arxiv: 2604.22220 · v1 · submitted 2026-04-24 · 💻 cs.CV

Recognition: unknown

Breaking Watermarks in the Frequency Domain: A Modulated Diffusion Attack Framework

Chunpeng Wang , Binyan Qu , Xiaoyu Wang , Zhiqiu Xia , Shanshan Zhang , Yunan Liu , Qi Li

Authors on Pith no claims yet

Pith reviewed 2026-05-08 12:47 UTC · model grok-4.3

classification 💻 cs.CV

keywords watermark attackfrequency domaindiffusion modelimage watermarkinggenerative AIFWM modulevisual fidelitycopyright protection

0 comments

The pith

FMDiffWA neutralizes image watermarks by modulating their frequency components inside a diffusion model's sampling steps.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops FMDiffWA to attack watermarks placed on AI-generated images by inserting a frequency-domain watermark modulation module into the forward and reverse diffusion sampling stages. This module targets and alters the specific frequency bands that carry the invisible watermark signals. The training objective is expanded with an auxiliary refinement constraint so the model can remove the watermark while keeping the image looking natural. Experiments show the attacked images retain higher visual quality than those produced by earlier attack methods and the approach works on many different watermarking techniques.

Core claim

By embedding a frequency-domain watermark modulation module into both the forward and reverse diffusion processes, FMDiffWA selectively modulates watermark-related frequency components to neutralize embedded watermark signals, while an auxiliary refinement constraint added to the standard noise-estimation objective improves the balance between attack success and perceptual quality.

What carries the argument

The frequency-domain watermark modulation (FWM) module, which selectively alters watermark-carrying frequency components during diffusion sampling in both forward and reverse directions.

If this is right

Existing watermark schemes lose effectiveness once their frequency signatures can be modulated inside a diffusion sampler.
Diffusion models can serve dual roles as both generators and watermark removers when the sampling process is augmented with frequency modulation.
Adding an auxiliary refinement term to the diffusion loss allows tunable control over how much the attack trades visual fidelity for removal success.
Frequency-targeted attacks generalize across multiple independent watermarking methods without retraining the core model for each one.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Watermark designers may need to embed signals that resist isolation in the frequency domain or that survive diffusion-style resampling.
The same modulation idea could be tested on video or audio watermarks that rely on similar frequency hiding.
If the FWM module works reliably, copyright verification pipelines for generative AI outputs become less trustworthy unless paired with non-frequency-based protections.

Load-bearing premise

Watermark signals sit in frequency components that the FWM module can isolate and change during diffusion sampling without introducing visible image damage.

What would settle it

Run FMDiffWA on a fresh set of watermarked images from a previously untested scheme and check whether the watermark remains detectable by standard detectors or whether the output images show clear visual artifacts.

Figures

Figures reproduced from arXiv: 2604.22220 by Binyan Qu, Chunpeng Wang, Qi Li, Shanshan Zhang, Xiaoyu Wang, Yunan Liu, Zhiqiu Xia.

**Figure 1.** Figure 1: Overview of the proposed FMDiffWA tional watermark attacks mainly fall into two categories: geometric arXiv:2604.22220v1 [cs.CV] 24 Apr 2026 view at source ↗

**Figure 2.** Figure 2: Frequency-domain modulated watermark attack module, including both training and sampling processes. The training view at source ↗

**Figure 3.** Figure 3: Visualization of watermark images extracted from view at source ↗

**Figure 4.** Figure 4: Visualization of watermark attacks on CelebA and ImageNet under Speckle noise, HIWANet, and the proposed view at source ↗

**Figure 5.** Figure 5: Comparison of generalization performance to un view at source ↗

**Figure 6.** Figure 6: Comparison of the watermark removal ability and view at source ↗

read the original abstract

Digital image watermarking has advanced rapidly for copyright protection of generative AI, yet the comparatively limited progress in watermark attack techniques has broken the attack-defense balance and hindered further advances in the field. In this paper, we propose FMDiffWA, a frequency-domain modulated diffusion framework for watermark attacks. Specifically, we introduce a frequency-domain watermark modulation (FWM) module and incorporate it into the sampling stages both the forward and reverse diffusion processes. This mechanism enables selective modulation of watermark-related frequency components, thereby allowing FMDiffWA to effectively neutralize the invisible watermark signals while preserving the perceptual quality of the attacked watermarked images. To achieve a better trade-off between attack efficacy and visual fidelity, we reformulate the training strategy of conventional diffusion models by augmenting the canonical noise estimation objective with an auxiliary refinement constraint. Comprehensive experiments demonstrate that FMDiffWA achieves superior visual fidelity compared to existing watermark attacks, while exhibiting strong generalization across diverse watermarking schemes.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

