Differentially private GNNs (Graph Neural Networks) have been recently studied to provide high accuracy in various tasks on graph data while strongly protecting user privacy. In particular, a recent study proposes an algorithm to protect each user's feature vector in an attributed graph with LDP (Local Differential Privacy), a strong privacy notion without a trusted third party. However, this algorithm does not protect edges (friendships) in a social graph, hence cannot protect user privacy in unattributed graphs. How to provide strong privacy with high accuracy in unattributed graphs remains open. In this paper, we propose a novel LDP algorithm called the DPRR (Degree-Preserving Randomized Response) to provide LDP for edges in GNNs. Our DPRR preserves each user's degree hence a graph structure while providing edge LDP. Technically, our DPRR uses Warner's RR (Randomized Response) and strategic edge sampling, where each user's sampling probability is automatically tuned using the Laplacian mechanism to preserve the degree information under edge LDP. We also propose a privacy budget allocation method to make the noise in both Warner's RR and the Laplacian mechanism small. We focus on graph classification as a task of GNNs and evaluate the DPRR using three social graph datasets. Our experimental results show that the DPRR significantly outperforms three baselines and provides accuracy close to a non-private algorithm in all datasets with a reasonable privacy budget, e.g., epsilon=1.

翻译：差分隐私图神经网络（GNN）近年来被研究用于在图数据上各类任务中实现高准确率，同时强有力地保护用户隐私。特别地，最近一项研究提出了一种算法，在无需可信第三方的强隐私概念——本地差分隐私（LDP）下，保护属性图中每个用户的特征向量。然而，该算法无法保护社交图中的边（即好友关系），因此无法在非属性图中保护用户隐私。如何在非属性图中实现高准确率与强隐私保护仍是开放问题。本文提出一种名为DPRR（保持度数的随机响应）的新型LDP算法，为GNN中的边提供LDP保护。我们的DPRR在提供边LDP的同时，保留每个用户的度数，进而保留图结构。技术上，DPRR采用Warner的随机响应（RR）和策略性边采样，其中每个用户的采样概率通过拉普拉斯机制自动调整，以在边LDP下保留度数信息。我们还提出一种隐私预算分配方法，使Warner的RR和拉普拉斯机制中的噪声均较小。我们以图分类作为GNN任务，并使用三个社交图数据集评估DPRR。实验结果表明，DPRR显著优于三个基线方法，并在所有数据集上以合理隐私预算（如ε=1）实现了接近非隐私算法的准确率。