Verifying Provenance of Digital Media: Why the C2PA Specifications Fall Short

TL;DR

This paper critically examines the C2PA specifications for digital media provenance, revealing they do not meet security goals and could mislead users if used prematurely.

Contribution

It provides the first comprehensive security analysis and formal-methods evaluation of C2PA's core protocols, highlighting critical shortcomings.

Findings

C2PA specifications fail to meet security goals

C2PA does not achieve key trustworthiness requirements

Reliance on C2PA could mislead users in high-stakes contexts

Abstract

The rapid rise of generative AI has made it easy to create convincing fake media at scale. In response, an industrial coalition has developed the Coalition for Content Provenance and Authenticity (C2PA), a system intended to provide verifiable provenance for digital content. Our research team conducted the first comprehensive, independent security analysis of C2PA. Our study includes the first formal-methods analysis of C2PA's core protocols. We find that the current C2PA specifications fail to achieve their claimed security goals. Furthermore, they also fail to achieve key additional goals, which all such provenance systems require for trustworthy deployment. As a result, C2PA may mislead users, platforms, and policymakers if relied upon prematurely. C2PA is a promising idea, but it should not yet be relied upon for high-stakes uses such as financial disclosures, journalism, or legal evidence.