From 5424eb9f7161b35cc9502a186113822194444633 Mon Sep 17 00:00:00 2001 From: Sungchan Yi Date: Wed, 25 Oct 2023 15:11:29 +0900 Subject: [PATCH] [PUBLISHER] upload files #106 * PUSH NOTE : 5. CCA-Security and Authenticated Encryption.md * PUSH ATTACHMENT : mc-05-ci.png * PUSH ATTACHMENT : mc-05-etm-mte.png --- ...6-cca-security-authenticated-encryption.md | 207 ++++++++++++++++++ .../Modern Cryptography/mc-05-ci.png | Bin 0 -> 6543 bytes .../Modern Cryptography/mc-05-etm-mte.png | Bin 0 -> 21868 bytes 3 files changed, 207 insertions(+) create mode 100644 _posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-ci.png create mode 100644 assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-etm-mte.png diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md new file mode 100644 index 0000000..a4d6aaf --- /dev/null +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md @@ -0,0 +1,207 @@ +--- +share: true +toc: true +math: true +categories: + - Lecture Notes + - Modern Cryptography +tags: + - lecture-note + - cryptography + - security +title: 5. CCA-Security and Authenticated Encryption +date: 2023-09-26 +github_title: 2023-09-26-cca-security-authenticated-encryption +image: + path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-ci.png +attachment: + folder: assets/img/posts/Lecture Notes/Modern Cryptography +--- + +Previously, we focused on semantic security against **passive adversaries**, that only eavesdrop on the ciphertext. But in the real world, there are **active adversaries** that interfere with the communication, or even modify them. + +We need to develop security notions for these cases. For example, suppose a sender encrypts a message $m$ and sends $c$. The attacker can read $c$ and generate another ciphertext $c'$, which will be decrypted by the receiver. If the decrypted message does not match $m$, this is a violation of message integrity. + +Also, there are cases where some information about $m$ is leaked when the attacker learns about $m'$, from the behavior of the receiver. Such an attack exists in the real world called *padding oracle attacks*, where the attacker can completely recover the original message of any ciphertext just from the behavior of the server. + +## CCA Security + +Now we define a stronger notion of security against **chosen ciphertext attacks**, where the adversary can also obtain the decryption of any ciphertext it wants. As always, the notion is formalized as a security game. + +> **Definition.** Let $\mathcal{E} = (E, D)$ be a cipher over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. Given an adversary $\mathcal{A}$, define experiments $0$ and $1$. +> +> **Experiment $b$.** +> 1. The challenger fixes a key $k \leftarrow \mathcal{K}$. +> 2. $\mathcal{A}$ makes a series of queries to the challenger, which is one of the following two types. +> - *Encryption*: Send $m_i$ and receive $c'_i = E(k, m_i)$. +> - *Decryption*: Send $c_i$ and receive $m'_i = D(k, c_i)$. +> - Note that $\mathcal{A}$ is not allowed to make a decryption query for any $c_i'$. +> 3. $\mathcal{A}$ outputs a pair of messages $(m_0^*, m_1^*)$. +> 4. The challenger generates $c^* \leftarrow E(k, m_b^*)$ and gives it to $\mathcal{A}$. +> 5. $\mathcal{A}$ is allowed to keep making queries, but not allowed to make a decryption query for $c^*$. +> 6. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$. +> +> Let $W_b$ be the event that $\mathcal{A}$ outputs $1$ in experiment $b$. Then the **CCA advantage with respect to $\mathcal{E}$** is defined as +> +> $$ +> \mathrm{Adv}_{\mathrm{CCA}}[\mathcal{A}, \mathcal{E}] = \left\lvert \Pr[W_0] - \Pr[W_1] \right\lvert. +> $$ +> +> If the CCA advantage is negligible for all efficient adversaries $\mathcal{A}$, then $\mathcal{E}$ is **semantically secure against a chosen ciphertext attack**, or simply **CCA secure**. + +### CCA is a Strong Notion + +None of the encryption schemes already seen thus far is CCA secure. + +Recall a [CPA secure construction from PRF](2023-09-19-symmetric-key-encryption.md#secure-construction-from-prf). This scheme is not CCA secure. Suppose that the adversary is given $c^* = (r, F(k, r) \oplus m_b)$. Then it can request a decryption for $c' = (r, s')$ for some $s'$ and receive $m' = s' \oplus F(k, r)$. Then $F(k, r) = m' \oplus s'$, so the adversary can successfully recover $m_b$. + +In general, any encryption scheme that allows ciphertexts to be *manipulated* in a controlled way cannot be CCA secure. + +We need a way to prevent manipulation of ciphertexts and provide ciphertext integrity. + +### Example: Modifying Data Encrypted in CBC Mode + +Suppose that there is a proxy server in the middle, that forwards the message to some destination included in the message. The messages begin with $\texttt{dest = N}$ where $\texttt{N}$ is the destination port. + +An adversary at destination 25 wants to receive the message sent to destination $80$. This can be done by modifying the destination to $\texttt{25}$. + +Suppose we used CBC mode encryption. Then the first block of the ciphertext would contain the IV, the next block would contain $E(k, \mathrm{IV} \oplus m_0)$. + +The adversary can generate a new ciphertext $c'$ without knowing the actual key. Set the new IV as $\mathrm{IV}' =\mathrm{IV} \oplus m^*$ where $m^*$ contains a payload that can change $\texttt{80}$ to $\texttt{25}$. (This can be calculated) + +Then the decryption works as normal, + +$$ +D(k, c_0) \oplus \mathrm{IV}' = (m_0 \oplus \mathrm{IV}) \oplus \mathrm{IV}' = m_0 \oplus m^*. +$$ + +The destination of the original message has been changed, even though the adversary had no information of the key. + +## Ciphertext Integrity (CI) + +The attacker shouldn't be able to create a new ciphertext that decrypts properly. + +In this case, we fix the decryption algorithm so that $D : \mathcal{K} \times \mathcal{C} \rightarrow \mathcal{M} \cup \left\lbrace \bot \right\rbrace$, where $\bot$ means that the ciphertext was rejected. + +![mc-05-ci.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-ci.png#) + +> **Definition.** Let $\mathcal{E} = (E, D)$ be a cipher defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. Given an adversary $\mathcal{A}$, the security game goes as follows. +> +> 1. The challenger picks a random $k \leftarrow \mathcal{K}$. +> 2. $\mathcal{A}$ queries the challenger $q$ times. +> - The $i$-th query is a message $m_i$, and receives $c_i \leftarrow E(k, m_i)$. +> 3. $\mathcal{A}$ outputs a candidate ciphertext $c \in \mathcal{C}$ that is not among the ciphertexts it was given by querying. +> +> $\mathcal{A}$ wins if $c$ is a valid ciphertext under $k$. i.e, $D(k, c) \neq \bot$. +> +> The **CI advantage** with respect to $\mathcal{E}$ $\mathrm{Adv}_{\mathrm{CI}}[\mathcal{A}, \mathcal{E}]$ is defined as the probability that $\mathcal{A}$ wins the game. If the advantage is negligible for any efficient $\mathcal{A}$, we say that $\mathcal{E}$ provides **ciphertext integrity**. (CI) + +If a scheme provides ciphertext integrity, then it will almost surely receive $\bot$ for some randomly generated ciphertext, and also for a valid ciphertext that was changed a little bit. + +Previously seen schemes also do not provide ciphertext integrity. + +As a bad example, randomized CBC mode does not provide ciphertext integrity, since decryption never outputs $\bot$. + +## Authenticated Encryption (AE) + +The goal of this definition is to provide *privacy* and *integrity* from a single primitive. + +> **Definition.** A cipher $\mathcal{E} = (E, D)$ provides **authenticated encryption**, or is **AE-secure** if it is CPA secure and provides ciphertext integrity. + +Thus, if we use a cipher that is AE secure, the adversary cannot distinguish encryption of real messages from encryption of random messages. Also, ciphertexts cannot be forged, so ciphertexts not encrypted by he sender will not be accepted. + +However, AE secure schemes are vulnerable to replay attacks. These attacks should be handled in a different way. + +### AE Implies CCA Security + +This theorem enables us to use AE secure schemes as a CCA secure scheme. + +> **Theorem.** Let $\mathcal{E} = (E, D)$ be a cipher. If $\mathcal{E}$ is AE-secure, then it is CCA-secure. +> +> For any efficient $q$-query CCA adversary $\mathcal{A}$, there exists efficient adversaries $\mathcal{B}_\mathrm{CPA}$ and $\mathcal{B}_\mathrm{CI}$ such that +> +> $$ +> \mathrm{Adv}_{\mathrm{CCA}}[\mathcal{A}, \mathcal{E}] \leq \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{B}_\mathrm{CPA}, \mathcal{E}] + 2q \cdot \mathrm{Adv}_{\mathrm{CI}}[\mathcal{B}_\mathrm{CI}, \mathcal{E}]. +> $$ + +*Proof*. Check Theorem 9.1.