beyond timestamps when the two-stage encoding is applied.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The method could be extended to image, audio, or video AIGC if analogous key-supervision and encoding steps are defined for those modalities.
Widespread adoption would shift the burden of timestamp integrity from technical detection to regulatory key management.
If perfect recovery holds, courts could treat recovered timestamps as stronger evidence than current probabilistic watermarks.
The framework creates an incentive for standardized regulatory infrastructure around time-key issuance.

Load-bearing premise

That regulators can reliably enforce time-dependent secret keys so providers cannot forge timestamps, and that the two-stage encoding with error correction will always recover the time perfectly from any real-world LLM output without statistical leaks or implementation errors.

What would settle it

A demonstration that a model provider can produce text containing an arbitrary future or past timestamp that still passes the recovery procedure, or a recovery failure on a set of LLM outputs where the embedded time cannot be reconstructed exactly.

read the original abstract

The widespread use of Large Language Models (LLMs) in text generation has raised increasing concerns about intellectual property disputes. Watermarking techniques, which embed meta information into AI-generated content (AIGC), have the potential to serve as judicial evidence. However, existing methods rely on statistical signals in token distributions, leading to inherently probabilistic detection and reduced reliability, especially in multi-bit encoding (e.g., timestamps). Moreover, such methods introduce detectable statistical patterns, making them vulnerable to forgery attacks and enabling model providers to fabricate arbitrary watermarks. To address these issues, we propose the concept of trustworthy watermark, which achieves reliable recovery with 100% identification accuracy while resisting both user-side statistical attacks and provider-side forgery. We focus on trustworthy time watermarking for use as judicial evidence. Our framework integrates cryptographic techniques and encodes time information into time-dependent secret keys under regulatory supervision, preventing arbitrary timestamp fabrication. The watermark payload is decoupled from time and generated as a random, non-stored bit sequence for each instance, eliminating statistical patterns. To ensure verifiability, we design a two-stage encoding mechanism, which, combined with error-correcting codes, enables reliable recovery of generation time with theoretically perfect accuracy. Both theoretical analysis and experiments demonstrate that our framework satisfies the reliability requirements for judicial evidence and offers a practical solution for future AIGC-related intellectual property disputes.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

TimeMark combines time-dependent crypto keys, random non-stored payloads, and two-stage ECC to claim exact time recovery in AI text, but the forgery resistance and judicial reliability rest on regulators enforcing key rules.

read the letter

The main thing here is a framework that tries to move past probabilistic statistical watermarks by encoding time into time-varying secret keys under regulatory oversight, then using decoupled random payloads and a two-stage ECC setup for claimed 100% accurate recovery of the generation timestamp. They argue this resists both user-side attacks that exploit statistical patterns and provider-side forgery that could fake any timestamp. The abstract positions this as suitable for judicial evidence in IP disputes over AIGC. That combination of crypto primitives with ECC for perfect recovery is the concrete step beyond prior work on statistical signals. It directly targets the issues of low reliability in multi-bit encoding and detectable patterns that let providers fabricate watermarks. The random payload that is not stored helps avoid leaving traces that could be reverse-engineered. The two-stage encoding plus ECC is presented as delivering the theoretical perfection, with experiments supposedly backing it up. That is a reasonable direction if the details hold. The soft spots are the non-technical assumptions. Provider-forgery resistance depends on regulators actually supervising and auditing the time-dependent keys across all providers, which is a policy requirement rather than something the scheme itself enforces. If that supervision fails or is bypassed, the forgery protection collapses. The 100% accuracy claim also needs the full derivations and attack models to check whether real LLM outputs introduce any embedding artifacts or edge cases that could defeat the ECC in practice. Without those specifics visible in the abstract, the soundness is hard to assess yet. This is for researchers working on applied crypto for generative AI and digital evidence standards. It raises a timely issue worth referee attention even if the regulatory piece and implementation robustness need more scrutiny. Send it to peer review so the encoding details and assumption checks can be worked through.

Referee Report

2 major / 0 minor

Summary. The paper proposes TimeMark, a trustworthy time watermarking framework for exact generation-time recovery from AI-generated content (AIGC). It integrates cryptographic techniques with time-dependent secret keys under regulatory supervision to prevent forgery, uses a decoupled random payload to avoid statistical patterns, and employs a two-stage encoding mechanism combined with error-correcting codes to achieve theoretically perfect accuracy in time recovery. The authors claim that theoretical analysis and experiments show it meets reliability requirements for judicial evidence in AIGC intellectual property disputes, resisting both user-side attacks and provider-side forgery.

