EGAN: Encrypting GAN Models Based on Self-Adversarial

The increasing prevalence of deep learning models in industry has highlighted the critical need to protect the intellectual property (IP) of these models, especially generative adversarial networks (GANs) capable of synthesizing realistic data. Traditional IP protection methods, such as watermarking model parameters (white-box) or verifying outputs (black-box), are insufficient against non-public misappropriation. To address these limitations, we introduce EGAN (Encrypted GANs), which secures GAN models by embedding a novel self-adversarial mechanism. This mechanism is trained to actively maximize the feature divergence between authorized and unauthorized inputs, thereby intentionally corrupting the outputs from non-key inputs and preventing unauthorized operation. Our methodology utilizes key-based transformations applied to GAN inputs and incorporates a generator loss regularization term to enforce model protection without compromising performance. This technique is compatible with existing watermark-based verification methods. Extensive experimental evaluations reveal that EGAN maintains the generative capabilities of original GAN architectures, including DCGAN, SRGAN, and CycleGAN, while exhibiting robust resistance to common attack strategies such as fine-tuning. Compared with prior work, EGAN provides comprehensive IP protection by ensuring unauthorized users cannot achieve desired outcomes, thus safeguarding both the models and their generated data.