[^1] + +Intuitively, $\mathcal{A}$ is a CCA adversary, so it will make both encryption and decryption queries. Since $\mathcal{E}$ is AE secure, all of its decryption queries will return $\bot$, and by definition of CI, the adversary will learn nothing from the decryption queries. So if we remove the decryption queries, the CCA game becomes a CPA game. But $\mathcal{E}$ is also CPA secure, so $\mathcal{A}$ cannot win with non-negligible probability. + +Note that the converse is not true. There are constructions that are CCA secure but not AE secure. Check Exercise 9.12.[^1] + +Also, if a cipher is CCA secure and provides *plaintext* integrity, it is AE secure. Check Exercise 9.15.[^1] + +Most natural constructions of CCA secure schemes satisfy AE, so we don't need to worry to much. + +## AE Constructions by Generic Composition + +We want to combine CPA secure scheme and strongly secure MAC to get AE. Rather than focusing on the internal structure of the scheme, we want a general method to compose these two secure schemes so that we can get a AE secure scheme. We will see 3 examples. + +![mc-05-etm-mte.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-etm-mte.png#) + +### Encrypt-and-MAC (E&M) + +In **Encrypt-and-MAC**, encryption and authentication is done in parallel. + +> Given a message $m$, the sender outputs $(c, t)$ where +> +> $$ +> c \leftarrow E(k_1, m), \quad t \leftarrow S(k_2, m). +> $$ + +This approach does not provide AE. In general, the tag may leak some information about the original message. This is because MACs do not care about the privacy of messages. + +As a counterexample, consider a strongly secure MAC where the first bit of the tag is always equal to the first bit of the message.[^2] + +### MAC-then-Encrypt (MtE) + +In **MAC-then-Encrypt**, the tag is computed and the message-tag pair is encrypted. + +> Given a message $m$, the sender outputs $c$ where +> +> $$ +> t \leftarrow S(k_2, m), \quad c \leftarrow E(k_1, m\parallel t). +> $$ +> +> Decryption is done by $(m, t) \leftarrow D(k_1, c)$ and then verifying the tag with $V(k_2, m, t)$. + +This is not secure either. It is known that the attacker can decrypt all traffic using a chosen ciphertext attack. (padding oracle attacks) Check Section 9.4.2.[^1] + +### Encrypt-then-MAC (EtM) + +In **Encrypt-then-MAC**, the encrypted message is signed, and is known to be secure in general. + +> Given a message $m$, the sender outputs $(c, t)$ where +> +> $$ +> c \leftarrow E(k_1, m), \quad t \leftarrow S(k_2, c). +> $$ +> +> Decryption is done by returning $D(k_1, c)$ only if verification $V(k_2, c, t)$ succeeds. + +> **Theorem.** Let $\mathcal{E} = (E, D)$ be a cipher and let $\Pi = (S, V)$ be a MAC system. If $\mathcal{E}$ is CPA secure cipher and $\Pi$ is a strongly secure MAC, then $\mathcal{E}_\mathrm{EtM}$ is AE secure. +> +> For every efficient CI adversary $\mathcal{A}_\mathrm{CI}$ attacking $\mathcal{E}_\mathrm{EtM}$, there exists an efficient MAC adversary $\mathcal{B}_\mathrm{MAC}$ attacking $\Pi$ such that +> +> $$ +> \mathrm{Adv}_{\mathrm{CI}}[\mathcal{A}_\mathrm{CI}, \mathcal{E}_\mathrm{EtM}] = \mathrm{Adv}_{\mathrm{MAC}}[\mathcal{B}_\mathrm{MAC}, \Pi]. +> $$ +> +> For every efficient CPA adversary $\mathcal{A}_\mathrm{CPA}$ attacking $\mathcal{E}_\mathrm{EtM}$, there exists an efficient CPA adversary $\mathcal{B}_\mathrm{MAC}$ attacking $\mathcal{E}$ such that +> +> $$ +> \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{A}_\mathrm{CPA}, \mathcal{E}_\mathrm{EtM}] = \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{B}_\mathrm{CPA}, \mathcal{E}]. +> $$ + +*Proof*. See Theorem 9.2.[^1] + +**Remark.** In the definition of strongly secure MACs, forging a new tag with the same ciphertext is admitted as a successful attack. Considering EtM construction, the attacker could construct a new valid tag and win the CI game if it was not for the *strongly* secure MAC definition. + +#### Common Mistakes in EtM Implementation + +- Do not use the same key for $\mathcal{E}$ and $\Pi$. The security proof above relies on the fact that the two keys $k_1, k_2 \in \mathcal{K}$ were chosen independently. See Exercise 9.8.