 I had known him for almost 10 years, and he's one of the few people who actually did double Ph.D. So he was actually doing the first Ph.D. in high-flying disturbance in pure mathematics. As far as I remember, it was a topic of the group theory, and then it was in 1996. And then in 2001, he actually finished Ph.D. in cryptography and computer science in the University of Wollongong. And then he had a few different positions in different universities, he was a city university in Hong Kong, probably in this place. And also was a doctor in various universities. In 2003, actually, he joined for a few years Macquarie University in Sydney. And then in 2006, he joined the current universities working in Nanyang Technological University. And throughout the whole time, he's actually doing a lot of interesting stuff on the edge of cryptography and also combinatorics and mathematics. So he will talk us through his own adventure over the years. And welcome, Professor Wang. Give him a good hand. First of all, I'm gonna ask him to pass the talk with the community of Asia-Petite 2017 for giving the opportunity to give the talk here. So today I'm going to talk about combinatorics in the University of Hong Kong without the communication. So first of all, I would like to say a few, quite many, micro-orders who collaborated with me in different projects under this so-called combinatorics and cryptography. A few of them are here, and then it's here, Joseph is here, Evo is here, and Louis is here, Dr. is here. Okay, thank you. So here's our live on the talk. First, give a brief interview of the connection between the cryptic combinatorics in cryptography and provide some detailed example of the connection between perfect high-speed property, and then I'm going to cover for you for me and their application in security communication. And then in time for me, I will talk briefly to more example about secure multi-party communication in private information retrieval and then I will conclude the talk. Okay, so we all know that combinatorics is a matter of subject that study of finite or countable discrete structure, and they covered a lot of topics. For example, graphic theory, innovative combinatorics, combinatoric design, matrix theory, and so on, and many others. They also have many applications, a part of them must application that application in, for example, statistic, computer science, engineering, communication, coding, theory, more cryptography, automations and creatures and so on. Okay, just a few examples. So in terms of this close connection between combinatorics in pre-doctor way, starting from publicly pre-doctor way, we don't know left side problem, left side-based publicly. Also, we provide them this combinatoric MP heart problem for the design of PKC, brain group based pre-doctor way heart problem or less combinatorial nature. Okay, geological is based on graphite morphism problem. So for symmetric pre-doctor way, we also a lot of sequences, the sequences are combinatorial and natural. Okay, so passive mouse and F4S. And even for quantum pre-doctor way, many combinatorial features are provided of the user tool or inside for the quantum pre-doctor way. So in this talk, I'm going to focus on this information-several pre-doctor way. We also give a brief overview of the different connections. One example is authentication code and conditionally authentication code, also called A-code. We know this also called a way, B-I-G-D, equivalent and certain, optimal, this is the A-code. Okay, give us a listen. Another technique to derive a different information is combinatorial bound for this code. Every code or universal authentication code has primaries, the sources for good construction of A-code. For CPCS game, we know IDS threshold CPCS game is equivalent to MDS code, is equivalent to observer of NOE. Metroid theorem will provide a useful structure for the CPCS game for general structure. Also this graph based structure will provide the first example for the existence of no IDS CPCS game as well. CPCS game pattern or combinatorial design covering new family are all ratio structure for the CPCS game. I'm going to talk to you about this mass security documentation, in particular this MPC for a long period of time, based on this graph covering over prime graph, primary information retrieval, different combinatorial objects, section parameters are useful tool for this construction. Very very other topic in the information retrieval, critical data, for example, secure right path code, SMT, brain proof code, one-time signature visual critical data, we all have this combinatorial lecture. So this is very, okay, very incompleted in prior overview of the connection between combinatorial and critical data. So next I will look at the detail of some example for the connection for perfect fashion family CPCS game combinatorial and critical data covering. Okay. So perfect fashion family, original rights as part of this combinatorial design, basically located a different application for operating system, languages, translation system, information retrieval system, and more recently on critical data for your information security. Okay. It's different from our critical fashion function. Okay. So the terminology on critical fashion memory is motivated by the further data. We have family or heart function, and we have a particular property that involves the element of the heart. Then there's one heart function from this family, give no criticism for this keeping the input. Okay. So let's look at this mathematical definition. Okay. We have a set. We have two integers, N, M. Okay. So typically this N is larger than M, and A is a set of this N variable, and M is a set of M variable. Okay. This hatch is a subset of a function