Differentially private GNNs (Graph Neural Networks) have been recently studied to provide high accuracy in various tasks on graph data while strongly protecting user privacy. In particular, a recent study proposes an algorithm to protect each user's feature vector in an attributed graph with LDP (Local Differential Privacy), a strong privacy notion without a trusted third party. However, this algorithm does not protect edges (friendships) in a social graph or protect user privacy in unattributed graphs. How to strongly protect edges with high accuracy in GNNs remains open. In this paper, we propose a novel LDP algorithm called the DPRR (Degree-Preserving Randomized Response) to provide LDP for edges in GNNs. Our DPRR preserves each user's degree hence a graph structure while providing edge LDP. Technically, we use Warner's RR (Randomized Response) and strategic edge sampling, where each user's sampling probability is automatically tuned to preserve the degree information. We prove that the DPRR approximately preserves the degree information under edge LDP. We focus on graph classification as a task of GNNs and evaluate the DPRR using four social graph datasets. Our experimental results show that the DPRR significantly outperforms three baselines and provides accuracy close to a non-private algorithm in all datasets with a reasonable privacy budget, e.g., epsilon=1.

翻译：差分私有图神经网络（GNN）近期被研究用于在强保护用户隐私的同时，高精度完成图数据的各类任务。特别地，一项近期研究提出了在无可信第三方的强隐私概念——局部差分隐私（LDP）下，保护属性图中每个用户特征向量的算法。然而，该算法未能保护社交图中的边（好友关系），也无法保护非属性图中的用户隐私。如何在GNN中强保护边且保持高精度仍是一个开放问题。本文提出一种新颖的LDP算法——保度随机响应（DPRR），为GNN中的边提供LDP保障。DPRR在提供边LDP的同时，通过保留每个用户的度数来维持图结构。技术上，我们采用沃纳随机响应（RR）与策略性边采样，其中每个用户的采样概率被自动调节以保留度数信息。我们证明DPRR在边LDP下近似保留度数信息。以图分类作为GNN任务，使用四个社交图数据集评估DPRR。实验结果表明，DPRR显著优于三种基线方法，并在所有数据集上以合理隐私预算（如ε=1）达到了接近非私有算法的精度。