[^1] +- MAC must be applied to the full ciphertext. For example, if IV is not protected by the MAC, the attacker can create a new valid ciphertext by changing the IV. + +[^1]: A Graduate Course in Applied Cryptography +[^2]: Since we are looking for a general construction, it suffices to show a counterexample. diff --git a/assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-ci.png b/assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-ci.png new file mode 100644 index 0000000000000000000000000000000000000000..5c491c3f27e9bc6b76cb1ca819007e12c4c36c86 GIT binary patch literal 6543 zcmbt(XHXMN)NbfKMCm0Enjl?3DWOH0G$|q-1QC!bHH2#D_yPf>H|f%QkzNE$q#1e@ zkQyL#1S!hZJNMuH_06|4XU}<_XV3X@W_D+H_MQGy4H`;TN&o;rqxnSD5C9+q0{{f{ zl?~?~ja( zgoK2|#Kb&&_^`jf-`?K7tE!}etUb{$jB%zE-pGc`tjq(Jv}|c!^1N(GZz;Z zM@L6xWo3zpiIbC)B_$+9#|=YxZT9UUF!=H`u!jc_>J)6;Vt zJD#4NURPJg&CSih!EthO;^gFn!C*{GOy=k3H#aw}tgK{ZWo>P3)zs8NLqh`t16Nm9 zTU%SJtE*#UW5>qEG&MCdGc)hszn`6*EhZ)w5fP!Fpy2NAzP!9#P*9L~wBiZ?Fk5M= z!i*3L_-qQ31#|kyi}^NZ&N6$DTPBxIm`*j4P{ND>eS7Q8p&CVe^zKdSki}t0rB!Hl z?u_r)_9zV(_O%piyn502|L?Zm#*zP#;pU8^Bu;!F#MAg4dt*FsCAqCfZ>E?+-(Po@ z`1WSDiJ46qq$@)0$_|6nx3Dv%&WzeUh;vj52sf1{F&jD~4NulC3u=BJy5+}>coMtb z)nTq6{KoKZ=vTYukL~=f#G|TlUrQA%r!Ys9(9cE364bLi+5x1Ox#UZJQd}*eQ=d3T z-e7^D?aiQLmNxCicZIcxnYq%fX(% zVh7!c6i=YZmuOLO6)M)m+Rxuv4HXs(7(CY6qUf^p&jZej+o<%dH?7Be{im~n(Qpr@UhUz`IU#CjZ&tC#W0Yn zH=w>SC+z-d@TvJ?f|YWj9<8bPk>Z4dAKWO9vJ4w>C-YYr#-BJ*4O#_`YJN_dU)8Fn zN^tODj_xJ-0MdaWEN zc>}}_JH7{)*{n#ADoC?M+l1deW)cWHy9(U7$JqDhc?Sp=$nQDjvaEh@eif7)K~QAT zN}I~Ilm9`%c=Disa2?}ADtf&bZyKd2?-%`bj|sw}2OlZ%LY=37kkcD1{9L82UkiQn zv~k@oxfZRc!Wh8Op^>=bi!Yn3DG#%Wj&~O{X|j~D1$>(+N4rNuj@BQ^>W5?3BX-#P>@j%vUNg~s`10%omo0O__hSCcMe`_YN z{cX4?)Ns3*Ez&uLBgo7^o; z>%%m(qeLY^0`V+O%=XnBb#ZHmxibn$`-pl;aa84~5i|BIXEhDROg>J6(OjV6MKshM zkT=rUG|93JA7p;HFf$Be4zA%z!4G%Swo7^)U@ zj45fih?BJ6dq3hVV#u2P>f`i#c3*2ku9iZVxp8Pi@KNFJOobG2WNx{6@H_K7Fs}v^9Fy;EwK%l54GvR$6Z*r$UY1Ag zB>GbYyH(b-`6`R!dOe?Pq0VRJOnmh?{ieO+T{>d(nQic9CYXujfHw>;JOWk>P$(@e zE%=R;3>lWwNuze;?&Ce{>PRJj*{tuOnhZ_!)TSbRsgmwPPqOFQ zrD~fYSE&bU^6V0`=1_Bz~eZ?Q3%gQyoGv{$DMIihsLebB3kmh#=F)DaA&R(eyK*IIm0;II!T5H+qg!--#{WG@zgR)gt>l(|U* zms+X%MUXK(Np&;YS@!fJ#!pr01KvI$CfdH}%&CS}`R+Wsrgv`332S7FYqjC%H%oWE z`(ef$yMC<8{IWyNi^!~7`R^`jq%_-pzw1fggpff3817YV##7A|(DsVZK8M-9wu&uA z03cs^)ukj+t`%DiXRhEFP; zA4*QAJzh>cJLkEac)b*{U@On=%(1YpLg#Oe(AA-v)n^ftrQUruEMeHi{o9OugzkN= z4v-l&WGxzOE5w2%4`Nq_Xm1)}8aId2{Geg6PU*mo-~QDk*XNZ6u!9e}65_J`19M)3 zv+Z}Hy)L>vy>pnzM>4+o!QmnBtzqae2_@A9c~L(oY=F~9hmWsy>yUUW6p~h zWRbo%Y>|-$HvX)&D^^tV#dvhS(tjTBHG<9s_uhb@G8b^0rja%(?_pOA=Z$p}NHwm(yT`r;6gu#_(3TGjw@RCGRcrMq~e|?&pzPk-WTD{yyS1_EAFifl6$5!eYIP z>v@v(^Ow)XbXMNtM>>8eGDp63LaQg$gR?I7_2&fCll!W3prkRl(jP502RNRWuBl+; z$*Id#poP-G*}OOUfyK^Yh}|BZd3*vM)D7mTp~j@md-@CrxuLfgJ_nqp2&V6B9OO>&_H;{PQy#t1>L?tKxnnu z$H#TwYZrR2_Hi%DS)_>3BU3>H5UmM?S2co>PA*iIA%XsO7i7NVO{p4Y+kn^WsGlw2 zWfi)hK6vsXp_f5i)r0aH91Pkul_Q*6_h=8w0APZg$N*+TK5;MMXL8G-baf;ZdGX+pIe zORveFUL3Xm__Q7`&rk*StP3x5#>!|HZYYf%sOp(~93JhPu92HTA?6+!T{=;Cpj!u} z=-kp#>-4c|+f-Xy&6p%7BWz}UrAK|8on8R^uBoCwS67I@o6|J>R;p-_Et(W%RBzx! zjR!0`kEU4aIK8`yQol4>{^oHfs@sH4*KM)h?)N^Vf;BX{Vs&HOPXRl1IYgAuwal0k zhk}8`4VuGmLKq#V&ZRq4;MC30m&NC5!=DmXQD4N*8s{J%l1DTXQI*nc*jC)F#F08>~hcHs^e6xo2X^(dEyoImWfry2WcOUb2T z^VZ^1kWStwzSJu4ctd}t^-q{jY7|TZDkG0pD-|N*RwbX}?drzieTK-|`%dNe!)H*K zIT(H~2FX$eEG*WDbo5C;_&9*>5!aLi?vMg3LsDkVowOYdXBijAD8xwnN6CU6$1o5%R6Wclx_PW=nV;ozHEerCyxbncia z>r@xW=P=xB15fQ|`|{Tn8pa)8zJLj!5ugJ}1+rlHc^)QvF{vId zjL%>skjjdl&@4V9XDIv_(bL0wWc(pzx*&Iac_9faxmtW?zU#!y2Yte=n$u_#L;%Wg zdZw^H-`aoiipBbgwC}K1s3!s1kbpX@{h+c`in_-R`(HhHB3QF4qN!YaAi9`zKu_L8 zFIkarqJO`5@BY++VslWPpy%bvj25fsqcUHM$cH7_U4Tc979g&lzzf9J1EMI|F=5=~)hr-QLacfxNgG7pY^~6Ji+0)+ zh+b_87MXV6Qt(e0Acmhx-kX0bL8Zp~eCsXZad^RcfN> z0#~rMI8))uYGgq_w*E=b>-d;|f$+AI}(xLyKN4y;5PHvb{nvX^{19z8I+e zZUC>N{oGC!9v=6;b2WL|Q?!0lYK?a}(-YlO5N;V33O)|g(|JG(OH>vkWHV^)g+*x* zJG!uU^NS1i$trp|I*gqN??4EIx&gG@A8)+mSg%q5{+T4w7Lb-Vcu)1a$cK}1?4uUz zkH`l^_D))&3oneFr|y;t>mPj3xI^5XTExG`}|FkK}4#&+fy34 zm{YiDSbRfITdZrv2kq%zC#9h>R-g~BVrKJ1>LhHna^~(bD$m;$#KN#`Wx!wf;tefZ zlAbMf{ZN7im#dKN^)t=Ocki^ud8+*j&&h&+@>ZuAN-`QFO0CG`suBcQ<&3q-LVc|O zimAfA?ODqk9}a7jrYAWor_R}h2-zU@Tq}q<1HF`4&j}@W|K6WKcJe5vM+)t<9C9^X%~)J z*xIDp3y59WWDD=O7} zRcQ@UW9W;H8#Df)70wGF-ges%Muz0-En@D>SY@KN*$-LdjCC}0_}F-DxjKTCB8hCL zmCUt=n~UY2B+fkz9r%&RI50(|h=~sIB#vo}XSXe1^MJw4n4(Y&lS#}XRwdezSI>7` z?