<?xml version='1.0' encoding='utf-8'?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version1.7.291.7.35 (Ruby3.2.3)2.5.9) --> <?rfc strict="yes"?> <?rfc comments="yes"?> <?rfc docmapping="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-pquip-pqc-engineers-14" category="info" consensus="true" submissionType="IETF" xml:lang="en" number="9958" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <!-- xml2rfc v2v3 conversion3.30.13.33.0 --> <link href="https://datatracker.ietf.org/doc/draft-ietf-pquip-pqc-engineers-14" rel="prev"/> <front> <title abbrev="PQC for Engineers">Post-Quantum Cryptography for Engineers</title> <seriesInfoname="Internet-Draft" value="draft-ietf-pquip-pqc-engineers-14"/>name="RFC" value="9958"/> <author fullname="Aritra Banerjee"> <organization>Nokia</organization> <address> <postal> <city>London</city> <country>United Kingdom</country> </postal> <email>aritra.banerjee@nokia.com</email> </address> </author> <author fullname="TirumaleswarReddy">Reddy.K"> <organization>Nokia</organization> <address> <postal> <city>Bangalore</city> <region>Karnataka</region> <country>India</country> </postal> <email>k.tirumaleswar_reddy@nokia.com</email> </address> </author> <author fullname="Dimitrios Schoinianakis"> <organization>Nokia</organization> <address> <postal> <city>Athens</city> <country>Greece</country> </postal> <email>dimitrios.schoinianakis@nokia-bell-labs.com</email> </address> </author> <author fullname="Timothy Hollebeek"> <organization>DigiCert</organization> <address> <postal> <city>Pittsburgh</city><country>USA</country><region>PA</region> <country>United States of America</country> </postal> <email>tim.hollebeek@digicert.com</email> </address> </author> <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth"> <organization abbrev="Entrust">Entrust Limited</organization> <address> <postal> <street>2500 SolandtRoad –Road, Suite 100</street> <city>Ottawa, Ontario</city> <code>K2K 3G5</code> <country>Canada</country> </postal> <email>mike.ounsworth@entrust.com</email> </address> </author> <dateyear="2025" month="August" day="26"/> <area>Security</area> <workgroup>PQUIP</workgroup>year="2026" month="April"/> <area>SEC</area> <workgroup>pquip</workgroup> <keyword>PQC</keyword> <abstract> <?line263?>638?> <!-- Status of I-Ds in references section: [I-D.bonnell-lamps-chameleon-certs] draft-bonnell-lamps-chameleon-certs-07 IESG State: I-D Exists as of 11/26/25 [I-D.connolly-cfrg-xwing-kem] draft-connolly-cfrg-xwing-kem-09 IESG State: I-D Exists as of 11/26/25 [I-D.hale-mls-combiner] draft-hale-mls-combiner-01 Replaced by draft-ietf-mls-combiner [I-D.ietf-hpke-pq] draft-ietf-hpke-pq-03 IESG State: I-D Exists as of 11/26/25 [I-D.ietf-lamps-pq-composite-sigs] draft-ietf-lamps-pq-composite-sigs-13 IESG state: Publication Requested as of 11/26/25 [I-D.ietf-pquip-hybrid-signature-spectrums] draft-ietf-pquip-hybrid-signature-spectrums-07 IESG state: RFC Ed Queue as of 11/26/25 [I-D.ietf-pquip-pqc-hsm-constrained] draft-ietf-pquip-pqc-hsm-constrained-02 IESG State: I-D Exists as of 11/26/25 [I-D.ietf-sshm-ntruprime-ssh] draft-ietf-sshm-ntruprime-ssh-06 Published as RFC 9941 [I-D.ietf-tls-hybrid-design] draft-ietf-tls-hybrid-design-16 IESG state: RFC Ed Queue as of 11/26/25 [I-D.irtf-cfrg-bbs-signatures] draft-irtf-cfrg-bbs-signatures-09 IESG State: I-D Exists as of 11/26/25 [I-D.irtf-cfrg-hybrid-kems] draft-irtf-cfrg-hybrid-kems-07 IESG State: I-D Exists as of 11/26/25 [I-D.ounsworth-cfrg-kem-combiners] draft-ounsworth-cfrg-kem-combiners-05 IESG State: Expired as of 11/26/25 --> <!-- [rfced] FYI - We will do the following when we convert the file to RFCXML: a) Correct author names in reference entry for draft-ietf-pquip-pqc-hsm-constrained. Current: [I-D.ietf-pquip-pqc-hsm-constrained] Reddy.K, T., Wing, D., S, B., and K. Kwiatkowski, "Adapting Constrained Devices for Post-Quantum Cryptography", Work in Progress, Internet-Draft, draft- ietf-pquip-pqc-hsm-constrained-02, 18 October 2025, <https://datatracker.ietf.org/doc/html/draft-ietf-pquip- pqc-hsm-constrained-02>. --> <!