From ef077e9c355b80eb16d177218969692d2b620d82 Mon Sep 17 00:00:00 2001
From: Sungchan Yi <calofmijuck@snu.ac.kr>
Date: Wed, 18 Oct 2023 01:52:42 +0900
Subject: [PATCH] [PUBLISHER] upload files #103

* PUSH NOTE : 3. Symmetric Key Encryption.md

* PUSH ATTACHMENT : is-03-ecb-encryption.png

* PUSH ATTACHMENT : is-03-cbc-encryption.png

* PUSH ATTACHMENT : is-03-ctr-encryption.png

* PUSH NOTE : 4. Message Authentication Codes.md
---
 .../2023-09-19-symmetric-key-encryption.md    | 244 ++++++++++++++++
 .../Modern Cryptography/2023-09-21-macs.md    | 270 ++++++++++++++++++
 assets/img/posts/is-03-cbc-encryption.png     | Bin 0 -> 13306 bytes
 assets/img/posts/is-03-ctr-encryption.png     | Bin 0 -> 12532 bytes
 assets/img/posts/is-03-ecb-encryption.png     | Bin 0 -> 9695 bytes
 5 files changed, 514 insertions(+)
 create mode 100644 _posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md
 create mode 100644 _posts/Lecture Notes/Modern Cryptography/2023-09-21-macs.md
 create mode 100644 assets/img/posts/is-03-cbc-encryption.png
 create mode 100644 assets/img/posts/is-03-ctr-encryption.png
 create mode 100644 assets/img/posts/is-03-ecb-encryption.png

diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md
new file mode 100644
index 0000000..03db834
--- /dev/null
+++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md	
@@ -0,0 +1,244 @@
+---
+share: true
+toc: true
+math: true
+categories:
+  - Lecture Notes
+  - Modern Cryptography
+tags:
+  - lecture-note
+  - cryptography
+  - security
+title: 3. Symmetric Key Encryption
+date: 2023-09-19
+github_title: 2023-09-19-symmetric-key-encryption
+---
+
+## CPA Security
+
+Secret keys are hard to manage and it would be efficient if we could use the same key multiple times. So we need a stronger notion of security, that the adversary is given several ciphertexts under the same key but the scheme is still secure.
+
+We strengthen the adversary's power, and assume that the adversary can obtain encryptions of any plaintext. This attack model is called **chosen plaintext attack** (CPA).
+
+This notion can be formalized as a security game. The difference here is that we must guarantee security for multiple encryptions.
+
+> **Definition.** For a given cipher $\mathcal{E} = (E, D)$ defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$ and given an adversary $\mathcal{A}$, define experiments 0 and 1.
+> 
+> **Experiment $b$.**
+> 1. The challenger fixes a key $k \leftarrow \mathcal{K}$.
+> 2. The adversary submits a sequence of queries to the challenger:
+> 	- The $i$-th query is a pair of messages $m_{i, 0}, m_{i, 1} \in \mathcal{M}$ of the same length.
+> 3. The challenger computes $c_i = E(k, m_{i, b})$ and sends $c_i$ to the adversary.
+> 4. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$.
+> 
+> Let $W_b$ be the event that $\mathcal{A}$ outputs $1$ in experiment $b$. Then the **CPA advantage with respect to $\mathcal{E}$** is defined as
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{A}, \mathcal{E}] = \left\lvert \Pr[W_0] - \Pr[W_1] \right\lvert
+> $$
+> 
+> If the CPA advantage is negligible for all efficient adversaries $\mathcal{A}$, then the cipher $\mathcal{E}$ is **semantically secure against chosen plaintext attack**, or simply **CPA secure**.
+
+The above security game is indeed a *chosen* plaintext attack since if the attacker sends two identical messages $(m, m)$ as a query, it can surely obtain an encryption of $m$.
+
+The assumption that the adversary can choose any message of its choice may seem too strong, but there are cases in the real world. Also, cryptographers use strong models to show proof of security even for strong attackers.
+
+### Deterministic Cipher is not CPA Secure
+
+Suppose that $E$ is deterministic. Then we can construct an adversary that breaks CPA security. For example, the adversary can send $(m_0, m_1)$ and $(m_0, m_2)$. Then if $b = 0$, the received ciphertext would be same, so the adversary can output $0$ and win the CPA security game.
+
+Therefore, for *indistinguishability under chosen plaintext attack* (IND-CPA), encryption must produce different outputs even for the same plaintext.
+
+Another corollary is that PRPs are deterministic, so PRPs are not CPA secure.
+
+## Nonce-based Encryption
+
+Since deterministic cipher is not CPA secure, we need non-deterministic encryption. There are two ways to construct such encryptions.
+
+In **probabilistic** (randomized) encryption, encrypting the same message twice gives difference ciphertexts with high probability.
+
+The second method is **stateful** encryption, where both algorithms $E$ and $D$ maintain some state that changes with each invocation of the algorithm. A typical example of stateful encryption is **nonce-based encryption**.
+
+A **nonce** is a value that changes from message to message, such as a counter or a random value. Both encryption and decryption algorithm take the nonce as an additional input, so that the resulting ciphertext will be different for the same plaintext. Thus, it is natural that we require all nonces to be *distinct*.
+
+The syntax for nonce-based encryption is $c = E(k, m, n)$ where $n \in \mathcal{N}$ is the nonce, and the algorithm $E$ is required to be deterministic. Similarly, nonce-based decryption becomes $m = D(k, c, n)$. The nonce that was used to encrypt $m$ should be used for decrypting $c$.
+
+We also formalize security for nonce-based encryption. It is basically the same as CPA security definition. The difference is that the adversary chooses a nonce for each query, with the constraint that they should be unique for every query.
+
+> **Definition.** For a given **nonce-based** cipher $\mathcal{E} = (E, D)$ defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C}, \mathcal{N})$ and given an adversary $\mathcal{A}$, define experiments 0 and 1.
+> 
+> **Experiment $b$**.
+> 1. The challenger fixes a key $k \leftarrow \mathcal{K}$.
+> 2. The adversary submits a sequence of queries to the challenger.
+> 	- The $i$-th query is a pair of messages $m_{i, 0}, m_{i, 1} \in \mathcal{M}$ of the same length, and a nonce $n_i \in \mathcal{N} \setminus \left\lbrace n_1, \dots, n_{i-1} \right\rbrace$.
+> 	- Nonces should be unique.
+> 3. The challenger computes $c_i = E(k, m_{i, b}, n_i)$ and sends $c_i$ to the adversary.
+> 4. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$.
+> 
+> Let $W_b$ be the event that $\mathcal{A}$ outputs $1$ in experiment $b$. Then the **CPA advantage with respect to $\mathcal{E}$** is defined as
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{nCPA}}[\mathcal{A}, \mathcal{E}] = \left\lvert \Pr[W_0] - \Pr[W_1] \right\lvert
+> $$
+> 
+> If the CPA advantage is negligible for all efficient adversaries $\mathcal{A}$, then the nonce-based cipher $\mathcal{E}$ is **semantically secure against chosen plaintext attack**, or simply **CPA secure**.
+
+### Secure Construction from PRF
+
+Suppose we want to construct a secure encryption scheme from a pseudorandom function. A simple approach would be to use $E(k, m) = F(k, m)$, but this would result in deterministic encryption, which is not CPA-secure.
+
+Therefore, we need randomized encryption. We achieve randomness by drawing a random value $r \leftarrow \left\lbrace 0, 1 \right\rbrace^n$ and evaluate $F(k, r)$ and then XOR it with the plaintext.
+
+Here is the construction in detail.
+
+> Let $F : \mathcal{K} \times \left\lbrace 0, 1 \right\rbrace^n \rightarrow \left\lbrace 0, 1 \right\rbrace^n$ be a PRF.
+> - Encryption $E : \mathcal{K} \times \left\lbrace 0, 1 \right\rbrace^n \rightarrow \left\lbrace 0, 1 \right\rbrace^{2n}$
+> 	- Sample $r \leftarrow \left\lbrace 0, 1 \right\rbrace^n$ and return $c = (r, F(k, r) \oplus m)$.
+> - Decryption $D : \mathcal{K} \times \left\lbrace 0, 1 \right\rbrace^{2n} \rightarrow \left\lbrace 0, 1 \right\rbrace^n$
+> 	- Extract $(r, s)$ from $c$ and output $m = F(k, r) \oplus s$.
+
+A few notes:
+- Since we have randomized encryption,
+	- $E$ is a one-to-many function.
+	- $D$ is a many-to-one function.
+- The above construction maps $n$ bit messages to $2n$ bit messages.
+	- The ciphertext is $2$ times longer than the plaintext.
+	- We call this the **expansion ratio**.
+- If the value $F(k, r)$ is duplicated in the above construction, then this scheme is insecure, just like in the one-time pad.
+	- Thus the probability of duplication must be negligible.
+
+Since the duplication probability is negligible, we have the following theorem.
+
+> **Theorem.** Let $F$ be a secure PRF. Then $(E, D)$ in the above construction is CPA-secure.
+
+*Proof*. Check the proof of Theorem 3.29.[^1]
+
+#### Notes on the Proof
+
+There is a common proof template for constructions based on PRFs.
+
+1. Consider a hypothetical version of the construction, where the PRF is replaced by a truly random function.
+2. Argue that the adversary learns almost nothing. i.e, replacing with a random function only has a negligible effect on the adversary.
+3. Now that we have a random function, the remaining argument proceeds with probabilistic analysis, etc.
+
+## Modes of Operation
+
+We learned how to encrypt a single block. How do we encrypt longer messages with a block cipher $E : \left\lbrace 0, 1 \right\rbrace^s \times \left\lbrace 0, 1 \right\rbrace^n \rightarrow \left\lbrace 0, 1 \right\rbrace^n$?
+
+There are many ways of processing multiple blocks, this is called the **mode of operation**.
+
+Additional explanation available in [Modes of Operations (Internet Security)](2023-09-18-symmetric-key-cryptography-2.md#Modes%20of%20Operations).
+
+### Electronic Codebook Mode (ECB)
+
+![is-03-ecb-encryption.png](../../../assets/img/posts/is-03-ecb-encryption.png)
+
+- ECB mode encrypts each block with the same key.
+- Blocks are independent of each other.
+- ECB is deterministic, so not CPA-secure.
+
+### Ciphertext Block Chain Mode (CBC)
+
+![is-03-cbc-encryption.png](../../../assets/img/posts/is-03-cbc-encryption.png)
+
+Let $X = \left\lbrace 0, 1 \right\rbrace^n$ and $E : \mathcal{K} \times X \rightarrow X$ be a **PRP**.
+
+- In CBC mode, a random **initial vector** (IV) is chosen and outputs the ciphertext.
+- Expansion ratio is $\frac{n+1}{n}$ where $n$ is the number of blocks.
+- If the message size is not a multiple of the block size, we need **padding**.
+
+There is a security proof for CBC mode.
+
+> **Theorem.** Let $E : \mathcal{K} \times X \rightarrow X$ be a secure PRP. Then CBC mode encryption $E : \mathcal{K} \times X^L \rightarrow X^{L+1}$ is CPA-secure for any $L > 0$.
+> 
+> For any $q$-query adversary $\mathcal{A}$, there exists a PRP adversary $\mathcal{B}$ such that
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{A}, E] \leq 2 \cdot \mathrm{Adv}_{\mathrm{PRP}}[\mathcal{B}, E] + \frac{2q^2L^2}{\left\lvert X \right\lvert}.
+> $$
+
+*Proof*. See Theorem 5.4.[^2]
+
+From the above theorem, note that CBC is only secure as long as $q^2L^2 \ll \left\lvert X \right\lvert$.
+
+Also, CBC mode is not secure if the adversary can predict the IV of the next message. Proceed as follows:
+
+> 1. Query the challenger for an encryption of $m_0$ and $m_1$.
+> 2. Receive $\mathrm{IV}_0, E(k, \mathrm{IV}_0 \oplus m_0)$ and $\mathrm{IV}_1, E(k, \mathrm{IV}_1 \oplus m_1)$.
+> 3. Predict the next IV as $\mathrm{IV}_2$, and set the new query pair as
+> 
+> 	$$
+> 	m_0' = \mathrm{IV}_2 \oplus \mathrm{IV}_0 \oplus m_0, \quad m_1' = \mathrm{IV}_2 \oplus \mathrm{IV}_1 \oplus m_1
+> 	$$
+> 
+> 	and send it to the challenger.
+> 4. In experiment $b$, the adversary will receive $E(k, \mathrm{IV}_b \oplus m_b)$. Compare this with the result of the query from (2). The adversary wins with advantage $1$.
+
+(More on this to be added)
+
+#### Nonce-based CBC Mode
+
+We can also use a **unique** nonce to generate the IV. Specifically,
+
+$$
+\mathrm{IV} = E(k_1, n)
+$$
+
+where $k_1$ is the new key and $n$ is a nonce. The ciphertext starts with $n$ instead of the $\mathrm{IV}$.
+
+Note that if $k_1$ is the same as the key used for encrypting messages, then this scheme is insecure. See Exercise 5.14.[^2]
+
+### Counter Mode (CTR)
+
+![is-03-ctr-encryption.png](../../../assets/img/posts/is-03-ctr-encryption.png)
+
+Let $F : \mathcal{K} \times X \rightarrow X$ be a secure **PRF**.
+
+- CTR mode also chooses a random IV and increments the IV for every encrypted block.
+- IVs should not be reused.
+- CTR mode is parallelizable, so it is very efficient.
+- If a part of the message changes, only that part has to be recalculated.
+
+There is also a security proof for CTR mode.
+
+> **Theorem.** If $F : \mathcal{K} \times X \rightarrow X$ is a secure PRF, then CTR mode encryption $E : \mathcal{K} \times X^L \rightarrow X^{L+1}$ is CPA-secure.
+> 
+> For any $q$-query adversary $\mathcal{A}$ against $E$, there exists a PRF adversary $\mathcal{B}$ such that
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{CPA}}[\mathcal{A}, E] \leq 2\cdot\mathrm{Adv}_{\mathrm{PRF}}[\mathcal{B}, F] + \frac{4q^2L}{\left\lvert X \right\lvert}.
+> $$
+
+*Proof.* Refer to Theorem 5.3.[^2]
+
+From the above theorem, we see that CTR mode is only secure for $q^2L \ll \left\lvert X \right\lvert$. This is a better bound than CBC.
+
+#### Nonce-based CTR Mode
+
+We can also use a nonce and a counter to generate the IV. Since it is important to keep IVs distinct, set
+
+$$
+\mathrm{IV} = (n, ctr) \in \left\lbrace 0, 1 \right\rbrace^{64} \times \left\lbrace 0, 1 \right\rbrace^{64}
+$$
+
+where $ctr$ starts at $0$ for every message and $n \in \mathcal{N}$ is chosen randomly as a nonce.
+
+### Comparison of CTR and CBC
+
+CTR is a lot better in general, but CBC is widely implemented.
+
+|-|CBC|CTR|
+|:-:|:-:|:-:|
+|Primitive|PRP|PRF|
+|Parallelizable|No|Yes|
+|Security|$q^2L^2 \ll \left\lvert X \right\lvert$|$q^2L \ll \left\lvert X \right\lvert$|
+|Dummy Padding|Yes|No|
+|1-byte Message|$16 \times$ expansion|No expansion|
+
+- PRP is a PRF, so PRF is a weaker condition.
+- The difference of $q^2L^2$ and $q^2L$ comes from the probability that consecutive IVs overlap, and also the birthday paradox.
+- CBC needs dummy padding block, but this can be avoided using *ciphertext stealing*. (See Exercise 5.16.[^2])
+- CTR mode does not require padding by construction.
+
+[^1]: Introduction to Modern Cryptography
+[^2]: A Graduate Course in Applied Cryptography
diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-21-macs.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-21-macs.md
new file mode 100644
index 0000000..4150884
--- /dev/null
+++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-21-macs.md	
@@ -0,0 +1,270 @@
+---
+share: true
+toc: true
+math: true
+categories:
+  - Lecture Notes
+  - Modern Cryptography
+tags:
+  - lecture-note
+  - cryptography
+  - security
+title: 4. Message Authentication Codes
+date: 2023-09-21
+github_title: 2023-09-21-macs
+image:
+  path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-04-mac-security.png
+attachment:
+  folder: assets/img/posts/Lecture Notes/Modern Cryptography
+---
+
+Message authentication codes (MAC) were designed to provide message integrity. Bob receives a message from Alice and wants to know if this message was not modified during transmission. For MACs, the message itself does not have to be secret. For example, when we download a file the file itself does not have to be protected, but we need a way to verify that the file was not modified.
+
+Note that MAC is different from error correcting codes (ECC). ECC fixes accidental errors. For example, the Ethernet protocol uses CRC32, which is *keyless*. Keyless integrity mechanisms are designed to detect and fix random transmission errors, and the adversary can easily modify the data since there is no key and the algorithm is publicly known.
