 Hello everyone. Today I am going to talk about triply adaptive use in NSIC. This is a joint work with Ron Kennedy and Xia Wang. So let me first define what is a NSIC protocol. So in the NSIC protocol there is a prover who has an input statement x and a witness w and the verifier has the same NP statement x. Now the prover computes a proof pi which attests that x is in the language l and w is a valid witness for it. Now after obtaining the proof pi the verifier outputs either 0 or 1. Now the protocol has to satisfy a few properties. Firstly it has to satisfy correctness that is if x is in the language l and w is a valid witness then v outputs 1 that is if the prover is honest then the verifier always outputs 1. Next it should satisfy soundness that is if x is not in the language then the verifier outputs 0 with high probability. Finally it should also satisfy zero knowledge that is there exists a PPT or probabilistically polynomial term algorithm called simulator which computes a simulated proof just given the statement x and the trapdoor for the CRS which is denoted by TD. So this proof should be indistinguishable from an honestly generated proof. Next we need 3 additional properties from our NSIC system. Firstly we need adaptive soundness in this system. In this game the prover is corrupt and the challenge samples the CRS uncents to the prover. Now the prover can adaptively choose the statement x to be proven and it also computes a proof and then it sends a statement and the proof to the challenger and now the challenger just runs the verifier algorithm. Now adaptive soundness says that if x is not in the language then the challenger outputs 0 with very high probability that is a verifier that is a prover cannot break soundness even if the statement is adaptively chosen based on the CRS distribution. Next we extend the same argument for the zero knowledge game. Here we have a simulator x who is given we interacts with the corrupt verifier. Now the corrupt verifier obtains the CRS and it adaptively chooses the statement x and sends to the simulator and the simulator again computes a simulated proof and this simulated proof should be indistinguishable from an honestly generated proof. Here the verifier is basically adaptively again adaptively choose the statement x and the x has to be in the language and we say that a protocol is adaptively zero knowledge if the simulated proof is indistinguishable from a real proof even if the statement is chosen based on the CRS distribution. Next we consider the setting where the prover can get adaptively corrupted after the protocol execution. So here we again start off with the same simulator who is given the trap to the CRS and it comes with a simulated proof and this proof is indistinguishable from honestly generated proof. Next the simulator is given the witness of the prover once the prover gets adapted once the prover gets adaptively corrupted. Now the simulator has to come up with the randomness that is used to generate that has been used to generate the proof such that the proof looks consistent with the witness following the honest prover algorithm to an adversarial verifier. So here security is adaptive corruptions says that the simulated proof and the witness and the randomness should be consistent and they should be indistinguishable from a real one. Now we define the notion of triply adaptive music. Here we require the NISIC protocol to have all three properties that is adaptive soundness, adaptive zero knowledge and adaptive security. So this kind of triply adaptive music provides realistic security guarantees because the prover uses the same CRS to prove adaptively chosen statements and it also provides security against adaptive corruptions. So this is kind of very useful in real life applications where the party can get corrupted after some like after some point of time and still you get security and then finally we require using security so that the same process CRS is reused for multiple sessions between different parties. So it's and you can also like compose your NISIC protocol inside your favorite MPC protocol. Now let's briefly check out the state of the art for triply adaptive NISIC protocol. So there is a seminal work by Grossovsky Sahay. So that work does not obtain adaptive soundness but it obtains adaptive zero knowledge and adaptive security against adaptive corruptions and they are based on pairing. They do not obtain adaptive soundness because they are their CRS is in the dual mode sitting which is not compatible with adaptive soundness. Then there is another work by Katsumata. So they are also from pairings and they also fail to obtain adaptive soundness but they obtain adaptive zero knowledge and adaptive security. Then there was this work by Abe and Fer which obtains triply adaptivity but they require knowledge assumptions for their proof. So we complete this picture by showing that we can obtain triply adaptive NISIC protocol from standard assumptions like LWE or DDH plus LPN and we do not rely on any knowledge assumptions. So to briefly go through our contributions we construct the first we first propose a non-interactive use a commitment functionality FNICOM. Here the parties can access the FNICOM functionality locally for commitment generation and verification and the functionality also outputs a commitment string during the commit phase. As a result this functionality is very friendly for MPC protocol. It does not require any interaction between the parties and between the two parties during the commit phase or verification phase. Next we construct a triply adaptive NISIC compiler how we do this by proposing the notion of triply adaptive sigma protocol in FNICOM model. Then we compile the above sigma protocol to obtain triply adaptive NISIC. Finally we also show how to apply correlation interactability for NISIC arguments. Previously it was only known for NISIC proofs or proof systems. Then we instantiate our compiler by showing that most sigma protocols which are like commit and open are triply adaptive in the FNICOM model and then we implement FNICOM with the kinetic facial and commitment scheme. And finally we obtain user security using generic or standard tricks from growth of software or the literature. Thank you. Hope to see you at the talk.