In federated learning (FL), client-uploaded gradient updates remain vulnerable to gradient inversion attacks (GIAs), enabling adversaries to reconstruct and leak original training data. Existing GIA methods suffer from low reconstruction quality—exhibiting high noise levels and severe perceptual distortions. This paper introduces, for the first time, diffusion models into the GIA framework as a plug-and-play denoising module, synergistically integrated with optimization-based inversion algorithms under the proxy dataset assumption to achieve high-fidelity image reconstruction. The approach is general-purpose and seamlessly compatible with multiple state-of-the-art GIA schemes. Experiments across diverse FL settings demonstrate that our method improves the DreamSim metric by up to 46% over prior art, significantly enhancing semantic fidelity and visual quality of reconstructed images. This advancement provides a more robust analytical tool for privacy risk assessment in FL.

Federated Learning (FL) enables collaborative training of Machine Learning (ML) models across multiple clients while preserving their privacy. Rather than sharing raw data, federated clients transmit locally computed updates to train the global model. Although this paradigm should provide stronger privacy guarantees than centralized ML, client updates remain vulnerable to privacy leakage. Adversaries can exploit them to infer sensitive properties about the training data or even to reconstruct the original inputs via Gradient Inversion Attacks (GIAs). Under the honest-butcurious threat model, GIAs attempt to reconstruct training data by reversing intermediate updates using optimizationbased techniques. We observe that these approaches usually reconstruct noisy approximations of the original inputs, whose quality can be enhanced with specialized denoising models. This paper presents Gradient Update Inversion with DEnoising (GUIDE), a novel methodology that leverages diffusion models as denoising tools to improve image reconstruction attacks in FL. GUIDE can be integrated into any GIAs that exploits surrogate datasets, a widely adopted assumption in GIAs literature. We comprehensively evaluate our approach in two attack scenarios that use different FL algorithms, models, and datasets. Our results demonstrate that GUIDE integrates seamlessly with two state-ofthe- art GIAs, substantially improving reconstruction quality across multiple metrics. Specifically, GUIDE achieves up to 46% higher perceptual similarity, as measured by the DreamSim metric.