SIDeR: Semantic Identity Decoupling for Unrestricted Face Privacy

TL;DR

SIDeR is a novel framework that enhances face privacy by generating visually diverse, machine-recognizable adversarial faces through semantic decoupling and diffusion models, allowing for privacy protection and authorized restoration.

Contribution

It introduces a semantic decoupling approach combined with diffusion models to create natural adversarial faces that protect privacy while maintaining identity recognition.

Findings

Achieves 99% attack success rate in black-box scenarios.

Outperforms baselines by 41.28% in PSNR restoration quality.

Generates highly natural, visually diverse adversarial faces.

Abstract

With the deep integration of facial recognition into online banking, identity verification, and other networked services, achieving effective decoupling of identity information from visual representations during image storage and transmission has become a critical challenge for privacy protection. To address this issue, we propose SIDeR, a Semantic decoupling-driven framework for unrestricted face privacy protection. SIDeR decomposes a facial image into a machine-recognizable identity feature vector and a visually perceptible semantic appearance component. By leveraging semantic-guided recomposition in the latent space of a diffusion model, it generates visually anonymous adversarial faces while maintaining machine-level identity consistency. The framework incorporates momentum-driven unrestricted perturbation optimization and a semantic-visual balancing factor to synthesize multiple visually diverse, highly natural adversarial samples. Furthermore, for authorized access, the protected image can be restored to its original form when the correct password is provided. Extensive experiments on the CelebA-HQ and FFHQ datasets demonstrate that SIDeR achieves a 99% attack success rate in black-box scenarios and outperforms baseline methods by 41.28% in PSNR-based restoration quality.