Fundamental Tradeoffs for Information Hiding in Generated Media (DETERMINE)
The authenticity of digital images, audio, video, and text is critical to a society that makes important decisions based on them. With the advent of generative AI, including generative adversarial networks, diffusion models, and large language models in general, there is a real risk that malicious actors can lend credibility to misinformation by creating synthetic content that is indistinguishable from real content.
Much hope has been placed on information hiding as a means to mitigate this risk. However, existing proposals for watermarking generative models are scattered across communities, using different models, terminology, notation, security assumptions, and evaluation benchmarks. The objective of the DETERMINE project is to improve the foundations for the safe and secure use of generative AI by means of information hiding.
The DETERMINE project will systematize the literature and harmonize terminology and definitions of security properties. It will understand the capabilities and limitations of proposed approaches. Where tradeoffs exist between fundamental goals, it will characterize them and identify new sweet spots by means of theoretical analysis and experimentation with deep neural networks. It will adapt conventional hiding techniques to generated media in novel ways. The project’s approach is two-sided in the sense that we transfer principles from conventional information hiding to the new setting, while at the same time trying to extract novel insights from analyzing what learning-based approaches learn.
Powerful generative AI has been available for less than five years. Many aspects of conventional watermarking have not been explored or validated in the context of generative media. Recent approaches to learning watermark embedding and detection functions inductively are not rigorously understood, and are often not designed with an adversarial setting in mind. However, with proper analysis, they could offer new insights into watermarking or media security in general. The results of DETERMINE could enable scientific breakthroughs that could help resolve copyright disputes, deter plagiarism, prevent criminals from communicating covertly, and help individuals maintain control over their personal information that generative AI may have memorized during training.
Collaboration with the Czech Technical University in Prague
Tomáš Pevný of the Czech Technical University in Prague (CZ) and Rainer Böhme of the University of Innsbruck (AT) and their teams will work together on the research questions. Both applicants have a track record in information hiding and media security. Böhme has further specialized in knowledge systematization, while Pevný has more visible publications in machine learning security.