Significance. If the results hold, the framework could offer a substantial improvement over existing probabilistic watermarking methods by providing deterministic and highly reliable time stamping for AI content, which is critical for legal and IP applications. The cryptographic approach and attack resistance could set a new standard for trustworthy AIGC authentication.

major comments (2)

Abstract: The assertion that the two-stage encoding mechanism combined with error-correcting codes 'enables reliable recovery of generation time with theoretically perfect accuracy' is made without any supporting equations, formal proofs, or error analysis. This is load-bearing for the central claim of 100% accuracy and judicial suitability, as no derivation is provided to show invariance to model-specific statistical properties or implementation details.
Abstract: The framework's resistance to provider-side forgery is attributed to encoding time into 'time-dependent secret keys under regulatory supervision,' but this relies on an external, non-technical assumption of effective regulatory enforcement across providers. Without technical mechanisms to enforce or verify key usage, this does not constitute a cryptographic guarantee and weakens the 'trustworthy' and forgery-resistance claims.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address the two major comments point by point below, providing clarifications on the supporting analysis and the assumptions in our framework. Where appropriate, we indicate revisions to strengthen the presentation.

read point-by-point responses

Referee: Abstract: The assertion that the two-stage encoding mechanism combined with error-correcting codes 'enables reliable recovery of generation time with theoretically perfect accuracy' is made without any supporting equations, formal proofs, or error analysis. This is load-bearing for the central claim of 100% accuracy and judicial suitability, as no derivation is provided to show invariance to model-specific statistical properties or implementation details.

Authors: The abstract provides a concise summary of the central claim. The full manuscript contains the supporting theoretical analysis, including the formal description of the two-stage encoding process, the integration with error-correcting codes, the derivation showing deterministic recovery independent of the underlying model's token statistics, and the error probability bounds (see Sections 3.2 and 4). These establish invariance to model-specific properties under the stated cryptographic assumptions and yield theoretically perfect accuracy (zero decoding error with overwhelming probability for the chosen parameters). To improve clarity, we will revise the abstract to include a brief pointer to the theoretical guarantees in the main text. revision: partial
Referee: Abstract: The framework's resistance to provider-side forgery is attributed to encoding time into 'time-dependent secret keys under regulatory supervision,' but this relies on an external, non-technical assumption of effective regulatory enforcement across providers. Without technical mechanisms to enforce or verify key usage, this does not constitute a cryptographic guarantee and weakens the 'trustworthy' and forgery-resistance claims.

Authors: We agree that the forgery resistance is not a purely cryptographic guarantee in isolation. The technical component ensures that, given a time-dependent key, forging a valid watermark for an arbitrary timestamp is computationally infeasible due to the cryptographic binding and the non-stored random payload. The regulatory supervision is an explicit assumption of the threat model (as stated in Section 2), analogous to the trusted setup in many cryptographic protocols. We do not claim a self-enforcing technical mechanism that replaces regulation. We will add a dedicated paragraph in the discussion section clarifying this assumption, its scope, and the resulting security guarantees conditional on proper key management. revision: partial

Circularity Check

0 steps flagged

No circularity detected; claims rest on external assumptions and standard primitives

full rationale

The abstract and description present the framework as integrating cryptographic techniques, time-dependent secret keys under regulatory supervision, decoupled random payloads, two-stage encoding, and error-correcting codes to achieve 100% recovery accuracy. No equations, definitions, or self-citations are provided that reduce the accuracy claim or trustworthiness to a fitted parameter, self-referential quantity, or prior author result by construction. The central claims do not exhibit self-definition, fitted inputs renamed as predictions, or load-bearing self-citation chains; they build on independent cryptographic and coding primitives with external non-technical assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

Review based on abstract only; full details on any fitted parameters or additional assumptions are unavailable.

axioms (2)

domain assumption Cryptographic techniques under regulatory supervision can encode time information into time-dependent secret keys that prevent arbitrary fabrication.
Invoked to resist provider-side forgery attacks.
ad hoc to paper The two-stage encoding mechanism combined with error-correcting codes enables reliable recovery of generation time with theoretically perfect accuracy.
Central assumption supporting the 100% identification accuracy claim.

invented entities (1)

Trustworthy time watermark no independent evidence
purpose: To achieve 100% accurate time recovery while resisting statistical attacks and forgery.
New concept introduced to differentiate from probabilistic statistical watermarks.

pith-pipeline@v0.9.0 · 5547 in / 1381 out tokens · 42100 ms · 2026-05-10T16:09:32.286605+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

51 extracted references · 51 canonical work pages

[1]

