Leaking Circuit Secrets: Gradient Leakage Attacks on Graph Neural Networks

๐Ÿ“… 2026-06-24
๐Ÿ“ˆ Citations: 0
โœจ Influential: 0
๐Ÿ“„ PDF
๐Ÿค– AI Summary
This work systematically investigates the privacy vulnerabilities of prominent graph neural networks (GNNs)โ€”including GraphSAGE, GCN, GIN, and GATโ€”when applied to circuit netlist data, demonstrating their susceptibility to gradient leakage attacks that can expose sensitive information such as gate types and hardware Trojans. The study reveals that attention mechanisms tend to exacerbate information leakage, whereas invertible aggregation enhances model robustness. Through comprehensive experiments evaluating defense strategies like differential privacy, gradient clipping, secure aggregation, quantization-based compression, and adversarial training, the authors find that existing approaches offer protection only under specific conditions and often degrade model utility. These findings underscore the urgent need for more effective and robust privacy-preserving mechanisms tailored to GNN-based hardware design and security applications.
๐Ÿ“ Abstract
As graph neural networks (GNNs) become standard tools for critical tasks in circuit design and analysis, their security and privacy risks require careful attention. Here, we present the first comprehensive evaluation of gradient leakage attacks (GLAs) on GNNs in circuit-design and hardware-security tasks, a practical threat that has been largely overlooked. We assess state-of-the-art (SOTA) GNNs, including GraphSAGE, GCN, GIN, and GAT, trained on standard netlist benchmarks (ISCAS'85, EPFL, and TrustHub), for their fundamental vulnerability to GLAs. We find that GLAs can expose sensitive information, such as gate types and distinctive properties of hardware Trojans, which may assist adversaries in analyzing logic locking schemes or evading Trojan detection mechanisms. Our analysis shows that these risks are influenced by architectural features, with attention mechanisms (GAT) exacerbating leakage, while injective aggregation (GIN) provides comparatively stronger resilience. We further evaluate several SOTA defense techniques, including differential privacy, gradient clipping, secure aggregation, model compression with quantization, and adversarial training. We find that these techniques improve resilience only in specific settings and can also compromise model performance. Overall, our work provides key insights toward privacy-preserving GNNs and highlights the need for more robust and efficient defenses. We release our full methodology and artifacts.
Problem

Research questions and friction points this paper is trying to address.

Gradient Leakage Attacks
Graph Neural Networks
Hardware Security
Privacy Risk
Circuit Design
Innovation

Methods, ideas, or system contributions that make the work stand out.

Gradient Leakage Attack
Graph Neural Networks
Hardware Security
Privacy-Preserving ML
Circuit Design