Go to ICLR 2026 Conference homepageGradientHide: Federated Learning with Two-Stage Local Update for Defending Against Gradient Inversion Attacks
Keywords: Federated Learning, Privacy Leakage, Gradient Inversion
TL;DR: GradientHide defends against gradient inversion in federated learning by adding a public data update step and using CLIP for label alignment, effectively protecting privacy while preserving model accuracy across benchmark datasets.
Abstract: Federated learning enables collaborative training of neural networks across distributed clients coordinated by a central server. In each communication round, clients receive the current global model parameters and upload gradient updates computed on their private local data. However, transmitting such updates poses significant privacy risks, as adversaries may exploit them to reconstruct sensitive training data via gradient inversion attacks. To address this challenge, we propose GradientHide, a novel defense framework that obfuscates private information contained in gradients. Specifically, we introduce an additional update step using public data before transmitting gradients to the server, thereby hiding privacy information embedded in gradients. To mitigate potential performance degradation from using public data, we leverage CLIP's zero-shot inference for semantic alignment, enabling effective use of public images without extra training. GradientHide is evaluated against representative gradient inversion attacks and compared with state-of-the-art defense approaches across three benchmark datasets, followed by a thorough analysis of its effectiveness. Our findings demonstrate that GradientHide offers substantial resistance to gradient inversion attacks, evidenced by lower PSNR scores and semantic distortion in reconstructions, while preserving competitive model performance.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 8522
Loading