Diffusion-Based Authentication of Copy Detection Patterns: A Multimodal Framework with Printer Signature Conditioning

Counterfeiting affects diverse industries, including pharmaceuticals, electronics, and food, posing serious health and economic risks. Printable unclonable codes, such as Copy Detection Patterns (CDPs), are widely used as an anti-counterfeiting measure and are applied to products and packaging. However, the increasing availability of high-resolution printing and scanning devices, along with advances in generative deep learning, undermines traditional authentication systems, which often fail to distinguish high-quality counterfeits from genuine prints. In this work, we propose a diffusion-based authentication framework that jointly leverages the original binary template, the printed CDP, and a representation of printer identity that captures relevant semantic information. Formulating authentication as multi-class printer classification over printer signatures lets our model capture fine-grained, device-specific features via spatial and textual conditioning. We extend ControlNet by repurposing the denoising process for class-conditioned noise prediction, enabling effective printer classification. On the Indigo 1 x 1 Base dataset, our method outperforms traditional similarity metrics and prior deep learning approaches. Results show the framework generalises to counterfeit types unseen during training.

💡 Research Summary

The paper addresses the growing vulnerability of Copy Detection Patterns (CDPs) to high‑quality counterfeiting enabled by modern printers, scanners, and generative deep‑learning techniques. Traditional authentication methods—such as normalized cross‑correlation (NCC), structural similarity (SSIM), or printer‑type classifiers—rely on either the binary template alone or on a single printer’s characteristics, and they fail when faced with sophisticated replicas that closely mimic the original pattern.

To overcome these limitations, the authors propose a multimodal diffusion‑based authentication framework that jointly processes three inputs: (1) the original binary template, (2) the printed CDP image, and (3) a human‑readable textual description of the printer (e.g., “HP Indigo 1×1, CMYK 300 dpi”). They reformulate authentication as a multi‑class printer classification problem, where each legitimate printer is a distinct class and various counterfeit types are additional classes. This formulation enables the model to learn fine‑grained, device‑specific signatures and to generalize across unseen counterfeit generation methods.

Technically, the method builds on the ControlNet architecture, a diffusion model that injects spatial conditioning (e.g., edge maps) into a denoising U‑Net. The authors extend ControlNet in two key ways: (i) they add a per‑class noise‑prediction head so that, for a given noisy latent of the template, the network predicts the added Gaussian noise separately for every printer class, and (ii) they introduce a classification module that selects the class whose predicted noise most closely matches the true noise (minimum L2 error). The diffusion process proceeds as usual: the binary template is forward‑diffused to a latent xₜ at random timestep t, then the reverse process is conditioned on both the printed CDP latent and the textual printer embedding. By repeating the prediction over multiple random timesteps and aggregating errors, the model robustly identifies the most likely printer class.

Training uses a diverse dataset (Indigo 1×1 Base) comprising prints from ten different printers and several counterfeit generation techniques, including traditional image‑processing attacks, GAN‑based reconstructions, and recent diffusion‑based forgeries. The model is trained to minimize the noise‑prediction loss across all classes, effectively learning the subtle artefacts introduced by each printer’s hardware (e.g., nozzle vibration, ink viscosity variations).

Experimental results show that the proposed framework outperforms prior state‑of‑the‑art methods: it achieves higher accuracy and F1‑score than Siamese‑Net printer‑type classifiers, U‑Net template‑to‑print predictors, and Pix2Pix conditional GANs. Notably, it maintains strong detection performance on counterfeit types that were not present during training, demonstrating cross‑printer and cross‑attack generalization.

The contributions are fourfold: (1) integrating printer‑specific signatures as central, rather than auxiliary, information in CDP authentication; (2) delivering the first unified pipeline that simultaneously leverages template, printed image, and printer identity; (3) enabling cross‑printer generalization via multi‑class classification; and (4) repurposing ControlNet from a generative model to a classifier by adding class‑conditioned noise prediction. The authors also release their code and pretrained models for reproducibility.

Limitations include the need for predefined textual labels for each printer, which requires manual effort when new devices are introduced, and the computational overhead inherent to diffusion models, which may hinder real‑time deployment. Future work is suggested on automatic printer‑signature extraction, lightweight diffusion architectures, and unsupervised clustering of printer behaviours to further improve scalability and speed.