RU2829566C1 - Method and system for protecting authenticity of images generated by machine learning model - Google Patents

Abstract

FIELD: means of protecting digital data.

SUBSTANCE: invention relates to means of protecting digital data for purposes of authenticating them. Method of protecting authenticity of images generated based on a text request by a machine learning model comprises steps of: obtaining user input data for generating an image; generating an image using a machine learning model; recording user input data containing: input time, user ID and text query; generating an attachment for protecting the generated image, consisting of said data; generating an encrypted sequence by encrypting attachment data; embedding into coefficients of discrete cosine transformation of generated image values of hash function and encrypted sequence; providing a protected image to a user.

EFFECT: broader functional capabilities for protecting images generated by AI for purposes of determining their authenticity, which consist in attribution of the image as created using a machine learning model, the identifier of the user who generated the request for generating the image, and the request text itself.

8 cl, 9 dwg

Description

AREA OF TECHNOLOGY

[0001] The claimed solution relates to the field of information technology, namely to means of protecting digital data for the purpose of confirming their authenticity.

LEVEL OF TECHNOLOGY

[0002] With the widespread use of artificial intelligence (AI) and various machine learning models today that allow generating images based on a user's text query, there is a need to apply mechanisms to protect the generated images for the purpose of subsequent confirmation of their authenticity.

[0003] One of the needs for the use of such a mechanism is aimed at preventing the attribution of authorship to AI-generated images. Another problem is related to the protection of images from third-party additional changes or modifications that distort the image initially generated by the AI, which can subsequently be used as false information discrediting the creators of such models in terms of the ability to generate images of prohibited or obscene content.

[0004] One example of image protection in the prior art is to use a kind of digital signature embedded in the generated image, which is invisible to the human eye and can only be obtained by subsequent decryption of the protected images using their algorithmic extraction (see the article "Copyright protection of images using robust digital signatures)) // N. Nikolaidis et al., 1996). According to the known solution, the signature is created in the spatial domain by slightly changing the intensity level of randomly selected pixels of the image. The signature is determined by comparing the average intensity value of the marked pixels with that of the unmarked pixels. For this purpose, statistical hypothesis testing is used. The signature can be constructed in such a way that it is resistant to compression in the JPEG format and low-pass filtering.

[0005] This approach was the basis for the declared solution in terms of the use of the implementation of security information in the brightness coefficients of the JPEG format, as well as a number of improvements that allow not only more effective marking of generated images, but also identifying possible future changes.

ESSENCE OF THE INVENTION

[0006] The present invention is aimed at solving the technical problem of creating a new effective method for protecting digital images with the possibility of subsequent confirmation of their authenticity and possible changes.

[0007] The technical result is to increase the efficiency of protecting AI-generated images for the purposes of determining their authenticity.

[0008] An additional technical result is the possibility of determining the immutability of images based on embedded security information.

[0009] In a preferred embodiment of the invention, a method is claimed for protecting the authenticity of images generated based on a text query by a machine learning model, comprising the steps of:

a) receive user input data to generate an image;

b) generate a JPG image using a machine learning model;

c) record user input data, including: input time, user ID and text query;

d) extracting from the data of the generated image file in JPG format blocks of values of the discrete cosine transform (DCT) coefficients for the brightness (Y) and color (Cb- and Cr) components of the image;

e) obtaining a sequence of low-frequency DCT coefficients (DC coefficients) and high-frequency DCT coefficients (AC coefficients) for all blocks of the luminance component, and calculating a hash function based on at least one AC coefficient and/or at least one DC coefficient;

f) using the given key, determine the blocks of DCT coefficients and the positions of the DCT coefficients within the blocks, excluding in the blocks the DC coefficients of the DCT used at stage e);

g) form an attachment for protecting the generated image, consisting of a sequence including: input time, user ID, text query, hash function value obtained in step e), and additional text information;

h) generate an encrypted sequence by encrypting the data obtained in step g) with a private key;

i) embedding into the DCT coefficients of the generated image, determined in step f), the values of the hash function obtained in step e) and the encrypted sequence obtained in step h);

j) provide a secure image to the user.

