Building Gradient Bridges: Label Leakage from Restricted Gradient Sharing in Federated Learning

TL;DR

This paper introduces Gradient Bridge, an attack that can accurately recover label distributions from limited gradient information in federated learning, exposing privacy vulnerabilities despite existing defenses.

Contribution

The paper presents a novel attack method, Gradient Bridge, demonstrating significant privacy leakage in federated learning even with restricted gradient sharing defenses.

Findings

GDBR can recover over 80% of labels accurately.

Existing defenses are insufficient against gradient-based label leakage.

Gradient relationships can be exploited to infer private data labels.

Abstract

The growing concern over data privacy, the benefits of utilizing data from diverse sources for model training, and the proliferation of networked devices with enhanced computational capabilities have all contributed to the rise of federated learning (FL). The clients in FL collaborate to train a global model by uploading gradients computed on their private datasets without collecting raw data. However, a new attack surface has emerged from gradient sharing, where adversaries can restore the label distribution of a victim's private data by analyzing the obtained gradients. To mitigate this privacy leakage, existing lightweight defenses restrict the sharing of gradients, such as encrypting the final-layer gradients or locally updating the parameters within. In this paper, we introduce a novel attack called Gradient Bridge (GDBR) that recovers the label distribution of training data from the limited gradient information shared in FL. GDBR explores the relationship between the layer-wise gradients, tracks the flow of gradients, and analytically derives the batch training labels. Extensive experiments show that GDBR can accurately recover more than 80% of labels in various FL settings. GDBR highlights the inadequacy of restricted gradient sharing-based defenses and calls for the design of effective defense schemes in FL.