Sensitive images of secret computer chips can be reconstructed from encrypted updates even when the data never leaves the original server.
April 24, 2026
Original Paper
A Data-Free Membership Inference Attack on Federated Learning in Hardware Assurance
arXiv · 2604.19891
The Takeaway
This attack overturns the belief that Federated Learning is a safe way to collaborate on hardware design. By using common knowledge about cell libraries, an attacker can leak the actual physical layouts of the chips being trained. This means that a competitor could steal a secret circuit design just by participating in a shared training session. No extra data is needed to pull off the attack, making it a major threat to hardware security. Companies can no longer rely on encryption alone to keep their intellectual property safe in the AI era. Physical design security needs a total overhaul.
From the abstract
Federated Learning (FL) is an emerging solution to the data scarcity problem for training deep learning models in hardware assurance. While FL is designed to enhance privacy by not sharing raw data, it remains vulnerable to Membership Inference Attacks (MIAs) that can leak sensitive intellectual property (IP). Traditional MIAs are often impractical in this domain because they require access to auxiliary datasets that can match the unique statistical properties of private data. This paper introdu