In federated learning, gradient inversion attacks (GIAs) face critical challenges under FedAvg’s multi-step aggregation: attackers observe only aggregated gradients, and existing linear surrogate models (e.g., SME) fail to capture the strong nonlinearity of SGD parameter trajectories. This work proposes NL-SME, a nonlinear surrogate model extension that introduces learnable quadratic Bézier curves to explicitly model SGD trajectory curvature via control points. Coupled with dvec scaling and regularization, NL-SME enhances reconstruction expressivity and stability. Evaluated on CIFAR-100 and FEMNIST, NL-SME significantly outperforms baselines—reducing cosine similarity loss by an order of magnitude—while maintaining computational efficiency. By breaking the restrictive linearity assumption, NL-SME establishes a more accurate and expressive attack paradigm for privacy risk assessment in multi-step federated learning.

Federated Learning (FL) preserves privacy by keeping raw data local, yet Gradient Inversion Attacks (GIAs) pose significant threats. In FedAVG multi-step scenarios, attackers observe only aggregated gradients, making data reconstruction challenging. Existing surrogate model methods like SME assume linear parameter trajectories, but we demonstrate this severely underestimates SGD's nonlinear complexity, fundamentally limiting attack effectiveness. We propose Non-Linear Surrogate Model Extension (NL-SME), the first method to introduce nonlinear parametric trajectory modeling for GIAs. Our approach replaces linear interpolation with learnable quadratic Bézier curves that capture SGD's curved characteristics through control points, combined with regularization and dvec scaling mechanisms for enhanced expressiveness. Extensive experiments on CIFAR-100 and FEMNIST datasets show NL-SME significantly outperforms baselines across all metrics, achieving order-of-magnitude improvements in cosine similarity loss while maintaining computational efficiency.This work exposes heightened privacy vulnerabilities in FL's multi-step update paradigm and offers novel perspectives for developing robust defense strategies.