Ambiguity Attack Against Text-to-image Diffusion Model Watermarking

In recent years, the text-to-image diffusion models have achieved excellent performance. Among them, stable diffusion models (SDMs) have become one of the most widely used models because of their excellent performance. Scholars have proposed many model watermarking techniques to protect the copyright of the text-toimage diffusion models. In order to measure the security and potential risks of the existing text-to-image diffusion model watermarking techniques, an ambiguity attack against the text-to-image diffusion model watermarking is proposed for the first time in this paper. Specifically, we take the SDMs as an example, take advantage of the reversibility of the model watermarking and combine the ideas of adversarial examples and discrete prompt optimization to re-embed a forged watermark in the watermarked SDMs, thus confounding the watermark containing copyright information. A large number of experiments show that our ambiguity attack is effective and can make the original watermark lose its uniqueness without changing the watermarked text-toimage diffusion models.