|rK*D#^R6ADF_xa!xc4TfY;yKvc`ne=QXg`^g$Ru8xxN!!sjl|0}SYE}D4QjQpG= z5$_xLNBC-E^d+sb`F#FoV|k7X4r>=WfbAhMMVP`MlD5LC8Maa4@-JIJP9&L*;pfQH zug@p%^aNQ^Y_~L)aplX)Km{%dMFoJ@eX9DUoM!)--a{`r}i1d5B%cyppu)zgucd6;SerL zU;dWcEtlRUgS zN30omlZ>C#R=mFnv^MFu=ro+QS3oP5E}*>z=~*qTBj4Bf{;3e+{k~Mwp(ne^_|ash zyCkL`Fj&`HClq#&JJDukv;%i`G{IM1L%R~^d9x7 zc{y|k^5{(9Pl^B{%HSQ@Xg3qU=|f{{60rAA6{PQy0dB91Z1Gp$bC8Qs8I=_QwY;#W zTd~CfV(L-|91}qLtWx#1Q9$nT@$a%v2>WNL$_cYDFcmZ=t%Y^abpF#ss69^H=Y~8u z{h)|qv7u{R>&Y&IGM%q0jyVQ%&9|TOR2!`6cMZ_hX)myo(0=!81qXY6>rR+IUvGoU zpiodsASMi5qac{TJ6?WS24@2R{o$d!I-SdHylnf!DWb{vWhd1e@rSpk zasB@Eod>!};hRa0O2eGpBy+kzALcMS^`(1-+cu1W!I*F$MEGzFHSD}U(wJ@DoHIO6 zFt^oZX9?MPQ_}4q+vKp5Xkh3Au35*1Xvm8t>D-O{4Q$)6LO%yAwHQ+dmV|xnKsg1Z ze^v9xdjDOOC%J%iY6X5jgz~P-h0K=_5&ZoG0Kopt(7EbUJK08q;d6hdZ$Rh=FkBvr zN5JQf@pbF-w&=!wl;i(UC^|pLcxVd&^m`oka~0?d6zi6Hg-4>^L%7!m!MndubdiQVC`jRk|z``p(o9_REnrcr~YaZK# F{U31(xI+K{ literal 0 HcmV?d00001 diff --git a/assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-etm-mte.png b/assets/img/posts/Lecture Notes/Modern Cryptography/mc-05-etm-mte.png new file mode 100644 index 0000000000000000000000000000000000000000..5754cabdcc4d23f9e55697bf8bcadb387ea995fd GIT binary patch literal 21868 zcmdS=Wn5HU)CUaHNDG5VC=Das!T=Hq$N&y4AdLe^NT+mn4$aUlND0yn!bmCI-Q7q( zgO}d-{eFGFJilkYoPEw->%U^Jwa;FAp9xWdye7b<#6>|tAppxtsi2@>K~PZ8f*+tG zpP=ra?I14)N(ySycXxMveSOF~OiWBEDJcj9LQhW*1OmZeFc%jW4i3(bA3r{S{@mKy zYGPuNn3z~wTRS>BYHDg45D;*7c2-(i`t|EqJv}`T2&AsAZe(OcPEPLU=XY~+BOo9E z007q3)-EqELqkJtZEe4Q|88k%xx2f2cz7r;FW=PEL_k2m#>V#K$rBzPp2)~Z7z{>4 zMD*#?CmI@>+}vCT2L~4ymxYCe&CSh@j*j~JdMz!jw6wIr!9j6xaW5~gp`oFytSk=? z4^dIkiHV7qFJBfE6sV}EBqt~L_VykhA5Tq9RaaLpFE7u|&X$*#2L%O{f3-?OK~WO~ zOG&D^OzpH~5qNVyL}^vz85P1nQ^UbwXhqu*ClVPs0Pk}mz4HIp@AqVd8gJ6PH{tXg zD^8U~M8ykLx*)#H4&C1qWesWhzTCJSY{kJ77?jly@~R$~qd&rpppHKUq~&VjTUAs^m7J}1IUJa-F;ALX@x!W{H18wvjTd%4?WwxcBVZW+ z{DOb_APyk%AzT3j0`%7q!+**PX+7?*6N9&c!x#J)7@cjk|9^l8tOEHIRK_`f^DDQh|M)Zj#`eZs-%E?q*{PXL-{z&Xtx5|{ z2ly>yY^FS@W@z29;a9Z>>t^Zp_Zkkj+5(3*oJU>Y8)keU7<92v=11i=(QM`NzV6Fv zzDHxzQqC_4;p)^2YC)TqOtvZ=NFWsmp*x-9uCDbL^C4@u#-(w=PnHH(WtEsfH4>lz zoEyHfveKTYQfB7nl2-t^*7V9OAlnr%#)A~nLbikqg%AjY;yl>;X5#Z_u}NyNLi2e& zm2V6FxJ$W_fIt`=9`3B9EVVruTasl{~{w0sBO*YXenO!*%`Wj zu2yY%)pRfQA<*$ZsY?nf<9Z`iY}0HhXT4`c|34ygQzy5bKU}%2DW!h=KOMc`-m@?H zj+XPqTXSc=Lr64opkpf1hSl8nS2_9pw<)i`Y0Eu^{}gxH%gl>-hTCzlm|FG9QJLP% z>? zG3|CTxj|jHgEd2m`{E;1i%sR&VtZVcG z2!To958*Dz^ozYuze7UE0wdVwrOncP9>yZ`uv0|H2gcZj(-v}{wP0k{0`?a$Ah8%g z4B*`VTR<#uhZnog+i;qK0H;;U7{CfrV;sl_5y&&}7kfMAA48(Sb8|7zz{6nv*$hZr zj#%)w4-7wsww(EAhZcOKdw4%mXnOync|Uqs)Qo- zYfwI3>>;})$wRRiTAuiamPYHh;|x}9=5UZHz&UjBmDRvG9!{y(z(q|X-YTOnoEDfd zKRXN}ib~Y7Bawte!?3uB)@NpPWe{KtkR*h)@m75O_R}OIkaz_Hv}tp7)e90An|w6`{*wyRPy{UP-WJ|Umyx)_rE}Wg-w5foT~nr zDlh!c0W9(V;1a(7gX=#o`}VI5nf(jRTe$NVT5H7dFSO++_ImtY1eM!)ef)DuOaqsz zK;L{;$4&;U@Mo-=hv5r2hpoXwb9b|SC^$Hoj-fg32{+ftrN1JJEaIKp=k)n~*QCrK zG9xrqyd@x>|8CUXjDIU8^;kf{GeOEJuwSD(6s5PQ0N4HyVt$~UJ#RY+MUVQ**I_uh zqY|!$!Z?Ugb}^pd?HJ)Nkqk7z#eCP+TQ2VWzdV;}!sB z{L%2X8WaK40$hXzW5|*9rX}Q_efS&#hHDQ2kFfT5G{wdDf0VCvK1c!Nfrwe2wsuXK z9h&oE#-o+UzJ4DSB4zs1;8!K549gz(A+0r!<3X}Upa4+jC;VA|$P-CUP7cVIN8zf6 zAQn5pA?3!&IX^g?38;D^T5wY5cPCp%3V`7QWF*>7WzsyDjx`#elNo)&>cc>PvVYxk zsZM?>O^u`HuncEo%|BLCsz4HWRibdU#)N5aRr5a2MKX;6l=TY(*up96B@>l9B1fuSyWgSZ8iC;;JrKn z?33%Djhf#nv0lC|*ZV)T9X*IG!oju9H$7aV^6LY=#YRxkDb2*GtMK|F|A_;zobkSN7pSmE+E15 zO%81P?P`J{*BgGeeN$9CJ7@asFasu^_ryg^6@)|4+jUhLqe8|HnJboVnXyO7YXBej?LmO>5%lhgg7Plg-X-KQF|&(7ivUnT7G12g>A zqzH^jy(UFOCcX2ry=tH%`JU4bpiv<3VNDrkvnEpTX_!9K9@_xFo)dD(k%}vZE&fIuK|}%vjTUV4uPIqb_C4|0XCe z12E#Ms~Y=`4#-V`->l&aU&(kQNk_0*(^4ufYL#ntNp_8MMVO-REs&f~OGEqOS2G4> z8zPq0N%e;4`9MeM@Ba&xzBGSqis#_@+%04P?~+{f>Qs&=CAKUienowf!