-- XML for reference update (draft-ietf-pquip-pqc-hsm-constrained): <reference anchor="I-D.ietf-pquip-pqc-hsm-constrained" target="https://datatracker.ietf.org/doc/html/draft-ietf-pquip-pqc-hsm-constrained-02"> <front> <title>Adapting Constrained Devices for Post-Quantum Cryptography</title> <author initials="T." surname="Reddy" fullname="Tirumaleswar Reddy.K"> <organization>Nokia</organization> </author> <author initials="D." surname="Wing" fullname="Dan Wing"> <organization>Citrix</organization> </author> <author initials="B." surname="Salter" fullname="Ben Salter"> <organization>UK National Cyber Security Centre</organization> </author> <author initials="K." surname="Kwiatkowski" fullname="Kris Kwiatkowski"> <organization>PQShield</organization> </author> <date month="October" day="18" year="2025" /> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-pqc-hsm-constrained-02" /> </reference> - --> <t>The advent of a cryptographically relevant quantum computer (CRQC) would render state-of-the-art, traditional public key algorithms deployed today obsolete, as the mathematical assumptions underpinning their security would no longer hold. To address this, protocols and infrastructure must transition to post-quantum algorithms, which are designed to resist both traditional and quantum attacks. This document explains why engineers need to be aware of and understand post-quantum cryptography (PQC),detailingand it details the impact of CRQCs on existing systems and the challenges involved in transitioning to post-quantum algorithms. Unlike previous cryptographic updates, this shift may require significant protocol redesign due to the unique properties of post-quantum algorithms.</t> </abstract><note removeInRFC="true"> <name>About This Document</name> <t> Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-pquip-pqc-engineers/"/>. </t> <t> Discussion of this document takes place on the pquip Working Group mailing list (<eref target="mailto:pqc@ietf.org"/>), which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/pqc/"/>. Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/pqc/"/>. </t> </note></front> <middle> <?line267?>734?> <section anchor="introduction"> <name>Introduction</name> <t>Quantum computing is no longer just a theoretical concept in computational science and physics; it is now an active area of research with practical implications. Considerable research efforts and enormous corporate and government funding for the development of practical quantum computing systems are currently being invested. At the time this document is published, cryptographically relevant quantum computers (CRQCs) that can break widely used asymmetric algorithms (also known as public key algorithms) are not yet available. However, there is ongoing research and development in the field of quantum computing, with the goal of building more powerful and scalable quantum computers.</t> <t>One common myth is that quantum computers are faster than conventional CPUs and GPUs in all areas. This is not the case; much as GPUs outperform general-purpose CPUs only on specific types of problems,so willquantumcomputers, too,computers also have a niche set of problems on which they excel. Unfortunately for cryptographers, integer factorization and discrete logarithms, the mathematical problems underpinning much of classical public key cryptography, happen to fall within the nichethatin which quantum computers are expected toexcel at.excel. As quantum technology advances, there is the potential for future quantum computers to have a significant impact on current cryptographic systems. Predicting the date of emergence of a CRQC is a challenging task, and there is ongoing uncertainty regarding when they will become practically feasible <xref target="CRQCThreat"/>.</t> <t>Extensive research has produced several post-quantum cryptographic algorithms that offer the potential to ensure cryptography's survival in the quantum computing era. However, transitioning to a post-quantum infrastructure is not a straightforward task, and there are numerous challenges to overcome. It requires a combination of engineering efforts, proactive assessment and evaluation of available technologies, and a careful approach to product development and deployment.</t> <t>PQC is sometimes referred to as "quantum-proof", "quantum-safe", or "quantum-resistant". It is the development of cryptographic algorithms designed to secure communication and data in a world where quantum computers are powerful enough to break traditional cryptographic systems, such as RSA(Rivest–Shamir–Adleman)(Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography). PQC algorithms are intended to be resistant to attacks by quantum computers, which use quantum-mechanical phenomena to solve mathematical problems that are infeasible for classical computers.