GRAND : Graph Reconstruction from potential partial Adjacency and Neighborhood Data

TL;DR

This work analyzes privacy leakage in distributed graph computations that output the number of common neighbors. It presents GRAND, a hybrid attack combining topology-driven inferences and a spectral reconstruction that leverages partial prior knowledge to recover the original adjacency $G$ from $G^2$, introducing the novel notion of co-square equivalence. The authors demonstrate that secure multiparty protocols do not guarantee privacy for graphs, achieving accurate reconstructions on real datasets and highlighting the impact of partial information. They propose a pipeline that iteratively refines guesses, accounts for co-square ambiguities with co-square instantiation, and uses targeted error forgetting to improve robustness. The results underscore practical privacy risks in networked data and provide a foundation for further study of graph reconstruction from neighborhood data, with directions toward directed and bipartite graphs and complexity analyses.

Abstract

Cryptographic approaches, such as secure multiparty computation, can be used to compute in a secure manner the function of a distributed graph without centralizing the data of each participant. However, the output of the protocol itself can leak sensitive information about the structure of the original graph. In particular, in this work we propose an approach by which an adversary observing the result of a private protocol for the computation of the number of common neighbors between all pairs of vertices, can reconstruct the adjacency matrix of the graph. In fact, this can only be done up to co-squareness, a notion we introduce, as two different graphs can have the same matrix of common neighbors. We consider two models of adversary, one who observes the common neighbors matrix only, and a knowledgeable one, that has a partial knowledge of the original graph. Our results demonstrate that secure multiparty protocols are not enough for privacy protection, especially in the context of highly structured data such as graphs. The reconstruction that we propose is interesting in itself from the point of view of graph theory.

Figures (14)

• Figure 1: Reconstruction errors on Netscience, in terms of the adjacency matrix and the common neighbors matrix. $\hat{G}$ denotes the adjacency matrix of the reconstructed graph, and $\hat{G}^2$ denotes its square. Red dots represent mismatches with regard to the original matrices.
• Figure 2: Example of a graph $G^\star$ and its adjacency matrix.
• Figure 3: Two co-square (and non co-spectral) graphs
• Figure 4: DegreeCombinationAttack. The sum of the row of vertex 3 in $G^2$ is equal to the sum of the degrees of 1, 2, 4 and 5. Thus, the edges (1, 3), (2, 3), (4, 3), (5, 3) do exist in $G$.
• Figure 5: DegreeMatchingAttack. The degree of vertex 5 (1) is equal to the number of its currently known neighbors in $G^\star$. Thus all unknown edges in the neighborhood of 5 cannot exist.

Theorems & Definitions (7)

• Proposition 1: Rows of $G^2$ and degrees of neighbors
• Proposition 2: Completeness of a neighborhood in $G^\star$
• Proposition 3: Completing a neighborhood in $G^\star$
• Proposition 4: Triangles
• Proposition 5: Bi-cliques
• Proposition 6: Bipartition or disconnectedness of G
• Theorem 1: Eckart and Young