 Alright, thank you. So I'll start with a modest-looking question, what's the biggest open problem in cryptography? There are a lot of answers. My answer will be personal, but it will be the same as the previous talk, which is, well, for example, the probable part, but that's the security of AES. Well, as you know, it's used everywhere, every day, so it's a very important problem. I hope there are no arguments. And AES, actually, if you look about it, maybe it looks at messy and so on, but if you actually abstract it from a theoretical level, it's really beautiful. It's what is called a substitution permutation network, which essentially consists of, like, you know, structure and routing, which is how to do this addition, sort, you know, the key section with the key schedule, then you apply this parallel amount of S-blocks, and then you apply a mini-IP, you know, P-box, chiptrolls, chipcolons, and so on, and then you create it. And the only, you know, mini-IPs is the S-box, the only source of hardness, and there are lots and lots of sizes that follow this design, so it's really important for design. Unfortunately, not unconditionally, unless P-not equal to NBM, you know, there is like a sequence of a lot of beautiful works which kind of show security in a strictly time of attacks, but we want to be ambitious, and the question is how can we do it. So traditionally, cryptography would kind of idealize and abstract something of this kind, but here it's unclear how, because the picture was so beautiful, but the only social part was the S-box, which is a small way designed because we wanted to make it efficient and so on. So there is no something of iterating something small and simple from any round, so hopefully it deals this work. So I'm going to try to sell you this single small box cryptography, which is a mixture of grooves, which is something that I like, and hardness conjecture, which is something which is necessary unless we prove P-not equal to NB. It consists of three steps. We could be applying a lot of things, we apply it to SPMs and AS, but you can apply it to different things. The first step is the traditional hardest, impressive, reduced round-proof. Then there is a hardness simplification step, which could be provable if you ignore the key schedule. And finally, there is this big kind of heap, which is the new conjecture, which is a new kind of one-way function of this new branch of cryptography, which is what we call big-to-small conjecture. It explains existing cybers and kinds of new cybers designs. There are no specified big components, like in the previous modeling, and it's really the last small differences, but at the end we look at really, yes. And we get actually surprisingly something that you can anticipate. We get precise point-adjusting bounds, which includes dependence on the number of rounds. As an essence of the previous talk, we made a yes-grade game. Now, from a theoretical point of view, namely, we'll give you the exact bounds. So let me tell you how to look on a yes. Using most aggressive framework setting of big-to-small conjecture, we'll get the following exacting exponential dependence on the number of rounds. That means we'll be 2 to the minus 8 R of the 3 secure, a very respectable level of security, ready for 10 rounds, like 100 million, an amazing level of security. 24 rounds with random-ass pulses, but of course they're so small that you can actually hardware it, so it's not a problem. With any linear people whose matrix in the universe doesn't have zero, so it's not exactly yet, but close. There are a lot of matrices that find this. And I believe it gives good guidance for predictions to implement them. There are no unspecified components. There are no quantitative round-dependent security. And there are, of course, proofs. So let's see how the previous theoretical modern study shows that you can compare. First, in the previous big-box approach, you can replace this little structure by a big permutation. Then you would... Well, there is already a problem. You cannot call it SPM, so why? We solve it by renaming it. We'll call it the alternating cipher. There, you prove security in this kind of big-randed permutation model. And now, already one round is secure. We get the famous Steven Mansoor cipher. And, of course, the question is, is it enough to bring theory to practice? And I believe the answer is no. And that's why we need this new theory that I call small-box cryptography, so, namely, it doesn't react to the security of AES. So the problem is, like, as you see in this approach, I replace the whole heart of the construction by a big yellow box and kind of hardware the design. Of course, we cannot implement, now, this big thing with an analytic-randed permutation. So, let me skip this thing and kind of tell essentially the picture of what we get. So, essentially, with this new approach, you look at SPM, you have this really beautiful, exactly exponential security on the up-of-front, and I hope you will see it gives guidance to practitioners from that theory, even if you don't know anything else. They can actually build a better, respectable cipher, assuming our bounds are correct. With the previous thing, you look at this picture with one big box into a source. Well, it's unclear what security it gets with the real world, and then clearly how many rounds, and then clearly how to implement this big permutation. So, I guess if you ask people how to do it, I guess you will kind of get them, are you kidding me? So, essentially, now, of course, why is it better to follow framework aside from the amazing results we get in the ESSE keyword? So, there are some answers. I'll try to give them in a minute. So, first of all, we have a large pool component. We create metadata paths in systematic ways and implement these numbers, which just come out from the proofs. The numbers actually determine how to be quite bad. The big to small conjecture didn't tell us, of course, the big things that we should try to break or, you know, validate. It doesn't have any components and so on. So, it has a syntactically added in description. Let's say you have 78 seconds. So, the bigger picture is we need a theory of how to do small components. Conventional models assumptions fail. So, the big to small conjecture is a new type of assumptions that help us to do stuff. And this is a new philosophy of design analysis. Actually, you want to do something with a small box well, a small box thing. You don't know how to do it. They move to the big box well. You proof everything we can in that well. And then, we go back. But now we are not empty handed. We go back. It's going to take your balance and stuff. And all of what it means. So, we are not going to get what you want. Because that's the same design.