ELI5: Honest Majority vs. Dishonest Majority

When discussing privacy-enhancing Technologies (PETs), a key question arises: Can we trust everyone involved? 

This is especially important for Multi-Party Computation (MPC), Arcium’s core privacy-preserving technology that enables multiple parties to collaborate on data computations while keeping it confidential.

This is where the concepts of honest majority and dishonest majority arise, each providing different security assumptions around private computations, even when some participants might not act fairly.

Let’s break down these two approaches and why Arcium uses both to create the best privacy-preserving solution for your use case.

MPC Security

In MPC, multiple participants collaborate to compute on shared data without exposing their private information. While the data remains encrypted throughout the process, the security of the computation depends on specific trust assumptions made about the participants. These assumptions are often framed as security models, such as honest majority or dishonest majority, defining how the system handles the potential risk of malicious actors.

Encryption schemes are used to protect the privacy of the data being processed to ensure secure collaboration in MPC. The security models, such as honest majority and dishonest majority, determine how well the system can function in environments where some participants might act maliciously.

Two key security models in MPC are:

  1. Honest Majority: Assumes that a majority of system participants are honest (e.g., more than 50%). This assumption allows for more efficient computations as there’s a reduced need for extensive verification.

  2. Dishonest Majority: In contrast, the dishonest majority model assumes that more than half of the participants could be malicious or dishonest. The system must be designed to remain secure even all except one (“N-1”) are malicious, ensuring stronger security guarantees, but usually comes with performance trade-offs due to the need for additional checks and safeguards.
Graphic: A visualization of honest majority vs dishonest majority.

We’ll provide an overview of both, including the scenarios in which either approach might be most desirable.

Honest Majority vs. Dishonest Majority

The security and performance of an MPC system depend largely on how the system handles the potential for malicious participants. A malicious participant refers to any party involved in the computation that may intentionally act against the system's protocol, either by attempting to learn private data, disrupt the calculation, or mislead other participants.

Honest Majority and Dishonest Majority are the risk assumptions and security models within which MPC computations occur, and each has its strengths and trade-offs. 

Let’s examine both. 

The Honest Majority approach assumes that most participants (over 50%) in the system are honest and will, therefore, act in good faith. In this setup, the system can move quickly because it doesn’t need extra time or resources to ensure every participant’s actions. 

This means:

  • High Speed: As most participants are assumed to be honest, fewer verification steps are needed, and computations can be completed quickly.
  • Best for Trusted Environments: The honest majority assumption works well when trust is relatively high. For example, permissioned systems.
  • Use Cases: Best for private AI model training, financial modeling (e.g., between banks), trusted business partnerships, supply chain management, and so on.

Think of it as being in a group project with five people, where most members are committed to doing their part, but one or two might not be as dedicated. The project will move forward as long as the majority (3 of 5) remains focused on completing the task. If a participant does try to sabotage the process or fails to contribute properly, the honest majority can ensure the work still gets done. If most are dishonest and don’t do their job, it will not get done.

Meanwhile, the Dishonest Majority approach takes a more cautious view. 

It assumes that more than half of the participants could be malicious or dishonest, and the system must be designed to withstand this. In this model, the system remains secure even if all but one participant behaves maliciously, as only a single honest party is needed to ensure the integrity of the computation.

This means:

  • Key Feature: High security, as the system is designed to handle attacks from N-1 dishonest participants. If the system has 100 participants, it could handle attacks from N-1, meaning 99.
  • Stronger Security: Even if all parties except one are dishonest, the computation will still be secure. However, this comes at the cost of slower performance, as more verification is needed.
  • Use Cases: Ideal for environments where security is critical, such as healthcare data sharing, governmental transactions, or sensitive legal proceedings.

The dishonest majority approach is like being on a jury where most jurors are dishonest, but one honest juror still ensures the correct verdict is reached. Despite the majority’s efforts, the system ensures that justice (or correct computation) is served.

Here's a quick summary of the key differences:

Graphic: A table comparing Dishonest vs Honest Majority

Which Approach is Best?

When deciding between the honest majority and dishonest majority approaches, the best choice largely depends on the specific use case and what you prioritize: speed or security. Each model is optimized for different environments and scenarios.

Honest Majority is suited for environments where trust is relatively high and the participants are known to act honestly, for instance, in permissioned settings where trusted operators are involved. 

Meanwhile, Dishonest Majority is the best option when security is the priority, such as in permissionless settings, where the network’s nodes may be anonymous. This is especially so when dealing with sensitive data, as the system must remain secure even if most participants are potentially malicious. 

To get the best of both worlds and serve any use case, Arcium introduces two MPC protocols based on the two security models: Cerberus and Manticore. We covered them in our Cerberus vs. Manticore ELI5 piece.

At a high-level, this looks like:

  • Cerberus: Operates under the dishonest majority model, meaning that the system is designed to remain secure even if the majority of participants are malicious. This approach prioritizes security over speed.
  • Manticore: Operates under the honest-but-curious model, which is a variant of the honest majority approach. In this model, participants follow the protocol but might attempt to gain additional information beyond what is necessary. This approach focuses on speed and efficiency because it assumes that most participants are honest.

By providing both Cerberus and Manticore, Arcium enables flexible, tailored solutions for a wide range of use cases, whether you need fast, trusted collaboration or secure, privacy-preserving computation.

Bringing It Together

Both the honest majority and dishonest majority approaches enable secure collaboration among multiple parties, ensuring the confidentiality and integrity of the data being processed. Arcium’s implementation of both approaches (Cerberus for security and Manticore for speed) provides a powerful, flexible solution for privacy-preserving computations across various use cases.

To dive deeper into Arcium’s advanced encryption protocols and understand how they enable secure and private computations, we recommend:

  • Reading our recently released Purplepaper, which provides a comprehensive breakdown of Arcium’s system and its cutting-edge approach to privacy-preserving computations.

  • Exploring the Arcium Docs, a detailed guide for developers looking to integrate Arcium’s technology into their applications, ensuring seamless adoption and implementation.