 Hi, my name is Anders and I'm here to present the paper encryption to the future on behalf of me and my co-authors, Matteo, Anato, Hamid, and Jesper. In traditional ABC protocols, there's often this optimistic assumption that we have access to a set of reliable nodes that have an underlying network that can be represented by fully connected graph. In reality, the picture looks more like this. We often have these large heterogeneous networks where nodes join and leave at any point in time and can be subjected to DDoS attacks by even more adversarial strategies. With the advent of blockchains, we not only get individual currencies and NFTs, but we also get this incentivized coordination platforms that can be used to tame these large networks. Blockchains are large peer-to-peer networks with a built-in consensus layer that gives us some interesting properties. One of them is this lottery mechanism that is often used to select the party or node who's going to propose the next block in the system. Another one is this total-order broadcast channel that is used for every node to know which messages has been received and in which order. The question that I might ask is, can we repurpose this kind of blockchain infrastructure to orchestrate some kind of MPC? A sequence of works starting with the kind of blockchain keeper secret and going to Yozo MPC and even Fluid MPC has investigated this and answered, to some extent, yes. In particularly the Yozo paper, we are trying to conduct MPC in the presence of a mobile adversary. This imposes some interesting requirements on the protocol. In particular, there has to be some kind of limited interaction pattern and a node can only speak once because otherwise it would be suckling to corruption. Also, the adversary cannot know who will play an important role in the protocol in advance. So, a node has to be anonymous until it speaks. This has some attractive side effects. For example, these protocols allow nodes to join and leave. Also, there are some scalability breaker benefits. So, these large networks allow for assembling small committees that has the right distribution with high probability. So, we can conduct MPC using committees that are sublinear in the size of the whole network. So, in the Yozo paper, they distinguish between role execution and role assignment. Role execution is basically just selecting machines and having them execute the protocol as specified. Role assignment is the exercise of actually associating a machine on the network with a role in the protocol. But also establishing this receiver anonymous channel to the machine. Notice that we don't want to rely on full witness encryption because that requires heavy cryptographic tools. And also, we don't want to use time lock puzzles because that would allow an adversary that puts in enough resources to also obtain whatever message is in the receiver anonymous channel. In fact, our work can be seen as a generalization of role assignment. We are motivated by the exercise of transferring secret state to future committees. First of all, we consider both anonymous and transparent committees selection. We also see what difference it makes to encrypt to the near future as opposed to the far future. And we look and investigate the need for auxiliary committees when carrying this state into the future. All main contributions in the paper can be listed as follows. For the encryption to the near future, we show that we can instantiate YOSO using our encryption to the near future and an anonymous lottery. We also introduced a relaxed version of witness encryption that we call witness encryption or commitments. We use this witness encryption or commitments to construct an encryption to the future. We also show that we can obtain witness encryption or commitments using just oblivious transfer and cable circuits. If we look at encryption to the far future, then if we don't allow ourselves to use auxiliary committees, then we have something that is equivalent to blockchain witness encryption. This is a primitive that is quite powerful and we describe it further in the paper. However, if we do allow ourselves to use auxiliary committees, then we can have a construction using encryption to the near future, which is significantly easier to construct and threshold identity based encryption. This gives us a construction which is has minimal use of auxiliary committees. Basically, the committees only has to carry the state, which is a master secret key of the identity based encryption scheme. This makes the state independent of the size and the number of messages and is a big improvement compared to other works. If this piqued your interest, then check out our paper, a deep print, and come and watch the presentation at ASU Crypt. See you.