Content deleted Content added
→Development: Added more recent work in perceptual hashing |
→Characteristics: wikilink Adobe Stock (stock photos library) |
||
| (5 intermediate revisions by 5 users not shown) | |||
Line 1:
{{Short description|Class of fingerprinting algorithm}}
'''Perceptual hashing''' is the use of a [[fingerprint (computing)|fingerprinting algorithm]] that produces a snippet, [[hash function|hash]], or [[Fingerprint (computing)|fingerprint]] of various forms of [[multimedia]].<ref name=buldas13>{{cite book|last1=Buldas|first1=Ahto|last2=Kroonmaa|first2=Andres|last3=Laanoja|first3=Risto|editor-last=Riis|editor-first=Nielson H.|editor-last2=Gollmann|editor-first2=D.|title=Secure IT Systems. NordSec 2013|chapter=Keyless Signatures’ Infrastructure: How to Build Global Distributed Hash-Trees|publisher=Springer|___location=Berlin, Heidelberg|year=2013|isbn=978-3-642-41487-9|doi=10.1007/978-3-642-41488-6_21|series=Lecture Notes in Computer Science|volume=8208|quote=Keyless Signatures Infrastructure (KSI) is a globally distributed system for providing time-stamping and server-supported digital signature services. Global per-second hash trees are created and their root hash values published. We discuss some service quality issues that arise in practical implementation of the service and present solutions for avoiding single points of failure and guaranteeing a service with reasonable and stable delay. Guardtime AS has been operating a KSI Infrastructure for 5 years. We summarize how the KSI Infrastructure is built, and the lessons learned during the operational period of the service.}}</ref><ref name=klinger>{{cite web | last1=Klinger | first1=Evan | last2=Starkweather | first2=David |title=pHash.org: Home of pHash, the open source perceptual hash library | website=pHash.org | url=http://www.phash.org/ | ref={{sfnref | pHash.org}} | access-date=2018-07-05|quote=pHash is an open source software library released under the GPLv3 license that implements several perceptual hashing algorithms, and provides a C-like API to use those functions in your own programs. pHash itself is written in C++.}}</ref> A perceptual hash is a type of [[locality-sensitive hash]], which is analogous if [[feature vector|features]] of the multimedia are similar. This is in contrast to [[Cryptographic hash function|cryptographic hashing]], which relies on the [[avalanche effect]] of a small change in input value creating a drastic change in output value. Perceptual hash functions are widely used in finding cases of online [[copyright infringement]] as well as in [[Digital Forensics Framework|digital forensics]] because of the ability to have a correlation between hashes so similar data can be found (for instance with a differing [[Digital watermark|watermark]]).
==Development==
Line 15:
In research published in November 2021 investigators focused on a manipulated image of [[Stacey Abrams]] which was published to the internet prior to her loss in the [[2018 Georgia gubernatorial election]]. They found that the pHash algorithm was vulnerable to nefarious actors.<ref name="hao21">{{cite book |chapter-url=https://gangw.cs.illinois.edu/PHashing.pdf |doi=10.1145/3460120.3484559 |chapter=It's Not What It Looks Like: Manipulating Perceptual Hashing based Applications |title=Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security |date=2021 |last1=Hao |first1=Qingying |last2=Luo |first2=Licheng |last3=Jan |first3=Steve T.K. |last4=Wang |first4=Gang |pages=69–85 |isbn=978-1-4503-8454-4 }}</ref>
In August 2021 Apple announced an on-device CSAM scanner called NeuralHash but, after strong privacy backlash, paused the rollout in September and formally cancelled it in December 2022.<ref name="wired2022">{{cite
Security researchers soon demonstrated that NeuralHash and similar deep perceptual hashes can be forced into collisions or evasion with imperceptible image changes.<ref name="struppek22">{{cite conference |last1=Struppek |first1=Lukas |last2=Hintersdorf |first2=Dominik |last3=Neider |first3=Daniel |last4=Kersting |first4=Kristian |title=Learning to Break Deep Perceptual Hashing: The Use Case NeuralHash |book-title=Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’22) |publisher=ACM |year=2022 |doi=10.1145/3531146.3533073|arxiv=2111.06628 }}</ref>