, " * write output.state after.block = add.period write newline

ENTRY address author booktitle chapter doi edition editor eid howpublished institution isbn issn journal key month note number organization pages publisher school series title type url volume year label extra.label sort.label short.list INTEGERS output.state before.all mid.sentence after.sentence after.block FUNCTION init.state.consts #0 'before.all := #1...

work page
[2]

write newline

" write newline "" before.all 'output.state := FUNCTION n.dashify 't := "" t empty not t #1 #1 substring "-" = t #1 #2 substring "--" = not "--" * t #2 global.max substring 't := t #1 #1 substring "-" = "-" * t #2 global.max substring 't := while if t #1 #1 substring * t #2 global.max substring 't := if while FUNCTION word.in "" FUNCTION format.date year ...

work page
[3]

RFC 3161, ://www.ietf.org/rfc/rfc3161.txt

Adams C, Cain P, Pinkas D, Zuccherato R (2001) Internet x.509 public key infrastructure time-stamp protocol (tsp). RFC 3161, ://www.ietf.org/rfc/rfc3161.txt

work page 2001
[4]

Management Science

Bick A, Blandin A, Deming DJ (2026) The rapid adoption of generative ai. Management Science

work page 2026
[5]

Mathematics 12(23):3860

Bulgakov AL, Aleshina AV, Smirnov SD, Demidov AD, Milyutin MA, Xin Y (2024) Scalability and security in blockchain networks: Evaluation of sharding algorithms and prospects for decentralized data storage. Mathematics 12(23):3860

work page 2024
[6]

arXiv preprint arXiv:2409.02968

Chen B, Ma L, Xu H, Ma J, Hu D, Liu X, Wu J, Wang J, Li K (2024) A comprehensive survey of blockchain scalability: Shaping inner-chain and inter-chain perspectives. arXiv preprint arXiv:2409.02968

work page arXiv 2024
[7]

The Thirty Seventh Annual Conference on Learning Theory, 1125--1139 (PMLR)

Christ M, Gunn S, Zamir O (2024) Undetectable watermarks for language models. The Thirty Seventh Annual Conference on Learning Theory, 1125--1139 (PMLR)

work page 2024
[8]

https://c2pa.org/specifications/specifications/2.4/specs/C2PA_Specification.html, official technical specification for Content Credentials

Coalition for Content Provenance and Authenticity (2025) C2pa technical specification, version 2.4. https://c2pa.org/specifications/specifications/2.4/specs/C2PA_Specification.html, official technical specification for Content Credentials

work page 2025
[9]

https://rm.coe.int/guidelines-on-electronic-evidence-and-explanatory-memorandum/1680968ab5, adopted by the Committee of Ministers on January 30, 2019

Council of Europe (2019) Guidelines on electronic evidence in civil and administrative proceedings. https://rm.coe.int/guidelines-on-electronic-evidence-and-explanatory-memorandum/1680968ab5, adopted by the Committee of Ministers on January 30, 2019

work page arXiv 2019
[10]

https://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm, promulgated July 13, 2023

Cyberspace Administration of China and Other Agencies (2023) Interim measures for the management of generative artificial intelligence services. https://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm, promulgated July 13, 2023

work page 2023
[11]

https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm, promulgated March 14, 2025

Cyberspace Administration of China and Other Agencies (2025) Measures for the labeling of ai-generated synthetic content. https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm, promulgated March 14, 2025

work page 2025
[12]

(2024) Scalable watermarking for identifying large language model outputs

Dathathri S, See A, Ghaisas S, Huang PS, McAdam R, Welbl J, Bachani V, Kaskasoli A, Stanforth R, Matejovicova T, et al. (2024) Scalable watermarking for identifying large language model outputs. Nature 634(8035):818--823

work page 2024
[13]

Optimizing adaptive attacks against content watermarks for language models.arXiv preprint arXiv:2410.02440,

Diaa A, Aremu T, Lukas N (2024) Optimizing adaptive attacks against watermarks for language models. arXiv preprint arXiv:2410.02440

work page arXiv 2024
[14]

https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai, published July 10, 2025

European Commission (2025 a ) The general-purpose ai code of practice. https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai, published July 10, 2025

work page 2025
[15]

https://digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers, updated July 10, 2025

European Commission (2025 b ) General-purpose ai models in the ai act -- questions & answers. https://digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers, updated July 10, 2025

work page 2025
[16]

https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng, consolidated version available through EUR-Lex

European Union (2014) Regulation (eu) no 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eidas regulation). https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng, consolidated version available through EUR-Lex

work page 2014
[17]

https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng, official Journal of the European Union

