This work proposes a semantic-driven identity decoupling framework to address the entanglement between identity and visual representation in facial image privacy preservation. By decomposing faces in the latent space of diffusion models into machine-recognizable identity features and human-perceivable semantic appearance, the method generates visually anonymous yet identity-consistent adversarial samples through semantic-guided recombination, enabling reversible recovery under cryptographic authorization. The approach innovatively incorporates momentum-driven unrestricted perturbation optimization and a semantic-visual balance factor to significantly enhance the naturalness and diversity of anonymized faces. Experimental results demonstrate a 99% black-box attack success rate on CelebA-HQ and FFHQ datasets, with a 41.28% improvement in recovered image PSNR over baseline methods.

With the deep integration of facial recognition into online banking, identity verification, and other networked services, achieving effective decoupling of identity information from visual representations during image storage and transmission has become a critical challenge for privacy protection. To address this issue, we propose SIDeR, a Semantic decoupling-driven framework for unrestricted face privacy protection. SIDeR decomposes a facial image into a machine-recognizable identity feature vector and a visually perceptible semantic appearance component. By leveraging semantic-guided recomposition in the latent space of a diffusion model, it generates visually anonymous adversarial faces while maintaining machine-level identity consistency. The framework incorporates momentum-driven unrestricted perturbation optimization and a semantic-visual balancing factor to synthesize multiple visually diverse, highly natural adversarial samples. Furthermore, for authorized access, the protected image can be restored to its original form when the correct password is provided. Extensive experiments on the CelebA-HQ and FFHQ datasets demonstrate that SIDeR achieves a 99% attack success rate in black-box scenarios and outperforms baseline methods by 41.28% in PSNR-based restoration quality.