Semi-honest security, also known as honest-but-curious or passive security, is a cryptographic adversary model where all parties execute the protocol exactly as specified but may log and analyze the protocol transcript to infer private information about other parties' inputs. This model assumes no deviation from the protocol steps, meaning adversaries do not send malformed messages, abort prematurely, or tamper with the computation flow.
Glossary
Semi-Honest Security

What is Semi-Honest Security?
A foundational security model in cryptography where all protocol participants are assumed to follow the rules correctly but may attempt to learn additional information from the messages they receive.
This model provides a critical efficiency-security trade-off, as protocols designed for semi-honest adversaries are significantly faster and less communication-intensive than those achieving malicious security. It is the standard baseline for many practical privacy-preserving protocols, including private set intersection and secure multi-party computation, where the primary threat is passive data leakage rather than active sabotage.
Key Characteristics of Semi-Honest Security
Semi-honest security defines the baseline threat model for many practical cryptographic protocols. It assumes participants execute the protocol exactly as specified but may log all intermediate messages to infer private data.
Protocol Compliance Guaranteed
In the semi-honest model, all parties strictly adhere to the protocol specification. There is no deviation, aborting, or injection of malformed messages. This assumption drastically simplifies protocol design and reduces computational overhead compared to malicious security models, which require expensive zero-knowledge proofs to enforce honest behavior.
Passive Adversarial Capability
The adversary is passive or honest-but-curious. Their only capability is to record the protocol transcript—every message received—and perform arbitrary polynomial-time computation on it. They cannot influence the execution flow. The security guarantee is that this transcript reveals nothing beyond the designated output.
Efficiency-Security Trade-off
Semi-honest protocols represent the most computationally efficient class of secure computation. By ruling out active attacks, designers avoid the heavy overhead of consistency checks and cut-and-choose techniques. This makes semi-honest security the practical choice for high-throughput applications like private set intersection (PSI) and federated learning aggregation.
Simulation-Based Proof Paradigm
Security is formally proven using the real/ideal world simulation paradigm. A protocol is secure if, for every adversary in the real world, there exists a simulator in an ideal world (with a trusted third party) that can produce an indistinguishable transcript. The simulator only has access to the corrupted party's input and output, proving no extra information leaks.
Composability Limitations
Semi-honest security does not compose sequentially or concurrently without careful design. A protocol secure in isolation may leak information when run multiple times with related inputs. This contrasts with malicious security or universally composable (UC) frameworks, which maintain guarantees under arbitrary composition.
Common Cryptographic Primitives
Semi-honest protocols frequently rely on simpler primitives:
- Oblivious Transfer (OT) and OT Extension for secure two-party computation
- Garbled Circuits for Boolean function evaluation
- Additive Secret Sharing for arithmetic circuits
- Diffie-Hellman Key Exchange for PSI constructions These primitives avoid the overhead of non-interactive zero-knowledge proofs required for malicious security.
Semi-Honest vs. Malicious Security
A comparison of the two primary adversarial models in secure multi-party computation, defining the assumptions, guarantees, and trade-offs for protocol design.
| Feature | Semi-Honest Security | Malicious Security | Covert Security |
|---|---|---|---|
Adversary Behavior | Follows protocol exactly; passively attempts to learn extra information from the transcript. | Arbitrarily deviates from the protocol specification to violate privacy or correctness. | May deviate arbitrarily but is guaranteed to be caught with a defined probability. |
Guarantee Type | Privacy only; no guarantee of correct output if a party is corrupted. | Privacy and correctness; output is guaranteed to be correct. | Privacy and correctness with a deterrence factor; cheating is detected with probability 1-ε. |
Computational Overhead | Low; baseline for efficient protocols. | High; typically 10-100x slower than semi-honest due to zero-knowledge proofs and consistency checks. | Moderate; 2-10x slower than semi-honest, balancing efficiency and deterrence. |
Communication Complexity | Minimal; often linear in input size. | Substantial; dominated by proof of correct execution. | Moderate; less than full malicious but more than semi-honest. |
Typical Primitives | Oblivious Transfer (OT), Garbled Circuits, OPRF. | Authenticated secret sharing, cut-and-choose, SPDZ-style MACs. | Cut-and-choose with selective opening, signed oblivious transfer. |
Round Complexity | Constant rounds; often 2-3 rounds. | Higher; may require additional rounds for verification and consistency checks. | Moderate; additional rounds for audit phase. |
Use Case | Internal analytics, trusted partner collaboration, academic benchmarking. | Public blockchains, untrusted cloud computing, financial settlement. | Regulated industries requiring deterrence without full malicious cost. |
Example Protocol | KKRT PSI, Yao's Garbled Circuits (passive). | SPDZ, MASCOT, authenticated garbling. | Katz-Lindell covert framework. |
Frequently Asked Questions
Clear answers to common questions about the semi-honest security model, its guarantees, and its role in practical cryptographic protocol design.
The semi-honest security model, also known as the honest-but-curious model, is a cryptographic security paradigm where all participating parties are assumed to follow the protocol specification exactly but may attempt to learn additional information from the protocol transcript. In this model, an adversary controls a corrupted party but does not deviate from the prescribed steps—they simply record all intermediate messages and perform any polynomial-time computation on their view of the execution. The formal guarantee is that whatever the adversary can learn from the protocol transcript, they could have learned from their own input and the intended output alone. This is captured by the simulation paradigm: there exists a simulator that, given only the party's input and output, can generate a transcript indistinguishable from the real execution. The semi-honest model provides a baseline security guarantee and typically yields protocols with significantly lower computational and communication overhead compared to malicious security.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Semi-honest security is one point on the spectrum of adversarial models. Explore the related primitives and protocols that define the efficiency-security trade-off in private set intersection.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us