Glossary

The terms below appear across the ImgKey reference. Definitions are kept short and operational rather than exhaustive — the goal is to let a reader unfamiliar with the field follow a technical discussion of C2PA, watermarking, or forensics without losing thread. Where a term has a precise definition in a published specification, that specification is named. Where the term is contested or imprecise, that is noted.

Active authentication

Verification methods that require producer cooperation, such as embedding a signature or watermark at capture or generation time. Contrasted with passive detection.

Adversarial example

An input crafted to defeat a classifier. In this field, an image post-processed to evade an AI-detection model while remaining visually unchanged.

Assertion

A statement in a C2PA manifest about the asset — its actions, ingredients, AI-training opt-out, capture device, and so on. Assertions are the unit of content; claims are the unit of signing. See assertions and claims.

Authentication

Verification that a digital object has not changed since being signed. Binary, cryptographic, and orthogonal to truth. See provenance vs. authentication.

Binding

The cryptographic linkage between a manifest and the asset it describes. C2PA defines hard bindings (hash of the asset bytes) and soft bindings (perceptual fingerprints or watermarks). See hard bindings vs. soft bindings.

CAI

The Content Authenticity Initiative, a cross-industry community founded by Adobe in 2019 to promote provenance tooling. CAI is broader and less formal than C2PA; C2PA produces the specification.

C2PA

The Coalition for Content Provenance and Authenticity. A Joint Development Foundation project formed in 2021 by Adobe, Microsoft, BBC, and others, now publishing the C2PA Technical Specification in its 2.x series.

CBOR

Concise Binary Object Representation, defined in RFC 8949. The binary encoding used for C2PA assertions and claims, chosen for compactness and schema flexibility.

Certificate

An X.509 document binding a public key to an identity, signed by a Certificate Authority. C2PA signers hold certificates issued by CAs on the C2PA Trust List.

Certificate Authority (CA)

An organization that issues signing certificates. C2PA-recognized CAs appear on the Trust List; certificates from other CAs are validated cryptographically but flagged as untrusted.

Claim

The signed object inside a C2PA manifest that aggregates hashes of all assertions and the asset binding. The signature on the claim is what makes the whole manifest tamper-evident.

Claim generator

The software or hardware that creates a C2PA manifest. Examples include Adobe Photoshop, Leica firmware, the Adobe Firefly backend.

Cloning (detection)

A forensic technique that identifies regions of an image copied from elsewhere in the same image, typically used to detect object removal or duplication.

Content Credentials

Adobe's consumer-facing brand for C2PA-based provenance display. The Content Credentials icon (a stylized CR) is the public-facing manifestation of the standard.

Deepfake

Synthetic media depicting a real person doing or saying something they did not. The term originated in 2017; its scope has expanded to include any face-swap or impersonation, image or video.

Detection

Methods for identifying AI-generated content without producer cooperation. Includes classifier-based, frequency-domain, and statistical approaches. See AI image detection.

Diffusion model

A class of generative model that synthesizes images by iteratively denoising random noise toward a learned distribution. Used by Stable Diffusion, DALL·E 3, Imagen, Midjourney, and most current image generators.

dHash

Difference hash, a perceptual hashing algorithm that encodes brightness gradients between adjacent pixels in a downsampled image.

Durable Content Credentials

C2PA's combined hard-binding plus soft-binding mechanism for recovering manifests after metadata stripping. Uses watermarking and/or fingerprinting against a registry. See durable Content Credentials.

ELA

Error Level Analysis. A forensic technique that re-saves a JPEG at a known quality and visualizes per-region compression differences to find edited regions. Often misinterpreted by non-experts.

EXIF

Exchangeable Image File Format. The metadata standard used by most cameras for capture parameters: exposure, ISO, GPS, lens, timestamp. See metadata analysis.

FFV1

A lossless video codec used in archival workflows, occasionally relevant where C2PA-style chain integrity intersects with archival re-encoding.

