VocBulwark: Towards Practical Generative Speech Watermarking via Additional-Parameter Injection

Generated speech achieves human-level naturalness but escalates security risks of misuse. However, existing watermarking methods fail to reconcile fidelity with robustness, as they rely either on simple superposition in the noise space or on intrusive alterations to model weights. To bridge this gap, we propose VocBulwark, an additional-parameter injection framework that freezes generative model parameters to preserve perceptual quality. Specifically, we design a Temporal Adapter to deeply entangle watermarks with acoustic attributes, synergizing with a Coarse-to-Fine Gated Extractor to resist advanced attacks. Furthermore, we develop an Accuracy-Guided Optimization Curriculum that dynamically orchestrates gradient flow to resolve the optimization conflict between fidelity and robustness. Comprehensive experiments demonstrate that VocBulwark achieves high-capacity and high-fidelity watermarking, offering robust defense against complex practical scenarios, with resilience to Codec regenerations and variable-length manipulations.

Key Contributions

Additional-parameter injection framework (VocBulwark) that freezes vocoder weights and adds a Temporal Adapter to deeply entangle watermarks with acoustic attributes without degrading generation quality
Coarse-to-Fine Gated Extractor that synergizes multi-scale feature extraction to resist advanced attacks including codec regeneration and variable-length manipulation
Accuracy-Guided Optimization Curriculum that dynamically manages gradient flow to resolve the fidelity-robustness optimization conflict

🛡️ Threat Analysis

Output Integrity Attack

Embeds watermarks in AI-generated speech outputs (via vocoder adapters) to authenticate generative source and track content provenance — the watermark lives in the output audio, not in model weights. Defends against codec regeneration and temporal manipulation attacks that attempt to remove the watermark.