Breaking Privacy in Federated Clustering: Perfect Input Reconstruction via Temporal Correlations

Federated clustering allows multiple parties to discover patterns in distributed data without sharing raw samples. To reduce overhead, many protocols disclose intermediate centroids during training. While often treated as harmless for efficiency, whether such disclosure compromises privacy remains an open question. Prior analyses modeled the problem as a so-called Hidden Subset Sum Problem (HSSP) and argued that centroid release may be safe, since classical HSSP attacks fail to recover inputs. We revisit this question and uncover a new leakage mechanism: temporal regularities in $k$-means iterations create exploitable structure that enables perfect input reconstruction. Building on this insight, we propose Trajectory-Aware Reconstruction (TAR), an attack that combines temporal assignment information with algebraic analysis to recover exact original inputs. Our findings provide the first rigorous evidence, supported by a practical attack, that centroid disclosure in federated clustering significantly compromises privacy, exposing a fundamental tension between privacy and efficiency.

Key Contributions

• First rigorous theoretical and empirical evidence that releasing intermediate centroids in federated k-means is fundamentally insecure, contradicting prior HSSP-based analyses that deemed centroid disclosure safe.
• TAR (Trajectory-Aware Reconstruction) attack that exploits temporal regularities in k-means iterations — specifically stable cluster membership and identical switching trajectories — to induce recoverable algebraic structure in the assignment matrix.
• RREF-based recoverability test that provides both theoretical guarantees and a practical check for when perfect input reconstruction is achievable.

🛡️ Threat Analysis

Details

Similar Papers