Generative AI and deepfake audio poses a large danger to society living in the information as we know it. For this revolutionary technology, it will bring large negative externalities while society adapts to this new technology, caused by bad actors.
It enables disinformation and mass-creation of false narratives and media, manipulation of information, state-level political strategies, and poses a significant threat to democracy, especially as we enter the next round of presidential elections, with many adversarial actors ready to leverage this new technology to their selfish benefit.
We've built a full-stack solution to prevent this - ZK attested microphones. Within a secure enclave, we store a secret key for digital signatures, which guarantee the hardware authenticity of the recorded audio - i.e. that the audio was indeed recorded on that hardware microphone. This can be verified with well known techniques.
However this is not sufficient - this means you cannot edit the audio in a privacy-preserving way, which greatly limits the usage of hardware-attested microphones. (Imagine that you accidentally revealed some sensitive information in the audio recording, and you can't edit the audio without messing up the entire digital signature! Hugely impratical.) That's why we've developed SNARK-powered audio editing software that could apply a series of audio transformations, that could prove that the audio which was signed with the hardware digital signature was transformed into the edited audio in a digital-signature preserving and privacy-preserving way.
In other words - a third-party can verify the following for any edited audio published using our system:
Our project is a truly full-stack solution with a hardware and software layer interplay.
On the hardware layer, we store a secret key for the ECDSA signature scheme on a secure enclave within an embedded circuit. For our proof-of-concept we use a Raspberry Pi which stores the secret key and this never leaves the Pi. Audio is recorded on an external microphone and signed using the secret key all on the pi. We use .wav files since they are simple byte-arrays. The wav file and signature can then be loaded onto the main computer, ready for edit.
On the main computer (i.e. software layer), each audio along with the digital hardware signature can be edited with our software. Each edit is accompanied by a ZK-SNARK proof written in Noir. The audio edit operations with the SNARK proof is privacy preserving, in that it does not reveal any information about the original digitally, and we operate within the audio hash space for fast proof generation, without compromising security properties.
We then store the proof, signature and the edited audio on IPFS, and can verify the signature and the proof on a wide range of L1/L2s. This allows third-party users to verify that the audio was edited whilst preserving the hardware signature.