Encrypted Image Watermarking Using Fully Homomorphic Encryption and Zama Concrete ML

Invisible image watermarking, a technique for embedding hidden information within digital images without altering their appearance, was the focus of the Zama Bounty Program Season 7, where developers were tasked with creating systems to perform this operation on encrypted images using Zama's confidential AI library, Concrete ML, with Fully Homomorphic Encryption (FHE). This approach is increasingly important due to developments in Generative AI and regulatory efforts like the EU AI Act, which demand reliable digital watermarking of AI-generated content for attribution and traceability. The winning solution utilized a privacy-preserving neural network model built with FHE to embed and extract watermarks, ensuring privacy by not exposing the original content during watermarking. The encoder model used Quantization-Aware Training (QAT) with Brevitas for better accuracy-latency tradeoffs, while a second neural network was responsible for watermark extraction. This method proved resilient to various image transformations, addressing concerns like copyright protection, authentication, and tamper detection, although a runner-up solution offered faster performance with less resistance to image changes. The Zama Bounty Program now invites exploration of FHE to enhance privacy in biological age estimation for its next season.