Distributed machine learning paradigms, such as federated learning, have been recently adopted in many privacy-critical applications for speech analysis. However, such frameworks are vulnerable to privacy leakage attacks from shared gradients. Despite extensive efforts in the image domain, the exploration of speech privacy leakage from gradients is quite limited. In this paper, we explore methods for recovering private speech/speaker information from the shared gradients in distributed learning settings. We conduct experiments on a keyword spotting model with two different types of speech features to quantify the amount of leaked information by measuring the similarity between the original and recovered speech signals. We further demonstrate the feasibility of inferring various levels of side-channel information, including speech content and speaker identity, under the distributed learning framework without accessing the user's data.

翻译：分布式机器学习范式（如联邦学习）近期已被广泛应用于众多隐私敏感型语音分析场景。然而，此类框架容易遭受来自共享梯度的隐私泄露攻击。尽管在图像领域已有大量研究投入，但对于梯度所引发的语音隐私泄露的探索仍十分有限。本文研究了在分布式学习环境下，如何从共享梯度中恢复私有语音/说话者信息的方法。我们基于关键词识别模型，采用两种不同语音特征开展实验，通过测量原始语音信号与重建语音信号的相似度，量化了泄露信息量。进一步地，我们论证了在分布式学习框架下，无需访问用户数据即可推断多种侧信道信息（包括语音内容与说话者身份）的可行性。