pith. sign in
Pith Number

pith:FUVEVEQA

pith:2026:FUVEVEQAKTIMOFK6MXLC224MKD
not attested not anchored not stored refs resolved

Watermarking Should Be Treated as a Monitoring Primitive

Jie Zhang, Nils Lukas, Toluwani Aremu

Even zero-bit watermarking enables entity attribution when observers aggregate signals across multiple outputs under multi-key conditions.

arxiv:2605.13095 v2 · 2026-05-13 · cs.CR · cs.AI · cs.CY · cs.LG

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{FUVEVEQAKTIMOFK6MXLC224MKD}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Even zero-bit watermarking enables attribution under multi-key settings through observer aggregation of watermark signals across outputs.

C2weakest assumption

That observers have sustained access to the detector and can collect sufficiently many outputs from the same entity to make statistical aggregation reliable.

C3one line summary

Watermarking enables entity-level attribution and monitoring through signal aggregation even in zero-bit designs, creating an unavoidable dual-use tension between attribution and surveillance.

References

24 extracted · 24 resolved · 5 Pith anchors

[1] GPT-4 Technical Report · arXiv:2303.08774
[2] K. Arabi, B. Feuer, R. T. Witter, C. Hegde, and N. Cohen. Hidden in the noise: Two-stage robust watermarking for images.arXiv preprint arXiv:2412.04653,
[3] Mitigating Watermark Forgery in Generative Models via Randomized Key Selection · arXiv:2507.07871
[4] T. Aremu, D. Ognev, S. Poppi, and N. Lukas. Robust safety monitoring of language models via activation watermarking.arXiv preprint arXiv:2603.23171,
[5] URL https://www.reuters.com/technology/ openai-google-others-pledge-watermark-ai-content-safety-white-house-2023-07-21/. S. Bubeck, V . Chadrasekaran, R. Eldan, J. Gehrke, E. Horvitz, E. Kamar, P. Lee 2023
Receipt and verification
First computed 2026-05-18T03:08:58.373004Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

2d2a4a920054d0c7155e65d62d6b8c50cee2de3c4d77e2dc2ff89b6471245f45

Aliases

arxiv: 2605.13095 · arxiv_version: 2605.13095v2 · doi: 10.48550/arxiv.2605.13095 · pith_short_12: FUVEVEQAKTIM · pith_short_16: FUVEVEQAKTIMOFK6 · pith_short_8: FUVEVEQA
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/FUVEVEQAKTIMOFK6MXLC224MKD \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 2d2a4a920054d0c7155e65d62d6b8c50cee2de3c4d77e2dc2ff89b6471245f45
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "739aa660909a3a8ee06e12bdd7a473f44f3f867172bbb86cdb5dc868b75d26af",
    "cross_cats_sorted": [
      "cs.AI",
      "cs.CY",
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-13T07:10:04Z",
    "title_canon_sha256": "41e09fb5155de275a827fd259286f6970709625760a62bf94ae518a13ac61279"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.13095",
    "kind": "arxiv",
    "version": 2
  }
}