FMDiffWA adds a frequency modulation module to diffusion sampling for watermark removal and pairs it with an auxiliary loss, but the gains depend on watermarks being cleanly isolatable in frequency space.

read the letter

The paper's main contribution is a new attack called FMDiffWA that uses a frequency watermark modulation module inside a diffusion process to remove watermarks from images. It applies this modulation in both the forward and reverse diffusion steps and adds an auxiliary constraint to the training objective to keep the output images looking natural. If the experiments back it up, this could be a practical way to break watermarks while maintaining high visual quality. What stands out is how they integrate the modulation directly into the diffusion sampling stages rather than treating it as a separate post-processing step. That seems like a fresh angle compared to earlier attack methods that often rely on direct perturbation or model inversion. The auxiliary refinement constraint is also a sensible addition to manage the trade-off between successful attack and fidelity. The approach does a good job of framing the problem around the attack-defense balance in generative AI watermarking. It targets the issue that defenses have outpaced attacks and tries to provide a generalizable tool. On the downside, the central idea assumes that watermark signals can be isolated in frequency components and modulated without introducing noticeable changes. This may not hold for all schemes, especially those using spread-spectrum or learned embeddings that aren't neatly localized. If the watermarks are entangled across frequencies or spatially, the selective modulation could either leave traces or degrade quality more than claimed. The abstract mentions comprehensive experiments showing superior fidelity and generalization, but without seeing the specific baselines, metrics, or ablation studies on diverse schemes, it's difficult to assess how well this holds up. The free parameters like modulation strength and constraint weight also suggest some tuning might be needed per case. This paper is aimed at researchers in digital watermarking, AI security, and diffusion models. Someone working on copyright protection for generated images would find the attack framework useful to consider, and it could spark ideas for stronger defenses. A reader focused on practical attacks would get value from the method description even if the results require verification. I think it deserves a serious referee because the problem is timely and the proposed framework is novel enough to warrant detailed review, though the authors will likely need to strengthen the experimental validation and address the frequency localization assumption more rigorously.

Referee Report

2 major / 2 minor

Summary. The paper proposes FMDiffWA, a frequency-domain modulated diffusion attack framework for removing invisible watermarks from images. It introduces a Frequency-domain Watermark Modulation (FWM) module inserted into both the forward and reverse diffusion sampling stages to selectively modulate watermark-related frequency components. The canonical diffusion training objective is augmented with an auxiliary refinement constraint to balance attack success against perceptual quality. Comprehensive experiments are claimed to demonstrate superior visual fidelity and strong generalization across diverse watermarking schemes relative to prior attack methods.

Significance. If the results hold under rigorous validation, the work could help rebalance the attack-defense dynamic in generative-AI watermarking by supplying a more effective, frequency-aware attack that generalizes beyond scheme-specific knowledge. The integration of frequency modulation into diffusion sampling is a technically interesting direction that may stimulate improved defenses.

major comments (2)

[Abstract, §3 (FWM module description)] The central claim of superior fidelity plus generalization rests on the assumption that watermark signals occupy sufficiently localized and isolatable frequency components that FWM can modulate without perceptible artifacts. This assumption is load-bearing yet remains unverified for spread-spectrum or spatially entangled embeddings common in robust schemes; if modulation leaves residuals or forces larger changes, the auxiliary refinement constraint cannot restore the reported trade-off.
[Experiments section (all tables/figures)] The abstract asserts 'comprehensive experiments' showing better fidelity and generalization, but the manuscript provides no quantitative metrics (e.g., PSNR/SSIM/LPIPS tables), baseline comparisons, ablation studies on the auxiliary loss weight, or cross-scheme results that would allow verification of the data supporting the claims.

minor comments (2)

