...
3.4. What does it mean that provenance data is cryptographically bound to the asset?
The provenance data and the asset are the two parts of the same puzzle - a unique puzzle. The possibility of any other pieces ever matching, either by coincidence or by purposeful creation, is so low that it would be practically impossible. This is known as a hard binding.
This inability to always be able to verify the provenance of an ingredient is not problematic, because the trust of the asset remains in the signer of the asset’s C2PA Manifest. However, having the ingredient’s C2PA Manifest included in the asset’s C2PA Manifest Store, enables the verification of the ingredient’s assertions (which are important trust signals), even if its hard bindings cannot be validated.
3.5. Use of Artificial Intelligence & Machine Learning (AI/ML)
3.5.1. How does C2PA address the use of AI/ML in the creation and editing of assets?
Each action that is performed on an asset is recorded in the asset’s C2PA Manifest. These actions can be performed by a human or by an AI/ML system. When an action was performed by an AI/ML system, it is clearly identified as such through it’s digitalSourceType field. ...
See the full specs here: https://c2pa.org/specifications/specifications/1.3/explainer/Explainer.html#_what_does_it_mean_that_provenance_data_is_cryptographically_bound_to_the_asset_2