+
+On the other hand, MAC fixes data that is tampered in purpose. We will also require a key so that the adversary cannot easily modify the message. We assume that the secret key is shared between two parties, in advance.
+
+## Message Authentication Code
+
+![mc-04-mac.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-04-mac.png)
+
+> **Definition.** A **MAC** system $\Pi = (S, V)$ defined over $(\mathcal{K}, \mathcal{M}, \mathcal{T})$ is a pair of efficient algorithms $S$ and $V$ where $S$ is a **signing algorithm** and $V$ is a **verification algorithm**.
+> 
+> - $S : \mathcal{K} \times \mathcal{M} \rightarrow \mathcal{T}$ is a probabilistic algorithm that outputs $t \leftarrow S(k, m)$ for some key $k \in \mathcal{K}$ and message $m \in \mathcal{M}$. The output $t$ is called a **tag**, and $\mathcal{T}$ is the tag space.
+> - $V: \mathcal{K} \times \mathcal{M} \times \mathcal{T} \rightarrow \left\lbrace 0, 1 \right\rbrace$ is a deterministic algorithm that computes $V(k, m, t)$ and outputs $1$ ($\texttt{accept}$) or $0$ ($\texttt{reject}$) .
+> - It is required that $V(k, m, S(k, m)) = 1$.
+
+When $V$ accepts $(m, t)$, then $t$ is called a **valid tag**. Since $(m, t)$ is the transmitted data, we want $t$ to be short as possible.
+
+### Canonical Verification
+
+$V$ can be replaced with an invocation of $S$ if *$S$ is deterministic*. The receiver can recompute the tag and check equality.
+
+$$
+V(k, m, t) = 1 \iff t = S(k, m)
+$$
+
+This is called **canonical verification**. All real-world MACs use canonical verification.
+
+## Secure MAC: Unforgeability
+
+In the security definition of MACs, we allow the attacker to request tags for arbitrary messages of its choice, called **chosen-message attacks**. This assumption will allow the attacker to collect a bunch of valid $(m, t)$ pairs. In this setting, we require the attacker to forge a **new** valid message-tag pair, which is different from what the attacker has. Also, it is not required that the forged message $m$ have any meaning. This is called **existential forgery**. A MAC system is secure if an existential forgery is almost impossible. Note that we are giving the adversary much power in the definition, to be conservative.
+
+- Attacker is given $t_i \leftarrow S(k, m_i)$ for $m_1, \dots, m_q$ of his choice.
+	- Attacker has a *signing oracle*.
+- Attacker's goal is **existential forgery**.
+	- **MAC**: generate a *new* valid message-tag pair $(m, t)$ such that $V(k, m, t) = 1$ and $m \notin \left\lbrace m_1, \dots, m_q \right\rbrace$.
+	- **Strong MAC**: generate a *new* valid message-tag pair $(m, t)$ $V(k, m, t) = 1$ and $(m, t) \notin \left\lbrace (m_1, t_1), \dots, (m_q, t_q) \right\rbrace$.
+
+For strong MACs, the attacker only has to change the tag for the attack to succeed.
+
+![mc-04-mac-security.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-04-mac-security.png)
+
+> **Definition.** Let $\Pi = (S, V)$ be a MAC system defined over $(\mathcal{K}, \mathcal{M}, \mathcal{T})$. Given an adversary $\mathcal{A}$, the security game goes as follows.
+> 
+> 1. The challenger picks a random $k \leftarrow \mathcal{K}$.
+> 2. $\mathcal{A}$ queries the challenger $q$ times.
+> 	- The $i$-th signing query is a message $m_i$, and receives $t_i \leftarrow S(k, m_i)$.
+> 3. $\mathcal{A}$ outputs a new forged pair $(m, t)$ that is not among the queried pairs.
+> 	- $m \notin \left\lbrace m_1, \dots,m_q \right\rbrace$
+> 	- $(m, t) \notin \left\lbrace (m_1, t_1), \dots, (m_q, t_q) \right\rbrace$ (for strong MAC)
+> 
+> $\mathcal{A}$ wins if $(m, t)$ is a valid pair under $k$. Let this event be $W$. The **MAC advantage** with respect to $\Pi$ is defined as
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{MAC}}[\mathcal{A}, \Pi] = \Pr[W]
+> $$
+> 
+> and a MAC $\Pi$ is secure if the advantage is negligible for any efficient $\mathcal{A}$. In this case, we say that $\Pi$ is **existentially unforgeable under a chosen message attack**.
+
+If a MAC is secure, the attacker learns almost nothing from the $q$ queries. i.e, the tags for the previous $q$ messages gives no useful information for producing a tag for some other message $m$, even in cases where messages are almost identical.
+
+### MAC Security with Verification Queries
+
+The above definition can be modified to include **verification queries**, where the adversary $\mathcal{A}$ queries $(m_j, t_j) \in \mathcal{M} \times \mathcal{T}$ and the challenger responds with $V(k, m_j, t_j)$. $\mathcal{A}$ wins if any verification query is returned with $1$ ($\texttt{accept}$).
+
+It can be shown that for **strong MACs**, these two definitions are equivalent. See Theorem 6.1.[^1] For (just) MACs, these are not equivalent. See Exercise 6.7.[^1]
+
+Since these two definition are equivalent, security proofs are easier when we use the definition without verification queries.
+
+## Notes on the Security Definition
+
+### Replay Attacks
+
+The definition requires that the adversary generate a **new** message-tag pair. In the real world, there are **replay attacks** that send the same message multiple times. For example, intercepting a bank transaction message and sending it several times can be critical. Replay attacks should be handled differently, by using sequence numbers in messages or by appending a timestamp.
+
+### Secure MAC with Canonical Verification
+
+**A secure MAC with canonical verification is strongly secure**, since $S$ is deterministic, so for every message $m \in \mathcal{M}$, there is a *unique* tag $t \in \mathcal{T}$. Thus it is impossible to only modify the tag.
+
+## MAC Constructions from PRFs
+
+Block ciphers were actually PRPs, but we have a large message space, so by the **PRF switching lemma**, we can use block ciphers as PRFs and construct other systems!
+
+> Let $F : \mathcal{K} \times X \rightarrow Y$ be a PRF. Define a MAC scheme $\Pi = (S, V)$ over $(\mathcal{K}, X, Y)$ as
+> - $S(k, m) = F(k, m)$
+> - $V(k, m, t) = 1$ if $t = F(k, m)$ and $0$ otherwise.
+
+This MAC is **derived from $F$**, and is deterministic. This scheme is secure as long as $\left\lvert Y \right\lvert$ is sufficiently large. This is necessary since if $\left\lvert Y \right\lvert$ is small, then an adversary can randomly guess the tag with non-negligible probability.
+
+> **Theorem.** Let $F : \mathcal{K} \times X \rightarrow Y$ be a secure PRF. If $\left\lvert Y \right\lvert$ is sufficiently large, then $\Pi$ is a secure MAC.
+> 
+> For every efficient MAC adversary $\mathcal{A}$ against $\Pi$, there exists an efficient PRF adversary $\mathcal{B}$ such that
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{MAC}}[\mathcal{A}, \Pi] \leq \mathrm{Adv}_{\mathrm{PRF}}[\mathcal{B}, F] + \frac{1}{\left\lvert Y \right\lvert}.
+> $$
+
+*Proof*. See Theorem 6.2.[^1]
+
+The above construction uses a PRF, so it is restricted to messages of fixed size. We also need a MAC for longer messages.
+
+## MAC Constructions for Fixed Length Messages
+
+### CBC-MAC
+
+![mc-04-cbc-mac.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-04-cbc-mac.png)
+
+> **Definition.** For any message $m = (m_0, m_1, \dots, m_{l-1}) \in \left\lbrace 0, 1 \right\rbrace^{nl}$, let $F_k := F(k, \cdot)$.
+> 
+> $$
+> S_\mathrm{CBC}(m) = F_k(F_k(\cdots F_k(F_k(m_0) \oplus m_1) \oplus \cdots) \oplus m_{l-1}).
+> $$
+
+$S_\mathrm{CBC}$ is similar to CBC mode encryption, but there is no intermediate output, and the IV is fixed as $0^n$.
+
+> **Theorem.** If $F : \mathcal{K} \times \left\lbrace 0, 1 \right\rbrace^n \rightarrow \left\lbrace 0, 1 \right\rbrace^n$ is a secure PRF, then **for a fixed $l$**, CBC-MAC is secure for messages $\mathcal{M} = \left\lbrace 0, 1 \right\rbrace^{nl}$.
+
+The following modifications show some of the ways that CBC-MAC could become insecure.
+
+#### Using Shorter Messages is Insecure (Extension Attack)
+
+For any messages *shorter than* $nl$, CBC-MAC is not secure. So the length of the messages should be fixed in advance by the sender and the receiver.
+
+To see this, consider the following **extension attack**.
+
+1. Pick an arbitrary $m_0 \in \left\lbrace 0, 1 \right\rbrace^n$.
+2. Request the tag $t = F(k, m_0)$.
+3. Set $m_1 = t \oplus m_0$ and output $(m_0, m_1) \in \left\lbrace 0, 1 \right\rbrace^{2n}$ and $t$ as the tag.
+
+Then the verification works since
+
+$$
+S_\mathrm{CBC}(k, (m_0, t\oplus m_0)) = F(k, F(k, m_0) \oplus (t \oplus m_0)) = F(k, m_0) = t.
+$$
+
+#### Random IV is Insecure
+
+If we use random IV instead of $0^n$, CBC-MAC is insecure. Suppose a random IV was chosen from $\left\lbrace 0, 1 \right\rbrace^n$ and the final output was $(\mathrm{IV}, t)$. Then the following attack is possible.
+
+1. Pick an arbitrary $m \in \left\lbrace 0, 1 \right\rbrace^n$.
+2. Request the tag $(\mathrm{IV}, t)$. ($t = F(k, m)$)
+3. Send $m' = \mathrm{IV} \oplus m$ and tag $(\mathrm{IV}, t)$.
+
+Then the verification works since
+
+$$
+S_\mathrm{CBC}(k, \mathrm{IV} \oplus m) = F(k, (\mathrm{IV} \oplus m) \oplus \mathrm{IV}) = F(k, m) = t.
+$$
+
+#### Disclosing Intermediate Values is Insecure
+
+If CBC-MAC outputs all intermediate values of $F(k, \cdot)$, then CBC-MAC is insecure. Consider the following attack.
+
+1. Pick an arbitrary $(m_0, m_1) \in \left\lbrace 0, 1 \right\rbrace^{2n}$.
+2. Request the computed values $(t_0, t)$, where $t_0 = F(k, m_0)$ and $t = F(k, m_1 \oplus t_0)$.
+3. Send $(m_0, m_0 \oplus t_0) \in \left\lbrace 0, 1 \right\rbrace^{2n}$ and tag $t_0$.
+
+Then the verification works since
+
+$$
+S_\mathrm{CBC}(k, (m_0, m_0 \oplus t_0)) = F(k, F(k, m_0) \oplus (m_0 \oplus t_0)) = F(k, m_0) = t_0.
+$$
+
+The lesson is that *cryptographic constructions should be implemented exactly as it was specified, without any unproven variations*.
+
+## CBC-MAC for Messages of Arbitrary Length
+
+We can extend CBC-MAC for arbitrary length messages. First, assume that all messages have lengths divisible by $n$.
+
+### Length Prepending
+
+We can prepend the length of message $\left\lvert m \right\lvert$, encoded as an $n$-bit string. The computation of CBC-MAC is the same. It can be shown that this MAC scheme is secure.
+
+However, this cannot be used if the length of the message is not known in advance. Also, only *prepending* works since *appending* the length is not secure. See Exercise 6.8.[^1]
+
+> **Proposition.** Appending the length of the message in CBC-MAC is insecure.
+
+*Proof*. Let $n$ be the length of a block. Query $m_1, m_2, m_1 \parallel n \parallel m_3$ and receive $3$ tags, $t_1 = E_k(E_k(m_1) \oplus n)$, $t_2 = E_k(E_k(m_2) \oplus n)$, $t_3 = E_k(E_k(t_1 \oplus m_3) \oplus 3n)$.
+
+Now forge a message-tag pair $(m_2 \parallel n \parallel (m_3 \oplus t_1 \oplus t_2), t_3)$. Then the tag is
+
+$$
+E_k(E_k(\overbrace{E_k(E_k(m_2) \oplus n)}^{t_2} \oplus m_3 \oplus t_1 \oplus t_2) \oplus 3n) = E_k(E_k(t_1 \oplus m_3) \oplus 3n)
+$$
+
+which equals $t_3$. Note that the same logic works if the length is *anywhere* in the message, except for the beginning.
+
+### Encrypt Last Block (ECBC-MAC)
+
+Since CBC-MAC is vulnerable to extension attacks, we encrypt the last block again. Choose a second key $k' \in \mathcal{K}$ to encrypt the tag, so $t' = F(k', t)$. This method is called **encrypt-last-block CBC-MAC** (ECBC-MAC).
+
+ECBC-MAC doesn't require us to know the message length in advance, but it is relatively expensive in practice, since a block cipher has to be initialized with a new key.
+
+![mc-04-ecbc-mac.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-04-ecbc-mac.png)
+
+> **Theorem.** Let $F : \mathcal{K} \times X \rightarrow X$ be a secure PRF. Then for any $l \geq 0$, $F_\mathrm{ECBC} : \mathcal{K}^2 \times X^{\leq l} \rightarrow X$ is a secure PRF.
+> 
+> For any efficient $q$-query PRF adversary $\mathcal{A}$ against $F_\mathrm{ECBC}$, there exists an efficient PRF adversary $\mathcal{B}$ such that
+> 
+> $$
+> \mathrm{Adv}_{\mathrm{PRF}}[\mathcal{A}, F_\mathrm{ECBC}] \leq \mathrm{Adv}_{\mathrm{PRF}}[\mathcal{B}, F] + \frac{2q^2l^2}{\left\lvert X \right\lvert}.
+> $$
+> 
+> [^2]
+
+Thus ECBC-MAC is secure as long as $ql \ll \sqrt{\left\lvert X \right\lvert}$.
+
+#### Extendable PRF
+
+> **Definition.** Let $PF$ be a PRF defined over $(\mathcal{K}, X^{\leq l}, Y)$. $PF$ is **extendable** if for all $k \in \mathcal{K}$, $x, y \in X^{\leq l}$ and $a \in X$,
+> 
+> $$
+> PF(k, x) = PF(k, y) \implies PF(k, x \parallel a) = PF(k, y \parallel a).
+> $$
+
+It is easy to see that (E)CBC is an extendable PRF.
+
+#### Attacking ECBC with $\sqrt{\left\lvert X \right\lvert}$ Messages
+
+1. Make $q = \sqrt{\left\lvert X \right\lvert}$ queries using random messages $m_i \in X$ and obtain $t_i = F_\mathrm{ECBC}(k, m_i)$.
+2. With a high probability, there is a collision $t_i = t_j$ for $i \neq j$.
+3. Query for $m_i \parallel m$ and receive the tag $t$.
+4. Return a forged pair $(m_j \parallel m, t)$.
+
+This works because ECBC is an extendable PRF. $t$ also works as a valid tag for $m_j \parallel m$.
+
+So ECBC becomes insecure after signing $\sqrt{\left\lvert X \right\lvert}$ messages.
+
+### Bit-wise PRF Using Block-wise PRF
+
+Now we construct a bitwise PRF, that enables us to sign messages of arbitrary length. We pad the messages so that they can be signed block-wise.
+
+Specifically, pad with $1000\dots0$. If the message length is already a multiple of $n$, then add a dummy block and pad with $1000\dots0$. It is easy to see that this padding is injective, so using this padding gives us a secure PRF for bit-wise operations.
+
+### Other Constructions
+
+- CMAC (OMAC)
+	- Simplified version of ECBC-MAC
+	- Uses only one key
+	- NIST standard
+- **Parallelizable MAC** (PMAC)
+	- Uses two keys.
+	- Better than ECBC, since it is parallelizable.
+	- Each message block is XORed with a easy-to-compute function, then it is encrypted.
+	- All encrypted blocks are XORed, and finally encrypted again.
+	- PMAC is incremental: the tag can be easily updated when a message block changes.
