 So since we're running a bit late I actually won't be bothering you for too long I just have one slide and I'm kidding actually. So today we're at the randomness summit and I was told not everyone knew about gerund in detail so I will still go a little bit into what is gerund. So gerund is an open source software that is meant to be run by a set of independent nodes that will collectively produce public verifiable unbiased randomness and it's quite interesting because it's verifiable. It means you can verify the output of the gerund beacons have been produced according to the gerund spec and it allows us also to bind together different entropy sources like cloud flour is using their lava lamps kudoski security is using their own chacha 20 PRNG don't worry I'm the one who coded it yeah University of Chile is using you know the seismic data from Chile and so on to run the DKG and then once we have a nice very random group public key a group secret key and its corresponding public key we can verify new beacons and all new beacons are predetermined by that secret key and so gerund has been running actually in production since 2019 well not in production in 2019 but it was launched the legal for entropy in 2019 and the main net launch was in 2020 and since then we had a hundred percent uptime like Patrick mentioned and that is pretty good and so all dear gerund actually works is that it's producing BLS signatures so BLS signatures are relying on a pairing of two groups G1 and G2 onto target group GT and the pairing is billionaire and so we need to have a public key on one of the two groups and we will be issuing signatures on the other group so here if we pick G2 for example for the public key we've a random integer that is our secret s we multiply it with the generator of the group we got a point on the group G2 that is our public key for the group and s here is created using distributed key generation and each node as their own share of the secret and at no point in time the secret is in memory on any machine and that works thanks to Pedersen distributed key generation and Lagrange interpolation then we need to generate signatures so at each epoch row we'll have a round number I don't know like 10 you know and we'll be generating a signature for that round number and so we have a way of mapping the round number onto the group you know as a point on the elliptic curve and then we'll just multiply it with the secret shares of each node and these are creating partial signatures the PI and the final signature is aggregated using Lagrange interpolation basically and that works well and we end up with a value which is equal to the group secret s time the mapped round so h1 of row and that value will be on G1 the first group here in my example because I chose the public key on G2 on the signatures on G1 so oh we can do time lock encryption with it so time lock encryption first is just the fact that you want to encrypt a message that you know now so that it cannot be decrypted until a given time in the future was actually discussed in my talk at real of crypto and since we don't have too much time I will be skipping a lot of it but I quickly the applications that are quite interesting are the fact we can do sealed big the auctions very easily you bid something everybody bid something you encrypted towards the same value and at time t everybody can anyone can decrypt all the sealed bids and see which one is winning the you know the bid another pretty cool thing you can do is it is issue document with a known embargo period so with saying responsible disclosure or if you're a journalist in the country who is like you know sensitive material and you're worried about your safety you could be putting out a ciphertext as like a dead man switch you know so that all the data will get released in a month or in two months even if you disappear and that is quite interesting for yeah these kind of applications another more funny application I guess is the responsible ransomware I mentioned during real world crypto or you have a ransomware that is encrypting some you know all your files on your computer and that tells you a you pay now or you have to pay to wait I don't know three months and that is a much nicer way of doing ransomware so please if you you know develop ransomware use timelock encryption it'd be great so timelock encryption is not exactly new I did not cover that too much in my talk but so that's why I'm going through it now it was first proposed in 1993 by team May the founder of the crypto anarchist movements and what he proposed at the time was a solution based on trusted third parties namely notaries in that case where you would just give them the plain text no encryption or nothing and they would just you know promise not to release it until the time has come and I mean I never understood all notaries work but you basically pay them to do that kind of things and it works that's not great for computer sciences so we might want more you know computer based solutions and that's what came next in 1996 when Rivest Shamir and Wagner proposed the timelock puzzles which we've briefly mentioned already in the previous talks timelock puzzles are basically proof of work so you do you know iterating square squaring or some difficult computations that take a long time on that is how you time lock your data by using that you know last value as your secret and that's not great because it you know you it's very difficult to predict all algorithms on computer hardware will evolve in the future so if you encrypt like run rivers did in 1999 plain text that is meant to last 35 years you might find out that actually in 2019 after only 20 years somebody developed some FPGA based implementation and broke it in two months or somebody has been running it for 3.5 years on their own you know CPU and it actually is much faster than what they were thinking in 1999 and so his timelock you know puzzle is suddenly broken much earlier than expected and so these proof of work based solutions are not great because of that and then there are a ton of other prior art where people proposed you know to use Bitcoin to do it proposed to use commitments and other solutions and actually yeah there is I think an implementation of the Bitcoin one I'm not sure anybody ever used it really but most of them are you know not really great for the planet or whatsoever are using very like cutting edge cryptography nobody wants to use or just not practical and so nobody really deployed it and there is another line of prior art actually that started with Yulet Packard in 2002 proposing to use IBE to do time lock encryption with a server releasing the decryption keys and so on then there is a first paper about using BLS to do time lock encryption in 2004 by Blake and Chan and in 2006 we have Rabin and Thorpe that are saying hey the notion of time lock has been around for over a decade and nobody has come up with a good solution yet so here we are going to propose a practical way of doing it and we're doing so by using a DKG and all the things you know kind of that we have in D-rand and that is very interesting and despite that paper nobody implemented it neither it was never deployed in practice and so we are in 2020 and there is still no time lock services out there and that's what we set to solve so we wanted to propose a service that would allow you to encrypt something towards the future and we did so using D-rand so now you have D-rand that is acting as a cryptographic reference clock ticking and we have all the rounds matching a specific time just like the NIST becomes because the time at which we release the rounds is baked in the protocol kind of as long as we have honest nodes and the rest actually you know it's just math it works it's based on IB so IB it's a the identity based on encryption scheme it's from 2001 it's using also BLS 2003 so it's fairly battle tested you know things from the research side it's starting to get deployed in practice and yeah D-rand has been running it for years and now we have a time lock system that is based on that and I will be skipping the rest of my slides because it's just detailing what is in our paper and a print and you can also watch my talk at Real World Crypto it's already on YouTube and you can try it live in your browser if you want by going to the time vault the D-rand.love web page and it's based on our libraries that we've released we also have a CLI tool and yeah there are some details that are important to think about like what you know what happens if you we want to target 10 years 20 years in the future it's very difficult to say if there won't be maybe a quantum computer or some you know people at the NSA finding a way to break BLS 12 381 so it's quite difficult to say so we would not recommend using it to encrypt data for you know 10 20 30 years but you can definitely use it today to encrypt data for the next week for the next year for in three seconds in six seconds and so on so it's fairly practical it sounds good and also it's not super clear or we'll be doing governance because what if the legal philanthropy decide to stops should we be releasing the key material that would allow anybody to encrypt all future ciphertext or should we destroy it you know and that is more of a governance question we don't really have the answers yet but so far we're not planning on shutting down the legal philanthropy and I think the consensus is given we did not provide any information about it if we were to stop it we would just destroy the key material and yeah we're always happy to have more companies joining the legal philanthropy so if your company is interested in joining the legal philanthropy we'd be happy to talk with you it's a minimum amount of commitment it costs maybe I don't know 10 to 20 bucks a month to run zero nodes it's like two vcpu 500 megs of RAM not too big and yeah and we're very interested in universities and web two companies joining the league so yeah talk to us and yeah that's it