JPEGs Just Got Snipped: Croppable Signatures Against Deepfake Images

View on arXiv ← Back to list

Authors: Pericle Perazzo, Massimiliano Mattei, Giuseppe Anastasi, Marco Avvenuti, Gianluca Dini, Giuseppe Lettieri, Carlo Vallati

Published: 2025-12-01 16:30:53+00:00

Journal Ref: 2025 International Joint Conference on Neural Networks (IJCNN)

AI Summary

This paper proposes a method leveraging BLS (Boneh, Lynn, and Shacham) signatures to implement digital signatures for images that remain valid after cropping but are invalidated by other manipulations, including deepfake creation. The approach ensures an O(1) signature size for cropped images, making it practical for web dissemination without requiring the cropper to know the private key. The scheme is adapted for the JPEG standard, maintaining backward compatibility, and its efficiency in terms of signed image size is experimentally verified.

Abstract

Deepfakes are a type of synthetic media created using artificial intelligence, specifically deep learning algorithms. This technology can for example superimpose faces and voices onto videos, creating hyper-realistic but artificial representations. Deepfakes pose significant risks regarding misinformation and fake news, because they can spread false information by depicting public figures saying or doing things they never did, undermining public trust. In this paper, we propose a method that leverages BLS signatures (Boneh, Lynn, and Shacham 2004) to implement signatures that remain valid after image cropping, but are invalidated in all the other types of manipulation, including deepfake creation. Our approach does not require who crops the image to know the signature private key or to be trusted in general, and it is O(1) in terms of signature size, making it a practical solution for scenarios where images are disseminated through web servers and cropping is the primary transformation. Finally, we adapted the signature scheme for the JPEG standard, and we experimentally tested the size of a signed image.

Key findings
The proposed method significantly reduces the size of signed full and cropped images compared to a similar construction by Johnson et al., particularly for finer block granularities. While the size advantage diminishes with coarser block granularities or higher original image resolutions, the O(1) cropped signature size makes it a highly practical solution for scenarios involving frequent image cropping on web servers. The scheme also maintains backward compatibility when integrated with the JPEG standard.
Approach
The proposed method utilizes BLS signatures, applying a 'trivial construction' for redactable signatures but with aggregate BLS, to sign image blocks individually. When an image is cropped, the cropper aggregates the BLS signatures of the remaining blocks to produce an O(1) sized cropped signature. This signature, along with an ECDSA signature authenticating the ephemeral BLS public key, allows verifiers to confirm image authenticity even after cropping, without needing the signer's private key.
Datasets
Real JPEG images (unspecified resolutions and file sizes, e.g., 1024x768 250 KB, 1920x1080 1 MB, 1920x1080 5 MB) were used for experimental evaluation.
Model(s)
UNKNOWN
Author countries
Italy
← Previous
Next →