+- Hash-MAC (HMAC)
+
+[^1]: A Graduate Course in Applied Cryptography
+[^2]: Need to check if this is correct. Check Theorem 6.6.[^1]
diff --git a/assets/img/posts/is-03-cbc-encryption.png b/assets/img/posts/is-03-cbc-encryption.png
new file mode 100644
index 0000000000000000000000000000000000000000..9ac8177b40aff0de12b19ead3ec03fe2da3d6bd6
GIT binary patch
literal 13306
zcmc(FbySq!xA)N9-5?D^NJ$7tDIpERNDd_u(n!~UfP|n(C?!ZUz);dKLyDBt&@CWc
zA`S20_x|2{?^^f1>;2<>*M0t&v(I_X`Ru(vXYYN^to6Ln(|JNd$VdnP07x{{RSf_D
zY&Zabv5Jp{9>Jccy=y}Bo*Jp4+yB7_`ZZz)t)Ac8K*tc!_8cUpQg#uI>i_MRzR_*I
zL`Q+c-LOmW@ZGFVL6vu2$dC9e4L25!uWxkI0041J4OJy0znL9m_?-h`pRY^kN-+PA
zzC2&t3mC`l;CoB9Bz%w7=+P8t+u3LM^cKpJzb7{B$~+^HuzuStO3{<yB^<>Y@n2zG
zVTE_-R&>y>w7GR%1F|PHPglEtXm-wjn;R|1^a$i|Ju`Ni5Xnic*S>eGzgH)|wqw<`
zo6z7<GipC3F(GV>l1^zV{?M>b?xDzRR^s^DK(&C4{M3STFWRfTHr~gttTtVK*jDbG
zZs<b}pHt7`%1#5^>iO1Ag5=E1ni81N8Rl}hZQ_64M%We1<k4AUki2;YTF{Sm);O*)
zb8Ikib}b7bG~iYu52|_~_1-|E|Ld4%-hPiPe|bRJqdA2brq0vPn}yXT**vCADbJ7D
z?5PT5r4u{fjcQwe;@hq;De2ftj()zv8r5(}XLyr`Dl>F6w;-Hsu>yT`v^N!rjoaQc
z)Ty=m&bt>L!xXZ?H@2Al1t{qyV37ghrfIDPX+Gs0*^*tXuTe;$Jk{$W8Gc|qdXpjW
z#rAz^orl1DI*2nX(0=+4RHr=IG0Ry)a7aHUkZ&bwqZtwHRoS8!oBR-8Y<JF!+Ka=u
zwfbwo14+8v+V!QhhFiIn5b603`#0LllBkAXt^r0(sF8;6=9-KG+<Un(Ord(48p+OV
ztSPJ?m?m|63M-8?=M<-#FSBcN0feh`e5nRP_D=;w+LqJh7H^4$G|Z(r`Rj#+eNWD>
ztA6%PRnN^blf=!?^d|V4Z>o}2*74a^c;{cqF!y^-*g6iRc+RnS%=z`ESUO#p>N+)#
zuFW=oNZIQ^uGA4(M8ZKQ2GJ(rt8cqJzFej}AN|P#<Z+s*_^naX?Ti`~BU;{evUq*)
z>f?jguAQ@G2#+T#4I}58oe}w(O-{jPV*M#5$5x>M>00*3+i7Wjm)<h{lCl9b(tG&K
z4;DNMmIL2CsFAI;bfgzya-_2~uZ$C`#7$FF1{;~)hIk#F9|*KP{IL4A)8j6s|Lf<#
z%FNEy-0k*PaM41}u1C?r<65oDK$+*E#oKS?tIdP`+;nHI@%aOX;^l?+w~d_>6+X{T
z9yCsDWxP~>R+8O_&u>=dHhSZCb?78HW}EO`$KuB4L3vi$*0}vqgrua?epXA|+g6#e
z<K!W;=J%&O=g3dK0WD3ZEp<Ml8R8bTuZAF-sEZ83Z8LwX7Y?oC0|B4IPj>RtP;wSv
zx}(tH$BVEHQ!|r*>Nc$qxGRkNlKJ*AVQ<^FOVfpqp4%xcr$?+MwH0gfA5L2tx1SiJ
zW`E*2zp(g)4ERzeo;cZMmWWE&E7u}vH4b#P%W~c?PpKE%jzZeNhiu{WKwLo*Vh}cN
z9J)V>fT%(K$A|QsKe9BB%>|SsoIHAsrlANWHwcSMW(B*|)@E-HHI2TmXNBSQk)Z_S
zc=l85+T~MEK?`*)(cjH3Ef*36%6X40`!6*UZiCTNy4ZMyT6I~AW>LLmBPl*5b@e<8
z0kuOu`{nx!jHX(3K7Ei9Hv=|Uwni}gV!eh86|yB|KQVLcd6R3AlJVB!>AXO`i<FQ3
zbct_PbCvMWE1$3PhU(MT<5z2|6RjCFtu?}C7fUr{wEqNFSj4u+jN({}gKLlD?V`$}
zo$Uhge%c#htecO{FEMYj!p{IBBE%p$-0k)r$O%crNpfqmwGJbGhjg2NxRyE-CIMFq
zHJ{$n`Hhucr?xFh%WEr!72fVKKH=p?-+MbgJ`+L-Yvw@)NKnH5|4Ogwkw;5RUK{+!
zyt{F?^)kvA2ANN}!9z)qXYyw7sPxcznp^oRIiwif^e(xfZCrl!&aE*PaR#01!n<W-
z=o&FWY6AAQ6CK{~d3uG6K?sAQ<JL1f0-}!RQ??F^ZbidUgG3MZ`9MxQNYB^U{g0vc
zn_&#Vp|)>BS1w5$qGwu{bo6zW4gS4EsgytybvTR*JcKQ%Y?|~6@zZU0(Rwyud7Xvs
zLkf031tqYImjo35ITj=!uM?Wj7xC3?^n*j^8_hrZ3x~wcF}ipmqhN0uzk*LY%J)|P
z^bmu`jB^zyUNu~{jU5w>cB~5UpGL!57tJ$6t(Xltb=_Sp8$6!8jC=%L!zV}`JjU%`
z{36wtflJbYUA5s~sqOGKOki8ZK^!~+#v;A4o6NH*4z;wmTUemCRX1Tn#J?b7#}J+D
z4k+oxo~k{~h%*7$I0doWi)1e9o2~F6JtMLE*Zm_>bQEF*)ZJecynwYkuBYwB7t_a!
zK7gJ$645a7Ca6)2f6ePRXM0{>f2Qt@SP<nQOmgumg&MIPh0n*o*m_cay}lwwa^y53
zJQUUH{;JnF3j8l~wFWCRI)3&;Bn!EPt+1Ux4<xVWJybH%?Pg^<{`1&UWUMz>zyMbA
zHSGJFQp(C6aact+$9*r=o!2#T70T>skVYk_{c#I2;4;YdgIR={m)$&4wn&z9C%=*J
zGN^_ptaM<ONyX1wzQWU#lSincpXL`05Nr__-L+eVc5>ds2lqK8@PRtqCHn!`tkf9M
z$O~S+ucJ5n3b%~W+C0f)6kOW{PLzR*y14}b(zZnyDb>{F%e&tE0wl&me1z8x>>h&4
z<!TAR>hL*sWVQbS1SbIZxfNbNp3%cUE!6v2$Qh0-N(MAZZhoBF)-M+p_$u13h+*6F
ziY?=-Blw`n71#st6=``AL`DT_&xzb3K&f$jKM~m?MiFSXTZSABN2uX-sfwr*<vjou
zTakhuna5L+fwoCs5=Q=GITu(SDQlhI>)`;W)eP;Gc03of)`crWl<ucaR>YTBp9^xB
z4fy+QAf4uO2g6FR`$;H)OavfZ_`Mx(lJ^ymEJJ1uTi#u=`SaZY)_!vQlM!*rkn`NY
zM{|^Jf1Q&wICmg<n*^CwhtD8C+0O0_5Ir`M`^*XMZt!0k()|?o=`9VXOZ@Cds_!OU
zzb#U1R7@=sxl{8cFPrJSFhGAX@Kp#>Ik~`6l(1KDQu>YZp~y!@`mDJ-_$Z3aj}jr(
zwiIf5MX^In#c)NiA<m;-KCE>P{VH(bMU}!^y1Y$(r$4?T>xGYopc74B983Qu650nj
za4uAn_xSk&hI;s9Mf4uwrn=l=vdg>kT$!HTIb1!%rX!l94<{x@fo=*CMbnF|>BmdQ
z5J}$`jRuYXjv<krwqu*BTP4uT;Dfh4hLm;`&f7V*{UC%SJm3V@*k=}x2R8n?Kc{Wf
zs2I6>Js)?joQM~<sH6~ewAkOEj1E9=WPq$%>Ckv*Cpr%a|5lUbbMWXS?ZMA>^;c1M
zCFA5Ec41ij{u6Xg{nI}aj>v`x(H=Rr&2b>B-$4inQpN8G0&@J@3~qE4`Aa%F2N~|R
zEcIV8LP-g9K!+?BSoz;-mzFv_^S=RU13gUy>kv`iKE4U>E4X*)X0#z+o!J#}CY@Sb
zP>DtPz}J8AOW}Ik6-QI6z${mBc^-od@T_n7V2ruy{^j<uT*mccwiTvu{w#ewAfKOy
zKdh={Ey#Av1c&SJRD@7n_XxC`a83m%!!Dyl%)T}^UK-i?#dD8+eyCy?-jPP_q_q-7
z%Rla+HvrFjcnr{8_|{b5gcV=S?+>PqD^NaHdMglSJ&PNZ9WlJ%He_48;E%1akKC9_
zr;@5fY#hFX8WZO(l&$9mvSL(nxjxTAWL*3GYRiUr@^}cIv)cbz&Aqh8T1(C#<df3H
zkQzp8kY8P42HgO1u((`?5DsiX3wd_Oat2aQmX0Z@+HR$grg_ZpQ_2deZ?oVBR6JnX
z-BU`P-l_i1Q#1aDU37meJAC<`<cw*;L(~9u?6g2rxl6Nv+au~HE4MI?#41h?Caru!
z8)RPb4F{bDysgT&Xx<T1pT1Wl&fMEBS<O6egud_ix*ekH<Vd5@8UK>-_sxR#P@j$R
z%^P<Hxo?!2`|EI0>Gx-XL8{L<!5;(}C@!=-*C*zgK_g>ctduaOXKF%2>Cb(U-zmGe
zSoQ74d5ppHWN$Cv>JRT}mrPLUc+<f$8`H)}C}CzEo-?WA<VeSl-u3!PeyTpTI}e(u
zzI?uf6cAnqy%%HNE@}T>Tw>(cOhzkzdYny408$}dpH^tU&MvOz1{3kgkX@w<U`HeK
z^O@wPgpheG7XfQdqL^@jmB**`F~t<Hi$QrVq?0H0=MOX8o0YvrwF_F($u$Crrd-6p
zb7|krG;(7zxJ#z`!*w-`*v<?G3Wck$kd%SoOccvY_yV(`2=UU9mxV>!W3bL(XR=}3
z(hn0enN^!;V!*(6&(WOdd_y@-Zzl!93#SxuF&r#_VD^QKMJBm)9Y3kg%Qp&d+Y+R}
z_irNYEGY*M--!oH60H`rTzTS${8YCR>WLY&2{2jW6h0Y#5g~c_lqP<kz7N@I&Nb&(
z$N$!H*UFry7UKWqz39UIvN5RwU+$?g8a>NFsG60~<CTQiljEiAtmBJ&);}jY$~v`j
z6Md=QN`ZUKaUPYFc_B$#P+nkKp5GI|cqem7L2861&7=tt&FEJz@cryxf)hDjPrnj|
ztt9L}Hwr|y`6vQkD_9!7he);vRsCE=w)ziPo596i$2Pr#1S290misg|O(Q42LU5$@
zcqw6tEn*_mvKt9jN|i!jVahEI0#tdup1+4?JtfQ(dJ@avgC^Z~WqPil5DWSh^4h(G
zhyeA3hZ(n$TN3#Bdn)7{Y)Ga7ceSh1Iz=6rLXDRm&7(_mdFBVx2EDjTh>UtM6#)v*
zK(0uNV(1hp&>6z&NC_hqz&RBLSAq-2-(hR@lOiqP-$`7y9zzQp;zV1CP`No?UnpTZ
zL0pcUVB;8hA8zF6d-2TY@a+48#pu$*L!^enM@0t8(g-29?!}Q8JV2Tb=-J(2C6h=t
zlAtiY7r1hPn@Y)*UQq#k333AXv1TX#AO<gffG-nHv{tVt6MTMva~QXIi!<sb!TXHc
zc~xKGE<slg7eurKg?q+u5P=lG4-aybI&8NLQlPsegr;His||Hr8Kj#~Zi{z%tTn?4
zm$Z}(`8}sriXjcMc^p3N{E7hNPnv64!by-CZj3Lf8;b2rgQ3K>&l!}4Q?E1TXd8UB
zd*Ls8xqGqc%5wc`*RisE3G_5njX~7i+>8%p7-l85r2{P(CI~<9Pxv81ALF^D3AN7?
z0DQe7(J3Mae{ZAbOv*`Zz>jz^%8nG%-z#c>IBU&ozz3ebijNyqvdnwIT-_%FwbvCJ
z<v@z1^g0)}Ccmd8NX;Fej+UMdZdrSlesrH#n-b_HBbBcOwIABr6pcuNkU+7wz3z(r
z76Acj<F1rXP*K8$HQ<rhWxQPAoMiNY0Mb>5EAS#IDPh@3kYF7s_l))&8`9GxAAM8c
zstLs|tJR3W?oYB<{AAld_e&c1{wfeY2j@bc?<&p5rx1HN0+h+r<F!+W%=H|;)~^hK
z$=;xXdv|8qbq-hYa~kENZ%@TP9i6OcPJL_{atC|G5T=LO-s*5-V?B{6aAwk-ANala
zZ8kCqlC*+2xGHORx&^|a1}!`+lt9D4ZbIUT$t?TGil@sK>ZV-aLKHE;Nm&*xc;WzB
z=bLnY%`VTssa1zR)usl_x1Ui0Z8-qN>0RJ1!mye5tOO{P+Y!@zHK_d#HUOwXvieR8
zAgmFG-Jg#0Xd12RWQk~6S0lcc`jKh?7r4g-r#Kdk6`w*3CzgzVGyH?qDG9<*Mz5}(
zjNK2$=3{W8Po|0R8s$V^^)a3AntD9yH}|diM!Aq;zR;W16bM6qW08oS$Wt}GyEU1e
zneWg>U{Mci#B0P0ZN5jppSq__3B$`|M_W_9^g%)c&Z;++uK_&?+kMy7aCRr*H~*dT
z;V9nS#bA^N$+%O08A?RkC$7waWUROq1}m$>qqLyhH$1)yxaSaPT~1<{csfLT-B#~?
