← Back to papers
2023 AISTATS AISTATS 2023

Reconstructing Training Data from Model Gradient, Provably

Abstract

Understanding when and how much a model gradient leaks information about the training sample is an important question in privacy. In this paper, we present a surprising result: Even without training or memorizing the data, we can fully reconstruct the training samples from a single gradient query at a randomly chosen parameter value. We prove the identifiability of the training data under mild assumptions: with shallow or deep neural networks and wide range of activation functions. We also present a statistically and computationally efficient algorithm based on tensor decomposition to reconstruct the training data. As a provable attack that reveals sensitive training data, our findings suggest potential severe threats to privacy, especially in federated learning.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Machine Learning
🧭 Keyword Pioneer — gradient inversion attack
🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Security & Privacy, Speech & Audio
🐣 Hot Topic Early Bird — training datum

Authors

Zihan Wang , Jason Lee , Qi Lei

Topics

Artificial Intelligence > Learning Paradigms > Federated Learning Machine Learning > Application Areas > Privacy Machine Learning > Learning Types > Federated Learning Artificial Intelligence > Core AI > Privacy

Keywords

federated learning tensor decomposition membership inference training datum gradient inversion attack training data reconstruction gradient leakage neural network
Download PDF

Related papers

Safe Sequential Testing and Effect Estimation in Stratified Count Data 2023
Who Should Predict? Exact Algorithms For Learning to Defer to Humans 2023
An Online and Unified Algorithm for Projection Matrix Vector Multiplication with Application to Empirical Risk Minimization 2023
Stochastic Gradient Descent-Ascent: Unified Theory and New Efficient Methods 2023
The Ordered Matrix Dirichlet for State-Space Models 2023