[0010] In one particular embodiment, step d) involves extracting blocks for embedding information from at least one of the Y, Cb and Cr components of the image.

[0011] In another particular example of implementation, at step e), the sequence of DC coefficients consists of the DCT coefficients of one of the Y, Cb and Cr components of the image.

[0012] In another particular example of implementation e) the hash function is calculated based on the DCT coefficients of at least one of the Y-, Cb- and Cr-components of the image.

[0013] In another particular example of implementation, at step f), blocks of DCT coefficients and positions of DCT coefficients within the blocks are determined based on a given key, including any AC coefficients and DC coefficients of the DCT of at least one of the Y, Cb and Cr components of the image.

[0014] In another particular embodiment, at step c), a compressed image is additionally formed based on the generated image.

[0015] In another particular embodiment, a sequence of bytes is formed based on the compressed image, which is added to the data in step g) when forming the embedding.

[0016] In another preferred embodiment, a system for protecting the authenticity of images generated based on a text query by a machine learning model is claimed, comprising at least one processor and at least one memory associated with the processor and containing machine-readable instructions that, when executed by the processor, allow it to:

receive user input data to generate an image; generate a JPG image using a machine learning model;

record user input data, including: input time, user ID, and text query;

extract from the data of the generated JPG image file blocks of values of the discrete cosine transform (DCT) coefficients for the brightness (Y) and color (Cb- and Cr) components of the image;

obtain a sequence of low-frequency DCT coefficients (DC coefficients) and high-frequency DCT coefficients (AC coefficients) for all blocks of the luminance component, and calculate a hash function based on at least one AC coefficient and/or at least one DC coefficient;

using a given key, determine the blocks of DCT coefficients and the positions of DCT coefficients within the blocks, excluding DC DCT coefficients in the blocks, to calculate the hash function;

form an attachment to protect the generated image, consisting of a sequence including: input time, user ID, text query, calculated hash function value, and additional text information;

perform the formation of an encrypted sequence by encrypting the attachment data with a private key;

implement the embedding of the generated image of the obtained hash function value and the encrypted sequence into the selected DCT coefficients;

provide a protected image to the user.

BRIEF DESCRIPTION OF DRAWINGS

[0017] Fig. 1 illustrates a general view of a method for protecting images.

[0018] Fig. 2 illustrates a block diagram of the claimed method.

[0019] Fig. 3A illustrates an example of blocks of DCT coefficients associated with blocks of image pixels.

[0020] Fig. 3B illustrates the positions of the DCT coefficients in the block.

[0021] Fig. 3B illustrates an example of the values of the DCT coefficients at different positions in a block.

[0022] Fig. 4 illustrates an example of determining DCT coefficients for embedding security information.

[0023] Fig. 5 illustrates an example of changing the DCT coefficients after embedding security information.

[0024] Fig. 6 illustrates an example of an attachment and its parts in the form of a sequence of bytes.

[0025] Fig. 7 illustrates a general diagram of a computing device.

IMPLEMENTATION OF THE INVENTION

[0026] Fig. 1 shows a general diagram of the claimed solution, which is implemented by processing incoming user requests (110), which are a text description of the generated image. In the field of AI, such text requests describing the generation object for the machine learning model are also called "prompts". The request from the user (110) can be transmitted via an API (120), implemented in a web browser or messenger (e.g., Telegram), which ensures subsequent data exchange directly with the image generation model (130) (e.g., Kandinsky) by the user (110) and the image protection module (140).

[0027] The image protection module (140) can be implemented on the basis of an external software and hardware complex, for example, a server or a remote automated workstation, providing functionality for processing incoming images (121) generated by the model (130). The module (140) can also be located in the same execution circuit together with the model (130), for example, a server or a cloud computing node.

[0028] Upon operation of the image protection module (140), protective information containing an encrypted attachment is embedded into the initially generated images (121), allowing at least the authorship of the image to be established as having been created using the model (130), as well as the identifier of the user who generated the request, and the text of the request itself. Subsequently, the protected image (141) is transmitted to the user (110) via the API (120), for example, by displaying the image (141) in a web browser or messenger.

