â—Ź A plain-English guide to the research paper

Pixel Block Chain

A way to hide a tamper-proof "seal" inside the pixels of an image itself — so even after the photo is copied, cropped, and stripped of all its metadata, you can still tell whether it was altered, and exactly where.

scroll

The problem

Photos lose their paper trail

Every time an image is shared, something quietly strips away its history.

When you post a photo, send it in a chat, or a news desk re-exports it, the file gets re-saved. That re-saving throws away the hidden "label" — the metadata — that normally records where the image came from and whether it's been edited. The pixels arrive; the story behind them does not.

Analogy: Imagine a painting with a certificate of authenticity taped to the back. Photocopy the painting and the certificate is gone — even though the picture itself looks perfect. Today's provenance systems put the certificate on the back. PBC writes it invisibly into the paint.

Systems like C2PA (the industry standard, backed by Adobe, the BBC, camera makers) attach a cryptographic certificate to the file. It's excellent — as long as the file survives intact. The moment the container is stripped, that certificate is gone and you're left holding only raw pixels with no way to check them.

PBC is explicitly designed as a complement to C2PA, not a competitor. C2PA proves identity (who made this, signed by a trusted key) at the file-container level. PBC provides tile-local integrity (has any region been altered) at the pixel level — the layer that's still there when the container is gone. The paper frames PBC for lossless / near-lossless channels: archival masters, editorial hand-offs, wire-service exchanges.

The big idea

Hide the seal in the pixels

Every pixel is a number — say, how much red, green and blue it has. PBC nudges the very last digit of each of those numbers. The last digit is so insignificant that your eye can't possibly see the change, but there's enough room across millions of pixels to tuck away a hidden message.

That hidden message is a chain of tiny tamper-evident blocks — like a row of wax seals, where each seal is stamped using the one before it. Break a seal and the chain no longer lines up.

Demo 1

The change is invisible to you — but it's there

Both halves look identical to your eye. Click “Reveal” to amplify the lowest bit 200× and see the data that's hiding in plain sight.
Why it's invisible: changing the last bit of a colour shifts it by at most 1 step out of 256 — a difference of about 0.4%. Measured across the whole image that's a quality score (PSNR) of 51.2 dB, far beyond what the eye can detect.

This is classic LSB (least-significant-bit) steganography. PBC writes into the k lowest bits of each RGB channel, default k=1 → 3 hidden bits per pixel. Each block is 32 bytes and occupies ~86 pixels. A 128×128 tile holds ~190 blocks — far more than a full editing session needs. Higher k (2 or 3) stores more history but lowers PSNR (43.8 dB, 37.3 dB).

The structure

A grid of independent chains

PBC doesn't make one giant seal for the whole image. It chops the picture into a grid of tiles (128Ă—128 pixels each), and gives every tile its own private chain of seals. No tile's chain refers to any other tile.

This one design choice is the heart of the paper, and it's what makes the next two demos work: damage stays local.

GREEN — intact YELLOW — legitimately edited RED — tampered GRAY — no seal found

Each block stores a chain hash = SHA-256 of the previous block's bytes (truncated to 48 bits). The first block of a tile seeds from SHA256(originator ‖ tile_x ‖ tile_y ‖ session-timestamp). Because the hash is computed only over bytes within the same tile, the verification of tile A is mathematically independent of tile B — proved formally in the paper as the Cascade-Isolation Lemma.

Catching tampering

Click anywhere to “edit” the photo

Here's a PBC-protected image, split into tiles. Pretend you're a forger: click any tile to overwrite its pixels. The verifier instantly flags exactly the tiles you touched RED and leaves everything else GREEN. No guessing, no smearing — tampering is pinned to the exact region.

Demo 2

Click-to-tamper · tile-level localization

Tampered tiles found0 False alarms0 Detection rate100%
In the paper's benchmark this exact behaviour held across 99 images: 100% of tampered tiles caught, 0% false positives.
Real PBC verification overlay Machine-readable tile map
Actual output from the reference code: the verification overlay (left) and the compact machine-readable tile map (right) used for scoring.

The key novelty

Why one break doesn't spread

Earlier "blockchain watermark" schemes linked every block into a single chain. That sounds neat, but it has a fatal flaw: break one block and everything after it fails too. You learn that something changed, but not where — the damage cascades.