In October 2023 [[Meta Platforms|Meta]] introduced Stable Signature, an invisible watermark rooted in latent-diffusion generators, signalling a shift toward hybrid provenance schemes that combine watermarking with perceptual hashing.<ref name="meta2023">{{cite web |title=Stable Signature: A New Method for Watermarking Images Created by Generative AI |url=https://ai.meta.com/blog/stable-signature-watermarking-generative-ai/ |website=Meta AI Blog |date=20 October 2023 |access-date=27 May 2025}}</ref>
The open-source state of the art in 2025 was set by DINOHash, which adversarially fine-tunes self-supervised DINOv2 features and reports higher bit-accuracy under heavy crops, compression and adversarial gradient-based attacks than NeuralHash or classical DCT–DWT schemes.<ref name="dinohash25">{{cite
==Characteristics==
Line 33:
A Chinese team reported in July 2019 that they had discovered a perceptual hash for [[speech encryption]] which proved to be effective. They were able to create a system in which the encryption was not only more accurate, but more compact as well.<ref name=zhang19>{{cite journal |last1=Zhang |first1=Qiu-yu |last2=Zhou |first2=Liang |last3=Zhang |first3=Tao |last4=Zhang |first4=Deng-hai |title=A retrieval algorithm of encrypted speech based on short-term cross-correlation and perceptual hashing |journal=Multimedia Tools and Applications |date=July 2019 |volume=78 |issue=13 |pages=17825–17846 |doi=10.1007/s11042-019-7180-9 |s2cid=58010160 }}</ref>
[[Apple Inc]] reported as early as August 2021 a [[child sexual abuse material]] (CSAM) system that they know as [[NeuralHash]]. A technical summary document, which nicely explains the system with copious diagrams and example photographs, offers that "Instead of scanning images [on corporate] [[iCloud]] [servers], the system performs on-device matching using a database of known CSAM image hashes provided by [the [[National Center for Missing and Exploited Children]]] (NCMEC) and other child-safety organizations
In an essay entitled "The Problem With Perceptual Hashes", Oliver Kuederle produces a startling collision generated by a piece of commercial [[neural net]] software, of the NeuralHash type. A photographic portrait of a real woman ([[Adobe Stock]] #221271979) reduces through the test algorithm to a similar hash as the photograph of a butterfly painted in watercolor (from the "deposit photos" database). Both sample images are in commercial databases. Kuederle is concerned with collisions like this. "These cases will be manually reviewed. That is, according to Apple, an Apple employee will then look at your (flagged) pictures... Perceptual hashes are messy. When such algorithms are used to detect criminal activities, especially at Apple scale, many innocent people can potentially face serious problems... Needless to say, I’m quite worried about this."<ref name="rafok">{{cite news |last1=Kuederle |first1=Oliver |title=THE PROBLEM WITH PERCEPTUAL HASHES |url=https://rentafounder.com/the-problem-with-perceptual-hashes/ |access-date=23 May 2022 |publisher=rentafounder.com |date=n.d.}}</ref>
Researchers have continued to publish a comprehensive analysis entitled "Learning to Break Deep Perceptual Hashing: The Use Case NeuralHash", in which they investigate the vulnerability of NeuralHash as a representative of deep perceptual hashing algorithms to various attacks. Their results show that hash collisions between different images can be achieved with minor changes applied to the images. According to the authors, these results demonstrate the real chance of such attacks and enable the flagging and possible prosecution of innocent users. They also state that the detection of illegal material can easily be avoided, and the system be outsmarted by simple image transformations, such as provided by free-to-use image editors. The authors assume their results to apply to other deep perceptual hashing algorithms as well, questioning their overall effectiveness and functionality in applications such as [[client-side scanning]] and chat controls.<ref>{{cite book |doi=10.1145/3531146.3533073 |arxiv=2111.06628 |isbn=9781450393522 |s2cid=244102645 |chapter=Learning to Break Deep Perceptual Hashing: The Use Case NeuralHash |title=2022 ACM Conference on Fairness Accountability and Transparency |date=2022 |last1=Struppek |first1=Lukas |last2=Hintersdorf |first2=Dominik |last3=Neider |first3=Daniel |last4=Kersting |first4=Kristian |pages=58–69 }}</ref>
| |||