Numbers Loading Icon

The Role of Blockchain in Securing Content Without C2PA Labels

Posted in:

Tech

In this article, we will explore how blockchain technology can complement and address the shortcomings of the Coalition for Content Provenance and Authenticity (C2PA). We'll also examine the contributions of Blockchain to content verification and the importance of interoperability between blockchain and traditional standards like C2PA.

Understanding C2PA: How It Establishes Content Authenticity

The main goal of C2PA is to create a standardised way to verify content authenticity. It does this by allowing creators to add metadata to digital content, like a digital label. This metadata includes information about the source, creator, and any modifications, serving as a "label" that users and platforms can use to verify the content's provenance.

The process works as follows:

  • Metadata Embedding: Content creators and platforms can embed metadata into their digital content using C2PA's framework.
  • Content Labelling: The embedded metadata creates a "label" that users can view to understand the content's provenance. 
  • Verification and Validation: C2PA's framework includes mechanisms for verifying and validating the embedded metadata.

C2PA offers several key features and advantages that make it a valuable tool for content provenance, and it is soon becoming the standard embraced by AI (OpenAI, etc.) and Web2 giants (Google, Meta, TikTok, LinkedIn, etc). Services like Truepic Signing or Capture powered by Numbers Protocol further simplify the technical aspects and make C2PA accessible on many platforms. More details of C2PA can be found in this article or the C2PA official website

Why C2PA Alone is Not Enough

C2PA represents a major step forward in establishing content provenance and authenticity. By creating a standardised off-chain framework for embedding metadata into digital content, C2PA aims to provide a reliable and cost-efficient way to track content origin and detect manipulation. However, as with any system, C2PA has its limitations. This section explores the vulnerabilities and risks associated with C2PA's metadata-based approach, the issues of centralization and potential single points of failure.

C2PA works by embedding metadata into digital content to establish its provenance. While this approach has benefits, it also comes with inherent risks and vulnerabilities that can compromise content authenticity. Here are some key challenges:

  • Metadata Removal: The metadata embedded by C2PA can be easily removed simply by converting the file format or other common file activities. This vulnerability poses a significant risk, as it allows for tampering with the content's provenance information. If an individual or group manages to alter or strip away the metadata, it becomes difficult to verify the content's authenticity, undermining C2PA's purpose. If one imports OpenAI-generated content into Adobe Firefly, edits it, and outputs it, there is a very high chance that C2PA metadata will be removed due to the file format conversion. This highlights the urgent need for robust measures to protect and preserve metadata integrity.
  • Inconsistent Adoption: Although C2PA is designed as an open standard, its adoption across platforms and industries has not been uniform. This inconsistency can lead to gaps in content provenance, with some content lacking the necessary metadata for verification. For example, the current implementation in Stable Diffusion can be broken by C2PA tools if creators attempt to edit the image and add a second layer of C2PA. This further complicates the situation, as it discourages the integration of comprehensive provenance data across different creative workflows. More explanation of the tests for Adobe Firefly and Stable Diffusion can be found below.
  • Limited Immutability: C2PA's metadata is not inherently immutable. Since it can be removed, there's no guarantee that the provenance information will remain intact throughout the content's lifecycle. This limitation makes it challenging to ensure the authenticity of content over time.

Another limitation of C2PA is its reliance on centralised control, which can create single points of failure. Centralization can introduce risks and reduce the overall security of the content provenance framework.

Why AI Demands Stronger Content Verification Beyond C2PA

Recent analyses have highlighted several critical concerns with the Content Authenticity Initiative (C2PA), especially when dealing with AI-generated content. One of the main concerns is the reliance on timestamps. Timestamps are crucial for verifying the sequence and authenticity of content, yet discrepancies can undermine trust in the metadata. For instance, according to the research from The Hacker Factor Blog, Microsoft's AI-generated images exhibited timestamp inconsistencies, raising doubts about the veracity of the associated metadata. These discrepancies can occur due to various reasons, including differences in time zones, clock settings, or deliberate tampering by malicious actors.

Moreover, there have been instances where metadata and timestamps do not align correctly. The BBC's use of C2PA to verify a video with inconsistent timestamps is a notable example. In this case, the video metadata suggested a different creation time than the actual content, leading to questions about the integrity of the provenance information. Such inconsistencies can weaken the overall reliability of the C2PA framework, especially when used to verify time-sensitive or critical content.

Another significant concern with C2PA is its labelling and watermarking system. While these features are designed to provide clear indicators of content authenticity, they can be easily bypassed or removed. Critics of Meta's AI-generated media plan have pointed out how easily C2PA labels and AI watermarks can be stripped from content, rendering the verification efforts ineffective. This vulnerability is particularly concerning in the context of AI-generated content, where sophisticated algorithms can manipulate or remove these labels without leaving detectable traces.

Testing C2PA’s Limits: 2 Cases Where Provenance Fails Across Platforms

We conducted our own test to examine the cross-platform capability of C2PA and confirmed the limitations mentioned above.