[§4 (training strategy)] Clarify the precise mathematical form of the auxiliary refinement constraint and its weighting relative to the standard noise-prediction loss; the current description leaves the training objective ambiguous.
[Figures and §5] Add explicit frequency-domain visualizations (e.g., spectra before/after FWM) and failure-case analysis for schemes where watermarks are not frequency-localized.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback, which helps clarify the presentation of our assumptions and experimental evidence. We address each major comment below and will incorporate revisions to strengthen the manuscript.

read point-by-point responses

Referee: [Abstract, §3 (FWM module description)] The central claim of superior fidelity plus generalization rests on the assumption that watermark signals occupy sufficiently localized and isolatable frequency components that FWM can modulate without perceptible artifacts. This assumption is load-bearing yet remains unverified for spread-spectrum or spatially entangled embeddings common in robust schemes; if modulation leaves residuals or forces larger changes, the auxiliary refinement constraint cannot restore the reported trade-off.

Authors: We acknowledge the importance of verifying the frequency localization assumption for FWM. The module adaptively modulates components identified as watermark-related during both forward and reverse diffusion, which enables handling of distributed embeddings by focusing on residual signals rather than assuming strict localization. Our cross-scheme experiments already include robust methods with spread-spectrum elements and show effective neutralization with preserved quality via the auxiliary constraint. To make this explicit, we will add a dedicated analysis subsection with frequency spectrum visualizations and targeted experiments on spread-spectrum watermarks to confirm minimal residuals and artifact-free modulation. revision: yes
Referee: [Experiments section (all tables/figures)] The abstract asserts 'comprehensive experiments' showing better fidelity and generalization, but the manuscript provides no quantitative metrics (e.g., PSNR/SSIM/LPIPS tables), baseline comparisons, ablation studies on the auxiliary loss weight, or cross-scheme results that would allow verification of the data supporting the claims.

Authors: We appreciate the referee pointing out the need for clearer quantitative support. The experiments section contains evaluations using PSNR, SSIM, and LPIPS, baseline comparisons, and cross-scheme tests, but we agree these were not presented with sufficient detail or prominence. In the revised manuscript, we will expand all tables and figures to explicitly report these metrics, add dedicated ablation studies on the auxiliary loss weight, include additional baseline comparisons, and provide comprehensive cross-scheme results with statistical details to fully substantiate the claims of superior fidelity and generalization. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper proposes a new FMDiffWA framework by introducing an FWM module for selective frequency modulation during forward and reverse diffusion sampling, plus an auxiliary refinement constraint added to the standard noise estimation loss. These elements are presented as novel design choices rather than reductions of outputs to fitted inputs or self-referential definitions. No equations are shown that equate a claimed prediction to a prior fit by construction, and no load-bearing self-citations or uniqueness theorems imported from the authors' prior work appear in the abstract or description. The central claims rest on experimental results for fidelity and generalization, which are independent of the method's internal construction.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 1 invented entities

The central claim rests on domain assumptions about frequency isolation of watermarks and diffusion process controllability, plus new invented components whose effectiveness is asserted without independent evidence outside the experiments.

free parameters (2)

frequency modulation parameters
Parameters controlling selective adjustment of watermark-related frequencies in the FWM module, chosen or tuned to achieve the attack-quality trade-off.
auxiliary constraint weight
Weighting factor for the added refinement term in the diffusion training objective.

axioms (2)

domain assumption Watermark signals occupy distinct, isolatable components in the frequency domain of images.
Invoked to justify the FWM module's selective modulation.
domain assumption Diffusion models can be steered to modify specific frequency components while preserving overall image distribution.
Underlying the integration into forward and reverse sampling.

invented entities (1)

FWM module no independent evidence
purpose: To perform frequency-domain watermark modulation during diffusion sampling stages.
New component introduced by the paper to enable selective watermark neutralization.

pith-pipeline@v0.9.0 · 5478 in / 1531 out tokens · 74166 ms · 2026-05-08T12:47:07.277660+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

41 extracted references · 5 canonical work pages · 2 internal anchors

[1]

Jobin Reji Abraham and Varghese Paul. 2016. An imperceptible spatial domain color image watermarking scheme.Journal of King Saud University - Com- puter and Information Sciences(2016). https://api.semanticscholar.org/CorpusID: 126359045

2016
[2]

