The authors describe some weaknesses of public-key blockwise fragile authentication watermarkings and the means to make them secure. Wong's original algorithm as well as a number of its variant techniques are not secure against a mere block cut-and-paste or the well known birthday attack. To make them secure, some schemes have been proposed to make the signature of each block depend on the contents of its neighbouring blocks. The authors attempt to maximise the change localisation resolution using only one dependency per block with a scheme they call hash block chaining version 1 (HBC1). They then show that HBC1, as well as any neighbour content-dependent scheme, are susceptible to another forgery technique that they have named a transplantation attack. They also show a new kind of birthday attack that can be effectively mounted against HBC1. To thwart these attacks, they propose using a nondeterministic digital signature together with a signature-dependent scheme (HBC2). Finally, they discuss the advantages of using discrete logarithm signatures instead of RSA for watermarking.
[1]
Alfred Menezes,et al.
Handbook of Applied Cryptography
,
2018
.
[2]
Minerva M. Yeung,et al.
An invisible watermarking technique for image verification
,
1997,
Proceedings of International Conference on Image Processing.
[3]
Paulo S. L. M. Barreto,et al.
Pitfalls in public key watermarking
,
1999,
XII Brazilian Symposium on Computer Graphics and Image Processing (Cat. No.PR00481).
[4]
Nasir D. Memon,et al.
Counterfeiting attacks on oblivious block-wise independent invisible watermarking schemes
,
2000,
IEEE Trans. Image Process..