European Union (2019) Directive (eu) 2019/790 of the european parliament and of the council of 17 april 2019 on copyright and related rights in the digital single market. https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng, official Journal of the European Union

work page 2019
[18]

https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng, official Journal of the European Union

European Union (2024) Regulation (eu) 2024/1689 of the european parliament and of the council of 13 june 2024 laying down harmonised rules on artificial intelligence (artificial intelligence act). https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng, official Journal of the European Union

work page 2024
[19]

IACR Communications in Cryptology 1(4)

Fairoze J, Garg S, Jha S, Mahloujifar S, Mahmoody M, Wang M (2025) Publicly-detectable watermarking for language models. IACR Communications in Cryptology 1(4)

work page 2025
[20]

Bulletin of IEEE Technical Committee on Digital Libraries (TCDL)

Gipp B, Meuschke N, Beel J, Breitinger C (2017) Using the blockchain of cryptocurrencies for timestamping digital cultural heritage. Bulletin of IEEE Technical Committee on Digital Libraries (TCDL)

work page 2017
[21]

Journal of Cryptology 3(2):99--111, ://link.springer.com/article/10.1007/BF00196791

Haber S, Stornetta WS (1991) How to time-stamp a digital document. Journal of Cryptology 3(2):99--111, ://link.springer.com/article/10.1007/BF00196791

work page doi:10.1007/bf00196791 1991
[22]

The Twelfth International Conference on Learning Representations

Hu Z, Chen L, Wu X, Wu Y, Zhang H, Huang H (2024) Unbiased watermark for large language models. The Twelfth International Conference on Learning Representations

work page 2024
[23]

Stealthink: A multi-bit and stealthy watermark for large language models, 2025

Jiang Y, Wu C, Boroujeny MK, Mark B, Zeng K (2025) Stealthink: A multi-bit and stealthy watermark for large language models. arXiv preprint arXiv:2506.05502

work page arXiv 2025
[24]

Watermark stealing in large language models

Jovanovi \'c N, Staab R, Vechev M (2024) Watermark stealing in large language models. arXiv preprint arXiv:2402.19361

work page arXiv 2024
[25]

International conference on machine learning, 17061--17084 (PMLR)

Kirchenbauer J, Geiping J, Wen Y, Katz J, Miers I, Goldstein T (2023) A watermark for large language models. International conference on machine learning, 17061--17084 (PMLR)

work page 2023
[26]

https://www.law.cornell.edu/rules/fre/rule_803, accessed April 2026

Legal Information Institute (2026 a ) Federal rule of evidence 803: Exceptions to the rule against hearsay. https://www.law.cornell.edu/rules/fre/rule_803, accessed April 2026

work page 2026
[27]

https://www.law.cornell.edu/rules/fre/rule_901, accessed April 2026

Legal Information Institute (2026 b ) Federal rule of evidence 901: Authenticating or identifying evidence. https://www.law.cornell.edu/rules/fre/rule_901, accessed April 2026

work page 2026
[28]

https://www.law.cornell.edu/rules/fre/rule_902, accessed April 2026

Legal Information Institute (2026 c ) Federal rule of evidence 902: Evidence that is self-authenticating. https://www.law.cornell.edu/rules/fre/rule_902, accessed April 2026

work page 2026
[29]

An unforgeable publicly verifiable watermark for large language models

Liu A, Pan L, Hu X, Li S, Wen L, King I, Yu PS (2023) An unforgeable publicly verifiable watermark for large language models. arXiv preprint arXiv:2307.16230

work page arXiv 2023
[30]

ACM Transactions on Storage 5(1):1--21, ://dl.acm.org/doi/10.1145/1502777.1502779

Ma D, Tsudik G (2009) A new approach to secure logging. ACM Transactions on Storage 5(1):1--21, ://dl.acm.org/doi/10.1145/1502777.1502779

work page doi:10.1145/1502777.1502779 2009
[31]

European Symposium on Research in Computer Security, 3--24 (Springer)

Meng L, Chen L (2022) A blockchain-based long-term time-stamping scheme. European Symposium on Research in Computer Security, 3--24 (Springer)

work page 2022
[32]

Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 18100--18110

Rastogi S, Pruthi D (2024) Revisiting the robustness of watermarking to paraphrasing attacks. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 18100--18110

work page 2024
[33]

Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

Ren J, Xu H, Liu Y, Cui Y, Wang S, Yin D, Tang J (2024 a ) A robust semantics-based watermark for large language model against paraphrasing. Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

work page 2024
[34]

Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

Ren J, Xu H, Liu Y, Cui Y, Wang S, Yin D, Tang J (2024 b ) A robust semantics-based watermark for large language model against paraphrasing. Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

work page 2024
[35]

