From 3b403ad7f74c254fd19c81a41ad23329f87fdc90 Mon Sep 17 00:00:00 2001 From: Sungchan Yi Date: Fri, 27 Oct 2023 00:27:54 +0900 Subject: [PATCH] feat: Modern Cryptography Midterm Posts (#113) * [PUBLISHER] upload files #108 * PUSH NOTE : 6. Hash Functions.md * PUSH ATTACHMENT : mc-06-merkle-damgard.png * PUSH ATTACHMENT : mc-06-davies-meyer.png * PUSH ATTACHMENT : mc-06-hmac.png * [PUBLISHER] upload files #109 * PUSH NOTE : 7. Key Exchange.md * PUSH ATTACHMENT : mc-07-dhke.png * PUSH ATTACHMENT : mc-07-dhke-mitm.png * PUSH ATTACHMENT : mc-07-merkle-puzzles.png * [PUBLISHER] upload files #110 * PUSH NOTE : 6. Hash Functions.md * PUSH ATTACHMENT : mc-06-merkle-damgard.png * PUSH ATTACHMENT : mc-06-davies-meyer.png * PUSH ATTACHMENT : mc-06-hmac.png * [PUBLISHER] upload files #111 * PUSH NOTE : 7. Key Exchange.md * PUSH ATTACHMENT : mc-07-dhke.png * PUSH ATTACHMENT : mc-07-dhke-mitm.png * PUSH ATTACHMENT : mc-07-merkle-puzzles.png * [PUBLISHER] upload files #112 * PUSH NOTE : 7. Key Exchange.md * PUSH ATTACHMENT : mc-07-dhke.png * PUSH ATTACHMENT : mc-07-dhke-mitm.png * PUSH ATTACHMENT : mc-07-merkle-puzzles.png * fix: fixed links to other posts --- .../2023-09-28-hash-functions.md | 261 ++++++++++++++++++ .../2023-10-03-key-exchange.md | 244 ++++++++++++++++ .../mc-06-davies-meyer.png | Bin 0 -> 6185 bytes .../Modern Cryptography/mc-06-hmac.png | Bin 0 -> 9024 bytes .../mc-06-merkle-damgard.png | Bin 0 -> 8260 bytes .../Modern Cryptography/mc-07-dhke-mitm.png | Bin 0 -> 16836 bytes .../Modern Cryptography/mc-07-dhke.png | Bin 0 -> 9552 bytes .../mc-07-merkle-puzzles.png | Bin 0 -> 9897 bytes 8 files changed, 505 insertions(+) create mode 100644 _posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md create mode 100644 _posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-davies-meyer.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-hmac.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-merkle-damgard.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke-mitm.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-merkle-puzzles.png diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md new file mode 100644 index 0000000..df1922b --- /dev/null +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md @@ -0,0 +1,261 @@ +--- +share: true +toc: true +math: true +categories: + - Lecture Notes + - Modern Cryptography +tags: + - lecture-note + - cryptography + - security +title: 6. Hash Functions +date: 2023-09-28 +github_title: 2023-09-28-hash-functions +image: + path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-merkle-damgard.png +attachment: + folder: assets/img/posts/Lecture Notes/Modern Cryptography +--- + +Hash functions are functions that take some input an compress them to produce an output of fixed size, usually just called *hash* or *digest*. A desired property of hash function is **collision resistance**. + +Hash functions are also used in hash table data structures, and for data structures, it isn't a huge problem if there is a collision. Although the search time may be affected, there are ways to handle conflicting hashes for each data structure. + +But *cryptographic hash functions* are different. They should *avoid* collisions, since some adversary will attack in order to find collisions and break the system. Thus cryptographic hash functions are much harder to design. + +## Collision Resistance + +Intuitively, a function $H$ is collision resistant if it is computationally infeasible to find a collision for $H$. Formally, this can be defined also in the form of a security game. + +> **Definition.** Let $H$ be a hash function defined over $(\mathcal{M}, \mathcal{T})$. Given an adversary $\mathcal{A}$, the adversary outputs two messages $m_0, m_1 \in \mathcal{M}$. +> +> $\mathcal{A}$ wins the game if $H(m_0) = H(m_1)$ and $m_0 \neq m_1$. The **advantage** of $\mathcal{A}$ with respect to $H$ is defined as the probability that $\mathcal{A}$ wins the game. +> +> $$ +> \mathrm{Adv}_{\mathrm{CR}}[\mathcal{A}, H] = \Pr[H(m_0) = H(m_1) \wedge m_0 \neq m_1]. +> $$ +> +> If the advantage is negligible for any efficient adversary $\mathcal{A}$, then the hash function $H$ is **collision resistant**. + +With a collision resistant hash function, we can do many things. For example, password hashing is a very common example. Instead of storing the plaintext password, the plaintext is hashed, and the hash is stored. One of the reasons for doing this is for privacy. Even the developers who can access the database shouldn't be able to obtain the plaintext password, and the plaintext password will be safe even if the database is leaked. + +When the user logins, the password user entered will be hashed to compare with the stored hash in the server. It is obvious that we need collision resistant hashes, since if not, a malicious user can login using the collision. + +Another desirable property would be the **one-wayness** of $H$, that it should be hard to find the preimage of any hash. It can be shown that collision resistance implies one-wayness.[^1] + +## MAC Domain Extension + +One possible use of hash function is for extending the domain of MACs. A MAC scheme is usually defined for a fixed block size, so for longer messages, we need other constructions. This is where hash functions can come in. + +Let $\Pi = (S, V)$ be a MAC scheme defined over $(\mathcal{K}, \mathcal{M}, \mathcal{T})$, and let $H : \mathcal{M}' \rightarrow \mathcal{M}$ be a hash function, where $\mathcal{M}'$ is usually larger than $\mathcal{M}$. A naive way to construct a MAC would be to apply the hash first to compress the message and then sign it. It turns out that this new construction is a secure MAC if $\Pi$ is secure and $H$ is collision resistant. + +> **Theorem.** Let $\Pi' = (S', V')$ be a MAC defined over $(\mathcal{K}, \mathcal{M}', \mathcal{T})$. Let +> +> $$ +> S'(k, m) = S(k, H(m)), \quad V'(k, m, t) = V(k, H(m), t). +> $$ +> +> If $\Pi$ is a secure MAC and $H$ is collision resistant, then $\Pi'$ is a secure MAC. +> +> For any efficient adversary $\mathcal{A}$ attacking $\Pi'$, there exist a MAC adversary $\mathcal{B} _ \mathrm{MAC}$ attacking $\Pi$ and an adversary $\mathcal{B} _ \mathrm{CR}$ attacking $H$ such that +> +> $$ +> \mathrm{Adv}_{\mathrm{MAC}}[\mathcal{A}, \Pi'] \leq \mathrm{Adv}_{\mathrm{MAC}}[\mathcal{B}_\mathrm{MAC}, \Pi] + \mathrm{Adv}_{\mathrm{CR}}[\mathcal{B}_\mathrm{CR}, H]. +> $$ + +*Proof*. See Theorem 8.1.[^2] + +Intuitively, suppose that the MAC scheme $\Pi'$ is insecure. During the MAC security game, $\mathcal{A}$ can either find or not find a collision for $H$. If $\mathcal{A}$ found a collision, $H$ is not collision resistant. If $\mathcal{A}$ didn't find a collision, then $\Pi$ must be broken. Thus we have a contradiction. + +But in reality, this construction is not used very often. We need a *secure* MAC *and* a *collision resistant* hash function, so it is hard to implement. + +## Attacks on Hash Functions + +There are specific attacks that exploit the internal mechanism of some specific hash function, but we only cover generic attacks that work for any given hash function. + +A very simple attack would be the brute force attack. If the hash is $n$ bits, then the attacker can hash $2^n+1$ arbitrary messages to get a collision, by the pigeonhole principle. But usually $n$ is large enough that performing this computation is infeasible. + +### Birthday Attacks + +Actually, the attacker doesn't have to hash that many messages. This is because of the birthday paradox. + +Let $N$ be the size of the hash space. (If the hash is $n$ bits, then $N = 2^n$) + +> 1. Sample $s$ uniform random messages $m_1, \dots, m_s \in \mathcal{M}$. +> 2. Compute $x_i \leftarrow H(m_i)$. +> 3. Find and output a collision if it exists. + +> **Lemma.** The above algorithm will output a collision with probability at least $1/2$ when $s \geq 1.2\sqrt{N}$. + +*Proof*. We show that the probability of no collisions is less than $1/2$. The probability that there is no collision is + +$$ +\prod_{i=1}^{s-1}\left( 1-\frac{i}{N} \right) \leq \prod_{i=1}^{s-1} \exp\left( -\frac{i}{N} \right) = \exp\left( -\frac{s(s-1)}{2N} \right). +$$ + +So solving $\exp\left( -s(s-1)/2N \right) < 1/2$ for $s$ gives approximately $s \geq \sqrt{(2\log2)N} \approx 1.17 \sqrt{N}$. + +In the above proof, we assume that $H$ is uniform. But in reality, $H$ might be biased, but it can be shown that collision probability is minimized when $H$ is uniform, so the above argument holds. + +Note that birthday attacks can be done entirely *offline*. The adversary doesn't have to interact with any users of the system, so adversaries can invest huge computing resources to find a collision, without anybody noticing. Thus, offline attacks are considered more dangerous than *online* attacks that require many interactions. + +## Merkle-Damgård Transform + +Now we want to construct collision resistant hash functions that work for arbitrary input length. Thanks to the **Merkle-Damgård transform**, we can start from a collision resistant hash function that works for short messages. + +The Merkle-Damgård transform gives as a way to extend our input domain of the hash function by iterating the function. + +![mc-06-merkle-damgard.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-merkle-damgard.png#) + +> **Definition.** Let $h : \left\lbrace 0, 1 \right\rbrace^n \times \left\lbrace 0, 1 \right\rbrace^l \rightarrow \left\lbrace 0, 1 \right\rbrace^n$ be a hash function. The **Merkle-Damgård function derived from $h$** is a function $H$ that works as follows. +> +> 1. Given an input $m \in \left\lbrace 0, 1 \right\rbrace^{\leq L}$, pad $m$ so that the length of $m$ is a multiple of $l$. +> - The padding block $\mathrm{PB}$ must contain an encoding of the input message length. i.e, it is of the form $100\dots00\parallel\left\lvert m \right\lvert$. +> 2. Then partition the input into $l$-bit blocks so that $m' = m_1 \parallel m_2 \parallel \cdots \parallel m_s$. +> 3. Set $t_0 \leftarrow \mathrm{IV} \in \left\lbrace 0, 1 \right\rbrace^n$. +> 4. For $i = 1, \dots, s$, calculate $t_i \leftarrow h(t_{i-1}, m_i)$. +> 5. Return $t_s$. + +- The function $h$ is called the **compression function**. +- The $t_i$ values are called **chaining values**. +- Note that because of the padding block can be at most $l$-bits, the maximum message length is $2^l$, but usually $l = 64$, so it is enough. +- $\mathrm{IV}$ is fixed to some value, and is usually set to some complicated string. +- We included the length of the message in the padding. This will be used in the security proof. + +The Merkle-Damgård construction is secure. + +> **Theorem.