AI Guides

What Is blind-watermark? A Beginner-Friendly Guide to guofei9987/blind_watermark

A beginner-friendly guide to guofei9987/blind_watermark: what invisible watermarking is, how DWT–DCT–SVD works, Python and CLI usage, text/image watermark modes, crop and compression robustness, security limitations, privacy considerations, and the MIT License.

Published: Jun 26, 2026Updated: Jun 26, 2026Reading time: 6 minViews: 0
blind-watermarkinvisible watermarkingDWT-DCT-SVDPython libraryimage watermarkingcontent tracingopen source

💡Key Takeaways

  • A beginner-friendly guide to guofei9987/blind_watermark: what invisible watermarking is, how DWT–DCT–SVD works, Python and CLI usage, text/image watermark modes, crop and compression robustness, security limitations, privacy considerations, and the MIT License.

Repository: https://github.com/guofei9987/blind_watermark
Topic: invisible image watermarking, content tracing, Python, DWT–DCT–SVD
Audience: developers, image platforms, content creators, and teams distributing digital images
Level: beginner-friendly with practical technical notes
Checked against the repository source and README: June 26, 2026

Original image example
Original image example

1. What is blind-watermark in simple terms?

blind_watermark is a Python library that hides a small piece of information inside an image in a way that is difficult to see with the human eye.

The hidden information can be:

Example

a text string a small black-and-white image a sequence of bits a customer identifier an order identifier a distribution identifier

Simple model:

TEXT
Original image + hidden data = invisibly watermarked image

The program can later attempt to extract the hidden watermark if the correct parameters are available.

The word blind means extraction does not require the original image. It still requires the appropriate password values and the watermark length or dimensions.

2. How is an invisible watermark different from a visible one?

A visible watermark is a logo or text placed directly on top of an image, such as:

Example

© Example Studio Do not repost A username in the corner

It is easy to notice, but it may also be easy to crop or cover.

An invisible watermark is different:

Example

viewers normally do not see it the information is embedded into image data it can help identify a distributed copy it is harder to remove than a simple corner logo

Invisible does not mean indestructible. Strong editing, AI regeneration, low-quality recapture, or severe transformations may destroy the watermark.

3. What technique does the repository use?

The README describes the implementation as DWT–DCT–SVD watermarking.

A simplified explanation:

Example

DWT separates an image into frequency components. DCT represents small image blocks in frequency form. SVD decomposes matrices so selected stable values can be adjusted.

A simplified pipeline is:

Example

Read image → convert color space → apply DWT → split the image into blocks → apply DCT and SVD → adjust selected values to encode 0 or 1 → reverse the transforms to produce the output image

Users do not need to understand all the mathematics to use the library. The important point is that data is distributed through the image's frequency representation instead of being drawn as visible text.

4. What can the repository be used for?

Reasonable use cases include:

Example

marking images produced by a particular system embedding a unique buyer ID in each download tracing the source of a leaked copy checking whether an image passed through an internal pipeline marking assets sent to different partners researching digital watermarking techniques

For example, an image marketplace could create a separate version for each customer:

Example

Customer A → hidden watermark CUSTOMER_A_1024 Customer B → hidden watermark CUSTOMER_B_2048

If a copy is later redistributed, the platform can attempt to extract the identifier and match it to the distribution record.

5. What is it not?

blind_watermark is not:

Example

a complete DRM system image encryption absolute legal proof of ownership an unbreakable protection mechanism perfect copy prevention an AI-content detector

A watermark is an additional tracing signal. It does not replace contracts, digital signatures, trusted timestamps, original files, or a complete copyright evidence process.

6. What types of watermark data are supported?

The README and source support three primary modes.

Text strings

Examples:

Example

ORDER-2026-000128 [email protected] ASSET-9281

The string is encoded as UTF-8 and converted to bits before embedding.

Image watermarks

A small image can be used as the watermark, usually a black-and-white logo or mask.

The source reads watermark images in grayscale and converts pixels to bits using a threshold of 128. This means detailed grayscale levels are discarded; the behavior is closer to a binary image watermark than a full-color hidden image.

Bit arrays

Applications can pass data directly as bits:

PYTHON
[True, False, True, True, False]

This is useful when an application already encodes identifiers into binary form.

7. Installation

The README recommends installing from PyPI:

Example

pip install blind-watermark

Or installing the repository source:

BASH
git clone https://github.com/guofei9987/blind_watermark.git
cd blind_watermark
pip install .

According to setup.py, the project supports Python 3.5 or newer and depends mainly on:

Example

NumPy OpenCV-Python PyWavelets

The repository's version.py currently reports version 0.4.4. It also prints a note recommending that encoding and decoding use the same library version.

8. Command-line usage

The package includes a CLI for embedding and extracting watermarks.

