Inferensys

Glossary

Semi-Honest Security

A security model for cryptographic protocols that assumes adversaries follow the protocol specification correctly but may attempt to learn additional information from the protocol transcript, also known as honest-but-curious.
ML engineer managing model training cluster on laptop, GPU utilization visible, technical deep learning setup.
HONEST-BUT-CURIOUS MODEL

What is Semi-Honest Security?

A foundational cryptographic security model where adversaries follow the protocol correctly but attempt to learn additional information from the protocol transcript.

Semi-honest security, also known as the honest-but-curious or passive adversary model, is a security definition for cryptographic protocols where all participating parties are assumed to follow the protocol specification exactly as prescribed, but may attempt to infer additional private information by analyzing the messages they receive during execution. This model provides a baseline guarantee that no party learns anything beyond their designated output from the protocol transcript alone.

This model serves as the foundational security threshold for many privacy-preserving machine learning protocols, including secure aggregation and federated learning systems. While weaker than malicious security—which tolerates arbitrary deviations—semi-honest security is significantly more efficient and captures realistic threats where participants are trusted to execute code correctly but may be passively logging data for later analysis. Protocols proven secure in this model are often hardened to Byzantine fault tolerance for production deployment.

HONEST-BUT-CURIOUS MODEL

Key Characteristics of Semi-Honest Security

The semi-honest security model defines the baseline threat profile for most practical secure computation protocols. It assumes adversaries follow the protocol specification correctly but may attempt to learn additional information from the protocol transcript.

01

Protocol Compliance Guaranteed

In the semi-honest model, all parties—including the adversary—execute the protocol exactly as specified. There is no deviation, no injection of malformed messages, and no premature abort. This assumption dramatically simplifies protocol design because correctness is never in question. The adversary will not send invalid shares, corrupt intermediate values, or refuse to participate. This compliance guarantee allows cryptographers to focus exclusively on information leakage rather than robustness to arbitrary faults.

02

Passive Adversary Behavior

The adversary is passive—it observes the protocol transcript, including all messages received and any intermediate computations performed locally, but never interferes with execution. This is fundamentally different from active adversaries that can modify, replay, or suppress messages. The passive adversary's goal is purely eavesdropping: extracting private inputs from the legitimate messages it sees. In secure aggregation, this means a curious server correctly sums encrypted updates while attempting to infer individual client contributions from the aggregate.

03

Transcript-Based Inference

The adversary's attack surface is limited to the protocol transcript—the complete record of all messages exchanged during execution. Security requires that this transcript reveals nothing beyond the intended output. Formally, for any semi-honest adversary, there must exist a simulator that can produce a computationally indistinguishable transcript given only the adversary's input and the protocol's output. This simulation paradigm proves that participation leaks no additional information. If something can be simulated without access to honest parties' private inputs, observing it in the real protocol reveals nothing.

04

Collusion Boundaries

Semi-honest protocols typically specify collusion thresholds—the maximum number of parties the adversary may corrupt and still guarantee security. A protocol secure against t semi-honest corruptions means any coalition of up to t parties pooling their views cannot learn the inputs of the remaining honest parties. In secure aggregation with pairwise masking, security often holds against all-but-one collusion: the server and any subset of clients cannot unmask a single honest client's update. These thresholds define the protocol's privacy ceiling.

05

Efficiency Advantage Over Malicious Security

Protocols designed for semi-honest security are significantly more efficient than their maliciously secure counterparts. They avoid expensive zero-knowledge proofs, consistency checks, and Byzantine agreement mechanisms. In practice, semi-honest secure aggregation can use simple one-time pads and secret sharing without verifiability overhead. This efficiency gap—often 10-100x in communication and computation—makes semi-honest protocols the pragmatic choice when participants are trusted to follow the protocol but not trusted to see raw data, such as in federated learning across hospitals or banks.

06

Relationship to Other Security Models

Semi-honest security sits between unconditional trust and malicious security on the threat model spectrum. It is stronger than assuming all parties are fully trusted, yet weaker than defending against arbitrary Byzantine behavior. Many real-world deployments use semi-honest protocols augmented with lightweight integrity checks—such as authenticated encryption or aggregate signatures—to detect accidental deviations without the full cost of malicious security. This hybrid approach acknowledges that while participants are not actively malicious, implementation bugs or misconfigurations can cause protocol violations that should be caught.

SECURITY MODEL COMPARISON

Semi-Honest vs. Malicious Security

A comparison of the adversarial assumptions, protocol guarantees, and computational costs associated with the two primary security models in secure multi-party computation and secure aggregation protocols.

FeatureSemi-Honest SecurityMalicious Security

Adversary Model

Honest-but-curious; follows protocol correctly

Active adversary; may arbitrarily deviate from protocol

Protocol Compliance

Privacy Guarantee

Inputs remain confidential from transcript

Inputs remain confidential despite active attacks

Correctness Guarantee

Output is correct if all parties follow protocol

Output is correct or protocol aborts with proof of cheating

Typical Overhead vs. Cleartext

2x–10x

100x–1000x+

Cryptographic Primitives

Secret sharing, oblivious transfer

Zero-knowledge proofs, VSS, authenticated secret sharing

Dropout Resilience

Requires majority of honest parties

Requires majority of honest parties; aborts if threshold breached

Use Case

Federated learning with trusted clients

Public blockchains, untrusted cloud computing

SEMI-HONEST SECURITY MODEL

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the honest-but-curious adversary model, its assumptions, and its role in cryptographic protocol design.

Semi-honest security, also known as honest-but-curious or passive security, is a cryptographic adversary model where all participating parties follow the protocol specification exactly but may attempt to learn additional information from the protocol transcript. The adversary does not deviate from the prescribed steps, inject malicious messages, or abort prematurely. Instead, they passively observe all messages received during execution and perform arbitrary polynomial-time computation on their view—which includes their private input, internal randomness, and all received messages—to infer sensitive information about other parties' inputs. This model is the baseline for secure multi-party computation (MPC) and secure aggregation protocol design because it is computationally easier to achieve than malicious security while still providing meaningful privacy guarantees in environments where participants are trusted to execute code correctly but not trusted with raw data access. Protocols proven secure in the semi-honest model guarantee that anything the adversary learns could be simulated from their own input and output alone, formalized through the real-ideal simulation paradigm.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.