Test 1: Metadata Preservation During Editing

We follow the steps to conduct the test and see if metadata can be preserved cross platforms during editing.

  1. Create an image using OpenAI
  2. Use C2PA verify site to check and confirm the metadata signed by OpenAI can be shown
  3. Upload the image to Adobe Firefly software and make small edits
  4. Output the image and use the C2PA verify site to check the metadata again.

Ideally, the C2PA verify site should show a provenance chain which includes one signed metadata by OpenAI and one signed metadata by Firefly. However, due to the limitation of both services, the input file is in Webp format while the output is in PNG format. The content provenance chain is unfortunately missing during the process, and only the last edit remains.

Demonstration of the result of Test 1

C2PA verification after image is created by OpenAI

C2PA verification after image is edited by Adobe Firefly. OpenAI provenance was removed.

Test 2: Inconsistent C2PA Adoption Limits Cross-Platform Provenance

We follow the steps to conduct the test and see if metadata can be preserved cross platforms when applying the second C2PA labelling.

  1. Create an image using Stable Diffusion
  2. Use C2PA verify site to check and confirm the metadata signed by Stable Diffusion can be shown
  3. Use official c2patool to add a second layer of injection
  4. Output the image and use the C2PA verify site to check the metadata again.

Ideally, C2PA verify site should show a provenance chain which include one signed metadata by Stable Diffusion and another layer generated by c2patool. However, upon applying the second layer of C2PA labelling, images originally created on Stable Diffusion rejected the second labelling. This indicates that if users want to edit their generated content from Stable Diffusion, they won’t be able to preserve the original provenance signature from the Stable Diffusion. 

Demonstration of the result of Test 2

Images originally created on Stable Diffusion rejected the second labelling.

How Blockchain Enhances C2PA

Blockchain technology has emerged as a powerful tool to complement and enhance C2PA's capabilities. Here's how blockchain can address some of the key limitations of C2PA:

  • Immutability: Blockchain's inherent immutability ensures that once content provenance information is recorded on the blockchain, it cannot be altered without leaving a trace. This assurance adds a layer of security that is missing from C2PA's metadata-based approach.
  • Interoperability: Blockchain's decentralised nature fosters interoperability, standards such as ERC-7053 further allows different systems and platforms to work together seamlessly. Instead of relying on a central authority to manage content provenance, blockchain ensures that various nodes and networks can communicate and collaborate effectively. This interoperability provides a more reliable and cohesive framework for content provenance.
  • Enhanced Transparency: Blockchain's transparent nature allows anyone to inspect the content's provenance record, promoting greater transparency and accountability. This transparency is a significant advantage over traditional content labelling methods, which may lack visibility into the content's origin and history. By providing a clear view of the content's journey, blockchain helps users make informed decisions about the content they interact with, helping to combat misinformation and deepfakes.

Complementing C2PA with Blockchain

Blockchain and C2PA can work together to create a robust content provenance system. While C2PA provides a standardised framework for labelling content, blockchain adds immutability and decentralisation to ensure the security of that information. For example, a media organisation could use C2PA to label AI-generated content with metadata and then record that metadata on a blockchain. This combination creates a robust system for content provenance, allowing users to verify the content's authenticity in real-time and providing a permanent record that cannot be tampered with or altered.

Below is a real case reported by a user of Capture

This user used Capture Cam to take a photo, and then edit it using Adobe Firefly. Although the metadata is removed due to format conversion in Adobe Firefly, the AI behind the Numbers Verify Engine can still locate the original asset. Additionally, since Capture Cam registers the content on the blockchain automatically, the blockchain record remains immutable, showcasing the original creator and further protecting their rights. This dual layer of protection, combining AI asset identification with blockchain immutability, ensures that the creator's rights are safeguarded even when metadata is stripped.

After editing in the Adobe Firefly, the original provenance was missing.

AI of Verify Engine locate the original asset even the original C2PA provenance was missing

Immutable blockchain provenance shows the provenance such as creator, creation time, etc.

This case strongly demonstrates how blockchain can enhance the reliability and security of content provenance systems. If you look at the photos carefully, you may also find that the original photo includes a woman wearing a hat in the bottom-left corner, while the modified image removed this person completely. This case also shows the importance of having immutable records and the brand values of Numbers Protocol to combat misinformation on the internet.

Conclusion

Blockchain technology represents the next evolution in content provenance. By contributing to immutability, interoperability, and enhanced transparency, blockchain offers a powerful framework for ensuring content integrity. The combination of standards like C2PA with blockchain's immutability creates a robust system for content provenance, addressing the challenges of an AI-driven world. By having C2PA and blockchain work together, we can truly ensure the provenance of digital content, providing an unbreakable chain of custody from creation to consumption.

Let's work together to shape the future of content provenance and ensure the integrity of digital media.

You're signed up! Watch you inbox for updates.
Oops! Something went wrong while submitting the form.