Related papers: Authenticated Contradictions from Desynchronized Provenance and Watermarking

Authenticated Contradictions from Desynchronized Provenance and Watermarking

URL: http://arxiv.org/abs/2603.02378v1
Date: Mon, 02 Mar 2026 20:42:12 GMT
Title: Authenticated Contradictions from Desynchronized Provenance and Watermarking
Authors: Alexander Nemecek, Hengzhi He, Guang Cheng, Erman Ayday,
Abstract summary: This work formalizes and empirically demonstrates the $textitIntegrity Clash$, a condition in which a digital asset carries a cryptographically valid C2PA manifest asserting human authorship.<n>We propose a cross-layer audit protocol that jointly evaluates provenance metadata and watermark detection status, achieving 100% classification accuracy across 3,500 test images.
Score: 48.47756819432157
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Cryptographic provenance standards such as C2PA and invisible watermarking are positioned as complementary defenses for content authentication, yet the two verification layers are technically independent: neither conditions on the output of the other. This work formalizes and empirically demonstrates the $\textit{Integrity Clash}$, a condition in which a digital asset carries a cryptographically valid C2PA manifest asserting human authorship while its pixels simultaneously carry a watermark identifying it as AI-generated, with both signals passing their respective verification checks in isolation. We construct metadata washing workflows that produce these authenticated fakes through standard editing pipelines, requiring no cryptographic compromise, only the semantic omission of a single assertion field permitted by the current C2PA specification. To close this gap, we propose a cross-layer audit protocol that jointly evaluates provenance metadata and watermark detection status, achieving 100% classification accuracy across 3,500 test images spanning four conflict-matrix states and three realistic perturbation conditions. Our results demonstrate that the gap between these verification layers is unnecessary and technically straightforward to close.

Related papers

DWBench: Holistic Evaluation of Watermark for Dataset Copyright Auditing [43.881484429055654]
dataset watermark technique holds promise for auditing and verifying usage.<n>We develop DWBench, a unified benchmark and open-source toolkit for systematically evaluating image dataset watermark techniques.<n>We present the results of two new metrics: sample significance for fine-grained watermark distinguishability and verification success rate for dataset-level auditing.
arXiv Detail & Related papers (2026-02-14T01:09:19Z)
MerkleSpeech: Public-Key Verifiable, Chunk-Localised Speech Provenance via Perceptual Fingerprints and Merkle Commitments [0.0]
We propose MerkleSpeech, a system for public-key verifiable, chunk-localised speech provenance.<n>The system computes perceptual fingerprints over short speech chunks, commits them in a Merkle tree whose root is signed with an issuer key.<n>We present experiments targeting very low false positive rates under resampling, bandpass filtering, and additive noise.
arXiv Detail & Related papers (2026-02-10T11:58:19Z)
StableGuard: Towards Unified Copyright Protection and Tamper Localization in Latent Diffusion Models [55.05404953041403]
We propose a novel framework that seamlessly integrates a binary watermark into the diffusion generation process.<n>We show that StableGuard consistently outperforms state-of-the-art methods in image fidelity, watermark verification, and tampering localization.
arXiv Detail & Related papers (2025-09-22T16:35:19Z)
Learning Generalizable and Efficient Image Watermarking via Hierarchical Two-Stage Optimization [90.13049455759358]
We propose a two-stage optimization that enable a watermarking model to simultaneously achieve three criteria.<n>HiWL effectively learns generalizable latent-space watermark representations while maintaining broad applicability.<n>It achieves 7.6% higher accuracy in watermark extraction than existing methods, while maintaining extremely low latency (100K images processed in 8s)
arXiv Detail & Related papers (2025-08-12T06:21:27Z)
CertDW: Towards Certified Dataset Ownership Verification via Conformal Prediction [48.82467166657901]
We propose the first certified dataset watermark (i.e., CertDW) and CertDW-based certified dataset ownership verification method.<n>Inspired by conformal prediction, we introduce two statistical measures, including principal probability (PP) and watermark robustness (WR)<n>We prove there exists a provable lower bound between PP and WR, enabling ownership verification when a suspicious model's WR value significantly exceeds the PP values of benign models trained on watermark-free datasets.
arXiv Detail & Related papers (2025-06-16T07:17:23Z)
Towards Dataset Copyright Evasion Attack against Personalized Text-to-Image Diffusion Models [52.877452505561706]
We propose the first copyright evasion attack specifically designed to undermine dataset ownership verification (DOV)<n>Our CEAT2I comprises three stages: watermarked sample detection, trigger identification, and efficient watermark mitigation.<n>Our experiments show that our CEAT2I effectively evades DOV mechanisms while preserving model performance.
arXiv Detail & Related papers (2025-05-05T17:51:55Z)
Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning [58.57194301645823]
Large language models (LLMs) are increasingly integrated into real-world personalized applications.<n>The valuable and often proprietary nature of the knowledge bases used in RAG introduces the risk of unauthorized usage by adversaries.<n>Existing methods that can be generalized as watermarking techniques to protect these knowledge bases typically involve poisoning or backdoor attacks.<n>We propose name for harmless' copyright protection of knowledge bases.
arXiv Detail & Related papers (2025-02-10T09:15:56Z)
Robust Identity Perceptual Watermark Against Deepfake Face Swapping [9.402982368385569]
Deepfake face swapping has caused critical privacy issues with the rapid development of deep generative models.<n>We propose a robust identity perceptual watermarking framework that concurrently performs detection and source tracing against Deepfake face swapping.
arXiv Detail & Related papers (2023-11-02T16:04:32Z)
Image content dependent semi-fragile watermarking with localized tamper detection [0.571097144710995]
The proposed method is robust against JPEG compression and is competitive with a state-of-the-art semi-fragile watermarking method. It is noted that our experiments demonstrate that the proposed method is robust against JPEG compression and is competitive with a state-of-the-art semi-fragile watermarking method.
arXiv Detail & Related papers (2021-06-27T05:40:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.