** If $h$ is a collision resistant hash function, then so is $H$. + +*Proof*. We show by contradiction. Suppose that an adversary $\mathcal{A}$ of $H$ found a collision for $H$. Let $H(m) = H(m')$ for $m \neq m'$. Now we construct an adversary $\mathcal{B}$ of $h$. $\mathcal{B}$ will examine $m$ and $m'$ and work its way backwards. + +Suppose that $m = m_1\cdots m_u$ and $m' = m_1'\cdots m_v'$. Let the chaining values be $t_i = h(t_{i-1},m_i)$ and $t_i' = h(t_{i-1}', m_i')$. Then since $H(m) = H(m')$, the very last iteration should give the same output. + +$$ +h(t_{u-1},m_u) = h(t_{v-1}', m_v'). +$$ + +Suppose that $t_{u-1} \neq t_{v-1}'$ and $m_u \neq m_v'$. Then this is a collision for $h$, so $\mathcal{B}$ returns this collision, and we are done. So suppose otherwise. Then $t_{u-1} = t_{v-1}'$ and $m_u = m_v'$. But because the last block contains the padding, the padding values must be the same, which means that the length of these two messages must have been the same, so $u = v$. + +Now we have $t_{u-1} = t_{u-1}'$, which implies $h(t_{u-2}, m_{u-1}) = h(t_{u-2}', m_{u-1}')$. We can now repeat the same process until the first block. If $\mathcal{B}$ did not find any collision then it means that $m_i = m_i'$ for all $i$, so $m = m'$. This is a contradiction, so $\mathcal{B}$ must have found a collision. + +By the above argument, we see that $\mathrm{Adv} _ {\mathrm{CR}}[\mathcal{A}, H] = \mathrm{Adv} _ {\mathrm{CR}}[\mathcal{B}, h]$. + +### Attacking Merkle-Damgård Hash Functions + +See Joux's attack.[^2] + +## Davies-Meyer Compression Functions + +Now we only have to build a collision resistant compression function. We can build these functions from either a block cipher, or by using number theoretic primitives. + +Number theoretic primitives will be shown after we learn some number theory.[^3] An example is shown in [collision resistance using DL problem (Modern Cryptography)](../2023-10-03-key-exchange#collision-resistance-based-on-dl-problem). + +![mc-06-davies-meyer.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-davies-meyer.png#) + +> **Definition.** Let $\mathcal{E} = (E, D)$ be a block cipher over $(\mathcal{K}, X, X)$ where $X = \left\lbrace 0, 1 \right\rbrace^n$. The **Davies-Meyer compression function derived from $E$** maps inputs in $X \times \mathcal{K}$ to outputs in $X$, defined as follows. +> +> $$ +> h(x, y) = E(y, x) \oplus x. +> $$ + +> **Theorem.** Suppose $\mathcal{E}$ is an ideal cipher.[^4] Then finding a collision for $h$ takes $\mathcal{O}(2^{n/2})$ evaluations of $(E, D)$. + +*Proof*. Check Theorem 8.4.[^2] + +Due to the birthday attack, we see that this bound is the best possible. + +There are other constructions of $h$ using the block cipher. But some of them are totally insecure. These are some insecure functions. + +$$ +h_1(x, y) = E(y, x) \oplus y, \quad h_2(x, y) = E(x, x \oplus y) \oplus x. +$$ + +Also, just using $E(y, x)$ is insecure. + +## Secure Hash Algorithm (SHA) + +This is a family of hash functions published by NIST. + +- 1993: SHA0 +- 1995: SHA1 +- 2001: **SHA2-256** and **SHA2-512** (most widely used) +- 2015: SHA3-256 and SHA3-512 + +There are known attacks for SHA0 and SHA1, so use at least SHA2. + +SHA1 and SHA2 uses Merkle-Damgård and Davies-Meyer compression function. But if we use just AES, then the block size is $128$ bits, meaning that birthday attacks take $\mathcal{O}(2^{64})$, which is a bit small. So SHA2 uses a different block cipher called SHACAL-2 that uses $256$ bit blocks. + +## HMAC + +We needed a complicated construction for MACs that work on long messages. We might be able to use the collision resistance of hash functions and build a MAC with it. + +### Some Approaches + +Here are a few approaches. Suppose that a compression function $h$ is given and $H$ is a Merkle-Damgård function derived from $h$. + +Recall that [we can construct a MAC scheme from a PRF](../2023-09-21-macs#mac-constructions-from-prfs), so either we want a secure PRF or a secure MAC scheme. + +#### Prepending the Key + +Define $S(k, m) = H(k \parallel m)$. This is insecure by length extension attacks. Given $H(k \parallel m)$, one can compute $H(k \parallel m \parallel m')$ for any $m'$, resulting in forgery. + +#### Appending the Key + +Define $S(k, m) = H(m \parallel k)$. This is vulnerable to an offline attack on $h$. If there is a collision on $h$, then $h(\mathrm{IV}, m) = h(\mathrm{IV}, m')$ for some $m \neq m'$. Then $S(k, m) = S(k, m')$ which results in forgery. + +#### Envelope Method + +Define $S(k, m) = H(k \parallel M \parallel k)$. This can be proven to be a secure PRF under reasonable assumptions. See Exercise 8.17.[^2] + +#### Two-Key Nest + +Define $S((k_1,k_2), m) = H(k_2 \parallel H(k_1 \parallel m))$. This can also be proven to be a secure PRF under reasonable assumptions. See Section 8.7.1.[^2] + +This can be thought of as blocking the length extension attack from prepending the key method. + +### HMAC + +![mc-06-hmac.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-hmac.png#) + +This is a variant of the two-key nest, but the difference is that the keys $k_1', k_2'$ are not independent. Choose a key $k \leftarrow \mathcal{K}$, and set + +$$ +k_1 = k \oplus \texttt{ipad}, \quad k_2 = k\oplus \texttt{opad} +$$ + +where $\texttt{ipad} = \texttt{0x363636}...$ and $\texttt{opad} = \texttt{0x5C5C5C}...$. Then + +$$ +\mathrm{HMAC}(k, m) = H(k_2 \parallel H(k_1 \parallel m)). +$$ + +The security proof given for two-key nest does not apply here, since $k_1$ and $k_2$ are not independent. With stronger assumptions on $h$, then we almost get an optimal security bound. + +## The Random Oracle Model + +### Motivation + +Some constructions using cryptographic hash functions cannot be proven secure only using the collision resistance assumption. + +A conservative way to solve this problem would be to construct schemes that can be proven secure, using reasonable assumptions about the hash function. But it may be hard to find such schemes and they may be less efficient than existing approaches that haven't been formally proven. On the other hand, it is unacceptable to use a cryptosystem without a security proof, even though attackers have been unsuccessful. + +Introducing an *idealized model* offers a middle ground to this. The model is not real, and reality is far from ideal. But as long as the model is *reasonable*, proofs under the idealized model is better than nothing. Proof with idealized model lets us understand the scheme better. + +### Random Oracle Model + +The **random oracle model** is a model that treats a cryptographic hash function as a truly random function. In this model, there is a public, random function $H$, that can be evaluated *only* by querying the oracle. + +The random oracle model also provides a formal method that can be used to design and validate cryptosystems using the following approach. + +1. Design a scheme and prove that it is secure in the random oracle model. +2. During implementation, replace the random oracle with a cryptographic hash function. + +We hope that the cryptographic hash function used in step 2 is good enough to mimic a random oracle. Then the proof of security in the random oracle model would be still valid in the real world. + +But there are schemes that can be proven insecure when instantiated with hash functions, even if they were proven secure in the random oracle model. Also, any hash function cannot behave like a random oracle/function. So a security proof in the random oracle model suggests that some scheme has no internal design flaws, but it is not enough to claim security of the scheme in the real world. + +[^1]: There is a subtle detail here, refer to [this question](https://crypto.stackexchange.com/questions/17924/does-collision-resistance-imply-or-not-second-preimage-resistance) on cryptography SE. +[^2]: A Graduate Course in Applied Cryptography +[^3]: These are rarely used since they rely on prime numbers, and prime numbers are expensive. Also block ciphers are blazingly fast compared to computing integers. +[^4]: We treat the block cipher as a family of random permutations. i.e, for each $k \in \mathcal{K}$, $E(k, \cdot)$ is a random permutation. diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md b/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md new file mode 100644 index 0000000..adb6171 --- /dev/null +++ b/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md @@ -0,0 +1,244 @@ +--- +share: true +toc: true +math: true +categories: + - Lecture Notes + - Modern Cryptography +tags: + - lecture-note + - cryptography + - security +title: 7. Key Exchange +date: 2023-10-03 +github_title: 2023-10-03-key-exchange +image: + path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke.png +attachment: + folder: assets/img/posts/Lecture Notes/Modern Cryptography +--- + +In symmetric key encryption, we assumed that the two parties already share the same key. We will see how this can be done. + +In symmetric key settings, a user has to agree and store every key for every other user, so if there are $N$ users in the system, $\mathcal{O}(N^2)$ keys are to be stored in the system. But these keys are secret information, so they have to be handled with care. With so many keys, it is hard to store and manage them securely. + +Distributing a key requires a lot of care. The two parties need a secure channel beforehand, or have to meet physically in person to safely exchange keys. But for open systems, physical meetings cannot be arranged and users are not aware of each other before communicating. + +In summary, symmetric