Contents I. Introduction
Graphs have been widely used to model and manage data in various real-world applications, including recommendation systems [1], social networks [2] and webpage networks [3]. Graph data, however, is highly complex and inherently sparse, making graph analytics challenging [4]. With the rapid advancements in deep learning, Graph Neural Networks (GNNs) [5] have recently gained a lot of traction as a powerful tool for graph analytics due to its end-to-end processing capabilities. GNNs can empower a variety of graph-centric applications such as node classification [6], edge classification [7] and link prediction [8]. With the widespread adoption of cloud computing, it is increasingly popular to deploy machine learning training and inference services in the cloud [9], [10], due to the well-understood benefits [11], [12]. However, GNN training and inference, if deployed in the public cloud, will raise critical severe privacy concerns. Graph data is information-rich and can reveal a considerable amount of sensitive information. For example, in a social network graph, the connections between nodes represent users’ circles of friends and each node's features represent each user's preferences. Meanwhile, the graph data as well as the trained GNN model are the proprietary to the data owner, so revealing them may easily harm the business model. Therefore, security must be embedded in outsourcing GNN training and inference to the cloud.
