This work addresses the intellectual property (IP) protection challenge for code generated by large language models (LLMs). We propose RoSe, the first robust, secure watermarking framework co-designed at the intersection of machine learning and cryptography. To overcome key bottlenecks—including low entropy in code rendering watermarks fragile, signature exposure during verification, and usability degradation from re-encoding—RoSe introduces end-to-end jointly trained high-fidelity embedding/extraction, syntax-aware perturbation modeling, and multi-objective optimization. Crucially, it pioneers zero-knowledge proof-based signature-hiding watermark verification, eliminating the need to reveal secret keys. Evaluated across multiple benchmarks, RoSe achieves >98% detection accuracy, preserves 100% functional equivalence, exhibits strong robustness against pruning, formatting, and variable renaming attacks, and incurs verification latency under 200 ms.

This paper introduces RoSe, the first-of-its-kind ML/Crypto codesign watermarking framework that regulates LLM-generated code to avoid intellectual property rights violations and inappropriate misuse in software development. High-quality watermarks adhering to the detectability-fidelity-robustness tri-objective are limited due to codes' low-entropy nature. Watermark verification, however, often needs to reveal the signature and requires re-encoding new ones for code reuse, which potentially compromising the system's usability. To overcome these challenges, RoSe obtains high-quality watermarks by training the watermark insertion and extraction modules end-to-end to ensure (i) unaltered watermarked code functionality and (ii) enhanced detectability and robustness leveraging pre-trained CodeT5 as the insertion backbone to enlarge the code syntactic and variable rename transformation search space. In the deployment, RoSe uses zero-knowledge proofs for secure verification without revealing the underlying signatures. Extensive evaluations demonstrated RoSe achieves high detection accuracy while preserving the code functionality. RoSe is also robust against attacks and provides efficient secure watermark verification.