[0029] Data exchange within the framework of the implementation of the system is based on standard principles of data exchange, in particular with the help of the Internet computing network, which can be implemented using any known principles known from the state of the art.

[0030] Fig. 2 shows an example of implementing the claimed method (200) for protecting generated images. At the first stage (201), user input is received for generating an image by the model (130). The user input includes a text user query, a user ID (for example, an IP address, a MAC address, a registration ID, etc.), and the time of the text query. These data are recorded by the image protection module (140) for subsequent formation of security information for embedding in the image.

[0031] Then, at step (202), the model (130) generates an image (121) according to the user request and transmits it to the image protection module (140). The image is formed in JPG (or JPEG) format [1-3]. When the generated image (121) in JPG format is received by the module (140), at step (203), blocks of discrete cosine transform (DCT) coefficient values are extracted from the JPG file for the luminance (Y) and color (Cb (relative blueness) and Cr (relative redness) components of the image.

[0032] Fig. 3A shows an example of obtaining blocks with discrete cosine transform (DCT) coefficients. When encoding the original image (represented as pixels in RGB format) in JPEG, these coefficients are obtained as follows. The obtained image is divided into color channels. The obtained image channels (121) are divided into blocks (300 ₁ -300 _n ) with a size of 8x8 pixels. The number of blocks (300 ₁ -300 _n ) depends on the resolution of the generated image (121) or the size of the raster image. For example, for an image of 1920x1080 pixels, the number of blocks will be 240 horizontally and 135 vertically.

[0033] Each block (300 ₁ -300 _n ) is subjected to a discrete cosine transform (DCT), which is a type of discrete Fourier transform. In this case, each of the blocks (300 ₁ -300 _n ) contains one DC coefficient (301 ₁ ) at the position (0,0) inside the block and 63 AC coefficients (301 ₂ -301 ₆₄ ) at other positions inside the block. The DC coefficient is an average value of all values in the block, as approximately shown in Fig. 3B.

[0034] Fig. 3B shows an example of positioning the DCT coefficients within a block. DC coefficients are also called low-pass coefficients. In the current description, the position within the block (0,0) is also designated as the 1st position. The positions (Y1, Y2), (Y1, Y2)≠(0,0) are designated from the 2nd to the 64th position.

[0035] The JPEG image file itself ("<file_name>.jpg") is a compressed storage of the above-mentioned DCT coefficients. Thus, at step (203), these blocks of DCT coefficients are extracted directly from the JPEG file.

[0036] At step (204), the sequence of DC coefficients is hashed, for which all values in the blocks are taken and the selected hashing algorithm is applied to them, for example, SHA-256, SHA-512, etc.

[0037] As shown in Fig. 4, at step (205), the AC coefficients in the blocks (300 ₁ -300 _n ) are determined using the selected key (seed) for subsequent embedding of the security information. The initial ordered sequence (401) of the DCT coefficient blocks (X1, X2) and the positions of the coefficients themselves inside the blocks (Y1, Y2) is taken: {(X1, X2) - (Y1, Y2)}. Where (X1, X2) is the coordinate of the DCT coefficient block inside the image: where H _{of the image} is the height of the image, W _{of the image} ^is the width of the image; (Yl, Y2) are the coordinates of the positions of the DCT coefficients inside the blocks: (Y1, Y2)≠(0,0). Fig. 3B shows an example of such positions. Then the selected sequence (401) of AC coefficients is mixed using a given key, subsequently forming a new sequence (402) of AC coefficients.

[0038] At step (206), a security attachment is formed. The attachment consists of an open part (unencrypted) and an encrypted part. The encrypted part is an encrypted data sequence that includes the following data: input time, user ID, text query (prompt query), hash function value obtained at step (204), and additional text information (for example, the designation “I am a Sber model”). The open part may include such information as: a check number, hash sequences of selected DCT coefficients, and a check number of the integrity of the encrypted attachment. An example of such an attachment is shown in Fig. 6.

