DESIGN: Encrypted GNN Inference via Server-Side Input Graph Pruning
Kaixiang Zhao, Joseph Yousry Attalla, Qian Lou, Yushun Dong
TL;DR
DESIGN introduces a server-side hierarchical optimization framework that significantly accelerates encrypted GNN inference by pruning input graphs and adapting activation complexity, enabling practical privacy-preserving graph analytics.
Contribution
It presents a novel FHE-compatible input graph pruning and adaptive activation scheme, improving efficiency of encrypted GNN inference over existing methods.
Findings
Substantially faster FHE GNN inference compared to state-of-the-art.
Maintains competitive accuracy while optimizing performance.
Effective input graph pruning guided by encrypted importance scores.
Abstract
Graph Neural Networks (GNNs) have achieved state-of-the-art performance in various graph-based learning tasks. However, enabling privacy-preserving GNNs in encrypted domains, such as under Fully Homomorphic Encryption (FHE), typically incurs substantial computational overhead, rendering real-time and privacy-preserving inference impractical. In this work, we propose DESIGN (EncrypteD GNN Inference via sErver-Side Input Graph pruNing), a novel framework for efficient encrypted GNN inference. DESIGN tackles the critical efficiency limitations of existing FHE GNN approaches, which often overlook input data redundancy and apply uniform computational strategies. Our framework achieves significant performance gains through a hierarchical optimization strategy executed entirely on the server: first, FHE-compatible node importance scores (based on encrypted degree statistics) are computed from…
Peer Reviews
Decision·Submitted to ICLR 2026
The research problem is both meaningful and timely, as reducing inference latency remains a critical challenge in privacy-preserving GNN computation. The proposed approach of offloading computation to the server side is practical and well-aligned with real-world deployment scenarios, making the framework readily adaptable for practical implementation.
In the evaluation section, the latency breakdown is insufficiently detailed, it remains unclear how much of the total runtime is attributed to graph pruning versus HE computation within the GNN. Furthermore, the process of generating encrypted graph masks appears to introduce additional HE operation complexity compared to prior methods. This aspect should be further clarified and quantitatively analyzed by the authors to better understand its impact on overall performance and scalability. With
1. tackles the practical challenge of efficient GNN inference under fully homomorphic encryption (FHE). 2.Clearly defines the computation and accuracy trade-off in encrypted GNNs and provides quantitative evidence.
(1)Lack of justification for using node degree as the importance metric. The use of node degree as the only importance metric is heuristic and may not reflect true semantic importance. (2)Missing analysis on sensitivity or correlation. Although Appendix C analyzes pruning thresholds, there is no quantitative analysis showing how well degree-based importance aligns with actual contribution to model accuracy or message propagation strength. (3) The adaptive activation scheme lacks theoretical jus
1. The paper tackles an important and timely problem—improving the practicality of encrypted GNN inference under FHE—and proposes a coherent, end-to-end framework that operates entirely on the server side. 2. The dual-pruning design is technically elegant and well-justified: a single encrypted importance metric (degree) drives both pruning and adaptive activation allocation, which efficiently balances latency and multiplicative depth.
1. The pruning masks are generated dynamically at runtime for each encrypted graph, meaning computation patterns (e.g., number of masked nodes or chosen activation degrees) depend on input data. This introduces potential side-channel leakage through timing or resource-usage patterns, which could reveal structural information such as degree distribution. The paper does not acknowledge or mitigate this risk, leaving a gap in its privacy analysis. 2. The choice of node degree as the sole importance
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Privacy-Preserving Technologies in Data
MethodsPruning