To address the need for verifiable watermarking of text generated by large language models (LLMs), this work tackles the challenge of designing a provably secure, jointly optimized watermark embedding and detection framework. Method: We first derive the fundamental lower bound on the Type-II detection error, rigorously characterizing the inherent trade-off between detectability and textual distortion. We then propose a distribution-adaptive watermarking mechanism that abandons the conventional fixed-bias assumption; it leverages proxy-model-based modeling and Gumbel-max reparameterization for efficient end-to-end optimization. Results: Experiments on Llama2-13B and Mistral-8×7B demonstrate that our method significantly outperforms baselines: under strict control of Type-I false alarm rate, it reduces text quality degradation by 37% while maintaining strong robustness against editing and paraphrasing attacks. This constitutes the first provably secure joint watermarking framework for LLM-generated text.

Watermarking has emerged as a crucial method to distinguish AI-generated text from human-created text. In this paper, we present a novel theoretical framework for watermarking Large Language Models (LLMs) that jointly optimizes both the watermarking scheme and the detection process. Our approach focuses on maximizing detection performance while maintaining control over the worst-case Type-I error and text distortion. We characterize emph{the universally minimum Type-II error}, showing a fundamental trade-off between watermark detectability and text distortion. Importantly, we identify that the optimal watermarking schemes are adaptive to the LLM generative distribution. Building on our theoretical insights, we propose an efficient, model-agnostic, distribution-adaptive watermarking algorithm, utilizing a surrogate model alongside the Gumbel-max trick. Experiments conducted on Llama2-13B and Mistral-8$ imes$7B models confirm the effectiveness of our approach. Additionally, we examine incorporating robustness into our framework, paving a way to future watermarking systems that withstand adversarial attacks more effectively.