@K$b9C_3H z3nzDdl>wenwJ(&tREL)TYJXpO%guZ|^#33+1NWkiP~S*GsM%#P_uabk=F#qcl{W4f z1|1N9F*vVefClk+S{LMki@u~&^GV-GCvY}NHs`Xbv*Hc^Ow&K2;X;Ru(c+i3kFW{- zG&SGf+N{!E4Y}#&j_aw)%eGXkyuWiaZVy_Dx)gg7g68x+KI$R%p0Bl#XuvmLhM|uY zZjLVg|NPBoSDAv=ocL~eUI{{?9Q-0!h@u>_s+D^69QuT!RY3ewai=VR=&QncBxFZw zJ6u?Qt_~-}zl&1|H6{ z{WKJq5N!k5njD*LKXe~O6LGwz!hfbgH7WW>w8RfAwis zE{K3>lMnabgl%JgR2>g1!7OoBgdZ2ZHKCTC`7|4&FEZI-)wBP}p904|Ti4oJotBAi z{PqoatU>vi-MlA7(Dx`tY_r;aIZ;z-`-4O_ju5w!!y^oKQOq>iHa*97qb0Cs)n3v}EKvY(z2Zp;PbAuhTdA06j=*1Iq4+cB58 z4}B{PX(J3O*}5x%+3$-gL{ytNa@yON2wL#qt@3SuP=yB!a87z&zD*y-Vf94LY=bY0{npxI3n4!VZ@H;DDQSsDEsx=qK!z{kg`iaXPv4`lBn+ zxA_O03v*WyKFzAYwvAlbhIBU4`cO*PWUCY?7Ex0&xK+~KYD5l>DorpQh zc{)6NH9pQ}arndOt>+>xZ;QCF55a5qE>iaMJvsII*TBRyDxdnEc=2}#iM~_kmhU&D znvwh;UG8GkTL`S?TG&{%5(GuXQOgCdUITjv(}a`F#)VRQ13bF}#Z5QQ3(Eez^Lj#@ zardR5-+wrJ29CxKUyl~0Jqg<1bGI1th-HRWEcJvPF+RQEnD;j5q??abnvE+bnAo6B zQ@HrDAOp9((_1U#vzy#%?0yu0ZDt2-D*8zcx-0RTY8VOXU$8b3AvUablDvEkEG5uq zBF>`q8Q~fyzTJpl^qOcG&#THp?osqUl2qu;67YRM?3)xPkw;I?Iu%){*41${|K|0s z3@&RZhb7`~CPzJ$Z0UKHo<7C-)33w*zia57=D@cs`&i zQW5dYtdQz86}d8hPlal5Mi8#=vx`S^{@1o1?R`C=7bJ=}=TOamvLEU%9pFLh@}BL( zpP&dbYi*++(C4}iZA%-4sUJ53U4C>GXTY5&zy4xTGShkQZ#v|V1*PG9G5ID|wBq~T zrWf5~8GDsmqo1M*acYoCC|QmeCk63ZH}0gLovhU>TR~Y~i$%%Qoh7ZsG<_Whc*bpcQ635ux|7z|q${u@>hQn8Gqkn!C4#*4{gmf#Fnjn5V$7 zGdJ_Au`E*gr+7bJHaVa)G6Ds2=W$U;)gbAGMlo!^!_?){U)BBCpCY%J%Dbcp{Guq_ zNxp?=h-^_44H8RRGQoK4$R%9a+UQejypC^1tk%*`d>83%MHy$ew= zh%JZw4~tQ3+i!6^zG}I>77ie>YN-ZWSZUkIS5f*SpeEI4NN^Q@>M+?w>0t*K_5a zzL$CSzYUimhPhL-HxLHZbhaI&=41kVQtZj09|1nHv(c-8OP zqFPUHbT~A)0h-*+vmR9hnKOK{M=KL^Jeu-1la{NpmA24VTI*xlw`4oZT`vVG65t;s z?dTl_aAL(afm@p+TW8IZYfDKW5t*ED!9&8KczKiurIydSemFlSik-3H{vw>*9bSa6 zdE@ubI!DODXai`D@2eTM{Q^hD;*wW!cWBa>Z(DlAW4!sl@%vK*Sko9Vd}(&|qYbVj zP4UaPFqvIf1cn4^(;0qKw=FB9GW zw%W%^y?`BdL$t`s-K9qqSzA6tR_%rfj{o}Q=Md#^e`HyXW2_*~{ExC1^p`R#*p*lG zWHuCDB@2lLh%v(dic(U#yNBS2MJiXV12Y8SAa@D?36*b<)%5)?!LyH)iO8pB(MbJf zCL5;ba@(Gvbfh;lhLd&mmD5SfmP>7Z_m1cySb73|pOk!YcNcN=oaSRM)Ys`$C!-Gy zRd-0FAEZcd9CyD|skkp!0gu*L?pORqe`-_Kc9<4&f!_J2Y*ec%xL<^XVBQy_h3e_; z$W;U**?mcyo&6#Lxo`rre}KfTNqr%^``?=zY5mfL108#MyEsrRxkc4c3ZNQ^c4HqF zzj!AG)ZGDuRM6c@*k`}}2`}`rZsxttSkJ|NRJXpX`)zxW>Fp0q^!||0T#&MDxh4g~ z1fr+ofnS~B$s%4w$ALHJGpMFv)KxSzISem+hSZ(tIDV0Ft@A58J^spEn&KENKszj1 zJ|xjTaVL3AN*XC5$z?ofz!=S*{=)s{3#Mk1lVSec$Hp3zqso;h29H!L49=7N`C*WBvC3k5|OgSclO!sW)L;^K8-+F5{$~b z%;>1{ccsJI4#!S@6iN~i=buPN*&u-!kk+oOLLV>acn&cz$Y1$5@q7Dp4nAu9+YdzQ z-MN~J3tcgN9S&Wr3mC<3>^Nfd&D9R zlAEs0#d7wQa{BiTsm?<~WTsx|hwR9M&KHq-feIo~rMlZ(N36rhC zvclf+m9l7+wa@-mih1zz=Dp~Reuw@50y^&dD@67<8z4XfI=6k{8i&;?pKQna^G3k9 z^|*Bd`ZlTQm7QNG(W}Wq2Ht-93DZYmC;iDYno73ce_LmS#kE ze)bjkxK#0+=?{trT&7o4ZcCyKbNs3}gIJZ&eg zclGA5$CvFwnntGW7g%dg2O^zo_No{5=98obBazbG;nVVc=s-ZM)Yr^Xkg{Y73}Xmh z5)Y%wbYkYC$fQLb>^9K3aokF6kYLqpe)ht!+u>@BAFs~r55N+3c@4ii~;`v z$IfMXM^KLp?pzR8ZHN#{A ztm)#-_bl6yv@a3`ahD2SS zS#IOJPj4pE8?~a-LA&BE3sRmqpZ-TGB?$D@WnpXMR9K?mFuL^oU_)vza+}v)a!QD_ zg@!yWju5qYzvmm=$WpApTRXYIqp%FrB%+-4pHK!M5Ty${R`pw^cuY47D#b;BeP4(z z2Mx9iFdd)JJ4$;SjO${iFizBubQdng|7CpbeP_VJDe^P18sjxEUl^n%_lkALM|bYQ zvz~;J@SaEgx~1p~I&Wy2oP zm~`FQSP_~i*R_wqo5l%;G>aJC*6+EW%zi_xNjLJ3RRJ%CS$D!`Gyrvu6?@Qp3tJZ! z`p4p|o1~nfY_EX;dj~uGvq^r#1$G$W)Kot`$`!IoH8yvCA?6smUV^Z&MPhH zNNf$9$Q*s=I$px0`Z4nb+fdb`e#*4T`JUdTPrXmsz0Pu|8>5Tlh1@ykn*!k#xGzXm z7e)|Kx#@g^Yn(4|oKYz}vdeL^Ko{TVngsJA0#M1l1_78j*&Cm|XIOpXwR7iv(mRI4J&*CzP(P-x||Lj%MWfWU*Tp}#D<{8L&oKM7-Z)lhD zHK68$XM=>*%to$dM-fZGW)jX;H1d_o!w;lUvH>Nh`ofb&p9)zqtt*;vRGJ=|j`Jk0 zJxUQFu)4nWPV$=Y)jeZA>mxL+4HoI5t={v-69h^ht3p`!vTkC@TEzS<7TAK# zBt~2!4YRZioQ&u=YDfPHFaRM0^XZUj(E4kFU3~g!PqIc24{~qK6NidzktTMKvRfTD zQ|W9B&>aPtf%AI~ASM*=Sa-F$+3#Y%JyS)ZN zH~ICdr}5p00zaN<3P2!oZ3P{d9T;zhKzMy2it#!WiPQf9#;r67SCwNXSI2881}QJ! z%geO0gIYl5z!-sRu7~VZ;l-6AVnC1i1VpvMs0(Xfs)3q;0YA|ENk0OcR0$#`K%NSV zKyI4$FDmQV9|B*k^wqg0EY0qbVvoo(q*NpKe*p0w+O3|i&TK=k53@LM-&(8-_2cH_=(^K%Es6`68-07<~ zCtg`Yc3eq{zE+xt&C!ow`|_%*F;^d@eAszyE?=F^But?AqsrL8MscqF;9FwaZ8zEj zb_zf^#RrQ1kQ9R{`=bDc7pQt<6u`2lcWhsA zt5)X(sd(wVzH@%#2bPg4zCY~``;pjxQR^ycSD`MT=v0*WhE}-T5;?H3EQ1K*ZhBX$ z!a87?hqteraJYor%k_Rc5=`L%XdY@8fiu6pzlM5h>Ml7$A^d9;J9`0>ga1>z6kOC#~iOcgTN}eyyk}G)TPd)4 z^|=@Pckgdvc~StU;Yc%oX%Hh`O6ho^;VlWH6EZo>u>#ZmimN?wKlJv{Da8<@=l&@P z^0|RT%@=q>Xj4n9-cQ@l+qKuA%cV6z9d2o*9M43XK84+%FDa|0z@!&cbSM_MY_Bo< zWPdm6LXN_;GMl~5*R#1ASjxi%btb2W?$4G|hTu?d#ib+t-{xpxBx2SHFh$IT-mIC_ z^HnGl+AoWkYi3Pd4~$&oLei`sOqRV=e>mS8kHzMny5u*AQ1N(nPM9rW{p$Ow|BeX| zD?$J{)Bhnwkd(8R(%Edu_XY%a4nAj8LmLcPByv_2{q^W@eZ@pxYRX}3fTJ8Q&B8;X z3CU5^5AGEg-n@_jnp(Xxc`!-BbO7&s4VtXJY*z&wm%xw1#T}1 z*_{7a{{XJVh=<8r&pwCFH8nqaq%n&C^9$qJtw>1SA03+4+gDg#U{93c*zWH53tA61n5^YnNu$Z^=KnVL-=C_~k54lWD6VWzf3vcJXcE+5hjaQ+nfK~aT zvr=Nvp|%0A{TFWLBVS=iKe2s3)^dJ4(=P0yD3$=PYDd13Esuvc4;@ z(d<+xKrt{&PEQ$k>c`Qr`koMY?$@K5$1h-pE4jRO^gx_6FCGdRh&cn$F7}tfER-Bn z6b|nJLzp`nIe>@p6k(TxHuS(RP~JW&JG6*sSOPDS+9d{Vz^m~75;cMX0j5gEKW4RP z@(z4L3NkB5MI6}rnD$G1`6Q>}1M%Xg!