This work addresses the vulnerability of existing latent-space diffusion model watermarking methods to forgery attacks, wherein adversaries can falsely claim provenance by reverse-engineering and regenerating images. To counter this, the authors propose CSGuard—the first anti-forgery watermarking scheme—which innovatively integrates a compressive sensing mechanism to bind both image generation and verification to a secret matrix. Only authorized users possessing this secret can correctly embed or verify watermarks. The proposed method achieves a dramatic reduction in forgery attack success rate from 100.0% to 28.12%, while preserving high image generation quality and maintaining a 100% detection rate for legitimately watermarked images.

Latent-based diffusion model watermarking embeds watermarks into generated images' latent space to enable content attribution, offering a training-free solution for intellectual property protection and digital forensics. However, these methods exhibit a critical vulnerability to the forgery attack, attackers can extract the watermark by inverting the watermarked image and re-generating it with an arbitrary prompt, thereby enabling false attribution on malicious content. In this paper, we propose the CSGuard, the first forgery-resistant watermarking schema that leverages compressed sensing to bind the watermarked image generation and verification to a secret matrix. This ensures that only users possessing the secret matrix can correctly embed or verify the image watermark, prevents the illegal users from forgery without compromising generation quality and watermark integrity. Experimental results demonstrate that CSGuard achieves strong forgery resistance, reduces the attack success rate from 100.0\% to 28.12\%, and achieve 100\% detection rate on benign watermarked images without compromising watermarking effectiveness.