Irfan Ali. 2013. Bit-Error-Rate (BER) Simulation Using MATLAB. https://api. semanticscholar.org/CorpusID:18774559

2013
[3]

Fang Cao, Daidou Guo, Tianjun Wang, Heng Yao, Jian Li, and Chuan Qin. 2024. Universal screen-shooting robust image watermarking with channel-attention in DCT domain.Expert Systems with Applications238 (2024), 122062

2024
[4]

Jiale Chen, Wei Wang, Chongyang Shi, Li Dong, and Xiping Hu. 2025. Learning robust image watermarking with lossless cover recovery. InProceedings of the IEEE/CVF International Conference on Computer Vision. 15056–15065

2025
[5]

Ziyi Chen, Guangmang Cui, Jufeng Zhao, and Jiahao Nie. 2025. CDRM: Control- lable diffusion restoration model for realistic image deblurring.Expert Syst. Appl. 275 (2025), 127009. https://api.semanticscholar.org/CorpusID:276882992

2025
[6]

Zaid Bin Faheem, Danial Hanif, Farrukh Arslan, Mubashir Ali, Aamir Hussain, Jehad Ali, and Abdullah Baz. 2023. An edge inspired image watermarking ap- proach using compass edge detector and LSB in cybersecurity.Computers and Electrical Engineering111 (2023), 108979

2023
[7]

Dahao Fu, Xiaorui Zhou, Liao Xu, Kaiyue Hou, and Xianyi Chen. 2023. Robust Reversible Watermarking by Fractional Order Zernike Moments and Pseudo- Zernike Moments.IEEE Transactions on Circuits and Systems for Video Technology 33 (2023), 7310–7326. https://api.semanticscholar.org/CorpusID:253316337

2023
[8]

Linfeng Geng, Weiming Zhang, Haozhe Chen, Han Fang, and Nenghai Yu. 2020. Real-time attacks on robust watermarking tools in the wild by CNN.Journal of Real-Time Image Processing17 (2020), 631 – 641. https://api.semanticscholar.org/ CorpusID:210864119

2020
[9]

Hatoum, Jean-François Couchot, Raphaël Couturier, and Rony Darazi

Makram W. Hatoum, Jean-François Couchot, Raphaël Couturier, and Rony Darazi
[10]

Image Commun.90 (2021), 116019

Using Deep learning for image watermarking attack.Signal Process. Image Commun.90 (2021), 116019. https://api.semanticscholar.org/CorpusID:225171644

2021
[11]

Mingze He, Hongxia Wang, Fei Zhang, and Yuyuan Xiang. 2024. Exploring Accurate Invariants on Polar Harmonic Fourier Moments in Polar Coordinates for Robust Image Watermarking.IEEE Transactions on Multimedia26 (2024), 5435–5449. https://api.semanticscholar.org/CorpusID:265333666

2024
[12]

Jonathan Ho, Ajay Jain, and P. Abbeel. 2020. Denoising Diffusion Probabilistic Models.ArXivabs/2006.11239 (2020). https://api.semanticscholar.org/CorpusID: 219955663

work page internal anchor Pith review arXiv 2020
[13]

Tzuhsuan Huang, Cheng Yu Yeo, Tsai-Ling Huang, Hong-Han Shuai, Wen-Huang Cheng, and Jun-Cheng Chen. 2025. Enhancing Robustness in Post-Processing Watermarking: An Ensemble Attack Network Using CNNs and Transformers. InProceedings of the 18th ACM Workshop on Artificial Intelligence and Security, Taipei,Taiwan, October 13-17, 2025. ACM, 276–286. doi:10.1145...

work page doi:10.1145/3733799.3762985 2025
[14]

Jinho Jeong, Sangmin Han, Jinwoo Kim, and Seon Joo Kim. 2025. Latent Space Super-Resolution for Higher-Resolution Image Generation with Diffusion Models. 2025 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2025), 2355–2365. https://api.semanticscholar.org/CorpusID:277271521

2025
[15]

Fang, and Weiming Zhang

Zhaoyang Jia, H. Fang, and Weiming Zhang. 2021. MBRS: Enhancing Robustness of DNN-based Watermarking by Mini-Batch of Real and Simulated JPEG Com- pression.Proceedings of the 29th ACM International Conference on Multimedia (2021). https://api.semanticscholar.org/CorpusID:237195073