key cryptography has at least three problems. + +1. It is hard to distribute keys securely. +2. It is hard to storing and managing many secret keys securely. +3. Symmetric key cryptography cannot be applied to open systems. + +Problems 1 and 2 can be solved partially using **trusted third parties** (TTP), but such TTPs become a single point of failure, and is usually used only in a single organization. + +## Diffie-Hellman Key Exchange (DHKE) + +We need a method to share a secret key. For now, assume that the adversary only eavesdrops, and does not tamper with the message. + +### Generic Description and Requirements + +**Diffie-Hellman key exchange** protocol allows two parties to generate a shared secret key, without establishing a physical meeting. Here is a generic description of the protocol. + +> We have two functions $E(\cdot)$ and $F(\cdot, \cdot)$. +> 1. Alice chooses a random secret $\alpha$ and computes $E(\alpha)$. +> 2. Bob chooses a random secret $\beta$ and computes $E(\beta)$. +> 3. Alice and Bob exchange $E(\alpha), E(\beta)$ over an *insecure channel*. +> 4. Using the given information, Alice and Bob both compute a shared key $F(\alpha, \beta)$. + +Alice only knows $\alpha, E(\beta)$, and Bob only knows $\beta, E(\alpha)$. With the given information for each party, they compute $F(\alpha, \beta)$ and use it as a shared key. Also, since Alice and Bob are currently exchanging keys, $E(\alpha)$ and $E(\beta)$ are sent over an insecure channel. Then the eavesdropper can see $E(\alpha), E(\beta)$. + +Overall, for this protocol to be secure, $E$ and $F$ should at least satisfy the following. + +- $E$ is easy to compute. +- Given $\alpha$ and $E(\beta)$, it is easy to compute $F(\alpha, \beta)$. +- Given $E(\alpha)$ and $\beta$, it is easy to compute $F(\alpha, \beta)$. +- Given $E(\alpha)$ and $E(\beta)$, it is **hard** to compute $F(\alpha, \beta)$. +- $E$ must be a one way function. + +The first three conditions are for the communicating parties, and is sort of a correctness condition that Alice and Bob can agree on the same key efficiently. The last two conditions are a security condition. It should be hard for the eavesdropping adversary to compute the secret, and that it must be hard to recover $x$ from the value of $E(x)$. Otherwise, the adversary will find $\alpha$ or $\beta$ and compute $F(\alpha, \beta)$. + +To implement the above protocol, we need two functions $E$ and $F$ that satisfy the above properties. We rely on the hardness of number theoretic problems to implement this. + +### DHKE Protocol in Detail + +Let $p$ be a large prime, and let $q$ be another large prime dividing $p - 1$. We typically use very large random primes, $p$ is about $2048$ bits long, and $q$ is about $256$ bits long. + +All arithmetic will be done in $\mathbb{Z}_p$. We also consider $\mathbb{Z} _ p^ *$ , the **unit group** of $\mathbb{Z} _ p$. Since $\mathbb{Z} _ p$ is a field, $\mathbb{Z} _ p^ * = \mathbb{Z} _ p \setminus \left\lbrace 0 \right\rbrace$, meaning that $\mathbb{Z} _ p^ *$ has order $p-1$. + +Since $q$ is a prime dividing $p - 1$, $\mathbb{Z}_p^*$ has an element $g$ of order $q$.[^1] Let + +$$ +G = \left\langle g \right\rangle = \left\lbrace 1, g, g^2, \dots, g^{q-1} \right\rbrace \leq \mathbb{Z}_p^*. +$$ + +We assume that the description of $p$, $q$ and $g$ are generated at the setup and shared by all parties. Now the actual protocol goes like this. + +![mc-07-dhke.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke.png#) + +> 1. Alice chooses $\alpha \leftarrow \mathbb{Z}_q$ and computes $g^\alpha$. +> 2. Bob chooses $\beta \leftarrow \mathbb{Z}_q$ and computes $g^\beta$. +> 3. Alice and Bob exchange $g^\alpha$ and $g^\beta$ over an insecure channel. +> 4. Using $\alpha$ and $g^\beta$, Alice computes $g^{\alpha\beta}$. +> 5. Using $\beta$ and $g^\alpha$, Bob computes $g^{\alpha\beta}$. +> 6. The secret key shared by Alice and Bob is $g^{\alpha\beta}$. + +It works! + +### Security of the DHKE Protocol + +The protocol is secure if and only if the following holds. + +> Let $\alpha, \beta \leftarrow \mathbb{Z}_q$. Given $g^\alpha, g^\beta \in G$, it is hard to compute $g^{\alpha\beta} \in G$. + +This is called the **computational Diffie-Hellman assumption**. As we will see below, this is not as strong as the discrete logarithm assumption. But in the real world, CDH assumption is reasonable enough for groups where the DL assumption holds. + +## Discrete Logarithm and Related Assumptions + +We have used $E(x) = g^x$ in the above implementation. This function is called the **discrete exponentiation function**. This function is actually a *group isomorphism*, so it has an inverse function called the **discrete logarithm function**. The name comes from the fact that if $u = g^x$, then it can be written as '$x = \log_g u$'. + +We required that $E$ must be a one-way function for the protocol to work. So it must be hard to compute the discrete logarithm function. There are some problems related to the discrete logarithm, which are used as assumptions in the security proof. They are formalized as a security game, as usual. + +$G = \left\langle g \right\rangle \leq \mathbb{Z} _ p^{ * }$ will be a *cyclic group* of order $q$ and $g$ is given as a generator. Note that $g$ and $q$ are also given to the adversary. + +### Discrete Logarithm Problem (DL) + +> **Definition.** Let $\mathcal{A}$ be a given adversary. +> +> 1. The challenger chooses $\alpha \leftarrow \mathbb{Z}_q$ and sends $u = g^\alpha$ to the adversary. +> 2. The adversary calculates and outputs some $\alpha' \in \mathbb{Z}_q$. +> +> We define the **advantage in solving the discrete logarithm problem for $G$** as +> +> $$ +> \mathrm{Adv}_{\mathrm{DL}}[\mathcal{A}, G] = \Pr[\alpha = \alpha']. +> $$ +> +> We say that the **discrete logarithm (DL) assumption** holds for $G$ if for any efficient adversary $\mathcal{A}$, $\mathrm{Adv}_{\mathrm{DL}}[\mathcal{A}, G]$ is negligible. + +So if we assume the DL assumption, it means that DL problem is **hard**. i.e, no efficient adversary can effectively solve the DL problem for $G$. + +### Computational Diffie-Hellman Problem (CDH) + +> **Definition.** Let $\mathcal{A}$ be a given adversary. +> +> 1. The challenger chooses $\alpha, \beta \leftarrow \mathbb{Z}_q$ and sends $g^\alpha, g^\beta$ to the adversary. +> 2. The adversary calculates and outputs some $w \in G$. +> +> We define the **advantage in solving the computational Diffie-Hellman problem for $G$** as +> +> $$ +> \mathrm{Adv}_{\mathrm{CDH}}[\mathcal{A}, G] = \Pr[w = g^{\alpha\beta}]. +> $$ +> +> We say that the **computational Diffie-Hellman (CDH) assumption** holds for $G$ if for any efficient adversary $\mathcal{A}$, $\mathrm{Adv}_{\mathrm{CDH}}[\mathcal{A}, G]$ is negligible. + +An interesting property here is that given $(g^\alpha, g^\beta)$, it is hard to determine if $w$ is a solution to the problem. ($w \overset{?}{=} g^{\alpha\beta}$) + +### Decisional Diffie-Hellman Problem (DDH) + +Since recognizing a solution to the CDH problem is hard, we have another assumption that it is hard to distinguish a solution to the CDH problem and a random element from $G$. + +> **Definition.** Let $\mathcal{A}$ be a given adversary. We define two experiments 0 and 1. +> +> **Experiment $b$**. +> 1. The challenger chooses $\alpha, \beta, \gamma \leftarrow \mathbb{Z}_q$ and computes the following. +> +> $$ +> u = g^\alpha, \quad v = g^\beta, \quad w_0 = g^{\alpha\beta}, \quad w_1 = g^\gamma. +> $$ +> +> 2. The challenger sends the triple $(u, v, w_b)$ to the adversary. +> 3. The adversary calculates and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$. +> +> Let $W_b$ be the event that $\mathcal{A}$ outputs $1$ in experiment $b$. We define the **advantage in solving the decisional Diffie-Hellman problem for $G$** as +> +> $$ +> \mathrm{Adv}_{\mathrm{DDH}}[\mathcal{A}, G] = \left\lvert \Pr[W_0] - \Pr[W_1] \right\lvert. +> $$ +> +> We say that the **decisional Diffie-Hellman (DDH) assumption** holds for $G$ if for any efficient adversary $\mathcal{A}$, $\mathrm{Adv}_{\mathrm{DDH}}[\mathcal{A}, G]$ is negligible. + +For $\alpha, \beta, \gamma \in \mathbb{Z}_q$, the triple $(g^\alpha, g^\beta, g^\gamma)$ is called a **DH-triple** if $\gamma = \alpha\beta$. So the assumption is saying that no efficient adversary can distinguish DH-triples from non DH-triples. + +### Relations Between Problems + +It is easy to see that the following holds. + +> In the order of hardness, DL problem $\gt$ CDH problem $\gt$ DDH problem. + +If an adversary can solve the DL problem, it can solve CDH and DDH, so DL problem is harder. It is known that strict inequality holds. + +If we assume that an easier problem is hard, we have a strong assumption. That is, it is easier to be broken in the future, because we assumed too much. + +> DDH assumption $\implies$ CDH assumption $\implies$ DL assumption + +Suppose we used the DDH assumption in the proof. If the DDH assumption turns out to be false, proofs using the CDH or DL assumption remain valid. + +If we used the DL assumption and it turns out to be false, there will be an efficient algorithm solving the DL problem. Then CDH, DDH problems can also be solved, so proofs using the DDH or CDH assumption will be invalidated. Thus DL assumption is the weakest assumption, since breaking DL will break both CDH and DDH. + +## Multi-Party Diffie-Hellman + +Suppose we want something like a secret group chat, where there are $N$ ($\geq 3$) people and they need to generate a shared secret key. It is known that $N$-party Diffie-Hellman is possible in $N-1$ rounds. Here's how it goes. The indices are all in modulo $N$. + +Each party $i$ chooses $\alpha _ i \leftarrow \mathbb{Z} _ q$, and computes $g^{\alpha _ i}$. The parties communicate in a circular form, and passes the computed value to the $(i+1)$-th party. In the next round, the $i$-th party receives $g^{\alpha _ {i-1}}$ and computes $g^{\alpha _ {i-1}\alpha _ i}$ and passes it to the next party. After $N-1$ rounds, all parties have the shared key $g^{\alpha _ 1\cdots\alpha _ N}$. + +Taking $\mathcal{O}(N)$ steps is impractical in the real world, due to many communications that the above algorithm requires. Researchers are looking for methods to generate a shared key in a single round. It has been solved for $N=3$ using bilinear pairings, but for $N \geq 4$ it is an open problem. + +## Attacking Anonymous Diffie-Hellman Protocol + +We assumed that the adversary only eavesdrops, but if the adversary carries out active attacks, then DHKE is not enough. The major problem is the lack of **authentication**. Alice and Bob are exchanging keys, but they both cannot be sure that there are in fact communicating with the other. An attacker can intercept messages and impersonate Alice or Bob. This attack is called a **man in the middle attack**, and this attack works on any key exchange protocol that lacks authentication. + +![mc-07-dhke-mitm.