</t> <t>As the threat of CRQCs draws nearer, engineers responsible for designing, maintaining, and securing cryptographic systems must prepare for the significant changes that the existence of CRQCs will bring. Engineers need to understand how to implement post-quantum algorithms in applications, how to evaluate the trade-offs between security and performance, and how to ensure backward compatibility with current systems where needed. This is not merely a one-for-one replacement of algorithms; in many cases, the shift to PQC will involve redesigning protocols and infrastructure to accommodate the significant differences in resource utilization and key sizes between traditional and PQC algorithms. Due to the wide-ranging nature of these impacts, discussions of protocol changes are integrated throughout this document rather than being confined to a single section.</t> <t>This document aims to provide general guidance to engineers working on cryptographic libraries, network security, and infrastructure development, where long-term security planning is crucial. The document covers topics such as selecting appropriate PQCalgorithms,algorithms and understanding the differences between PQCkey encapsulation mechanismsKey Encapsulation Mechanisms (KEMs) and traditional Diffie-Hellman (DH) andRSA styleRSA-style key exchanges, and it provides insights into expectedkey,differences in keys, ciphertext,andsignaturesizessizes, and processingtime differencestimes between PQC and traditional algorithms. Additionally, it discusses the potential threat to symmetric cryptography and hash functions from CRQCs.</t> <t>It is important to remember that asymmetric algorithms (also known as public key algorithms) are largely used for secure communications between organizations or endpoints that may not have previously interacted, so a significant amount of coordination between organizations, and within and betweenecosystemsecosystems, needs to be taken into account. Such transitions are some of the most complicated in the tech industry and will require staged migrations in which upgraded agents need toco-existcoexist and communicate with non-upgraded agents at a scale never before undertaken.</t> <t>The National Security Agency (NSA) of the United States released an article on future PQC algorithm requirements for US national security systems <xref target="CNSA2-0"/> based on the need to protect against deployments of CRQCs in the future. The German Federal Office for Information Security (BSI) has also released a PQC migration and recommendations document <xref target="BSI-PQC"/>whichthat largely aligns with United States National Institute of Standards and Technology (NIST) and NSAguidance,guidance but differs in aspects such as specific PQC algorithm profiles.</t> <t>CRQCs pose a threat to both symmetric and asymmetric cryptographic schemes. However, the threat to asymmetric cryptography is significantly greater due to Shor's algorithm <xreftarget="Shors"/> algorithm,target="Shors"/>, which can breakwidely-usedwidely used public key schemes like RSA and ECC. Symmetric cryptography and hash functions face a lower risk from Grover's algorithm <xreftarget="Grovers"/> algorithm,target="Grovers"/>, although the impact is less severe and can typically be mitigated by doubling key and digest lengths where the risk applies. It is crucial for the reader to understand that whenthe word"PQC" is mentioned in the document, it means asymmetric cryptography (or public keycryptography),cryptography) and not any symmetric algorithms based on stream ciphers, block ciphers, hash functions, MACs, etc., which are less vulnerable to quantum computers. This document does not coversuchtopics such as when traditional algorithms might become vulnerable (for that, see documents such as <xref target="QC-DNS"/> and others).</t> <t>This document does not cover unrelated technologies like quantum key distribution (QKD) or quantum key generation, which use quantum hardware to exploit quantum effects to protect communications and generate keys, respectively. PQC is based on conventional math (not on quantum mechanics) andsoftwaresoftware, and it can be run on anygeneral purposegeneral-purpose computer.