Dual-Locking Learned AI Models: A PIN-Based Sparse QIM Watermarking and Adaptive Index Permutation Approach

Researchers developed a dual-locking security method for protecting trained neural networks by combining two techniques: a PIN (personal identification number)-based watermark embedded in the network's bias coefficients, and a cryptographic key that scrambles the network's internal index vectors. When locked without the correct key, the network becomes nearly non-functional (dropping accuracy below 10%), but unlocking with the right key fully restores its performance while keeping the ownership watermark hidden inside the model.