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke-mitm.png#) + +The adversary will impersonate Bob when communicating with Alice, and will do the same for Bob by pretending to be Alice. The values of $\alpha, \beta$ that Alice and Bob chose are not leaked, but the adversary can decrypt anything in the middle and obtain the plaintext. + +## Collision Resistance Based on DL Problem + +Suppose that the DL problem is hard on the group $G = \left\langle g \right\rangle$, with prime order $q$. Choose an element $h \in G$, and define a hash function $H : \mathbb{Z}_q \times \mathbb{Z}_q \rightarrow G$ as + +$$ +H(\alpha, \beta) = g^\alpha h^\beta. +$$ + +If an adversary were to find a collision, then $H(\alpha, \beta) = H(\alpha', \beta')$, which implies $g^\alpha h^\beta = g^{\alpha'}h^{\beta'}$, thus $h = g^{(\alpha - \alpha') / (\beta' - \beta)}$, calculating the discrete logarithm. + +Thus under the DL assumption, the hash function $H$ is collision resistant. + +## Merkle Puzzles (1974) + +Before Diffie-Hellman, Merkle proposed an idea for secure key exchange protocol using symmetric key cryptography. + +The idea was to use *puzzles*, which are problems that can be solved with some effort. + +![mc-07-merkle-puzzles.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-merkle-puzzles.png#) + +> Let $\mathcal{E} = (E, D)$ be a block cipher defined over $(\mathcal{K}, \mathcal{M})$. +> 1. Alice chooses random pairs $(k_i, s_i) \leftarrow \mathcal{K} \times \mathcal{M}$ for $i = 1, \dots, L$. +> 2. Alice constructs $L$ puzzles, defined as a triple $(E(k_i, s_i), E(k_i, i), E(k_i, 0))$. +> 3. Alice randomly shuffles these puzzles and sends them to Bob. +> 4. Bob picks a random puzzle $(c_1, c_2, c_3)$ and solves the puzzle by **brute force**, trying all $k \in \mathcal{K}$ until some $D(k, c_3) = 0$ is found. +> - If Bob finds two different keys, he indicates Alice that the protocol failed and they start over. +> 5. Bob computes $l = D(k, c_2)$ and $s = D(k, c_1)$, sends $l$ to Alice. +> 6. Alice will locate the $l$-th puzzle and set $s = s_l$. + +If successful, Alice and Bob can agree on a secret message $s \in \mathcal{M}$. It can be seen that Alice has to do $\mathcal{O}(L)$, Bob has to do $\mathcal{O}(\left\lvert \mathcal{K} \right\lvert)$ amount of work. + +For block ciphers, we commonly set $\mathcal{K}$ large enough so that brute force attacks are infeasible. So for Merkle puzzles, we reduce the key space. For example, if we were to use AES-128 as $\mathcal{E}$, then we can set the first $96$ bits of the key as $0$. Then the search space would be reduced to $2^{32}$, which is feasible for Bob. + +Now consider the adversary who obtains all puzzles $P_i$ and the value $l$. To obtain the secret message $s_l$, adversary has to locate the puzzle $P_l$. But since the puzzles are in random order, the adversary has to solve all puzzles until he finds $P_l$. Thus, the adversary must spend time $\mathcal{O}(L\left\lvert \mathcal{K} \right\lvert)$ to obtain $s$. So we have a quadratic gap here. + +### Performance Issues + +Suppose we set $L \approx \left\lvert \mathcal{K} \right\lvert$. Then first of all, Alice has to create that many puzzles and send all of them to Bob. + +Next, the adversary must spend time $\mathcal{O}(L^2)$, but this doesn't satisfy our definitions of security, since the adversary has advantage about $1/L^2$ with constant work, which is non-negligible. Also, $L$ must be large enough in practice, which raises the first problem again. + +### Impossibility Results + +It is unknown whether we can get a better gap (than quadratic) using a general symmetric cipher. A partial result was given that quadratic gap is the best possible if we only use block ciphers.[^2] + +To get exponential gaps, we need number theory. + +[^1]: By Cauchy's theorem, or use the fact that $\mathbb{Z}_p^*$ is commutative. Finite commutative groups have a subgroup of every order that divides the order of the group. +[^2]: R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In Proceedings of the Symposium on Theory of Computing (STOC), pages 44–61, 1989. diff --git a/assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-davies-meyer.png b/assets/img/posts/Lecture Notes/Modern Cryptography/mc-06-davies-meyer.png new file mode 100644 index 0000000000000000000000000000000000000000..45dac25bd71e203d5719e17ef7b6ab4741c7df43 GIT binary patch literal 6185 zcmcgwXHXMNw+=PbK$K39B27R{KuQ7vK@gB4O?n6EA_-uq3WN>-{_t3(^f}Ncmfk1?Wgy3+v^Ye2xH8p*GeIX&C zot+(TZ*N9MMn6BlsHiAONy)RbGX({OgoK3g@o_vJPfbnj>grljQc_h_m6Max($X?N zKfkuNwzszz8X9_ZbW~VaxU{rHAP`_Mn3$LtJw3gRjm_rf=JfRR-Me?cfB!x@I?Bz> zZE9+om6gTI%R4kQG&wn0TU(oyl!Qbg!CE!Jw{I&dDy$I;sQ>^wt(F?n*nf6s!P0bAg@tOl zHCBetffg-}3F9+GdQBCDlYhFnh^I4<;4`!|wJ=>+8Yiv`-jMd#$RRNNX5l{)Vr6xk zh{+YYP9&!Q32YwA_E3@J!iZy}7a$$5c;bS*6M765ogUTzz$gBm3M!{i7h#4d0X#;E z5quK!mdGD!oCGu)T>sd^FTjh_6%I|gl;qC*{K9I*sLsF2du+fyg;VIONkX|#Oy5(< z$u%pyndns28y%^&2O~`2lhU7T^A8w{TDF7-{0R{Zr&|UO4Tv}Tx@(uv{`$lALp*0% zEmJqMUz2g@HqXoyg#`*U=l6P*N-(0QS2BH&&!`2ShAr)~pENjsbf9@RD_D7OH{W%9 zID0{x?V;?f=Fv2hy0-O>l%sNFZg5U>bWFqWHq`*zOuH(U+T{L|Vi6PhF0#G7%<}fx zHQiG_Gbrq8r@wjAh~Q(X8*tOemApNNo1uNh`th<4IzhwvIaL|l1^jWD z-v#`M9*i<~wi9Tv%C7f!YZDqx_Uu4ubyDu%Jn()=Kuq~gBdos>x)AT~IS;bUM8z~b z`Z@jJ8&PI)H9^O|ki*+c>Z&~ z5t0c_wMc1?3L;7CCrZ7wjuqGyPq96SpFolZWKUewLyhDW2Q+C(?wju@*dDt-Pm7)) zatN$`5S$5t`Pn%X;>&+jIco|pyGmS*>|;U0ltU9MKX;XI->K5hl^|yt$Figw`>~+3 zGIH8d5y!?gBV?IFYY&CZe9k5Ok}**U@&hVANe%rVSqAg6bAfW0nTcepFl4>;H7yv` zx!LBMz2uY~rt#Le6uU8X)t#QuS_EHV6Whi*n-+-#ql2uS1zVg{QI z_T2!8g>6o@Kna#DhG%YD@|JhFlHJs%$)b=>MLG^f^8IIEn@jvb;_5N-8*S2Dzlkey z9(Bpe)&7Jp>HK8FU75<4?frh*e|tEq3Po37gIBT?&dZ{771Z&>X!n@9GboA$H#+l? zgHc+DE|t*M`dtKvRB}}3G8nSKqkXusOd}P4efEA0Z`?m}>?PSjnMY`Ur|zx&t$AZG zyZQH-n?CBpi~e4!R7~4O5|L|EilWJGnbQu2*HMHd)-T&_k@;-_E%j$jX!WjJk;U>G zXm-gZXY_#BEZOC`%rC^)tF+(~7dk-=Kob$*mOK(RsOMwsBaQHDJjwS~k9#R!t3XPR{rH z*!q`{u(^nmFy{|E1({$NAh;i8dj=Tv^vI=vezW~52S5OP z0b77kvH}VfU?>Q{^DoE#Co*Opz}Wvw!=&IR@%wTBK>L;gN1${9nV`@wfd7kTx^cYZ zeIb;gbHp*O{iVKxj5;&YDNP;u*ot|Zbn(<6431rnU~|Mfo!aDEIV_$NS(XeDRci40W%{Cr*|wZ3Ak2&( zo(u^NyR)?4p5582qau;=JHUslGK)cvatuF;Pwt4d*=*!#9a{#NG2GJ;t;7VGQ$`V0 zByOUkbUzJmmXNqyaGAAj2Xs%8|M3kz-|tsMZ|H|8@SCgIX@bHf0*)^)#-+3v*nTD4 zu8C`8I|`Nx%(?Z^N&*;|S*NYXW4}8k>_fvqKqjx7W9z*LZ6MK-JC~)MBTAJxt>yeF zT+*CLMA0<|^*xAmx@xMGV#cZZ6qo~t1!zCd*f+^k#AgSR`HbwGI3J30As{)2p2NN( zCGo7caB!+*Ax^4|z=TvVN8bAK^PL=fMnbzu7lB_ft(p+h61xF2x(5A{JtiGeYCniz z61it;0f$Y|rS$)hoKoMCavAiU<18yQ_^13(^o*SbR1fD^$(1E&2I?{k0xb{XTS7~p zq?AckGWQI^8F`=m8d!m>sf|+uR=GmQGLK$ew=Nr(Eftv6sR);8d;U--t)u1WdwZ!I z9O}4p>x=q*W+b4|5 zElJ+pR35Iib9dACnf#=fmRm+#sgbLaz_Xlf(9mQpwhoyL@z=Zepq5c8eaQKG8O&Ma z%a1KQ5nht`&Yd0w6213DjS9c@Chf@^ySFbi_goedckje0_RtwMQ>LRsuQqS4#L=s> zMP&_vJ_(3MyHUCoFDn80hiAIu*ToCEbFh5yeVZKmGw&(EfM}*_&ze_WD?9ycMGQh+ zir>szCtV~*EH1y1Rfv9ExQ_NUt;p($YcjDIBD2u(Zzv*l3}2Il33AqP(oGp*M~Er} zA+dM}$0;60gQM8HZv&*j&hs+p4KJ7JkWSV#fQ$oDNkuI^*}yx8-Mk^8?VGT1R1_e%Q0KJ^~DAewQ{#MqEWSa~1b@eiQ2Xc-Ag9X^sW1_65ce%EoQ ze$ppDi<3Y$qtd#VlSlEHqNrSXGu_N;&G{Q!wGhdmjV| z=YvnjHOy{`2h!$0V0|t7*)9EGBNQ0l+VSWnp;P^q7j&FYL>ud`bowUo!Szoa*(EPj z*HzqjgB{ezS1RW0K-uz*&WS_{a#1zXac7*b10eBt9sIQ4(`&w@(IE<0^1$=OkgFEV zP@1c;v9ipA4N$)>ZgBNY@X^Lzg)ziVd?SoM#w@O(nXbJ>e_oB;anLKTSzWBa7KCSM zQcBY%l35=hyT1hkcX?P@r8S&ppfT@?^A|{6!5&H-rI4hW4*J@QZBriG>eOd>4g}U4 z_ZY*)(pkOUIIRlWuG~g8iO^+I6vkfT1bTosRJyIgJlCQ@n?N?N5!fpeCaBSR{DJOw z#V(8W%f9?I_8eWUW70t~IF}8}Z|N&Xha0y2o6%+PW{00Gyh0<_g$rX%BC-OlH=QVb z`(VLanUYe1o+&SnmHOq)u;E|4)@-T3aTg;sJhG5Bg(j_QK-ZE z=(Ee;k_@JfhaS~FMAdq8c|TVF?pojah!yxqhsYQQRnV@oXrK7~UWyK+XcCTVJnj~1 z+;6K-plDxzh20~ZSEFlMeCt`u1Yw80Xr-k2%hS>EzHi znIH)(7{x*+?cl8x^DP8RJsYi5k|AQ%&Q}A)?8Ff7m6yI&fOi=XM`?kC4{Mz_>>4JEc4*Bt#vi$tqIWYh zGJ`BE5b|TiLY+|o%##OOw!O#~{1SnXg!EOr3@R7X_eoe66U!<&bDD7tT!3dhALC;~ z2X34nN8fLfnQr?|xs;rm7W4^-&&d(}~F;`U%-Jn=EQV zijF+@f)YqaBLzM1w*iQ3R@F*WhhF@nEj2z8B-przE z{zDeEuIyN1w*Vl|QPh2~-Ra|%t(EKwkgcQO(UruKD@=I^t9e&{0+7a>M83+TF#4*` z!4NLPgd-Xg#{RGtIoQdklpxH$rn0b^y(T`}OSV{KT=VuE9vMifnkJp0<%wPX*$}>> zR{Zccciu}{nRI7hojUR9^;dDcuhFqnR1r5Hu_sEi78v;hauLqCg}4A_zoKrAlV4j0 zYSRT4)v;LXDZ5Xv-J=fzAUQ(*hq>a;9n{rEXY$N}y69xhJ)6N6M+3nweQxGq)fbm$ zzc0kzamjVO4LLJFf7wfgIaWx!KlD?vn%7 zqw_IvO9UJLfG<7>-KlgQQ17pH4u8Ye$wI6d=Y8T8MBZT8r| z5+!7u{tFqmEQg?`&NYs?797r8o#T)TkVo zIGN7WW@dS>t39cy^PC4r6}hUlApr6<^)qzCUrgLws&iFkqiNzCNBNfo)&9`RD{dxZC>4BA(#fbayr-N@-(4&^i z6z18rW8Jn-c@JJ$v>BQ8l6etAJk3&?=8kMpO9BrI=06+!4Q2#MzFQS~kFjR4DjwT1 zT~w!~ODD&Kh7Df`pgwb>+3@oZ%1DK6_*IkUQEyM%;9(RkHXRSxwn4 z)MPE?{=eaQd&u6j`oiwJ7}q6XFPV2b%edW~KC&;~l5MoBiePCheq{lZ`Z&?^_3`c9 zjaB?S&u+1GteYfls{z0}QF-j-~Ly z9E%Ab7D$;Z*f0wmC9;b;2_Z+`44Bf`OftL!7(W|hi=!J)oby+=E&mqY|GhV?Q6ZR> zKTtpV!cB*1`!?w%P3>wx$~}OEIy+Zj4x4d>GH7sN<=u24@Sg+aTcg+t{s6g8HJcWV zmEXeeZvL&0QtjB&=3_DVPxLj^nn=Zqo3SPJYj2j?rV3XL8~2VHxq!pXogth+ha_Gv zvl}zL?J+Iw&N4&S1Fve@WQgSF)E&IY04ZJpvMsDAC15wwP8;|37nMN$PF&nhiP&!} zg1pRWC$742iL?GgA$3IspL|euV?4XfAwUdJB(quI(LZYiBhQo(FB?aTj=1xBNORwZ z0Xwn%KRpuv#6ELZN51;JiZ4=_cR?|WW-y$TBtLAH_rF?f1Mgrty?S)z1b=Nt-R5U% zufis1?!VXY_`61m{Pd>r`78PqQz`q)K=-uZuBcmtT!NAzUsh+P6TOOs0&2R)WA_~^ zRhmsac750Tqo?7ndzm$R^-CxprhIKV*;w|8!&V%m-$(n20UyOH1`)a&%$y!iAs_y1 z>|;fjuQDhH6MZHG(l2{mMM9E7u7SElYNi{af^Ek%!Xdu?1t#t-69{;Hf5;#7t-t6E znv_Af)qlU zIFXp}yL(;jmF3pgerQpP#iNqn;&l2-pKIA1-1|MrhUe$3yoy`2Q6Y&Y5TYh|DTiy| zGd0d7xW2%!r+wtjI@F~@rpAYmrN@aQaxPteor+qH@-OM3!bFo=ZxM{94Dd6Xxs4Rj3-2G@9=Okc+L)jJM-^dEOaZ|#JTk`tktDchP=>M36fZmJ*tk40d zbX#5X6B`YBcSBTQ4NttG7f|@Y9QO-|93O9Yf^bB5khw_`Q?4V-oj_wwqjwU{a&u?m!