出生标记标准：基于硬件信任根与联盟区块链的隐私保护照片认证 (The Birthmark Standard: Privacy-Preserving Photo Authentication via Hardware Roots of Trust and Consortium Blockchain)

from arxiv, 32 pages, 2 figures. Technical specification and security analysis for metadata-independent photo authentication. Prototype implementation with Raspberry Pi 4 hardware

The rapid advancement of generative AI systems has collapsed the credibility landscape for photographic evidence. Modern image generation models produce photorealistic images undermining the evidentiary foundation upon which journalism and public discourse depend. Existing authentication approaches, such as the Coalition for Content Provenance and Authenticity (C2PA), embed cryptographically signed metadata directly into image files but suffer from two critical failures: technical vulnerability to metadata stripping during social media reprocessing, and structural dependency on corporate-controlled verification infrastructure where commercial incentives may conflict with public interest. We present the Birthmark Standard, an authentication architecture leveraging manufacturing-unique sensor entropy from non-uniformity correction (NUC) maps and PRNU patterns to generate hardware-rooted authentication keys. During capture, cameras create anonymized authentication certificates proving sensor authenticity without exposing device identity via a key table architecture maintaining anonymity sets exceeding 1,000 devices. Authentication records are stored on a consortium blockchain operated by journalism organizations rather than commercial platforms, enabling verification that survives all metadata loss. We formally verify privacy properties using ProVerif, proving observational equivalence for Manufacturer Non-Correlation and Blockchain Observer Non-Identification under Dolev-Yao adversary assumptions. The architecture is validated through prototype implementation using Raspberry Pi 4 hardware, demonstrating the complete cryptographic pipeline. Performance analysis projects camera overhead below 100ms and verification latency below 500ms at scale of one million daily authentications.

翻译：生成式人工智能系统的快速发展已彻底颠覆了摄影证据的可信度格局。现代图像生成模型所产生的高度逼真图像，正在破坏新闻业与公共讨论所依赖的证据基础。现有认证方案（如内容来源与真实性联盟标准C2PA）虽将加密签名的元数据直接嵌入图像文件，却存在两大关键缺陷：技术上易因社交媒体二次处理导致元数据剥离而失效，结构上依赖企业控制的验证基础设施——其商业利益可能与公共利益相冲突。本文提出“出生标记标准”，该认证架构利用来自非均匀性校正图与光响应非均匀性模式的制造唯一性传感器熵，生成硬件根植的认证密钥。拍摄过程中，相机会创建匿名化认证证书，通过可维持超过1000台设备匿名集的密钥表架构，在证明传感器真实性的同时不暴露设备身份。认证记录存储于由新闻机构（而非商业平台）运营的联盟区块链上，确保即使元数据完全丢失仍可进行验证。我们使用ProVerif形式化验证隐私属性，在Dolev-Yao敌手假设下证明了“制造商不可关联性”与“区块链观察者不可识别性”的观测等价性。该架构通过基于Raspberry Pi 4硬件的原型实现得到验证，完整演示了密码学流程。性能分析表明，在每日百万级认证规模下，相机端开销低于100毫秒，验证延迟低于500毫秒。