Deep Leakage with Generative Flow Matching Denoiser

TL;DR

This paper presents a novel deep leakage attack in federated learning that leverages generative flow matching to improve data reconstruction fidelity and robustness against defenses, highlighting the need for new protective strategies.

Contribution

Introducing a deep leakage attack using generative flow matching priors, significantly enhancing reconstruction quality and robustness over existing methods in federated learning.

Findings

Outperforms state-of-the-art attacks across multiple metrics

Effective under various defenses and training conditions

Reveals need for new defense strategies against generative priors

Abstract

Federated Learning (FL) has emerged as a powerful paradigm for decentralized model training, yet it remains vulnerable to deep leakage (DL) attacks that reconstruct private client data from shared model updates. While prior DL methods have demonstrated varying levels of success, they often suffer from instability, limited fidelity, or poor robustness under realistic FL settings. We introduce a new DL attack that integrates a generative Flow Matching (FM) prior into the reconstruction process. By guiding optimization toward the distribution of realistic images (represented by a flow matching foundation model), our method enhances reconstruction fidelity without requiring knowledge of the private data. Extensive experiments on multiple datasets and target models demonstrate that our approach consistently outperforms state-of-the-art attacks across pixel-level, perceptual, and feature-based similarity metrics. Crucially, the method remains effective across different training epochs, larger client batch sizes, and under common defenses such as noise injection, clipping, and sparsification. Our findings call for the development of new defense strategies that explicitly account for adversaries equipped with powerful generative priors.