Cracking Federated Privacy: Initialization-Resilient Gradient Inversion with Fine-Grained Reconstruction

Federated Learning (FL) remains vulnerable to Gradient Inversion Attacks (GIA), where shared gradients can reveal clients' private data. Existing attacks struggle under early-stage initialization variations and often produce coarse reconstructions. In this paper, we identify sparsity changes in shared gradients as the primary source of this sensitivity and propose an initialization-resilient GIA with a coarse-to-fine design, achieving fine-grained recovery. The coarse stage aligns gradient directions and constrains non-zero entries to mitigate sparsity changes, while the fine stage refines magnitude alignment by a hybrid metric combining Cosine distance with a deformed Manhattan term. Extensive experiments against five baselines show up to 200% PSNR gain (25.4 → 47.7 dB) under sensitive initializations on CIFAR-10/100, with consistently delivering fine-grained recovery across four datasets and the entire FL lifecycle. Our method maintains competitive performance with SOTA baselines across batch sizes and local steps and reveals persistent leakage on several popular models and insufficient defenses, underscoring the urgent need for stronger privacy-preserving mechanisms.