Paper 2010/551

A Note on the Relation between the Definitions of Security for Semi-Honest and Malicious Adversaries

Carmit Hazay and Yehuda Lindell


In secure computation, a set of parties wish to jointly compute some function of their private inputs while preserving security properties like privacy, correctness and more. The two main adversary models that have been considered are \emph{semi-honest} adversaries who follow the prescribed protocol but try to glean more information than allowed from the protocol transcript, and \emph{malicious} adversaries who can run any efficient strategy in order to carry out their attack. As such they can deviate at will from the prescribed protocol. One would naturally expect that any protocol that is secure in the presence of malicious adversaries will automatically be secure in the presence of semi-honest adversaries. However, due to a technicality in the definition, this is not necessarily true. In this brief note, we explain why this is the case, and show that a slight modification to the definition of semi-honest adversaries (specifically, allowing a semi-honest adversary to change its received input) suffices for fixing this anomaly. Our aim in publishing this note is to make this curious fact more known to the wider cryptographic community.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. This is an excerpt from the book "Efficent Secure Two-Party Protocols" by the authors.
Contact author(s)
lindell @ cs biu ac il
2010-11-01: received
Short URL
Creative Commons Attribution


      author = {Carmit Hazay and Yehuda Lindell},
      title = {A Note on the Relation between the Definitions of Security for Semi-Honest and Malicious Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2010/551},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.