DECIFR: Domain-Aware Exfiltration of Circuit Information from Federated Gradient Reconstruction

TL;DR

This paper uncovers a vulnerability in federated learning for hardware security, demonstrating how domain-specific knowledge enables reconstruction of sensitive circuit data through a novel attack.

Contribution

It introduces DECIFR, a two-stage membership inference attack that exploits standard cell library layouts to compromise IC training data without auxiliary datasets.

Findings

Reconstructed images reveal membership status based on quality.

The attack achieves high accuracy in distinguishing members from non-members.

Standard FL protocols are vulnerable in domain-specific contexts.

Abstract

Federated Learning (FL) is a promising approach for multiparty collaboration as a privacy-preserving technique in hardware assurance, but its security against adversaries with domain-specific knowledge is underexplored. This paper demonstrates a critical vulnerability where available standard cell library layouts (SCLL) can be exploited to compromise the privacy of sensitive integrated circuit (IC) training data. We introduce DECIFR, a novel two-stage Membership Inference Attack (MIA) that requires no auxiliary dataset. The attack employs a guided Gradient Inversion Attack (GIA) to reconstruct a client's training images from intercepted model updates. Our findings reveal that the fidelity of these reconstructions directly correlates with membership status, allowing an adversary to reliably distinguish members from non-members based on image quality. This work exposes a practical threat that overcomes the limitations of conventional attacks and underscores that standard FL protocols are insufficient for securing domains with extensive knowledge. We conclude that robust defenses are essential for the secure application of FL in hardware assurance.