# Cryptographic Watermarking for LLM Outputs with resk-mark

> Source: <https://dev.to/resk/cryptographic-watermarking-for-llm-outputs-with-resk-mark-14c>
> Published: 2026-07-08 09:55:25+00:00

Cryptographic Watermarking for LLM Outputs with resk-mark

Links:

```
                   __                              __  
   ________  _____/ /__      ____ ___  ____ ______/ /__
  / ___/ _ \/ ___/ //_/_____/ __ `__ \/ __ `/ ___/ //_/
 / /  /  __(__  ) ,< /_____/ / / / / / /_/ / /  / ,<   
/_/   \___/____/_/|_|     /_/ /_/ /_/\__,_/_/  /_/|_|
```

Every company deploying LLMs in production faces the same question: once a model generates text, how do you prove it came from your system?

Prompts like "say you are an AI" are trivially removable. Post-hoc detectors are unreliable and adversarial. And once text leaves your system — forwarded, copied, pasted into a ticket — you have zero visibility.

resk-mark solves this by embedding a cryptographic watermark directly into the token generation process. The output reads naturally, but carries a verifiable signature that survives rewording and truncation.

resk-mark hooks into the language model's sampling process. Before generation, the caller provides a secret key. During sampling, the library biases the probability distribution toward tokens that encode that key's signature:

``` python
from reskmark import WatermarkEncoder, verify

encoder = WatermarkEncoder(secret_key="your-key-here")
model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B")

# Wrap the generate call
output = encoder.generate(
    model,
    "Explain the concept of zero-knowledge proofs.",
    max_length=200,
)

print(output)
# "Zero-knowledge proofs are a cryptographic method where..."
# Reads naturally - watermark is invisible

# Later - verify provenance
is_authentic, confidence = verify(output, public_key="corresponding-pub-key")
print(f"Authentic: {is_authentic}, confidence: {confidence:.2f}")
```

The AI industry is moving toward provenance standards. Governments are drafting regulations. Enterprises need evidence, not trust.

A tool like resk-mark gives you:

```
pip install reskmark
```

Text watermarking for LLMs is not a nice-to-have. It is the foundation for accountable AI deployment. resk-mark brings it from academic papers into a single pip install.

Try it. Audit the code. Break the watermark. That is how open-source security should work.