>{QfGj8sMOAPn%*!{(wddG?=EFR< zaVE>{t4f?eWutW~jorJcCMemNx!2G)@DtMk;!t>ZZN(nH)-SLit6ch}v_h-95xc2A zHJ9#_*fFaG`LP3XT!rzjR)YCf5+{92I}5FMosi5?D-{ni7@as+pOVACmyr`H`V;!C z7uuJSc>5FLpjUdw_Z1Cn+qwPjKTF2W{7QVJS?T4`?uhjYmIiiKE9a*!{rvcrO8N}6 z)hp-Y{lTLM)qeXr{LyIqqz@EwCcWH3Y)Xg7ZFRfD8!A_(^S_G>ByQ)PQRkXn2mWLC z!~s4F^xDoHpw861d$5C$7^lcT_*w@YT(DFw#gKk4P$8UW6X~tC4L|jMQHc`uzeW~xGVzX z2lD-!CPNZj9j#|02xPao&?+eu$=KxoSIwJ!xh!Tb%8Kucc5D*m&9at&XxVH)LZz zz>Gqn*o=+ztWYQbLZQ$VAU#cUw&AM)?J;O!YOTMww?`AVwziU!lQlIpZEbC78W8RBDA%&qoSflMn*n;`sC;5_x$;D7>09mbLZ#hm6etG`S}M22XEZCVPs?! z6ciL59v&MTd;0Wg002IJ{@m2mBqb%~?d?4=G2!LqRajW4pr8PPpsucNXJ@CoySuZq zb4yFhlP6DPWo1oGO+S42aN@*?ot>STnVI(X_BU_dR8&-ymX;P57yAI>v^fjI#(Idg z|Ceu{>@OzCV?)Qpm-Fu!yUzQXN3=Dz4w`>md2m%>-wt(eFFIy19wD#gPkH&+Ghs9* z;mJ`kI@;p=7gwV}#N+;(W!6TpMftghQbqQxof0RfeEItpTpzW6#by{kYOl?4 zc+N0(jn&)>@#p9}#59JNl0V=H`90t~z6(i-gQ5sTcEjixLqM)A$$}F=F5H8Y0R&1D z{cjIdiGW{&c6m)OXc7Tlz))SPqrXk+N{fIXHS~!%xUaXe&Tmfj9s~f6M#=}s6KA&` zXa2C6z1%fo`ZOCvlgjeE*mXjJ;wz$GEz8Lb7yg`|8UHyIwDY`csl!VBmRAzKgO*`V^7A@??iWucCvOsyhMTp~0>p8{c`bX2})-CwHvWqzJ% zIhn5*dUtVq;kyoiD1rx3e%4Sas)hza=`fV4&a#(VCJ!F)5IFDa-p)g~$0rQlKy1)g z9+6f!8W|BHCe%W!%oU~Nho8l^Wcmw_)42vnl5%*+*HER*RN2r&q()BE*osXvnpxo? z8^8Z|K*yo*Zq=mP1VY(wH_hM(5>L`KwbL=_lNx`9Um+J-hdv>*g+^ZJFKxT}=I~K! zlRxCdm=b`r*l3@6(Kh-Obu;Poej7CGnd0SL6n*zrhD=ghW1(qV-+EAvtmE5oNU^4a zg`|SY=sFrse43@9y+~3Klh=ZaKR)29L=TycNDZ~(YwLV_M8Wd#b~~8=Ci|C$a~^cz zC-0L`hguA~mt-#6yG4Z&$1JGKjftjGbRzdZnI8lX^?$YM$YuOPMopX2mife}Z-2K( z#EW(|RiP=#<()$a@eERIdaf&g$lqF)?f_M7H4>&R=t24Lc1_rh?A3mvt@!iLuu`(j zYbj2kkc%vu13N~RdEQTExP$*ul57si()BsB9}fL913H~^ZYPjI z-GJ4((i%UhrW{`=E>6aRtKrettA^TZ->fs{vJmz4J}rc2iTh+Xlm>4F)%DlD5C#p3 z=m5T(hE$&(n@jt~oGtL+WkEajk{;)&o~{N(@C`j`7$9G+00;%U% zWq(huwn#S6k)=Y%qZ=Z)623CVzt@cV$*QyMKIlmm2gTNpYmb(+KNYk)qrG&aWMkga zd(n56zE~hd&b9D((MS+#(Z}MKI#W)qXhY}r^doNFG$bDgxA=VG3af3pa~1Hci+o#e2~NsvXO{B03xFW_Z`?4zOR_9&j)6j zqA(?$Px## za3VH8LDB&P2HzS$eIObkD3fvwAdpnf0UV~;$Izm403@O(fW*QO;4A`q0AVopAYvf` z0!^R)vuTx7=#$^15fnHV~9;YNEM!O%AF5Pe93H6ymgk! zTivnbgZ_x>OZk;@`PkM=8M%h;kZtZ|(D~{#y6l#_C!4kbc3VjJPsIIy19tq4NBoDW z;$Nbve|a|kL(}aqOTs@S|4WlaCXH(_tyeV?T1K`|y8Z~B%!#fhTj-45gN}hioI04W zvpN#ED<+^Qa0!!3Zj`|#Lp7rR|A1mL11*moyiJt|y7Q44$^UXD|2Cgq@+0dymf`u` z-R$B*uhhmYW}LWES^qlFd9))9=kk~ri3ibr!XPISdIms*L5pbE2%z)e0HR=R84}C^ z6zfBH66!ff(t~pT&w)?Hz;;z_DbMgd@Q}RxmXR66y#J!t8u8M5I2Y#jFpW84#YN8B zT`*agszlI8i=zCN@i{1HaAeAwK~_?+%f@G+VNg$(b4`4v>rP!;?^G^9H;AQ6PKdMC! z7C+|`jJZ)tf^5z^k@MBTR}Wt=4^~Y~&pHnmPYZ)S<8!4^0r{bQj7{sC1;5@f9(a5x zZrwn}5Q*o?R?_8KwwKJpy6+=hexKg@MSE@L!;_v?TPWZ8vKUvE|2vdB8#SHk`r_s# z`nzijDi7iY;g+cN`&egA;M~oC^$x!bFX@Yc`SIG&Wb@!7@wZrpruARyKhaA8_Wfp; z6=*Rcv%X}Un@z)t?4w?E9c(uQNlLXp6)%RI@axsM0F}OJ76yZ#yqC=U16Xd~c_6?+ zHe!xD#K-n{vG95~Y~4%)^oYOu?SWcH%0l|Gm-V5%){vo^o@>2_NZsehQvx~27rwV2 zJf9nNT|C4o<_H+pcI+g8do=G}TR2mwVg&^~uVpH<9TE9Z=B=49MFSzTvBIu+0NZd6aa z4^zDvku&e9-oWqd)WsTA>5gw%duc=A0y+zsQvI*t%puiu1JaEUU%R+^|I*K72bZ-9g^F4!)vXlHUJC9#au!uw*=>fH%rAJN=$KAE2Vy1h-Vq zg_lNcB0f8&Cm)M_v)s|1I<@i4JsF8tsUI-jt+^eQ#7fGj;ZI9_9J#8{-?8?}yY8Y_ zCthMu?WUkNM4QL+`=(CgmJCRiS;K)CuBQ&=YaQgnCG`pzDV2(Yl|8?m69Yf?4q|>k z`|Y%RsWuU$67HPqKf{SnjH2e{NS<+lnDaRIi5&^vJDz+s<^a~?x>ltE%lfie(eSm8 zn?gfh9UBh6Jr}1?1WSB;7l-e{B^DTGAxXj`@Tqh`!U#>vz>Zd~Yzzv|@ic)ri%o}h zD@$(*DPnZK;lXiNk4a^v+Kw5>h!ii)32=1Ab~W`K9p@#<7(k!Oq^EhwG8DbJ1g{Iq zshz@~oq({+U41oh&I3}lxfjK!cmJF2i5Vtx8I1UUP;KT+JqslpFbYe0xL~wPUsPtH zM>qLI$z`etalZ+%6d7gL)A2uYoG#xlKyUAWL`5_K54MhbK({ZyLR9k&Pli7J+2fGD z!|bVK1?tlHlroMbzk}EZa6;Y-=iILHxiD(8=NdtYZ+hToEeFWD9+R_DS{>+Xf;>Q<`)L(lnDV>owkvd=TdhM`B*%()&vdh663tG zV~_Y2m;qOW!7lN`qTpIM(cJSWIJ4s{KxG?dU}~J9_aPsx*uSTRR^=osY{JOD`8o1) zJHV%Yq+ulD%4>lE#xmV3`iF`rhv0tk1#r{|@|dgwnr_ngEHWXjy(w}|*IF?HOl1aw zXrb>YpQ*c#{j5ki<{oWchJy$}{LUdz#0MOUH>qGAJruyg`o-VxUNZc%h34a5=fo(v zPqwzXcJ$%awOHxgmil~#T+=mC@E(mX|5@l}{Ap;ZW;=6_dEoJMq|q73!-eN=M{BM) zQYP@vv=wDiAiEDD=@tr}N{qMi84xYE0Zn4j>s}2EX$nr|I=fHDL>5;w{hPf@D(<=p z&BcxU5!FFpzQg42f`7gNDNka^E=I>7zm4rY>xdm`q>P{D`w&8q!`UtCs>(Kj z2Peb-A??L9_H&by>dHiQ$6!b^KkVt+_`aVa5!Jxy=6m6z3A!l#BigE7vWP^(ieQwF z9xomYLsZKN1SDFfcs9PzFO#wywzDqjbA z%iXHsPcqF8Rte8Zgns20D&W`g;7j_%o7=Vffr?9xP9}(U)eGElsh5|!S9+H}+!Tqe zSs9oLFJj77G}oETzHB&&s@Z}Og4j~v4M^R9GtXRl*%eyz{uuUkzZJ0 zelINUG9FYE`%U<;q!1%s+TiPiA(h329G*8@ta^|@9!*L+7VDWy<-t&e`ufsecta== zOpn+-7~EDJ^DQ8-lm24bIO0P6Uc$)6dh-N~HKr(+1IXuhk~gbW*mcPGp#*zv_p2(^ zZIsrm{&ZBKHzbVDHRPo$xLeev;J{DbO%@&YcQ94hgVSH* z<)V#WNS~<^??f4JI%WC~t~DQHp;nZzycDN5-3zIIyEnA{d$|6_6SzXkEATo?L3>>4 zN=Z+vPXGEotM0F_OjL3&PVH)X4JwGgx_xcj>uoNJW51-pPr)?dyV;Zz(VwoZx+L|k ze~W94oQuAu(S5Dx_ir0V)?uCAe1-d^fa#N#$M(|OI!s<;aUWhCFQBa0ZIHWdZdpyh zO!nz>UbClW&mq-ch(a%yj|6|I$}`&$-D)lk(#fgoe^XWeF<{&@vR7?3h=jWb@7O$d z0VG~5q|en?rdkg)=UcKQF=yA0&qsR~cDS&QXZsH>HMbqdP^n|j+Sz!>t^EAK)P~l< zY?0$Zr6j`L@NND)?@`&;X@KLHMUna8m~36JBMcbR=h|MZU%d(k)RCk1>Jt5bg_J(@e(y; z89Wh#+j$4EI$9j>eOenE%&tOSurj zsk{X8V-rvC$#+#5A~>^=c8>tahT%G}BwS28$f@BZ%O{4XvfoHA3R@1p5*j z9R-JC(nUFe+N^&>c>s<;HAA6TH1vN-N!_>YSNX*SOLp{U918L<)k}EPmu)6dEGb2? z(ti}4wYPuZ%yxHk<`{izp#5VtQhJzUCpIGJAwW0(2T!4dj~sNu%GIOr`u5U+h5KO%dueli(V}v zbo8}@)tbT9jg7n~u4nKNp6&a(S`eC>={F=vypp~B_BEREdQXUHG@5bU`D?!e51~#a zcu}A3_4bR^4b~z5{?iV8E7`R+@0Xv*nLXarIw~_d61)&T9#6NeI``U1KU6E6@cwC_ z;`>s$dTC-d{A59!AA<%-a3~D^d1(Jn?nb$_rE8L25;4@3Gd-t@r-=GaXJY-e*>XgM z&(nL9ul;^nOy|z{Sdo7%|2<)0vz4$jk@@ZNGMNBGLEb96SEjUTvy1eYiokV&y_*g)XKa8t}<4-0EZk5i-y_Ge;< z25g*YaL`I;MFnckqg}k4Sc%4rAT|~frOz`kY1u=0<2`zr379`SnL>tiRqKqX^c2{ zF*-?_O6)pWlfN|(&}c~#6pku0f^JM^dPB-ar$#VT`PMoToCrn(O+`O0@ROxm>#vhm zVqJ1*(Wn{lKy#P$Jf%|4 zf*8U~Bl#m2TAe#>b z8y?Epsy@A63KV|Z5niV2=FFxO>%x0g=^;$PD(ury(y5Vq!$UrsD8y0m!{H?%=&j9E zZm$&j-JruJ7hy}MqJLqLwuoXK;iC;Pka|ffDP9fdPXGDnQOtp_CO3FPgYJ8x-kqMr zS;z&$CIufJ(jqr%g1l-OJN;SC%sN?e+jmMQxH;M?;^H;fbuKjOl9!&jK=N*aWWz|6 zM%$*dju95Z_nXf07#OCN9865-4aHq1+%vu^)VQPs>M|hB$pMhCU}TLD>+N>Nu@ldi zO-V%aXc-yWyg0W_tv>2%RDYdB?PT|xTs8|Jry zC!WMADzTA{a*_EDGLu@KJZGcM{cJMs(v(BD*#8)J6-_Xljp@i~k0HSd7rnwmO{(l{ z8u({0Ju8h~YSP!QqRtGJZMnXO^c-wQU>HmI=vNg&9Di)sFlD{nt0AxyTy?^p0hzpe zm>o@wtMZ}P7+zPFeOVe?K6I-8gKT)q#ft)f7Od~0*2+TV@j|KHu*st3uEaEgb(ODL zCr|y!ZUqcA%>vTn1{e@MgeK&`5}@#ZczgdUg_%htn9~xXWio|COZC5SymE@295aa$ z#@ye|py%Q$QpzJF>@*s_UOd0 zt>%l}GpMJ!zhKsseQPt~kt{j8^9;C`k%~tRnRC9*GmH&(yM^R+H>fF{Mai6!1L^hU zeUz?#Hsd}blpV{bZSs+gx_i~nmK3H0S4vQ$MTXSr1#x%;M0CkZwigSe;OC;nz1acDybb_ZwEPzyIs~Wn>Bx$ z?ZBfg@{6Cm5XFp8zJ@ieN9oM;o~?AhkmnFy=HO?3=MjK2kX8A#be!3(x7(tgF}I0|$*om~#kqpDtKiG}H4i0wvlqf)e69be7i5 z>mhkM5*i{8`7`#bcmMjD&?p+xGF(X=cb$7nXP2s+{;J#aj7!s=~0`|$8b%G@gYz+!czFqmCyM8vDy$p zfS*<>A`-+#M$0Zb9H$k4Cxz$$Akz75UaA2C*&25#4?2$|T~77TCtZ0|#H)YgLc(Fy zZ;ISa)`vI&pWvsDaru-4F`>~b@3lIJCrRBYB+8B@oP^3N=vxv)wZAfPQfEM1cx;v1 zQOa@mi*^D0=SEgqu{qf%e6TTCBE(8WE_8QX%7Fx3mtH*}En~>N_ zo8%G$4IoAnGkcBO{srdKD7*Nl+O>=}Z^kxW94lOX5enq$f1;Ji>w`5Xa#6V zFk}6!**Np>KG#6H{S|kkwepsIwt-;pil{CIJjkFBX}Y0sk+wah&s#VdsnWcI-i^j!Qs#Njx;)QrDpBZ8;j}sZC30mRwEV0A{P?;%6&jP#X^{}QTW=AoeK~F zB@<82vLwyWYWi_=+c@V$B9N=COej0PMq?IY{ke=_36qEeL${qr#Wx?(?DD7rsHj8I zB#ch)*1P~FUVMUPD&*mZ4vuBqvC`Txfw1Z8-wFChh@F2?An z`p`zZthhdl_BJ+ckw`>ePD={K#8=g1idZTzV@$I3Kr>X_X6@(Y1s>D|f*jtrgt)6~ zAHW?+KxH5By@UR_MNk+*_%^Mj*UWI|;#0P8!fDQzF3!G7A^f{<1$hqwA`L=eEeZ=u zdnP-N2`loLqZO(7u4}0uv0jC%Q?T7~*Vw_mahN`#;G`pJ5j|l%>zG)5FCb)2D_jm} z($L>Eil6%EhVpvt7)~#+A!)cTII^YUB}U%gkC;5qU!xJ0eP=dPLGND5wGBBlO8`1VYM>Q#dr*c# zVRD+5=;R>JsnHVn3Djz%j^S8se(RNczDZKy1Us4os7n!2Q3~W;jlxi$@dJ2JcwC5! ze8@BxZdqPi!ZN`yb7*n4kzOu`xP`Irjr#3uiYkh^{NVO5u27(DWwsp#Ef^6LKnDTZ z5b8e&4*hQ&H*5}p@ddJ05YW<#?ZTjU>=b2+)R!=5Zl^neB-E{cwUPAl^K|yZ-gB-s=bG)e=2&B|B*4m;k&c%R0)a4^ni$wX zAXESZLZ(AQK^k#p>D4EF)&UEY;raPFiG;)9_wL;j78bsB>(Cc^tgJynK?4H=9UUD| zD0Fsq*4^D5i9||EOV`%cGBGhtPEP9R=tM?F($mwwdi6?FRCIlP-PYFj`1m+BHZ~(8 zIs4H zbC??Fp~5CM2=ZnWZtO$LHOfFZUV5u#f=wsI`58CYY(%;3k3BA&!K11B7XLWz)|S>(;lort4?)X^r8Ot)n_5J_-x0fu@>{Z|YL8tnT1J^!O3=i^N~FY03C(ia9tgv-fB=*r)+ zCIBQkv{=9!mqEMf9qv|UJqk35MktRuRPY7JxTvH_n zexD@wQ=sa?0qa&)(Wlvq#GFIR6a(pH!KqR!Y{CVSi{vC1TPghPyYii&^}_b0WT?78 z;P?a$?V~Cn=BxiYFRo@MBxaV{V_z#CR9eK}p#TLDjEdu|dTF%kwfnIJRG`lSR^@?A z+S6>EK-#=!u|B3LmGtEV_A)k5irV$;&DXwwL7z(qMl!#r-MQ5G8-#S}SSPMZO$dkS z2PR^Uy7hI6<>#~1UzEc;tm)O4ZU2tY5$s~y%pzVZS6w)lVg~f1dGFPD#_)37v&utA zr_{H|BMfa2mVapb%@kC-D?c@x*G`&_96eJ6nHkTBt>(}8`#8fT8T>YhJDmk7fAtu3 z$7>M&H0p(0zp=T64KAAtHIk&#IehYs!L`|m=F3W&cmw>r5nBDitd?9>22yl>BK;?B zQ-+7wgwosU*xU^NhpdA9gzj`u9<+< z!^MF;Yda`WTe0+YlLSBEPj-tVu-Ocj;$0^~{uV?4T=#_D6WLA4iCwyHMpv$>DfF!v zFu9VnV`HnCs73tx-RyV>2Qn46eqA<$1mC~rRCyX1`gAf}3Dj#@y|KMZ5K*jLm{Q`X zB%zN2r8*ZSYt+{tFYH{pN1R!5)eg&Q*IF@g0lGJp#vF4X>&s#fk38O~f&5IW5WnS# zN<+O+YcpbHL-Chl8xts4{bTo9|brtT_?Z~AD+;~@~Zq3`^MZmg)2HP z6A&=a$!|@AAcQbvMOZ?q8>au5z6m$1`Z5%qZ6if3t1&;N&`pvfRKQCK z9S<_pLN>&&`DaDAecH)&^^3wXg-+TB6%i~Enq+=7K)ZE_%GYO~uPT6_9uGk9+f>+| zK^njzZcx32ie>{;P1N(X!$TYIuP6J5a5eDI~bRC)WR8$aa>jLdHKxW!KGl-BsoKA0m9+WPlye=Bl|YbT-+zu z6np(XkZ%C769Z2_&)sqREnuF}ofe$k0Isl0JFSKU*GUxUR##7dF1De`$m(=2!}uhCCd8==j{VV^g#KdA-zRZw3U8u#?~@?QIJQlhGvyA$H{u_|b0) zu*?`@_Y#8t|LKAlIxH_QLR6a^G@}9-8L>|;k)g`T!2~E^ngPMvkfHSdN0wWT(WoiQ z!-rlz+;)w2dPgEFF0ZwGCr33be(!erd)#d`_1vBZafMy`-8NN}kWr;iCCtD^VnRZ~ zejo~&KF1M0xzkeb^``K&1E?N39h;o5AzkZ2Hxf{6A$@%XYK}X zP4{I*Jjhj?Y%UZIKNcU|((TJSIpTXg*tTC$v9G4cZ_V{5vo@m1;AFEeLfhq|Wsi1| z%r}_%br)~JNlaG*cAzH;&3*DKs#%KnYKQoIX9fhpnTa4 zB>bURl z%}+UH#QxmFGtssu*?&raDHp*ZN;F-kK0vD!gGFz{P~?^Z;0-NG41$dY&dsbR`rnwg zW<^yRcx6-8d$44x=%uknLn-xKOqPWoS9-|l0rZDur_JVAV}Q%dq4Noc}!pgf zQiFXFTDn>0=cJnyz+xc-4i*xf%#{0Ex#UvGtb^#_ERH+6Y~iEq=B@?zRRkDFJXf3I ziKNVRE+l0(tzS{%^rIujYkWbPBD!aq_4OYM3Gnqu z?>;xPJ1ckRM}Z@%Q5Lu}7o+BdOekivy6n)l$eQo<`g!5^3?;BCl6!}@Qx1AGqzI-#bPF23h zzn~b9&8YtqtCAo;Q$w-`c|eV6EMmOu`#=SD0~kNt>$m9juQA-YLz4Q1)wpi2)2o%5 zbc37XVjVNyz3ue&>`HS&R2Bsjyy;pv{N1$JLlN$Wz_>88`(#BVcPBzh7(KChdp35L zH3G=5f56?nQ*kgdN!=L9!-5Lsu1$1f2=cZ7rfOqioqvsgd~4-R@thW(BC}zK>ZNee zCs}RJ!G`d3Mv#i(EJigNcs4Ws5iLWKqKDISEKdYv&)I67VHIji_hR<6sDp_I{oa7) zAT-GFctsuLGA^Hs?P>U2eInU8q3a8n8*{ayd)m1lO+2oTlFP#0k*a^xv?L2gsK5dT zp>-r3WpL1}gXww%CC0Ik7^ivkaY8o`(8V~VlpfQN+}g}PsAH}pNm=)>sMnlOVlbRe zgU}juZA>6kd4Xx_Iv1s$XtNUYWiXuRxw8Dp8t8vCK|QgCA+dL>Qw@rQv5wME)`ZD&&v!9=C>?}32Om45f}vFIb3UQMd_Nvp8bdeRBr?r0a?G)#L9{Agk&k+t``j-Dw*$0c)MLw|l>>Omif; zBML8TPTe}EGyD7kvFX0af51|b6rSZUwP^BjWTNfJq$1g&<0+TqXulNIR=NMCt4Gh+ znc+ySye!IL@C#|%^#@-vEAK(;OV*B^EfLQDntoy+Wx&Ix__=uZKNQ-_aq$}=lKvMD z;m7Es^INumYspBlEup>|UhJ-ytU9Gv0YCIEMWd6?V+Cn4IyAx++wPm%;D%J?BgvHL+2Wu}K zZ=E}#ovt@8R8&0Qi>Z%liS7BxL8*sfaDNfBIb$!D{l?mA!$9mNi?;G3*h^29mviMs z1r=?