[Ajedi32]

Synthid is a watermark which indicates the video is AI-generated, not a digital signature indicating it's real. Completely different use case and threat model.

I'm not aware of any secure digital signature schemes that don't require the thing they signed to be bit-for-bit identical to pass verification. There are perceptual hashing algorithms that could theoretically be used to build such a scheme, but such hashes are not second preimage resistant, so someone could create a modified video that still passes signature verification.

[mapontosevenths]

I'm not even sure what you're hypothetically describing here. You want a system that authenticates that an image hasn't been manipulated, but which still allows you to compress and transcode it? It's feasible in the same way that synthid was feasible, but I don't think there's actually a use case for it. You either want it to be unedited or you don't. I'm not sure how you can say "edited, but only exactly this much editing is allowed."

I suppose the validator could do a fuzzy match and just output a similarity score that compares the result to the original image. IE - This image is 75% similar to the original with something like a perceptual hash. Then it's the users problem to decide if 75% is close enough for their trust.

[Ajedi32]

> You either want it to be unedited or you don't.

You want it visually identical but not necessarily bit-for-bit identical. Compression and transcoding should not cause validation to fail unless the compression artifacts are particularly severe, but even a tiny, one-pixel change that substantially alters the appearance of the photo should cause validation to fail.

And yes I agree this is hard to quantify and impossible with existing algorithms, that was my point.