zk-IMG … Fighting Disinformation

We live in a digital world where very little can actually be trusted. Our internet has grown up without any real integration of digital…
An example of a Deep Fake [2]

zk-IMG … Fighting Disinformation

We live in a digital world where very little can actually be trusted. Our internet has grown up without any real integration of digital signatures and verification that things are actually the truth. It is a core reason that spear phishing is still the most likely attack vector — as very few of our emails can actually be verified that the sender is actually the person it is meant to be.

One of the most worrying trends is the use of deep fakes, where images and videos are modified to change the subject in the video. This could be used in a time of war, and where soldiers could be sent videos of their leader telling them to lay down their arms.

A new paper [1] presents a method of using zk-Snarks to prove the certainty of the image and any edits without actually revealing the original image. Existing zero-knowledge proof methods require that the original image or intermediate images be revealed, and which could leak information. It also expands existing research to support HD images and removes the need for trusted third parties.

The paper provides an example of a simple deep fake image [2]:

Figure 1: An example of a Deep Fake [2]

A core part of the trust infrastructure is the usage of camera attestation, and where a private key is stored in the camera and is then used to digitally sign images. A public key can then verify the camera that the image was taken from. In many cases, an original image will then be modified to remove any sensitive information. This might relate to blurring out a vehicle number plate or redacting a person in the image. We thus have a set of trusted core images and one or more transformed images. The original image can then be kept private.

So how can it be possible to preserve the privacy of an original image, but verify that another image is a modified version? For this, zk-img takes a hash of the original and transformed images and uses zk-Snark to prove that this has been computed correctly. If the original image has a hash of H_1 and the modified image has a hash of H_2, then we only release H_2.

We thus have the original hash and the signature from the attested camera, and so that is the core proof of the original image (H_1), but it can produce a zk-Snark related to the edited version and its hash (H_2). The creator of the image can then prove both the original image (from the signature from the camera) and the modified image (with a zk-Snark). If required, H_2 and the zk-Snark can then be published to a blockchain or a trusted time-stamping system in order to prove when the image has been created. Overall, the research team has implemented zk-Snarks through the Halo 2 library [3].

In Figure 2, Bob has a camera with a private key and takes a photograph. The camera then signs the photograph with this private key in order to prove the source of the image. There is then a public key that will verify the signature and thus trace that it was his camera that took the photograph. He then takes out part of the photograph to produce a new, transformed image. This will produce a new hash value (H_2), and can then publish the transformed version. He also creates a zk-Snark for the transformation of the original to the transformed version and stores this on a blockchain. The original image is never revealed, but if required, Bob can prove the transformation between the original image and the transformed image.

Figure 2: Creation of zk-img

In terms of results from the paper, the key generation and proving parts can be costly in computation, but, as we can see from Table 1, the verification is fairly fast and ranges from 5.84ms to 10.1 ms. The proof size is also fairly small and ranges from 7,040 bytes to 14,592 bytes.

Table 1: Results on proof creation and verification [1]

Conclusions

Increasingly news outlets are using attested cameras, as these can show the original source of an image. This involves signing the images with a digital signature and using the private key stored on the camera. Any modifications to the image would not match the signature. Often, too, there needs to be modifications to the captured image, such as removing sensitive information. This is where the zk-Snark proof comes in and makes sure that we can trace the modified images back to the source image without revealing the original image and hash value.

If you are interested in how ZKPs (Zero Knowledge Proofs) work, try here:

https://asecuritysite.com/zero

Reference

[1] Kang, D., Hashimoto, T., Stoica, I., & Sun, Y. (2022). ZK-IMG: Attested Images via Zero-Knowledge Proofs to Fight Disinformation. arXiv preprint arXiv:2211.04775.

[2] Strickland, E. (2019). Facebook AI Launches Its Deepfake Detection Challenge — IEEE Spectrum. IEEE Spectrum: Technology, Engineering, and Science News. https://spectrum. ieee. org/tech-talk/artificial-intelligence/machinelearning/facebook-ai-launches-its-deepfake-detection-challenge.

[3] zcash. halo2, 2022. URL: https://zcash.github.i o/halo2/.