[0039] In one particular embodiment of the invention, arbitrary data of arbitrary size, changing depending on the request or its conditions, are subject to embedding. In this case, when extracting data, their quantity and their size are initially unknown. In order to be able to extract them, the following data are inserted into the beginning of the encrypted part data: the quantity of different data in a fixed quantity of the first bits, the size of each of the attachments in a fixed quantity of subsequent bits. An example of such an attachment is shown in Fig. 6. At the beginning of the encrypted part of the attachment, there is a quantity of data - 3 data: a hash image; text information including a fixed text phrase, user ID, request time, request "Prompt"; compressed original image. The first 32 bits of the encrypted part of the attachment are allocated for the quantity of data. Next come the sizes of the data - 64 bytes for the hash; 163 bytes for the text information, 3756 bytes for the compressed original image. Each size is allocated the next 32 bits of the encrypted portion of the attachment.

[0040] Additionally, the protective attachment may include a compressed generated image (121), which is translated into a byte sequence added to the byte sequence of the remaining data. The resulting attachment is signed with a private key at step (206) at step (207), thereby forming part of the protective attachment. The resulting encrypted byte sequence is represented as a bit sequence.

[0041] Next, at step (208), information is embedded into the sequence of DCT coefficients obtained at step (205).

[0042] First, the information in open form (not encrypted) is to be embedded. This information may include such a data sequence as: a check number, a hash sequence of DC coefficients (obtained at step (204)), a check number of the integrity of the protective embedding, for example, calculated using the CRC16, CRC32, CRC64 algorithm or any other algorithm for calculating a checksum or hashing. This information is presented in the form of a sequence of bits.

[0043] Next, the security embedding obtained at step (207) is subject to embedding. The secure image (141) with the information embedded at step (208) is displayed at step (209) on the user's device.

[0044] The embedding at step (208) is embedded directly into the AC coefficients of the blocks (300 ₁ -300 _n ) selected at step (205) that are included in the shuffled sequence (402).

[0045] An example of encoding an embedding inside a JPG file is shown in Fig. 5. When performing this step, a mixed sequence of blocks of DCT coefficients and the positions of the coefficients themselves inside the blocks is formed. In Fig. 5, the first bit is embedded in block (31, 70) in the coefficient at position (1,0). The second bit is embedded in block (8, 69) in the coefficient at position (0,2), and so on. Embedding is performed as a remainder from dividing the value of the DCT coefficient by 2. In other words, if the remainder from dividing by 2 is 0, this means that a bit with the value 0 is embedded in the coefficient. If the remainder from dividing by 2 is 1, this means that a bit with the value 1 is embedded in the coefficient. If the current value of the DCT coefficient does not give the desired remainder, this value is increased or decreased by 1.

[0046] As shown in the example in Fig. 5, the first bit of the embedded information is 1. The value of the coefficient in the block (31, 70) at position (1,0) is 17. The remainder of dividing 17 by 2 is 1. The remainder coincides with the value of the embedded bit. The second bit of the embedded information is 0. The value of the coefficient in the block (8, 69) at position (0, 2) is 23. The remainder of dividing 23 by 2 is 1. The remainder does not coincide with the value of the embedded bit. We change the value of 23 by subtracting 1 from it. The value became equal to 22. The remainder of dividing 22 by 2 is now 0, which coincides with the value of the embedded bit.

[0047] Information embedding can be performed according to the principle of encoding information in the least significant bit (LSB) in the DCT blocks of coefficients. The LSB is the last bit in bit form, the change of which changes the value itself the least.

[0048] An example of encoding the coefficients in the DCT block in Fig. 3B: 15 - 00010101 (no change required). LSB=1 4 - 00000100 (change). LSB=0 6 - 00000110 (change). LSB=0 3 - 00000011 (change). LSB=1.

[0049] Let's look at an example of embedding text information. Text to be embedded: SBER - 01010011 01000010 01000101 01010010. Let's look at embedding the letter "S" -01010011. The value 4 is taken in bit form - 01010011. Embedding is from left to right: 0-1-0-1, etc.

