It’s a strange time to be online, these days. With the emergence of Deepfake software and image filters it has become pretty difficult to distinguish between genuine video and audio material, and stuff that has been created by a computer program. The accessibility of Artificial Intelligence in various shapes and forms has also given us ways to create all kinds of artifacts — artworks, movies, texts, music — on a whim without much human effort, creativity, or work invested in the first place. And here exactly lies the problem with Deepfakes. AI and synthetically generated content is very hard to distinguish from genuine artifacts created by celebrities, artists, authors, etc. The list of examples is seemingly endless, and the torrent of problems that come with it, too.
Solving for Fake
A solution to this problem must provide the means to distinguish a Deepfake artifact from a genuine one, regardless of what kind of artifact we are talking about. This will only work if the genuine artifacts carry some unique signature-property that identifies their creator, something that even AI is unable to produce no matter how much CPU power is allocated to the task.
In theory, a digital signature would solve that problem for all kinds of digital artifacts. Digital signatures are a state-of-the-art tool in the cryptography toolkit. The creator tells the world which public key they are using and then creates a signature for each individual artifact. Crucially, the signature is a function of the artifact, so each signature is unique; you cannot just copy & paste it onto a different artifact like you might copy & paste the image of a handwritten signature onto a document. However, the creator’s signature is only a part of the solution. There are still two remaining problems; first, how can you communicate signatures? And second, how can you anchor it in time?
Distributing Signature and anchoring and them in time
Distributing signatures might sound like a minor problem that could be solved by just adding one to the digital artifact. But it’s not that simple. If you export the artifact into a different format, like sending a Word file as a PDF, or even just copy & paste content then the signature (and even the evidence that there WAS a signature) would be gone.
Anchoring an artifact in time is a key part of proving its authenticity. For obvious reasons, knowing when the artifact was created allows you to handle all kinds of different problems. An interview with a person that was created after the person’s death, or when a document refers to another one that was created at a later date, is more than just dubious it’s clearly fake.
Establishing a clear timeline is also important in addition to time-stamping the artifact itself. Think about what happens with compromised private keys. If a key is compromised you can simply replace it with a new one. From the moment you learn about the security breach, all further documents signed with the old compromised key would be invalid, while the previously signed ones still retain their validity. This means that whoever stole the key, or has access to the compromised key, can no longer use it. Without properly time-stamped artifacts this would be next to impossible and a nightmare if all records had to be signed and validated again.
Blockchain Technology is the perfect solution, not just for the task of creating secure digital signatures for artifacts but also for solving the twin problems of distributing the signatures and anchoring them in time.
Leveraging the one-way nature of blockchain
Unlike a normal database, a blockchain is built as a chronicle, a one-way ladder of chronological information. Everything that goes onto it is like a historic fact. As a result, data does not, cannot, change — it only grows incrementally as time passes. New data is appended in well defined chunks, known as blocks. These blocks have an immutable content and timestamp, and it is basically impossible to break the integrity of this chain. Every entry is part of such a block and, consequently, has a timestamp, too. This solves the problem of anchoring an artifact in time.
At the same time blockchain is built in such a way that writing to it requires the author to disclose their identity. Not their real identity, though, just the public key (or a derived format thereof). To prove that the entry has really been made by the owner of that public key, a digital signature made with the matching private key is mandatory. That means that everything on a blockchain has a provable origin.
Finally, the power of blockchain technology is maximized if each and everyone on the planet can access the data and read for themselves whatever they want to read. This solves the issue of distributing data. People often say that while blockchain technology is perfectly secure, it cannot hold massive amounts of data. Lucky for us, it is not necessary to store the actual digital artifact, such as a video or a music file, directly on the chain. Instead one can simply store the unique “fingerprint” of that content on-chain and still benefit from all the security benefits.
This fingerprint (the technical term is “filehash”) is a short string of characters, usually 32. Creating such a filehash is state-of-the-art technology. The additional beauty of using a filehash instead of putting all the data on-chain is that the data is not automatically shared with the world. The author is still in control of the data itself and can decide with whom they want to share it.
And that’s how blockchain technology becomes the perfect tool to prove the authenticity of (digital) artifacts!
Putting it all together
So, how does it work in practice? You start with digital data; either the artifact in question is already digital (such as the text of a publication, a picture or video, etc.) or you create a digital representation of a physical artifact by scanning a physical document or photo.
Next, you generate a filehash of that physical data and record it on a blockchain using your private key. When you distribute the artifact, you point to the record on blockchain. If the receiver of the artifact wants to verifiy whether they got the right version (unmodified), they can just reproduce the filehash from the data they received and compare with the entry on blockchain. If it matches, it’s the right one, the authentic version.
If the receiver wants to check whether the artifact was created by the right author (you), or by someone else, they can just verify the author of the entry on blockchain. If it was in fact you, the author listed on the blockchain will be identical to your public key (for the sake of simplicity we leave out the details about blockchain addresses and public keys). If they want to know when the record was created, they can just check the timestamp on blockchain. All this can of course be automated and applied to hundreds of thousands of records if need be.
If you want to see how this all works in practice and try it out for yourself, you can download NOTRZR from the Apple or Google Play app stores. You can also use the Notardec API to automate the processes we’ve talked about here. Questions? Let’s talk!
At CoreLedger, we believe that blockchain is a practical technical solution to improve and solve a wide variety of issues across industries and sectors, which is why we try to cut through the hype and focus on real-world applications, not just what’s technically possible.
CoreLedger’s mission is to help businesses of all sizes quickly and affordably access the benefits of blockchain technology. From issuing a simple token to enterprise-grade token economy solutions, we have all the tools and components you need to quickly and affordably integrate blockchain into your business whether you’re a new startup or a big multinational enterprise.
Interested in our results-focused, real-world approach? Visit our website for more information, or get in touch with us directly to discuss your project.