 Hello everyone, I'm Chi-Chi Lai. My paper is liquid resilient IBE-ABE with optimal liquid rate from lattice. This is a joint work with Feng-Han-Zhe-O-Dung. Under liquid reliance, it means crevator systems are circular even when partial shift key is leaked. In practice, some circular crevator systems may be completely broken if a partial K is given to that hackers. Two famous examples are side-channel attacks and code boot attacks. In theory, liquid resilience can be used to construct more complicated systems such as a non-manable code and KDM security. More formally, the liquid resilience can be described by a security game between the challenger and the adversary in the following way. At the beginning, the challenger first sends the master public key to the adversary. Then, the adversary conducts key extraction and key leakage queries in a doubtful way. Finally, the adversary conducts the challenger query and the challenger answers according to a randomly chosen B to B. We see that the adversary wins the game if the adversary outputs a B to B prime. Such that B prime equals B. In this paper, we focus on a simple yet general liquid model called bounded liquid model. In this model, we allow the attackers to learn arbitrary information about the secret key SK. As long as the number of liquid bits is bounded by some parameter L smaller than secret key size. To further quarterize this requirement, there are two important models studied in the literatures that treat the relationship between L and the secret key in a different way. A relative liquid model and a bounded retrieval model. L we first give a remark on this liquid parameter L and then give a remark on liquid model. Generally, for the security parameter lambda, any cycle scheme can resist leakage of L equal big O log lambda bit. So we need to consider how to enlarge L such that L is larger than small omega log lambda. From the view of a concretely absolutely parameter, we can trivially increase the security parameter or the secret key size. However, this will result in bad efficiency. From that analysis, we have the following inspirations for the non-trivial liquid reliance. First, we need to use significant techniques such as hypersystem to construct liquid reliant inclusion schemes. Second, we need to use the liquid rate L over a secret size rather than a solid value L. Next, we give a remark on two liquid models, a relative liquid model and a bounded retrieval model. In the relative liquid model or other size and the computation time of the crypto scheme will be the relative liquid model L. The relative liquid model L is an independent parameter which grows only with a secret key size. But our other size and the computation time view not grew with L. As a result, we think bounded retrieval model should be a much more preferable model. But as concrete institutions, we always first try to construct a liquid reliant scheme in the relative liquid model and then enhance it into bounded retrieval model. Now, we recall the current state of the arch. First, we notice that for the pre-quantum settings, liquid reliance can be achieved via the beautiful framework dual system inclusion, even for IBE and with optimal liquid rate. However, current institutions of dual system inclusion are all group-based and thus cannot define against the quantum algorithms. It is an interesting yet extremely challenging open problem to instantiate a dual system inclusion from a post-quantum candidate such as LW or PM. On the other hand, in previous works, there have been constructed LW or LPN based PKE schemes with optimal rate. But their ideas cannot be generalized to more advanced settings such as IBE and ABE. So, our main question in this paper is that how to achieve the optimal liquid rate for IBE and ABE in both relative liquid model and bounded retrieval models with the security matching existing non-liquid resilient IBE and ABE under LW. And the main result of this paper consists of the following four cases. The first is ABE WPS with succinct key and adaptive security. The second and the third one are LW liquid resilient ABE with optimal liquid rate in the relative liquid model and bounded retrieval model respectively. The fourth is LW liquid resilient ABE with optimal block liquid rate on multiple secret keys. Next, we introduce the techniques in our paper. In particular, we start from weak high proof systems. We have a weak high proof system with incorporated case-based K consists of four algorithms. The first one is the Centaur algorithm, which outputs a pair of PKSK. The second one is the valid incorporated solution algorithm, which outputs valid sabotaged incorporated key K in case-space K. The third one is the invalid incorporated solution algorithm, which outputs invalid sabotaged CT star. The fourth one is the decoupled solution algorithms, which outputs an incorporated key K prime. Formerly, WPS should satisfy the following three properties. The first one is Coronis. It specifies that the incorporated key K from the valid incorporated solution algorithm should be equivalent to that of the decoupled solution algorithm. The third one is the sabotaged indistinguishability. It specifies that even given the secret key, the adversary still cannot distinguish the valid sabotaged from the corresponding invalid one. The third one is an information theoretic properties. In particular, we use LW universal to denote that the length of the incorporated key K prime at the same time, given the public key and the invalid sabotaged CT star. The remaining entropy of K prime is still larger than W. Given a weak hyperviscetum and an extritor, there is a generic construction of liquid resilience scheme in the relative liquid model, as follows. Particularly for the incorporated algorithm, we first run the valid incorporated solution algorithm to get valid sabotaged C under the incorporated key K, and then use the output of the random extritor to hide the message M. VR is randomly chosen by the encryption algorithm. Notice all that this general construction can be directly generalized to IBE and ABE settings. For the security proof of the above generic construction, we need to first replace the valid incorporated solution in the sabotaged with invalid one, and then generate the incorporated key through using the decoupled solution algorithm as this to obtain K prime. Thus, the sabotaged is of this form. Clearly, we know that the leakage on secret key will derive the entropy loss on K prime. But here, the used extritor can