^nHU+DH=I7Nfe>tB(k9aWXywP*fVijRfj> z4SBc!iT8RMDR+?$)P}s!(SSBlklOjb?!jU1=)t+@0ShMGb1(w$FDnedG@cYbBya8O ze-QPZ_w12Kox3oq-wJL;65Gih=#0ih(8g3GaQ2XT4LD;`w@~aESfT@}CwQa15P* z1GdQrz=Oxo+HoWZJPFvb2G{Jif%L%^sn_92_CsRJ7Ry`s@4Lp+@l)-M(po{TzRDyX zTlj94J1)GI10jwm>$yI4I*SG$?Ur84sF*C}8QGP8kv%#-*04?-Wlm*u`Xg*=5L9Gw z!8ER7Iz)B(Xp$f)@*Qu3F)b=_t)J$b>ExA3o_q1CTXFr1QX)KIRmTiwsQe}L= z;9d1=V1aoVy}NQqi!qYKLdJOwdYG}!$WGXzbo|`ljqP#;EJSOfY?n63yzB|P+-<_W zt0;6+U^f^$cgHPL@hRW%F?vHmOPb?)ujHKjP`F0)uF7MS1MWw1BFFJPWNoY{5vHJW zUOzEQG}^<@USwt;w?b-9_O!~&+q8a})HipEZ6=sg<a&OUv+!aZ*Z&F3Gojf;*vF+nHQNdqZc!c{l%kqY3b17MN!UyAO-tNJwRyc0 z71cnN)E6^|jZ$uc{jDcyPc(Q138>7l5=Pzu2hk=pgJ=t=S`4HG|AZ5D&Xt`V=yX>b z1@6fvqBc2$0uX01CPaVce+alT;2+sGG}zF=>?taBPw@#)r|qsDHLb&&wL@bcM=DBk z?COmO*yZ0T63FJWdwZ6bm&31dSeWP7aUX{}JoQ{a;~?h&2$>Ub%TPL?~o zg4nUHE2ux4qv1NHUyZJgoqp8|=PYE(cFK$WthqeKPK%jS-~Y!oo=q{ZUTfI#`sd%c z;Zo~!e9Dlqts2_Iz!Trwp^K<4e&aGV0d=>FYZTuYe$Wl};?+cub=l*uc%db2*rSVo z<|rlWm6dn5SHI^l%D;r_THQ+Sqcf{@@6j3;1>x^)(aE#L^>tf2TaHnuNqo||>v-^R zMO}l~M6LJF98r;u0Iz*6m)44d9iy1!3^vKAcVk4IND>L_M_sB95d~G#h)XK|Pes4~vqHQ+@1;Yo7{D7Wn& zClb8jd!92tX-|E^p;YW;mWwWNbtXL9A0b}Uu&p!^XyPf^qU!mj& z#m0Mf^dzhYs);;uaV~L#=-EH+p=6ADqWIuZrj5{m0!=v$HT$(xwSquv>?ITfk`RP% zw3Q(0uc|5@2L&j@nJts(Xip3p;vzL8t+cfhjia>Xlr+Jj<)20+) zu`thLT5DU?VPO)FZA)HK?xSE2K?4y8Wwg! ziLmcx|4m5fWMl%gY%%SoP~>{Mf?V-f$k@@3u>s3Ys6;kqG8u`*L~JLbLwbm1y!YRV)rSXNV|it=RtiBQmyiCaDJH{X zr^p)+GdQf;@Z-diZK&U9MYAQ|PSFb`mz#K1_A#Lr7ey7f%9YyMTdOs%GT+gku*H0Z zz;UE!OSB+pp(moVOqy*QIJv9AYsk!0Z*vUK4Gpx#+TvSjp z6GV={1Mt;QnH;uAylKT;P8a~A2?I4;5FumDVY-igz}6qh#~Aj3DV}`tRTTkS z1*z^%dvqCfq`Yu+^QYpaAd3ZLeX)Q%Jg{SosIZ*ss2E^6$n7zrk+4ctOVhKSu2ENd za%h-^UFmCFHSzVQtcu8mF9;;P`att~mAg-PRjJ#5AjC8Uc76=1o9Bp~o144>L+BZ& zlh)5Er;j`Q-bD|Jb~8WOg5t3`a={i)k*AE?2>{L4dE0UXDW{WO?n-rSvb!A?RINAE z7vD$9G*Vq-mDxvx3JoblH~_64C%Te6`oX6k-5F#OxZ~vn6+V>7ZOXSwL#Ufp^vEU5 zVqxE!^^+5qIM-ITvbJNrytS^N=zISqVdv#q=ct+56T<4Jw^>{mc=H-SJk7p0kP@=V zubK8nliYQgSY;PvR?tW4gnwB^*4Cgw;jKlA)JA!Y(3^8R6<}|EGeTT~kH`|_q?MwQ8;MV7S&Y1|pU zZht(@^Q{eJ788M4pwG6P6VpDJo8Md7%1@nzVCW%E?%QHHpxSXm*pkovY}gF3<+WSqdP`<9Y``-ts5j-?7{nizuf%I z5srA=^B*Bb*_Ms%MRJkia)#PWVO>(q_^s|oHig&zy=W150EP^YCn_3(19fk)tU3{5 z2~03UBZlkaw(pGB({ zebcG9#JZgFCE0J^M(eN8<}UspKP?Wg2>pF)#q7x z7%X#9xYT}JoR2=W>Fv}9!WQq6SEP{rxAh~0EerDxq1PD`>Mwerzwelk2i>qTh|%9Qv~#ZoD6!g**gxhz^R&(r}le*fuCH&7daJeMX- zTzq?fP~Bx*8;3j@&b6f|Wkeo5+v)^T-FMR_E{ffE_ZZhkBDkbfaVIWPBRL-S8`lOPIiU9cbua1!irjaLCN5�}dM3dLz5} zZ73q0spds?oS(i=0DRL499$MKFdVmXO9@=!4&R@7^kDX(?;`jiz9p&%1-q{yKP!4T zC4=Xk^)lloDei8<*Q)iZ@%_;R7}K4zM&-;`k|sK!OE|*jqZFEni3B9N9a_uz5|!_( z4CH{6xuaSFA^}+dFn0{#GC8JtBfsbORZs|IY@Hr}P(eO}N%$gu_mCC}fx43SFoMh-k+k*nO3Lt?EhEU%qd1FK41(4kPOl)$QV=^hSj42H$1fq7(@i5^0zp7XZfUVde-)4PS*8<+=gZiw zBrS`Oh*opW{QeV6O0#6Cuf;a~;RIs|3@nx@ON@d-bc7Dc{~*Jw&|h5An3>5B1%UDM z7CZF)hw@pZF0tG)%J#z}I5sVimZE|rpV}Y2VQ8T_Gm?w}>+F~{nB6{>-%5I!Yh5k~ zZ19;#bAbN`*bOf+haR{{3s{p-6*)ODcI7|Zq}uuTZmn}huB=iYfgCIIB$zHsNVlfq zIHEgGqODD(hLWEeTO)&I?#@O|`lgHQR@~yWa&m(&?Xf+f`PHEnWe(F~wn+3F(Jv%a zC$Xr`hjDLD-2r&Qr%c4}_y(g=@khHq1Uo(OkdNBG){sn@*FaUP@1!^mS2!pf36a{8 zIy&BDJbRE?f?DEXlsLceG!M{Rev0ckWju${zUINIQAN9g`h!4C9?JI?G-KpbDO*p2 zqDd&>8@y-lJ%$p;{geSchUd<`$v~{71$X6$F?ta7$CCK(uOCj3I~+PIWzXCG^BZC? zALbf|x=f~Q_EYFBjq9^l!`|cesEM51IUJm_-a!XS!5P(H1qGeZIckOtkAZ1SK?FE5Tx9+LqUZOBI ztYA-N`}aa$hRdbN4rId?cP*^T*&OZYCJF(w5vSuzu~at0lGm+4&O5?}yG{+!XZ)z0 z3RFrzMRkN-e?_M!l6&({hD#HQi4w1R^Zam4S2hUEk8wkoci)bB?lNN5YM{vlm-WA& zeJI`&K6ryjoHgH~cx|CB%IZiD3W5y%9zGS$g>YhAIb=r)_PWfXxOd-vnd_fd7M_gF zc`=nQn9a9bq)C|L=$C*$8757rSj&*Yhw=mPk>6V`1fRe4jya7VmGJ{u1D*0RpAz%q zKmkkPFyZWtWS?>o00DAXN))~rEms6??oz+PY+a6dZ%6#;^=4-VqyR9?gU(#_nut7A z9%%OI*H60aShSfI$>XEFU*Fy_TBs*>J^9N3DsLpEBf#_x(rA0Z6x*#Xs0Re0z} zj0TbS4$FjXe;z@U1%4DxM(uG#wBpe!FuzolpcryiA$3XTP4F~IX%DT-f;C@_h6(TMJP4!dPw-Y68Y+hXLVnlCN z(LC*USBzCyN+WIzr)e{5p8}mSi;^Edi}nWHyWI~GiiCaQw8=>1{o`x|zI)-QY- zj-JTG&f(?6Ta0&_G=ty%gnYIJa9!%6=r;npNTkcANb} zoKP&YuwGPFl;Qc$fTp#va^|lb1sdO$ofY2f{bEM7SKE>@YJhl_EoDN)JRH(iwmUM$ zRe+E#<}?Qi_5t}%4XByQRZDs`oM}Jh`4q9xUHl0)afT;_v@lygv8Fxc!HyyH&--PC zGT2Tz%h>b=xaC3UEvW3a^}wip_Q_+Es)xHILZG_`J(D=yYu_G1y2#Sp@h{6WskM%- z@`Y#`PI+8jB&RkFdmY?5%}`yh)u+3nLdE6Mgh*2zhT46T0_=wHH~KfPWREJngQukA zh13<_gwK0QWQ- zHm}Du3zbWQ7jXFVfl?vvsrJ|1tkGA?4I<=V_THCp1al<(UcP1yp|Hg5B z2q7??p!{ii;z{eMQ@TpDur2TNO{soVa2xY`XjEAqLG!