zaW{R$E(F?5A3hI((m;r5xt#77-u!rpO9P_|U20LnDLaVP(STQU`4#5Qk_dn!7Il2(
ziXqby-iuRmv%3=Ee6f~#;s*C(A*zGXBN71%w>V~M#H=p%`KI`%H{YCyNXzi1nRv|c
zslkN6G6M)dd`B}pMGz+yv%i`etSx*eRNTF5Hh`>Yh8G~JfjFRKtvliGB=oz+yH!A~
z@QI%WkQD6H=(j(==LUx^W0^lB3^fR!_+S9BK(9ehT%-a^c^vcZth&m>8L8?qx7#tD
zH+`tVg9^|)4H-^Sa8=cCpE1su>(2<MS963woKy=*2JpSSe|kiagpFK+jgda#U1>uq
z;pX?CQ`==-lWkYmUM^j*3%8(YZ+O2-QK;?(5miupV$QRu9^bh$xWq;4xFKX>1^>=Y
zm#w#m3*zO=M-AsQ1&3IW!Z3!u3fAyzfl4bm9>$J-%0i!NeZLonOBL`kQQ5W}N`<f@
zX^SSn!F70d2)h#bbw7SbxRz})n>v}lVo)GNlG7Cj<PSNw*3G9wpdo|P>s7z%ids;3
zgs-XE?fgkZFjk7ja|xRAGQEzXB~v;R*O65~RhN-o)vLeP2|Eedl=!9Ex6_POwuDEC
zJ<=Y}&fM@&>N5N!>3n$>tBk`#5dIyDXug#!%<`-FJ+{ETF2R;qE<@s9<G!oNzT?<Q
zk0sh@TC(Tw_paO(1Kc0|Am*77+5Kuw`XBHlq|VWJ$DO`-Ae9vmBn1y;coEGzP?L2Z
z%BJzDN#oVXlOn{YNIz{Zla{ww_0qL|(QfD1F@K^XeVLE^PgiqklJ{^Flh|W!?6H>-
zYgK(@u;_8Jm+75O>T`s!BSgS}PC)eZP`WMOWo+0-*m7pbXSSu+r0VGHFk?1-*iz8U
zHnk&9C+(<x*l0CF2%))p1ZBTSqlm;x>*Y~|v;GNr(VZXoZ>I5?IlSAAPg|WFS$dXw
z#_nj%ZB+XfD=m8HmK7&`NAcJ=@v_bg0|sSNCs(}{gSsyrP5s0hRcWfFLHsp`33D5{
zbj=3Xe%-rUiwS<+!0$#_^AD@t+5ze&t~hW;N_6Z+rA1~@96S%z_=YgGEk+1<V83Ip
zkcFy~Z5rT!g3&Zt+}~8-liL*LTpDv44Mrd|@fK^z!L*ZnT=-?q)Ncb5tOdg-k{W2h
zYvJ}obEqU)o*R#ba_gay=5L`-{Ia~MSwDrRVE5YIbE1Gxk!?7Hm;WV?f6s{QB{q5^
zDrDfS)wkQv!#@j7lwBlz;h2}c`1o!8#BcRiFUam{`Zo54sxi*<Z{R$K^x^w$#dg*B
z|G4*`=qqf{J^8@{k>uKo0ys0>OaI1JCR{GF-;HAS@7xsj6B+rWf}orP+<2d^S^>%)
zLq%hR{vn_Ij{Nn8XJixM#$Oun+%s5x#ls{CC|nDijNL+5shi6m7Yz>g|Ij<GY3a-l
zUAoJPU-#g4Vy8h=(uuR77%)bHJY{Fnk@iUTp+B+ibFk<wM5+E9R)cn8GX>%kHrVB7
z<-{+CCbQE@6D&{ywl%rgSva=RZxIfBJmJK_C*<3?vT!HrQ-JH(sw*bE38UrygI9?p
zr1yCg0tkUbkO_5i`<zY7)fN%Vvd122L4|=?tF8d_JkaWjEy(iza2r)_wzV-HEfJI$
z8LJ0L!2u<pckNl4JiN*9DklFdJ;mXv?eqkBa8>2Ad_)sFzL+Yv+EX4vm|PFbDJ2f-
zwipk1wSz%BKE;CPNJ<3}{3A)wa$148Jq(4Y7#XTwkppw6a8Ow*sScsPTxr0*m3V+}
z4ay1g*WNwVWKSwe`l#D(XWlpgfD|Ppa8D@v-$jJBphWa43-l^1D&l}QnA;U6VcinV
za&MTL>qS?uU0M2!>qv-~GTi6mXuw=CUQxxRF?4LAZMPD!s#f^{mkogmfJMJVixIk#
zh1#>s>0TS)z3v`Yhtp%;D=yvKkaNbfskHmq&H9ik_9=1)n#1SsPQNp+WLG#4!pc_m
zo^@Tn@7`7Pxrc)qj1A`&XS3uoaM@u+&X(VoJ|wIV9807IbK#41JyVNpsK`Wn8{4qx
zVS(ccLo^xRhv#qD(r8pw$$hk;W$@-U$>=?*`y-Ci`iD}!^PUo%V@R;0?%S;RqkxYq
zt|!FXr40_W9wIg3FvyPtbT_IS@jeGvG0(=fe&FzsK(_+cM~xWwoh#RA%Avq!fKppq
z9VU~V-Pp*-`H*h^@#y!GwLkmu#+!5-g<k0pVQuhYCsjCzEXUL0Wzlol;F4K40+xnb
z7Vt;*Z{##IhhZg(L1o=;1O*^OllGjv?UlP_+#+RcEh%{PzB{Gs4lM&FPt$u7>)^dk
z%F|XeUI+`eQdDt%%-NU6r`BsbdU%j|cGq*6^5I}`V}ltMOuo#<X@}P1U7PKfW#6X$
zg9gDg%OYHaEIyQ2UyWjxaenj0jO+vxwbqakRCKxDV1^I$2%kKwtuo`n42e}A%R#}>
zfxQlI!$w9y)Ff)s-0@FeL<a!MjOMg=xd(c$cf);hW$|rrQib3^v?<@H54FRLlVxB;
z9-&N-I&0ExWtm_7!QtKVC#<p>q1MpELyzU&j$!#u5%h_*IuuBjb$E3a`I%zWbWJBi
zu6Kj{P^uKG>~ZW18MtP5IpRVJ!H9I(BL?o3oc=wo-UrKPD{xO+01k?ev$K&?UO|3u
zSBZxd{bkw{Zb^X#UD|hNSU@tn<~c`YG;k-A^##!_8<^SG2O=rIw~pz|eD=udA3X9%
z#nt>(+pMe^5#D>Yrw6RDjz8YKXYgHc&}}4LN{W2D|J6^+?h<>9X5q09I#(%ht6sCk
zEO5mbgnZjvzKRI*C;Ioo;uT(p(b0RhfLO^6xI3x79k`b*E)6uRHykfu9qm(CL)1bv
zSNvX^P|W-bEa6{ZqeC6f<qv4@{PrMQlDac9ZcFDcl87g}K9@mI+E&Dlz@opdn^OiA
zJa*rq;H42BD1q9VeD*B-mo}7d4Nn0ICTn^9zsr+ZxINw-X9qmZnqk_@gZ0w}TP;Pt
z%VO}egyz}=i@K%O$c^hqzj>5C9AdF4!J@rFULXSrn9w(tenRk^;czA3*~%(5m_MiZ
zSmAV^6F3CeUON+d;Fp^G5*>_1A&`K|W$;CKBKs)T%UmBsX)yXGBM9-(y;g(x5N4ec
z0x?rxv+=oqZ~nk`hM!mKNK}pm+Fb=frU7vQTQYl3m1;l8?hA<!n32M$6wMz(V?*>H
zS(s&;=(_+cOiliT+1F#V)$mtKQP~x;K;twOOK=~LG!xqcMV30r_Yw~!@@LPrD1jdT
zGn_yOM#%KOmLRv5ojf$;mJXZ$zBKL*%Wii-&xU!&{G+ya9i$~8b79<Af{i7*y{)ak
zL)$R~%@?BEE4vaUU9MgpfjhGTw}(YSR~hlPA&Oj`_(aOpY=rxm^`xMaRa_tkxKBG+
zcJJdUnaEIicGKCDPnHYOyvC_Fd^>fEeGy-D%}#@k*G;z}EIZM5^wvu1e^kI^)>C}}
zFIZq(y(C~8_)5mb@M>F}u2+X|a{uK|iQY!Gq8snFxgeiUW3u4G5cTMHz?kq$4p_A4
zj-R{)*<ZEy!6SES-D7E36r1%LS{6ftC-y7KUtQ0cv$86R{Mi77(d<Wi(;q_VTi7}R
z&bC0<a3{70kUj)ssDI8Q+6UL|X%r7wfyfZ`(DpGL{ROha0Q}0&FXRD#;VHnjBKsJE
zWT_q35K>qZ+Rl6M$Ce9NAPnH^OAPn|dLUvHfVw$ig;zsL=E%ZmdPu;X=#f42NE@Ek
zZU_J->WX0eKnRb;NHuI?12`+9yR;CDR3KuM`EP>>d=^H70}kURhD+d~8zMMBix#4W
zK?@<k0uG{^K1?9uJq}nu3<ul+(DDkSsXv%({gYaX2>6v!uaARLt85iV#G3jMIb!xd
z`h=(^hXmJVKl}BJ1T0P@Uy8Bq^gOrx%d1i%;PC_w?Ypl4K_&>r1U1AS3z+u_6Xp`8
zW@H$aLIRI*B7|3C(CTYrfTR%jO8F7ralxt{w---%iQtcGx8%@GkN0dP%d^ts4INrY
z!i(L?EKvmG$h&q=JAQ-!Huw`3&=~{7ap%`FA~+#N>N=p`G|U+P&Mg!sOgXGT22o85
zp}|CZm0AZVBZoMW!eKbz*LP0Y3;kb1fHwAZ3tbi%!4ABJuQ0&*O+&io&Jb;8$h$4s
z+grbxPZ#<7bvbOhW@aJ~L^Wt*n8m*4H!H~bPN^Upq~x#CbAXo5ozm}k;L^W#D<A^w
z_gw=i@jCd3b^H7E9?#^xKH_;nHzj|2OD0^Fkua>HtOf4zcsN-v7jj=#hMxXFYZcNR
z72(5xw|yts9lF73qxLFF7jWYgU3F>qBf4{ZC2-dkk(%eCKRfdS*kD$bQG5GSw{l=A
zQV=t3#i<n7-h!d2{kr8s9IRL*uX0*H;NTWfr%T+O`^cXWMs23T`a5X=eq+4a_v6}l
z=!A+m+e3mn`iqYWah4#7|ACza)bVXk5}DaJ&ic?0akuq4#Co}HV)k4?9}ADDw+Md4
zx0vYb%10}sbEerWLPpD5;r1>1Nu1)JD4Y9LfSqqibivWdGf8X=I&(-pASr3sY5}g*
z*8b@mqZ~&&46vnBOm7FKd&~Gzzc`>*i=++664s&jkT5Kb@oG~Babyr7l7hu7BH8ux
zg|&YPGJ}`M(&^v@(Sd=A(eu>AGX?vlj6rz;A*+>`_*F@ooDcvSX_zYKAZ9RW(kRH(
z)ZtrBrmmmrI)aS&sC2ymH|KH7IQd7lAuSSx)&qkGU9AuU6_+#K8WX0ru4TjSUc7t%
z{#=;izLBVy%*&8%F0DbiR&4pmyT0V#xwJf1E!|EXx^<>=kZ)}&fGeUTv?DVTCu@aW
zw_56`=D+)fp46+lNb%T_zGL{5R8G!B3KBbe@wVibs!w>`*3;kg3BQPKCtm-m+v2Aj
zky$UTFOANNTf*BGJ;Nt&)SoxBDAh4$vsP0qX3eUjYBiA8Z#B7Qyn>WhJhW69IeFF|
z^D4dAvV`@`SBLA*7krHBYI3Bs*=qam-h_bURXGFRDtkj!y**G~BMGvHA1^{sQ*qfg
z+_Jr7BeP3*&K!)z3hS8URv||6hV#)htwzCm^AS{cD);r`Lezu<sIDLdTYjy@tCEf~
zmYfrndCohka`~lN6Y?XpcoSL^!6R3bFPUMa(qLvFDTrPg%;FA5%P>)Qxa<<d11(!G
zL3|L%6|~%eKyHOabfe|h;Sm!UcyVZ%5DTvii<A~E)8LYV@X#Q%c!I?L&jGoQetu!z
zE3DABa*4j`$&US6dc1@uNa1clCnWE>`Pc_Huxe6h9$OJSozSaw+Eh>zM<O9453-2)
z$_(t{`HhTy`YVDaV_yNBh*eUrWt>LW+|n3GC%5~<V5)s2yn5DRBDzMwaw4Nf$IOh4
zti(-OiV45Gcl%<&e4-bnkXdKM@UKX^7+jd%EhJRc_XEf?$FdZ#8@zN5ojAD>@$<$l
z5H7jzIN)d<Ovf|0vjAiH)61u*jL#8C{vUoaxgWjI(I98wh&;PBDihNh>pt#1#RHv*
zH56|-EM9uBGORrK(hw^DPHk{-Jbi=f;;~9Ez6fmVegeB)j3ITsv=;u<8v8Kb7ua3_
zF0F@}(l_$>71|B@E_}~bK1&IB1qqRII904!CU@B2V0K5A*d^}5V2yOfMsyS?l&&hc
zU5>bE1E>=LFE%;ebrK8TND;j0xCkW{75-GJ;K_y0qJ)NXm<DK#{UC-JM@isR`^^71
zppmO?y3_*jhgBbx5dr!{)#p3u-5T>6kjc~4%CeH$#%vr)X9x`n7kpaPGLBD#49Xt9
zspM0&q%a94M)6wwt<>qAFU5J(ZkN3=B3_1SsOv1q^Diw;ZgU+pW7N5~JB{Hj?9%QA
z*i29y52u*bzW^x@@(X<+)=LtY#KHY5CDUTc>qhp6@K8nNJrJI^*i)K{lx~vmZ8>6r
zO72Vf_)^%3p;Fi;-^gQ|%UU>{*}w%JAJRiZ_6NrmLoYDi9CG<h1z+XP%Nd^~ug$;l
zTEt7G!^Rtmg{T~yIjFe5CeCe;`<{m7Y{$$Q9~^r9(FX^1oh^Sb0QW4DfEU~J2jDK{
zo?2;Mw8*%F&}Q~3GC>9H@Vn>r+vX^B;%%YbBb9t%&FMHKoF>{NYlNY%Zi=n+XA;@}
z^W+!Fq05MXF1c&Irz8cjLf!Q0r3(*ggA+U6cr87=nI<>qP~qEqTa5vtb0Khqv|0zb
zLiAs+;)uuj?=xva8xHVS4u``p|I(8KV6c$Zv}#)XN({q4yl_!z>>##z8ij!Glh`ZO
z?(0jtv)(c{R3>py`<^xyX@#F+2`V(f!f`?NhjtIo^;P-<>W67kE*CsWGxp0a2njmS
zWGo^4uZ}5<{*rjf?E2MInEdGV7Y58RG57#BA6^gjsn;wl;P_{cdv}PDF#+p#Y0kBP
z!%8glAUyfrokDZ~MBXv^R6=FYZzjN*^nv#idaO;C(`6H;kuE90#*W5bktaE&0R#jc
zI68mz)o_5x#UfYs#Li1=J(~Ppi5E1UpT7z%qj@lXKa1DVC1Rw|vYa7Rd?`i1Gw$5F
zsQr)eb?fAoI(hkNtosr$#!!X%ue}bx2;#eZut(^j)Jjjt3G(L2weL1Hut)LL)@OVG
zAksQLbW(k)+5BFv+yNZ7d-mr|cXq_eOV3-IVWmT<#?Y#b&wd$mOHi?&xc~JhQGmBu
zvRfMTQF+oKN|5&$R7%X8<fWgp_iu6L!7H8GJ6I+Ck+=JGyQsiV%>NC-e;f`A<sKUi
zIRw&xwtpoa%H=CA?=MeQ)Gchj(1_3H)e@Gl+O6RUTC!on?SE)SJ<%A^F;kM#N;|<9
zY<>PFzyPc??ZD+ur}^9Ct?36;!%2r}v}itj=_S!Mn6y~{hH86i1rEtmphgKyKBR3R
z<NkW8MhI#??+_^9e~sf%XsVE&N$OTAZ~9WP<fa-fbv)yktR>6E4?9!cQ~i)LS81_n
zaS@BNr}AdE?#)rk$9WTL$z?2BE^Ri{ONt<%(Z{ql_|Pl;A?^f2YEaO<(7eDh^Nbfu
z3Lk#0#ut3No4%aU>b$Q@g%9P0hVjL)Lx<1QSAuRurV698by7Q}Hv2_Gf2UQ`O=qzb
zx-X27y7}RX@+CZ`4gCg}h(at=k!V%?ViSeYeRku{)TnyEd#wa=0JF5QDzo>w4IrkX
z+XlRf=q@)6eQasV?)_OEtPv}wU7kyfOFMdQ-mV^;$w(pyz;yvP8s>*kFAT{yM_cba
zxwKW}?L4{%8Ml0w=~E}TuwD~58(*mD*CJntzQ}($4|$MMaV?)Wswtgp!%)U1DnHW6
zt9F&uILQ{z(q3eker0D<gu$&{Zs-1CGs&#S6CWcv67M%x$)LNE4Hdq_kL7nGy>+kh
z`(J%}#3{PPhxdcNjBy$ux$-@}pAZ0NLP3f9we@W?+i$(&-AKyzJ9EH-)piz3@r_SX
z#?JnvZ#~(#SY$#G^X){6^Gl>IVLY*a<jv`sLRis+db+cfS?ln=5JV~c-8)9eR>sBW
zH6s?J!@#z)nlMuQ*8u{IC2ubdvxfS$kVFBXak98ExY37{kADWT&tQL1BRt!)H^*rA
zH7^>BN&yU&TQ^dW%kM&eI_=32VGz@Ofv_Z7%RH)eDk+xP=2-8xt__U!88wngtnbYZ
zX18#OkY9fSw|*I3p5@N-x`$Getx69PelF|x3Cn{4AwnAW<7xDpE|3EGt-7o%?_fEX
zyHQ~TnxJn%1I{)6mofs}B`Mi>`3p?uagX>SLJ#`BcJkiCeGKZvlzJvlgmvoaa_|ah