</t> <t>This document does not go into the deep mathematics or technical specification of the PQCalgorithms,algorithms but rather provides an overview to engineers on the current threat landscape and the relevant algorithms designed to help prevent those threats. Also, the cryptographic and algorithmic guidance given in this document should be taken as non-authoritative if it conflicts with emerging and evolving guidance from the IRTF's Crypto Forum Research Group (CFRG).</t> </section> <section anchor="terminology"> <name>Terminology</name><t>Quantum computer: A<dl> <dt>Quantum computer:</dt> <dd> <t>A computer that performs computations using quantum-mechanical phenomena such as superposition and entanglement.</t><t>Physical qubit: The</dd> <dt>Physical qubit:</dt> <dd> <t>The basic physical unit in a quantum computer, which is prone to noise and errors.</t><t>Logical qubit: A</dd> <dt>Logical qubit:</dt> <dd> <t>A fault-tolerant qubit constructed from multiple physical qubits using quantum error correction; it is the effective unit for reliable quantum computation.</t><t>Post-Quantum</dd> <dt>Post-Quantum Cryptography(PQC): Cryptographic(PQC):</dt> <dd> <t>Cryptographic algorithms designed to be secure against quantum and classical attacks.</t><t>Cryptographically</dd> <dt>Cryptographically Relevant Quantum Computer(CRQC): A(CRQC):</dt> <dd> <t>A quantum computer with sufficient logical qubits to break traditional asymmetric cryptographic algorithms (e.g., RSA or ECC) within a practical timeframe.</t><t>Public</dd> <dt>Public Key Cryptography (also called AsymmetricCryptography): ACryptography):</dt> <dd> <t>A class of cryptographic algorithms in which separate keys are used for encryption anddecryption,decryption or for signing and verification. Throughout this document, the terms Public Key Cryptography and Asymmetric Cryptography are used interchangeably.</t> </dd> </dl> <t>There is ongoing discussion about whether to use the term "post-quantum", "quantum ready", "quantum resistant", or "quantumsecure",secure" to describe algorithms that resist CRQCs, and a consensus has not yet been reached. NIST has coined the term "post-quantum" to refer to the algorithms that participated in its competition-like selection process; in this context, the term can be interpreted to mean "the set of algorithms that are designed to still be relevant after quantum computersexist",exist" and not a statement about their security. "Quantum resistant" or "quantum secure" is obviously the goal of thesealgorithms, howeveralgorithms; however, some people have raised concerns thatlabellinglabeling a class of algorithms as "quantum resistant" or "quantum secure" could lead to confusion if one or more of those algorithms are later found to be insecure or to not resist quantum computers as much as theory predicted. "Quantum ready" is often used to refer to a solution -- device, appliance, or software stack -- that has reached maturity withregardsregard to integration of these new cryptographic algorithms. That said, the authors recognize that there is great variability in how these terms are used. This document usesany ofthese terms interchangeably to refer to such algorithms.</t><t>The terms "current," "state-of-the-art," and "ongoing," as used in<t>In this document, the terms "current", "state-of-the-art", and "ongoing" refer to work, research, investigations, deployments, or developments that are applicable at the time of publication.</t> </section> <section anchor="threat-of-crqcs-on-cryptography"> <name>Threat of CRQCs on Cryptography</name> <t>When considering the security risks associated with the ability of a quantum computer to attack traditional cryptography, it is important to distinguish between the impact on symmetric algorithms and public key ones. Dr. Peter Shor and Dr. Lov Grover developed two algorithms that changed the way the world thinks of security under the presence of a CRQC.</t> <t>Quantum computers are, by their nature, hybrids of classical and quantum computational units. For example, Shor's algorithm consists of a combination of quantum and classical computational steps. Thus, the term "quantum adversary" should be thought of as "quantum-enhanced adversary", meaning they have access to both classical and quantum computational techniques.