Self Voice Conversion as an Attack against Neural Audio Watermarking

Audio watermarking embeds auxiliary information into speech while maintaining speaker identity, linguistic content, and perceptual quality. Although recent advances in neural and digital signal processing-based watermarking methods have improved imperceptibility and embedding capacity, robustness is still primarily assessed against conventional distortions such as compression, additive noise, and resampling. However, the rise of deep learning-based attacks introduces novel and significant threats to watermark security. In this work, we investigate self voice conversion as a universal, content-preserving attack against audio watermarking systems. Self voice conversion remaps a speaker's voice to the same identity while altering acoustic characteristics through a voice conversion model. We demonstrate that this attack severely degrades the reliability of state-of-the-art watermarking approaches and highlight its implications for the security of modern audio watermarking techniques.

Key Contributions

• Introduces self voice conversion (self VC) as a novel, universal, content-preserving attack against audio watermarking systems
• Demonstrates that self VC severely degrades watermark detectability across state-of-the-art neural watermarking approaches (AudioSeal, TimbreWatermarking, WMCodec, WavMark, etc.)
• Exposes a systematic overestimation of watermark robustness in current evaluations, which overlook deep learning-based adversarial transformations

🛡️ Threat Analysis

Details

Similar Papers