Siddharth E (2025) Time-stamping in blockchain for legal evidence submission. Sci. J. Artif. Intell. Blockchain Technol 2:34--42

work page 2025
[36]

https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence/copyright-and-artificial-intelligence, consultation published December 17, 2024

UK Government (2024) Copyright and artificial intelligence. https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence/copyright-and-artificial-intelligence, consultation published December 17, 2024

work page 2024
[37]

UK Government (2026) Report on copyright and artificial intelligence. https://www.gov.uk/government/publications/report-and-impact-assessment-on-copyright-and-artificial-intelligence/report-on-copyright-and-artificial-intelligence, published March 18, 2026

work page 2026
[38]

https://www.legislation.gov.uk/ukpga/1988/48/section/3, accessed April 2026

United Kingdom (1988) Copyright, designs and patents act 1988, section 3. https://www.legislation.gov.uk/ukpga/1988/48/section/3, accessed April 2026

work page 1988
[39]

United States (1976 a ) 17 u.s.c. § 101. https://www.law.cornell.edu/uscode/text/17/101, definitions; accessed April 2026

work page 1976
[40]

United States (1976 b ) 17 u.s.c. § 102. https://www.law.cornell.edu/uscode/text/17/102, subject matter of copyright: In general; accessed April 2026

work page 1976
[41]

://www.uscourts.gov/sites/default/files/2025-02/federal-rules-of-evidence-dec-1-2024_0.pdf, effective Dec

United States Courts (2024) Federal rules of evidence. ://www.uscourts.gov/sites/default/files/2025-02/federal-rules-of-evidence-dec-1-2024_0.pdf, effective Dec. 1, 2024

work page 2024
[42]

https://www.copyright.gov/ai/, overview page for the Copyright and Artificial Intelligence report series

US Copyright Office (2025 a ) Copyright and artificial intelligence. https://www.copyright.gov/ai/, overview page for the Copyright and Artificial Intelligence report series

work page 2025
[43]

https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf, january 2025

US Copyright Office (2025 b ) Copyright and artificial intelligence, part 2: Copyrightability. https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf, january 2025

work page 2025
[44]

https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-3-Generative-AI-Training-Report-Pre-Publication-Version.pdf, may 2025

US Copyright Office (2025 c ) Copyright and artificial intelligence, part 3: Generative ai training (pre-publication version). https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-3-Generative-AI-Training-Report-Pre-Publication-Version.pdf, may 2025

work page 2025
[45]

The Twelfth International Conference on Learning Representations, ://openreview.net/forum?id=JYu5Flqm9D

Wang L, Yang W, Chen D, Zhou H, Lin Y, Meng F, Zhou J, Sun X (2024) Towards codable watermarking for injecting multi-bits information to LLM s. The Twelfth International Conference on Learning Representations, ://openreview.net/forum?id=JYu5Flqm9D

work page 2024
[46]

Wicker SB (1995) Error control systems for digital communication and storage, volume 1 (Prentice hall Englewood Cliffs)

work page 1995
[47]

https://www.wipo.int/wipolex/en/legislation/details/21065, english version of the amended Copyright Law

WIPO Lex (2020) Copyright law of the people's republic of china. https://www.wipo.int/wipolex/en/legislation/details/21065, english version of the amended Copyright Law

work page 2020
[48]

World Intellectual Property Organization (2021) Digital date-and-time-stamping: The evidentiary value and practical significance of wipo proof

work page 2021
[49]

International Conference on Machine Learning, 53443--53470 (PMLR)

Wu Y, Hu Z, Guo J, Zhang H, Huang H (2024) A resilient and accessible distribution-preserving watermark for large language models. International Conference on Machine Learning, 53443--53470 (PMLR)

work page 2024
[50]

Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), 4031--4055

Yoo K, Ahn W, Kwak N (2024) Advancing beyond identification: Multi-bit watermark for large language models. Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), 4031--4055

work page 2024
[51]

33rd USENIX Security Symposium (USENIX Security 24), 1813--1830

Zhang R, Hussain SS, Neekhara P, Koushanfar F (2024) \ REMARK-LLM \ : A robust and efficient watermarking framework for generative large language models. 33rd USENIX Security Symposium (USENIX Security 24), 1813--1830

work page 2024

[1] [1]

, " * write output.state after.block = add.period write newline

ENTRY address author booktitle chapter doi edition editor eid howpublished institution isbn issn journal key month note number organization pages publisher school series title type url volume year label extra.label sort.label short.list INTEGERS output.state before.all mid.sentence after.sentence after.block FUNCTION init.state.consts #0 'before.all := #1...

