CryptGNN: Enabling Secure Inference for Graph Neural Networks
This addresses privacy and security concerns for clients and model owners in third-party GNN deployments, representing an incremental improvement in secure ML methods.
The paper tackles the problem of enabling secure inference for graph neural networks (GNNs) in cloud-based ML-as-a-service scenarios, resulting in a solution called CryptGNN that protects client data, graph structure, and model parameters using secure multi-party computation, with provable security against collusion.
We present CryptGNN, a secure and effective inference solution for third-party graph neural network (GNN) models in the cloud, which are accessed by clients as ML as a service (MLaaS). The main novelty of CryptGNN is its secure message passing and feature transformation layers using distributed secure multi-party computation (SMPC) techniques. CryptGNN protects the client's input data and graph structure from the cloud provider and the third-party model owner, and it protects the model parameters from the cloud provider and the clients. CryptGNN works with any number of SMPC parties, does not require a trusted server, and is provably secure even if P-1 out of P parties in the cloud collude. Theoretical analysis and empirical experiments demonstrate the security and efficiency of CryptGNN.