Primary Investigator:
Wenhai Sun

Project Members
Xiaolin Li Wenhai Sun

Differential Privacy (DP) is widely believed to improve robustness against poisoning in Federated Learning (FL), but in DP-FL attackers face a tradeoff: DP-opt-out can yield strong backdoors but is easier to detect, while DP-opt-in is stealthier under DP noise yet typically weaker. We present Ring, a coordinated backdoor attack that uses DP noise as camouflage, making each malicious update appear statistically similar to benign DP-perturbed updates, while canceling the crafted noise during aggregation to recover a strong backdoor signal. Across 4 datasets, 3 non-IID settings, and 6 defenses, Ring achieves high ASR (~0.985) with low detectability, exposing a new security–privacy–utility gap and motivating DP-aware defenses.