Inferensys

Glossary

Semi-Honest Security

A cryptographic security model that assumes all parties follow the protocol correctly but may attempt to learn additional information from the execution transcript, offering a baseline efficiency-security trade-off.
Knowledge engineer constructing knowledge base on laptop, document hierarchy visible, casual office setup.
CRYPTOGRAPHIC SECURITY MODEL

What is Semi-Honest Security?

A foundational security model in cryptography where all protocol participants are assumed to follow the rules correctly but may attempt to learn additional information from the messages they receive.

Semi-honest security, also known as honest-but-curious or passive security, is a cryptographic adversary model where all parties execute the protocol exactly as specified but may log and analyze the protocol transcript to infer private information about other parties' inputs. This model assumes no deviation from the protocol steps, meaning adversaries do not send malformed messages, abort prematurely, or tamper with the computation flow.

This model provides a critical efficiency-security trade-off, as protocols designed for semi-honest adversaries are significantly faster and less communication-intensive than those achieving malicious security. It is the standard baseline for many practical privacy-preserving protocols, including private set intersection and secure multi-party computation, where the primary threat is passive data leakage rather than active sabotage.

THE HONEST-BUT-CURIOUS MODEL

Key Characteristics of Semi-Honest Security

Semi-honest security defines the baseline threat model for many practical cryptographic protocols. It assumes participants execute the protocol exactly as specified but may log all intermediate messages to infer private data.

01

Protocol Compliance Guaranteed

In the semi-honest model, all parties strictly adhere to the protocol specification. There is no deviation, aborting, or injection of malformed messages. This assumption drastically simplifies protocol design and reduces computational overhead compared to malicious security models, which require expensive zero-knowledge proofs to enforce honest behavior.

02

Passive Adversarial Capability

The adversary is passive or honest-but-curious. Their only capability is to record the protocol transcript—every message received—and perform arbitrary polynomial-time computation on it. They cannot influence the execution flow. The security guarantee is that this transcript reveals nothing beyond the designated output.

03

Efficiency-Security Trade-off

Semi-honest protocols represent the most computationally efficient class of secure computation. By ruling out active attacks, designers avoid the heavy overhead of consistency checks and cut-and-choose techniques. This makes semi-honest security the practical choice for high-throughput applications like private set intersection (PSI) and federated learning aggregation.

04

Simulation-Based Proof Paradigm

Security is formally proven using the real/ideal world simulation paradigm. A protocol is secure if, for every adversary in the real world, there exists a simulator in an ideal world (with a trusted third party) that can produce an indistinguishable transcript. The simulator only has access to the corrupted party's input and output, proving no extra information leaks.

05

Composability Limitations

Semi-honest security does not compose sequentially or concurrently without careful design. A protocol secure in isolation may leak information when run multiple times with related inputs. This contrasts with malicious security or universally composable (UC) frameworks, which maintain guarantees under arbitrary composition.

06

Common Cryptographic Primitives

Semi-honest protocols frequently rely on simpler primitives:

  • Oblivious Transfer (OT) and OT Extension for secure two-party computation
  • Garbled Circuits for Boolean function evaluation
  • Additive Secret Sharing for arithmetic circuits
  • Diffie-Hellman Key Exchange for PSI constructions These primitives avoid the overhead of non-interactive zero-knowledge proofs required for malicious security.
SECURITY MODEL COMPARISON

Semi-Honest vs. Malicious Security

A comparison of the two primary adversarial models in secure multi-party computation, defining the assumptions, guarantees, and trade-offs for protocol design.

FeatureSemi-Honest SecurityMalicious SecurityCovert Security

Adversary Behavior

Follows protocol exactly; passively attempts to learn extra information from the transcript.

Arbitrarily deviates from the protocol specification to violate privacy or correctness.

May deviate arbitrarily but is guaranteed to be caught with a defined probability.

Guarantee Type

Privacy only; no guarantee of correct output if a party is corrupted.

Privacy and correctness; output is guaranteed to be correct.

Privacy and correctness with a deterrence factor; cheating is detected with probability 1-ε.

Computational Overhead

Low; baseline for efficient protocols.

High; typically 10-100x slower than semi-honest due to zero-knowledge proofs and consistency checks.

Moderate; 2-10x slower than semi-honest, balancing efficiency and deterrence.

Communication Complexity

Minimal; often linear in input size.

Substantial; dominated by proof of correct execution.

Moderate; less than full malicious but more than semi-honest.

Typical Primitives

Oblivious Transfer (OT), Garbled Circuits, OPRF.

Authenticated secret sharing, cut-and-choose, SPDZ-style MACs.

Cut-and-choose with selective opening, signed oblivious transfer.

Round Complexity

Constant rounds; often 2-3 rounds.

Higher; may require additional rounds for verification and consistency checks.

Moderate; additional rounds for audit phase.

Use Case

Internal analytics, trusted partner collaboration, academic benchmarking.

Public blockchains, untrusted cloud computing, financial settlement.

Regulated industries requiring deterrence without full malicious cost.

Example Protocol

KKRT PSI, Yao's Garbled Circuits (passive).

SPDZ, MASCOT, authenticated garbling.

Katz-Lindell covert framework.

SECURITY MODELS

Frequently Asked Questions

Clear answers to common questions about the semi-honest security model, its guarantees, and its role in practical cryptographic protocol design.

The semi-honest security model, also known as the honest-but-curious model, is a cryptographic security paradigm where all participating parties are assumed to follow the protocol specification exactly but may attempt to learn additional information from the protocol transcript. In this model, an adversary controls a corrupted party but does not deviate from the prescribed steps—they simply record all intermediate messages and perform any polynomial-time computation on their view of the execution. The formal guarantee is that whatever the adversary can learn from the protocol transcript, they could have learned from their own input and the intended output alone. This is captured by the simulation paradigm: there exists a simulator that, given only the party's input and output, can generate a transcript indistinguishable from the real execution. The semi-honest model provides a baseline security guarantee and typically yields protocols with significantly lower computational and communication overhead compared to malicious security.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.