MONDAY, OCTOBER 23, 2023
I'm Not Stable At All
The latest scourge with AI is protecting one's images with invisible watermarks. Relatively easy to do using DCT, DWT and/or SVD (stable diffusion nonsense), but for the most part only works for RGB JPEG images (and if you don't care about bandwidth). It's not easy for (in my case) indexed PNG images. An aside; this is a thing because you might want to (1) keep your images from maybe be training material for AI, and (2) protect the ownership of your images in a way that robbers can't say, Hey, it ain't got your name on it.
With stable diffusion, basically you're taking an image and changing the pixel values in a way that's imperceptible to the eye but not to AI and while at it, hiding an invisible watermark; it essentially tricks AI into thinking the image was AI generated. To do this it breaks the image into 8x8 blocks and quantitizes them, similar to how jpeg compression works. The problem with this (in regards to index images) is that it must be saved as RGB in order to work; to appear AI generated and to survive even basic attacks. Cut to the chase; stable diffusion and index color doesn't work. However, invisible watermarking can.
Sidebar; mentioned above are attacks of an image. By attacks, I mean, methods to destroy invisible watermarks. Typical, or likely, attacks involve resaving the image in different file formats (ie: png to jpeg, jpeg to jpeg with a different compression quality), resizing or cropping the image, grayscaling, etc. Basically, some form of entropy.
The tricks to getting index color invisible watermarking to work is hiding it in fake jpeg 8x8 pixels blocks, or in the case of the webp format, fake 16x16 pixel blocks. It's also best to place the watermarks at coordinates divisible by eight (for jpeg) or 16 (for webp). If done correctly, an indexed PNG image can easily survive jpeg and webp attacks.
With stable diffusion, basically you're taking an image and changing the pixel values in a way that's imperceptible to the eye but not to AI and while at it, hiding an invisible watermark; it essentially tricks AI into thinking the image was AI generated. To do this it breaks the image into 8x8 blocks and quantitizes them, similar to how jpeg compression works. The problem with this (in regards to index images) is that it must be saved as RGB in order to work; to appear AI generated and to survive even basic attacks. Cut to the chase; stable diffusion and index color doesn't work. However, invisible watermarking can.
Sidebar; mentioned above are attacks of an image. By attacks, I mean, methods to destroy invisible watermarks. Typical, or likely, attacks involve resaving the image in different file formats (ie: png to jpeg, jpeg to jpeg with a different compression quality), resizing or cropping the image, grayscaling, etc. Basically, some form of entropy.
The tricks to getting index color invisible watermarking to work is hiding it in fake jpeg 8x8 pixels blocks, or in the case of the webp format, fake 16x16 pixel blocks. It's also best to place the watermarks at coordinates divisible by eight (for jpeg) or 16 (for webp). If done correctly, an indexed PNG image can easily survive jpeg and webp attacks.