z1=w7(>Kil?$-+oIw>RHE=|x64iz@;={JnZS34Rxzv{G3L`zluzh5qK5jG_S?m)7O=
zz_3Kxf4*~Hd$_<VXt-4JkgA(*5V!ar0`Fr#H)r1>F64keKBFB@tXu2rO5OC2b+LQD
z4r2VKU#Q~3&~FX+J@|V8oXRNToP^WC;9bVX%D?~^b_Ms(=+h$BgMcL>ziUAtoZmyE
z3Yc`SqY8pvy3#J*7hZp)=_^IWKJ=RcFXkBi_xlq8mDD+X%>19&pRjXT?-EZ|w?r9)
zXghg#6b%+bfdg;16e?)|=g)vq@b6L~$BJPf)i&Vr>L@(@Te(Eim#5L=VyO`h+3!xn
z1U0p#fE6kOpF6*-U?b|7P+fCPm(PM>Vr6le7Xg(O>&~c+#oc-!^9dPuRu!JK36{yp
zb)QbUwJ_eJvj7LROv%?K2qNR5)!iy=aF*^G7M0XU%veowhb@B~`wO6G;#2R>^13`<
z@qY6=R;A!Fr)(~z5_qa(%*)bE^&2FU#BGzK!>QOEV_+vLg<o9l8kVS58fB<hGjPI@
zfNy=>95UTB8f^7Z95p%f+v(_Bk4=t1e4w>naj!h4Mhc_;=;82kUnuJ$Wq<HlW9d7%
z^<Y@is57q`tFz8!7miKHiF}EJbY}5$o9p-QY0VrF`X5PMKe9)UOpo*+;((G;z-R0>
zxGbzRyT0Jf6PsPSV3$g#-zSP|l?`g<w|k>aq=LgO805y24i7i2+JY{6m^n{GP9Nzn
zSWq}v$o1XtVQ?<Z?3uMK+SYO&h%&}d(X33MX6#P~M66>{E!o8*^(m_iMm+^de)5ft
z%vEo<qs&vi&OZJ}#a>{Qn<pNGT=}GQ^)bJEGup{#F&smD9-o@#u_hhdPbg8)e&wL%
ziPDr&AjUP4NvQ9g+ulFMM8YXGE3>HmVKOgA%psUh`{1fJGLDTYxSs!1i>Y5TJP6Y_
z22{ja6)Fxt7*Lash~pJH;i(HW0tWiWbsvYrZ$ubC^rKW9CgZMP)+IKR8lcJd>)@z@
zFM&E}WY&IPaC<+z0gYHY59gA3=v=ggVTrDa3T`Z*0HIB~XDqys3j9-sRDrN=5qU};
z1{vBrBzarl0v?I;^I)zZ9D_R`f7ml3$OD*_Ki5x?*w12MOoJM!e=MJ2(I<w~nd`*J
zEbCyQA2wTGHGH43_+vM;KL;}{ZNAkwHCe8yk(Z%09(Mw_jkFz8bmnRJzKq0`)!eLm
zuWU<z2MMgVo|oSoLKjG*LiA_M7kOj);cY1wi2OhYuodyjE6K}hTu^iy_nBlTVR*NQ
zu=Ck6xO3+%I%jIi`g2byIw{j6-8IGKmc{swz}o09T%smaU6lJ78&Zg6zI%gBAJ=E8
z)HEr5_=K7IvY%15^TNjORv91$6P<h)v37IGa3JWT6jE<(Y+AS;Pnx7j^hEdlMGc2s
zs=5BLh5mKFV9+?68B)wh_m(xhja&XBnuy1QcBf3V6oNv`EZbh+%O#eIRig{+T|&%`
z=fk-qX*PNFG9IDzIQ^(JA2sRTmg-Sn__PWrW}K+P$O{o#F+K{awDzyEtbZyeA~y4B
z3~NPm>XXV_`;y|#iWgbi!ToGfFd%LHdb&QIR=}N8UcR2~){+!vg&Xx5uG*t>npiRd
zhTQe>blVp_-?&Rkazild2=c{YBGD9pv%aMge2jV5nX8u1gTpY=YwxHvzk0LZ_dZX+
zV^^7Q`2p=BFGE=8cSf>=F^I{&%r_4XKU03oZNlZy3SFqo1R(K9`dva;KLvN;eoSmd
zm+o#cP^d=3rA+7hHz(esE$1Ka^6w34U_bE@{fW?fpycl4;c~afMFQp~@ix)QdfhTr
zn?#Yy3uc!szC?wgn0cvAu^5xm!xOP5#{nNP9e@K4IV{dObs#PWd1%yrkjt}(o6QSt
zq3hE?8r`qI)2aKx7Y&!hac|Zp`v(TM?Hf|CV>P{}%$}3e>-QNLKGW73<w_cYxAByI
zzDa!cu;9ZLX1h<p&Q>~(#?BLu{e#T1OJYG&Ql0{X4x%d?MZ(@a?Wk4vy(gEeu{=WG
zsv=`uo|$Zq=R`+O<4szBq&ri)gp`sZjxYV|-U-R`bjyP5DFU_}NVIrf1?bGs)7HO7
z>KA?~u*c=CIf*HF_4upSx<Zn~9o?jKSJ!kzw?%xBLSY;RCywr6PyDK$<8Wn-%X&wh
z`0787$)B(;(>0G3Ga?JSzvOMOjn3c2ZXGvSjvd9sz6skoh&@GKb+T#n5c~$WP^mD~
z?=XBTc<!>r3`YJs000bA;jJUhvc9ItT%rp<t_EXD^I?2h1qBm6?_GU*z2Tnq5<_)N
z$B6|UYl70t#O;@<TWxir>HjFIf3-b_9YziagLr3tesK>94!?fzf=)ryuoE}%@wGC;
u;V}2Zc15Oq8Lw@F|NfJH^yRZ*5OdPJ|NAsX+xNSxsD_%3YK1Zc`o91r;hr)8

literal 0
HcmV?d00001

diff --git a/assets/img/posts/is-03-ctr-encryption.png b/assets/img/posts/is-03-ctr-encryption.png
new file mode 100644
index 0000000000000000000000000000000000000000..7d38fc5e7c62763ab0515245403c847ea667b888
GIT binary patch
literal 12532
zcmdUUbyQs2vnCoKXyfkg1b6p9aA=(14#6$BTkv4P1HmN(5+n@-cel{EOXDun<lg&x
zZ{C`DGwZGQ$IM>c`*hc-`l{-y+UK0z9j&G+kN%SQB@7G<x}t)N1`G^BJq!%&1~NQU
zLdJF(0X@{Iz1EV29{>Luw2N>P(1?ZHHB>cW?#6+wh=&fv*WC>#Ai_mfi*;1wmF+WX
ztnb`I+ERE)-X@tdaTj^?<?iJEY5dr(ifUrf5y94+Du?MaX)rJx&5AOTTHXr>9l_5e
z1m!<`A@~CKpYma~Y?wXqB9yUJ5*bzs00%2$S3t?8?|dOO`t)Q*mb|iO=Fp4zeMHQJ
zwAU*~#M%;5ffKFkKfdCwyg}c8xgQ%1D32YW>92qC;>i2_B!bh$sT7Q~QUJ%YPbDLD
zs3oRI5^#g01E8x$9&CA+b^u$J7Ff(7(LA>VKKdr=fZASPNzDow*vf?^|B)fUbf;jA
z@k2A(hV>{$M56*~GT>t!6q#pVNeqz_s%fbTCg3<DRt+gNW;w5>T|M`MOjK2QVb?9j
z>A$}#q57^N@6Ccle8AbmdMgAQ(W}Z31x$M5?sPk6e^E(2U<gR}y3m;kPb}F{AQ6Y{
zMa=1Ih{zybfmtPp)`KCulaRl3fQ=)|7fU70gwYp00I|g8wtEJg|5&Q_+R&74Kr&6$
zmQ|Bilf^BgDx+2i!De8nLOvajscjw1_7XZ)*d!{7NH|9sF{0EZ6W~uu7yjXl;3l4V
zg*|tV^<7U)5x3Xdm8vTe_Pt`ld2lr2h6FqvgCo^x^hh|v<O=;@%u2#o45O;Fnrtls
zovNxnV511n%qN2%lDd+{>v3`_G_k16TBtVSif=0@zP9@PjwATaQxIKRg!YYLE^2=w
zufKX<@Czl?AN6w#Li{*%DKRSn<#_5j5&1EuC`vgwJkI~bssxRdICRylSozwu<R133
z9~%U#r#*bDIcI<cb4T$tx?6uDIxnK&m_)y#{D2s*yG(yRwM`y9o_ce{%0FP2ip-s-
z?5^Nl5Ka6G4==)9{v1Ua82=@EN4l3t*MM+cf=z%EKm9G@4U|VR@BD*e8q2&aB}*;9
z*Ej1ijE2%KU{=ZKl$0$MF;`hVaLI@;n|E=&EFmq;MQswH`1{YU)Bp_ClssngRQrAu
zCo0dC;N+Bq)PQqCPrQyh_junE;t&d{e;^d05SAmtyxx}R(herN=~vNdn~H$^+1rid
z%(N0QUv?<Hv1heR#?mf-(W?kPF!#}=hD@y_Dd9M|*c5zYcd0MMPv#vdK^_xkK3G|A
zI+%ZOv#d+}G+0laKq1v_k6ezNd_5%Hhcnos?^B9YQ@IK=8##Ns{-ymjz2EKC9qEWn
zj09OI|5a6O7o)59jj5%_I0FT-Ei_(&Cb>3m^bWiZY<W7@dn^r#!4?fDM55O1@nWQx
z)~AbM<Zl%1E&Wu;<4GUCZ1fMew1mzVq*QKBBe7J39@b&T^JK^5$HuZ0dZSB1QM9l(
zQne87^uTF-!m{3$yuK1V8a^`yVhM*Om=5&R1j8PuW*H5c3hP#fO4U5e?_b1{rMuv3
zW;QNi>deqAXaX+B-7>WiObiVHf8~{*Y+71OJ=c3$Edyriq)DTLX&3%@cx4EG96)=j
zf@Jd@V@08T$cQ#4uRhcrR=@=!t_Li|$mu9k{hQm#7)A|f>wZ8;LlCCJlN3w$qB~W^
zF$TtK^Gx(r9tpuaGjv`8xSglo+3#<(^fyh<q3q9o7Z1hAvJRcG9BmQz{IFuX5tdz%
z2<A$yv91oqyV?29$`Zn%%2KEX%~=wf^Fc9Qf!JGU)trmo-PcfGkE*Z~>izq3zC+I)
z8DVyB2^q;wc@fGP<jfd7ESaB!E)SpjF12N@eDvzcG^;Dx2jIaYDV4WOF><idB1Gc3
zIy{aI_+Jk^;`Wp=<$2BuY5w<$?;TA&*1{Xr=f@T<jfXR-0_R>CbREtYp0TWl-p90;
zXMq~9_8&f#^bV3p9o~r(0YfdQ-gf<#OJ9`A-~2>1Fiu=&^TV$u<;&#qZs3%ZG{~m$
zNXFtx%ho>O;<uWc)s892WWT~F+XN=fB8=GJXe~HX{;~S^Ox!>&yDXBz8cZwu#SPj_
zUK}f`v<Y>|bjNH)3x?BLcxJ;mgx4=%&N^C4uyL&Zr46wu?^Aww7JU!)7itZotr;nE
zbmS*%A6aDt)i~A};r%{tKpnA$OAzT3IVMS@_(u^<@8nCSOb?=pj$_$h9%{nUsd>EQ
z4<E>7jJ{qKVv>qHNTN>X?_$?Qa)>tZWfc}~3=OqKhu2^Vc@MDYdk#3~smA}o?cMmk
z?PS%Qy4;sE-e*_95DagemZ8e3-Mq8GQ?EnV<J>V#RCr%mry3$yIC>)d5ezXXiyRqe
zKuC8TsT3_NkL^Qx-6SYm7(0|Ghrgez*+v47GMs;-ArNmpIJVamx&Ga}GX;ddv{Uki
zZnBpDT`LBPqBrL|Vjy3;!V2OgQDGbzzQ^Pjf4g$$tCnjwLw>F(eVa*-oFmDESr33>
zE=DzMTaJENyt;Rv%I^(q#N?!I-)$4f9IW?;!c1KN3JvJp=af|qBH;9KNg}ch|G<wF
zntk{IrIAW4uEgbyX>OT$VmQv%rUXBiNPfuZ*eKeBl-7n@(W9X^3mRY5Y3xc@_;V{X
z=4WgSO^DVe1%-Q%tNU8ifqiC$c|9>TIOCa>Oj@`6)i9)Gaw5-r#-fdVTW28@<3Q$p
zY6&4%$FfW$I%^$Lo@9vYclk_W*qUkuXF#LcBCOKra9Q}?GEzO+H>}&M`nK@(^8EyU
zX5X{-vmM!tg532;-`1RDtQfZeCGz<D0TI5vJ)ELUAIX%^6}6nwe>63%uy##C5>NPE
z;{Z$na;W}Vvt)^^2)CGaBb7E|mS*fSk)9EZ%8N{L*r&1<59=P;uC3~}S+$+`uQJAK
zB7jW$2?jQC&h%c?N+WS`1^p8pN@9hn@~Py&O0UO@gk8F!VjE_{KEP6^=GSquk?b=d
z$>%8l<qNU=no42bdL>Myk=OF+WSFV<MXXC5HuU31-?w=AQCIjDFye|H-1SypIiR$5
zYRu%?71U*MvrvpBaY)F5#|CJW5}}Rt<lC#mX~;wj-%jcWl4*~AV;tW#3|Q$lpkrt}
z`qeXb*E%z#BE-NSaf)n^P+7nx`zwOW#@lPs^S4wDHX%rHhKVh8Y};A0l}WI{p&-K2
zA7%L{Q+}`SZQH1p^Su3n@k{wo_Fm$Ta*;J_ud4#k=>U@V{3*^<wn2=ZwUdHAw?+<?
zn^864c~?gW!Tm4OYQsHG$|CDk9Si2j7YzF|SLNu=0VN`Z=YJ3(#z=X^-e}hh@;VwF
zi&IUk>(F<2<hSG$enFY4d^<C|bQ_ClhBu20zaLdl`w?j9tkX+F;ki@Kq9$l!FT~!o
zZNC5)2SMqqgQrj4S)=!0AA~YP4*Z;)(v&Pmf}t&XQKNO7vrtA@%EuhTPChA!>Nze7
zEyWdZudULYQ5M(uMswHF|8*g3oZMc_>f$a-gq;&FL(oRz)ip@fTVHn*Zk_hWteP@(
zLF5RLRhGT|I0CFSAX$elhrA;2`^K`-J((-r-6LiGD5audovX{VGLvrK`Mon;9Ixcx
z8I2L^%==SG+WKUM0gDFq*Qq04;wrDM_0BzG(!xZNB4o(Te)Ky)I+LeluafFjZK-rK
z#!y{~HXPhrnohqj8ujNdwtZhgQg}}YjahK-FwK<UqEukWK%hOgtu2Z6mp$n(0xYCG
zArFhymV#vNmZZ%YfX#R77}`k#l7OUzLsbh-BC_<OP;`-SBd*2K3=>uxlADtmxh`F3
zrQLM{7nV6NrE#>4`gdVHd|(btZ}#%YC)?u5zYMcrk6!VELLq+7ZR@1B)AGKIDg11`
zAtc+Qe>~^Wj-_C@uxgs1gQcH4BKA}Lk+;Qg-k{^KLpKMVAU7#+4RhZrpjlKpwUG+O
z{3QZg*ql`2$YuBtNzw)^whhOgP-8fj{V-jcregu>qZuPL&M$iGw{2&YS1*?FP7A4W
zgKs}pUlcH{iDwuj%zXQ)U~@OaKeT5)hJ0fFV>4k=v}}J0|MW$}djq%1BnIeJwlaLf
zlw`}IcpLu<v@=F(z@$K#|C{kdQJrAOV@UShrdj9|yt>yX+cljO8&N?6A#+(eDd`BG
zj=W&^yvJDW#OP?G&@j{s(1X0~g<!ECU>V*~b^p(&Cu$Dnxm4jLv1G>SDfNOKqH-LA
z5J*7@dyh!cuL@?#yr%C7R7!t#j@OEvU$zqzo8c6{DK`t)ISk-X=%QE1)9Sh%Tf8&=
z5TWux>`TN&LDN+mC3-exfCl=$v@^s{l9*5OwwQP(5)8fy;c*B#SLCh4Y-@uc+Rh>D
zrr7CG`1&oQPSm1IFiih9J77|c|17|pwKlbfTPmlSL#*QZyxsgWK)B*$Y`)n=UZnJn
z<BOzi>zuZ+;H@39NJWElK6!}1>xIH5LEm1p3H-L<abb*<Z##|&VAqddWu4v56S|83
z%ciHUdFPKHnrF{B%MXDQ4^78W&wjVv7M05b?pQ_sxD~WrED4zW^5<0Ub|uBG{B|ec
zj}3%C(f5X(wBR|o@9oMHca1J#f9x-)6*Ff4Qu@TN=*vP{^sI98Lm{K4lk1P^B)y|Q
zthh8Zfe|-+6A=0zVYWMq$g?QntQVZ=R02RyZ+>B6frDT{pdMl>wMN`@_lSwFNti!T
zHwvN>Fq*m=bj=bnYMSuKE$N3hO$-w6ImaNKG$8xl|BD<pFm9Jj;B%9hujnhWzvaAs
z2nSt%so?$daq-`Fo1Q3I5*;vjYMc^?7J7;}Z+)}DOhITyPpAe8f?+(m=+D!z;78Jq
zEvyMc-i_yJ+w>hmwzPuV^oQpuC$t~nfI&5^E&V*XVbIIh{?`nJlW0OK1;jv9KC5rM
zlhijDu8NEQ4R)qJgzbxovu@e&#pPfdhjQP!PH(lrjC)RFx~1|C&1(qg;*lV@sgl3a
z^3V>YPWs>q`&HYt8Qb8S73H1y2V<$vO+u}7WS{s^FV0ASlO2+VW!s6iBPSVqv?GS?