from A to B. We call it an NMT perfect fashion property. Okay. If for any T subset I, let it just, it is 1,000 from this family, such that that H is 1 to 1, we straight it to T. Well, it is I. Okay. So this is the combinatorial property. And here we are interested in the lump or this function from this family. Okay. Particularly we like it because it is a lot more portable. So we show this example. So here is a figure to show you that we have a collection of this function from A to B. Okay. And for any subset, T subset I from A, if A is an element, then if H is a T element, a subset from B. Okay. Now I were able to find one of these functions from such a data. Okay. This is H, only we straight it to this particular I, this 1 to 1. Okay. So obviously, we can take all the function from A to B. Now this will give you the perfect fashion family. Okay. And this time, the size of this family, the total number of all the functions is M to power N. And the interesting thing is that the perfect design of this function for giving M and T that exist, this function, this family such that the size of the family is all local term. Okay. And this is the existing power. Okay. In particular, we can come up with different construction from polynomial, from coding, or from algebra curve over finite square. Okay. In this case, or algebra curve over finite square can be provided as the total volume construction. Okay. The question of course is, you have to place M and T. Okay. But some applications maybe M and T are ready enough, good enough. Okay. So this is the concept for this perfect fashion family. As I mentioned, I'm going to show some application for secretion scheme. Let's briefly review the secretion. What's secretion scheme? Okay. So introduced by Samir in very early 1979. So it's a method of distributing sales among a set of participants certified to condition. One is the availability of certain such participants belonging to the extra structure can reconstruct a secretion and subset not belonging to the extra structure is not information about secretion. Here we are interested in the perfect case. There is no any information, no extra information. Okay. So a typical example is this T-Auto-Entraction scheme. In order to have the T-Auto-Entraction scheme, the dealer will randomly choose a polynomial particularly in most T minus one and hide the secretion in the constant of this polynomial. And then each participant will show one point of the polynomial. Okay. So any T of this point or this curve can block this curve and recover the constant K. Okay. So any T minus one is not able to do so. So it's the information geometrical perfect without any information about the secretion. Okay. This is the classical secretion scheme. Okay. So secretion idea is perfect. It's great. But the question is, okay, sometimes we don't have such an idea situation such that minimal and also a subset is a constant sign which is to be a method. The T minus one is the maximum and also a subset. Okay. Every case. So let's put the so-called secretion scheme for general abstraction. So how can we realize the secretion scheme such level? Okay. So the X-structure is no T problem. Okay. No so regular. Okay. So this is the so-called commutative algorithm. Okay. So commutative algorithm was introduced formally defined by Stevens and Jackson Mark in 1991. But eventually the idea was used by the Cito, Saito, and Sijiniki to prove the existence of perfect secretion scheme for any X-structure. Okay. In the 1898. Okay. So as I was sure that the, this approach is not much studied in the content secretion scheme. And the reason is that the secretion scheme from this commutative algorithm typically give you very, very large signs of sales. Okay. Okay. So let's look at what is the definition of commutative algorithm. So commutative algorithm, so we start with a set of unparticipated P1PN and gamma in X-structure. Okay. The sub-state or the collection of sub-state of P, which is the particle property that can be controlled secret. Okay. Now let X, this X is, there is a set. Okay. And S1 to Sd be at the DA main set. How is a constant from P to power set X? Okay. And now we call this Sd is a commutative algorithm for gamma if and only if. Okay. This condition, this name. I is in gamma if and only if the, because the union form of this P, P, P dot I equals S. So in them, in words that each participant will receive a sub-state or this I. Okay. And the collection of them can recover the whole set of this Sd even only if they are in the X-structure. Okay. So the idea is very simple. Okay. So now, so now we can realize a secretion scheme from, can you get away in a simple straightforward way. So let's, we speak the secretion scheme of use of T upper T secretion scheme but on K it's S1 plus S2 plus SK here. And then you just take the sale of P is a sub-state or this is S1 to Sd. Okay. And any of them can recover the whole set and you can, you can sum them up to get quite a key. Okay. So, so this is the formal decryption idea secretion scheme. Okay. So now in that order, Jackson Martin provided a solution to construct the, this can be written away for any X-structure. So, so give me an X-structure. Now you take this gamma plus is the collection of all the maximum and also the subset and then you define this is, this is actually now it's in our previous slide. So you have C1, Cd. And then you define this tau in this way. Okay. For any P tau P is a subset of this gamma plus in this way. And then make sure that this is a commutator array. It's also the minimum commutator array. Let me do one. This D is the minimum value for all the commutator array. Realize this gamma. Okay. So, so we give the solution, the solution of commutator array. Okay. So now you