- Step 1. The first bit from "S" = 0 and it is embedded in the DCT coefficient with the value 4. The LSB for 4 is 0 (00000100). It is necessary to embed 0 from "S" and for 4 the LSB is also 0. Therefore the value does not change.

- Step 2. The second bit from "S" = 1 and it is embedded in the DCT coefficient with the value 6. The LSB for 6 is 0 (00000110). It is necessary to embed 1 from "S", and for 6 the LSB = 0. Therefore, the value changes to 1 and takes the bit form 00000111. In other words, 6 is replaced by 7.

- Step 3. The third bit from "S" = 0 and it is embedded in the DCT coefficient with the value 3. The LSB for 3 is 1 (00000011). It is necessary to embed 0 from "S", and for 3 the LSB = 1. Therefore, this value changes to 0 and takes the bit form 00000010. In other words, 3 is replaced by 2.

This process continues until all required bits are embedded. As a result, a matrix of DCT coefficients with encoded information regarding the change in the selected AC coefficients is formed.

[0050] The final embedded sequence of security data may have the following form: [check digit (e.g. 537), hash of DC coefficients, check digit of integrity of encrypted attachment, encrypted attachment]. The data in the encrypted attachment may be the following sequence: [number of attachments (e.g. 3), size of 1st attachment, size of 2nd attachment, size of 3rd attachment, hash of DC coefficients, text (“I am a Sber model…”), thumbnail of original image (highly compressed original image)].

[0051] In byte form it will look like this: 00000219ac3eb891bc32652a83b4ff62cc2e49de3293d99e24ae8907e90c96b55cb5578a78d78e887f5f436f6b9b989c6896b689e986s64a3509ee90fca…, where 00000219 is the byte form of the number 537, ac3eb891bc32652a83b4ff62cc2e49de32 is the byte form of the hash, 93d99e24 is the byte form of the CRC32 check digit value equal to 2480512548, and then the encrypted data. In Fig. Figure 6 shows an example of a byte sequence to be embedded. This sequence is represented as a bit sequence.

[0052] The obtained new values of the DCT coefficients (Fig. 5) are compressed (encoded) according to the JPEG standard and saved as a new image file.

[0053] When this sequence is embedded into the selected DCT coefficients, the resulting image (141) remains visually indistinguishable from the initially generated image (121). Even small changes in the pixels of this image lead to a change in the DCT coefficients, which destroys the embedded embedding. This fact allows for a subsequent integrity check of the embedded security information to confirm that the image (141) is genuine, i.e. created using the model (130), and that it has not been altered in terms of its content.

[0054] Next, we will consider the process of extracting embedded information when checking a protected image (141).

[0055] Similar to steps (203-205), the hash value of the DC coefficients (hash image) and the sequence of DCT coefficients into which information embedding was potentially performed are obtained.

[0056] The following algorithm is then executed.

[0057] Step 1. Extract the first 4 bytes to obtain the check digit. Check that this number is the original check digit. If the number matches, continue extracting. If not, generate a message that the digital signature was not found or was corrupted.

[0058] Step 2. Extract the next 64 bytes. This is the hash of the DC coefficients. The resulting value is checked against the actual hash of the DC coefficients. If the hash matches, continue extracting. If not, print a message that the digital signature was not found or was corrupted.

[0059] Step 3: The next 4 bytes are extracted, which allows obtaining the checksum of the encrypted attachment.

[0060] Step 4. The encrypted attachment is extracted. All subsequent bits in the attachment are related to the encrypted attachment. At this point, the size of the attachment is unknown. However, in the first block of the encrypted attachment - 256 bytes for RSA - the lengths of the attachments are found. The first 256 bytes are extracted. They are decrypted using the open (public) key. The first 4 bytes in this block are the number of attachments - in the example in Fig. 6, there are 3 attachments. Each subsequent 4 bytes are the size of each of these attachments. They contain the numbers 64, 163, and 3756. If the size of any attachment is greater than 30,000 (the maximum attachment limit), then the ciphertext block has been modified, and a message is generated that the digital signature was not found or was destroyed. Otherwise, the potential sizes of the attachments are obtained and extraction continues.

