Abstract. We consider the problem of sending messages into the future." Previous constructions for this task were either based on heuristic assumptions or did not provide anonymity to the sender of the message. In the public-key setting, we present an e cient and secure timed-release encryption scheme using a time server" which inputs the current time into the system. The server has to only interact with the receiver and never learns the sender's identity. The scheme's computational and communicational cost per request are only logarithmic in the time parameter. The construction of our scheme is based on a novel cryptographic primitive: a variant of oblivious transfer which we call conditional oblivious transfer. We de ne this primitive which may be of independent interest and show an e cient construction for an instance of this new primitive based on the quadratic residuosity assumption.