Dittmann, Katzenbeisser, Schallhart and Veith (SEC 2005) introduced the notion of invertible media authentication schemes,
embedding authentication data in media objects via invertible watermarks. These invertible watermarks allow to recover the
original media object (given a secret encryption key), as required for example in some medical applications where the distortion
must be removable.
Here we revisit the approach of Dittmann et al. from a cryptographic viewpoint, clarifying some important aspects of their
security definitions. Namely, we first discuss that their notion of unforgeability may not suffice in all settings, and we
therefore propose a strictly stronger notion. We then show that the basic scheme suggested by Dittmann et al. achieves our
notion if instantiated with the right cryptographic primitives. Our proof also repairs a flaw in the original scheme, pointed
out by Hopper, Molnar and Wagner (TCC 2007).
We finally address the issue of secrecy of media authentication schemes, basically preventing unauthorized recovering of the
original media object without the encryption key. We give a rigorous security statement (that is, the best security guarantee
we can achieve) and prove again that the scheme by Dittmann et al. meets this security level if the right cryptographic building
blocks are deployed. Together our notions of unforgeability and of secrecy therefore give very strong security guarantees
for such media authentication schemes.