Recent advancements in AI-generated content (AIGC) have introduced new challenges in intellectual property protection and the authentication of generated objects. We focus on scenarios in which an author seeks to assert authorship of an object generated using latent diffusion models (LDMs), in the presence of adversaries who attempt to falsely claim authorship of objects they did not create. While proof-of-ownership has been studied in the context of multimedia content through techniques such as time-stamping and watermarking, these approaches face notable limitations. In contrast to traditional content creation sources (e.g., cameras), the LDM generation process offers greater control to the author. Specifically, the random seed used during generation can be deliberately chosen. By binding the seed to the author's identity using cryptographic pseudorandom functions, the author can assert to be the creator of the object. We refer to this stronger guarantee as proof-of-authorship, since only the creator of the object can legitimately claim the object. This contrasts with proof-of-ownership via time-stamping or watermarking, where any entity could potentially claim ownership of an object by being the first to timestamp or embed the watermark. We propose a proof-of-authorship framework involving a probabilistic adjudicator who quantifies the probability that a claim is false. Furthermore, unlike prior approaches, the proposed framework does not involve any secret. We explore various attack scenarios and analyze design choices using Stable Diffusion 2.1 (SD2.1) as representative case studies.

翻译：人工智能生成内容（AIGC）的最新进展为知识产权保护与生成对象认证带来了新的挑战。本文聚焦于以下场景：作者试图主张对使用潜在扩散模型（LDMs）生成对象的所有权，而攻击者则试图对其未创建的对象虚假主张作者身份。尽管通过时间戳与水印等技术已在多媒体内容领域研究了所有权证明方案，但这些方法存在显著局限。与传统内容创建来源（如相机）相比，LDM生成过程为作者提供了更强的控制能力。具体而言，生成过程中使用的随机种子可被作者主动选择。通过使用密码学伪随机函数将种子与作者身份绑定，作者可主张自身为该对象的创建者。我们将这种更强的保证机制称为作者身份证明，因为只有对象的创建者才能合法主张对该对象的所有权。这区别于基于时间戳或水印的所有权证明方案——在后两种方案中，任何实体都可能通过率先添加时间戳或嵌入水印来主张对象所有权。我们提出了一种作者身份证明框架，该框架引入概率仲裁器来量化声明为假的概率。此外，与现有方案不同，所提框架不涉及任何秘密信息。我们以Stable Diffusion 2.1（SD2.1）为代表性案例，探究了多种攻击场景并分析了设计选择。