look at the previous T outer end tracers scheme. You look at all the maximum and also that become T L choose T minus one. And, okay, in particular for this particular solution, each particular participant require L choose one minus T minus one piece of shape. Compared to the RB-XMF sequence scheme, T L choose one piece. So this is very expensive. Okay. And as I mentioned, it's probably the reason that people don't look at this commutator very contrasting. Okay. So, so now in order to improve this commutator array, it increases your commutator array. So, in Martin in R group myself, we introduce this so-called GCA, generalized this is CA. Okay. So what's going to be a GCA is giving an X structure. Okay. A GCA is a collection of, this time the final set X together with this tau P to tau set of SI such that this can satisfy this connection. Okay. So I is in gamma, if only if there exists at least one I such that tau I P P in I give you this particular SI. Okay. So the meaning is instead of one block for to cover the whole array when it is blocked. So now we have collected a few copies of this SI and then as long as you can recover one of this block, then we say this you are in the X structure. Okay. So we use partial property to come up to sum up to this two different properties. Okay. So once you have this GCA, now we can realize construction of a CPCM scheme for gamma is also quite straightforward. This time we independently implement this yellow partial request partial CA scheme for the same secret. Okay. I use the same secret to implement it as the same as the private scheme for the CA. Okay. So now we can do the same thing for the secretion scheme. So now we look at the efficient example of this GCA. So the GCA become long. This is what originally we have one block and then we show that this eject the maximum construction is a minimum one. A minimum one it could be there to exponential. So now we have a GCA. So we look it up. Okay. So it's the number of the sales participants is a sum of this value and the total of the sales generated is also this sum of this block. Okay. So now the question is how can we construct this GCA with good parameters for any generated structure and this is okay. This is an open problem. Okay. We don't know how to have good structure and this is GCA. But here we have this partial solution. Okay. So I will show you this one. The partial solution. I will use this. Perfectly possible to construct this GCA. Okay. Okay. Okay. We start with a public housing family. We say L-O-L-N-T-T. Okay. And then for each H-I we define this X-I and block. And now we can define all this type of the tau R from P to S-I in this way. This is what happens. For each block I will define, for each user I will pick one point from each block. And how to pick this block is based on the public housing family property. Okay. So now, so what happens is now if for any T subset I know I can find one of this public housing function such that it is one to one. So give T element, I will give mention to T element for one of this block. And less than T minus one because each user will get one point from each block. So T minus one will get it most the T minus one block. So we are not able to recover any of this header blocker for this X-I. Okay. So indeed this is the T output GCA. Okay. So now here is the simple example. I will start with, okay, this is so called, okay, this is a public housing problem. A element to two element. Okay. We have three. Listen. 1,000. Okay. And I have 3,000. I will create a three block. S-I, S-II, S-III. And this P-I will get one point from this P-S-I. Get one point from S-II and get one point from S-III. I will do the same thing for all the P-A elements. And how can we exactly pick up people which point we are going to pick for P-I based on this public housing problem? Okay. So good. So this is, okay. And the idea is this is interesting. I start with a T output. You can start with a T output. And this public housing problem will become, okay, P and T. Okay. And the underlying could be other different objects. For example, key distribution scheme. Authentication scheme. This way of course scheme, any other thing. So you build this small one to the logic one based on this public housing problem as you can pin down the property in the related parameters and the efficiency is provided by the efficiency of P-I assembly. Okay. So in general, you can generate all different systems. Okay. So to show the power of this construction, I give this example. Okay. I may be wrong about. Okay. So in the summer of 1970, he established this model. Very example. And, okay. You know, he bought from, I said he was a commentator worker in 1968. Okay. And he had this problem. So a little scientist working on a secret project. They used to look at the document in the cabinet. So that the cabinet could be opened. He would only ship all more. All the scientists are now. And what is the smallest number? Locally, what is the smallest number of P to K for each scientist? So they can come up with solution 462 and 252 of P. Okay. So you base it on this tracier scheme. And this tracier for this six out of 11 exactly. And we measure this. Okay. Okay. Okay. So now I will show you by GCA, we might provide a bit better solution. Okay. So we start with the public housing family and define this way. For A from 1 to N, and B is 1 to 2 to T. So for each social eye, I will define the problems in HR. And then as he is still in 1966, in 1996, they show that this one is a public housing family with this particular parameter. Okay. With L or E, they chose this one. Okay. So now. So I take this. We take this. And because development team was from CX, then we get public housing family with this particular parameter. And