 Thank you for your introduction. So the topic to connect is secure protocol transformation. And the modified computation involves computation between two or more parties without revealing any information except the input and output. In order to capture your potential attacks, there have been a variety of security models discussed since the start of NPC in 1980s. For example, whether the adversary is malicious or not, whether output delivery is guaranteed or not, and what operational parties can be corrupt. In fact, there are more dimensions to discuss. So this makes the landscape of NPC protocol quite complex. Hence, a natural question is whether we can automatically transform results from one model into the others. There are a few more equations for the questions. For example, where we can simplify classical results. For instance, BGWCCD88 provides a protocol with ratio of 1 third. And Robin Benner 89 has a protocol with ratio of less than a half. Can we convert a protocol in BGWCCD region into a protocol with higher security like in the Robin Benner region? And the serial transformation would also like to know whether the efficiency technique developed for one model can be extended for the others. Hence, the deny of the protocol can be more modular with respect to the security model. And we also like to capture techniques that are used at the HAC in the literate region as a transformation theorem, such as the better elimination. So we have a few results in our paper. Firstly, we present a framework of a fast transformation. And we also give a few transformations in this setting. Applying this transformation to this team protocols in a literate show, we obtain a few results as a recovery. And we also have impossibility results regarding the fast transformation. And so let's see the framework of a fast transformation first. Major object of interest in this framework is protocol scheme. A protocol scheme is a program that converts functionality into a protocol. For example, your scope of circuit is a protocol scheme that yards semi-unless secure protocols. And a very fast transformation is itself a protocol scheme for a target model that uses a source model as a protocol. But we have to be careful. So because the protocol scheme simply equals all the source model and construct a protocol for F from scratch, then it won't be a meaningful transformation. So we do not allow the Bayesian transformation to act on the functionality directly. It can only use F as a Bay box. For example here, G can only depend on the F as a Bay box. And the pi F is defined using F and pi G as Bay boxes. In general, the Bay box transformation can access the source model, protocol schemes, multiple times. And there can be multiple source models. So Bay box transformation can be used for security augmentation. That transform weakly secure protocol schemes into a stronger protocol schemes. For example, the IPS compiler by each idol uses a scheme of using security with unlit maturity and a scheme of semi-unless security to get a scheme of using security with no unlit maturity. Hence, it uses two weak secure source models and generates a stronger secure targeted model protocol. And Bay box transformation can also use it for efficiency leveraging. Then improve the efficiency of multiparty protocols by combining weakly secure but efficient protocols. For example, the breakbox transformation uses a faster north-racial scheme pi 1 and slow high-racial scheme pi 2 to get a faster high-racial scheme. It does not improve the security level of pi 2, but it does improve its efficiency by combining a faster protocol pi 1. And so in all paper, we give several Bay box transformations for both security augmentation and efficiency leveraging. A sensual thing of many of these transformations is a new security model called partial identifiable abort. And in this setting, the adversary is allowed to cause abort at any time. But when an abort event happened, a subset of party is identified with at least a set operation of them are cropped. For example, for one half identifiable abort, if two parties are identified in an abort event, then at least one of them is cropped. So partial identifiable abort is useful as an intermediate security notion. For example, if we want to get a full security portal scheme from portal schemes in BGW, CCT region, we can take a partial identifiable abort as an intermediate step. So the transformation from partial identifiable abort to full security can be achieved by prior intervention. In each repetition, the decorative parties run the given protocol. And if an abort event happened, a group is identified with at least 50% of them are cropped. And then with the decorative group. And the procedure is repeated until there's no anymore abort event. So if an initial set is on its majority, then the active set will always keep on its majority. To implement an idea, it requires the input and output shared by a local security and security sharing. And this can be done by a standard security sharing process mix. So we expand the transformation from partial identifiable to full security. Let's see the transformation from full security to ratio one-third and semi-unit security with ratio one-half to partial identifiable abort. And to do this, we construct a new web app transformation by modifying the IPS transformation. The best idea of IPS is to run the virtual server in the head using a actively secure outer protocol and implement each server by a semi-unit secure inner protocol. And the cooperation in inner protocol can then be weakly detected using a watch system mechanism. In IPS, the watch system mechanism is implemented using OT hybrid. But for the honest majority setting here, it's sufficient to use a weak OT. And weak OT can be implemented efficiently. In weak OT protocol, the sender has the input AB and receiver has the input X. And the receiver is expected to output X plus B. So in the first round, they send the input, the shares of their input to all the parties. The parties computed the shares of X plus B locally. And in the second round, the parties send the shares X plus B to the receiver. And then the receiver reconstructed the value. Because any attack corresponds to adding a shift to X plus B, the security can be guaranteed by using AMD encoding. And IPS guarantees security with a board. The parties a board as soon as cheating is reported by a watcher. Here we modify it to be a one-half identifiable board. And so take an easy example. When the placement of a source from the watch channel later, Mickey send $5,000, and Gufi got $3,000. He will claim either Mickey or Gufi is lying. But from a public view, it can also be the placement himself is lying. So to identify a set of two, we later Mickey and Gufi announced their views publicly. So if Mickey and Gufi has inconsistent view, then either one of them is lying. And if Mickey and Gufi has consistent view, then the placement will be able to identify one who changed the world, like Mickey's lying or Gufi's lying. So complying these techniques, we have a transformation from proto-skins in BGWCCD region to partial identifier for a board. And we can improve the efficiency further by exploiting the only some majority setting and use an expender graph to specify the watch list. So applying this transformation to the existing protocols, we get a following color list. First, if we use an efficient protocol for a tanker issue at U of 6, then we can get a constant rate protocol, where the communication cost only depends on the number of parties. And for larger circuits, we have almost linear communication per party with an optimal threshold. Since our efficiency holds for no arithmetic circuits, it can be considered as a complementary result of Benson's own fair and abstract scheme, which has efficiency for no depth circuits. And applying further efficiency leveraging, we has almost a linear total communication with near optimal threshold. This improved near one-third of the threshold in Dangan-e-shan core guard. And we also have a high cost, like a zero-nudge, but from two-party, multi-party computation, similar to the results of Kamin and Musu, by using a constant number of commitments. OK, so let's go on the impossibility result. The first impossibility is functionally-based protocol. It's about functionally-based protocols. And this first defined in those 2.12, assuming one-way function. And here, we give an unconditionally-based result. So functionally-based protocols consider transformations without using any source models and just produce a protocol by writebacks using the function narrative. And the function family we consider here to show the proof is a boolean function parameterized by a boolean string alpha. And f alpha is y equals 1, if it's all y equals alpha. As another impossibility, we show less no pre-valued transformation from semi-arist to equity-based security. And to show this, we assume the existence of one-way functions and consider a family or linear proof. So to sum up, I'd like to give you a take-home message. When developing a protocol for one model, consider its implication to other models through batch transformation. Usually, you can imply quite a few calories. And when developing a new MPC technique, think about whether it's a batch transformation. And there are many open questions found in the line. For example, we'd like to know batch transformation between more models. For example, the transformation from synchronous setting to asynchronous setting. And we'd also like to know more impossibility results that separate the different models in a batch way. And as for application, we'd like to see more and better MPC protocols through new batch transformation. So thank you.