Cryptology ePrint Archive: Report 2010/551

A Note on the Relation between the Definitions of Security for Semi-Honest and Malicious Adversaries

Carmit Hazay and Yehuda Lindell

Abstract: In secure computation, a set of parties wish to jointly compute some function of their private inputs while preserving security properties like privacy, correctness and more. The two main adversary models that have been considered are \emph{semi-honest} adversaries who follow the prescribed protocol but try to glean more information than allowed from the protocol transcript, and \emph{malicious} adversaries who can run any efficient strategy in order to carry out their attack. As such they can deviate at will from the prescribed protocol. One would naturally expect that any protocol that is secure in the presence of malicious adversaries will automatically be secure in the presence of semi-honest adversaries. However, due to a technicality in the definition, this is not necessarily true. In this brief note, we explain why this is the case, and show that a slight modification to the definition of semi-honest adversaries (specifically, allowing a semi-honest adversary to change its received input) suffices for fixing this anomaly.

Our aim in publishing this note is to make this curious fact more known to the wider cryptographic community.

Category / Keywords: cryptographic protocols /

Publication Info: This is an excerpt from the book "Efficent Secure Two-Party Protocols" by the authors.

Date: received 28 Oct 2010, last revised 28 Oct 2010

Contact author: lindell at cs biu ac il

Available format(s): PDF | BibTeX Citation

Version: 20101101:164326 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]