Verifying Provenance of Digital Media: Why the C2PA Specifications Fall Short

Computer Science > Cryptography and Security [Submitted on 27 Apr 2026] Verifying Provenance of Digital Media: Why the C2PA Specifications Fall Short Enis Golaszewski, Neal Krawetz, Alan T. Sherman, Edward Zieglar, Sai K. Matukumalli, Roberto Yus, Carson L. Kegley, Michael Barthel, William Bowman, Bharg Barot, Kaur Kullman The rapid rise of generative AI has made it easy to create convincing fake media at scale. In response, an industrial coalition has developed the Coalition for Content Provenance and Authenticity (C2PA), a system intended to provide verifiable provenance for digital content. Our research team conducted the first comprehensive, independent security analysis of C2PA. Our study includes the first formal-methods analysis of C2PA's core protocols. We find that the current C2PA specifications fail to achieve their claimed security goals. Furthermore, they also fail to achieve key additional goals, which all such provenance systems require for trustworthy deployment. As a result, C2PA may mislead users, platforms, and policymakers if relied upon prematurely. C2PA is a promising idea, but it should not yet be relied upon for high-stakes uses such as financial disclosures, journalism, or legal evidence. Comments: This short non-technical whitepaper summarizes the findings and recommendations from our detailed technical study Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2604.24890 [cs.CR]   (or arXiv:2604.24890v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.24890 Focus to learn more Submission history From: Alan Sherman [view email] [v1] Mon, 27 Apr 2026 18:17:58 UTC (1,247 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)