Correspondence
https://doi.org/10.1038/s42256-023-00733-2
Battling disinformation with cryptography
I
nformation and communication tech-
nologies have led to an unprecedented
surge of disinformation1, interfering in
areas from democratic elections to armed
conflicts. With the broad diffusion of gen-
erative artificial intelligence (AI) tools such as
ChatGPT, Dall-E and Midjourney, the situation
may become even worse. These tools make it
easy and cheap to fabricate authentic-looking
content, such as images, audio files and videos
(‘deep fakes’)2 that spread falsehoods and sway
public opinion. AI tools can also facilitate auto-
mated micro-targeting of users at scale, trapping
them in tight echo chambers and filter bubbles3.
Without countermeasures, it will be increasingly
difficult to find the needle of truth in a haystack
of AI-generated and AI-distributed lies.
Unfortunately, today’s approaches and
tools may not be sufficient to battle disinfor-
mation. Content moderation has limitations
and whether stricter regulation of content
providers will be effective is unclear2. AI-based
detection is error-prone4 and will probably
remain so in the future, not least because
generative AI algorithms can in response be
trained to evade these detection mechanisms5.
We consequently advocate for an extension
of today’s toolkit against disinformation with
cryptographic techniques that help to estab-
lish machine-verifiable provenance for digital
content. Our argument builds on a recent set
of specifications issued by the Coalition for
Content Provenance and Authenticity (C2PA)6.
The C2PA promotes the use of cryptographic
techniques and secure hardware in cameras
and microphones that enable these devices to
digitally sign photos, sound, and video record-
ings. Some cameras, such as Sony’s Alpha 7
IV, already come with these capabilities.
Similar, albeit more comprehensive, digital
identities for individuals and organizations
can help to establish human provenance for
content, including text, and single out bots.
Such identities and the corresponding ‘trust
infrastructures’ that map cryptographic keys
to reputable organizations, including manu-
facturers or media companies, are already a
strategic priority in Canada and Europe7.
However, substantial problems with these
cryptographic techniques remain. First, every
edit of a text, an image, or a video invalidates
its digital signature and the corresponding
cryptographic trust that underpins verifiable
nature machine intelligence
provenance8,9. The C2PA proposes to resolve
this problem by attaching the complete,
signed original and its editing history6, but
such attachments typically conflict with size
and confidentiality restrictions9. Second,
establishing trustworthy provenance often
requires the disclosure of selected identity
attributes of content creators and editors,
which may conflict with the need to protect
vulnerable or confidential sources. Third,
trust in content distribution requires strong
authentication mechanisms — for example, to
single out bots on social media. Today, these
mechanisms usually involve unique identifiers
that present substantial privacy risks.
These problems can be addressed with
verifiable computation techniques, in par-
ticular zero-knowledge proofs (ZKPs). These
cryptographic proofs enable the delegation
of generic computation — such as the verifica-
tion of authentic sources or modifications —
to an untrusted third party who discloses only
selected information and cryptographic evi-
dence for the correctness of the execution.
ZKPs were originally invented in the 1980s but
recent investments in the cryptocurrency and
blockchain space made them both powerful
and easier to implement. These improved con-
structions, known as zk-SNARKs, are (1) zero
knowledge — that is, no information beyond
what is explicitly demanded by the verifier is
shared about the computation (inputs, inter-
mediary results and outputs can remain hidden);
(2) succinct — that is, verification effort is very
small; and (3) non-interactive — that is, the
same proof works for any number of verifiers.
Despite proof generation still being compu-
tationally demanding, zk-SNARKs now facilitate
operations even on large image files9 and audio
streaming. They make it possible, for example,
to prove that an image was originally created
and signed by a certified camera and that it was
subsequently modified only in a certain way. If
explicitly required, content providers can also
include additional information in the proof,
such as the model of camera and the photog-
rapher’s affiliations or attestations. Recursive
proof composition techniques even enable
sequential modifications by different editors
to be traced. Moreover, zk-SNARKs can provide
strong assurances of human identities without
the need to share unique cryptographic iden-
tifiers or other sensitive identity attributes7.
