Semi-Honest Adversary

Many zero-knowledge proof constructions, such as zk-SNARKs, are first proven secure against semi-honest verifiers. This means the verifier follows the protocol but may try to extract knowledge about the prover's secret witness from the proof transcript. Achieving security against malicious verifiers often requires additional techniques.

• Example: In Zcash, the proving system ensures transaction validity is proven without revealing sender, receiver, or amount, even to curious validators.

In federated learning, devices train a shared model using local data. The semi-honest server model assumes the central aggregator correctly aggregates model updates but may try to reconstruct private training data from the gradients it receives. Protocols like Differential Privacy are often added to mitigate this risk.

• Key Mechanism: Adding calibrated noise to model updates before sending them to the server to prevent data reconstruction.

PSI allows two parties to compute the intersection of their private datasets. Protocols secure in the semi-honest model guarantee that parties learn only the intersecting elements. This is widely used in privacy-preserving contact tracing, ad conversion measurement, and genomic testing.

• Real-world use: Tech companies comparing encrypted lists of user IDs to measure ad campaign reach without sharing raw user data.

A light client (or SPV client) in blockchain systems operates under a semi-honest assumption about the full nodes it queries. It assumes nodes provide valid block headers and Merkle proofs but may try to learn which transactions the client is interested in, potentially compromising privacy.

• Privacy Risk: A curious full node can link transaction queries to a specific light client IP address, revealing wallet activity.

Security against a semi-honest adversary is often insufficient for real-world deployments where participants may deviate from the protocol. The stronger malicious adversary model assumes participants can act arbitrarily. Bridging this gap requires:

• Cryptographic commitments
• Proofs of correct execution (e.g., zk-SNARKs)
• Byzantine Fault Tolerant (BFT) consensus

Most production systems aim for security against malicious adversaries.

A semi-honest adversary is a participant in a protocol who follows the protocol's prescribed steps correctly but may attempt to learn additional private information from the messages they receive during its execution. This model assumes no active deviation, such as sending invalid messages or refusing to participate.

• Key Assumption: The adversary is computationally bounded and cannot break underlying cryptographic primitives.
• Analogy: A curious clerk who processes your transaction correctly but secretly reads your private documents.

The semi-honest model is a minimal security guarantee. It does not protect against:

• Active Attacks: Malicious participants who arbitrarily deviate from the protocol (e.g., sending false data).
• Denial-of-Service: Participants who refuse to send messages or abort the protocol.
• Collusion: Multiple semi-honest parties combining their views to infer more information.

Protocols secure only against semi-honest adversaries are generally insufficient for real-world, permissionless systems like blockchains.

Despite its limitations, the semi-honest model is a critical design and analysis tool.

• Building Block: Many complex secure multi-party computation (MPC) protocols are first constructed and proven secure in the semi-honest model, then later fortified with techniques like zero-knowledge proofs or commitment schemes to achieve malicious security.
• Benchmarking: Provides a baseline for efficiency and complexity before adding overhead for active security.

The malicious adversary model is a stronger, more realistic threat model for open networks.

Most production blockchain systems (e.g., consensus, rollups) require security against malicious adversaries.

A classic use case is privacy-preserving analytics within a trusted consortium.

• Scenario: Two hospitals wish to compute the average patient age for a joint study without revealing their individual patient records.
• Protocol: They use a semi-honest secure computation protocol. Each hospital provides an encrypted input.
• Security: Even if one hospital is semi-honest, it learns only the final average, not the other hospital's raw data. This is acceptable if both parties are assumed to follow the protocol but are mutually distrustful of each other's data privacy.

Understanding semi-honest security connects to several advanced cryptographic primitives:

• Secure Multi-Party Computation (MPC): The foundational framework where this model is most commonly analyzed.
• Zero-Knowledge Proofs (ZKPs): Often used to compile a semi-honest protocol into one secure against malicious adversaries.
• Trusted Execution Environments (TEEs): Can enforce semi-honest behavior by guaranteeing code execution integrity, assuming the hardware is not compromised.

A semi-honest adversary follows the protocol's instructions correctly but may attempt to learn additional private information from the messages they receive. This is a foundational model for proving the cryptographic security of systems where participants are not fully trusted.

