JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images
Pericle Perazzo, Massimiliano Mattei, Giuseppe Anastasi, Marco Avvenuti, Gianluca Dini, Giuseppe Lettieri, Carlo Vallati
TL;DR
This paper tackles authenticating digital images against deepfakes when cropping is a common transformation. It introduces a redactable signature scheme based on aggregable BLS signatures that remains valid after cropping but resists other manipulations, with constant-size cropped signatures suitable for web distribution. The approach is integrated into the JPEG format via JPEG comments and demonstrated to yield smaller full and cropped signatures than prior methods, especially at finer block granularities. The work offers a practical, bandwidth-efficient solution for verifying image provenance and integrity in real-world scenarios, such as news publishing and browser-based verification.
Abstract
Deepfakes are a type of synthetic media created using artificial intelligence, specifically deep learning algorithms. This technology can for example superimpose faces and voices onto videos, creating hyper-realistic but artificial representations. Deepfakes pose significant risks regarding misinformation and fake news, because they can spread false information by depicting public figures saying or doing things they never did, undermining public trust. In this paper, we propose a method that leverages BLS signatures (Boneh, Lynn, and Shacham 2004) to implement signatures that remain valid after image cropping, but are invalidated in all the other types of manipulation, including deepfake creation. Our approach does not require who crops the image to know the signature private key or to be trusted in general, and it is O(1) in terms of signature size, making it a practical solution for scenarios where images are disseminated through web servers and cropping is the primary transformation. Finally, we adapted the signature scheme for the JPEG standard, and we experimentally tested the size of a signed image.