</t><t>Despite that<t>Although large-scale quantum computers do not yet exist to experiment on, the theoretical properties of quantum computation are very well understood. This allows engineers and researchers to reason about the upper limits of quantum-enhancedcomputation,computation andindeedto design cryptographic algorithms that are resistant to any conceivable form of quantum cryptanalysis.</t> <section anchor="symmetric"> <name>Symmetric Cryptography</name> <t>For unstructured data such as symmetric encrypted data or cryptographic hashes, although CRQCs can search for specific solutions across all possible input combinations (e.g., Grover's algorithm), no quantum algorithm is known to break the underlying security properties of these classes of algorithms. Symmetric-key cryptography, which includes keyed primitives such as block ciphers (e.g., AES) and message authentication mechanisms (e.g., HMAC-SHA256), relies on secret keys shared between the sender and receiver and remains secure even in a post-quantum world. Symmetric cryptography also includes hash functions (e.g., SHA-256) that are used for secure message digesting without any shared key material.HMACHashed Message Authentication Code (HMAC) is a specific construction that utilizes a cryptographic hash function and a secret key shared between the sender and receiver to produce a message authentication code.</t> <t>Grover's algorithm is a quantum search algorithm that provides a theoretical quadratic speedup for searching an unstructured database, compared to traditional search algorithms. This has led to the common misconception that symmetric key lengths need to be doubled for quantum security. When you consider the mapping of hash values to their corresponding hash inputs (also known aspre-image),pre-image) or of ciphertext blocks to the corresponding plaintextblocks,blocks as an unstructured database, thenGrover’sGrover's algorithm theoretically requires doubling the key sizes of the symmetric algorithms that are currently deployed at the time of publication to counter the quadratic speedup and maintain the current security level. This is becauseGrover’sGrover's algorithm reduces the amount of operations to break 128-bit symmetric cryptography to 2^{64} quantum operations, which might sound computationally feasible. However, quantum operations are fundamentally different from classicalonesones, as 2^{64} classical operations can be efficientlyparallelized,parallelized but 2^{64} quantum operations must be performed serially, making them infeasible on practical quantum computers.</t> <t>Grover's algorithm is highly non-parallelizable and even if one deploys 2^c computational units in parallel to brute-force a key using Grover's algorithm, it will complete in time proportional to2^{(128−c)/2},2^{(128-c)/2}, or, put simply, using 256 quantum computers will only reduce runtime by a factor of 16, 1024 quantum computers will only reduce runtime by a factor of3232, and so forth (see <xref target="NIST"/> and <xref target="Cloudflare"/>). Due to this inherent limitation, the general expert consensus is that AES-128(Advanced Encryption Standard)remains secure inpractice,practice and key sizes do not necessarily need to be doubled.</t> <t>It would be natural to ask whether future research will develop a superior algorithm that could outperform Grover's algorithm in the general case. However, Christof Zalka has shown that Grover's algorithm achieves the best possible complexity for this type of search, meaning no significantly faster quantum approach is expected <xreftarget="Grover-search"/></t>target="Grover-Search"/>.</t> <!