 Hi, all. I am Hossein. I will be talking about evolving around the secret sharing schemes with a small gap, a joint work with Homo Sebi. In this talk, we'll start by defining evolving secret sharing. Then we'll present our results in evolving around the secret sharing. Then we'll present the ideas behind our constructions. At the end, we'll summarize and present open-opropellants in secret sharing, evolving secret sharing. Secret sharing schemes were first independently presented by Shamir and Iplek Ali in 75C9 for the pre-served case and by Eto Seto and Shazeski in 87 for the general case. In secret sharing, there is a dealer who holds a secret S. There is a set of parties whose number is known in the beginning of the scheme. The dealer applies a function on the secret and gives each party a share. So we define an access structure as a collection of sets of parties. And we say that a secret sharing scheme realizes the access structure gamma if the two following conditions are. The first condition is the correctness. We say that any set that is in gamma should learn the secret and this is authorized set. The second condition is security. We say that any set that is not in gamma should learn nothing about the secret and this is an authorized set. In this talk, the secret is only one bit, unless we mention otherwise. So next, now we will define the threshold and run the secret sharing. The threshold access structure is defined as all sets of parties, size at least a j. And the threshold scheme, the correctness, we require that any set of size at least a g can learn the secret. And for security, we require that any set of size less than g minus one get no information about the secret. So the threshold access structure is realized by the Wilmonte-Shamirs scheme, which is the share site is order log n when the secret is one bit. Gram secret sharing introduced by Plecalimodus in 85. There are two parameters, b and g, where b stands for bad and g stands for good. And correctness, just like in a threshold scheme, any set of size g should learn the secret. However, for security, we require that any set of size less than b should get nothing about the secret. And now, we don't care about sets of size between g and b and g. And these don't care sets. This means that the Gram secret sharing does not fulfill the definition of the access structure that we mentioned that some sets are not authorized and not unauthorized. So Gram secret sharing introduces an improvement compared to the secret sharing. For some parameters, it can be realized with share size order one. And for every parameter, we can get a shorter share size. So next, we'll define the model of evolving the secret sharing presented by Komar Deskina or you get a 16. So as in a standard secret sharing, there is a dealer who holds a secret s. And now, in the evolving model, we don't know the number of parties in advance. And we don't have a fixed upper pound on it. So parties arrive one after the other. When the party arrives, the dealer gives it a share. When P1 arrives, it gets a share. This one P2 arrives, it gets a share. And so on, when P1 million arrives, it gets a share. And this continues forever. An important requirement in the evolving secret sharing is that the shares cannot be updated later. That means that once the party gets a share, this share should be used in any time in the future in order to learn the secret. That means that the dealer doesn't need to worry about the previous parties and when generating the share of the current party and also doesn't need to know the number of the upcoming parties. And the access structure in the evolving model is defined as a collection of finite sets of parties. Thus, for correctness, we require that any set that is in gamma learn the secret. And for security, we require that any finite set that is not in gamma should get nothing about the secret. So what motivates us to learn evolving secret sharing as we don't know the number of parties in advance, then we cannot use the traditional secret sharing. As the traditional secret sharing require us to know the number of parties in the beginning of the scheme. For example, in Shamir's scheme, we have to know the number of parties in order to construct the finite field that is used in the construction of the scheme. A trivial solution could be to update the shares from time to time. This can be very costly when the number of parties is large. And then each update, it's a single update, can be very large. Therefore, we need to construct a new schemes to realize the evolving secret share. This is an interesting also when there are, we have a fixed upper bound with the number of parties. But for example, if we know that we have, we can have at most 1 million parties, but in real time arrive only 10, then we want to give these 10 parties smaller shares compared to what would they get if all the parties join. Therefore, the learning, studying evolving secret sharing is interesting. Next, we'll present a scheme for a threshold 2, the requirements, any correctness, any two parties should learn the secret. And for security, any single party should get no information about the secret. So when party p1 arrive, it gets a random bit r1. When party p2 arrive, it gets two random bits, r1, x, or s, and r2. And party pt gets two random bits, r1, x, or s, r2, x, up to rt minus 1, x, or s. And rt, the first t minus 1 random bits are used to learn the secret, joining with the previous parties. And the random bit rt is used to learn the secret, joining