work page

[2] [2]

write newline

" write newline "" before.all 'output.state := FUNCTION n.dashify 't := "" t empty not t #1 #1 substring "-" = t #1 #2 substring "--" = not "--" * t #2 global.max substring 't := t #1 #1 substring "-" = "-" * t #2 global.max substring 't := while if t #1 #1 substring * t #2 global.max substring 't := if while FUNCTION word.in "" FUNCTION format.date year ...

work page

[3] [3]

RFC 3161, ://www.ietf.org/rfc/rfc3161.txt

Adams C, Cain P, Pinkas D, Zuccherato R (2001) Internet x.509 public key infrastructure time-stamp protocol (tsp). RFC 3161, ://www.ietf.org/rfc/rfc3161.txt

work page 2001

[4] [4]

Management Science

Bick A, Blandin A, Deming DJ (2026) The rapid adoption of generative ai. Management Science

work page 2026

[5] [5]

Mathematics 12(23):3860

Bulgakov AL, Aleshina AV, Smirnov SD, Demidov AD, Milyutin MA, Xin Y (2024) Scalability and security in blockchain networks: Evaluation of sharding algorithms and prospects for decentralized data storage. Mathematics 12(23):3860

work page 2024

[6] [6]

arXiv preprint arXiv:2409.02968

Chen B, Ma L, Xu H, Ma J, Hu D, Liu X, Wu J, Wang J, Li K (2024) A comprehensive survey of blockchain scalability: Shaping inner-chain and inter-chain perspectives. arXiv preprint arXiv:2409.02968

work page arXiv 2024

[7] [7]

The Thirty Seventh Annual Conference on Learning Theory, 1125--1139 (PMLR)

Christ M, Gunn S, Zamir O (2024) Undetectable watermarks for language models. The Thirty Seventh Annual Conference on Learning Theory, 1125--1139 (PMLR)

work page 2024

[8] [8]

https://c2pa.org/specifications/specifications/2.4/specs/C2PA_Specification.html, official technical specification for Content Credentials

Coalition for Content Provenance and Authenticity (2025) C2pa technical specification, version 2.4. https://c2pa.org/specifications/specifications/2.4/specs/C2PA_Specification.html, official technical specification for Content Credentials

work page 2025

[9] [9]

https://rm.coe.int/guidelines-on-electronic-evidence-and-explanatory-memorandum/1680968ab5, adopted by the Committee of Ministers on January 30, 2019

Council of Europe (2019) Guidelines on electronic evidence in civil and administrative proceedings. https://rm.coe.int/guidelines-on-electronic-evidence-and-explanatory-memorandum/1680968ab5, adopted by the Committee of Ministers on January 30, 2019

work page arXiv 2019

[10] [10]

https://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm, promulgated July 13, 2023

Cyberspace Administration of China and Other Agencies (2023) Interim measures for the management of generative artificial intelligence services. https://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm, promulgated July 13, 2023

work page 2023

[11] [11]

https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm, promulgated March 14, 2025

Cyberspace Administration of China and Other Agencies (2025) Measures for the labeling of ai-generated synthetic content. https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm, promulgated March 14, 2025

work page 2025

[12] [12]

(2024) Scalable watermarking for identifying large language model outputs

Dathathri S, See A, Ghaisas S, Huang PS, McAdam R, Welbl J, Bachani V, Kaskasoli A, Stanforth R, Matejovicova T, et al. (2024) Scalable watermarking for identifying large language model outputs. Nature 634(8035):818--823

work page 2024

[13] [13]

Optimizing adaptive attacks against content watermarks for language models.arXiv preprint arXiv:2410.02440,

Diaa A, Aremu T, Lukas N (2024) Optimizing adaptive attacks against watermarks for language models. arXiv preprint arXiv:2410.02440

work page arXiv 2024

[14] [14]

https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai, published July 10, 2025

European Commission (2025 a ) The general-purpose ai code of practice. https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai, published July 10, 2025

work page 2025

[15] [15]

https://digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers, updated July 10, 2025

European Commission (2025 b ) General-purpose ai models in the ai act -- questions & answers. https://digital-strategy.ec.europa.eu/en/faqs/general-purpose-ai-models-ai-act-questions-answers, updated July 10, 2025

work page 2025

[16] [16]

https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng, consolidated version available through EUR-Lex

European Union (2014) Regulation (eu) no 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eidas regulation). https://eur-lex.europa.eu/eli/reg/2014/910/oj/eng, consolidated version available through EUR-Lex

work page 2014

[17] [17]

https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng, official Journal of the European Union

