Watch Your Step: Information Injection in Diffusion Models via Shadow Timestep Embedding

TL;DR

This paper introduces Shadow Timestep Embedding (STE), revealing that timestep embeddings in diffusion models can encode malicious side-channel information, posing security risks and enabling new adversarial strategies.

Contribution

The paper presents STE, a novel mechanism to analyze and exploit the temporal space of diffusion models for security and adversarial purposes.

Findings

Timestep embeddings can encode side-channel information.

Different timesteps have distinct representational capabilities.

Timestep acts as a powerful side channel for information transfer.

Abstract

Diffusion models have become the foundation of modern generative systems, with most research focusing primarily on improving generation efficiency and output quality. The timestep embedding component is a crucial part of the diffusion pipeline, which provides a temporal conditioning signal to the denoising network, enabling it to adapt its predictions across different noise levels throughout the process. Despite their potential to contain substantial information, timestep embeddings remain underexplored in current research, especially for security risks and reliable provenance. To fill this gap, we introduce Shadow Timestep Embedding (STE), a novel mechanism that investigates the underutilized temporal space for malicious information injection into diffusion models. In particular, when zooming in on the timestep embedding space, we find that different timesteps exhibit distinct representational capabilities that can encode side-channel information. Moreover, such encoded information can be utilized for attack and defense purposes through the scheduler interface. We present a theoretical analysis of timestep embeddings as position-encoding mappings and derive a mutual coherence evaluation that explains the separability of disjoint timestep intervals. Our findings reveal the diffusion model's timestep as a powerful side channel for carrying dedicated information, motivating new directions for adversarial generative modeling by understanding the temporal dimension.