Fingerprint (perceptual)

A short signature derived from the perceptual content of an image, designed to match across re-encodings and small edits. See perceptual hashing.

GAN

Generative Adversarial Network, introduced by Goodfellow et al. in 2014. The pre-diffusion era's dominant synthesis architecture, still used in some specialized generators.

Hard binding

A cryptographic hash linking a manifest to specific asset bytes. Breaks on any pixel-level change. The default binding for C2PA.

Hash

A fixed-size digest of arbitrary input data, designed to change unpredictably under any input change. SHA-256 and SHA-512 are the algorithms permitted by C2PA.

Ingredient

A C2PA assertion type identifying an earlier asset that contributed to the current one. Ingredients allow chains across edits and composites.

IPTC

International Press Telecommunications Council. Maintains metadata standards widely used in editorial photography, including the IPTC Photo Metadata Standard.

ISO 22144

The JPEG Trust specification. Published by ISO/IEC in 2024 and refined in 2025, it defines a framework for trust evaluation reporting that integrates with C2PA.

ITL

The legacy C2PA Initial Trust List. Frozen on 1 January 2026 in favor of the new Trust List governance process. Older signers may still reference it.

JPEG Trust

The informal name for ISO 22144. A trust-evaluation framework over content provenance, capable of consuming C2PA manifests and producing structured reports.

JUMBF

JPEG Universal Metadata Box Format, standardized as ISO/IEC 19566-5. The container format that holds C2PA manifests inside JPEG, HEIF, and other image files.

Latent diffusion

Diffusion performed in a learned latent space rather than pixel space. The architecture behind Stable Diffusion and most efficient open generators.

Lookup (durable)

The process of finding a C2PA manifest by querying a registry with a fingerprint or watermark, when the manifest itself has been stripped.

Manifest

The C2PA data structure that holds assertions, the claim, and the signature for an asset version. Stored inside a JUMBF box in the asset file or referenced externally.

Manifest store

The collection of all manifests for an asset, including manifests from earlier versions. Validators traverse the store to assess the full history.

Maker note

A proprietary EXIF field used by camera manufacturers to store device-specific metadata. Sometimes contains identifying serial numbers or shot-counter information.

Membership inference

An attack on machine learning models that determines whether a specific record was in the training set. Relevant to training-data provenance arguments.

Metadata

Structured data about an asset, distinct from its pixel content. EXIF, XMP, IPTC, ICC, and C2PA manifests are all metadata in this sense.

NFT

Non-fungible token. A blockchain-based ownership claim, occasionally proposed as a provenance mechanism but generally orthogonal to the cryptographic chain-of-custody problem C2PA addresses.

Passive detection

Methods that examine an image without metadata or producer cooperation. Forensic and classifier-based approaches both qualify.

PDQ

A perceptual hash developed by Meta (then Facebook) in 2019 for hash-based image matching, particularly in CSAM and abuse-image workflows. See perceptual hashing.

pHash

Perceptual hash. A family of algorithms producing short signatures resilient to minor image modifications. Commonly refers to the DCT-based variant.

Provenance

The documented history of an asset from origin through every transformation. The central concept of C2PA. See provenance vs. authentication.

Public key infrastructure (PKI)

The system of certificates, CAs, and trust roots used to manage public-key cryptography at scale. C2PA inherits the standard PKI model with additional trust-list mechanics.

Redaction (C2PA)

A protocol-aware way to remove sensitive content from a chain while preserving validation. Allows editorial removal of PII without invalidating the surrounding chain.

Resampling

A pixel-level operation (resize, rotate, recolor) that produces a new bitmap. Breaks hard bindings but may preserve perceptual fingerprints.

Revocation

Marking a previously trusted certificate as no longer valid. C2PA inherits OCSP/CRL revocation from PKI and adds trust-list-level removal for systemic compromise.

