English

Fingerprint Attack: Client De-Anonymization in Federated Learning

Cryptography and Security 2023-10-11 v1 Artificial Intelligence Computation and Language Machine Learning

Abstract

Federated Learning allows collaborative training without data sharing in settings where participants do not trust the central server and one another. Privacy can be further improved by ensuring that communication between the participants and the server is anonymized through a shuffle; decoupling the participant identity from their data. This paper seeks to examine whether such a defense is adequate to guarantee anonymity, by proposing a novel fingerprinting attack over gradients sent by the participants to the server. We show that clustering of gradients can easily break the anonymization in an empirical study of learning federated language models on two language corpora. We then show that training with differential privacy can provide a practical defense against our fingerprint attack.

Keywords

Cite

@article{arxiv.2310.05960,
  title  = {Fingerprint Attack: Client De-Anonymization in Federated Learning},
  author = {Qiongkai Xu and Trevor Cohn and Olga Ohrimenko},
  journal= {arXiv preprint arXiv:2310.05960},
  year   = {2023}
}

Comments

ECAI 2023

R2 v1 2026-06-28T12:45:00.240Z