-- [rfced] "CNSA 2.0" is a suite of algorithms from the NSA, not an organization. The organization is the National Security Agency (NSA). May we update the sentence as follows to clarify? Current: However, for compliance purposes, some organizations, such as the French National Agency for the Security of Information Systems (ANSSI) {{ANSSI}} and CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) {{CNSA2-0}}, recommend the use of AES-256. Perhaps: However, for compliance purposes, some organizations, such as the French National Agency for the Security of Information Systems (ANSSI) {{ANSSI}} and the National Security Agency (NSA) {{CNSA2-0}}, recommend the use of AES-256. --> <t>Finally, in their evaluation criteria for PQC, NIST is assessing the security levels of proposed post-quantum algorithms by comparing them against the equivalent traditional and quantum security of AES-128, AES-192, and AES-256. This indicates that NIST is confident in the stable security properties of AES, even in the presence of both traditional and quantum attacks. As a result, 128-bit algorithms can be considered quantum-safe for the foreseeable future. However, for compliance purposes, some organizations, such as the French National Agency for the Security of Information Systems (ANSSI) <xref target="ANSSI"/> andCNSA 2.0 (CommercialCommercial National Security Algorithm Suite 2.0 (CNSA 2.0) <xref target="CNSA2-0"/>, recommend the use of AES-256.</t> </section> <section anchor="asymmetric-cryptography"> <name>Asymmetric Cryptography</name><t>“Shor’s algorithm”<t>"Shor's algorithm" efficiently solves the integer factorization problem (and the related discrete logarithm problem), which underpin the foundations of the vast majority of public key cryptography that the world uses today. This implies that, if a CRQC is developed,today’stoday's public key algorithms (e.g., RSA,Diffie-HellmanDiffie-Hellman, andelliptic curve cryptography,ECC, as well as lesscommonly-usedcommonly used variants such as ElGamal <xref target="RFC6090"/> and Schnorr signatures <xref target="RFC8235"/>) and protocols would need to be replaced by algorithms and protocols that can offer cryptanalytic resistance against CRQCs. Note thatShor’sShor's algorithm cannot run solely on a classicalcomputer,computer; it requires a CRQC.</t> <t>For example, studies show that, if a CRQC existed, it could break RSA-2048 in hours or even seconds depending on assumptions about error correction <xreftarget="RSAShor"/><xref target="RSA8HRS"/><xreftarget="RSAShor"/> <xref target="RSA8HRS"/> <xref target="RSA10SC"/>. While such machines are purely theoretical at the time of writing, this illustrates the eventual vulnerability of RSA to CRQCs.</t> <t>For structured data such as public keys and signatures, CRQCs can fully solve the underlying hard problems used in traditional cryptography (see Shor's algorithm). Because an increase in the size of thekey-pairkey pair would not provide a secure solution (short of RSA keys that are many gigabytes in size <xref target="PQRSA"/>), a complete replacement of the algorithm is needed. Therefore, post-quantum public key cryptography must rely on problems that are different from the ones used in traditional public key cryptography (i.e., the integer factorization problem, the finite-field discrete logarithm problem, and the elliptic-curve discrete logarithm problem).</t> </section> <section anchor="quantum-side-channel-attacks"> <name>QuantumSide-channelSide-Channel Attacks</name> <t>Cryptographic side-channel attacks exploit physicalimplementations, suchimplementations (such as timing, power consumption, or electromagneticleakageleakage) to recover secret keys.</t> <t>The field of cryptographic side-channel attacks potentially stands to gain a boost in attacker power once cryptanalytic techniques can be enhanced with quantum computation techniques <xref target="QuantSide"/>. While a full discussion of quantum side-channel techniques is beyond the scope of this document, implementers of cryptographic hardware should be aware that currentbest-practicesbest practices for side-channel resistance may not be sufficient against quantum adversaries.</t> <!