A cryptographic image version control system that embeds complete version history invisibly into image files using steganography. No external databases or servers required - everything is stored in the image itself.
Unlike traditional version control (Git, SVN) or cloud-based DAM systems, ImageChain is the first self-contained, cryptographically signed, steganographic image version control system. The entire version history is embedded invisibly in the image file itself using steganography, making it:
- Self-contained: History travels with the image (no external files needed)
- Cryptographically secure: Each version is signed and linked via hash chains
- Zero-infrastructure: Works entirely offline, no servers or subscriptions
- Tamper-proof: Any modification breaks cryptographic signatures
- Portable: Share the image, get the complete history automatically
See NOVELTY.md for a detailed comparison with existing solutions.
- π Cryptographic Signing: Each version is signed with RSA or ECC keys
- π Hash Chain Verification: Tamper-proof version linking
- π§ Steganographic Watermarking: Invisible data embedding in image pixels
- π‘οΈ Tamper Detection: Detects modifications even when embedded data is lost (JPEG re-encoding, heavy edits)
- π Error Recovery: Automatic recovery from minor pixel value changes (brightness, contrast)
- π‘ DCT Embedding: Frequency-domain embedding for critical metadata (survives JPEG compression)
- π¦ Self-Contained: Complete history stored in the image file
- πΌοΈ Image Editing: Built-in editor with brightness, contrast, filters, rotation, and text overlay
- β Offline-First: Runs entirely in your browser, no internet required
ImageChain embeds the entire version history directly into image files using steganography (invisible watermarking). This means:
- No External Storage Needed: The image file itself contains all version information
- Self-Verifying: Anyone with the image can extract and verify the version history
- Tamper-Proof: Cryptographic signatures and hash chains detect any modifications
You can extract the version history from any ImageChain file without a public key. However, to verify that signatures are authentic and the chain hasn't been tampered with, you need the public key that corresponds to the private key used to sign the versions.
- Extraction (no key needed): Read the embedded history from the image
- Verification (key needed): Confirm signatures are valid and chain is unbroken
If you edit a committed ImageChain file outside the app (e.g., in Photoshop) and upload it:
- The app detects and extracts the existing version history
- It allows you to continue the version chain from that point
- The new edit creates a new version entry with a new hash
- Note: If you use different keys, old signatures won't verify with the new public key, but the history is still preserved
- Node.js (v18 or higher recommended)
- npm or yarn
-
Clone or download this repository
-
Install dependencies:
npm install
-
Start the development server:
npm run dev
-
Open your browser:
- Navigate to
http://localhost:3000 - The app runs entirely offline - no API keys or external services needed
- Navigate to
npm run buildThe built files will be in the dist/ directory. You can serve them with any static file server:
npm run preview-
Setup Signer & Keys
- Enter a signer name (your identity)
- Choose signature scheme: RSA-3072 or ECC P-256
- Click "Continue to Upload"
-
Upload an Image
- Upload a PNG or JPEG image
- The app generates keys and creates the initial version
-
Edit & Commit
- Use the editing tools (brightness, contrast, filters, rotation, text)
- Click "Commit Version" to save changes
- Each commit creates a new version with cryptographic signature
-
Download
- Download the image with embedded version history
- The file contains the complete chain invisibly embedded
-
From Active Session
- Go to "Version History" tab
- Click "Verify Session Image" if you have an active session
-
From File
- Upload an ImageChain file
- Paste the public key used to sign the versions
- Click "Verify Image File"
- View detailed verification results for each version
- Go to the "Automated Demo" tab
- Click "Run Automated Demo"
- Watch as it:
- Generates cryptographic keys
- Creates 3 versions with different edits
- Embeds the complete history
- Verifies the entire chain
The demo shows detailed step-by-step logs explaining each operation.
For complete technical documentation, see:
- TECHNICAL_DETAILS.md - Complete technical explanation of all mechanisms
- RECOVERY_LAYER.md - Error correction and recovery system
- TAMPER_DETECTION.md - How tampering is detected even when data is lost
- DCT_EMBEDDING.md - Frequency-domain embedding for JPEG robustness
Signature Schemes:
- RSA-PSS: RSA with Probabilistic Signature Scheme (3072-bit keys)
- ECC P-256: Elliptic Curve Digital Signature Algorithm (P-256 curve)
Steganography:
- Hybrid approach: DCT (frequency-domain) for critical metadata + LSB (spatial-domain) for full history
- DCT embedding: Critical metadata survives JPEG compression
- LSB embedding: Full version history in pixel LSBs
- Data is compressed with DEFLATE (pako) before embedding
- Maximum payload size: ~75% of image pixels (excluding alpha channel)
- Zero visible quality loss - changes are imperceptible to human eye
Version Structure:
Each version entry contains:
- Version number
- SHA-256 hash of the image
- Parent hash (links to previous version)
- Timestamp
- Signer identity
- Edit log (operations applied)
- Snapshot (compressed preview for destructive edits)
- Cryptographic signature
How It Works:
- Version history is converted to JSON
- Critical metadata extracted (chain_id, version_count, last_hash)
- Critical metadata embedded in DCT domain (survives JPEG)
- Full history compressed using DEFLATE (reduces size by 70-90%)
- Error correction codes added (triple redundancy for recovery)
- Checksum calculated for tamper detection
- Converted to binary string
- Full history embedded in image pixels using LSB steganography
- Extraction tries DCT first, then LSB, and attempts recovery if needed
Tamper Detection (Even When Data is Lost):
- If LSB data is lost (JPEG re-encoding, heavy edits), extraction fails
- But: Hash chain verification still works if you have the public key
- The system computes the current image hash and compares it to the last version's hash
- Mismatch = tampering detected, even without embedded data
- See TAMPER_DETECTION.md for complete details
βββ components/
β βββ Demo.tsx # Automated demo component
β βββ ImageWorkflow.tsx # Main editing workflow
β βββ VersionHistory.tsx # Version verification UI
β βββ Icons.tsx # Icon components
βββ services/
β βββ cryptoService.ts # Cryptographic operations
β βββ imageService.ts # Image processing utilities
β βββ watermarkService.ts # Steganography functions
βββ types.ts # TypeScript type definitions
βββ App.tsx # Main application component
βββ index.tsx # Application entry point
- Chrome/Edge (recommended)
- Firefox
- Safari
- Any modern browser with Web Crypto API support
- All cryptographic operations use the Web Crypto API
- Private keys never leave your browser
- No data is sent to external servers
- The app runs entirely client-side
- Use smaller images or reduce the number of versions
- Snapshots are automatically compressed, but many versions increase payload size
- Try using smaller images (e.g., 512x512 or smaller)
- If extraction fails but you have the public key: The system can still detect tampering via hash chain verification
- The image may have been heavily compressed (JPEG re-encoding) or edited outside the app
- Brightness/contrast adjustments: Usually recoverable with error correction
- JPEG re-encoding: LSB data is lost, but hash verification will still detect tampering
- Try uploading the original ImageChain file (PNG format recommended)
- Ensure you're using the correct public key
- The key must match the private key used to sign the versions
- Check that the image hasn't been modified outside the app
This project is provided as-is for educational and demonstration purposes.
Contributions, issues, and feature requests are welcome!