Version 0.1.0-draft · April 2026 · Status: Working Draft
This document defines the technical framework for the AFIP Forensic Integrity Protocol (FIP), an open specification for independent, privacy-preserving verification of digital media authenticity.
Note: This is a working draft. The specification is under active development and subject to change. Contributions, feedback, and review are welcome.
The Forensic Integrity Protocol (FIP) provides a standardized framework for verifying digital media authenticity through independent forensic analysis rather than creator self-declaration. FIP addresses three fundamental limitations of metadata-based provenance systems: fragility during distribution, inability to detect manipulation, and privacy risks from identity embedding.
FIP defines four interoperable components: a perceptual fingerprinting scheme resilient to lossy transformations, a multi-modal forensic analysis protocol spanning text, image, audio, and video, a cryptographic attestation format for publishing verifiable analysis results, and a distributed registry for fingerprint storage and lookup.
FIP fingerprints must satisfy the following adversarial robustness requirements, distinguishing them from cryptographic hashes and fragile metadata approaches:
| Transformation | Requirement | Target |
|---|---|---|
| JPEG compression (quality ≥ 30) | Fingerprint preserved | ≥ 98% |
| Resolution scaling (≥ 50%) | Fingerprint preserved | ≥ 97% |
| Cropping (≤ 25% area removed) | Partial match recovery | ≥ 90% |
| Format conversion (PNG/WebP/AVIF) | Fingerprint preserved | ≥ 99% |
| Screenshot capture | Fingerprint preserved | ≥ 92% |
| Platform upload (IG/X/TikTok) | Fingerprint preserved | ≥ 95% |
| Metadata stripping | Fingerprint preserved | 100% |
FIP employs a layered hashing approach combining perceptual hash (pHash), difference hash (dHash), and wavelet-based hashing to produce a composite fingerprint. For each input medium:
Images are normalized to a canonical representation (grayscale, fixed aspect ratio) before hashing. The composite fingerprint is a 256-bit vector concatenating weighted outputs from each hash function, enabling partial matching under transformation.
Audio fingerprints operate on spectral representations. The input signal is segmented into overlapping frames, converted to mel-frequency cepstral coefficients (MFCCs), and hashed at the frame level. Temporal alignment enables matching even when audio is excerpted or padded.
Video fingerprints combine per-frame visual fingerprints with temporal sequence signatures, enabling identification even when clips are trimmed, re-encoded, or embedded in compilations.
Text fingerprints use locality-sensitive hashing (LSH) on n-gram distributions, producing fingerprints that tolerate minor edits while detecting wholesale AI regeneration.
FIP forensic analysis operates through three independent analytical layers, each producing a confidence score. The combined assessment provides higher accuracy than any single-method approach:
Token entropy, perplexity variance, n-gram distributions, compression ratios, spectral regularity.
Consistency analysis, temporal coherence, GAN fingerprints, splice detection, voice biomarkers.
Cross-reference against known datasets, reverse fingerprint lookup, provenance chain reconstruction.
Each analytical layer produces a confidence score between 0.0 and 1.0. FIP defines a composite integrity score using weighted combination:
FIP defines five integrity classifications based on composite score: Verified Authentic (≥ 0.95), Likely Authentic (0.80–0.94), Indeterminate (0.50–0.79), Likely Synthetic (0.20–0.49), and Confirmed Synthetic (< 0.20).
FIP attestations are structured, cryptographically signed documents that record the results of forensic analysis. Unlike content credentials (which record creator claims), FIP attestations record independently verifiable forensic findings.
Each attestation contains: a content fingerprint (linking the attestation to specific content without embedding it), analysis results per modality and layer, composite integrity score, analyzer identity (institutional, not personal), timestamp, and cryptographic signature.
Attestations are encoded in JSON-LD for machine readability and interoperability with existing linked data systems. The schema is designed for compatibility with W3C Verifiable Credentials where applicable.
FIP attestations are explicitly designed to avoid the identity-embedding risks documented in metadata-based provenance systems. An attestation binds to content (via fingerprint), not to a creator (via certificate). The analyzing institution is identified; the content creator is not. This preserves the ability of journalists, activists, and whistleblowers to have their content verified without revealing their identity.
The FIP Registry provides a decentralized lookup service for content fingerprints and associated attestations. Content producers register fingerprints at creation time. Consumers query the registry to retrieve provenance information and any associated forensic attestations.
The registry is designed as a federated system: multiple registry nodes operated by independent institutions can synchronize fingerprint data while maintaining operational independence. No single entity controls the registry.
FIP is designed as a complementary layer to existing provenance standards, not a replacement. Where content credentials exist, FIP can cross-reference self-declared provenance against independent forensic analysis, strengthening confidence when they agree and flagging discrepancies when they don't.
FIP attestations can reference C2PA manifests, IPTC metadata, EXIF data, and other embedded provenance signals as contextual inputs to forensic analysis. The protocol is standard-agnostic at the input layer and produces its own attestation format at the output layer.
The Forensic Integrity Protocol is an open standard. Researchers, developers, and institutions are invited to review, critique, and contribute to the specification.
mail Contact the Standards Team