zm0DZHVOEiZf>uPbJzMKN=8a<mqdU17whe0RV%y+R&p;hiZFIUux{dC03`6IP-1PHr
z2?8(n8q%`1+TqmEWOyGp5raI57};1R+1?r!(7i>IcQv;@&Vi-Q*QVMc3GzfB%{iX$
zVh;Kokxbu+jIX30cJLI<8dB6ZH$i0>swWf{LucVz(WN`_?jdfcAbL$ng#xg|XQLzK
zt|CKY>MP4bD$1@ubBtTc|5YYomC@+{ZEee_nu~EAmBM<wop7Q*fJ}VL+F;&kU0+%;
zMIQl`j!o+F$pXJa-NIoPD?yT#Ose~tkyRGkDQnDVm!`7aVFUuhdCl`EVy^cJ%Z2lV
z@<#g9y)L*6d=w_b_CyVdjV_}_cj`Pji8H5>ZW^(s1;w&`k9kAX0x@xHWSv}5CDI?k
zpS_4r(!R>SMlr$XB`X*jk*JZ#c=6HQa`1;;p*wYF9~WtNe6HjtOks)es3UcwFj6c_
zH4V3_yeVouMq5DP(;b`C0GqjTqzifoQZ^J#|0L}^<fB0jd%0@@IT!j$9J?!}_{m)7
zEGfzcVZvI^$O;L?R?u?eL-e(cYMj9%w}FZxj=`U7&jV{@6~0?K^imZ|)=KYuCv*72
z=XhS>6v1?#xsuxe;c?P6!iWB(X98b+^Df3-{V3kBA)KeJIq?g>LrO6g>tWd*py5Qc
z=!$HMb%5oY{$aN&0fCK$MPCOzTi-6{tzThjDQ*Mw(XSO}Q~v4-Eh7R&wKafLw#RcL
z{Y8iM1uGSFDcYM5;s+2!%sYg|dT^jErF%qAiaG&-bz!F?*h)?SC?#y0=`RW#Q8K}M
zdUuz8E&DAGsx&K}!;287L1N0i1GB-~?Qo@WuYykex})%z)NFJq2()-l{66PVU*g7n
zsW9^{le;EQqX(kzlHo<A+vWU|cj%Dj>xtP?ZB)Gy_0#=?_4LDbo{VFUmod`cHAph*
zOMSko{=jChBfI}m#DAuu_{~~d8ZqY~7CI(J#sUQ#uRdjuw=o?aTWq~V&70Jg_BfnI
z)^I2*D1Wi?7<r`O)Ju6?xmzU-aa`lDEseg#^O^5n>`+M^d_)&shE3g!AiI4LXA@1>
zrJggVI#}3+%=im{MP~<m$rcihjZbwK2p4<Yy1@8{DHUfjUuQs|V$Gh7XJ0SImFWZF
zOZb8VNz&=FK+^g=XZ*FH&6Dy=f~YO=W^-uA9Zse0<|Hnv@2~hVs1It`0FGW@&p)LA
z5#*EVjJ}sh9s?&0BEiBz%D%s)JT9*u`<227-V$5>Mtr2JGA!ZQ_+T8n5_sQ9ZSnNR
z;!nLYKJXxm+557L``KSB-(s8JCvxyGuI79M?0x59_2OlVW$Ror=TKQY+qQeYCekJv
zi_2Ll91#$=Qh)L)rxA%@m$y@5W|Q&_<B1;4tJrn)E&U);Zkgj5opi_G=79$0XEqwY
zZQZbMnCeT)N`4vpft*UE^PH~@e##GN12%tDT<DI0LOn}-QlL;pfF<A8CtW$5^b6DO
z1hruz7QGqNDePVw+dW;pIt1%%_OTzM@Fjqkt5C&HXNsM4%4)SQ3C$E0f7SO_xgtWf
zm)&!()>>ZNTJiurte-Yu*`r3(oW`s~Uc=;z*s37Kb8aZSs6~u*5q&#N``UR@Sa5e7
z8pn9iK3_Q=wb#=I%=Gfld+M|KD1L6@7nJg^f~xew_5sQ%oNX$QU&RU#$5jrdmTqr_
zqsM;3xX2@fSp!?(XameMD*C^2o23->bw&?VyeSuPTR+Mxc6*)2^;yLyHz<!O@#htM
z5)BcEkM)@{l*z?&<IwY+L$g6YG{{SVLns-$gpQ9PUGdI82?oNAiJjhj{#@Kits^3p
z6$T}@M%wor%>3wBbOne(uM13Of>XCVOPCgU(=Tm$<H(cO9tMWi;#Z8K&4e&I+u*s*
zTs<SnYFXWnz+@sb<MlBUx{?J=aTT`xCF){%RuyXhwv4x>g_fD%mj?LpLEz}$;)+v<
z#?iR$$JBN_)<PqnO;Oqm!qx!}*d6;1R#;3x==$Nf9Pwa^r;O@sK&^}oA#_*dls(4g
zz~jwg=F<836bi)HU;85W@r%aX(cz;qGxu5iQXYW-%O+Z$HV&~zYJ6qZSG6z5?lMd$
zC#|A~6PP{O8OGqn8ouG2_)1>uvPN3CD}D2Y9s?XmO*K9pztbcQDvp$)QdQS{zVJXr
zE@=)Xd&BwKcYlw2fgKD^1q%SB`#W**-q!a&@4!A2BR{(CL94_DKPUKxH&~?9P>CQ}
zIjh`u`W7;Y7<M!QoK&<WPfY4kJPTg!swO5z7EBPds4@^GfMQahn3ctxIPk)cXXonf
z=G5QHkmeE1BVDGL+U0!_bqE@4$Z@SYR&(c!L7%rhG4L)Gw~4IjCMg_+ipjG3=g4ZY
z{Pw0oVTJwnXKQZ$K#wV6ipOwD09uzEW?GX_XrH4V%^q4~#@}$AP&mDG{5Tdu$ks8w
zzP-zF*oV~Q{Toqh@GGLFliu`NN`UtUG6nD|!(Cr=4q+xrMEZ~p@C7+%xh%?5+Is=d
zfgV|}!<#>{X-q#flp(A*wdEcD;Tc24XJa{x5Sh8qrRzSSBCz_!wSb}Ye3~3H+%`WW
zbtl%G6eF^sq!B8Svq$3#q&LVues1r2P4EMI9zxH;C8@8k4aMqJcf3zN7(bi!{AD(V
z)f%pb)g1B-{}p)8jt=7!R_7=D<jLt%2W~WM#bxRb^gI?c`wveOMJUw;2TJC6!Dl46
z02^fRA7=)CoMA(qp^yLxY2j!pE;{-K94*+i5jtVO!4WHLVId&AuZ<s0baX3RkHfGw
z(D6fbsT62ekh+$_BZ<Z9B>=7Ah3FjyjLxtBU|}H9hjD`MXCZ9(wDkwGkN{Gk^?88d
z!`J2Gr0^IC!u%)~X;ah!%G9Q3%zYPADdg>d)N!&FO?=u;@J6kC;IRtExz>Y9$tn#h
zUNENwU^QY#`d<dH0+du?Cy#RO7hT_XM-YEAAw(ZHC5ufQT|ZQbv4Ou&od3&<x1<)d
zDF&b|QBeUy`T?ucXBk_)M*eH0SBxYzlPK<^3A(ePPg8%b4aXfwby6Om8O|(-`nmeY
zwUSs1f7^Y8+C2@$I;9(vf*eghC|pogw(J^2Y`CU_dJ7E>S&6nrN96Ds|1n*mpd1HF
z^%xjA(kmc9^e2e&zvUy}!y(Bc5Wyj=8XzMSw1>wv{kYwu1dsq(E}18>dKSIqQ)x+S
zB&qr8b&j-)sp6VW5*WDz2A(x4{-r@kdiE@!IMS~EOQVbG9&Orqlep8H1QPX%v~!fw
zwuX2FI%SQT3jF#cIbqD3^E~BsxI~GD7Pr|6JWpbwtKMeI363xkW`xMT?9g9v@sY!D
znPk?S;Lfy#J*6iMNcd>m8ht`Z>qwHp3$;|cRl_73QA;1rXClxQogKlH@&^&cO?(at
zzV>Gk6iY7|da7LB{(gzX@Sxz_Mj-Id<_QJ{L?T{XxGOqA!muO@NdgP(vil~U_b7Ue
z`xW!6{)h$Bw7E_gos;jzryLbtDLCi26ST?ut{1oL{Cg8jzwK|Ic(7zw$tbA`C~<8B
zP{QBE1WkQ2UA%b2v?2<@IC3w$4Hi6j>g*EGwGU``;*v^jjaLANL@$(a!qSJU$0H<c
z<hsy8KETB!*(;hGb-q!u$4*FU#Zmoy=2=&ilg<9*U||#p0d&>wC(lWPh<?71I2Q5>
zDp28)waoTbQ~+DmXI}wb0Ba&`nqdEA233^VUz`U&D0AUjA-P@47s3XZOBmhZ$g;FX
z*vVHY^{H2gF5`}T*&Q}7ex6i2WAoM@z}+`KdcQj?!Xm+xWu#tB{?Pg+sic)7D7O0c
zhNxM&w~x4}owiLwf953ZtyCB__NV5JfRNXl0eshe^=xREY44ehwGFC%U+T2*ZGUif
zsQ3gaZ$6#lE+FGLBdIa;{T6M5x}BoGzt&K7_=D7b$atq&W6wt?aV@wyN{f`LKYPf6
z1=7&LQX=$Qy2Kpxjx`@VBR}JYQ415upZp^2Re73HcL_f}j6S}a4fcGVtE@9F7wT6d
zg5nUir{4oF5Mz)G0YiY*awilc>>o65DN*_jPTLW-ln7#j`rb1a6ehB6Z*@4G4-!6E
zWr*k(8Q6&(IhS^zbszV-3GZ~b8P|6c=U~*Fx5ov&h1ErHlW8tDkV^SgM>7N^f(~+S
z)-2%VkFd~J52tY<*h^EfyRQCFXbo&KOLK1Y<Zy8$_byXK;@hp{WH4qL<|@<!;dPJ}
z=w#Aqr4IqDp!G@iy5$u8)Y{p|SAR)w3!j%z?kkgaxiN;xF|>E;pCIK^sx!#4^NM+e
zt9;_Uq0`87GInV|Da(E`v-GeHHlI=q0;<i9np5MR6nxLhuStz_i!YHA$`?Ri4qT5_
zL>XOR&N<FpPHkVnY-Wl>_!ZP;v9xW2n7iSsk++Z=2Ur1C|3X3|5Z0HcX!QGLs;!(B
zlUVi05m8*LCR{$y&7p%-5Kz#U6wZB0Uz7`P;2nwo4**+1{YJvdA2N7~*hi?$e3UV>
zdmcymD2RaUWM&ybcI)DCmD`qZ%$qT$32GH0@6zbJ5HkLRo*9*-{cHQ!3#zKwXkZ@x
zj?7$V2k4#q<y&QcxqMHo8#+!5qKNZWREm6G38u2tX?p9VoJ>h}ZIRp{XFYRd`EBh&
z@pyv^KMc77^a*F(tLDHX<=i`YdzjQrK<fA31n)(ax#M|$4L7qeGLwvnNMu=<q$=D(
zF!AKQYg(vo$R}<i!f==Xg5t}kx<lT=j%Eu|pCW%b8U2Ug#3-d%&{xS^Hqx%Xh5RWh
zS@NCBsDq0sszR#!I~Nz*7WeuGb>UC^ZZaDHjrBa?PR8dRQ>9W*8@Zyu_%w=6Q(@In
zzFf9wGY%)x3&&a*IVQ$|fArOef)?JyX2oYefs>Sq_c4>^Q3*S_X(QLPkh#QJaFl5&
z$<|^#e_wBv`{$+0ME!kdxk_%{G809??-@^{1m0GUxSxCjXI2SOLQ=Qavt%bvbW}dd
z;Le|15ftkgZpSpgNC6&U?ut7JQNgsd&iw}03<pX*Cc&O?{lfDK;N2q4ApSOSEno4W
zg;=XMR6YzO{lWodvo|ddFvzD)f^Icu;^BWTKDf!dPdvLk$zGjFt%0>(y?hw(&>cCy
z_S-y?xv`_*2LjKIRcbgmT0*|>S^Z+EqFWV+>$9mXt48Et<sM9sS67QjYeuXh^w>J+
zZU4QVVfx)_+hTXCC_P)A)?oOR6T#V|#KeNvLh;M9j+Q&sv&)ZP{WZdGR+a)vef(bQ
zi+$<zKR#-o{L8>h%-d_(7EGR!{-&IhqO}FW<D95C$e{fZ6TIY=)zn+OnZi7T1UV8O
zUNoOLRm9s0^}5R4I^?pw`R|9<OnJNyyt!SR`&Z!SQ^hqmSC;KPb;muzx6i3SC5et0
zwnK+p3E}+Uaj&eaV{e<wA?XHwN6oBkr*%E=buyiA(6~$K$-G2MN{`k}|48`TDoieq
z2utf2qe5)Bxo41rC1lc(lT6|1%O5!65RV;YJX=~+XKa^_5g`v4D@Seazre%uemR3Q
zp!Jf!KTi^^_%oB$dAVJF+J;>za3A`k(Zrpztkiq3l+)Jh^CR*O{SAofARwjfqR84G
zuD#=r%A0FeBXh{sf#?V#R5tQQHrX5b1~fb0BIq}IcB}v6FCjr*kn=M>`F20Uior7`
zonkWW^Gm}dPIH{Fw2({Hu~z^u-j$hneabT|pyB+kWwxd*?4r&K;z!j<|51#|EZ|`2
z&N!+T<?|aQJqo|8b^>aLklhsQnO<-kBpf;0^tSl_b@k`$w0L^H9R5jI);#Ag4*va|
z@~|Ela25HJPSNBb$5wN}6gS*CER2nZN5KNGu6YW*?wio|(^D-UYDor3EH|0868Ov?
