Existing watermarking methods are vulnerable to regeneration-based AIGC attacks because they embed watermarks into high-frequency textures that are easily perturbed by generative models. This work introduces the information bottleneck principle into watermark design for the first time, proposing the concept of a “minimally sufficient watermark representation.” By leveraging the variational information bottleneck (VIB), the encoder is restructured as an information filter that learns the minimally sufficient statistics of the message, discarding redundant content while preserving essential signals invariant to the generative process. Theoretical analysis demonstrates that such a representation is a necessary condition for robustness against distribution shift attacks. Experiments under unseen diffusion-based editing attacks confirm that the proposed method achieves significantly superior zero-shot robustness and generalization compared to existing approaches.

Robust watermarking is critical for intellectual property protection, whereas existing methods face a severe vulnerability against regeneration-based AIGC attacks. We identify that existing methods fail because they entangle the watermark with high-frequency cover texture, which is susceptible to being rewritten during generative purification. To address this, we propose WaterVIB, a theoretically grounded framework that reformulates the encoder as an information sieve via the Variational Information Bottleneck. Instead of overfitting to fragile cover details, our approach forces the model to learn a Minimal Sufficient Statistic of the message. This effectively filters out redundant cover nuances prone to generative shifts, retaining only the essential signal invariant to regeneration. We theoretically prove that optimizing this bottleneck is a necessary condition for robustness against distribution-shifting attacks. Extensive experiments demonstrate that WaterVIB significantly outperforms state-of-the-art methods, achieving superior zero-shot resilience against unknown diffusion-based editing.