Understanding Data Reconstruction Leakage in Federated Learning from a Theoretical Perspective

TL;DR

This paper develops a theoretical framework to analyze and compare the effectiveness of data reconstruction attacks in federated learning, providing insights into attack bounds and performance.

Contribution

It introduces a novel theoretical approach to quantify and compare data reconstruction attack effectiveness in federated learning.

Findings

iDLG attack outperforms DLG attack in effectiveness.

Theoretical bounds on data reconstruction error are established.

Framework enables fair comparison of attack methods.

Abstract

Federated learning (FL) is an emerging collaborative learning paradigm that aims to protect data privacy. Unfortunately, recent works show FL algorithms are vulnerable to the serious data reconstruction attacks. However, existing works lack a theoretical foundation on to what extent the devices' data can be reconstructed and the effectiveness of these attacks cannot be compared fairly due to their unstable performance. To address this deficiency, we propose a theoretical framework to understand data reconstruction attacks to FL. Our framework involves bounding the data reconstruction error and an attack's error bound reflects its inherent attack effectiveness. Under the framework, we can theoretically compare the effectiveness of existing attacks. For instance, our results on multiple datasets validate that the iDLG attack inherently outperforms the DLG attack.