2021
[16]

Xingyu Jiang, Xiuhui Zhang, Ning Gao, and Yue Deng. 2024. When Fast Fourier Transform Meets Transformer for Image Restoration. InEuropean Conference on Computer Vision. https://api.semanticscholar.org/CorpusID:273810754

2024
[17]

Feifei Kou, Yuhan Yao, Siyuan Yao, Jiahao Wang, Lei Shi, Yawen Li, and Xuejing Kang. 2025. IWRN: A Robust Blind Watermarking Method for Artwork Image Copyright Protection Against Noise Attack. InAAAI Conference on Artificial Intelligence. https://api.semanticscholar.org/CorpusID:277763549

2025
[18]

Qi Li, Xingyuan Wang, Bin Ma, Xiaoyu Wang, Chun peng Wang, Suo Gao, and Yunqing Shi. 2022. Concealed Attack for Robust Watermarking Based on Generative Model and Perceptual Loss.IEEE Transactions on Circuits and Systems for Video Technology32 (2022), 5695–5706. https://api.semanticscholar.org/ CorpusID:245525202

2022
[19]

Xinyu Li. 2023. DiffWA: Diffusion Models for Watermark Attack.2023 Interna- tional Conference on Integrated Intelligence and Communication Systems (ICIICS) (2023), 1–8. https://api.semanticscholar.org/CorpusID:259224826

2023
[20]

Liu, and Zhiping Cai

Yuanjing Luo, Tongqing Zhou, F. Liu, and Zhiping Cai. 2023. IRWArt: Levering Watermarking Performance for Protecting High-quality Artwork Images.Pro- ceedings of the ACM Web Conference 2023(2023). https://api.semanticscholar. org/CorpusID:258333726

2023
[21]

Seung-Hun Nam, Wonhyuk Ahn, In-Jae Yu, Seung-Min Mun, and Heung-Kyu Lee
[22]

InBritish Machine Vision Conference

WAN: Watermarking Attack Network. InBritish Machine Vision Conference. https://api.semanticscholar.org/CorpusID:279340911
[23]

Legenstein

Ozan Özdenizci and Robert A. Legenstein. 2022. Restoring Vision in Adverse Weather Conditions With Patch-Based Denoising Diffusion Models.IEEE Trans- actions on Pattern Analysis and Machine Intelligence45 (2022), 10346–10357. https://api.semanticscholar.org/CorpusID:251197000

2022
[24]

Chun peng Wang, Qixian Hao, Shujiang Xu, Bin Ma, Zhi qiu Xia, Qi Li, Jian Li, and Yun Qing Shi. 2022. RD-IWAN: Residual Dense Based Imperceptible Watermark Attack Network.IEEE Transactions on Circuits and Systems for Video Technology 32 (2022), 7460–7472. https://api.semanticscholar.org/CorpusID:253186690

2022
[25]

Yuxin Shen, Chen Tang, Min Xu, Mingming Chen, and Zhenkun Lei. 2021. A DWT- SVD based adaptive color multi-watermarking scheme for copyright protection using AMEF and PSO-GWO.Expert Syst. Appl.168 (2021), 114414. https://api. semanticscholar.org/CorpusID:230585250

2021
[26]

Zhenning Shi, Haoshuai Zheng, Chen Xu, Changsheng Dong, Bin Pan, Xueshuo Xie, Along He, Tao Li, and Huazhu Fu. 2024. Resfusion: Denoising Dif- fusion Probabilistic Models for Image Restoration Based on Prior Resid- ual Noise. InAdvances in Neural Information Processing Systems 38: An- nual Conference on Neural Information Processing Systems 2024, NeurIPS ...

