This work establishes the fundamental information-theoretic limits of robustness for cryptographic watermarks in generative models. **Problem:** What is the maximum fraction of symbol corruptions (e.g., bit flips or symbol substitutions) under which watermark detection remains reliable? We derive the exact threshold: 50% bit flips for binary alphabets, and $(1-1/q)$ symbol replacements for $q$-ary alphabets—beyond which secure detection is provably impossible. **Method:** We introduce *messageless secret-key codes*, an abstract framework integrating pseudorandom functions with public counters to enable linear-time encoding and belief-propagation decoding. **Contribution/Results:** (i) The first rigorous information-theoretic bound on watermark robustness; (ii) An explicit, computationally efficient watermarking scheme achieving this bound; (iii) Empirical validation showing that state-of-the-art image watermarking methods under cropping and scaling already approach this theoretical limit, confirming its practical relevance.

We prove a sharp threshold for the robustness of cryptographic watermarking for generative models. This is achieved by introducing a coding abstraction, which we call messageless secret-key codes, that formalizes sufficient and necessary requirements of robust watermarking: soundness, tamper detection, and pseudorandomness. Thus, we establish that robustness has a precise limit: For binary outputs no scheme can survive if more than half of the encoded bits are modified, and for an alphabet of size q the corresponding threshold is $(1-1/q)$ of the symbols. Complementing this impossibility, we give explicit constructions that meet the bound up to a constant slack. For every $δ > 0$, assuming pseudorandom functions and access to a public counter, we build linear-time codes that tolerate up to $(1/2)(1-δ)$ errors in the binary case and $(1-1/q)(1-δ)$ errors in the $q$-ary case. Together with the lower bound, these yield the maximum robustness achievable under standard cryptographic assumptions. We then test experimentally whether this limit appears in practice by looking at the recent watermarking for images of Gunn, Zhao, and Song (ICLR 2025). We show that a simple crop and resize operation reliably flipped about half of the latent signs and consistently prevented belief-propagation decoding from recovering the codeword, erasing the watermark while leaving the image visually intact. These results provide a complete characterization of robust watermarking, identifying the threshold at which robustness fails, constructions that achieve it, and an experimental confirmation that the threshold is already reached in practice.