Go to ICLR 2026 Conference homepageMining Your Memory: Client-to-Client Data Stealing in Federated Diffusion Model through Memorization
Keywords: federated learning, diffusion, data extraction attack
TL;DR: We find that the client in federated diffusion models can steal more than 30% of private data from other clients
Abstract: Federated diffusion has emerged as a promising framework for collaboratively training generative models without sharing private training data. However, we reveal a realistic and critical privacy threat of this framework: a single malicious client can steal a large portion of other clients’ private training images without access to any privileged information or interfering the training process. We propose a memorization-guided data stealing attack to expose this vulnerability. This attack exploits the fact that the global diffusion model tends to memorize private training images from all clients and replicate them during generation. Based on this, a malicious client has the potential to steal private images from other clients by generating images from the global diffusion model. However, directly using the global diffusion model’s default generation process rarely produces memorized samples. Therefore, we design two guidance mechanisms that significantly raise the chance of generating memorized training images of benign clients. Experiments show that by employing our attack method, an attacker can steal tens of percents of private images from other clients, while all previous data stealing attacks failed to steal any. More seriously, since our method works entirely after the federated training process, it is naturally stealthy and impossible to be detected.
Primary Area: generative models
Submission Number: 765
Loading