• Key Assumption: The adversary does not deviate from the prescribed protocol steps.
• Primary Goal: To analyze information leakage and privacy guarantees.

In zk-SNARKs and zk-STARKs, the prover and verifier are often modeled as semi-honest. The security proof demonstrates that even a curious verifier learns nothing beyond the validity of the statement.

• Prover Security: Ensures the verifier cannot extract the witness (secret input).
• Verifier Security: Ensures a malicious prover cannot convince the verifier of a false statement.

MPC protocols allow multiple parties to compute a function over their private inputs. The semi-honest model guarantees that no coalition of curious parties can infer others' private data beyond the function's output.

• Threshold Cryptography: Used in distributed key generation for wallets.
• Privacy-Preserving Analytics: Enables computation on sensitive data without revealing it.

The semi-honest model is a weaker, more tractable assumption than a malicious adversary (or Byzantine model). A malicious adversary can arbitrarily deviate from the protocol.

• Semi-Honest: "Follows rules, but spies."
• Malicious/Byzantine: "May lie, cheat, or send false data."
• Blockchain Consensus: Typically assumes Byzantine adversaries, requiring more robust mechanisms like Proof-of-Work or Proof-of-Stake.

While crucial for theoretical proofs, the semi-honest model often requires reinforcement for production systems, as real-world actors may be fully malicious.

• Protocol Compilation: Techniques exist to compile a semi-honest secure protocol into one secure against malicious adversaries, often adding cryptographic commitments and zero-knowledge proofs.
• Economic Incentives: Blockchain systems use cryptoeconomic incentives and slashing to deter malicious behavior, moving beyond pure cryptographic models.

Platforms like Aztec Network or zkRollups with privacy features rely on cryptographic models where validators or provers are assumed to be semi-honest. The system's security ensures that transaction details remain confidential even if these parties try to analyze the encrypted or proven data.

• State Validation: Validators check validity proofs without seeing underlying data.
• Data Availability: Assumes data publishers are semi-honest, requiring checks for data withholding attacks.

Also known as an active adversary, this model assumes the attacker can arbitrarily deviate from the protocol's specified instructions. This is a stronger, more realistic threat model than semi-honest, as the adversary can:

• Send incorrect or fabricated messages.
• Drop messages entirely.
• Attempt to learn more than the protocol's intended output. Security proofs against malicious adversaries guarantee correctness and privacy even when participants are fully corrupt.

A consensus model that defines the conditions under which a distributed system can reach agreement despite faulty or malicious (Byzantine) nodes. Key concepts include:

• Byzantine Fault: A node that fails in arbitrary, potentially malicious ways.
• BFT Protocols: Algorithms (e.g., Practical BFT, Tendermint) designed to tolerate up to a certain fraction (often 1/3) of Byzantine nodes. This is the adversarial model for most public blockchain consensus mechanisms, far stronger than the semi-honest model used in off-chain computations.

A cryptographic technique that allows multiple parties to jointly compute a function over their private inputs without revealing those inputs to each other. The semi-honest adversary model is the most common security guarantee for MPC protocols, where:

• Parties follow the protocol correctly but may try to learn extra information from the messages they receive.
• Security proofs demonstrate that nothing beyond the output is leaked. MPC is foundational for privacy-preserving applications like decentralized auctions, wallet threshold signatures, and federated learning.

A method by which one party (the prover) can prove to another (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. ZKPs provide security against malicious provers and malicious verifiers, which is stronger than the semi-honest model. They enable:

• Validity proofs in zk-Rollups (e.g., zkSync, StarkNet).
• Private transactions (e.g., Zcash).
• Proof of correct computation without revealing the underlying data.

An analysis framework that models protocol participants as rational actors seeking to maximize their own utility. It complements cryptographic models like semi-honest by:

• Assuming adversaries are economically rational, not just arbitrarily malicious or curious.
• Designing incentive mechanisms (e.g., staking, slashing) that make attacks financially irrational. This approach is central to Proof-of-Stake security, where the cost of a Byzantine attack is designed to outweigh any potential profit.