https://github.com/DimitarPetrov/stegify
brew tap DimitarPetrov/stegify
brew install stegify
.env
PRIVATE_KEY=<insert>
ALCHEMY_API_KEY=<insert>
ETHERSCAN_API_KEY=<insert>
PINATA_API_KEY=<insert>
PINATA_SECRET_KEY=<insert>
yarn clean; NODE_NO_WARNINGS=1 ADDRESSES=0x493d7ca07ccce5b66d244e305c11838f9cf66ffc,0x5814e529d85fb2751d5df9a808ab12e06d1114a0,0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266 INPUT=images/pi_2.png OUTPUT=steg.png yarn construct
yarn clean; NODE_NO_WARNINGS=1 INPUT=steg.png DEPLOY=true yarn deconstruct
yarn clean; URI=https://ipfs.io/ipfs/QmTgobRZQ36vKMJCCF4VYhi7p1bh2JBidQ73MJmMwzZ7Xr CONTRACT_ADDRESS=0x7bD0707a5A3142fBf8Ff63634a5F9aD64e602230 yarn verify --network rinkeby
- NFT theft is a real issue with a number of artists having their artwork stolen by thieves who reupload the work on marketplaces.
- Marketplaces do not provide adequate validation processes to verify the authenticity of image assets.
- The process to take stolen art down by marketplaces is cumbersome and needlessly bureaucratic.
- NFT marketplaces either do not have the proper resources to combat NFT theft or are currently not prioritizing the issue.
- Artists should have control over how their works are sold; we want to put more control back into the hands of artists.
- WTRMRK allows artists to define the parameters and rules for how their art should behave when minted as an NFT.
- The logic for the contract, the signature, and the whitelist are stenographically encoded into the image.
- No EXIF data since it can easily be removed.
- Steganographic encoding forces the logic to be a part of the ‘DNA’ of the image.
- Steganography is harder to detect and remove
- The logic is extracted during minting and referenced as a source of truth for the deployment.
- The contract logic is flexible allowing for artists to define parameters and restricting the minting of their art.
- The logic allows for images to be referenced bidirectionally and to define how it can be deployed.
- Deployment points back to the image in order to determine whether the image has been properly deployed.
- An NFT is rendered invalid if it does not match what is defined in the image.
- In lieu of theft, additional safeguards have been written into the contract with the following rules:
- If msg.sender is on the whitelist, the contract is deployed without paying the artist’s defined fee.
- If msg.sender is not on the whitelist, the deployer must pay a fee that goes directly to the artist in order to mint.
- Merkle Trees for whitelisting
- OpenZeppelin Contracts
- Stegify tool by Dimitar Petrov. Encodes using Least Significant Bit (LSB)
- IPFS for image referencing
- Artists can still lazy mint and not have to spend gas on deployment.
“When the art is minted as an NFT, the logic is extracted from and referenced as a source of truth for the deployment.”
- Buy-in from major NFT marketplaces.
- Marketplaces currently sanitize media, stripping noise and steganographic data, before being sent to users.
- We learned a lot about the interesting use cases for steganography and digital watermarking as well as their limitations.
- We learned a bit about polyglot files and their various applications.
- Including the package.json contents with regards to solidity compiler and contract versions for determinism in compilation of the contract.
- This method does not guard against, "compression, rotation, cropping, additive noise, and quantization." Steganography is information hiding while digital watermarking tries to control robustness and needs to have a resilient signal.
- This method unfortunately does not prevent images from being overwritten or copied via photography.
- Utilizing a signal could potentially be an approach to achieving this.
- Including metadata from the image where it becomes a part of the 'DNA' of the image and cannot be removed is another possible approach.
- Turn the image into a Polyglot file.
- It should be noted that polyglots are generally used for Remote Code Execution (RCE) and this might not be a valid approach.
- Adding the encoding does increase image size meaning the 'carrier' image has to be large enough to contain the encoded data.
- Digital Rights Management (DRM).
- It’s possible to steganographically encode into audio.
- Embedding code into an inaudible audio signal utilizing processing in order to listen to and generate the code.