Paper 2010/551

A Note on the Relation between the Definitions of Security for Semi-Honest and Malicious Adversaries

Carmit Hazay and Yehuda Lindell

Abstract

In secure computation, a set of parties wish to jointly compute some function of their private inputs while preserving security properties like privacy, correctness and more. The two main adversary models that have been considered are \emph{semi-honest} adversaries who follow the prescribed protocol but try to glean more information than allowed from the protocol transcript, and \emph{malicious} adversaries who can run any efficient strategy in order to carry out their attack. As such they can deviate at will from the prescribed protocol. One would naturally expect that any protocol that is secure in the presence of malicious adversaries will automatically be secure in the presence of semi-honest adversaries. However, due to a technicality in the definition, this is not necessarily true. In this brief note, we explain why this is the case, and show that a slight modification to the definition of semi-honest adversaries (specifically, allowing a semi-honest adversary to change its received input) suffices for fixing this anomaly. Our aim in publishing this note is to make this curious fact more known to the wider cryptographic community.