with next parties. So for correctness, observe for a parties p, i, pj, so that i smaller than j, then pi has the random bit ri, and pj has the random bit ri, x, or s, and therefore, from xoring these bits, they can learn the secret. And for security, each single party has independent random bits, and from them, he cannot get any information about this. The share size of a party t is a t with a random bit, and this is not the optimal scheme. Now we are ready to present the briefest results in evolving secret sharing. So there is a scheme for that, it relies on the general evolving secret sharing with share size two to the t minus one. For k evolving k threshold, for a constant k, there is a scheme that relies on this with the share size k log t. And for evolving majority, which is a variance of k threshold, which we define in the mixed slides, the share size is order two to the four log t. So now we are ready to present our results in evolving around the secret sharing schemes. So in our work, following a previous work, we consider a real action of evolving majority secret sharing. And in our work, we provide the efficient constructions for evolving gram when the gap is small. So the definition is evolving gram, the secret sharing. So we have two parameters, t over two, which is the correctness and t over two minus 50, which is the security. So any bit, two over two parties can learn the secret and any two over set of size at most t over two minus 50 cannot get anything about the secret if t is the gap. So for example, that t over four, t over two run secret sharing, here is a t over four is the gap. So the requirement in evolving gram the secret sharing for correctness, we require that asset, if asset has for some g, at least a g over two parties from the prefix of the first g party, then it should learn the secret. That means that for every given time, we check how many parties are right. And if the set contains at least half of them, then for some g, for some g, the list contains half of the parties up to point g, then we accept and this set should learn the secret. For an example, consider the set before p five p six, then we look at the prefix of the first six parties. This set contains three parties from them and by the correctness condition, this set should learn the secret. And for a mountain city, also if we add the party p 13, this set should learn the secret. For security, we require that if asset for every g contains less than the g over two minus if the g parties from the first g party, then it should learn a thing about the secret. For example, for an offer I said, if you look at p at p 16, then this set from the prefix of the first 16 parties, it contains only two parties, which is a smaller than quarter of 16. And from the prefix of the eight parties, it contains only one party, which is smaller than quarter of two of it. And therefore the security condition holds for these two prefix and we can see that holds for every prefix. And thus this set should learn a thing about the secret. An example for don't take care set. So the set p six p seven p eight, it contains three parts around the prefix of the first eight parties, which is greater than the quarter of it. Therefore the security condition does not hold for this prefix. And this is not an authorized set. And we can see that for every prefix, this set contains less than half of the parties and then this is not authorized set. So we define evolving majority as evolving gram with the gap f t equals one. In evolving majority, there are no don't care sets. Each set is either authorized or unauthorized. Okay. So briefly as the results in evolving gram the secret sharing, as we said, the evolving majority is evolving gram with gap one. We know that there is a scheme that realizes evolving majority with share size t to the four lock t. And there is a scheme with the one that gap is a constant diffraction on t with share size order one. So the motivation by learning evolving gram the secret sharing. So as we know the evolving majority requires shares to to the four lock t, the standard three-shot scheme requires share size lock t while the standard rank scheme introduces an improvement compared to the three-shot scheme and there is realized by shorter share size when for some parameters is realized by order share size order one. So we question if we can reduce the share size also in the evolving sitting and by a previous work, we know that the answer is yes. We can in our work, we study this evolving gram for small gaps and by studying evolving gram for small gaps, we can better understand the evolving majority schemes and therefore we can get back and try to construct the schemes for evolving majority, which is the main question. Okay, so our contributions when we construct efficient evolving gram the secret sharing schemes with a small gap. So for when the gap is two to the beta for beta between zero and one, we show a scheme with share size two to the one over beta minus one. So when we look at beta equals half the share size is order t and this is improvement compared to the evolving majority over when beta is one over four the share size is two to the seven. This is inefficient compared to the evolving majority and therefore we present our second scheme in which the share size is t to the four minus one over look square one over beta. That means that for every gap the share size is better than the evolving majority since the exponent is smaller than four. This is an asymptotic share size and if we analyze