Data Leakage in Federated Averaging. (arXiv:2206.12395v1 [cs.LG])

Recent attacks have shown that user data can be reconstructed from FedSGD
updates, thus breaking privacy. However, these attacks are of limited practical
relevance as federated learning typically uses the FedAvg algorithm. It is
generally accepted that reconstructing data from FedAvg updates is much harder
than FedSGD as: (i) there are unobserved intermediate weight updates, (ii) the
order of inputs matters, and (iii) the order of labels changes every epoch. In
this work, we propose a new optimization-based attack which …

data data leakage lg