 Yeah, but before that, I'll start with a housekeeping announcement. I don't know if you've noticed, but Eli Biam had an uneven parenthesis. So everything up until now was part of Eli's talk. I'm closing this, and as far as I'm concerned, I'm the second talk in this Ramp session. Okay. And what? Yeah. Yes. So, what I'm going to talk about is how we avoided the second dual ECE fiasco. I should have titled that probably Simon and Speck will not be standardized as encryption algorithms in ISO. This was a joint effort with many people, but mostly with other likes whom I feel didn't get the credit he deserves. So, Kodos Atul for being part of this. And I don't know if you've heard, but last week, ISO decided to reject the idea of standardizing Simon and Speck as part of the lightweight encryption algorithm. This is something we fought for for something like two years until it was finally done. And after the story broke, the news, I've already started seeing some misinformation, or I think that now it's the new name for this is fake news about why this was the case. So, I wanted to say why ISO decided as it did. So, first, most importantly, the NSA, which sent people to the meetings to promote the standard, these algorithms, they were very adversarial to the process. They refused to answer to any questions. They refused to motivate any decision they made. The first they argue that whatever third-party cryptocurrencies exist for these ciphers is enough. After they've met opposition in ISO, there is something that seemed to be a designer rationale, which is IPRIN 2017-560, but claiming to be a designer rationale, but digging into this document shows that there are still many open questions, some of which I explained in my RAP session talk in crypto. This seems to be a career thing. I would be able to give RAP sessions in every conference now. So, the slides will be online if you want to watch my presentation from crypto. But another example, I don't know if you can see this, but when we asked them how did they choose the mattresses UV and W for the fusion layer of the key schedule of Simon, they said that ISO is not the right place to discuss this, which could have been a proper answer unless a few comments prior to that, when someone asked them pretty much the same question, they said that they want more detail of what is being asked. So, answering general questions, they said they want specific questions and trying to answer, so not trying to answer specific questions, they said we will not answer this. So, this was the first thing. Then I've also heard that it's outrageous that ISO accepts proposals from China and Russia, but not the US. So, I wanted to stress that this is not about politics. ISO's process is about building consensus. It involves many countries, different cultures. It's extremely difficult. And what you need to do is to inspire confidence in your design. Simon and Speck don't enjoy this confidence. The adversarial behavior by the NSA didn't help that, but the ciphers themselves seem a bit shaky. Which brings us to the next point that the designers claim that there are over 75 papers analyzing Simon and Speck, none of which was able to break the algorithms, which is not exactly true. So, among these 75 papers, at least five are mine. They definitely don't support the claim that the algorithms are secure. They even, in this design rationale, cited papers to prove their point. So, here they explain how the algorithms resist rotational attacks. And they say, see also AL-16. This A is Ashur. That's my paper. Definitely not claiming that the algorithms, in fact, proposing what was then the best attack against Speck, using rotational cryptanalysis. So, at best, and also a few weeks ago, there was another paper on EPRIN suggesting a full attack on Simon, which I didn't have time to read yet. But it seems that cryptanalysis about these algorithms is progressing and definitely hasn't stabilized yet. And there was the strange and very aggressive behavior. When facing questions like, how did you choose the number of rounds for each algorithm? They answered, pretty much, you're stupid. And not only to me, which is actually true, but to other people, I'm not going to mention names. But some of these people are the general chairs for this conference. Others, they are leading this ramp session. But again, no one in particular. Not naming names, of course. What? Not naming any names. Yeah, no. Exactly, not naming names. So, I zoom after much discussion, and I'm talking about a year and a half of discussions, decided that it's just not worth it. It doesn't matter whether the cyphers are secure or not, and whether there's a backdoor or not. There's so much fog around it, so much doubt and uncertainty that it's going to damage ISO's reputation to put these algorithms into the standards, which is cry out for other people considering using these algorithms don't. It's just not worth it. It doesn't matter if it's backdoor or not. Just don't use it. That's all. Thank you.