Gradient Information From Google GBoard NWP LSTM Is Sufficient to Reconstruct Words Typed
Abstract
Federated Learning is now widely deployed by Google on Android handsets for distributed training of neural networks. While Federated Learning aims to avoid sharing sensitive user data with Google, in this paper we show that when used for GBoard next word prediction Federated Learning provides little privacy to users. Namely, we demonstrate that the words typed by a user can be quickly and accurately reconstructed from the gradients of the GBoard LSTM used for next word prediction. Use of mini-batches does not protect against reconstruction.
Details
The full pdf can be found here.
The paper has been accepted for publication in:
Lang, M., Dowling, S., & Lennon, R. (2022). Multidisciplinary Perspectives on Cybersecurity Research, Practice and Education: Proceedings of the 1st Cyber Research Conference Ireland. Galway: NUI Galway. ISBN: 978-1-911690-00-9.
Cite:
@inproceedings{suliman2022gradient, title={Gradient Information From Google GBoard NWP LSTM Is Sufficient To Reconstruct Words Typed}, author={Suliman, Mohamed and Leith, Douglas}, year={2022}, booktitle={Multidisciplinary Perspectives on Cybersecurity Research, Practice and Education: Proceedings of the 1st Cyber Research Conference Ireland. Galway: NUI Galway. ISBN: 978-1-911690-00-9.} pages={} }