 Hi everybody, I'm going to present you a joint work entitled Zero-knowledge Protocols for the Subsetsome Problem from NPCZ with Rejection. In this work, we propose a new technique to share small values in the NPCZ paradigm and we apply it to build efficient zero-knowledge proof of knowledge for the subsetsome problem. Given a white vector w and a scalar t, the subsetsome problem consists to find a binary vector x so that we have this linear relation modulo sum value q. In practice, q is very large. For example, it can be a 256-bit value. To design zero-knowledge proof of knowledge for this problem, we chose to rely on the NPCZ paradigm. When applying this paradigm, we need to share the secret information. In the case of the subsetsome program, the secret is a binary vector, so we must share bits. The standard way to share is to use the additive sharing modulo q. In planning that each share is uniformly sampled with julio q, and that the sharing offset is deduced to have the wanted equality. However, since the sharing offset is included in the proof transcript, when using this sharing, the communication cost of the protocol would be already more than 128 kilobytes for the sole sharing of the secret when using standard values. In this work, we propose to use another sharing scheme, the additive sharing on integers. Each share is uniformly sampled between zero and some upper bound a, and the sharing offset is computed with the same equality as before, but without the modulo q. However, such sharing leaks information. The distribution of the sharing offset will be the same depending on the value of the shared bit. But in this work, we show that we can add simple rejection rules to avoid this information leakage. When sharing a binary vector, the rejection rate of our proposal is given by this formula. Moreover, the communication cost due to this sharing is given by n times log of a, bits, instead of n times log of q, bits. Using this sharing, we can decrease a lot the communication cost, while having a probability to abort when performing the proof. Now that we know how we will share the secret, we can define the NPC protocol we will use in the NPCMDF paradigm. In our work, we propose two protocols. The first one uses a sacrificing strategy of bomb and north, while the second one uses a cut and shoot strategy. The resulting protocols can achieve communication costs below 20 kilobytes, while the former proposals have communication costs larger than 100 kilobytes. In our work, we apply our sharing technique to other applications. First, it can be applied to the short integer solution problem, for which it provides an efficient alternative when the underlying ring is not small and entity-friendly. Secondly, it can be applied to build efficient zero-knowledge arguments of key knowledge in the context of fully homomorphic encryption. Finally, it can be used to build an efficient signature scheme from Bonnet and HAL's PRF. To conclude, we propose in this work a new NPCMDF technique to share small values as bits, and we describe several applications of this technique. Thank you for your attention and see you on the 7th of December for the complete talk.