*I5N_aVS|E=j!r&};E?k6O zNG0=0i#p*IgBAX!U;Z)ETjS-T=kt1E7@z6hMNfGO12p3(`anDT!o=_^?|6-z4>V72 z&@(1ysPsP_XDc_crSYeJx2VPz{*H1mv{^WUaGiQ71pC?#iJefB7DIVfhrfj)!|B(8 z8lDG%hrbcdDy$7V1fk5MKV92w_ zLN$Qi-}%!Zukq3(Yo!`;&-g8oGxJX^q*ifXH&^D(c<;K54=`vqczaNKEFD#1kUnzS z%pJkVw|{pO&B-wR!uETA|K`VyR~fYrUFRa!0U&nry);USQZc+@?kpU^nH(o;zktgF;e*F6;)Zea1k@;`x>y*rbdF2V zogthq%GUQUNS?TmSH*m?qdu0h&Kxt)%qc-BsPy{ytX$Pn*+H)&$aL+ylr9B&$O*1N znZN2`?WB)gcHez+z1PDW zZ*k&Fn79mZ+>k&b@8(D&X&WkuX3!bN)=yOg0CqSUVP|;)rv|zazRD*)1MOda<2_}G zbXckq?i$NK(_!{`FAN?+rGM7Uiw&uc`C&hX zh8+%(BmEYZw^?E;pJyIQVF(r5>pyED8_N&(&UgcCF-4tuL4LJ>ndW|i*35-BNs2NS z&q4dNUk;ckNpsM=M85G>7>q*s)FAl!%Kl*m^=wM#oZ40!&=QrkBBvMo-m&jrX$RxA zI;CB|O{Ne4(0I=Q$LZ1}*c{L#1UN--MN;L5a9n*T(qu;cKQ44#bqH_bX)`Yuk=TYl zXcolgBg@fV>X_T!k}wuw&WFk%7iu-NgRS&W+g?6T-J#k*m1qq@@! zsqwme&Br_|tI`1&`JF{Mriz60NPPhdMRp{u(Cu&Z$;8M7?UU*0mqLIBhogw?Ws2(2 zFP^^^e#n+NE@_KWbJe8vOq=RrCFa4%U)ezllHE}B3r^M8sn|M9LQuTBJMmWC^iXPW zJc=j@TuQ2iqaOHwh}bh8JX@hP;;9#4$ebzQn4d6t?No^S2FUmF-r4rr54!a(E9HTT zDCr4ACJ#!>tS?+jDu+U>FQjni233HM+l@ESe>KCtJS*I-#cHKJCaV<;rGaGg$I#Y zu`hVkeWXWG&-vtp=%ChcoQYVZj5*Rw$A4Wu zX1PGBx5_|W7zj7Z_5ONZr#CTdYwkxl*%w}FyK;8N@rB(L7})+~S$yv@7x7Md3?OxB znkJmde#kXp15np&`78SFG3Macxra4u;l!}xn+qhORTgSa+kfM2fQ)FA(W2%-n^YON z=#C1NCld%u6@6+W9$vPBt->g6Nlk8_48~c*x(F{c-qYS8q!&G7&(SZu9Y29FHd6(T zS}DFFaLg|C_~12_4X*#|$J<=M8w3Gw*q0v41@~543%^rkRqG3@)?X|)g>@$F-~Zi_ zF2-@xITiG>8#D=oeADZXH1>~A;SW1{-4b}w6TA(^pleI~0 zf0u8VfxV!x>XY&ZD>zb#bNQ(6@kWP4Rz!U3-zT6u9NAdQS*ui)_rC2QUBbS><5IKr zNhV4LHt)B6Bi3{I_qPH(h9?=I)raqSy(i+N2@^6N++}|OMwC+Wow4hlSdB!AqYz-k zD=45k0Sr8-n>wk~I0xj)LUBeAxBwG?&z)3eP{L`ux)e`RUOK=K1jen4YCmDQ0T=`D zBd}M_0QlELV5pOY;j9E~7Q7xKBLkCHN=w!!?_LXO&J9A@a$u8?g0kV`@JxEP8M)tl z@K=t3SS*KZhLipBbvnkYhAK@APWQ-Uj51#Q$Ah4=vM*<@(fnsGpS6$Yg_!@qdo9;P zfi_3~-><^3<2oo50RpLs)!bzDAN!y;7IX!CPsGS%bot?b>isWdqkjBIsRoqwF05<| zH7tO@`^efNKY@Y&T9vQot^4%q{J~1c^hPgJizS~hLqv0OqK&maa&g9LTx&iaadeJy z`u3Rp1LLcu)l)If8JfQArY26HTRW-OX5}5M>z0OK1Ip*2h31n@&hA`RKI#e~J@Iw? zu)@Q=^(>;S*D%8v{dI*?98)CsfaWG=DSd#1`@>+D(0%pYj)&G)d9Peg+XR<+2DEMfv6!;1uP%!B>`zR~~`Z9|}NPd2~|yQxanN|pfp zt{mH0Qw8l~ZMtB7=*`*ciAzP|ZcjXf971|fuBeu!CC-`GYJtx0x9xc@$a7g-dCaBI zSp8NPbDvON;KrI!M(C==R)C$9so=-A_jQpM9%FRJcTYVXSZp zA)&5EFQL8}C`fKSbNXpR#O5Mj@Z3dYl&nX;DR=jv6vjTsK#!Z;%!7Zm#sAK=5m6ZC z(bNxR+Tq6!7H#8TcME2C8-MGk_;n%{yn z2ug#N;lf9Sq_ea!IbcYTQJtl!%lCqi76HVag@xCKbP8JBi^6EhI7$TQq2Z!zrFxnm zWLS@rr}oaBs8NMD;?Kg&tSV!l)t4M*LF@Mn^R{5uOZgc{;umiUaH#2)*wArwC@MoP zRXOydI)B~2>fhykSE15mV-ed-SpdOKI(kO2GI+Yq>bL`+yu>A6J%44xC28TDL=8`?yO`c zYFTpXg^DdUUD=W?1Dks{8+o7iPet{bNAJQjxj?)n<)I&`j-Nr#{M=8R5#fq@zl4K^ z4-iJl$>^ZTMN&L@#3O7!36$2A5;-6t&BJ6gr`CL~yDh(YK9xHqEui9(R{k6B>vXp1 zQaXwvFDjzaeFnZqJTC{&;yTO=lJ81g$`?p5$v-;pH_eF1{Ija6s`5o>pA~5McY+l; z+2urw&ZW~3!z>gr5)a*0KTkV1ESHNS%jbJ;(+DNnKPo9_gk*^>a|(n>*(ZRu>uvP? z@QSm_E0^#%;&yj2eGbZ!uD=9xMjSh#*dBVYJAktuu8-%i55m^KR;i@H=d~)jL7nUL zw%=6C0xL-%tHg_^em+=>W>k-BPoT=VUfl_)1@pcSN^LX$B@H z6sfTyf;}BYGn?JLf#GZW$yF+QTd-ynmFP?LK+>xV5oSzMlA3a%$zUUr=p8NEph6bc z-8VbO56IJ@jovj+ZQsx4%x3nfX}|QZ-N5fXcr)Hw86K0jkdcI%G%s5;zcLX#vq`vX z2TM^UeJ^3BK4!PMiXF>ot+qyG_}65Je-v8$y|M&zJk(}n}tPlA%B!<{T#ykDR4$eX;kKApdKIF?#wmzeAZ<|zVtbMaOM{Ki%i zv`Lsg;lQv4Ap;yl47FZ>^oJbPK%ru*|05&BF)~roszAl;vLAH@ju`gp##zCqoYw=@ zCHLU12d85HOmH&>yyI^EWP~TU!Ug)jCs;!zjU=b4v51Tm&!M2{Q87ms(~^1a)ESZF z&B~g8>tJGUaNJ|_?gK2c>&t$XyQ*30(newlm9CQM*(ApaejF#5`&VwjL?}>;&rIy4 zRv%Z^=tXy*qRM`{)gCdHRbbyj?OC~OP*To&t=Sk2k_mjjuFQ{E@l%isR&{>>}xBU%%#n2+PK_$H2WpW##^{Owqq`9cF>*4AbbLdHFPKSXpN9s0uu( zyv4JGtxVSLQBD0EOSmz>k8jAE5R8L=(1v{FFD#RGxj#|$e#nZwEn8k3RRe3~{l}cH2$qAK4dNP!tfVC3dlT z?Rm;Ae&ZO&szTOxMj^olrM_*_w&PD&?of)Yem$1?;lK&Y^X4KCF@|1@tatfrVRCP& zV6H0M*_2`JRT{V2EGQ68Cbc%|bD(oGRJ(yO# zkxi{at01&zx}@opH(%c^9$Fi1v>VdC)zUzxU2yL3icbf|Lh}>fs;P|U=nH~zeS6W0 z(EMFYS|Y zfYUHsOqmG)y1<1y9zG{0zg1)L8f6o$IfL@_To@`2wWpyAE!~pKr^_nih4@$cHkh_H z@GTW<^8SRUM-%k1Je=tx!aFT<9&_@_O5bvbdwJmuz}f=3aZb#_jUf(Md*3`2tTAO) z%|8m7!m}D~fnj|)%)I#~S>F9Vk(^1t0T1(`ipArN4i}w-CPyF9)#Ln1h;>7jp3c8% zYueDU=lCc639>&&84Miw^X{eKPCr4N|J^T!_Hg2ha%9Cs6VVzymJG~={M2k|7lGCe zUeVRR5ymQB4?9=n5C-Uj+$T!44{)Df4CH!1EZ(2$8a#&kABF4hdVT z9w4wvIHWhC7A6>!6rYj7!r(4Aoz!ueUS0Q`tKp>K@o5Z`u=Ztjju{RQ;Q0HZGUnTY z`O58uq;S#O#YGP%?|yH(Eh+M2tCHZE1H-a}%Bqo;kZHip-k6*#tuc4xw~lIE-I!>4 z9vuc&C#gq96-1&D_vmpbH>o{pS&?p5YI1SqNU;2P^e=&qg`QeQmjFc1y7K((Dd{P% zTED~R54x>lku<^yvq-|()fTWECSQ|tV{@{W9Pnw(2Yn6c{8}gg literal 0 HcmV?d00001