A Hybrid Secure Computation Framework for Graph Neural Networks

Abstract

The Multi-party Secure Computation (MPC)-based methods for privacy-preserving Graph Neural Networks (GNNs) are still challenged by high communication overhead. Moreover, the security guarantee of most MPC-based methods can only defend against the semi-honest adversary, while a few methods which can defend against the malicious adversary will cause a further increase in communication overhead. Moreover, Software Guard Extensions (SGX), which can provide the data confidentiality and code integrity, has been considered as a novel solution to privacy-preserving GNN. Unfortunately, previous work has shown that SGX is vulnerable to side-channel attacks that deprive its confidentiality and preserve only its integrity. To solve the above problems, we propose an n-party secure computation framework for GNNs using SGX. This framework can reduce the communication overhead and improve the security guarantee without relying on the confidentiality of SGX. Specifically, both data holders and the server hold SGX. Data holders enrich the data and train the model by MPC efficiently with the assistance of the server. SGX ensures integrity, where data holders and the server must execute according to protocols, so malicious adversaries cannot deviate from the protocol to breach privacy and security. Even if the confidentiality of SGX was breached, the adversary could only access the ciphertext in MPC instead of the plaintext. We conduct experiments on public datasets to demonstrate that our framework has achieved comparable performance with traditional GNNs and perform security analysis to validate that our framework satisfies security and privacy requirements.