Authenticated Contradictions from Desynchronized Provenance and Watermarking

Cryptographic provenance standards such as C2PA and invisible watermarking are positioned as complementary defenses for content authentication, yet the two verification layers are technically independent: neither conditions on the output of the other. This work formalizes and empirically demonstrates the $\textit{Integrity Clash}$, a condition in which a digital asset carries a cryptographically valid C2PA manifest asserting human authorship while its pixels simultaneously carry a watermark identifying it as AI-generated, with both signals passing their respective verification checks in isolation. We construct metadata washing workflows that produce these authenticated fakes through standard editing pipelines, requiring no cryptographic compromise, only the semantic omission of a single assertion field permitted by the current C2PA specification. To close this gap, we propose a cross-layer audit protocol that jointly evaluates provenance metadata and watermark detection status, achieving 100% classification accuracy across 3,500 test images spanning four conflict-matrix states and three realistic perturbation conditions. Our results demonstrate that the gap between these verification layers is unnecessary and technically straightforward to close.

Key Contributions

• Formalizes the 'Integrity Clash' — a four-state conflict matrix identifying the 'Authenticated Fake' quadrant where a valid C2PA human-authorship manifest and an AI pixel watermark coexist on the same asset
• Constructs metadata washing workflows using standard editing pipelines that produce authenticated fakes with no cryptographic compromise, exploiting a semantic omission permitted by the current C2PA specification
• Proposes and evaluates a cross-layer audit protocol jointly checking C2PA provenance and watermark signals, achieving 100% classification accuracy across 3,500 test images under three realistic perturbation conditions

🛡️ Threat Analysis

Details

Similar Papers