General embedding structure:

BASH
blind_watermark --embed --pwd <password> <input_image> "<watermark>" <output_image>

General extraction structure:

BASH
blind_watermark --extract --pwd <password> --wm_shape <length> <watermarked_image>

wm_shape is required for extraction. For text, it is normally the bit length. For an image watermark, it is a dimension such as (128, 128).

9. Python usage

A simplified text-watermark example:

PYTHON
from blind_watermark import WaterMark

watermark = WaterMark(password_img=123, password_wm=456)
watermark.read_img("input.jpg")
watermark.read_wm("ASSET-000128", mode="str")
watermark.embed("output.png")

watermark_length = len(watermark.wm_bit)
print(watermark_length)

Extraction:

PYTHON
from blind_watermark import WaterMark

watermark = WaterMark(password_img=123, password_wm=456)
result = watermark.extract(
    "output.png",
    wm_shape=watermark_length,
    mode="str",
)

print(result)

A production system should retain at least:

Example

password_img password_wm watermark length or dimensions library version distribution record identifier

If wm_shape is lost, normal extraction through the library API may not work correctly.

10. What do the two passwords do?

The API accepts:

Example

password_img password_wm

In the source code:

Example

password_wm seeds the permutation of watermark bits password_img seeds the permutation used inside image blocks

This makes correct extraction more difficult without the parameters.

However, these values should not be treated as modern cryptographic keys. In this implementation, they act primarily as deterministic random seeds for reproducible shuffling.

Therefore:

Example

do not use this mechanism to protect high-value secrets do not embed real passwords, API keys, or sensitive personal data do not treat password_img/password_wm as strong encryption keys

For stronger authenticity, generate a random ID or a server-side HMAC/signature and embed only the resulting short token.

11. Watermark capacity depends on image size

After DWT, the code divides image data into 4 × 4 blocks. The number of available blocks determines the maximum number of watermark bits.

The source checks that:

Example

watermark size must be smaller than the available block count

This means:

Example

larger images can hold longer watermarks small images have lower capacity a 128 × 128 watermark image requires far more bits than a short identifier

A short identifier is usually more practical than a paragraph of text.

12. Why can it survive some image changes?

The README demonstrates extraction after transformations including:

Example

rotation random cropping partial masks horizontal or vertical cuts resizing salt-and-pepper noise brightness reduction

The implementation repeats watermark bits across multiple blocks and color channels, then averages observations during extraction.

However, the README examples are demonstrations, not a guarantee for every image and configuration.

Robustness depends on:

Example

image dimensions watermark length compression level file format transformation strength image content algorithm parameters matching encode/decode versions

13. Does it survive JPEG compression?

It may, but extraction quality depends on compression strength.

The source allows JPEG output with a compression_ratio used as JPEG quality. Severe compression can alter frequency coefficients and make extraction less reliable.

Practical guidance:

Example

prefer PNG when stability is more important than file size test several JPEG quality levels do not assume survival after repeated re-encoding

A robust pipeline should verify the watermark after output generation and again after any expected image optimization step.

14. Does it survive cropping?

The README includes cropping examples where extraction succeeds. This is possible because watermark bits are repeated across the image.

But severe cropping, very small remaining regions, or geometric changes that are not restored may reduce reliability.

Test the transformations that matter for your product:

Example

10% crop 30% crop screenshots thumbnail resizing social-network compression aspect-ratio changes

15. Does it survive AI regeneration?

It should generally not be expected to survive.

If a generative model redraws the image, performs large inpainting, strong style transfer, or reconstructs it from a reference, the original frequency-domain signal may be replaced almost completely.

Traditional robust watermarking is better suited to:

Example

compression resizing moderate cropping brightness changes light noise some geometric edits

It is not a guaranteed method for tracking content after generative reconstruction.

16. Strengths

Example

simple Python API command-line interface Windows, Linux, and macOS support text, image, and bit watermark modes blind extraction without the original image examples covering several image transformations multi-process support permissive MIT license

17. Limitations

Example

wm_shape is required for extraction correct seeds/passwords are required not strong encryption not robust against every transformation long watermarks reduce repetition and may reduce robustness output images are not perfectly identical to originals strong compression or editing can destroy the watermark not standalone legal proof of ownership

In bwm_core.py, the author notes that increasing d1 and d2 improves robustness but creates more image distortion. This is the central trade-off:

Example

stronger watermark ↔ more visible or measurable image change

18. Privacy considerations

Avoid embedding raw personal or secret data such as:

Example

full legal names personal email addresses phone numbers home addresses government IDs API keys passwords

Invisible does not mean encrypted.