`tfGa2iK2-QvJE@60d~O#wrj3{)SRkNAV78Ne7HhHfCgT@FpEtuQl4qp`wewH zQwN*R&0(nSk=6}C%hD;67gepOTUIQ(x3-kZp1yt8#qkOZGuKcw9Nl(a_;OfVDZ)9W zC7wNUI2fn9QT)qk!U>kJvd~N=38PBB0+TC(!=DL>lXcYYM`=D}OOzsOlFSt`l`TirCl7+^S)_`QmC`rSc_ksj8j>i z5x9Hlr#nyd*$^kqpVe*@^t;_X@o{~6Ii23lNj)ms11)v{;mb6VOyOJe#nQ5y0M#ln z=@Ork)n4$MM0$r63(V7EtfPdH(x*DClI<{fc9Ad&<7({3RVs?oNgCp$sSoH;o)~qF z%Zp|eW|S53n5}<6?wo}k4X2vi?G{cRP-MHn1}~4P;h@7>(qNoJSm3%$g`r0hKX*UZp$y{IvyhescR8oaik7f%8zCWMo#=jM|lO{ zP4^DtQM^-KQ8Q^}Gf}yK3#fsthdftPL%L8%&nDRS$Fx$LJ!yT*Z;-{H<#vt;n0#94 zKn@eoqaUneJV{>Jhah}A`S-ups=aT_#>9CNuN9Yy5_DjpagE`ffp_ElbYvtj)klu< zPMHm@@kcj&a3K|Jbuq`Rvw~^G^X3$*ndx$iE($ls%@T#8orN)M5Y650UfLmifM@q_ zNrH+i#NQ13ws7RY;}K~T_~tRt`>6Ml0VZs4$p#^orU<4UScn7#Epgpj5 zqBfBJ^|nP=J!GGt6Aj~e>nCb(Cs54B1u7(>W>8yGtc`;7Pk*YR8p@@&JH4tubMBQ% z%>VKUinQZb2^W_d{wSWe>u`y)^lvBosdY1?@yP4rDGI4m`Q7Y}(BU%6x3YNnkCC>K z+91&~E;u8Z*4lo`;kzJ-a#oiH$ixF2dE!X`)RAAANreR-9o3b*!ATb{bk|X$==*B* zB*h<@X(S^?i9woR?!h)9jS9XUta8|j5`GmAmlzbQGn5jH1@s})tJxNT*D6lnSB%I! zTyc0F58vH?lBr@S_`WT0y-|(tw4l;!Wn2DTyq^IoMLcn!4oG@1p*ay+u19$KA*`h< zlcmxg3B`%+LAZR&hR&`aN4XGt9QXpgTqAyJV^C~|(xCM;bR<7~cew%B(Mzjw?-m)Aqi8HAKf_d!|$*Ni59l0FvO+@I2@a?nbad_G24Ji~CdkViTD1E3SuQXFS(ElRQ18r}4A=Bqf29-P?+z@X@%X1IC`aECY89A)j za?0iAM=Q{ktH0GGR!G!a4Tk%-Y%}a z0l6uAcV&JPIqEYXj*rJL`Io+?ZtH9@df(lpgWYLO`j4nwzVTj)tn<-FP7R90=%J-i z_GAQ!Cdg!Me2=S^E7-{}fxa)sDQ)129>>ulIp*F}0$fe^T}lUq_g}ey$cC(!oOrL~ zq1P)0y>s^!?olOCdf6fCol|wQ73nbP(c72tX@!=w%0H$kG`?`cDp{t8lK}2rpkZL`ljT-@^Vg%8Cp?>u2P#WcjGbgu&<5V7ynQeBTjnZL~5m#Dzo&5nY;NziF zJUpm29GBd2KkmpAN-W=U?B93m7}4Ymz!eCQY&Fr!qG&r}^T;N%d=&u{%L>E)HRMe)l+3`Y zegt;@L}xrpR$JA0c#8{9^EmRIWe1C(tC;P`v=-B|Q0CfXpn!STa$ur`0rI{3TKekT zW~mJ1!}l@uAm(>v9m$ zUv8!P1mV8t8dRP&oI*?q1JjN1@Xv0pxaH)`OxY~6%jqmD zU(6n;OPO|WKp3B~G31nqczQArHvwtY-puUh0n;yKPo73dR!$?Qul(>xmpFtG#z>SWbc)zOha|S!Z(HPP)n*^nG{klF9h zc&96~bm7o%OwQDNIE8D8a^SW&VlQAPmd@)+~3b`0l1QvV?CaG7K4wKKG)Hl>eU!&^nr1opDjA%mUfR; zhv+~de_MXuS};6(Z;ES>&o8Eo;WGvq{sXVc48sR$LD5y|s~dslkG#}wOQRYsx0YOn zA0Hn6ku$k8yl-08Mqp`UZG=wy8f1+8{Ua=8YGe20NlhMQKqf^Y3IAcEM-Sus>4-6; z!_534vbbM>QPqi4x668Fe1RUr!}O3IbMr&2xD#~-edN`t?x5TKU>y0xj2X@r^o8 ztKULD7zO3^eT`2zx-~s)d`(7_K;h$H%?1XTfmFftE;c;Q3jgkuJKJ9Rej)F=8Y3!d zLl0(uW5Z4}k8QxdyQE_XOVam%0O>XJV%}FVr`wt%PcA!pznGP3u0n$TSZuj_wsMY> zIQ3TyRb0L zHE2*xC-(HeVufStB9NrrsEPEXz^q1;0DWcZ^)f&2^lzm*NMBegU?R(&~RP(&qMEuf~AL%&M zrI8%%k1P*KX4H`!62_3d4|8`DY@#^uxUV-oS-rQUKgEX!am|=TTEb6-*qfzwm+~fW zl_iJsy^7p6Ox=EOIk&I;vdrq(Lm)KR8fsRd>Va*I$`#Ol+eyd@tGC_9e{|ma&c`H3 zc=7XvmOIny3pFy|f84>>3EVW_GY11rdeu45Ppa^umeyTks}BJ7?~87lwmMuX1UwuP=7 ztW>AHk8v`qM8aY@cFclNmz_Sqe9E6g`)3R~e9?DGN#1C$iiKx~d$@62F?8GTH+`DV z%3wD_?%V`AFx*19w%y_St8C?Te!h73V5h|Hlf?2D*4R>*Efunjlq(4PK#gZl61q`27vUZ-=(&XYVMAI&J z!gTsAZbBe&FBSzePZ_&<*+!IG^6DGQ?GtO`)SS#3+=VU=@7nLdFjXzN_G`&a9if{n z7a7-AtlNYs>#wwn)1v^cMcVbkP-?vdY&!KmiwooW;7$sSp8t=#ZZULzGCSByms*$= zD2cZp@cpAXH&C4jBXlyZkTh%ase_wC`K!iP&nwmvWuU?0+EP|lt`{IE+#x#B*d7;lM1qxq7iTrxfPqD*~&`yuB z_N*uvN>BR9f0LE9<=t2Dx3L0r_f$49SQ*mAQ$V{FC58yCr(L3~Cqp-01}$MI%3w<| zUr}_ysG(CD)~4i&Q%5cpQR0;Wu%lrq#e$;Sy(zbox&EUDd&!x}>yC{yy5RfS;f-Z; zydfa@-5>AXi#}S_7!?8ww}naX9CM&l95kna)8MhWrhuA literal 0 HcmV?d00001 diff --git a/assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke-mitm.png b/assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke-mitm.png new file mode 100644 index 0000000000000000000000000000000000000000..8943416043e2f8232d49b0e5da346ec6d285f1ac GIT binary patch literal 16836 zcmeIZWmKC%7cdy0xRv5ig1Zzi5~QV&Qmj~U_hO}3a423RNO5T??%qO?B8A`-m*T-a z!HaF6@4Nf$Is0eNerL~~Js)}UWS+Tx=iZq+WD@yW6--7z|qmsw6rt^1_oDG*SWblV`Jlmg@yY1`uO+5S}Wo2w^?8wN- z!NEaHOw9B1b9{V!Qc}{*&CT82T{bqhlamvBdwUBD3mY379UUDc5?Nhc-PhMgMMag9 zlOrc52Z2CDL_`Dx1P%@kii(Q3xVV1*{#{yH`uOqVwzjtB=4LT5vDdF(`}z4zPfrI2 z2QMuxNlHqttgIv@CFSSmkB^TxHa2EwXG5XT+S=N8@7{%mhB7fR?Y~ff0|2r~iZ7mN zL1uSnB#EA>Qz?wxMup(M{{1lJIr~?#$RYb1xC{0>HyUw!Li49hD9`*~{N42O`%O@m z&KCf@PkR0u5{6%kHd4q|s`j?f7^kotp>K{e^;V~6BXQhzvqoO?KJ|JaAv$QQ$4lxJ zvM4n?^V)a1>8zkG34ph>0eB>v^C>0$OAz2$!lP$j11G`c^b>!te+~`Wk8rqoOL}&T zc?JZOTlLGB4YT;XxzcK_0kKzFfnEjVPJ|wVvkLvRRN`453?$%gkv5pNC?Lb5!JMBK zeY<{exm9<&2|6e6<;iS;_C|1fHO~vMHjoNPAxO6A=hbW!o}2XcNaCPxz6Hbbe)|H^+JW^ReSY@e82q`;_*J~$u6* zvV;HrQuG=*h^GL-6h>$^X67^xJ+@0clOHk20U2x5YJx6PZBzzx8@L3DM z8}lYEd`~siKmFr(O=k*P{oqW zGVq3k^+R^I)d{SRRU4RZ1KTP&bS}xZ3TTwCXNlIW0a`_i9j>G;<*8h$SQ&hvwND_t zWU^|=9D{fw;+)#Nt7kbzMA^-nf{ zZQngHeRlVdfdc}v+)wp3F-$WQ2#x~06iYQsJY=5S`{s|}Bm5aY#=M*HlfiNoqXX`K zdvQ9%g}#k5mYw4UH54|g#!kaY(O8JSEn?rc)2*3JbNjAb%b$vimw1AMi35&^;Ate* zZQn+03i z?6Hk!;kkM8Wp^ryyhoC^{e|$vZ4_xP__2V)EJwx)Hc~$HP{b&m`-?q}vQKkgE>)Ka zuKR`xKq}h&Kf;EPikHj_kiM*Q;9?nT;h$697l|gj|R{1axCni_&(83TB{ySiXKU+RU3QxXv@Y@`}!I)P? z6imSD;ZVi^_W_OCmfXx>cfT&B&f5b&S6-TwSHt?TmpGgkSrCwixGYCMx9~5R#jCf| zg)LwAcoIeAZYIJWco_|57W`_BQrKtEVtU%O!2FyLi8op@x$bEJ7p{ZVdB%Vq6_ryqaC9pULSf| zRF#4@!d>{JiQP${z8{9mwq>g1PlE&e*r5DM#ZNRXMtq4l#mx~#*1gvFn{f_|&)>@c zq0l@uJME1|KA-{O$$sS1Y-HXzcFiTJcP!UoaoV%^Jn4pXG_kRnh8N$zO0v-E*o6SE zuE?zOzKzw;Ys?Ut?n{aE?n0btx|y;0s>-Vg=BO>@yN-SQQ<_t4tBX6RIlrGIvQR*a z;(0<#b)MxZCa)kM3L1P{B3T>hP2d0*)2*;P&~PG-QfJ1rGQXOn{h0&4{#vQlX0^kp>KW))P`Xh8#rELkO`vRr>`L^1 zI|}Oj9#eQMV{^k*h&Co3_=%+&!V~3TR^&>`sNzf7TVtk@sORN&@;!_Fw8y!BM3rBp zD-u_&Fdh0dyQcILmnBBeCUUAgaqWYzLea?!q&~@?D9S^lcq_!5R3-Kp63K9MAgSgq z;L)?t#n&;?+r=EHk=UXs?^SmC4IWdtYnvA^-Sj6pB!?f+IV^T4X0-dfUM> zU`oz$jJyp{(*(1YsXR~3nx884li6Jm+t}T;$bxN*rY%8~v$2v(TEBzpyLGjrhR)!- z1zB_xT7`Nt(372uuiX3Pv1vT`Mn`Vnq7t$sXAEbgZj+jGX19*}hW07`v7alr7}&|x8Ad884YvQ}Wm=th zT=;=s&LGB&n3c^+1T6QkBySx;9#UNNY@e0LAIM7@2eV}j#>xOGtc}FAzfm(V*LcGl zfs0&q`3y>Tp&{~$))KHnX95Fz;ZJ&)y;z{D@gOXwyL$o{NfmK-e+lfhV7R+8dx2g6 zCr+Dj65?P5duezHap3;b=3eO@i_PSXXa-!bISy1GEQWLj`yZnOnCw4BFM$~G_l%gm zt}F|Q9^4uD;KJYu|MO>c$3+yee~%XOmt~g}Gd{VwsN%^CrKQrFx_HNn2D;{x{F{jS0JD7!zb5 zayyf{`NlbY$PI@yKx$5icvYSHKj8h4|Ek|>$l`=jGBG1k56o476s;}~{;Imt7at;}bpxgT~L+$Ss^2`9+ zwN;84$l)K=$^NWloH)SHMmA8~>F4s@%a@q9Ow8cLL!;Z5FQRexe+{f8gDT|j^qCC^Pt_mTS=H|bD#e4MiGFb_WdbIKZ7*I;sxdN9xA;R;AJ)^cn#u{hRGo}HD+zo zvNv3$HKyO@#~iOLJxU!X)PvsHx=9T@d6;10CJ=>FAa9wR5>p~(bZhLse{AzvRz6zV zdtp&)`i1dLv(R`s2F7dUe*u!cTs;ov;XCpb@Fk7+e<7gUpT1JpRQU4-gQ;TC)p4ks zZcJKrBb$~}Y`5V3XdOLIh(+~BGp>yLac$|aKugsFllHu)w^`IS;r z7ED=`Ty~Z%O+Du`#YIR3;}OBnznHRj@{e(#Ql{qgt!Srt$@&H_ z{dkyWNMTuD*b-pld!MIse-fVa1yv%oC^*%jWRKTMa|4*yAGA@D)P5}H`}^!?D>QtE z@4yEYMI*VO^!CrgH5gj2z;b%Ll&=8gJwj`hR^{qUsfnINv`!lc{MkoX-KX{IMGi6= z=hN~}d6~=rE+hiXvm<#1Y zm`@NiCc$J~h`wB7Y6WV}_~$*u$7kZBm%Y2ZbRNSpb%n#tTTt{`d~@hvaKaT6A~mFhUF3ujI+B z0H8Jo&PtS*Kg3G3VvYLUYkWE1I364I!Pklz_gHP9FSiY#WYG+}gKI)SD@EPz-Lo9b(WdNFQ*1Rp|r2V)u)UP{iwSw1igK0b2j#a6{K*>TKh|EF;rZ5|dy4)?jWF;C zIP1v%5;ERQVuejvV?}*Ad;WlUf2G=@g`3D;R@3^Wv$#fsGShLM#lY6)ecgdd*jrcW zrO3I*RU3RjS1SUy>oIjH+<;M4C3Ss#kTS;NrYLY@w(QtL z0ZE#N%97NaMNK7dd%t6UEPuNFudo@}e?XkT4bXnNm#&xh^Lsa5nyT9EpZE_)P5&}} z)n(>k`>H=RaRnS<;sJ*o-CG1RH*OVGvLo!&q5WuU^B9?;mG6$XPj?ntY(QSZ%E?l@+bLjZx7twK9|K* z#GrnieQ8jr8Ab#Vky_PmF;J&EwZfvwWCP(rJ8};jMrG{RF(#YlBq@MXqRZ+KGT@@0 z)lB7f2i*G}1%7;WrPDf33e@=lS%1(O0$v_bg&YgYl&-TOp$|93Gal!U{B7Lf$z`ue-H8P(I*?VM3k&5DrBxHmc#X6z^< z7V4C0BTT$wN$rOvKOykOnk;%G=*B-EH<2%v`j<;VJuNCDP!hehvl4`&5Vj&Qx06wq8XMhCtk-82bCD3d#C8Ia)@&TdwDat5<$iVNtgS65C65s4xHRz zK7R1C5(HhJ-ZmOxj(!9T1w*+;dAzx#3g2mfUHPbR_xynUl9KExNivIdy_c|jC*uSG z3^zUf>%Ec31}!@bxRNLjKUR}YNASy-kmGW>A|Wc-1G=M5qEDgE=l0B=-{gcNifV#n z^Rf;7fP>ZU@$RC;+&NfmcSGUP0S{?j83_PpT(-i{&fLY$huwoznpL89ODC7Q*-bMV zCvI0~9~)4n{$*X^b}$kwLf@k?{x2nHMc`NyV|`sf=mg5n?PCGjwtVc|hkSn?R$0_w zwTUq|Z4p}@rG#Idgjv;(zCY96|DQ3aBY}=+m@?W_XtO?st(GXqAaH^We%C-IlANTY zp*lU2oi_A=U{?nt!;Q(4GYoDqF1R*o^u=C5j`=fS*3Yo#5D@qG$6CSj%ufXJDV))k zlKln^cSRAeJ65w(vHTJJ*bTgMD7B}$54*>RE~HGlcK#!}Cd6yaMYZp#(ou;SC%VVH1B$IyK(Z$b}^EK@A@si^&VmZ96~PeWrfc7zb5})t^)6)vlCP-rP=%a zZkaHnP|~;9ITmQQI}6P%IjJfHh3KUcLo)so?;F`LVevNCXJM5iUI&9SR;%bkg3!KS zxvv~fAkpk!r77I)>C1KR8R+$rb^5U`Dn7Mn)0q?j{1#>Rug8aWz&VyjtQL-@87}!R zpF8D{shGdAp{5}e+lydj=n9{>jFsB1aE7N}*%5wMcXh~;W)ri|9axt-mhPnwG+qtH zb1&3eSU)f}+V>#?7P5nW^!otaZ#U;5N)$Dhj>>#qG>pz4G+&(@)~Npa{0psrb{laX zEb^ddU+8Te5p-CREptK-iiQ){4ETbbbnV}w`&-oM(=~(fT^4$DLAlU5)(9U0Z zoOK8&S6Cmm;5i%TKh~muV){nPhz{sSy)@_DjfwPSw0Ld{VG~g6s(T|zwA6Tj)~t$} zcfh#NeI&|9Gas~r2@v=NHE1r$wL%+GqDUc6no7bLF0R z#_5#YTGD@`Y_xFHAmwr52CgYH_lCJUmA=yurQgr7S*tM!=qWujAD&VQFh-=es``kuyowrOY6SOqK<7nw{KQQB+Bbb>8i2& z^t1#oDkK^xtqZijn@k5jr4(Qz>)Bgo=H{}#%g)?;@oQtAk)P-@!bDqX_O zOW5DFNcZ~u%ku{e@^VIe(CX!tbSC>KDpLP=@U4IpY66Gr-uvC9Gr3Sxpoi>ua|0!5f(Cet9rKppz_o$=?t_I z63_Kzk*xzjJXAPe+ZwvJ20BbVfYOx_r94dCDBOH?~CF{0CDmRqAzXFZLHxf8Y4%clNy? ze@5tF0PVEAD3X686#&u=e@EjccyA4)Bll192FcqE(Wzj)LT@Pbo?*LHibHw`)pmkc zGpj2A9Z#<-uv#4UU}<)VGf-iA=9mNJK?_vmxDLZhlFab{uXxORL2O43#oJTYHSL4v zpOY^I+AI2cp_{=v=Fy&vm^ zV{R8 zI6M(G@40+B6svV#7NB09w1ErAoubX9*oj>?;iASW>rkwzeyMtjFJWt&9bT>C0d+0( z`kT4^9~TH2-~%f^Y_;?+t+T_`58jZ4`K1M69YmFOd-#yhm=njDe z+;K#8$C9)6zFe1ugrM4Y0R^!UK9aIT4d-1c5DNPaO6XpzK0Hrp@o|2|^s!Uy1{AeN zVU`?0Nv4-lnt;QEgPW6Js&{a^CtUQY8rzJ@p3=MZRBGLm}t1Z`1PGW96*?t!)~VCaQ#2b*rNuI`0+@of7+fmjRJcoFC&J0LjHko zMpPR|-Q4uW04Pe7)ba9$=zD>vwlLd2t5!x*{~><_Tl{0g0gU;dj6|6Ui@*;+ahFyE zsj7hZ7@_%1nVyH%w5=2&Fx{)xS!=E++(=m5or}!ftUQNYv;~&PiGbg~rW9Ljh%Z#W zkG2+?_wM}rK`|2c`VQ;)r(yC0fOHLx3F8uCHx98Q9ALPdw($NI5r@P-ztpOQ{UC)N zu>cF%fGN?i=aRU91KoBA<5G1Bw=;%~WVB7eQ3Q?7Qe_{OqP|Cyc7&J+ zqQMa4R1Gy-)C;U^^BQ>CXGHL4ZO9EM^ZQlXA_?4~+zpMTQamuj!UQyw2+2%`81eyS zbok4h^9gGn3|Wl$eB$XIss&ZN*h#TpP+z>_z~>8_N8&VCYTrr?CH;qhmVHJiG$tw8 z9nB=@XnJj^M=@KvAKv|n>y7F`o0jjY*<>x#%RB=wgqY5X%i9%~V#omh`+hUdbNo!0 z`B1x@sAnP3lvf7Exl(~nR(!Qd(9^3T?x`SllxNV#2imuYhlXc;V29+w&=xm3V!Fhg z!<5Rd?8Ar>1U^SK|A+GRFTF;*ySUP*u%P_%oa9ViFQoE|SD8NFzU%BjDzCBKy66TVzz-3GeYoMhE$8Bg5q zq3s^dIumxOjhIa*Ih64wDysr?{Dx*4E-;84sTO^zKniK{;Vffi9a^Eq2pv13%*dKd zhMDzHQSvZGlo2L;-~DIY1j;ggr1M)1=^w26&0p7BSs#ym#5l)KhNTj+T*5Zu7r304 zo^)kK>CqAx>1`C88iq67(Uv)MN?LVcK2)sTO)VUl>7#7)bWCar-y;D0;hNuR>gOWB z?9Zj^v{+Q3|C_MoH!$7#CauiI>X!uvD#sD|@3}mFG5$o0NKmFiQGd*=nGg0+K~nVm z-nWdOs}x8MsSNZQxWTf`@QsoABeBwsX}vF1DjRR&X09f7&p=`so25qypc4-r2;F40s3y#qfW`HhFZl0R{J{WFV>rMm8mqTX@k{=sFBDmKjQ zSST|j&OM(vkU4CR>a?9*aDDNeGQU&HOai=_?iW#J%}^N;f=b z%r9NyvIG7ZwQFJnwMsz+7BC!Bx|}RdlJwX~Qz=sYay*yfp94>@8}bb&KKJSLB>tI3 zqOW&EUO$L4$5q`6J8XE~k!#Zd&p3jl3s&!Rgbn`c;~tAna93_(3=SLwfHYvagA#Kk zbr;XluR(WZ&b2G^T>2Ug3v)ZOoyd zFt5vB8C`@t!dvg@rQh=MFl-+p|tRl!qblGk1YIeedYUal2g!&QCkM&M|$&$cn zU3q`#gw8s~#o1gA_&^I;G}a}Vxy+h;5~B^VIlaK_vbEm4avk>4&YHL&lub)!1pP(r zE0iHx?eLgOW%BxwZEn}Y9TX`U(sqoCis-{I!dZbj7(A3O$P3oBxD1hDB0#ep%xkpN zjFtMU^pDiy_qBcVx7`UH>riD$)xSQ0&w-uMBBI2BZb_5%k!