Provenance for Trustworthy Digital Media

Provenance for Trustworthy Digital Media

As generative AI accelerates the creation of realistic synthetic media (e.g., photos, videos, audio, documents), it is increasingly difficult for people and platforms to distinguish authentic content from fabricated or manipulated material. Provenance technologies aim to restore trust by enabling audiences and tools to answer practical questions like: Where did this come from? Has it been edited? Who vouches for it?

The Microsoft Research Cryptography team works on cryptographic and privacy-preserving provenance technologies to address these questions; continue reading to learn more about some of our recent and current projects.

Standards & ecosystem: C2PA and content credentials

A central effort in the provenance ecosystem is the Coalition for Content Provenance and Authenticity (C2PA) (opens in new tab), which develops open technical standards for certifying the source and history (provenance) of digital content.

The C2PA was co-founded by Microsoft. Members of our team are still very much active in the coalition, shaping the future of the specifications and the provenance technologies it oversees.

Project Origin and the IPTC Verified News Publishers List

MSR’s work on provenance for news and media started with Project Origin, an initiative to build trust at the origin of digital media by creating accountability through provenance. The project has since branched off and migrated to two different organizations: the technical specification is now part of the C2PA, while the news media-specific items moved to the International Press Telecommunications Council (IPTC).

To make provenance actionable for journalism and publishing, ecosystem participants also need publisher identity mechanisms and trust lists. The IPTC continues the work started in Project Origin. Among other things, they created a C2PA-compatible list of verified news publishers (opens in new tab) and associated certificate materials to support verification workflows. Our cryptographers continue to support the IPTC with consultation and prototyping efforts.

Research: Privacy for C2PA signers

Provenance can improve trust, but it can also raise privacy and safety concerns for creators, especially when a signer’s identity could expose them to retaliation, coercion, or unwanted tracking. We explore approaches that preserve verifiability of authenticity while protecting signer identity.

This blog post (opens in new tab) describes scenarios and techniques for signer privacy (ranging from pseudonymity to stronger anonymity goals), including discussion of how today’s C2PA signing model relies on X.509 certificates and how additional privacy-preserving approaches may be layered on top. We’ve also released an open-source prototype (opens in new tab) for the most privacy-protecting techniques.

Media Integrity and Authentication: Status, Directions, and Futures

In February 2026, Microsoft published the Media Integrity and Authentication: Status, Directions, and Futures report, evaluating C2PA secure provenance, imperceptible watermarking, and soft-hash fingerprinting across images, audio, and video. The report introduces High-Confidence Provenance Authentication and Sociotechnical Provenance Attacks as key concepts, and outlines directions for strengthening media authentication. Members of our team co-authored the report; see the accompanying blog post and Microsoft Signal article (opens in new tab) for accessible summaries.

Get involved / contact

If you’re working on provenance, media authenticity, publisher identity, or privacy-preserving verification, and want to collaborate with the Microsoft Research Cryptography team, please reach out.