E-GAP: Evolutionary Gradient Attack on Privacy

Collaborative learning, particularly in Federated Learning, has revolutionized the industry by enabling models to be trained collectively by a group while preserving participants’ data privacy. Such networks operate by sharing only local updates with a global model, preventing direct exposure of raw data. However, vulnerabilities such as optimization-based gradient attacks have demonstrated the potential to reconstruct raw data from shared updates, exposing critical privacy risks and questioning the robustness of these frameworks. In this paper, we propose a privacy attack referred to as Evolutionary Gradient Attack on Privacy (E-GAP), an enhancement of the Recursive Gradient Attack on Privacy (R-GAP). E-GAP integrates Differential Evolution (DE) which belongs to the class of evolutionary algorithms, to optimize reconstructed gradients, diverging from traditional gradient descent approaches that rely on mean squared error (MSE). Since evolutionary approach allows us to examine the non-uniqueness of gradient weights, E-GAP not only improves reconstruction efficacy but also offers more profound insights into how these weights facilitate data reconstruction in weight-sharing networks. This study presents advances to an existing privacy attack, highlighting the inherent vulnerabilities of Federated Learning, and sheds light on the urgent need to reassess privacy safeguards in such frameworks. The implementation of E-GAP is publicly available at https://github.com/yuvrajchaudhry/egap.