[0061] Next, the size of the encrypted attachment is determined. In accordance with the example in Fig. 6, the obtained 64 bytes are the size of the first attachment, which is the hash of the DC coefficients, then 163 bytes are the size of the second attachment - this is the text size. The size of the third attachment is 3756 bytes - this is the image thumbnail (compressed image). Then the total size of the encrypted attachment: 64 + 163 + 3756 = 3983 (the attachment itself); 4 bytes are added for the number of attachments and 3 more times 4 bytes for their lengths. The result is as follows: 64 + 163 + 3756 + 4 + 3 * 4 = 3999 bytes. Since the encryption block has a size of 256, then in the given example 3999 // 256 = 16 whole encryption blocks, which is equal to 4096 bytes of encrypted attachment.

[0062] 4096 bytes are extracted, from which the CRC32 check number is calculated. If the values match the check number obtained in step 3, then extraction continues. If not, a message is generated that the digital signature was not found or was destroyed.

[0063] Decryption of 4096 bytes. From the first block, as indicated above, the number of attachments, their lengths, and the attachments themselves are obtained. The decrypted byte sequence is broken down by the number of bytes in each attachment. The original attachments are obtained.

[0064] The hash from the decrypted data is checked against the hash from the attachment (which has already been compared with the actual one in step 2). If the hashes match, a message is displayed that the digital signature is confirmed, and the extracted information is displayed - the hash of the DC coefficients, the text, and a thumbnail of the generated image. If not, a message is displayed that the digital signature was not found or was destroyed.

[0065] Fig. 7 shows a general view of a computing device (500) suitable for performing the method (200). The device (500) may be, for example, a server or another type of computing device that can be used to implement the claimed technical solution, including: a smartphone, tablet, laptop, computer, etc. The device (500) may also be part of a cloud computing platform.

[0066] In general, the computing device (500) comprises one or more processors (501), memory means such as RAM (502) and ROM (503), input/output interfaces (504), input/output devices (505), and a device for network interaction (506), united by a common information exchange bus.

[0067] The processor (501) (or several processors, a multi-core processor) can be selected from a range of devices that are widely used at the present time, for example, from Intel™, AMD™, Apple™, Samsung Exynos™, MediaTEK™, Qualcomm Snapdragon™, etc. A graphics processor can also be used as the processor (401), for example, from Nvidia, AMD, Graphcore, etc.

[0068] RAM (502) is a random access memory and is intended for storing machine-readable instructions executable by the processor (501) for performing the necessary operations for logical data processing. RAM (502), as a rule, contains executable instructions of the operating system and the corresponding software components (applications, software modules, etc.).

[0069] The ROM (503) represents one or more permanent data storage devices, such as a hard disk drive (HDD), a solid state drive (SSD), flash memory (EEPROM, NAND, etc.), optical storage media (CD-R/RW, DVD-R/RW, BlueRay Disc, MD), etc.

[0070] To organize the operation of the components of the device (500) and to organize the operation of external connected devices, various types of I/O interfaces (504) are used. The selection of the corresponding interfaces depends on the specific design of the computing device, which may be, without limitation: PCI, AGP, PS/2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS/Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.

[0071] To ensure user interaction with the computing device (500), various I/O information means (505) are used, for example, a keyboard, a display (monitor), a touch display, a touchpad, a joystick, a mouse, a light pen, a stylus, a touch panel, a trackball, speakers, a microphone, augmented reality means, optical sensors, a tablet, light indicators, a projector, a camera, biometric identification means (retina scanner, fingerprint scanner, voice recognition module), etc.

[0072] The network interaction means (506) ensures the transmission of data by the device (500) via an internal or external computer network, for example, an Intranet, the Internet, a LAN, etc. One or more means (506) may be, but are not limited to: an Ethernet card, a GSM modem, a GPRS modem, an LTE modem, a 5G modem, a satellite communication module, an NFC module, a Bluetooth and/or BLE module, a Wi-Fi module, etc.

[0073] Additionally, satellite navigation means may also be used as part of the device (500), for example, GPS, GLONASS, BeiDou, Galileo.

