Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PrivGNN: High-Performance Secure Inference for Cryptographic Graph Neural Networks

Fuyi Wang, Zekai Chen, Mingyuan Fan, Jianying Zhou, Lei Pan, Leo Yu Zhang

TL;DR

PrivGNN tackles the challenge of privacy-preserving graph neural network inference in cloud settings by introducing a lightweight offline–online 2PC framework that leverages additive secret sharing and function secret sharing. It provides secure building blocks for matrix multiplication, polynomial evaluations, and nonlinear activations (DReLU, piecewise polynomials) and integrates them into a cohesive MP-NN workflow with three secure components (PrivMF, PrivUF, PrivRF). Theoretical security is established under a semi-honest model via sequential composition, and extensive experiments on MNIST, CIFAR, CIFAR-100, and QM9 demonstrate substantial online speedups (up to 1.2×–73.6× faster) with accuracy close to plaintext baselines. The results indicate PrivGNN’s practical potential for secure, scalable graph-centric services in domains such as drug discovery, where protecting graph structure, features, and model weights is critical.

Abstract

Graph neural networks (GNNs) are powerful tools for analyzing and learning from graph-structured (GS) data, facilitating a wide range of services. Deploying such services in privacy-critical cloud environments necessitates the development of secure inference (SI) protocols that safeguard sensitive GS data. However, existing SI solutions largely focus on convolutional models for image and text data, leaving the challenge of securing GNNs and GS data relatively underexplored. In this work, we design, implement, and evaluate $\sysname$, a lightweight cryptographic scheme for graph-centric inference in the cloud. By hybridizing additive and function secret sharings within secure two-party computation (2PC), $\sysname$ is carefully designed based on a series of novel 2PC interactive protocols that achieve $1.5\times \sim 1.7\times$ speedups for linear layers and $2\times \sim 15\times$ for non-linear layers over state-of-the-art (SotA) solutions. A thorough theoretical analysis is provided to prove $\sysname$'s correctness, security, and lightweight nature. Extensive experiments across four datasets demonstrate $\sysname$'s superior efficiency with $1.3\times \sim 4.7\times$ faster secure predictions while maintaining accuracy comparable to plaintext graph property inference.

PrivGNN: High-Performance Secure Inference for Cryptographic Graph Neural Networks

TL;DR

PrivGNN tackles the challenge of privacy-preserving graph neural network inference in cloud settings by introducing a lightweight offline–online 2PC framework that leverages additive secret sharing and function secret sharing. It provides secure building blocks for matrix multiplication, polynomial evaluations, and nonlinear activations (DReLU, piecewise polynomials) and integrates them into a cohesive MP-NN workflow with three secure components (PrivMF, PrivUF, PrivRF). Theoretical security is established under a semi-honest model via sequential composition, and extensive experiments on MNIST, CIFAR, CIFAR-100, and QM9 demonstrate substantial online speedups (up to 1.2×–73.6× faster) with accuracy close to plaintext baselines. The results indicate PrivGNN’s practical potential for secure, scalable graph-centric services in domains such as drug discovery, where protecting graph structure, features, and model weights is critical.

Abstract

Graph neural networks (GNNs) are powerful tools for analyzing and learning from graph-structured (GS) data, facilitating a wide range of services. Deploying such services in privacy-critical cloud environments necessitates the development of secure inference (SI) protocols that safeguard sensitive GS data. However, existing SI solutions largely focus on convolutional models for image and text data, leaving the challenge of securing GNNs and GS data relatively underexplored. In this work, we design, implement, and evaluate , a lightweight cryptographic scheme for graph-centric inference in the cloud. By hybridizing additive and function secret sharings within secure two-party computation (2PC), is carefully designed based on a series of novel 2PC interactive protocols that achieve speedups for linear layers and for non-linear layers over state-of-the-art (SotA) solutions. A thorough theoretical analysis is provided to prove 's correctness, security, and lightweight nature. Extensive experiments across four datasets demonstrate 's superior efficiency with faster secure predictions while maintaining accuracy comparable to plaintext graph property inference.

Paper Structure

This paper contains 15 sections, 1 theorem, 1 equation, 5 figures, 3 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. System Overview
  4. Our Approach
  5. Secure Matrix Multiplication Protocol
  6. Secure Quadratic Polynomial Protocol
  7. Secure DReLU Protocol
  8. Secure Piecewise Polynomials Protocol
  9. Putting Things Together
  10. Theoretical Analysis
  11. Experimental Evaluation
  12. Microbenchmarks
  13. Summary of Accuracy
  14. Performance Comparison with SotA Schemes
  15. Conclusion

Key Result

theorem thmcountertheorem

$\text{PrivGNN}$'s secure inference scheme $\prod^{\text{PrivGNN}}$ securely realizes the ideal functionality $\mathcal{F}^{\text{PrivGNN}}$ in the presence of one semi-honest adversary $\mathcal{A}$ in the ($\prod_{\textsf{SecCONV}}$, $\prod_{\textsf{SecReLU}}$, $\prod_{\textsf{SecMaxPool}}$, $\pro

Figures (5)

  • Figure 1: A client-server secure inference scenario.
  • Figure 2: Performance comparison of $\mathtt{SQuaPol}$ protocol.
  • Figure 3: Performance comparison of SecReLU protocol.
  • Figure 4: Performance comparison of SecSig/SecTanh protocols: SiRNN uses a 3-piece polynomial, MiniONN a 12-piece linear approximation, while our protocol employs a 12-piece quadratic approximation, offering better accuracy due to the higher polynomial degree.
  • Figure 5: Performance comparison of different functions in GNNs.

Theorems & Definitions (4)

  • definition thmcounterdefinition
  • definition thmcounterdefinition
  • definition thmcounterdefinition
  • theorem thmcountertheorem