Prove that the image you took is a real image using your mobile device
It is impossible to count the amount of images/pictures that we see every day whether it is through messaging applications or social media applications. With the existence of AI, Deepfakes and even skilled image-editors, it has become harder and harder for general public to determine whether if an image is real or not, which cause a wide range of issues.
With the rise of AI, even "vibe-editors" can edit and polish images in high quality easily using natural languages. On one hand, it allows more creative-freedom and allows people (who otherwise cannot) to unleash their imagination with the assistance of AI. On another hand, AI-related deepfakes have almost become common place that it has become the norm in our every day social media. Imagine a case where the scammer stole an invoice of a receipt, edit it, and send it to someone else to bill who unknowingly bill them because they did not realize, it was in fact, an edited image?
YumeProof is a Hackathon Proof-of-Concept Android Mobile Application for IOTA Blockchain Hackathon that aims to tackle this particular problem by:
Using Google Confidential VM's Trusted Executive Environment, a verifiable backend system integrating with Google Play Integrity API is set up. Once a new device is setup, it generates a DID on IOTA Blockchain using IOTA Identity framework to uniquely identify itself. The device will authenticate itself by interacting with the Google's API and our backend system. Once our backend system has received approval from Google Play Integrity API, the DID associated with our unique backend system running in TEE will issue Verifiable Credentials that verifies that the device is a real device running our application using IOTA Identity.
With the device authenticated using verifiable credentials, the user can now take picture within our application which will be hashed (including their meta-data) using their device specific private key tied to their DID which is not extractable due it being stored within Android Keystore. Here IOTA Notarization is used to notarize the existence of the image permanently on chain using Locked Notarization method. Since the device-related DID is authenticated, we can safely conclude that the any image that is signed with the private key related to this particular DID is real as well.
To allow the project to be able to sustain and developed long term, the project will also incorporate monetization mechanisms. The users can purchase "Notarization Credits" in the form of IOTA Closed Loop Tokens. We will allow the users that spend the credits to have their Notarization data object indexed by our Main Smart Contract, which would allow them to easily verify the authencity of an image.
To ensure better UX, IOTA Gas Station is used to sponsor gas fees for the users so as to abstract away the blockchain interaction UX, and make them use the application without having to be familiar with Blockchain at all, while benefitting from the benefits Blockchain provides.
Anyone, whether if they have the mobile application installed or not installed, will be able to verify the image authenticity on the verification website. The user can input the image data they receieved from someone that used our application, and their address. And we will know from the hash that, this image is a real image from a real device with specific metadata.
- IOTA Identity
- IOTA Notarization
- IOTA Gas Station
- IOTA Closed-Loop Token
- IOTA Blockchain Move Package
- Rust Uniffi (Android-Rust Interop)
- Kotlin (Android Application Development)
- Google Play Integrity API
- Google Play Confidential VM
- Even when there is no official Android SDK support for IOTA, we have implemented our Android application using Uniffi to allow communication between JVM and Rust. This allows us to use the Rust crates, IOTA Developers have created.
- Google Play Integrity API only supports applications installed via play store. So github downloaded version will not work properly. It is necessary to request us to add you to our internal testers list on Play Store.