Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

VIRGOS: Secure Graph Convolutional Network on Vertically Split Data from Sparse Matrix Decomposition

Yu Zheng, Qizhi Zhang, Lichun Li, Kai Zhou, Shan Yin

TL;DR

Virgos addresses the challenge of privacy-preserving GCN training and inference on vertically partitioned data by introducing a sparse-matrix decomposition that converts a sparse adjacency matrix into a sequence of structured linear transformations. It then couples two novel 1-round MPC primitives, Oblivious Permutation (OP) and Oblivious Selection-Multiplication (OSM), to implement a secure (SM)^2 protocol with constant rounds and $O(|E|)$ communication, dramatically reducing both data exchange and memory usage compared with prior dense-MPC approaches. The authors instantiate a complete end-to-end 2-party framework that achieves near-plaintext accuracy on standard datasets (Cora, Citeseer, Pubmed) while delivering substantial speedups and lower memory footprints under various network conditions. The work also provides extensive experiments, ablations, and open-source code, highlighting practical viability for cross-silo collaboration on graph data without exposing private topology or features. Overall, Virgos advances secure graph learning by marrying sparsity-aware decompositions with efficient 2PC primitives, enabling scalable private GCNs in vertical-partition scenarios.

Abstract

Securely computing graph convolutional networks (GCNs) is critical for applying their analytical capabilities to privacy-sensitive data like social/credit networks. Multiplying a sparse yet large adjacency matrix of a graph in GCN--a core operation in training/inference--poses a performance bottleneck in secure GCNs. Consider a GCN with $|V|$ nodes and $|E|$ edges; it incurs a large $O(|V|^2)$ communication overhead. Modeling bipartite graphs and leveraging the monotonicity of non-zero entry locations, we propose a co-design harmonizing secure multi-party computation (MPC) with matrix sparsity. Our sparse matrix decomposition transforms an arbitrary sparse matrix into a product of structured matrices. Specialized MPC protocols for oblivious permutation and selection multiplication are then tailored, enabling our secure sparse matrix multiplication ($(SM)^2$) protocol, optimized for secure multiplication of these structured matrices. Together, these techniques take $O(|E|)$ communication in constant rounds. Supported by $(SM)^2$, we present Virgos, a secure 2-party framework that is communication-efficient and memory-friendly on standard vertically-partitioned graph datasets. Performance of Virgos has been empirically validated across diverse network conditions.

VIRGOS: Secure Graph Convolutional Network on Vertically Split Data from Sparse Matrix Decomposition

TL;DR

Virgos addresses the challenge of privacy-preserving GCN training and inference on vertically partitioned data by introducing a sparse-matrix decomposition that converts a sparse adjacency matrix into a sequence of structured linear transformations. It then couples two novel 1-round MPC primitives, Oblivious Permutation (OP) and Oblivious Selection-Multiplication (OSM), to implement a secure (SM)^2 protocol with constant rounds and communication, dramatically reducing both data exchange and memory usage compared with prior dense-MPC approaches. The authors instantiate a complete end-to-end 2-party framework that achieves near-plaintext accuracy on standard datasets (Cora, Citeseer, Pubmed) while delivering substantial speedups and lower memory footprints under various network conditions. The work also provides extensive experiments, ablations, and open-source code, highlighting practical viability for cross-silo collaboration on graph data without exposing private topology or features. Overall, Virgos advances secure graph learning by marrying sparsity-aware decompositions with efficient 2PC primitives, enabling scalable private GCNs in vertical-partition scenarios.

Abstract

Securely computing graph convolutional networks (GCNs) is critical for applying their analytical capabilities to privacy-sensitive data like social/credit networks. Multiplying a sparse yet large adjacency matrix of a graph in GCN--a core operation in training/inference--poses a performance bottleneck in secure GCNs. Consider a GCN with nodes and edges; it incurs a large communication overhead. Modeling bipartite graphs and leveraging the monotonicity of non-zero entry locations, we propose a co-design harmonizing secure multi-party computation (MPC) with matrix sparsity. Our sparse matrix decomposition transforms an arbitrary sparse matrix into a product of structured matrices. Specialized MPC protocols for oblivious permutation and selection multiplication are then tailored, enabling our secure sparse matrix multiplication () protocol, optimized for secure multiplication of these structured matrices. Together, these techniques take communication in constant rounds. Supported by , we present Virgos, a secure 2-party framework that is communication-efficient and memory-friendly on standard vertically-partitioned graph datasets. Performance of Virgos has been empirically validated across diverse network conditions.

Paper Structure

This paper contains 82 sections, 10 theorems, 2 equations, 11 figures, 21 tables, 6 algorithms.

Table of Contents

  1. Introduction
  2. New Techniques for Sparse Matrices
  3. Sparse Matrix Decomposition
  4. New Protocols for Linear Transformations
  5. Virgos: Secure GCN made Efficient
  6. Preliminary
  7. Notations.
  8. Secret Sharing.
  9. Graph Convolutional Networks.
  10. System Overview and Security Model
  11. Workflow of VIRGOS
  12. Security Model
  13. Scope of Graph Protection
  14. Sparse Matrix Decomposition
  15. Bipartite Graph Representation
  16. ...and 67 more sections

Key Result

Theorem 1

Let $\mathsf{A}\in \mathbb{M}_{m,n}(\mathcal{R})$ be an $m\times n$ matrix, where each entry is an element from ring $\mathcal{R}$. The elements of $\mathsf{A}$ are $0$'s except $t$ of them. There exists a matrix decomposition $\mathsf{A} = \mathsf{A}_{\mathsf{out}}' \Lambda \sigma_3 \mathsf{A}_{\ma

Figures (11)

  • Figure 1: Ideal Functionality of $\textnormal{Virgos}\xspace$
  • Figure 2: Graph Decomposition through Edges
  • Figure 3: Matrix Decomposition Equivalent to Figure \ref{['fig::graph_decom_diff']}
  • Figure 4: Graph/Matrix Decomposition with Monotonicity
  • Figure 5: Decomposition of $\mathsf{A}_{\mathsf{in}}' = \Sigma \delta'$
  • ...and 6 more figures

Theorems & Definitions (13)

  • Theorem 1
  • Theorem 2: Sparse Matrix Decomposition
  • Theorem 3: Sparse Matrix Multiplication
  • Lemma 1
  • Definition 1: $\mathsf{Q}$-type matrix
  • Definition 2: $\mathsf{P}$-type matrix
  • Theorem 4
  • Theorem 5
  • Definition 3: Semi-honest Security sp/17/Lindell17
  • Theorem 6
  • ...and 3 more