Signed capture

Producing a signed manifest at the moment of image capture, typically using a hardware-protected key inside the camera. The Leica M11-P and Pixel 10 implementations are the canonical examples.

Soft binding

A perceptual signature (watermark or fingerprint) that links a manifest to an asset in a way that survives moderate transformations. Complementary to hard bindings.

SynthID

Google DeepMind's invisible watermark for AI-generated images, audio, and text. Embedded by Imagen and other Google generators. See SynthID and AI watermarks.

Trust List

The C2PA-published list of CAs whose certificates are considered trusted by default. Signers not on the list still validate cryptographically but are marked untrusted. See the trust list.

Trust mark

A visible indicator (badge, icon, panel) in a consuming application that signals validated provenance to a human user. The Content Credentials CR icon is the dominant example.

Validator

Software that reads a C2PA manifest, checks all signatures and bindings, and reports the result. Examples include c2patool, Content Credentials Verify, and library implementations.

Watermark

A signal embedded in image content that is intended to be detectable later. Visible watermarks are obvious overlays; invisible watermarks are embedded in pixel or frequency-domain modifications. See invisible watermarking.

X.509

The standard format for public-key certificates used throughout PKI and inherited by C2PA. Defined in RFC 5280.

XMP

Extensible Metadata Platform. Adobe's RDF/XML-based metadata standard, widely used alongside EXIF in editorial pipelines.

YOLO

"You Only Look Once," a family of real-time object detection models. Occasionally relevant in forensic pipelines that compare detected object distributions across regions of an image.

Zero-shot detection

Detecting AI-generated content without specific training on the generator's outputs. Generalizes poorly in practice across model families.

Adobe Firefly

Adobe's generative image model, the first major commercial generator to embed C2PA manifests by default. Released 2023.

BBC Verify

The BBC's open verification desk, launched in 2023. A working example of an editorial verification operation that uses provenance among other signals.

Bellingcat

An open-source investigations outlet that has documented many of the cross-platform image-verification techniques used in newsroom practice.

Project Origin

A consortium of broadcasters (BBC, CBC, Microsoft, New York Times) building C2PA-based provenance into news production. See provenance for journalism.

Truepic

A company providing C2PA-compliant capture SDKs for mobile devices and enterprise use cases. One of the earliest C2PA implementers.

c2patool

An open-source command-line tool maintained by the CAI for inspecting, creating, and validating C2PA manifests.

Stable Signature

Meta's watermarking scheme for diffusion-model outputs, published in 2023, which fine-tunes the decoder to embed an extractable signal.

Tree-ring watermark

An academic watermarking approach for diffusion models that embeds the signal in the initial noise pattern, surviving many post-processing operations.

Generative adversarial attack

An attack that uses a generator network to produce content specifically designed to evade a detector or watermark extractor.

Regeneration attack

An attack that runs a watermarked image through an autoencoder or another generative model to produce a perceptually similar image without the watermark.

CSAM hashing

The hash-database approach used by NCMEC and platforms to detect known child sexual abuse material. PhotoDNA and PDQ are the dominant tools. Architecturally similar to provenance fingerprinting but with a different threat model.

Chain of custody

The legal concept of a documented record showing who handled an evidentiary item at each stage. C2PA is an attempt to extend this concept to digital images at scale.

Federal Rules of Evidence 901 / 902

The US authentication rules for evidence. Rule 902(13) and 902(14), adopted in 2017, provide for self-authentication of digital records by certification. See provenance for legal evidence.

EU AI Act Article 50

The provision requiring providers of generative AI systems to mark synthetic content in a machine-readable way. Applicable from 2 August 2026. See the EU AI Act page.

California SB 942

The California AI Transparency Act, signed in 2024, requiring covered generative AI providers to disclose AI-generated content and provide detection tools.

NIST AI RMF

The US National Institute of Standards and Technology's AI Risk Management Framework, which has guided several federal procurement and disclosure rules on synthetic media.