$s0NDooiv-||JW{qO4 z6N26>(WACh5JsSiKjnW^=UPVmZglvyFl*vxwUXY99f+?Xw1je;!t693f1!Gm+M%Hx z+tNf(SEw5RRy(HEMIhIa`}5vuALmo zD}0%`Oh58^M#!G}|DZ{iX!3fHuJ4_nv^8nA{=@h*z@FM2G+PFD=dK0$tfwPe!Kej2 z8yETt^1?AZ&GnlFkbA83iOS$CK}s+4`73IuS@w#1lh>-t+>+<=h{;{>_=Z|R2CPR&7LY8 z0{(n2jy@T7Y}V$-ybQd`{|L^wU78RImou#4oHD#rxpVea5eS%w0qEJ7?&;9khLnvT zvNlW`+t9=AMo{bbkJMoy;Gh2(C&857*BLB2zdqybVBc`@ zonhgo`;X%A@HGL+xAw~06SSn#m%AWf7k9h{hy(O*e2-xk{^Rt|yca=zu;m-YdrO}H ze`+ZTK2SuJG&15)4|igxj$C$V{SF`fpI{bL+4DIQ_LC|!@o=*X?$pJEDt<;3Ay=6o z>!WwuHKBzeFiHrId&SGU@@O~&rq%iXq=+tH)^P6`i|4%lMzclcSMhal-ik`YL%jsW` z2@5{taJMvl6BP|_d<#eK^zfhFdOM|?aCrXyj`1S)n#&%>QQHqszL)b@t%r|XIoA<& z9h=%=GTo4}OC&p`li>BHWdfz{u9CrRId&NZD=I~o)zP3sZH6`ot^#Vs^&n(N6gU*5 ziWd_QI3}lXG<2;}xirW;OJH72(Zo``b=}%+_)|?Z6gIU>@R?y5VS(5r7&y^Z3ga*D z5Dc9AV7d+A@t~DcRyzEBVO#No80cBtRi&Gxo{b$27~o!DG*~J>JWn@TB4q*j^8mAg z8e50_mp;GQs_Dq$3EX2^*X*+p-vCf7n|7PD`=-H68-!+iwVhLLpD5`mU-ohFo8#NB zReN(tO(eMRg1DAOs8j9Bw7SI=*OS|e5@3wPM(kebOXEAoFt)Sc;+M>>5mxd>#Cw?( zvOKQFpEQMjvKCs0fWJd~bA|Y)bkDFZey7N0N$M)ILf1Y7=}C|RoEnls&l>o)n>)>| zt^40qUt>8`@!3>tpf->&lfQ8w2@F@iHR^YS>86Y*FA35ONTknb`t2`wd057R>!{kz zMUv-C&c6i-u^oQ)a>&L(#lsU^=r+U+dtG0W+w{!`I-a~ZSaNcgg~I1h9#dOITBV&T z(6GfvT3N!Mo}apeO@O&y=x*A4AarZwG6^IrrcdE^>cpovgqd|*b z3?Esi=2H{|`{4j!X;jG+{i`(qE=47!x1y#*y7R^6UTF3^WKtfr_A4a(2ahs6Fz!+! z39%`{ufute4TG4{M-{^blxZ;%1{!QKRd_0U$^0G9c8A)K9uR`s;i!6l{qu$i(_E}O zy2Ut{gN<8qSDo40U2*vlGB<;X*yrY5Puo3-w)FNC^M>?EC@Vd z_ie2;TbfZA$Xl+R$rtoc?GLyyaJhE5ON^<@jS<^zwBTm!hiueGRH-+3nN>2+PCu^d z0RF0gp&ml>J67nNt0UG_s<+MW=u?8Z%JI+loxcSNR^DQJa$UjiHeD5G!*Bsl5@s+U znvdE5)&>&W@B+$4Thdff1Hzhs#BbUxQVZX`N`&d^yU56Sz=ySf@b6)1wj_T*0-><3 z|FFoF27DOO7L*z_hP5d-q&Pf96#)$ZDC!iC-LPV>6i>MgB9uaX-jps(^{jClwGhkP zMPB2=|4{(YVbrR!@$>RuGHC>XKSIXomy+MhoA8)0sySKod z^!6Nv+x7jb=%*GXwWmt89&fR{3?o4QEqPaVi0-^A9Thw@Y}%OPUnAY&;C|nE{=~=g&!-n;-DX!enivn>jA3Y5I&c%CQ|H*mFh)eG zicY#$?$AAfU<^1n4A0Dye!>EBPu02?S_u%OZlK||k6J(!5vfze z89GQ|T%T@(;f_+et7P%grhK`!}w0jx$776wy-OXzld_usG zWO&XWEb zn8o#Au<2*X?RNFZ!|8E*1Cx5VMTTvg)D#NLZ50bs8$EyfWlrO^MV^xp*hKHplH`u| zUsAQd*4BkS$f$4o=)eO@M>Tl}N_#_2SCDGnR&7>_-&(GD94=6e4WroSUL0dr5B$up z$)M#k5o$|zHuRRFTKVw2dUk%gLK;OG0=7XMP2UKNTaRq+AN9cBRek_N+$dzAunmKR zae)so9xUh~1Opm6DtqLuaG2V)L;}nLi57%E0(Dpv1fy^dAu~rTD7QpoLk~BX)bIM& zQT-_1ED%FnpmRHX!Bu~~)503X*lKvW!|sDD5Ppxr2Mr4a*{N4j!n zw(^LfhpBrgXSsv*#MNAtgkQC_%r*jy59Y`Pgf-HZX8I)nh}ua_M_6)OnoZ~GUI z4bG-hV7;gs2FQ+DiXfTgQjlhz#8B9QQ3|Se%DCTQuO04~#sg}dsq{>W$l=G!-3Sk) zDSz;UUt*d7heFgmrzN!Y_OeI0MXtnh$+FyL+PA8(<&Dj%%V>X&gwQvkX(;>m30$vC z4}?_qoEH14%Pi~w^4=(m>dyt}?olq~8E|7>hkaEYDCG4C?B$@&21Rl}3B8n2J!{pB zP;Llq@{#9bWL3ghcjjj^@um`*N#sQ8kr>ZL?KXeeTE&T-iFQhi3Z%mOtwU$Ub_pZ2 zhZzZBxw}*KG9x2E3aB>|G#>TtvH1T%_f75p`COU4_Y3Hz%NB{$SJdIM;|O31aD*9k zzU=>v&PcyYJw*n*PX3z~iu%`=a#4LuW2v7)B40n_pVw9VeQlyv6z`om7!6rF zSeo%YV1zP2(|VXuFAFv#4(gQ}3HpF~Su>#k{{_LH4PKsve#<*WPW%-36$6ssFUmg& zEf_bH9-VEA8;g7%$>_8?5)|)2Kq$_NXGFcC0Hiw~kJXV=mBCXXbYX@Pfpo}hPYA@N zM95R`pi)JgzXeuLzdDl2t@h+%o8TGJyq6sNR?YZ+btJUpn--zZVnt%u{S%4j&Ldyj zvG0r?DA1S|?I>6dt>xpSzA_jN2KqIa#%X+ro%|8D84sq9rONx{yW-9N0t%9F8DhvE zC!K0y^j{r`tiBl}#3a1%SjF>l`x?*xk`wW3V*SS&n%D8ln}ArtP?dV5^}9fjw}7qP zR`#<#ptXLZsF*BpepB!zXZs6$Pb}gdII2AQmLy6hYX))F(s1aaaM69%&%-dJOM?CQ z?ZjKZ+bO$8?KwbA10qh*%cc>@6uw)P5Q~VIZ$x>zK9M^#kFe8W=VG}ww1POEVXHrk z=RaZ(TKGC_%6`PuniTp%B&7r$N}aWI+Z{a>TS zo4I1#fPP5N)u@F4?=Ov27J{A510a90sWfhKD<~8le!Rm0Z0OsbmKLQSy!V+wh8#WVGz*f=#+Nt zeFjHTrazs~5U2;3BpbbC5%ppxjLh%XVp6}ZiZ;V}B`VApur2I0-o0fVSNunDSC&bj zSN72(C3s{^!BHqDf!u3kZ8!LD&a^wpP`gZ(VR<9qjUIMYWfZJOjPCCcqjOf{?qQwK zjw3|>3h(kmLQD*_ENc6a@wuIA-R~O$B=&DN;@*NnVH=SIG~xYfi7TGEL5h95BUy#*CXR zw_qA)y1+%!X@+Pe# z+Gd)>CHqCqMiA$2+@68hO|(go`X0@RVu3Gq6PiPt`yxE9Gis{A1ez^pFIet^DCWlz#^H)jTGN1J#VCmy}l%X%F6Jx&}JYW(&e9 zHVr(Ul?u2!C!~hVhV3qj7XwM$%J?^ByVfe!H{8>>%pncZe55pK9J{FdbjkM{0 zcf0UAI~&II_h+yGzPRwPO;e@kK>4(Cm=Vsh{>~4NRtL>!zZ1V%*~*5;vvkun{<>ld zkQf4U&3uoC8MajsGC$z0vH5tVshsJ<%sp>TafvqL!o=g)c?mVc8WGz)5HhE4t@a!J zqRb1`FE39B=|1kZC!ch7AiBp^fua*;)ETzO2LW1Z?R`}P$^2GvYN^x-R$|K`yaTo@ zm4hZ<2D_+29#&Y5oTQ}0*n6uk=1EOC@&vr+Y0Gx+?6~N@K4LEm^?<_9dnT-FP1LH< z5*MgX+?pFyp=d?fT4g<3&wV>#qlc=If>i@Hc36TzAnUu*FRIKAfz~G{+L2_t^80{kWjW zkN`L*yOTp8wbzkIz>|T_;tF!E^D>RJ;>bdOBWkKPlU@7NQIBK;4Xal7vBdX|V$0SP zMv}%J0+j>(SpL;9#kehR>~g=K%SD`2Gus&uqhy`Mv$x6nzoTaf*RAXo7IjgAhKbh~ zL$r~0E?voDzag$1KB;|~UWDIZ zn!ax2lI^df9%l%#*K^x*n?dWk?7U+9-gC9fXqG0b`lFG3NqBGr_0@@8B{c=n(^jR^ z*GIxi`X7CN>Dy7bJDB%~QqV**sKx?{j0A~fJ3o@T-rP=Dm6mFCPn!vtbpGtx0diZF zNo?0T10oU!0KZAIuN8mJ{BAZH_D7ek)P1@7=fd|K_`D%ieu^mNx(C130n$hnlI}j+ zX9SM)sGT<;XOsLVdY?T;S-KcQo9LCU%`XQm+G74d%r(4ey~kg?pHY+7UG|`$;a*pSA8ACGtSDmtyuFcBVOQZ$DI;})^a6M>rQh&kKjFQ-Qg$x`E^%P zIi{CoGOygNm2K~dbF-p{DrjJT8ABn|VIEfQB~q4J^-)K@Ko!CCE8^sOSwt-7+26t2 zk=%}sPUetl^!^Io?%X4*r#*CKC>738D*SK}k;jYxD`L<`9&hPX$Fn8sejK|pXvD#n zEQ8CX*u05dSa^A{Pq2A_FULg-Qd7dX`ZLjYgUk4BGNXbLj>r+j(Gna=@>7f*$OVdA zU9J7716vZeG0p&pve81)qzPH4MGhC#W2qfh0@ZnV)$|$%$xU-Q*rdPG?du|1E@TH% zpIBo(cPKwIVjl4JBYUe%ysod$e6exu- zj-J~XhxhHr+W=O8HNlcJPD+2kSOV@ZCZo+C33+o|dj>k{if`a#LLb)F`3^!3%f>7v>jUv{Jdx&+->V?WVUlaKz?!aSe>r z8>GA`MNBO+mvWj$>Z<@(&%bFh zrh~c{&~Y2Y91nE^@LH7IX-8G7^7;0SM7%pT>bcA2~)hIgtf%}KSfmZJx%r$BQ{51-?d+CNF288`jD>!>2x?f+obOdtbq!oDh} zSJI&^WAHYRnI=l^JO;G$zS4{FP3TtS*6(3GVL+3Wv;C|$&#?JVksJ9p!qe}Duc+up z(VIhsN>(4VsYHp>hdksi>HQG!Gii~28{m-AQg632)k+Hp)tq+iN98JkUZ`ByD#v?@ zQq7BDljn>#DX&DHD2w(d*EyCPKBjN5YTG+<@bOkl|mnO zXkX>U_p-Zx>3h~YG+MZtHy!-&c|&lz1%i?O4O)@0kCL2KU;aYq!-{3p{IxwW8Was? z46(mj|0HAd&eBe|JNIFSNV?_5ug=}}HoQs#T?8{WUi2~`lf@N7T7(>q275@9;gVLYu(&Fsi|xKWi+qYQh7bI(0jRxI!yXCC!?=?k97W0+uLyPQ`Ee+ z+2UzQU)_L(T4PNGpsI70Z?PTwRG6Aj3-TjVB{r+%5Y||<;+6qpIF16ChS%>&I+oFe zO>Ok$yV_j;M2JG$Z_UOO>$kwb`qjTUrm%d+BqEBv~D28RnO!Ta0 zA4_n7!lJglt|p*lgP>Or04JkH7h+MjBI(Ae^&@@jL0l5FnQo^wkORg?fN|CLZj#CR yF|wh?ki1GNwF@N95?FT;|9|*h-v8M2eRAMCNcYHpfLi^oTTx#1Ma6T|5C0oAgR&z4 literal 0 HcmV?d00001 diff --git a/assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke.png b/assets/img/posts/Lecture Notes/Modern Cryptography/mc-07-dhke.png new file mode 100644 index 0000000000000000000000000000000000000000..cc7a2bad617befa9eb55b3e403f2a1ec1b3e6a6c GIT binary patch literal 9552 zcmch6XIN8RyJqN$NDsY+9y&;qDkLDG8AxbKlirlxdoQ6A1O$=LLO?}|pj0VR1Sv`{ z(m|vnAkt2JzcVxEnwjt4nOQ&f-s{=-x}Un&TG!f%5A?Nele3Tm0D#-t_aTM=01*NJ zAe6m9gqK+VQb@wzHXi6Apx4*e_(xe;+4S^uZf@?=(^G3}YcDUaf`WpTm6hu1>a(*m z3k!?Dz`#$RK2cFoiHeF|TwGwW*q=Xt&d<-IP$)MyH&RkkdU|?aU*DRVnp?MS>FVk- zF)_`~&VK&<84Lz5E-oG&9d&ecu(7cX4-fP4@hK`QwzRaAmX;P57i(x}*xA`dMMZ6F zY{bXMkB*M6t*wQHg{i8l*45Ra(P&9Y$>ZZ=M@L6vW8?k({k*)q2M-=hO-)HlOE)$) zo}Zs@ZEb04YVPdpbai!&kB{SUI3pvYuV249J3IUN`Dtrw_x1I;<~-&D0C;(|A@>jg zGu!j7Muu>vo`Z(v$1h`h$D%uy82X^~)bE{^$^=EvuZjd7q)E8pj5aA=w1$bZ6$UOe zZCrbtU{TaG|Gt@-t*LuApY0ObKAfb6Lq1o25^h0rp#Ds{-Gk7Gu6(}Pdm{a&*`x&+ zp8zsfAGaM=jV^Mu>peW8hSpcN^p^0SPI`V$^!~d0k02S;__kN0LzQ~AXbzK*^UeO& zWXs3sW9;|_caoEtem);$s^gp7^I;A8(J@UnfI=gRxj_s(x;^F6@E{b-IY8wcBQ?ZBU zHyxtIn^De12T;PdEdBhtI~AZ3h2a#-Q+cXlOy5e-r`V7K9r{A>_jf!kMFm|MLx4l@89>Z%> z6UC+@rg*F&4jSAkn+Y0Rq0tX}4@CTjhgt2EsJha9&U2kaKTxJ^st&*DlkMgp;E`e_ zcZO(R0lp~BRY{YzY{)V=DYg9C#)Gu_gy&$Y-)C!-Z2qC^OAMlv&FyWqq;c|0Aerdn z(dA{ZjF-FEI3t_6B9)mXPVRFPtfztgCf950Zhb_O&}_O&7kCl>(<6<|26Tve+I8qd zlXp8-7E{~1%6H27rR%u@6!wM0#K1hXVk|lnR-|tOGN_HK{3_y4@XbQ1 z(R%S>xBv3pptmT~%n^)Uz zW!kdb@6KHRdYdLVy^{O+ty|0P;+NFsex1R9#-ahgOwrmJr^P#3A9iPc+unR!)DE$e zrT>#a$x5ae-EhBlq!&eOV6z|IWlb3}kLyhjTW_=p%ug7M6G_=@A=HQ(ytG;TGyOeo zO$a2#S}TM3=%|F%oVj{Rt-?ZNG*3Mjw|0QfN9`R<@$;BB+F_kjHu;u=Ot~M(d)!Sq z6hU>|iaZ|z;696r+^zsx$H6vP((<+sy7%l})6{Y6@Z9yPlD0}G*4fObb+Ed*i6zKEQ)rjTz9Ip z>v5{AM_|hGOUg2VC1qoVi8(H*IWS{X4orv79H;Pq0k=;ze=VyomH>2p{|p*1EMqG) zZf|j2`5@-*U*6=|T8UkchQ&NCrCcnu(_;heA7&qd`gwJtL_P@@L4?F-S~AlCiq?i# zrrC#>p3;0`Gycw)T*0+|@~k%Pmoj-ZLa@N24te1b$8eAdsqJg1P?{gpv&;w`sr4$s zwecJ=uC({|2n8P4(8<7H9Pt8}hXs@E$eu;RNE=|Gxt(aZup@;SuVWV~XO;(+l|Qf% z6oz?G%q1Cq#V$!bf%LP#M#5dd-#tVVYa4zj(wCLf4t+JDwr}pu5W`~vJ85XgvuXk| z=*r6LQ*6z?ZOX1#VZPPN{sP6zy<={KR#vkA-T=k#jwwL^GdkWLn4@o00yC!hWOR!* z&XiuWhpOx~PKN~FPp%1MOz*g#6?KZR&Hwl{%4>GV9^X-OqQvED6;C@OIN@IUWbiy6 zCrSno*o@6HWs3+VHc_P`lmaXHvwsJi0!#cSOUcj@^WWIr3Abk$6;x01fceji_Kj2Q zFZU;^`S|Y9?3@e2<*gHf1x=gc(s_;Aa*^R*p$%q1j$Bq@F|LsbULiNM6I56a8+H0>FUm-1lNk(=rWZc~m#Tw5$Fl27jpRzl7z4!^86Auuj-mmwNk zifLIhQ6{V=;lhclS!fnE!Pg?*upqetl`eycbu4+8`D0So+#9SR;~@=8$JDUsr-jal z$W=+)cHjIhHNyozS`^lppi>I-QxmAC96qUllo+B$^L`JP_(B50S=||U@Eip*xh8y) zgWZjMl3oIP%S`l61}yUiD;8m#UXoOxL*RsW(Go5bc@EG*atRy8mdIi53imV*DSK9j z>bY;r%Jm=>bf0vqI3vPjG!X2!Kyc4T)4fC50rny|&d({k?w{J>J*G6y1deY?VA0aG zqO5MBe4>8hWfk5@XH3Z+^>5&3Uw^@YoE-;Qp*srlS8+jU^u_>EQ637 zZano@byuot$=xL!Cl$IM8&?9%3ej@A-Iv_wD4)UTJJ!pB<_t`8`T4Hmo3ad+-N006NXTYYcF2v#fr%bwMuXwh9M?LvT69~rNmV<9{ojQG6SxAtX!MII7ps+D)~dn zt*VK(>#p!Gsr@8?wqiOq!-LE)nMestEg7VYN)V;x3kc-IXWEL9jgRZp5|NlVv{e)_ zbg5!-c~p^yF(-o^-fYTNA%d;IcK|9V@R!zK%F*aR0dT*DNt|(n@H~9!sWcQ#(ph`c zr<7`nEe%ZhPzAO14F&t|Z@tlqRj(1#V5WnypxcM&k(5p8#2#`XT>75_5b^21tPoHh zq1UMd&3jOE><4)<|D9ic+#94PA;s{sQ4u(lM-9G8U%PA?=jyK&E59{zY=wwt>+2vY zrQ3rvIDC9{jyid``Yh4+#}z6{b4{xbGQKrDa*Nd6Q|Z)p;I{F*6C0VOW-K_+uq5_g zz&_cZt<-{DuybnCGk>5|Q=5rku z1}d~+!@wUc_TTT^U$8DcI&sn|$k5hzi@n_;!TF>cj*E_bA6$J4c(uw0j)t#oOcgfy z&HRd)yS_APtGkY1=5F;_nY7sA*xm`Lva@q)_kU<|eKC;Y;t*W+w7o>i;d+@$(O;KH zf}%rhglVAS!r8a++dOPn{=!Lhub-zUJg42n`&L1PoJN!Te6 z7)}ER!rwv>7!U@Gd7O-eKp{v-4+A_gDFK&|B#NO0(jaMo46Oa0-(B_}VZt1=Ae=u0(RmGp z@L_1VFhLutNjP3TBnPTE!6o?83=wz7_qkIl1Y!Fp^!b;|&<-2=BRP<=Q|AB<_rx__0$a-X z1moX&c*ZukZ}J%dzt@}@$2jwND_WNR3Ja@JSwKK!#`WwPRdz8!nIWz}fg zk^nptLe7vCk>Vc) zkt}w-AZT{Wfgp-k>Be8P^kj3`zz;Y_m2ecC5molA-4XrTGLSAl@a+W2mAHvediW|9?T?5f-TWTL*0W;9LA1{~y2VPqTNkeU zg-ShY{RYv%Z;R-48e`zA{hL3kgTNSa;XUjfB5A#K-;Qud)l7_&se4&mZU zg;7Gj2Ym@*7;@2JtX-;vx7rKq6dF-CJherpG5u@qX^Fw$7Egx*9)W<3$n&PJ0RR&) zKZcxr7>oKcySF7X!IZHVN60wte@H5glyen`rNX1H|DuJ%?S1YCU5qIUA1zS|zddre$tN66GRe&T7YjwNtE~U2-&NA8-^GKG zF>Gy#0~c{52OwM1*x*|ialN_P5|NcUD<}NU0yun~?kB<4=^WgWsjhg;!!-_c#m15> zPl%|;ZwJQYY1NWZ@g-}SerY8M>t}J8vAbn^BAwDz4zw|Z00}MO%^`i!8{5zL{oVlVRn~Fp?Y#=?a$*etEmpDA0kD;%2K00 zkN>drzED&mft8}(-ja=GALlxn>qovlR>EYO^;vBbkli$QZ)(xR$Lv8x+*`0H-wpUu z)1cevU>haDY;n)9sZTds&U9Uq8j*+k4B&&ER3H3@o=b24p01$UPl|_wJm8Y(F7i6? zxPfQWKcQd0w*UTE^oGgxr(cmRR#C3$NnOby5x&f*!SFs}1svN`Hvps3y#gXP$uw*| z)61eAs~18Zmuoa-j+0n+St8o;xN$Rot6UywaE!~Xsd~MJg*`7U=_72pQ4cwEpg|$gPR@xEXc7^DaCWt zE*s3(di5s6h9dvMu!u-b&e@Rwbv!1Ek9x-S=l5FMkmaEv<-7pKETgxEZ>NYzk4c9s zPez$P#Cz&oYT(j7bhxj#!r5&FfiElMY;>A+IVswFTxzuke1>q7(TnJh>jBr&v?O(NWI&yWu7!Yn~?^)17o$%!^ z#ZHIYm!Udhl?mWwENO?hvUsV$vy<+<8_yHN3>!N5fN&_=xJz^~CIVGIdaBT=$pC%S zRPOc{zlC+M7ZG(WNCRes-pNrZPurC0C`||a)rl?145EX5M7^Q64mp($h4_ynd!Ex9 zR3;>0yIEepD4!