A safer design is:

Example

embed a random lookup ID store the ID-to-customer mapping in a separate database restrict access to that mapping apply retention and deletion rules

For copyright or leakage disputes, combine watermark data with:

Example

the original source file a cryptographic hash of the original a publication history a trusted timestamp contracts or licenses distribution logs a digital signature or HMAC

A watermark can support a chain of evidence, but should not be the only evidence.

20. Suggested image-distribution workflow

A practical workflow:

Example

Step 1: Assign an asset_id to the original image. Step 2: Create a unique distribution_id for each download. Step 3: Sign the distribution_id with a server-side HMAC. Step 4: Embed only the short ID or signed token. Step 5: Store wm_shape, seed identifiers, version, and output hash. Step 6: Extract and verify immediately after generation. Step 7: Test again after expected resize and JPEG compression. Step 8: Deliver the file only if verification succeeds.

Do not embed a complete customer profile. Embed a lookup token instead.

21. Example metadata record

JSON
{
  "asset_id": "asset_9281",
  "distribution_id": "dist_f8a3c1",
  "watermark_length": 176,
  "password_img_id": "keyset_03",
  "password_wm_id": "keyset_03",
  "library_version": "0.4.4",
  "output_sha256": "...",
  "created_at": "2026-06-26T10:00:00Z"
}

Store references to protected key material rather than placing raw password values in ordinary business records.

22. When should you consider this repository?

It is a reasonable option when:

Example

you want to experiment with image watermarking in Python you need a unique marker per distributed copy you want a local open-source solution you can test robustness against your real processing pipeline you need CLI or Python backend integration

23. When is it not enough by itself?

Do not rely on it alone when:

Example

assets have very high legal or commercial value professional anti-removal resistance is required images pass through aggressive platform compression you need industry-standard provenance verification you need video or audio protection you need proof that an image has not been modified

In those cases, also evaluate fingerprinting, perceptual hashes, digital signatures, C2PA/Content Credentials, or commercial watermarking systems.

24. License

The repository uses the MIT License.

This generally permits:

Example

use modification distribution commercial inclusion

The copyright and license notice must remain in copies or substantial portions of the software. The software is provided “as is,” without warranty.

25. Conclusion

guofei9987/blind_watermark is a compact Python library for experimenting with and deploying invisible image watermarks using DWT–DCT–SVD.

Shortest explanation:

Example

It hides a text string, small binary image, or bit sequence in the image's frequency domain, then extracts it without requiring the original image.

The repository is useful for distribution tracing, asset marking, and watermark research. It is not DRM, not strong encryption, and not guaranteed to survive every transformation.

SEO title suggestions

  • What Is blind-watermark? Beginner-Friendly Guide to guofei9987/blind_watermark
  • How to Add Invisible Watermarks to Images With Python
  • DWT–DCT–SVD Blind Watermarking Explained for Beginners
  • Python Invisible Watermark Library: Usage, Strengths, and Limitations

SEO meta description

A beginner-friendly guide to guofei9987/blind_watermark: what invisible watermarking is, how DWT–DCT–SVD works, Python and CLI usage, text/image watermark modes, crop and compression robustness, security limitations, privacy considerations, and the MIT License.

References

  1. GitHub repository: https://github.com/guofei9987/blind_watermark
  2. English README: https://github.com/guofei9987/blind_watermark/blob/master/README.md
  3. Chinese README: https://github.com/guofei9987/blind_watermark/blob/master/README_cn.md
  4. blind_watermark.py: https://github.com/guofei9987/blind_watermark/blob/master/blind_watermark/blind_watermark.py
  5. bwm_core.py: https://github.com/guofei9987/blind_watermark/blob/master/blind_watermark/bwm_core.py
  6. setup.py: https://github.com/guofei9987/blind_watermark/blob/master/setup.py
  7. MIT License: https://github.com/guofei9987/blind_watermark/blob/master/LICENSE
  8. Documentation: https://BlindWatermark.github.io/blind_watermark/#/en/
PR

Written by PixelRouter Editorial Team

We publish deep, authoritative guides on AI infrastructure, API gateway security, cloud financial management, and system optimizations for developers.

FAQ

What is blind-watermark?

blind-watermark is a Python library that hides a small piece of information inside an image in a way that is difficult to see with the human eye. The hidden information can be a text string, a small black-and-white image, or a sequence of bits.

How does blind-watermark hide information?

It uses DWT–DCT–SVD watermarking. The image is transformed into frequency components, then divided into blocks, and specific values are adjusted to encode the watermark bits. Extraction does not require the original image but needs the correct password values and watermark length.

What are the main limitations of blind-watermark?

It requires wm_shape for extraction, correct passwords, is not strong encryption, may not survive aggressive transformations like AI regeneration, and long watermarks reduce robustness. The output image is not perfectly identical to the original.