SPEAR: Exact Gradient Inversion of Batches in Federated Learning

Federated learning is a framework for collaborative machine learning where clients only share gradient updates and not their private data with a server. However, it was recently shown that gradient inversion attacks can reconstruct this data from the shared gradients. In the important honest-but-curious setting, existing attacks enable exact reconstruction only for batch size of b 1, with larger batches permitting only approximate reconstruction. In this work, we propose SPEAR, *the first algorithm reconstructing whole batches with b 1 exactly*. SPEAR combines insights into the explicit low-rank structure of gradients with a sampling-based algorithm.