Check for updates
This makes zk-SNARKs powerful tools for estab-
lishing the trustworthy origin and editing his-
tory of digital content without exposing the
original content or its creator8,9.
Even with these promising developments,
substantial work remains until secure digital
identities and ZKPs can establish strong bul-
warks against disinformation and fake news.
Professionals must ensure that their hardware
supports the creation of cryptographically
verifiable content and that their editing tools
can generate modification proofs. Generic
zero-knowledge virtual machines, which
can generate ZKPs for the correct execution
of any (editing) tool, may help to also cover
open-source tools with limited developer
support. In addition, safeguards need to be
established against potential vulnerabilities.
For example, research on the detection of
re-captured images may help to prevent the
recording of edited scenes from a screen10.
Content distributors, such as news outlets
and social media platforms, need to estab-
lish policies for trustworthy sources and
permitted modifications. Moreover, their
consumers should be able to check whether
content sources and editing histories comply
with these policies. Policymakers must ensure
that new identity schemes support ZKP-based
authentication and the selective disclosure of
identity attributes without exposing unique
identifiers. Consumers, in turn, must specifi-
cally demand content with cryptographically
verifiable provenance.
These complexities will also make it difficult
to eliminate disinformation completely with
cryptography. Battling disinformation will still
rely on diligent research of journalists and a com-
mitment to truth. But cryptography can re-level
the playing field, making fabrication again more
difficult and economically less attractive.
Johannes Sedlmeir1,
Alexander Rieger 1,2 , Tamara Roth1,2 &
Gilbert Fridgen 1
1
Interdisciplinary Centre for Security,
Reliability and Trust, University of
Luxembourg, Luxembourg, Luxembourg.
2
Sam M. Walton College of Business,
University of Arkansas, Fayetteville, AR, USA.
e-mail: arieger@uark.edu
Published online: xx xx xxxx
Correspondence

References 7. Rieger, A., Roth, T., Sedlmeir, J., Weigl, L. & Fridgen, G. 13342933 (to G.F.), as well as by the FNR through the PABLO
1. Lewandowsky, S., Ecker, U. K. H. & Cook, J. J. Appl. Res. Nat. Hum. Behav. 6, 3–3 (2021). project, grant reference 16326754.
Mem. Cogn. 6, 353–369 (2017). 8. Naveh, A. & Tromer, E. in Symposium on Security and
2. Menczer, F., Crandall, D., Ahn, Y.-Y. & Kapadia, A. Privacy 255–271 (IEEE, 2016). Competing interests
Nat. Mach. Intell. 5, 679–680 (2023). 9. Datta, T. & Boneh, D. Medium https://go.nature. J.S. and G.F. are supported by PayPal and the
3. Ienca, M. Topoi 42, 833–842 (2023). com/46tOJxt (2022). Luxembourg National Research Fund FNR. PayPal’s
4. Williams, R. MIT Technology Review https://go.nature.com/ 10. Chingovska, I., Anjos, A. & Marcel, S. in Int. financial support is administered via the FNR, and by
3EVb4Z0 (2023). Conf. Biometrics Special Interest Group 1–7 contractual agreement, PayPal has no involvement in
5. Boneh, D., Grotto, A. J., McDaniel, P. & Papernot, N. (IEEE, 2012). J.S. and G.F.’s research. A.R. and T.R. declare no competing
Stanford University Policy Briefs https://go.nature. interests.
com/3PDiVPT (2020). Acknowledgements
6. Coalition for Content Provenance and Authenticity. This research was funded in part by the Luxembourg National
https://c2pa.org/ (2023). Research Fund (FNR) and PayPal, PEARL grant reference

nature machine intelligence