Diff-Privacy: Diffusion-based Face Privacy Protection
Xiao He, Mingrui Zhu, Dongxin Chen, Nannan Wang, Xinbo Gao
TL;DR
This paper introduces Diff-Privacy, a diffusion-based method that unifies facial anonymization and visual identity hiding, effectively protecting privacy while maintaining recognition accuracy.
Contribution
It proposes a novel diffusion model framework with multi-scale image inversion and embedding strategies for combined face anonymization and identity hiding.
Findings
Effective facial privacy protection demonstrated through extensive experiments.
Unified approach successfully balances anonymization and recognition accuracy.
Diff-Privacy outperforms existing methods in privacy preservation tasks.
Abstract
Privacy protection has become a top priority as the proliferation of AI techniques has led to widespread collection and misuse of personal data. Anonymization and visual identity information hiding are two important facial privacy protection tasks that aim to remove identification characteristics from facial images at the human perception level. However, they have a significant difference in that the former aims to prevent the machine from recognizing correctly, while the latter needs to ensure the accuracy of machine recognition. Therefore, it is difficult to train a model to complete these two tasks simultaneously. In this paper, we unify the task of anonymization and visual identity information hiding and propose a novel face privacy protection method based on diffusion models, dubbed Diff-Privacy. Specifically, we train our proposed multi-scale image inversion module (MSI) to obtain…
Peer Reviews
Decision·Submitted to ICLR 2024
1) The paper addresses an important problem of enhancing privacy for face images shared on the Internet. 2) The proposed solution appears to be somewhat novel and feasible, but it is hard to judge because sufficient details have not been provided.
1) The paper is extremely hard to read and understand. A number of mathematical notations and terms (e.g., key-E, conditional embedding, etc.) are not defined clearly, which makes the proposed approach hard to follow. 2) First and foremost, the most basic requirement in a security/privacy paper is stating the threat model and assumptions explicitly. What information is being protected and from whom? What are the capabilities of the adversary? In this paper, no clear threat model has been prese
Strength: ++ The authors innovatively propose a new paradigm for facial privacy protection based on diffusion models. Quantitative and qualitative experiments have demonstrated the effectiveness of the proposed paradigm. ++ The authors propose an MSI module to learn a set of SDM formats conditional embeddings of the original image and demonstrate that the embeddings extracted by this module have better editability and decoupling. ++ The authors specially design an embedded scheduling strategy an
Weakness: -- Although the author has significantly reduced the training cost of the model (including the need for high-quality facial datasets), the diffusion-based method for inference is still inefficient compared to the GAN-based method. -- I noticed that the author conducted an experiment on the security of keys. I think more interesting experiments can be conducted on key-I and key-E to explore their role in image generation.
See the summary in detail.
1. The network architecture shown in Fig.2 is not clear. As mentioned by the authors, the framework of the proposed method can be divided into three stages, which are not presented in Fig.2. Also, key-E, key-I, and the proposed energy function-based identity guidance module are not clearly shown in Fig.2. 2. The energy function in Section 2.3.2 is introduced briefly - more details are needed on the formulation and how it enables identity guidance. In addition, the definition of $\varepsilon$ wh
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFace recognition and analysis · Generative Adversarial Networks and Image Synthesis · Advanced Steganography and Watermarking Techniques
MethodsDiffusion