Breaking Privacy in Federated Clustering: Perfect Input Reconstruction via Temporal Correlations

TL;DR

This paper demonstrates that revealing intermediate centroids in federated clustering can lead to perfect reconstruction of original data, exposing significant privacy risks despite prior assumptions of safety.

Contribution

It uncovers a new privacy leakage mechanism based on temporal correlations in k-means iterations and proposes the TAR attack to exploit this vulnerability.

Findings

Temporal regularities enable perfect input reconstruction

Centroid disclosure significantly compromises privacy

Prior assumptions of safety are invalidated by new attack

Abstract

Federated clustering allows multiple parties to discover patterns in distributed data without sharing raw samples. To reduce overhead, many protocols disclose intermediate centroids during training. While often treated as harmless for efficiency, whether such disclosure compromises privacy remains an open question. Prior analyses modeled the problem as a so-called Hidden Subset Sum Problem (HSSP) and argued that centroid release may be safe, since classical HSSP attacks fail to recover inputs. We revisit this question and uncover a new leakage mechanism: temporal regularities in $k$-means iterations create exploitable structure that enables perfect input reconstruction. Building on this insight, we propose Trajectory-Aware Reconstruction (TAR), an attack that combines temporal assignment information with algebraic analysis to recover exact original inputs. Our findings provide the first rigorous evidence, supported by a practical attack, that centroid disclosure in federated clustering significantly compromises privacy, exposing a fundamental tension between privacy and efficiency.