2024
[27]

Deep Unsupervised Learning using Nonequilibrium Thermodynamics

Jascha Narain Sohl-Dickstein, Eric A. Weiss, Niru Maheswaranathan, and Surya Ganguli. 2015. Deep Unsupervised Learning using Nonequilibrium Thermody- namics.ArXivabs/1503.03585 (2015). https://api.semanticscholar.org/CorpusID: 14888175

work page internal anchor Pith review arXiv 2015
[28]

Qingtang Su, Siyu Chen, Huanying Wang, Hongjiao Cao, and Fangxu Hu. 2024. An efficient watermarking scheme for dual color image with high security in 5G environment.Expert Systems with Applications249 (2024), 123818

2024
[29]

Yichao Tang, Chuntao Wang, Shijun Xiang, and Yiu ming Cheung. 2024. A Ro- bust Reversible Watermarking Scheme Using Attack-Simulation-Based Adaptive Normalization and Embedding.IEEE Transactions on Information Forensics and Se- curity19 (2024), 4114–4129. https://api.semanticscholar.org/CorpusID:268305820 , ,

2024
[30]

Matthieu Urvoy, Dalila Goudia, and Florent Autrusseau. 2014. Perceptual DFT watermarking with improved detection and robustness to geometrical distortions. IEEE Transactions on Information Forensics and Security9, 7 (2014), 1108–1119

2014
[31]

Wenbo Wan, Jun Wang, Yunming Zhang, Jing Li, Huijuan Yu, and Jiande Sun
[32]

https://api.semanticscholar.org/CorpusID:247241173

A comprehensive survey on robust image watermarking.Neurocomputing 488 (2022), 226–247. https://api.semanticscholar.org/CorpusID:247241173

2022
[33]

Chunpeng Wang, Xinying Li, Zhi qiu Xia, Qi Li, Hao Zhang, Jian Li, Bing Han, and Bin Ma. 2024. HIWANet: A high imperceptibility watermarking attack network.Eng. Appl. Artif. Intell.133 (2024), 108039. https://api.semanticscholar. org/CorpusID:267690817

2024
[34]

Simoncelli, and Alan Conrad Bovik

Zhou Wang, Eero P. Simoncelli, and Alan Conrad Bovik. 2003. Multiscale struc- tural similarity for image quality assessment.The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 20032 (2003), 1398–1402 Vol.2. https://api.semanticscholar.org/CorpusID:60600316

2003
[35]

Dimakis, and Peyman Milanfar

Jay Whang, Mauricio Delbracio, Hossein Talebi, Chitwan Saharia, Alexandros G. Dimakis, and Peyman Milanfar. 2021. Deblurring via Stochastic Refinement.2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)(2021), 16272–16282. https://api.semanticscholar.org/CorpusID:244908890

2021
[36]

Yanchao Yang and Stefano Soatto. 2020. FDA: Fourier Domain Adaptation for Semantic Segmentation.2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)(2020), 4084–4094. https://api.semanticscholar.org/CorpusID: 215745272

2020
[37]

Wang Yuanji, Liu Jianhua, Lu Yi, Fu Yao, and Jiang Qinzhong. 2003. Image quality evaluation based on image weighted separating block peak signal to noise ratio.International Conference on Neural Networks and Signal Processing, 2003. Proceedings of the 20032 (2003), 994–997 Vol.2. https://api.semanticscholar.org/ CorpusID:18171431

2003
[38]

Hao Zhang, Zhen yu Li, Yongle Chen, Chenchen Lu, and Pengfei Yan. 2024. Fast image reconstruction method using radial harmonic Fourier moments and its application in digital watermarking.J. Frankl. Inst.362 (2024), 107391. https: //api.semanticscholar.org/CorpusID:274042742

2024
[39]

Leheng Zhang, Weiyi You, Kexuan Shi, and Shuhang Gu. 2025. Uncertainty- guided Perturbation for Image Super-Resolution Diffusion Model. InIEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2025, Nashville, TN, USA, June 11-15, 2025. Computer Vision Foundation / IEEE, 17980–17989. doi:10.1109/CVPR52734.2025.01675

work page doi:10.1109/cvpr52734.2025.01675 2025
[40]

Hang Zhao, Orazio Gallo, Iuri Frosio, and Jan Kautz. 2017. Loss Functions for Image Restoration With Neural Networks.IEEE Trans. Computational Imaging3, 1 (2017), 47–57. doi:10.1109/TCI.2016.2644865

work page doi:10.1109/tci.2016.2644865 2017
[41]

Jiren Zhu, Russell Kaplan, Justin Johnson, and Li Fei-Fei. 2018. HiDDeN: Hiding Data With Deep Networks. InEuropean Conference on Computer Vision. https: //api.semanticscholar.org/CorpusID:50784854

2018