[0074] The submitted application materials disclose preferred examples of the implementation of the technical solution and should not be interpreted as limiting other, particular examples of its implementation that do not go beyond the scope of the requested legal protection, which are obvious to specialists in the relevant field of technology.

Sources of information:

1. Hamilton, Eric: JPEG File Interchange Format, Version 1.02. 1 September 1992;

2. Recommendation ITU-T T.871: Information technology - Digital compression and coding of continuous-tone still images: JPEG File Interchange Format (JFIF). Approved 14 May 2011; posted 11 September 2012;

3. Recommendation ITU-T T.81: Information technology - Digital compression and coding of continuous-tone still images - Requirements and guidelines. Approved 18 September 1992; posted 14 April 2004.

Claims (27)

1. A method for protecting the authenticity of images generated based on a text query by a machine learning model, comprising the steps of: a) receive user input data to generate an image; b) generate a JPG image using a machine learning model; c) record user input data, including: input time, user ID and text query; d) extracting from the data of the generated image file in JPG format blocks of values of the coefficients of the discrete cosine transform (DCT) for the brightness (Y) and color (Cb- and Cr) components of the image; e) obtaining a sequence of low-frequency DCT coefficients (DC coefficients) and high-frequency DCT coefficients (AC coefficients) for all blocks of the luminance component and calculating a hash function based on at least one AC coefficient and/or at least one DC coefficient; f) using a given key, determine the blocks of DCT coefficients and the positions of the DCT coefficients within the blocks, excluding in the blocks the AC coefficients and/or DC coefficients of the DCT used in step e); g) form an attachment for protecting the generated image, consisting of a sequence including: input time, user ID, text query, hash function value obtained in step e), and additional text information; h) generate an encrypted sequence by encrypting the data obtained in step g) with a private key; i) embedding into the DCT coefficients of the generated image, determined in step f), the values of the hash function obtained in step e) and the encrypted sequence obtained in step h); j) provide a secure image to the user. 2. The method according to claim 1, wherein at step d) the extraction of blocks for embedding information of at least one of the Y-, Cb- and Cr-components of the image is performed. 3. The method according to claim 1, wherein at step e) the sequence of DCT coefficients consists of the DCT coefficients of one of the Y-, Cb- and Cr- components of the image. 4. The method according to item 1, wherein at step e) the hash function is calculated based on the DCT coefficients of at least one of the Y-, Cb- and Cr-components of the image. 5. The method according to claim 4, wherein at step f), using a given key, blocks of DCT coefficients and positions of DCT coefficients within the blocks are determined, including AC coefficients and DC coefficients of the DCT of at least one of the Y, Cb and Cr components of the image. 6. The method according to claim 1, wherein at step c) a compressed image is additionally formed based on the generated image. 7. The method according to claim 6, wherein a sequence of bytes is formed based on the compressed image, which is added to the data at step g) when forming the attachment. 8. A system for protecting the authenticity of images generated based on a text query by a machine learning model, comprising at least one processor and at least one memory associated with the processor and containing machine-readable instructions that, when executed by the processor, allow it to: receive user input data to generate an image; generate a JPG image using a machine learning model; record user input data, including: input time, user ID, and text query; extract from the data of the generated JPG image file blocks of values of the discrete cosine transform (DCT) coefficients for the brightness (Y) and color (Cb- and Cr) components of the image; obtain a sequence of low-frequency DCT coefficients (DC coefficients) and high-frequency DCT coefficients (AC coefficients) for all blocks of the luminance component and calculate a hash function based on at least one AC coefficient and/or at least one DC coefficient; using a given key, determine the blocks of DCT coefficients and the positions of DCT coefficients within the blocks, excluding DC DCT coefficients in the blocks, to calculate the hash function; form an attachment to protect the generated image, consisting of a sequence including: input time, user ID, text query, calculated hash function value and additional text information; perform the formation of an encrypted sequence by encrypting the attachment data with a private key; implement the embedding of the generated image of the obtained hash function value and the encrypted sequence into the selected DCT coefficients; provide a protected image to the user.

Images