PBC's grid-of-chains stops the cascade at the tile boundary. Try both below: break a block on the left (old way) and watch the failure run to the end; break one on the right (PBC) and watch it stay put.

Demo 3

Single chain (old) vs. grid of chains (PBC)

Click any block to "tamper" it. Red = now fails verification. Left cascades; right contains the damage to a single tile.

Beyond detection

An honest history of edits

Because each tile holds a chain, compliant editing software can append a new entry whenever it changes a region — who edited it, what they did, when — without disturbing the parts they didn't touch. The result is a per-region Edit Ledger: a tamper-evident logbook of the image's life.

Analogy: like the stamps in a passport. Each border crossing adds a stamp; nobody rewrites the earlier ones. You can read the whole journey, and a forged stamp stands out.

And because only the edited tiles get rewritten, appending an edit is faster than re-sealing the whole image — measured at up to 74% faster in the paper.

If only a subset S of tiles change, append-mode reads each chain in S, adds one block carrying the edit's opcode + originator + timestamp, and rewrites only those tiles. Two editors working different regions (e.g. a colourist and a retoucher) each own their tiles; overlapping tiles carry all contributing authors in order. The reference code demonstrates 3-author attribution with every tile still verifying GREEN.

Surviving redistribution

Still readable after a brutal crop

The neat tile grid has one weakness: crop the image off-grid and every tile shifts, scrambling all the seals at once — 0% survive. So PBC adds a second mode, PBC-Forest: instead of a tidy grid, it scatters hundreds of independent seeds at random positions, like planting trees across a field.

Crop the field however you like — some trees are always still standing. Drag the crop box below and watch how many seals survive.

Demo 4

Crop simulator · scattered “forest” of seals

Seals surviving— Grid mode would give0%
Drag the highlighted box to move the crop. The paper measures 41–44% survival after removing 60–80% of the image — where the regular grid recovers nothing.
Before crop
(a) Seals scattered
After crop
(b) After a harsh crop
Survivors
(c) Survivors recovered
Real run from the public code: 442 of 1000 seals (44.2%) recovered from a non-aligned crop.

Being honest about limits

Where it works — and where it doesn't

PBC is deliberately fragile. That's a feature for catching edits, but it means it lives in lossless pipelines. The hidden bits survive lossless formats perfectly and are destroyed by lossy compression like JPEG — at which point PBC simply reports GRAY ("no seal here") rather than giving a wrong answer.

âś“ Reliable on

  • PNG, BMP, TIFF, lossless WebP
  • Archival masters & editing hand-offs
  • Wire-service / newsroom exchange
  • Cropping & resizing (Forest mode)

âś— Not designed for

  • JPEG / lossy WebP (any quality)
  • Social-media re-encoding
  • Proving who made it (that's C2PA's job)
  • Swapping two look-alike tiles

The authors state this plainly in the paper rather than overclaiming — a sign of careful work, not a weakness.

How it fits

PBC, C2PA, and AI watermarks

These aren't rivals — they cover different gaps. PBC is the lightweight pixel-level safety net that needs no servers, no AI, and no special hardware.

 PBCC2PANeural (AI)
Survives metadata strippingYesNo*Yes
Pinpoints where editedTile-levelNoPixel-level
Proves who made itNoYesSome
Survives JPEGNoVia soft-bindingYes
Needs GPU / trainingNoNoYes
Runs in camera firmwareYesPartlyNo

*C2PA v2.4 adds durable credentials & fingerprints to help re-find a stripped manifest — but the local tamper signal still isn't in the pixels. That's the gap PBC fills.

The evidence

What the experiments showed

Every number below was reproduced by re-running the public code on a 99-image benchmark (real photos from COCO, Oxford Flowers & Pets, plus synthetic test images).

51.2dB
Image quality (PSNR) — visually identical
100%
Tampered tiles correctly caught
0%
False alarms on clean tiles
41–44%
Seals surviving a severe crop (Forest)

And a property you can't fake with statistics — it's proven mathematically: a break in one tile can never affect the verdict on another. That guarantee is what lets the localization be exact instead of approximate.

Staying honest

What it can't do (yet)

Good research names its own boundaries. The paper lists these openly:

Each of these is a clearly-scoped direction for future work, not a hidden flaw.