CryptGNN: Enabling Secure Inference for Graph Neural Networks

Pritam Sen; Yao Ma; Cristian Borcea

doi:10.1145/3719027.3765232

CryptGNN: Enabling Secure Inference for Graph Neural Networks

Pritam Sen
, Yao Ma
, Cristian Borcea

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present CryptGNN, a secure and effective inference solution for third-party graph neural network (GNN) models in the cloud, which are accessed by clients as ML as a service (MLaaS). The main novelty of CryptGNN is its secure message passing and feature transformation layers using distributed secure multi-party computation (SMPC) techniques. CryptGNN protects the client's input data and graph structure from the cloud provider and the third-party model owner, and it protects the model parameters from the cloud provider and the clients. CryptGNN works with any number of SMPC parties, does not require a trusted server, and is provably secure even if P − 1 out of P parties in the cloud collude. Theoretical analysis and empirical experiments demonstrate the security and efficiency of CryptGNN.

Original language	English (US)
Title of host publication	CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	291-305
Number of pages	15
ISBN (Electronic)	9798400715259
DOIs	https://doi.org/10.1145/3719027.3765232
State	Published - Nov 22 2025
Event	32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025 - Taipei, Taiwan, Province of China Duration: Oct 13 2025 → Oct 17 2025

Publication series

Name	CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025
Country/Territory	Taiwan, Province of China
City	Taipei
Period	10/13/25 → 10/17/25

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications
Computer Science Applications

Keywords

Graph Neural Networks
Machine Learning as a Service
Secure Multi-party Computation

Access to Document

10.1145/3719027.3765232

Cite this

Sen, P., Ma, Y., & Borcea, C. (2025). CryptGNN: Enabling Secure Inference for Graph Neural Networks. In CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (pp. 291-305). (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3719027.3765232

@inproceedings{f09e65beb4c446e7a23525344897c223,

title = "CryptGNN: Enabling Secure Inference for Graph Neural Networks",

abstract = "We present CryptGNN, a secure and effective inference solution for third-party graph neural network (GNN) models in the cloud, which are accessed by clients as ML as a service (MLaaS). The main novelty of CryptGNN is its secure message passing and feature transformation layers using distributed secure multi-party computation (SMPC) techniques. CryptGNN protects the client's input data and graph structure from the cloud provider and the third-party model owner, and it protects the model parameters from the cloud provider and the clients. CryptGNN works with any number of SMPC parties, does not require a trusted server, and is provably secure even if P − 1 out of P parties in the cloud collude. Theoretical analysis and empirical experiments demonstrate the security and efficiency of CryptGNN.",

keywords = "Graph Neural Networks, Machine Learning as a Service, Secure Multi-party Computation",

author = "Pritam Sen and Yao Ma and Cristian Borcea",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025 ; Conference date: 13-10-2025 Through 17-10-2025",

year = "2025",

month = nov,

day = "22",

doi = "10.1145/3719027.3765232",

language = "English (US)",

series = "CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "291--305",

booktitle = "CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security",

}

Sen, P, Ma, Y & Borcea, C 2025, CryptGNN: Enabling Secure Inference for Graph Neural Networks. in CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 291-305, 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025, Taipei, Taiwan, Province of China, 10/13/25. https://doi.org/10.1145/3719027.3765232

CryptGNN: Enabling Secure Inference for Graph Neural Networks. / Sen, Pritam; Ma, Yao; Borcea, Cristian.
CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2025. p. 291-305 (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - CryptGNN

T2 - 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025

AU - Sen, Pritam

AU - Ma, Yao

AU - Borcea, Cristian

PY - 2025/11/22

Y1 - 2025/11/22

N2 - We present CryptGNN, a secure and effective inference solution for third-party graph neural network (GNN) models in the cloud, which are accessed by clients as ML as a service (MLaaS). The main novelty of CryptGNN is its secure message passing and feature transformation layers using distributed secure multi-party computation (SMPC) techniques. CryptGNN protects the client's input data and graph structure from the cloud provider and the third-party model owner, and it protects the model parameters from the cloud provider and the clients. CryptGNN works with any number of SMPC parties, does not require a trusted server, and is provably secure even if P − 1 out of P parties in the cloud collude. Theoretical analysis and empirical experiments demonstrate the security and efficiency of CryptGNN.

AB - We present CryptGNN, a secure and effective inference solution for third-party graph neural network (GNN) models in the cloud, which are accessed by clients as ML as a service (MLaaS). The main novelty of CryptGNN is its secure message passing and feature transformation layers using distributed secure multi-party computation (SMPC) techniques. CryptGNN protects the client's input data and graph structure from the cloud provider and the third-party model owner, and it protects the model parameters from the cloud provider and the clients. CryptGNN works with any number of SMPC parties, does not require a trusted server, and is provably secure even if P − 1 out of P parties in the cloud collude. Theoretical analysis and empirical experiments demonstrate the security and efficiency of CryptGNN.

KW - Graph Neural Networks

KW - Machine Learning as a Service

KW - Secure Multi-party Computation

UR - https://www.scopus.com/pages/publications/105023862621

UR - https://www.scopus.com/pages/publications/105023862621#tab=citedBy

U2 - 10.1145/3719027.3765232

DO - 10.1145/3719027.3765232

M3 - Conference contribution

AN - SCOPUS:105023862621

T3 - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

SP - 291

EP - 305

BT - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 13 October 2025 through 17 October 2025

ER -

Sen P, Ma Y, Borcea C. CryptGNN: Enabling Secure Inference for Graph Neural Networks. In CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2025. p. 291-305. (CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3719027.3765232

CryptGNN: Enabling Secure Inference for Graph Neural Networks

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this