conquer that loss. And we get a simple construction that leakage rate is smaller than this ratio entropy of K prime over size of secret key. Based on this conclusion, it is clear that we can enlarge leakage rate through two ways. First is enlarged entropy of K prime. Third is reduce the size of secret key. Thus, from the above analysis for an ABE with both adaptive security and optimal leakage rate, we need to use ABE WGPS with following two properties, succinct key and adaptive security. However, all previous relative constructions just satisfy succinct key with selective security or adaptive with non succinct key. As a result, our next target is to consider how to achieve the required ABE WGPS. In order to describe alternate more clearly, let us first recall the existing result. Particularly, taking IBE as example, given any IBE, there is a generic IBE WGPS as follows. The master public key and master secret key of IBE WGPS are the same as that of IBE. And for an identity ID, the valid server text of IBE WGPS is an essential matrix with an error row and m columns. And the incorporated key is a vector key. Similarly, the invalid server text is also a matrix with the same structure. In this case, the secret key of IBE WGPS with respect to ID consists of n secret keys of the underlying IBE. In this case, the upper bound of the leakage rate is this ratio. Clearly, if we want to improve the leakage rate upper bound, it is necessary to compress the size of the secret key of the underlying IBE. In the literature, existing paper in PkC in 19 has tried to realize it through using the notion of multi-identity IBE, say MIBE for short. IBE can generate one second key for many identities simultaneously, which can be further constructed from IBE. This existing work can only achieve constructions in the IBE setting with just selective security. And all desired targets to achieve construction in the IBE and adaptive security. So we think how can obtain all desired constructions. In order to do this, let us first generalize the above mentioned IBE WGPS to IBE WGPS in the following way. Particularly, we just need to replace IBE with KPE and replace identity with attribute. In this case, we can use SKF as an integrated secret key for unseverized of the underlying IBE. Clearly, assessing SKF will derive the optimal rate. Clearly, the selective or adaptive security of the resulting IBE WGPS follows directly from the underlying KPE. In fact, due to the special form of this function F, the underlying KPE just need to satisfy assessing for NC1 circuit. In this case, rate is upper bound by this ratio. Besides, we also know that the certain properties of KPE will derive the certain properties of IBE WGPS. So for all desired IBE WGPS, we need to use the underlying KPEB, the properties of succinct key and adaptive security. However, or existing IBE schemes satisfy succinct key do not satisfy adaptive property. Particularly, there are such kind of career works from lattice-based and group-based assumptions. So the next technical challenge is how to achieve adaptive security for IBE WGPS. Here, let us observe the valid server test of the obtained IBE WGPS again. In the server test matrix, each row encrypts the same plan test with respect to the rated attribute. Particularly, the underlying attribute is VX and IJ. Based on this, we recall the security game of IBE WGPS again. When conducting the challenge query for attribute X, the response in the server test is essentially encrypted with respect to X, IJ and the later part IJ is chosen by the challenger. This means that we just need the adaptive properties over VX and selective properties over IJ. Based on this, we introduce a new notion for partial adaptive IBE. Particularly, we just need to use IBE schemes that satisfy adaptive security over VX and the selective security over IBE. From all of our analysis, we can conclude that adaptive IBE implies adaptive IBE WGPS. Adaptively, IBE for CINF implies similar IBE WGPS. Solative IBE for general succinct implies similar IBE WGPS. After putting all of our analysis together, we can get an IBE WGPS with both succinct key and adaptive security, which implies IBE with optimal leakage rate in the relative leakage model. Next, we need to consider how to generalize the bow construction to the BIM. Just as we have mentioned before, BIM can be generally upgraded from relative leakage model. From all above constructions, we know that relative RIM construction follows generally from the combination of IBE IBE WGPS and strong strata. Then, through a parallel reputation and partial dependence, we can upgrade IBE WGPS and strong strata into amplified IBE WGPS and locally computable strata. Basically, those two upgrade building blocks are sufficient for the constructions in the BIM. However, due to the usage of locally computable strata, this general method will inherently derive the constant leakage rate in the BIM. Particularly, using the above general method, existing results in Eurocruital 13 and peak CPP in 19, can only achieve leakage resilience with constant rate in the BIM. We need to ask a question, is it possible to get optimal leakage rate in the BIM? And the answer for this question is yes. But we need to improve analysis on locally computable strata. Particularly, we modify locally computable strata into locally computable strata for larger alphabet. Intuitively, for new variant, the entropy source consists of many blocks, and each bit of random seed is related to one block rather than one bit. We show that the properties of locally computable strata for larger alphabet through proposing a new analysis for crypto paper by Wadan. With a new strata, we can get adaptive ABE with optimal leakage rate in the BIM. However, all above constructions in the BIM and the relative model still have one limit. In other words, the scheme is circular only against leakage attacks on one script key. However, ABE essentially along many script keys to decrypt one subtext. So, we need to consider how to improve it. In order to do this, we introduce the third model of this paper, bounded collusion tonic of ABE. On high level, we use the secret sharing and the small pairwise intersection to achieve the required bounded collusion properties. Due to time limit, the detailed constants are deferred to our paper. Up to now, we can achieve the adaptive leakage-related ABE for several different policy function classes with any optimal leakage rate in the block source starting. Thank you for your attention.