The First VoicePrivacy Attacker Challenge
Natalia Tomashenko, Xiaoxiao Miao, Emmanuel Vincent, Junichi Yamagishi
TL;DR
The First VoicePrivacy Attacker Challenge (ICASSP 2025 SP Grand Challenge) evaluates attacker systems against VoicePrivacy 2024 anonymization baselines using LibriSpeech-based data and a semi-informed threat model. Participants built automatic speaker verification (ASV) attackers that leverage anonymized data, enrollment/trial pairs, and system descriptions to score same/different-speaker pairs, with a baseline ECAPA-TDNN attacker provided. Results show attackers can substantially reduce the privacy protection of anonymization methods, achieving $EER$ improvements of 7–18 absolute (25–44% relative) across several systems, suggesting that current anonymization approaches offer only moderate protection. The study highlights the need for stronger privacy benchmarks and more robust anonymization techniques, and reports that the most effective attackers employed diverse strategies including LoRA-adapted models, PLDA-Mix scoring, and classifier augmentation. A more detailed analysis of these findings is planned for publication in the future.
Abstract
The First VoicePrivacy Attacker Challenge is an ICASSP 2025 SP Grand Challenge which focuses on evaluating attacker systems against a set of voice anonymization systems submitted to the VoicePrivacy 2024 Challenge. Training, development, and evaluation datasets were provided along with a baseline attacker. Participants developed their attacker systems in the form of automatic speaker verification systems and submitted their scores on the development and evaluation data. The best attacker systems reduced the equal error rate (EER) by 25-44% relative w.r.t. the baseline.