zq&`yWwkd`}dyjcelH2To%{%+lUN83av6WkPC+Z5+9=*yW*`fYs!wz^C8U5|#CYLF4
zo;f6eF*qRQ=NTMr?CkX31$}3Hv5O^<*lU3MFZP4%``qZrBZXJ@-88!Co6>k4onEHP
z7MLEiEb}YYy~8&M+t#5v{@-pz#~-iC(s-OpRxa$uUM_OHKRMVDw3FrCVD-XT2KXnZ
za(#Z}+oaY9_@f+x+WW~P)b{49D|-ngVSY7r%a|m<U@C|y_MivhV3tu>kMdE&gibm|
zl`S6fdEq?b=AJvF8yXM(v6o#{!tMdc0cHTqlJd2XmuEzT>D85-Vt6-v5-lHroO*W;
zz$lJnjjsN;?7eTej?S!87RsJ#$759tO$w95h1d&T1HQSip&TMtAnzmR=F`l1d3={(
zEMXbU?&I(!pGkgtpZn&OLLe!FH#0^{+YNnHdXf@u!+9xT%lqFsOr7}EbOmH)h^Ax(
zIPM5{)$F>2sWp{#7Vf72@`CS4I?%s>Ws=>(fVX4n3@7wS6kMh9qt!K)|M;YVSw~KJ
z_G#(kX30jo4w&=@@h7jr?^@&m+}+?rtdQpIEa$`eN?|}lH(m^9?T)MZ*b4w1m>Gc3
zbGiekThXiEErzfvFttR^Ws0NOyyhG13h9$h;rus|m^V47XizqhSz!Lo%yNAD*3)tt
ztOrz?f2*UDq;~B{xhE_>eu{%fgQDGx7sO`Bu!DSQ1RUUaH-=HqvJW>Y%EF?;c!bq+
zy>>4%xQy{Fc`V!>cCPabfvlt5C_iD&SgCyU{BR(vgCt$`YxeK}y~Wz<J+9t1lNW;>
zuDWO8+n2L&wHyT^&}f|ryw!A(GK@D&b#=rg<=@HK73LmL{Gw0DxXv08%yibMF2qxR
z^sHqvL<I>IDvSXR77>YW$yxoFZ2Je2i8((-U1JgiXYFt=&;YUpr0bdSXX!T?^#RWQ
zJJqQCaJ30zC_*6tx>>-W5L-whiRTMsY07psBjChwkj@J1r!1S%Py)=omS~THJYCG~
zz~USkmcsi9IiqGkkVlv*)LqNMImvpn2hcz7Lp$5;d-hEh<p}FR9F8x`=+iQr?xfy&
zN3?QWM|9@FE_%f|ZHUS&g^Y&EQUp%8W`C966XU&N(OMC1ooiTfm}{7N*k8Ddg3a}p
zpdL)pOCv6UG11x+_{acVGz@o4hkKCOGF~YB5<H2x%N#$IKMEPvK{l2YGL`szC_L=*
zc7pP0R!&X(KO1u`i-$aolxQIM7t|qH`GsX%dX4X8Cd;BPTdxAmN(XeP8cIGZ>K0{g
z_W}iv)U2%1yqMtdpgzK$9sM7tsO9>BzDcBJt`9|+vxqb2nMB8mQ8g>B+Lb=4V+mXM
zZ5fUFMo&JB0`WB3X&{I7syMbTzOz{A6KMpzh350Vh1Uku%Klt~)R*^-vJg$gfphC4
z(eniDG$NqVQ$%V~FrK5KuZ81hwj{dt^k`TRQ(UAI1x#Te0TABQy|Ub;(p$pd!JAB8
zr(t#<-H1fuSYm(>jCs4MEUWWggocWJ30Fc;w<LZ-GYBjmTUnb>v8-zeCn&@S|1=&k
zjmSw`0`I<?!GQ;q@`rVUS$}z`RRo28Bf(x&9@iIh0kcS5@*?o8K_(q5qXZL|Rf%yt
z-DCeYVK%Q3dwzz-648J0k$sF_zquW!+0})oRyV(@x9@BG%AO+PhlQ<?DnT2y7?jdv
zBW+I$Hdql_F^dsJ#X~_aJb}&m%PS|}2gv1g$lFT$lJnm+i(BQz)Uh7jwc26~CA>CB
z5!M(GR=!NJ;}lOJ34<zwrf$&5S>g{{l4Bsn!pkrL11}h-DEqVmw5o%?@;Jc$E;S3O
zG)j78=(ao#35^ml>~LK9dkP>8EyfuJ=ah`j+^_Vj=3Q#OF|Vp2M~8VbJYZ!7ZTrCX
zuRu&uzD&i_%D3ctz569n^)}?dR!m1kshkQCHQH)zq}KcM5}5o<GNAcXZzzxg#0$_C
zb^}2izD6+~z$diq$ytJYep86B$Gzn+QI?-U*s;>O=<xz-Bf*xGi7wu37og9r;>x*U
zUBI#?c&R8O9T)Y-qBxg9b4}~iy~+7@#4p}dbi@oP>ZNysfT}fE?-P8Rjre1ctx~i}
zK-_uXU`>{hY9yk#H{p%mmRshl6`CB8=4aypU;L)n3;pO^*TBNQ0-ofU!7T&cImTcv
z5-{~63K41Ny0Z_Kw(<EDeOq#CuUACHAtc#6^hNlZ=w<W;c0EQ(%e3l{IlN|XTSiwR
zpV;{QdI}N6ts#7uH<^p{Ma)Ur&%WTRf+~rq23)w0IBuv2tB)>qEJR6-!rK;U!JGS`
zW$=bT+<m%lOuEsiL4G>ZyGfQRF33WS;`l(uBUI@&0FpM0h)s)*_{Z|l%otX%_DhrL
zQCo~D`P6*+lzTUf-4_2wF&M)DixaW0c*w5l#4zu%H4&<DGCvH)RAO`+Px1AK+MtQh
zd-8%EQ)sH;{H?Wfae+<{0)91XC(q9y)Wk}<?mY>aI;z?+&nn}VMMozXdq-U+e{FFF
z0=;qAyw^l>q$T_kflcp~>&AlBC*<%Uq1u#rXx;O-DES@6jimW91E`#XQI$Vr>zqM*
z9v1V*Hlxxij^<iXEwBTX<(ky?HMxEls$8Sg9m@AiXVTxQ8jX5uh^A#e)HE8=ooGMg
zuyQQX<h}OFumy0c?>94aBjPXgtp(VyV6Cx!x#GT`ro730%S}^%Tg)2NQPJlsp>O1<
zNfR#*x-aqq`n`|Deix*SvTKJ5+Hnz_o2;uQiB@5Rn^~yFzApDvwR1-Ce?>?0Xfhb#
zS~C-%WHBy7@^@#Js0A1+*uz@wW#td;*QX+4wZ&BCDR58m(c7{H^HuC^xB*L4aa_{f
zYhkkPNxEb#crlWA$34k@>J-b&LOD`|a#V^xww+{Y*Phr6-{T(u*J?u(`={Jz8}Lg%
z@qujlzZLb4n#`uS?ms!BSqD*k23y8IDOsFAgWLO()Xl)1C~O1g7R^fa)@Nn!kOD35
zO>E^0Q%xmbl6Fnw=VrJFwq9s?;maUD(@%jmY2^A`m&T@p{;8Gwd?fgGS;&nkV-g)Z
za?6OJ7qyTE#qZPNxHqw^6&SyBh=J*_UB0u^5I2yI0{P_9B#rViulU2KqnP!IAA)t0
zklX&(!TZC3Ix-M}2XaM=Xys1GmhdUB&-!sjyPdTRK5XMJSG-(epamR_@2F^m7L3(b
zZXMK8x%BpZxRySuCA?nf%A1qLxa}7q<oxoP*^)pozxeY*ODrjE{V%#qctTy<QlTBd
z_~Gi;vBRUcGN+eG^-?+(KF11~rOq~WuW0O%e_QILkpb<zN`6W0Iwp0uY-J?dwJ5Dt
z_^Zlu&^b0-XT#`bDXZiKTiGoz*SiNOSVYGb`n}R_M8i#K@-I_h3R@f;LZ@M=UyxvN
z9r6*x6OLV@=B|GyArtu6%G$Ue74YEs4$Afoy6{5v#C7?5RTa-JjO?Mnpn?TU{sYtg
z&yJwk3o0mqgB9C>7zs<1BJW`Qu0<*f_@K*&2}|b9?5vjzZWhcy+phcAdC)=MOR|s9
zivl(<wrjDHwAR<aVz=dpFo;65#5s1$i0KyE%}0Y-i-k<xr@>uI<GYK6NWVT;{bbXp
zRyNGC1o$-?c%0AVqg53DCYobjuB@kKIba|c)7&MRtD{I+bYUOst7I0gpL+XMJdM}a
z918w8YL1y_W>j*b9bg*9?r9}Ye-`rK%s?TA^K$?i{Pr^?s9$fI9QNd(H_A-R7Lp6Q
zgr!efjNJ8%Irt9njAJ_H+GwN<jB;+V^)&Vvuer;G=<1I=of|qKj1#*_7uoXn0arsA
zNE%7qKi<ym)q%WoE*!hK{bJ3nZ-`->G%gJG4{09LaWyALynp3EZ()JT6uh^T_NJ2C
zHHcp)lUTy8dEQZEa0h&JhqVGh^NboDxGyt*2W!}gGa`+75d$^J)7~yh?)imh6a<Tv
z^!#1NYpw*-g_|^CXQ;87fnAM5(E^2PM1p{1S%F#^+4aQ_i7~@usN#Qkc36A5T>0?)
oz#=jBG~3Sk=h@}?>;Gnes6z<x8iEd^nV%IDWmRRWrA$Nq2WbX++5i9m

literal 0
HcmV?d00001

diff --git a/assets/img/posts/is-03-ecb-encryption.png b/assets/img/posts/is-03-ecb-encryption.png
new file mode 100644
index 0000000000000000000000000000000000000000..cfadbb059ed6bb4e1bfc70aa3163fcffdfed0258
GIT binary patch
literal 9695
zcmeHscQD*<`!3OY3lVj#-iZ{ecUJGL7QKem$%+;P5xqnZz4sE`3KE^@JvInI^yn?l
zuH^gv&O2w$`^Rt2oS8FoK4YGJ%5`7QeP7SLpPlCxsj03=ginKyhK5E2R+7_3L&K~^
zLqlK1#X!!`^Papy4lEsX4LuFjR7I?y&U_ZuP)i#=UuRe3IvSdoq_3-mm6MGpz|zLf
z!9^Un*ZL6%aIh8!8az@HP;-^Fv3F2{x!dT#)OD?3PF5gmpri!8n6C(uz}d#r0^sZX
z%*8{*R~&fDD}wB!rul(@TZpHVIM7f{6Cew9w*frn6W|j7O5g*;+^uazwB;238Y4&I
zKzmP5R}p@GA0Hn+A0a-dyB)tE2n6C6c)<VQ0WT84>+#&h)54e6#e*3|@rOgs#>2|p
z!PV0N>H<J<T3AB8JjH=P<T~Ilxu=8ef3drG{0$!|1V3tpUyx6L{}zrKiD<Yx*dTX7
z@reT;1Nl+D^8a-f88!dE!bT4MC7g{5QZ09+EW&aQbVx}nHC1)xZ^iw8rZMZ&DL^_4
z^3+z>K^wg=XnRJz+TC&dYp7{k#yT4_pJ$PDZdtunFdW}KdE@TmHzwt{Q@a*%zVz5k
zFTm+9StRVe*=>J8Fiz0Wm_cAUX<gs>?ap9S_(9p%CHG41{P&eGKiP5Sbmk!Zv=1d^
zlD5L&%?`@dB=wnnf3|oN{m9{EoP$c95PjE*KXFE6T~ElKxDpWcUHJEB|0#Xx#oIk#
z4?;8sPCu%h>n6|==rlezlj&S5f_1|88m`6Su=3;b>38|}HP@AuBn|yP@6NUYPI^8j
zW~#C!cAI7|n}1?{0G{(>uW9sH$xrc(?_s$n^4k+W@&59_VPay(X*}=eb9Q^xOM_;g
zYYaW?r=kdfmM3*J+VoM!xs^UTfeuFHRr`J9>>@6e>cQ|RbLd@FN7H(<@21LT93_{j
z8W--_a=b3yKc7q<_)9*hvjY=>!zqNE7>XooO3iD$@wZKJ{qpurH-0@r9Cmk=pTqei
zvmRa@P15Pov<!)p$5MVZom(wW2?!+H=&h>KW5}4hteB<k{&sBV(3X6n8D*lqH?tPj
zb!<o?`yP_J{@h^jQp25p#WV}v7z2M_cR-QsG3*XzRuNNHbgKC>Su+{THQ0Ey8l9ED
z4fopK$w+w+tz*o(<Npp@dB_9I&vO9aown>gzS2#l7shARJCh58H^#!>C$bU!3Z%bU
z>ED|44=fJgb4cl*=&d)5*Z<M*0{><xykpz+4wCK2R5G!<^>mWauw0MDK_!0e(U!KI
zl=cZi0x4)#g1%RVDHT}cwZ{6e*TfVnQuoW*1yG=}i1r|Ph`EloWRzY!gR|+##F;Lv
zHdI6VBmm>2M>OF}-KFx=^n}bU5Rv3$bHO}Sy6W-Vv;5^`o1zXxSj`he=8+K%QTd`l
z6Q{$|;|A8A@&5X`Psbb|W-A<b&baVe#gNGm0Y8Yzrvl>_aLgwi<*`>yi$AO@Wyi{4
ze{OriB5o5qQdh5Iz6YG8-2*$`)7dMOsEY>g9I+&cP+fY9616QaU!_A@8?L%n-_yiy
za{hKsf=5|G|2-f7eN+HgH!SG~={vf|?1+MTmDRq~XeW9+`v!J-`Zij*fy8g`<d{Lb
zpS&qkmvtc=?sEwvDY3>g(I`#W`GjcohllIdVpg*2^`D&gXVU+aBgK-wyYohB`!)I<
zCMMy#c;q@aH&&`LnxYFWWeD--g*&|G8$15|N}t%2vUERPj4oW7#l2FClPGz0oYQy;
z2N0zL{I!X;WTAV0(ln2yFY;-o!x4znmk*!4JOV!|CxOHFupDMFHxnHV8DW0k2*#`N
z#@VN;C5}$o@8w%i<ZF~#`2Qc>Ks$p*&CT&)cgYl|dUT=iqqLQ~{|Few86aYG^jL9E
zSam+P5d`bC7^i{{kBJf|Hf%V@Aly<v$U{AjVm{^b!qW46=-8ac7U<yL1stLfKQ`#Y
z!N&hx)3vq0@wZ*Kq!~rm(DCaM*IUYUw*{3_|4Xi~x6YhT+q^wdBMH0RMy#r3!xtJR
zbh~9%I`M+tG9k*<FC%*4TN;1+hw|Zr9)J2Ht;Bm_9=GVH2Ac!-_Qh}eB<UXxuwIa$
zEJw=D?zoJi0(zmu80L2yaKM}>ZQ+Mt03km*R*2@g0vT4p3l8nFhU4p-!15;`%QlyE
zJi_Q^udH|8s)^fQ+eI6phi(U0qlz6j3dbjOQ^s^VnvCd0*)YGDpS-aOAxVLGx80az
zi971De-OPFxWYtJ3m&>qd9AyD|N1E+g4)o50B8`d(pZA6+_65K0FARYfFNB1boNjm
z57qR8is=wPmL?2YS5eJ+w!3e7h=x^i9ID9(8CZ5EmWbAqK{f8gT;YxXJ;UZcEt$Ew
z%B2WP?UAK@j;kRJZSAZcE+!mg1Hy5JAW|NhLir|t!-@v4A%$^2d1Km)^_>JJQVMi7
zo)#lAx2~UvK_S@A5Re+v7HO6rehFe_G$lD^U8irqxd?@yOi-^1@7#y|oc>_qfc;7T
zEzjZ}+!fM74=)>P3r4)+*`}uLj&yG9)d(>kH=0P%a-!yOs@mB>{9XfWgE>mnb98l~
zBga2hjmFEEQq;_w0t_Zj3;>2{lH9;g;z2EQZAx4dRTgflRNil*yDZ=C8{HwC+Ic65
zK8ddTV+@gpj&{z=?eJZn!-WidGh#{h7(e#CFy@np&rEWvOvn>-V68CtND3#^@-vuV
z$271qdJ1S_%B38Iv87e=aq?{*-7V5lc8#gg^4%s+gZG{^ne=*n5SR6pEI5BoIpe)&
zJ<a${iNir5s#?Y^O6ejHJE~gC@L4ZYlk{g|CM%R4O5B_Z)*INqFUlMwKaUjG7TJ?V
zr#E@~M@<uC9C3Dv_b4pasNe>~FXO8{5L0z^S>(Vi97Dt>-3Z%#z~#PMhg)=GSA$Ct
z*6mIA^1j>(X=&q6Q@L^F`D#g%rAuQqyW){Z!gZ;v0o+TMK^Q}>V3AK#?<|LyH(rIk
z2L_#DCk|NY@E+f1lPwfok`r0^O%X&6_#|pa7*hy$>y}P;Tp6Ze9VX#l)?@nBsi)&!
zi+s2EclVc7&hCFhugo3B>6lF68xyN}=tj9isWU!AWfA7i+jVlYO=Xd{KU*o=giQtt
z%~<FxZ4@3?7Kw_|_AgVw;jQJ-YA}w0=1j8ToKn+<^)}QCVQ!FX5#W8x&FfBjSSD|n
zV-i(;E!irM^toY+v{HH&?tYtT?~V1@D{TCU_C14Ax>r(AV1z!$3~<}l8>zAHGXs|y
zz;@?fEI*->!@XB)_gz13g)u=PjlxqY_3vfqABSo4TAp&QW?GyMyputC=G}hHa5CZY
zaRR?-{@_Fu3b8Ri#510L%CGCVEfWU$>~fDw)y0a`9htk=A2&aHocjj%M`)i_zopAe
zVCVAqoqz%F(&x3!++@XRw25YK0;t?j)bj+0&er2D+%(H?`-;vcFVKW$bLPX=(V>tn
zbT(7vJkqL!Oy_UlbGLN+K+Fs+LeW<rl?RMcEU+J{UWKPG*cPU+jsnXyW8_(`B^QC?
zj4eXVrXkgSdeHkY#)P8;7g(``4t{gek$nVA+`se7lXmm)${<R}nIIc})UYuXJ(kog
zVGuxPkldc^YD!`HM#vB|us(iphbDBf3^q6_it`MdRkq>G@xE=^T<@lVr)55p{#W56
z!nA^gUB8{Zn(JVCtGw#jHk+}-MIa$tGIZpfQHoTQIf0TP>MMiVW!0OoYgZ3$v*9m1
zt}_4Ly!yAt^{QKtb2|0Rfzs-+qEQ|fB~$o{k=!<EjePa*tbU;CU50c~IZIOSs-L`a
zdm-^=<60C1zoju+I_TwxG@b8Rv_v^TYUG6(4vN4pt_<~{Q>{U%2?!poH1eD5PEZ<&
z+$#!`3qC~)<upUgQ`{LAiGXrc>Pv}i@Vd>juP{EeH>e<{U3%wjHwiMnrx4SX^sol^
z2U#V!7*X074qKPPc|~^r42Ots4Dg9U-JY=>b7L{U;hxMN;4WFre*r^SU(r6OK2D^?