then we use GCA. As I show, I show. And we come up with a solution. Okay. So 360 log and 36 key for each scientist compares the CX solution. Okay. Yeah. It's a little bit different from the original one for the CX solution that you only use this N log. But for GCA, you can use this N and all log. But both are mechanically implementable. Yeah. Okay. So this is just to show. Okay. It's just to show that you might get something from this GCA. Okay. So as an application, whether it's a CA or GCA, I am going to talk about TREASURE feedback. TREASURE feedback. The some application in TREASURE feedback. So we know the, the, the main goal of a TREASURE feedback is to, to replace the same as in the conventional feedback system by group or entity. Okay. Same, same path. And a typical approach of constructing a TREASURE feedback is you combine a, a homomorphism, key homomorphism primacy together with a linear sufficient scale. Okay. And then we are able to improve this TREASURE scale. Okay. But however there are that or some article property for, for example, symmetric feedback map then rule out all such approach. Okay. So let's look at this homomorphic case. So if you have key homomorphism, here I refer to key homomorphism, then it's one point straight forward to realize a secretion, a TREASURE feedback. Okay. So, for example, and then in this case, you will set the key. Here is a homomorphism primacy. Okay. This operation of a key space could be coming over to the, okay, for example, side of space. And so now I, I can look, okay, first generalizes this key. You can take out a secretion scale. Okay. Wow. This is a secret key can be the, okay, some linear combination of the secret. Okay. And then what happens is you, in order to generate the LKM, then every user, for example, PI1 will compute this one, PI2 will compute this one, PI2 will compute this one. So you don't need to compute, you find out this K in order to generate the AKM. Okay. So this is the linear case, the homomorphism case. Okay. So, as I said, there's no, there are quick optimizations. You don't have this homomorphism property. For example, you could, there's a PRF, a block size, a mark. I will give you this, this is our example. So, for example, in 95, this is, Mikali is sitting, okay, asking this question, okay. So, a generation of pseudonymic functions among M participants such that for all input, any US can compute this area, T of U plays a non-zoom. So, they want the, the state is basically the form. So, it distributes a secret key, X1 to XB of polynomial, or polynomial random collection and let each player get a subset of this X. So now, if we can design, okay, this assignment such that any user, player, together can, okay, have all the CPC in this X and T or few players cannot do so. Okay, this one. Then you are done. Okay. So, you look at this, if T equals to U minus 1 exactly our CAA case or maybe GCA, but if T is not equal to U, then problem become much more complicated, become a NP-hard set problem, but it's a scale. Again, it's a combinatorial ratio. Okay. You can try to generalize this CAA or GCA case. Okay. So, this is the pseudo-random function. You can also call the pseudo-block cipher. Okay. Again, block cipher. Here is block cipher. You don't have the combinatorial property. So, in Berkeley, at all in, what, in 2000, they cannot understand this idea. So, instead of, originally a key space, you extend this key space from K to K power H and then define a new, okay, block. Okay. So, for H4, it's a prove, but I think, maybe it's a problem, we will show that this is indeed secure as underline, this one. And then, this time, you simply can, okay, see if it's K1 to K, then you use this CAA or GCA. Okay. So, okay. Again, for the method of verification, you can almost do the same thing. Okay. Hold this a mark. And this time, we have expected that this key is the key space from K to K power B. Okay. And then, we serve the key, K1 to KD, use the CAA or GCA. Okay. So, this is the first part. I'm going to uncover, uncover for this, uh, primary in the applications. So, I'm going to move to, uh, second part. Okay. So, cover for you for, I mean, from another object in, uh, application, secretions given out key distribution. So, okay. Okay. Looking at the simple case, uh, assume there are key users in the network, and each player of them would like to have a secure communication and assume a key distribution center, uh, enable, uh, uh, secure communication by assigning, uh, each player of user a key, right? And this time, uh, this is, you have the quality, choose two possible pair for possible key and each user either to have T minus one, two, one key. So, this is the, so far we know, uh, a secure network problem. Okay. So, so, the idea is, uh, which part in, in, in ADA, they come up with this idea. So, okay. So, instead of giving each user independent key, so, he, you, we can get this key distribution center to get, okay, a set of key. Okay. And each user get the subset of key. Okay. So, now, user, okay, this time, now, user PIPJ can construct a new key based on the intersection of, uh, BIPJ. Okay. Now, in order to prevent the, the advisory conclusion attack, now, if you have imposed this requirement, intersection of BIPJ cannot be covered by any other key subset of the union BJ. Then you are done. Okay. You have this key communication. So, yeah, so, now, in the, okay, late 80s, things come out more generally, the definition of this one is okay for, we can generalize this also as key, cover to your family by, in this way. So, you have a set of, uh, any band, and each user get a subset of them. And then, you have what we call this as key, cover to your family, any of this condition is satisfied. Okay. So, intersection of BI, okay.