~LV?H7FRVx4nML>WaN@XDY#9aH6r}x}D6sU=SGsP~j}EP9t&A#s(fIyI3jyhg5>t`r zWq{KFZ@s1j*m~&y6@kg*W-sv2o+$OQ=N!X$J51BD0CWoveh+o8c+A)6`@cjHn#0`x z5-~%3sj&m3w;ajepmX*i2=UKR>~`;B1TaC4$N)-e6z(Y zYxYEst0Z_A>1P9O#} zwDK(c|I^;@|J;3sPB%1`nsRW)C57GA45fv6AxW z>JKa6FQ7I9=B1)u_BkyAQ!5Cb?ymMMB9yS9dVpYn@;&c!d#|^|(+r?TYs33VPXfs% z)0qKD1Ep9yqM{ET^YYUmJcl8oHqy)SX>KCtw*rQLI1jx{*xE~6Z{VRA?CRPR)}|KM zlrN37eE%uf4X)zx6aUAk&*)iG@LLKsxEcMpu{KdUbOOF=zIgIC|c-=);&6?Q#w|EMFs_0B-eU>eEkp^C9>UV zY$rw39#w(Df1&?|4ndrB4+oCbyTmF7Z zkDk>Kf^QXr*4pqqdZeANyn4oVb0}IFbJv=O)Cw#!K^mc$!e?Fawz2T}-S>5@B7eh~ zRJ}TPJ6;R$K!8!=IPXC?jJ=6(Kw;GjP{yeXG{hNsye&C;1tWAxuJzjEsutNBI`8U+`sXMP6yYf z@NEDLP=_J58Nv5B@}9uEk;sk*!>&_rA1Df>5hG!vF<65fAm_y$m2X$lHw&4z(+1V0pL zL$*r!NZ?Gl!??eWl5@BJ5AHQ>i{L+b$m-o|>+5OVo6H*)q60W(=#yLiW1(p>8{vHm zIoy7F&}Y!qp3<;}zp392tPHE01nxA{&LO++Q%I|HX~(Hj+MiY8?)9Iq2EK$#JY1>2 z@zj^2D=p1J;5x9P@kyB>z5;>nCa->}Ow0&^_yFAYUw2Xsq6t(_V`C+wzUAT{rskPURB>3+);J9;A zL0Q*d=STii5d8UP67Ja6mGGt%6o|uq`JSykVVDjuLU1SH7Cw7dlHZho0&}pBclfoT zK*A(28+_+tFav+5N6KSBmDo;oxDYrJQ`^#sWsv-f{e1k9cOto( zeT z1GEfF{5LSX_~`&c`?u^ft>K6y*h?&aMu>v`58zpsN^4a&P}2r5|C~;pw4$HnaSSnG zB`AvFv3v2}_5G-*o_7UAN0&7diq#^9+E8to`%s3;QcNjJDJU6X2sgZKm;nV>3RaR< z_JPodY(zA|E&~RJ;qHNJ@ACoq#<_rIrI|^YF6l}Cb~rArk}~+W=TsN}cvR|qJ5}&+ z@2M_HZX~FZ!E0N01LpfZuhhJ64;pbF?=e$lsXE@HPP|9|u!1Yo@eWBC zYRBUJ{qGzaWb=K&FFyeTpm@Uvrscg)!O(+y$<}Q|2#@J@N=V{wxjvf8eplbTFqoZO zICyF?L^N15xZRqArAFREAT$vebp#0<&J0f^hXWx{d;Hl11W64<;}13dp8;fQz2C`X z=d~_rTz9#s(V38CJ#z~FT@y}k;aA{&MSSN#NvCzQwxOVoaiqH^1W|Z3cZM$0B1mZ& z8oS)A&k_ltbXr|7X0X((xcp-FvzZ|I5;B+g6FS`fg{ zZKz*OTz??ZyWmFb*;dH&jNsLywW$j0Mb}g|()uGlEfrFt;6QiPmt|yuJ0eVX`-;mV za`Y#?HytHp9Oe|MoLr|fyTU)AzLV9T3}tpz%N+fg8(_%bi_eo>3F{zCl{&JJP)5FG zu8H8BZS!;3R@u3rq)47QJHLznqx@gnqE)c}2mE;llpx?Kx#7!vV!L!nE@_Yk0SOIM z*k$%K{6!|fH^P|3(Ac_gFa99@XN1Bzznt9T7;5z!-2e6Rn6ZJ7I@tXd`$?a4tkr5u zkLmI*>0>MRk}f&_Btz6AHKy9Fnnbsh!$%3B4JnlI=q)blRrc<0&;v7~kqpO|yH)N! zzrn~3M4HMCuH`WaUvS#YtjWX8eNPNgmq{RT+fuH9#2u!{DXrPf{d=5oYT33o>Rlz2 z1V`_5tIVj!la2B)iTN+GEc-2sqV-8@Mty(3eI~LJYk6A+wBTVWq_JIAMmfugNn|bD z%Q%tdRQ70!r!mmKJVP)$adc9eN4u@n^ zc|Ft0dkC5A4e9ldh-b?6TFJJk{&u1|8=H?_@jFzbxhlDciZ@uTT&9kZ4SS98n)eLT zaZC9j_emIgnT+D@cB}kDnolp8Wk)^hIhx!N1>#8_l}Ylmj^+xa>{2!h@<-hqc!Ys#q4 z%;J}_D@A0z&XLNTgB4D6hjbB&uURT(;tsf9mA`x9IDWzV6>!(5EOOgMq!aQ|IR^NO z#zG|k##?LMzLE)ZL3^Eflk89c1Bq%-oWrFI2_0_{#0Y znRf?PwR|yvVa%-Z}pJ*!m z&y72M;Bp`SCz8j78ZAbS^)>np+|>Llx#09uiC8HGCa+H?4M+JO2DlesEGbf@SSJam zp*y-%>#|-qDWnb~^^yzF+}KbqC2 zQHF9wD8JbH>_es&o)*tA?Np9blOs`N^1Ai!PyE{txc3;!fVYLStEjKPyl4KyjsY{j z8?h1QR_7%?XUo!Pc|q9~n&6)wxG?|vq3F%8d8t(Bl`6Is8S&{)duXmD$UBEV5$Q(- z#^j3381m_!Z$ppo7TD13o%sY!zM6NQtUF<~YgiaI z(@Gt?@pW-Hc~W`P#!U8OXa4wwgby8e2&9?(jaSU%i~i2Xy?yaz1^o*YOLRZN%_?7MUh2cOXd>He-6^Pf17)GG_4w9@PE5W82)s>-#NIq=?Xh+52$&Ba_`9VQX7$Fci3 zfzVP))8BjF$t{_=+Sv3d%Ag8zv|VOX^ff>8_m*mw4tS$hPNOdeD|oS-Cs-QX@|>H6 z4f#X~P%DRyic>vstjY0I2%tCz;@SJRhteksy6XVyS+)G!e>hjg(CO6EmHU+qrVg!9 z)U=osB;)Cpt**k=_c(ILOzPHg0UbaH4}U6GOpKGad+h?Ms1!S}OHB)UNW7&S3vaN> mfUB#2~~CFiJQ5QzdJS%QFwq*<~gWtA)$Bqxy|ATCH2 z5fI5JNrJ$e{r>L#y{cFD{`qdbsy9_TJ99$!=bS#%eWuUE>Fa7xku#Gc5C|$zQ`HcG zAcPPIyc1FanBrER-Uk1z>uVdUU0htimm3=!yu7@{#l;>T9_Q!hRaI5#>FM3w-NM4c z;o;$|tgH(Q3wwKefq{X}&dv}7&CSjI{rlI(#)gK5Mp03*p`n3}j_&yQcw}URiHV7V zg5u}TpTB?q&dSQ_?Ciu~FxuMMQc_a*`1ntsJ|!X|!eX&1Dk>8b6VIPNx3I8~m6dI8 zZ-4USNpo{^UtgbwhQ{*p^1;CYCnqNf2?-L3bai$0@$uQ--YzREb9ZzJWUqID~W#Kaa3$**B92dw^%;%VR2JKD-duJG`q9lvZKYcr1IL%hx3 zW}sfr$N;BnYhbAqo+#Qmp1?#WfP-g^s)|oMI7O@fKHt}2rKXo__jR$piFmurjd;DQ z;}JufYSb^w^;vFar-|^c$$UhxFq@I0Q}2p~LRoDJ;0$5AYpEOW+SSwYa^)>oXlPRu z@*|?l!A!Pr&*M+z0JV>^FdnwOU{Kp^;!NjTwBw;Dx{ktH2CSS|(QghPNd?>B4U) zm3`wkUe9}4zZ{w!#-5c7xm!a1HKXo)$sF?XJEtyJz?lvUej%h|Qk^+^JKReTol3|j z;O#pSvcsn(`Z6L{bXmkoM|Qr!Q3?s}geiN1D%D}HYaVvgH$KW`NAer}XfU-qM@ey2 zTcZ6CdjX*ENEIuOK7ptZv>+rOCde5X#m;(j;7#q>6T6FXV*NLcNAwp zy6$}6Y;x`8dhDzd(s6p#7GOoK||QgYxy+$qCHB{{J=#GS0^C7^_Y4sf#5jga{D;0Bmq zAjC55IJCA2IPt#meh{`7Fyek6vj6CvXUcw$&p6`H5n|v%#!Em4{spA1Sy>o~s^SzQ z&M=0-K1XLg2*aR1&Y!Hm%K8iqo*<4cGq3r))@Q4Uvj7dr$(bz({%(KUJO&OTsCpyV zi0l?R5^TiA_#~kI7$wT zY*#%fyCae8HG#}EKDyzKwOp?qa$lwPq}TjLQ15qBq&eRIcLkp|_P#Yif-Jq)=4tQ9 z*Fy|dj2%;ZWs?lu3ZP%yTHM-yDJqgO+2dKWdrI-e#SSGMrA4HbC2fA)&)+3mMRFcN zJRUPYr$>IN8`TrM7^sVB$DC}hNzZDBh@e;|*Lpt~AXA!iD9(K#1>`QYQ12UAUP5vPzMb=2PUq%)$e@lw&Y%OS{b~j`w0fp>X4L&Fz zPW^G*yXI+Q!BVnw+&(!KFwghJ%VR~uq*NM}v{xH4mCAg86%FIX%af=R`qFl@A=+P8 zygu<(%if<)9403MqH;F~O+C%XuLeI*`07;8xNzGmPj{zM<@nE)cFq4i!7VNeT@EI> zLeM>fT8NJ}yKJ7x^!*2sWTJ50OU~bIx4KV+G&2}x-g1UYgab_wW^33ym=iSDgPy&p z_V0KD^oEfQ=>cRLpy8msM=X#6yo-WQ5MgXG0I5O?m*CSxCT1~U9gBeI1ijZ2dUqssi6 z0#j&RoziU!+sjvRGHI_~V2oUCed$4Z3LZ9DFz&V0W-c$=zuAi^KugNWEsAAMKPXI# zw_!9bo55U_81|6s>r8;3zvRpm6hN6Z=%=CnlU^SH@C&c)CqRBeuJ#oCuI>?P4!BV| zuktO@a&yT&WE0yY8W9eTiPZ-l zzbtI7_Mz(nb@qzeK7}!dOWEFDy?qGLYp2w-Daj2$8ApK4$~9OOipo#Mv|J0^#``7c zlAM7!ztzTc>n-Q7HMY?8a<06IMlf{k=jIMxg#yi(VwML-xN1zAw7d6Wk3dLzrO#y$ z0tN;i>0kVNc#1%|OU%fl}--c`#Y31*QCQQgQl?yCk& z25K*8bWbSP4{rAmd>oU$8MPc`h_7eq5=7_wJtRfdJ8MYY>+E0pEj()oZfcPH1P?=n zrGdL1aDjMdMri}%1T9bcz7AVR-4v|SGPaks=&~+mGzjeHe)k;q-#!|>uP6vHhRe>N z>0W-N?UrM`q5IuEUS6|v#B5%ZdL<1wxK^rFgO`y4ONRwP>&syz`mkHG0q$UKSB`>Q zqMOFCh2$3RDSWk|J+<^Ksvaj;62p;)p@(!383s;uNPg8D2`)&gU+;r|0%K!RHNX10aq$d zZrD?21%SsbWXb;iyO66slO!KQ4X%2C-SmOaHD)|pdmhS@S1C9}q4l)2pcqi%p+9?( z^|D(zE>tl2sTibB@c!=VgS3HElJrCi1NC5toX3bcMk)aN@1{lBWTQlmgN*kN24a|hVO&9 zUkqeiCgO|BF!fAx$~Z5Cfj*0_?$WfKl{UlQ*r~i~%w~1(R~Y1x1?WS71QSd`NPqg~n1TjlaCVGyDOX`cKG#fla(ncZ zefMhJ$)WSWS9lkL^D}5!Y^$(V>N~Fs5rPm42+jX2UwP|0uLQGv;Aje{Ro!o8!-aO9 zCiLE3_;byv78<^TmF=s2SZ6AWkZ>#U04QXd$bCHc3}(UYn3uEW6E$?>pu-%)ME?_? ze{cYCy#of9H|9|=nIi|2qw#cl|0q)C58%qYqNSw?t#GMwDLhH+ke=dLH}he;dC!C1 ztSSDu`3-y7BLK|bl8!!NItuQjR1TPQglMH1&OO!S-vE|}iF zRw>&Ws!(B^xQ%&TF2Jw99atlR?dOvO=M#pfJ48!#Jmq*xLYj;_CIyk&vKY@C$!6@S}0&yh&gC(2KA_`)lK@gsC z5)!0_y>2iLR1l9LQi0IUpcZ=DIT_GDKNCZ0L5yup1$1~oT8dXZB>^RP9H|)7$F^Fu z6Yn;k0SB2n1Tx}6pbsZV8~>w7jU!cIcMnPraMCl(YUx~AMEmtqj((ox1hchaI779c z&P|yDd?9j{Ci>Rx$UEkB2$rO1Z2kMNfX^Tb3M;69heH)v7D zOc7(db}2XL1Aw$|#Z{n&K=RELr&i+?JN()k7P&@{ZokvAdC!HvD-Qs|^Ne@y8hF3r z145#o^=`3v{`>O9<(VAFPu<^bGvP7vkpO52LQgid^{}oD`$wmX`hSCUYGW)UDcRrr zOvSKIYnw>Q&&p#g&;UOGc0YW>%Re3d8WkhPGdF^sUnMl-n#!Gf-*3+Bi!w}oGr1A* zHD93Vg%%3h#7Vn@KC~k~BunHxxjEh26M)f!Awf{gNAk&oVHNCi6yy#Ig{A^B+YxkY z+&)EgfnW1z9O_m?0_7@!+%djZYtgOuKPaT50r1_hJIGuC8AqFJ-_J}j<;qw=W4zPD zp1UPq)$s?(LG0trIV&SWJG$842Q)@|nOoyjuhK~eDI@yim-!O;btnE@$YzPTvIKs0 zCz~AIo2#&6pp@>2XFSx}M!_D~5TBUV)s0PW$bDEr^#oIB$y-2zl@5ELMGP*#^#i_Y zN(PtjsL=~~$ox?JN!dS`*3o0zwlPuM{PqL*)Z>}l>5#!ePw0H@0%|81>PU<*erROS8kG9{Y;>u6@fj z9`u4T!p2n4e`v%Tjx`?~U>G4~9keK#3MeDdZ%B zIOAA}z+~7uKA5g~O#`MY(aMlRFst7HrYEZ=!u0=lRWKO>&rW{xNLk~6V<}9A)3&DR zSCTx6ai}pOlI!t>hdToA^Uccd)U~=_Z5c12GQyd)fA2F*ZsqNb79lUuxyIx6rh`9a zMrn~>AIe_V+ORnIm@!_(^^X_Ww+zvT=r%bI6l;9<&2#yJMf^hvJW70>kL?1HkuC2U z$4<^VMxLuYSze*tEFemg>B!g;F8fG+5$T|7tz$?1wPjoq+^f>(tJ8++DXc)tA&2GN zU)ik@He%w((vd3vtbl7FE>oRhm-nWTO>So)w95}jcJij)PwDLvwpUbzFC_o7N-{SA zkHVGk_ADAZ+P4Rm#nqL;4`QY~+`oobeMus?{#iaHXekNqtOrD_(;bY6vTi1`f`uJQiM`2lC0;v1= z*4X!^9A3wU|4T@uWm(o6l8>Hc`xKH0g{Mktqd4|xuf#f%cFw3D2eXd(?OJW*mfSvF z2=T#X4ge_9(a&U`#x=Ky6hGrF#K^m!EEgVtTho%LXGP|Y4dfM?`B|3v_3U+t@1nzh zX=7`InNFNFp?v@h(x7yxNS2AVN}%c}1orQJeOx!Pob8Y*f$$%;4^3lL<__&%5+u0! zUG!cX@y`ih2N0f&{4W0@4g!QhXo9He*^OCmx2pVew1FY)D=>Qg8E(axekT1m>gzq9Mnt z=N1$(@dchdD99KB+T5~D-u)nUtY)9wc&qdUcrn7*eM$uhpEBNG9t?!if>){f@p&2o za@nagYhyxB=u?HI1wnSBCY73)z;cn^9o}zJSCH@u2u=9MZH$(x2i`kkLsIqM>n}~- zl1x!p;kk7Cn(wHrUpxOzUI)Y|C-0RRVsTPZxQ&)bq7mt#ZzCeTDm(MIM&NAWgKPX; z#9is3Dqq4)l@x*<$DYR^cBke1TLQ zEB=yxeL!O@}c&m4?AA@ga(EB>5ykBLgVP*gaD2$cCc!K0sVE$nXF0vp%hee*pp_oBX@FZ>S zjK;6xZ-wS={oK7&J@QG+^z|G@hrk;s%X;>miGc%(r6eBhSp~fIGd(PcB!e= zE6a7QUshXs+7LW>^bMkK4@SPMQCJ-~t^0<15a7^#rrSX4TuPmLhe6@S+bXg6VNGW0 zsNd3S=5jpm>`VOi2)rgnlBBP8PoYv*ocXObw26(fsNLI1Ru{(r*IWtTi)S3=Mg22G zZ=Sk9vSc?Y1DC25R=YO--G27Blr)hy?>dfBNp3t8qYX^@_;EVM?$q_X^U3cJhB&=; z^G|fX2;#?j>L3+iG!K{*Vm9N>ZY$JC9Bb`iU9xmEraYb87FZAXqgkV%oJCr`n0ijY0P-|JQS#D+_mk-E(_rICe4_I@3jNR@@9r0%GwiY9%G*tRC-%S95V(=G+FH6#g!{Yxtd;e#>VVKTz5M z*7RcUea*}MkvnPkaqv3H!u0P-Drd*mE%-$ggV$mAtV~K_GhA9JP$W(P{M2j!rHGE_ zjbk1an>wDhC?r?(nXgDzeK{mt{T8vv=o{#w!NEc*noJY(o`p3@W6wX3(x9 zlB($LcW2(NP_rUtSvK==A{AIU7a$PNpc3WX5^JSl5iOf*4R?S?0duqt^!~w@cytz$ z!I)|FmbLhgW;P%>Ku7oUjD1&uM;ngYW`$y&ff>pDn+e}S+h=rxS=+Ck&l z4c@pG>nK6RwW4V_2f%4ClDB+vyNGih@EXN0%h-2BK?o4`o{?X5W3^X!uvJ zaQb(cbo7RR>o43ieJgwVMirSFV*hNrnXP)WTHzjYpxtft!3m?=ZPubTYJ!)*&OdJM z%|N;qS}gYKk$#s3g-s#n589@4$7?5dCE2SAY&eY3m~G}}y?pOvQ{5IC!QA2*sVhG& zdp;9IVg19<7yul~0K9^qk2Kj9zojXK7bvQ)MP6EF2x{h9=__X4h3%;Wtseh)B^!7R z!SW#wAoi)h`$Q`6D{V`RxlRL~?e)yi=6>wqst5fecX;G6m2^v)uwWo`(s}|B^;ju{ zxlej~be?HC?wn(-^FvQQli!J-=0Fdt9v9-~b#n!F&`<-+@33Vm^P-#fnp~=VL?yP+ za=1B`JJ{%f_%;wci+jv&Ux3Y4^oulf1J6GhVEuC}?|yjWYeSn`>y@`9({cGFztkZ0ubXA0MoKl=O> zXQVvaVLtf=KR2P(O!cqqxX#1D>|ge*4~Ping}NfYhv4Fw>Z(_~lelkdXwXob*W9KE zOt;3-rEvy`qo33&ccjxy)l|bFPy!CZyCXT^i47VEJy9O$$^}5&&K(8j?N|TUt006+ zl^E1?XpiPn75u z!s94*4WtCIdR*Xs3!Ms77e)uEHlCF*rC<*0FM=z3&_GbmpEB9jQ>kt*wmd+r+l>tl z47fqK?SJ>rjK=giL7z%z(g|s(PK43crR#y`!XhJR%rk!oc|Nz)Hq?J zv^a2)IQW-f#AG;-N;orc$p0sWcKdYMC~zMIQ0_M7eMpSd1W}Q2(2?O{5EqiRaD@Kf zB+#86HbDB9V(gAis~PUqUABCaNau0SjS!`la%r{X&ttj8h}G=c<4M+`uG6`mR+5Xp zWT1c(E|cLA!37~QK3w@s5m%?eC&!i5^l??6@JP5$M@WY&y}_a-6>7ZhU!0{Vtv)&6 zY1Xf+iMr0vV@+rntjHBhZL1@aJQ>hWin?oiJE?maiEjuxFNI=mj6s+D5#sgh;k*a*Gik4*Z1&_OYJPtS(KJ zD1^N8km}&$^k8~Ke*IQ1h0KUg{%!n)y%FuyGoeTP2wjudEWSS$+j@xBlLlX8-Ss6S z>g2A2Cs}+u7M@&)FvcNOi%&j1O^Bm}tT?I7xj0=*117caZA7l`OMKK~lu4WuOg_Kj zw0A2rwFXT)IUA4 z#J`@VJm7DcIYaE#h=(^<^N#I9-koQJwz8A{Q68@@`P=y7vuDnC_tyWnpNjmKjK7Sp zd@K-rt_(SE_WXsBh*Svz;;m1ISqOcsdw|y?qHxGrKcs-63SJn&%3=9wW(Z!uPaDBDQdGmbcC0 z<4?7PZAMk0Y0KvNWfMFxRq#9U0(VJfrRT`3jl`=T!aA7kEhqkiuQGVQRd76qTt_RC zlEl!`qJ|LjQNWXVx(4&(WzuO*cxC~{o4~s%vw{wzWoEYjK9NOD$MLgEbM4_ItG9c(2fqJyS&>-1R7ZA%~?0^8=#x&Y`}FBQ;MKEtCk=)Pjzl~KK?m``ycLvYOKdp z+`;2_<`c;#vvJ3J`6mwBI@g}bp5iZtL-^CbbNxeg3$u~8T?)8(CBIn>t~Iuk2uNMS zd!PtL)NMN6-uTd@o|d$^?(E!pmKyVeI<(SsJnAlQa6#FTcIQ(W6nWw31IxjX-6Mng zre%K&+3V~bDfdSQwjVdve>5>A1QcKt88*+C^jvn$dwRw09Y zGTU!Q&MCXGFaO8KJEDU18!O&UMv6>){GafI4z^^Fp7#uoN0CkzzZMp@&SsdWeJg+I z;n*E`e~l_*`~|lsB!;8@r2PmS)xp@jwvu*8u%6Z`!|zrEWn8B>PzQG^ZA>I}dL^BL zN&{bCY6`ZPnBtI*$H!L!11;{kx(A%Jl&^V?91!I?a+j>%VQmuNWJ;BoWsaSvMWC|D zdN0~K5|MZ2C=kfd#%JtpW$0PHQEp=dayVO!alKvxuK<&EiMK1q2%(@)`(Fn9e@XN? Yz`tv4mORPbcZ}nMYPza#m2D&c7lGNHfB*mh literal 0 HcmV?d00001