Robust Watermarking for Federated Diffusion Models with Unlearning-Enhanced Redundancy

This paper presents a novel and robust watermarking framework for diffusion models in federated learning (FL) environments, designed to safeguard intellectual property through unlearning-enhanced redundancy. Unlike prior methods that apply watermarks after model training, our approach embeds structured, imperceptible watermarks directly into model parameters during the federated optimization process. We introduce a dual-purpose loss function that jointly drives generative training and watermark embedding, maintaining model quality while enabling reliable traceability. To enhance watermark robustness, we propose an unlearning-guided reallocation strategy that leverages machine unlearning dynamics to adaptively reposition the watermark in stable parameter subspaces. This embedding process is mathematically modeled via a stochastic differential equation, capturing the uncertainties inherent to FL. Additionally, we parameterize the watermark path over a complex manifold using series expansions to control its spatial and spectral characteristics. Spectral analysis is then applied to further improve resilience against model pruning, quantization, and fine-tuning attacks. Extensive experiments on MNIST, CIFAR-10, and CIFAR-100 under both IID and non-IID data splits demonstrate superior average watermark accuracy (AWA) and watermark efficiency (WE) across varied client settings. For instance, with five non-IID clients on MNIST, our method achieves 98.5% AWA and 78.5% WE, outperforming existing techniques. These results underscore the effectiveness of unlearning-enhanced watermark redundancy as a scalable and secure solution for ownership protection in distributed diffusion models.