zbOO>?%3q$8XEW%2nf~1uPqc(a)hWIL2m4m~SfJ9f+UAkV&kgy~y5mI3ujyUc5{1{k
zcoxOsiTcmC!|CSGh|S5qG9%JMe^$WkiiA;K5Iqogavjn)p&6h~4gBo$BnytqRaS!I
zZjB)vA@3Tiq$-1a{|o5=;2s@G58b1>lg=*s!`aL(m|TcQYr6)v<}pCE=yY8`^4KM|
z99S7*jx!DcGFNu28c^|X4@lS@y$HtI8GMc_OU=_BEf&vA+rh*GJiv7!N2&$K=pI8J
z|6pz}T9JQ4KtfA#od)%;x1am{$FE)eY6V!mcz`Fkwtt{l<Dxh#HhJslj#hTp)^bF+
zF{gWmpITpvVS0a5I9%4TcOn~NwoHu6_aQS%K`EgH>gb;}m2@!doSr>306QE%<kB9T
zH$tA46Z!A0_YtNMDFrZsXArGN>t8OwvW&v)<fENV!ptg80^A*U=Z!+Q$ZEj8RgHoX
zFOl!!%O`&83yBJ(p>D)?F@aR)J|)?J&*qn1)A{q~zn_-pc!2y};^1m`U4GaiQk(Ev
z56gu<W^9X>v4)SlrsA!Nt}lO`r1=WhS`HiU7*;nwgfnCO$`r1_X!j86JBYugX`_^6
z?36s^4d>mwo~l`%=<H3xpqDu_4edTGZ>Iafeg7u&sG<LYjrRQ)J2)Oq<SMqz=Hlza
zrBuocjEUu@V2_L!DkJuljAXBs`;IG>h_lGbJf+&Q6jP8a<QM6qd?L;a*O6ue>q5Y^
zyU}vwEou&;ea~pBTKv<zS{Iik0&O#xCBhwLfy899A6bE2p=eUovuL;(%d4!bFk?rE
zb8bIH8SE>se0W?acH+~SD1Awf&A_4ZD#mpp22+>9C_e#mX`yGUacx)_>k-2_KjR|g
zFi)Uzav&KrK)$i78}>}A1dKa6h;E#TCFcjXs5!}RokCxJ!^DFS1)%R*#52eQ1AO&f
zdIw!RNSA>;KBD7ybOeVYuBI`fUo)fgxH1-@%nS(k#0A^W_QAA_5#?$7hfLIw5mAfQ
zgY%j<OdlnP*9961YLJG*5fN;dDWrGq*a;ZOR5mu__Awz<XjyyD21`DjvCA`O0alJA
z^KRjowwsPec~CEm8_JpA*vfq-lex93*1xqH2qtFoHI8_3UovNS7l%5sW6yY!jCbq0
z=vhhFe=t(x{90?&rIfEbNb`JfJ_`44$Z-sFC=U}R<`?sdP!p&J8R}3pq1mKwa^scG
zI`>ziWgkHySh#)Uuh~L*a<rV0NBH=j1!$BB^Z1pWKQ$IJ+4<fnUqd-jAim_zOq&f8
zP?JzW?jcikC@E==3JT1G1k3%r4hpC9)kSI|OZ;uKz_o7~bfaGIgO`9T*irzPi#HZV
zE+a+F&or}Og1IIYPFix>xczk?>(MqRb!1;&zDG-HfNRo+-M@HCyw0G$ZiT-Fp??f0
z+NwY0bt$pr941}(OE3)iEo|r8U7F37_zlX)Wm5-5xFZv%FE4uf)+^T4+g+{&oQV^T
zsl74Y$o+a-E#gy#-8;1=)lRi|fAL|P4LULysoOMJC1Cku*DFZg37<~F=-ng@4qOU~
zz?BgIG=-v({<vj*>ddmjyESU0N8WYp4QG}~q!VQ(gF<j-N)t#c8@K4m99R3^$hFzf
z8<uIyG$AT|<ci}%qLCB+ZTj`0u5i=62v<<jdR&zrKa&Y`Migj5yauv2Dhs1~STW^J
z%oje7>c|kMO*?{c-pV?oI!rifPW2ffg9owxq7CTOuPgu?^=&tn5CExmK51kt-jKo0
zED;#$JR5g3{e#H;vx^eU>C>zH#>db&W^dVXW7@|o@cQQ=bTzaIi1})!&5B{#08j1=
z>c*}}H*UI&BWC!q+0s8(A>=3YD(-dRsS-59^B!Cg_C3FKLwuZ;eNlcd9wEHR2a7%G
z0sD;k<v&qxi9#^L-NsFi7&fC5cXR(|6S3_vK}QT}Qn@i33>@X2JG5DyO9VsL{I+;u
z++3CS5qTjoft&Q3(cspN|KI+jfZDI)w4-y^g42~F#25cIHu}>LZuq^TQ*VipgAC7%
zk2nS}e)YYbtKo%IkBr0bOUirQoA9i?=jpMRAYVn);C<l9wqCOZ8g_2+PYEe8rgxnE
zp;%$z+c!6c!%nnS`lkY8t(qh9>1&W#**)albsg?l*G}NKv536=edU`saS0PYa*07a
z-<|(TaCtl1rth$Z^&%8;d&LCuwgttGwt`^m=al?Q6ey@0!+4(SpJn3}tQT)?fjeCU
zXP9v0RXKC3-u2H^)V=-tuqVhHwq#q-2#Nw#SVlcT?RSgHIn^OL8ENWn18FNskGe}X
z^S2kGhb~52PsQVgQ1t~{|Bb~<1|?f$S%9lf;%L{OgryEyE=Yzj!cN<966TO)gaKqp
z!S5SJKdQW7gDf?`_kyiaWrqh_vU`YAsRyWX#Jl4hpFKaoJ5-tC|33Y{qWdS{|Fxdk
z-+p9z<G)ddwiNrm&RLljKX-peo)9x4OqpC7kz{0CHa=gvesfbZz?Q_v?v=VJtmA%q
zzVs&XaI<`lovHIC80?YM>vm#syvMzDczTe@`H8NEWV%s0V_56g?qqX7!&P`>!+yYs
zZpSl9i<siBi^pbb_fsWf?nNDZC)H`}(Wg4FeJ!B4ZRt;2<*_`b{$8M|Ci%Fb8d$zh
zUk;V+q+?QEd}ZA1!pGK>x+amu8=&F&OZ@Qgw}HWf-Syus$6_3@h3gP8lU%@pS_U)7
z+X=Qo+)zTQ^}1Te{@&JtrhrdJ-a@S@WP)x6FD{Um{o;z)Dc6c!?9K+7a7#koFk#1j
z{-X4>OXFp0r1U-UQyGeb#Dzi`IqqB@6Yxtq>DT6p#i5|Ci%P-0;P8RusYvyV%lJIK
zFFf}vu@e<=gwFjV&uo_~zW|3`=N;OJG|z5?QD_JT42;+=k(0}7F0<gR;c8=w%CHZS
zP5bya%k}D2^7IMC>cr{^3f-)lr2@%}hu!p>`Yyxh=*ze*mHT*RJczDaAa|w15?PX%
zmC&|v-wP-jemgFRwKyL539<-<b`M?9I#lp_zS<rcK|@&NyR3ki42HJK)<+FeI9?LW
zB#g!Y(BqgnEMltLod%y8Oh;1`Zlt^&>&_1<TA7BM#+h>|P7UOKCg{ZrQrOQ@SN^6e
z43+`C#OjC{#q$U~HZ}eYvug5`!H9=tuQ2U3m=D79r{p+me%wE^C($j{U`hye$0P`%
z&!PB%yVcq-3jb}!y@hdc6lyrEO#WJ$ppUIn<HLnQ7>z+#9oj6J$R9s2&RB8WNh``#
zJfA*=Bxrv9F4D_$7MTD%5e`#AGihQ$>4Q63mVb31T2+qiY5*E*7<x_NvRxyFt}oB^
z6^Z16>Uu7-ph<+WpcrMPKGK_<Cty^S_tP;O#Fa+ItdfLM7-a3ciLakqCgLX#7|?>r
zOI@kZL}kd4j*4Oi4ER)!>$ZpJopW(k@ibz>?tNJ_GhuVgUAHgz;<gfXwfuEpg-a(m
zms0C`^gX`89e`pS5am{d0}IDyri+2TkYbTeJM9qn;3IKTc7}b&+#&{vfmm+}ZgaiT
zjYGx~z}V~JfO@Ta>UYc)H*T}$Nun+PFSqHp6}jzH^uts!1}XddYdYKOil-!wxx4vq
z(dN{F(E=V_L?S-OAgjzB<du*qqbJPy@{hct!rNI7$)PzB(acFKePsE#-l6KL%;kGa
z)yW0s<p&tO7nS!PYhqbNGYU`p3|9wpQ9E6A)U-RjBGT<N{EicI>`d*APft4CXo36{
zr~Wt_f`N{D1p;nn6g2hz)AJvYVWxG9%Cxv$`_!Dv=`xsiy8(A|0AT>#tjmuz38|?)
zZk*x`DFYILV(g;t`iI(|$MP8RP(^iHo(l;#)rQ;@AqXE^0!S$5qP~6fL3AcccHDn)
zuA&37mJv7P!8W>jb9tHIP^q7VP{|F^tI_kmpbVT7vmZ=bej%i0;FA#P=|~v}z$5x<
zc6R#7SiczP1WEC!DL1x<$J$gxiG6oT3wMG%vAJ{T>BY|Fo^&>eQO>dw@)s!1TP6Tw
zJ7Z5-d)|JP=7i&lpQqqMC?IY!NYfQ!(bA)Cq)F7^+f1&RoJzLV5JC6WCJa_>IF#bW
z#JT4TxvWDIdFsN-61d1NY&hunw*P*i(=JQ&_IbyHn2JxTGBN$NJSimR5Eb)Dl`?gb
zncB)_T{Ryc_PIX%GjflZg(OlZ2-P4%%A?fG$&7$q9Sv>1@Z@$Kh9~Olz*8|DC9}1O
z-R4j5&>=}5Q@aNzICF2WE&b}h!TTn4n(N-=j1JAd+Q9E0pK5vtf~<XitK*d*0Y3Do
z*~{?T92UuHj*2+Oq)J#0)z<j4DWxZ?E$*NJ(V@y0Uau?BId>{g<$4pN4I-ULt+JlQ
ziPjW7X&gS*9AZlG^YYi^;@f$QgMzgawe!rDU+en@oiM8)`mM@+{w!-$g3-^pn#~fJ
z1ZJ4y2#Y%2ap;D{t%XJy`D4>Af-hLk?`ROJoe!BReU`^#VEu%lJLT!)oy*JZ{E?Wb
zKSBNeKnRDJ<yk`s$5AOl9PY%g>q^wl;=5nW2CXiKA6bE9ydnC2gax~fKN>skD}7eO
zDOR=P9$_VIuHf&i2se?yD~-}2Y?}^=ARN#<p)$bAPE&S~d;ai9w1cgp$ir?wn*(2u
z$$BS96y7e9L)XzW31(1#eRRF0ht>38Rmg{lDVF$4*l!cziHS!(xy%InU`rR3BUV|l
zwX`SCCbOr_mUP1>1YHk$O7b`KCU!SX2TPZFEFNe)Na3hIUajL&KH7J>rdwJ!jtV}l
zE$4gVVy)tVzOK<VDE*O-Y^#c2gXtGqck4#VjxrAZ^EvmQ9j7cnun1=3yJ?+fp(X)}
zZYN4u#cJ_}=&fhj3n{#`=H>%MRRt;aL6H}y`2=2%Os&{O+yk)cGg)+(R3TKp7N3Wy
z#fm5@G;)5OpuB?n!Dc?-D{S^7uxVcPZ!v<lOBe^o;;(7if7e<6j8l0?CdJarn#8~&
zZ>+zrZz&P7kP@ModbAR;%2G5J?4`}0Xgr}nznRJ<)&;(rl&BW;O29EXs3XpC?6dos
z`zz@i{O(w$r&UHJDxWWmU+!Xl4VGgWDdR2UAoI$;Qj_`N-{g0wtBpFqdM6_+t;|XP
znOFVXgYyQGDS6*<{0v%?6$s@%X%F^Rj*j24l(%s+Rf*@v^80qv4dYS;!|Ep1%CBv9
zNn#T~@4mh}Xz6FGA)z&HwSEAgtYZg=UTrQ?>(%bQ$+j7WzLGNKS-roCFH8}r{_PFc
zww}q9EJ5+0E6{w)3dnr!nNhQpS0ouGZ^<BJ-jppE9o#@}YT1=C_H5fFvdOYP;oH<%
zlk|>|Kq(a^&ewrCkGdW`z|ar(EBlRDF%|vI3p`&RO_s8dGyBthBW*af;YPxv6h>IM
zW74k{km2WFjhCX;WT>5?wb{@R@omYdU0(3QMQWcR`!tLF>ZXQ8JfV@)gM&<hZSFBv
zHi<zouS}MYaV%FkIvDzj&X*8gF5;%-Iz>obnbf}QxEO}_@4h<g<jSldpYWCXa*)aA
zOS@3xJf)OlxRWu?7ZR%G7mx20u8h>rWYy}DXry3xU_A3zC1!S@?xd_fJSwW*m<b}W
z`lJ+`Mq!$a2RUI|<d>SP_cxn=<wBU=G3YjT)8ej+`Ss^u=2mo>ROU}UGrLN9If}ql
zNUidWMn|h`jkSMBl>H5)Qbm6lmu`VCuJ15X&t2$XeO3s&disMN3Fl}nyPh#41<lqY
z*EM8(=zvUWlFZ=H+%iFnL3&rwhFnjxw)lEH9-jVEI!g3LSY0n9vCpXQ<jvND)75_k
zXW6eDY%$a2!P&2jFswZjU)W6ORxMSTuEu7;xY5yfDQy#cSU6Kn^=U7t{DZY#%<CZI
zL6sCkJpId(9Z)rX0_8p<s}s6sQb{Ts#B#xvVf#^kZu|2m6FA?4#P{#oV<T0$nxNR#
zuo7e%UXccSda*rw?%<p#hA~~hT6QbJaHe&1#WNECO=>gp{}muXYX<4sJD&YN>m3v|
zBiBylAan+-QJ2%FZ{9w&w`GIYT)E&sEW3vecWnKphHafP!uXfSC{Fwfjmk8+@a46Q
zm1^?ZDFA}rV*O5q3vW*WGl9p3;3W`(Oc185p+i6W@vRrOzu400h5!eS`owLTo_cK7
z@6eo7+7;N9^t+33o9Y368IMxRpNGyvUq-F;rIV-Ay|l)<lC9O>6^t?K^d6xWq%5m1
z&}!d#<JG^?e*QbekGUzUa!z)+5Nw+ZWljFAOXW9QI!1FvQ|y6^y3z)JDRHX1mx85C
zS(nb0+b*__O`j!D^c{)EYQgKT7gngKmFZ?9w|-E@=1n8EGl-{Hq?Eh4aQKWom%8{N
zUmF7kbuqT?kbEZ)N$XNQo9(Of`7A>4(RM2MzPy3mijg;M$EQ%UkI9MUTv~1&6&d1R
z(wuDO6o9LA&l_LoGo&iUm7_^$Ck(&08heCxee4brj}6x999v^`6>XIeEz_wfbQYN|
zRiZlGv0O*2fq3`LTRhQHQ}=5&9L6HNs6yD{G~R?rhnht33DrPZuQQG<_82~5JT6kw
zPc9Z-(*MF>H(X!)G&q+zoSO5OIwe?~G!}URnb&h?jw%uNtC(>`HggjAnVRA$ZmR6v
zYYIJ|M*ty{jozo1-9E86n@_x}AQo(%=R-rHmha_rY;8IcZ{HA&UafU+k*aCyn*3Fb
z@3HqA&@UI{4ozanGucS+>X;~;ikOd{el{ia@`x=kVr3rYd1hbz%o~_c{+-fU&~&UP
zq1)f-#=@@QmmewnL>v9Ofk*RD%)34%hQJ1wyq>pqBM~aK)K7x1zJDu|QekcR{JH+k
z<y=t>8R5MByI%=<oLrcW1>0`ZR|)mieLAZ<T;%<h$P){w@!;pg{Va7?o;zDTS4rwK
zNpA6|ePO`GPN0<<iJut}xXF&ht7Hu0$M~kXdb>8k_jDfzaW%dmOR;N_2~I<dN^OnW
zAZ@Iwbg_m5>z%xnFl+RJc~~-=y#<l45|kMtRpUPJ!~E^|H!dHu-|E^X@jPgheKhbl
z*677jDK6=;$nigqxjhLnCTf7WqXAdK`e*uo^EnzN#<PrmY8r-G2g|F=RmzyZ{2z7Z
B@Vo#3

literal 0
HcmV?d00001