Examining C2PA Provenance Metadata in DALL·E 3 Images

Mike Cvet
4 min readFeb 17, 2024

--

Inspecting the new metadata fields added to synthetically-generated images from ChatGPT

DALL·E: The Bixby Bridge. See below why this is not the original image with metadata attached.

This past week, OpenAI released support for C2PA media provenance metadata in DALL·E 3 images generated through ChatGPT and its API.

This is presumably related to broader industry efforts, including Google, Microsoft, Adobe, and others to mitigate deceptive use of AI ahead of 2024’s elections as it relates to the AI Elections Accord.

In particular, commitment 1a :

Supporting the development of technological innovations to mitigate risks arising from deceptive AI election content by identifying realistic AI-generated images and/or certifying the authenticity of content and its origin, with the understanding that all such solutions have limitations. This work could include but is not limited to developing classifiers or robust provenance methods like watermarking or signed metadata (e.g. the standard developed by C2PA or SynthID watermarking).

I’ve written before about C2PA, and while its generally understood that attaching cryptographically-signed manifests and metadata to media is not a panacea for the problem of determining media’s origin, it’s still an effective tool in a portfolio which includes statistical and analytical methods like those recently developed between LinkedIn and the University of California, Berkeley.

I wanted to test this out and examine the manifest provided by DALL·E on generated images, covered below.

Dropped Metadata

I created the above image through ChatGPT. However, in a slightly ironic twist, DALL·E recently started generating images in webp format, rather than png. Many tools and services, Medium included, don’t support webp images.

This meant I had to convert the generated image to jpeg; in my case, through ImageMagick, which ended up stripping out all the associated C2PA metadata. Its fair to assume that most media conversion tools at this time would do the same thing.

So any readers downloading that image to walk through the rest of this post will be disappointed to discover a lack of associated provenance data, however I posted it here.

Inspecting the Metadata

There’s a few different ways to use this metadata. Most easily, you can throw the image into https://contentcredentials.org/verify and use the UI to inspect a limited number of manifest fields.

You can see here that the right-side pane has noted that ChatGPT created the image, and verified the content credentials were issued by OpenAI.

If you use the Chrome browser, you can also use the Digimarc C2PA extension similarly.

To inspect the underlying details, c2patool is best:

$ c2patool --detailed bixby.webp

The full output is available in this gist. There were a couple manifests included with this image, the main one is here:

    "urn:uuid:b3664ce3-21c2-4dad-b519-73fe7756db6c": {
"claim": {
"alg": "sha256",
"assertions": [
{
"hash": "PMxniNY+kCqWhPutEBj0JF8Cqdivbvb7QBnbQe4OPV4=",
"url": "self#jumbf=c2pa.assertions/c2pa.actions"
},
{
"hash": "i09pzVfpc4qQcNReEKMqZ/7x6NKMEn10Rlx+3fo9okE=",
"url": "self#jumbf=c2pa.assertions/c2pa.hash.data"
}
],
"claim_generator": "OpenAI-API c2pa-rs/0.28.4",
"claim_generator_info": null,
"dc:format": "webp",
"dc:title": "image.webp",
"instanceID": "xmp:iid:4023b613-8094-4d62-87da-1013efa750a9",
"signature": "self#jumbf=c2pa.signature"
},
"assertion_store": {
"c2pa.actions": {
"actions": [
{
"action": "c2pa.created",
"digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia",
"softwareAgent": "DALL·E"
},
{
"action": "c2pa.converted"
}
]
},
"c2pa.hash.data": {
"alg": "sha256",
"exclusions": [
{
"length": 14859,
"start": 295078
}
],
"hash": "Tu+6XAnlog18V4EG+wYp97X4IXmrZJ+B9ezKnNUoBqA=",
"name": "jumbf manifest",
"pad": "<omitted>"
}
},
"signature": {
"alg": "es256",
"issuer": "OpenAI",
"time": "2024-02-17T14:51:00+00:00"
}
},

Pointing out a few notable fields:

{
"action": "c2pa.created",
"digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia",
"softwareAgent": "DALL·E"
},

This is the assertion that the media was created by the DALL·E softwareAgent. This refers to the media’s ultimate origin. The image has a digital source type of trained algorithmic media.

"action": "c2pa.converted"

According to the c2pa-rs source code, the converted action indicates The format of the asset was changed. So its possible that the image was generated in a different format before being converted to webp.

"c2pa.hash.data": {
"alg": "sha256",
"exclusions": [
{
"length": 14859,
"start": 295078
}
],
"hash": "Tu+6XAnlog18V4EG+wYp97X4IXmrZJ+B9ezKnNUoBqA=",
"name": "jumbf manifest",
"pad": "<omitted>"
},
...
"signature": {
"alg": "es256",
"issuer": "OpenAI",
"time": "2024-02-17T14:51:01+00:00"
}

You can see here, the contents (indicated by data) of the image have a SHA-256 hash signature attached, and the issuer is OpenAI.

There are two manifests attached to this image; the one above, and a second one which includes it as an Ingredient, which seems mostly be concerned with thumbnails, though I didn’t see any thumbnail data attached in the image.

"claim_generator": "OpenAI-API c2pa-rs/0.28.4",
...
"claim_generator": "ChatGPT c2pa-rs/0.28.4",

The two manifests have different claim generators, which indicates the media was mutated by two different OpenAI applications; one identified as OpenAI-API, and the other as ChatGPT. I’m not sure why that would be the case, but is probably an artifact of the DALL·E media serving architecture.

In the end, it’s great that OpenAI took this step, as part of a broader coalition, to include this origin metadata in its generated images, supporting another approach to identify synthetic media online.

There is still a long way to go; most online platforms strip out all kinds of metadata from uploaded media. This is also the case, as I demonstrated above, with local device-based tools, or web-based tools, which convert or modify media in simple ways. Hopefully this step is an incentive for broader support within the media software ecosystem.

See also: Verifying the Origin of Media in an Algorithmic World

--

--

Mike Cvet

I’m a former Distinguished Engineer at LinkedIn and Twitter, was an early engineer at a couple startups with successful exits, and hacked around at Red Hat