for a specific beta we can get better share size. For example, for beta equals one over eight with the careful analysis we can get share size a two to t to that 2.36. Not in that our results apply for every correctness function which has a constant refraction of t not only for t over two but for simply the skin for presenting the results we restrict them only to t over two. We construct also a scheme for a constant k we show that for when the gap is k over two and the correctness is k it can be realized with share size for that k log t. So next we are ready to present our results our ideas behind the constructions. So we first start by a simple scheme for ramp the secret chain with parameters two over eight and two over two. So we divide the bar this into segments the first segment contains four parties the second contain eight parties and so on the L segment contains two to the L minus one parties and so on. So the scheme is as follows in each segment we share the secret by a three short secret sharing scheme with the three short which is quarter of the part of the number of parties in that segment. So in the first segment we share by one out of four in the second segment the three short is two in the L segment the three short is two to the L minus one over four and so on. So in order to prove correctness we want to give an authorized set we want to show that it contains a quarter of the parties of some segment. So as you consider an authorized set that in the bar to PGA then if there is some if there is some segment before the segment A plus one such that the set contains quarter of the parties of that segment then we are done. Otherwise we conclude that if the number of parties up to the party two to the L in that set is smaller than two to the L over four and since this is an authorized set it contains at least G over two parties and from the segment L plus one it contains at least G over two minus two to the L over four and therefore since J is greater than two to the L plus one that this is greater than two to the L over four which is the required threshold and the segment A plus one. Each party gets a share of Shamir's scheme and which is among the order T parties and that's the share size is order L over T. Now we present a scheme for a smaller gap which is a square T. So the scheme is as follows. For every T equals two to the L for some L and N we run a scheme for parties E squared T until party P to T. We will show this scheme in the next slide. And now, for example, when T is four we run the scheme for parties P two until P eight and so on when we have when for T equals U we run the scheme from party square U until party to U and when and so on when we get when T is U squared we run from party P U until party P to U squared. Party P J participates in order log J schemes. Okay, so we will next we'll show the scheme for one segment and this can be generalized for any segment. So the scheme is as follows. So the parties is from square T until party to T and we define segments where each segment starts from party square T and ends in different party. So the first segment ends in party T plus square T. The second segment ends in party T plus two square T. That means that we add square T parties to the first segment. And in each segment we add square T and so on each time we add the square T parties until we get the last party which ends in party to T. As we add square T parties each time we have square T segments. And now in each segment we share the secret by a threshold so that by a threshold secret sharing so that the threshold is increased by square T over two each from segment to segment since we add the square T parties. So since we have square T segments and the next segment we run Shamir's scheme the share size for each party is square T log T and since the smallest index is square T we get share size J log J and since we have a factor of log J from the previous slide we get share size J log square J for when the gap is square T. So we generalize these ideas to construct a scheme for every gap by two steps and the first we reduce the finite the evolving gram into problem of realizing finite access structures and then we show how to realize that these finite access structures by segments technique and by trade technique do time to time restriction we don't mention details they are in the paper. Okay, as a summary we introduced unconstructed efficient evolving gram the secret sharing schemes for when the gap is T to the beta for beta two and a half and one the share size is T to the one over beta minus one when the gap when the beta is between zero and half the share size is two to the four minus one over look square one over beta and also when for a constant K we showed a scheme for with the share size log K log T when the gap is K over two and the correctness is K. So open of problems interesting open of problems we ask if we can improve the share size in the evolving secret sharing as we know the best upper bound to know is two to the four while in the non evolving sitting is log T so we ask if we can close this gap and if we can also prove a lower bound in the evolving maturity. We ask also what is the best share size we can get for evolving gram and if we can improve our skin and we also ask what is the best share size we can get in the evolving general evolving secret sharing as the general evolving secret sharing considered to be difficult than standard secret sharing if that's improving lower bounds could be easier and this is an interesting. Thank you.