Reviews: Deep Leakage from Gradients

Elegant approach - The approach, unlike [27] is much simpler and requires weaker assumptions to reconstruct the input data. Major concerns: a. Attack model / gradient computation - The authors look at the specific case of reconstructing raw private inputs resulting from gradients resulting from a single iteration computed on a small batch of images. The attack model assumes these are shared to the adversary. In this particular case, I'm skeptical of the effectiveness of the proposed attack. Missing details / writing I strongly recommend the authors to make more passes to fix typos/gramma and add many missing details that makes the findings unclear: - Implementation: * L135: CIFAR CIFAR10 or CIFAR100?