European Union (2019) Directive (eu) 2019/790 of the european parliament and of the council of 17 april 2019 on copyright and related rights in the digital single market. https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng, official Journal of the European Union

work page 2019

[18] [18]

https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng, official Journal of the European Union

European Union (2024) Regulation (eu) 2024/1689 of the european parliament and of the council of 13 june 2024 laying down harmonised rules on artificial intelligence (artificial intelligence act). https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng, official Journal of the European Union

work page 2024

[19] [19]

IACR Communications in Cryptology 1(4)

Fairoze J, Garg S, Jha S, Mahloujifar S, Mahmoody M, Wang M (2025) Publicly-detectable watermarking for language models. IACR Communications in Cryptology 1(4)

work page 2025

[20] [20]

Bulletin of IEEE Technical Committee on Digital Libraries (TCDL)

Gipp B, Meuschke N, Beel J, Breitinger C (2017) Using the blockchain of cryptocurrencies for timestamping digital cultural heritage. Bulletin of IEEE Technical Committee on Digital Libraries (TCDL)

work page 2017

[21] [21]

Journal of Cryptology 3(2):99--111, ://link.springer.com/article/10.1007/BF00196791

Haber S, Stornetta WS (1991) How to time-stamp a digital document. Journal of Cryptology 3(2):99--111, ://link.springer.com/article/10.1007/BF00196791

work page doi:10.1007/bf00196791 1991

[22] [22]

The Twelfth International Conference on Learning Representations

Hu Z, Chen L, Wu X, Wu Y, Zhang H, Huang H (2024) Unbiased watermark for large language models. The Twelfth International Conference on Learning Representations

work page 2024

[23] [23]

Stealthink: A multi-bit and stealthy watermark for large language models, 2025

Jiang Y, Wu C, Boroujeny MK, Mark B, Zeng K (2025) Stealthink: A multi-bit and stealthy watermark for large language models. arXiv preprint arXiv:2506.05502

work page arXiv 2025

[24] [24]

Watermark stealing in large language models

Jovanovi \'c N, Staab R, Vechev M (2024) Watermark stealing in large language models. arXiv preprint arXiv:2402.19361

work page arXiv 2024

[25] [25]

International conference on machine learning, 17061--17084 (PMLR)

Kirchenbauer J, Geiping J, Wen Y, Katz J, Miers I, Goldstein T (2023) A watermark for large language models. International conference on machine learning, 17061--17084 (PMLR)

work page 2023

[26] [26]

https://www.law.cornell.edu/rules/fre/rule_803, accessed April 2026

Legal Information Institute (2026 a ) Federal rule of evidence 803: Exceptions to the rule against hearsay. https://www.law.cornell.edu/rules/fre/rule_803, accessed April 2026

work page 2026

[27] [27]

https://www.law.cornell.edu/rules/fre/rule_901, accessed April 2026

Legal Information Institute (2026 b ) Federal rule of evidence 901: Authenticating or identifying evidence. https://www.law.cornell.edu/rules/fre/rule_901, accessed April 2026

work page 2026

[28] [28]

https://www.law.cornell.edu/rules/fre/rule_902, accessed April 2026

Legal Information Institute (2026 c ) Federal rule of evidence 902: Evidence that is self-authenticating. https://www.law.cornell.edu/rules/fre/rule_902, accessed April 2026

work page 2026

[29] [29]

An unforgeable publicly verifiable watermark for large language models

Liu A, Pan L, Hu X, Li S, Wen L, King I, Yu PS (2023) An unforgeable publicly verifiable watermark for large language models. arXiv preprint arXiv:2307.16230

work page arXiv 2023

[30] [30]

ACM Transactions on Storage 5(1):1--21, ://dl.acm.org/doi/10.1145/1502777.1502779

Ma D, Tsudik G (2009) A new approach to secure logging. ACM Transactions on Storage 5(1):1--21, ://dl.acm.org/doi/10.1145/1502777.1502779

work page doi:10.1145/1502777.1502779 2009

[31] [31]

European Symposium on Research in Computer Security, 3--24 (Springer)

Meng L, Chen L (2022) A blockchain-based long-term time-stamping scheme. European Symposium on Research in Computer Security, 3--24 (Springer)

work page 2022

[32] [32]

Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 18100--18110

Rastogi S, Pruthi D (2024) Revisiting the robustness of watermarking to paraphrasing attacks. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 18100--18110

work page 2024

[33] [33]

Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

Ren J, Xu H, Liu Y, Cui Y, Wang S, Yin D, Tang J (2024 a ) A robust semantics-based watermark for large language model against paraphrasing. Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

work page 2024

[34] [34]

Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

Ren J, Xu H, Liu Y, Cui Y, Wang S, Yin D, Tang J (2024 b ) A robust semantics-based watermark for large language model against paraphrasing. Findings of the Association for Computational Linguistics: NAACL 2024, 613--625

work page 2024

[35] [35]

Siddharth E (2025) Time-stamping in blockchain for legal evidence submission. Sci. J. Artif. Intell. Blockchain Technol 2:34--42

work page 2025

[36] [36]

https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence/copyright-and-artificial-intelligence, consultation published December 17, 2024

UK Government (2024) Copyright and artificial intelligence. https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence/copyright-and-artificial-intelligence, consultation published December 17, 2024

work page 2024

[37] [37]

UK Government (2026) Report on copyright and artificial intelligence. https://www.gov.uk/government/publications/report-and-impact-assessment-on-copyright-and-artificial-intelligence/report-on-copyright-and-artificial-intelligence, published March 18, 2026

work page 2026

[38] [38]

https://www.legislation.gov.uk/ukpga/1988/48/section/3, accessed April 2026

United Kingdom (1988) Copyright, designs and patents act 1988, section 3. https://www.legislation.gov.uk/ukpga/1988/48/section/3, accessed April 2026

work page 1988

[39] [39]

United States (1976 a ) 17 u.s.c. § 101. https://www.law.cornell.edu/uscode/text/17/101, definitions; accessed April 2026

work page 1976

[40] [40]

United States (1976 b ) 17 u.s.c. § 102. https://www.law.cornell.edu/uscode/text/17/102, subject matter of copyright: In general; accessed April 2026

work page 1976

[41] [41]

://www.uscourts.gov/sites/default/files/2025-02/federal-rules-of-evidence-dec-1-2024_0.pdf, effective Dec

United States Courts (2024) Federal rules of evidence. ://www.uscourts.gov/sites/default/files/2025-02/federal-rules-of-evidence-dec-1-2024_0.pdf, effective Dec. 1, 2024

work page 2024

[42] [42]

https://www.copyright.gov/ai/, overview page for the Copyright and Artificial Intelligence report series

US Copyright Office (2025 a ) Copyright and artificial intelligence. https://www.copyright.gov/ai/, overview page for the Copyright and Artificial Intelligence report series

work page 2025

[43] [43]

https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf, january 2025

US Copyright Office (2025 b ) Copyright and artificial intelligence, part 2: Copyrightability. https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf, january 2025

work page 2025

[44] [44]

https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-3-Generative-AI-Training-Report-Pre-Publication-Version.pdf, may 2025

US Copyright Office (2025 c ) Copyright and artificial intelligence, part 3: Generative ai training (pre-publication version). https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-3-Generative-AI-Training-Report-Pre-Publication-Version.pdf, may 2025

work page 2025

[45] [45]

The Twelfth International Conference on Learning Representations, ://openreview.net/forum?id=JYu5Flqm9D

Wang L, Yang W, Chen D, Zhou H, Lin Y, Meng F, Zhou J, Sun X (2024) Towards codable watermarking for injecting multi-bits information to LLM s. The Twelfth International Conference on Learning Representations, ://openreview.net/forum?id=JYu5Flqm9D

work page 2024

[46] [46]

Wicker SB (1995) Error control systems for digital communication and storage, volume 1 (Prentice hall Englewood Cliffs)

work page 1995

[47] [47]

https://www.wipo.int/wipolex/en/legislation/details/21065, english version of the amended Copyright Law

WIPO Lex (2020) Copyright law of the people's republic of china. https://www.wipo.int/wipolex/en/legislation/details/21065, english version of the amended Copyright Law

work page 2020

[48] [48]

World Intellectual Property Organization (2021) Digital date-and-time-stamping: The evidentiary value and practical significance of wipo proof

work page 2021

[49] [49]

International Conference on Machine Learning, 53443--53470 (PMLR)

Wu Y, Hu Z, Guo J, Zhang H, Huang H (2024) A resilient and accessible distribution-preserving watermark for large language models. International Conference on Machine Learning, 53443--53470 (PMLR)

work page 2024

[50] [50]

Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), 4031--4055

Yoo K, Ahn W, Kwak N (2024) Advancing beyond identification: Multi-bit watermark for large language models. Proceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), 4031--4055

work page 2024

[51] [51]

33rd USENIX Security Symposium (USENIX Security 24), 1813--1830

Zhang R, Hussain SS, Neekhara P, Koushanfar F (2024) \ REMARK-LLM \ : A robust and efficient watermarking framework for generative large language models. 33rd USENIX Security Symposium (USENIX Security 24), 1813--1830

work page 2024