-- [rfced] We slightly rephrased the following to avoid repetition of "hence" (i.e., made new sentence and replaced the first "hence" with "Because of this"). Please review and let us know any concerns. Original: Similar to key agreement, signatures also depend on a public-private key pair based on the same mathematics as for key agreement and key transport, and hence a break in existing public key cryptography will also affect traditional digital signatures, hence the importance of developing post-quantum digital signatures. Updated: Similar to key agreement, signatures also depend on a public-private key pair based on the same mathematics as for key agreement and key transport. Because of this, a break in existing public key cryptography will also affect traditional digital signatures, hence the importance of developing post-quantum digital signatures. --> </section> </section> <section anchor="traditional-cryptographic-primitives-that-could-be-replaced-by-pqc"> <name>Traditional Cryptographic PrimitivesthatThat Could Be Replaced by PQC</name> <t>Any asymmetric cryptographic algorithm based on integer factorization, finite field discrete logarithms, orelliptic curveelliptic-curve discrete logarithms will be vulnerable to attacks using Shor's algorithm on a CRQC. This document focuses on the principal functions of asymmetric cryptography:</t><ul spacing="normal"> <li> <t>Key<dl> <dt>Key agreement and keytransport: Keytransport:</dt> <dd> <t>Key agreement schemes, typically referred to as Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH), as well as key transport, typically using RSA encryption, are used to establish a shared cryptographic key for secure communication. They are one of the mechanisms that can be replaced by PQC, as they are based on existing public key cryptography and are therefore vulnerable to Shor's algorithm. A CRQC can employ Shor's algorithm to efficiently find the prime factors of a large public key (in the case of RSA),whichwhich, inturnturn, can be exploited to derive the private key. In the case ofDiffie-Hellman,DH, a CRQC has the potential to calculate the discrete logarithm of the(short(short- or long-term)Diffie-HellmanDH public key. This, in turn, would reveal the secret required to derive the symmetric encryption key.</t></li> <li></dd> <dt>Digital signatures:</dt> <dd> <t>Digitalsignatures: Digitalsignature schemes are used to authenticate the identity of a sender, detect unauthorized modifications to data, and underpin trust in a system. Similar to key agreement, signatures also depend on a public-private key pair based on the same mathematics as for key agreement and keytransport, and hencetransport. Because of this, a break in existing public key cryptography will also affect traditional digital signatures, hence the importance of developing post-quantum digital signatures.</t></li> <li></dd> <dt>Boneh-Boyen-Shacham (BBS) signatures:</dt> <dd> <t>BBSsignatures: BBS (Boneh-Boyen-Shacham)signatures are a privacy-preserving signature scheme that offers zero-knowledge proof-like properties by allowing selective disclosure of specific signed attributes without revealing the entire set of signed data. The security of BBS signatures relies on the hardness of the discrete logarithm problem, making them vulnerable to Shor's algorithm. A CRQC can break the data authenticity security property of BBS but not the data confidentiality(Section 6.9 of <xref(<xref section="6.9" sectionFormat="of" target="I-D.irtf-cfrg-bbs-signatures"/>).</t></li> <li></dd> <dt>Content encryption:</dt> <dd> <t>Contentencryption: Contentencryption typically refers to the encryption of the data using symmetric key algorithms, such as AES, to ensure confidentiality. The threat to symmetric cryptography is discussed in <xref target="symmetric"/>.</t></li> </ul></dd> </dl> </section> <section anchor="nist-pqc-algorithms"> <name>NIST PQC Algorithms</name> <t>At the time of writing, NISThavehas standardized three PQC algorithms, with more expected to bestandardisedstandardized in the future(<xref(see <xref target="NISTFINAL"/>). These algorithms are not necessarily drop-in replacements for traditional asymmetric cryptographic algorithms. For instance, RSA <xref target="RSA"/> and ECC <xref target="RFC6090"/> can be used as both a key encapsulation method (KEM) andasa signature scheme, whereas there is currently no post-quantum algorithm that can perform both functions. When upgrading protocols, it is important to replace the existing use of traditional algorithms with either a PQC KEM or a PQC signature method, depending on how the traditional algorithm was previously being used. Additionally, KEMs, as described in <xref target="KEMs"/>, present a different API than either key agreement or key transport primitives. As a result, they may require protocol-level or application-level changes in order to be incorporated.