The rapid growth of digital and AI-generated images has amplified the need for secure and verifiable methods of image attribution. While digital watermarking offers more robust protection than metadata-based approaches--which can be easily stripped--current watermarking techniques remain vulnerable to forgery, creating risks of misattribution that can damage the reputations of AI model developers and the rights of digital artists. The vulnerabilities of digital watermarking arise from two key issues: (1) content-agnostic watermarks, which, once learned or leaked, can be transferred across images to fake attribution, and (2) reliance on detector-based verification, which is unreliable since detectors can be tricked. We present MetaSeal, a novel framework for content-dependent watermarking with cryptographic security guarantees to safeguard image attribution. Our design provides (1) \textbf{forgery resistance}, preventing unauthorized replication and enforcing cryptographic verification; (2) \textbf{robust self-contained protection}, embedding attribution directly into images while maintaining robustness against benign transformations; and (3) \textbf{evidence of tampering}, making malicious alterations visually detectable. Experiments demonstrate that MetaSeal effectively mitigates forgery attempts and applies to both natural and AI-generated images, establishing a new standard for secure image attribution. Code is available at: https://github.com/Tongzhou0101/MetaSeal.

翻译：数字图像和AI生成图像的快速增长，增强了对安全且可验证的图像归属方法的需求。尽管数字水印比基于元数据的方法（易被剥离）提供了更鲁棒的保护，但当前的水印技术仍易受伪造攻击，导致错误归属的风险，可能损害AI模型开发者的声誉和数字艺术家的权益。数字水印的脆弱性源于两个关键问题：(1) 内容无关的水印一旦被学习或泄露，可在图像间转移以伪造归属；(2) 依赖基于检测器的验证不可靠，因为检测器可能被欺骗。我们提出了MetaSeal，一种具有密码学安全保障的内容依赖水印新框架，以保护图像归属。我们的设计提供：(1) **防伪造性**，防止未经授权的复制并强制执行密码学验证；(2) **鲁棒的自包含保护**，将归属信息直接嵌入图像，同时保持对良性变换的鲁棒性；(3) **篡改证据**，使恶意修改在视觉上可检测。实验表明，MetaSeal能有效缓解伪造尝试，并适用于自然图像和AI生成图像，为安全图像归属设立了新标准。代码发布于：https://github.com/Tongzhou0101/MetaSeal。