</t> <section anchor="nist-candidates-selected-for-standardization"> <name>NIST Candidates Selected for Standardization</name> <!-- [rfced] In Sections 5.1.1, 5.1.2, and 6.1, may we update the lists to better indicate the term being defined? We suggest placing the term rather than the citation before the colon. See the suggested text in a), b), and c) below. We also have some additional questions regarding Section 5.1.2: - How should "FN" in "FN-DSA" be expanded? Perhaps as "Fast-Fourier Transform over NTRU-Lattice-Based Digital Signature Algorithm"? - The FN-DSA entry includes pointers to Sections 8.1 and 10.2, but ML-DSA and SLH-DSA are also mentioned in those setions. Should the pointers to Sections 8.1 and 10.2 apply to all entries? - We do not see "FN-DSA" mentioned in the URL listed for [FN-DSA]. Please review. Also, should this reference be to FIPS 206, or should the relationship between FIPS 206 and Fast Fourier/Falcon be explained for the reader? It seems that FIPS 206 is still in draft form. a) Section 5.1.1 Original * [ML-KEM]: Module-Lattice-based Key-Encapsulation Mechanism Standard (FIPS-203). * [HQC]: Hamming Quasi-Cyclic coding algorithm which is based on the hardness of the syndrome decoding problem for quasi-cyclic concatenated Reed-Muller and Reed-Solomon (RMRS) codes in the Hamming metric. Reed-Muller (RM) codes are a class of block error-correcting codes commonly used in wireless and deep-space communications, while Reed-Solomon (RS) codes are widely used to detect and correct multiple-bit errors. HQC has been selected as part of the NIST post-quantum cryptography project but has not yet been standardized. Perhaps: ML-KEM: Module-Lattice-Based Key Encapsulation Mechanism. See FIPS 203 [ML-DSA]. HQC: Hamming Quasi-Cyclic. See [HQC]. The coding algorithm based on the hardness of the syndrome decoding problem for quasi-cyclic concatenated Reed-Muller and Reed-Solomon (RMRS) codes in the Hamming metric. Reed-Muller (RM) codes are a class of block error-correcting codes commonly used in wireless and deep-space communications, while Reed-Solomon (RS) codes are widely used to detect and correct multiple-bit errors. HQC has been selected as part of the NIST post-quantum cryptography project but has not yet been standardized. b) Section 5.1.2 Original: * [ML-DSA]: Module-Lattice-Based Digital Signature Standard (FIPS- 204). * [SLH-DSA]: Stateless Hash-Based Digital Signature (FIPS-205). * [FN-DSA]: FN-DSA is a lattice signature scheme (FIPS-206) (Section 8.1 and Section 10.2). Perhaps: ML-DSA: Module-Lattice-Based Digital Signature Algorithm. See FIPS 204 [ML-DSA]. SLH-DSA: Stateless Hash-Based Digital Signature Algorithm. See FIPS 205 [SLH-DSA]. FN-DSA: Fast-Fourier Transform over NTRU-Lattice-Based Digital Signature Algorithm. See FIPS 206 [FN-DSA]. For more information about these, see Sections 8.1 and 10.2. c) Section 6.1 Original: * [FrodoKEM]: Key Encapsulation mechanism based on the hardness of learning with errors in algebraically unstructured lattices. * [ClassicMcEliece]: Based on the hardness of syndrome decoding of Goppa codes. Goppa codes are a class of error-correcting codes that can correct a certain number of errors in a transmitted message. The decoding problem involves recovering the original message from the received noisy codeword. * [NTRU]: Key encapsulation mechanism based on the "N-th degree Truncated polynomial Ring Units" (NTRU) lattices. Variants include Streamlined NTRU Prime (sntrup761), which is leveraged for use in SSH [I-D.ietf-sshm-ntruprime-ssh]. Perhaps: FrodoKEM: KEM based on the hardness of learning with errors in algebraically unstructured lattices. See [FrodoKEM]. Classic McEliece: KEM based on the hardness of syndrome decoding of Goppa codes. Goppa codes are a class of error-correcting codes that can correct a certain number of errors in a transmitted message. The decoding problem involves recovering the original message from the received noisy codeword. See [ClassicMcEliece]. NTRU: KEM based on the "N-th degree Truncated polynomial Ring Units" (NTRU) lattices. Variants include Streamlined NTRU Prime (sntrup761), which is leveraged for use in SSH [RFC9941]. See [NTRU]. --> <section anchor="pqc-key-encapsulation-mechanisms-kems"> <name>PQC Key Encapsulation Mechanisms (KEMs)</name><ul spacing="normal"> <li> <t><xref target="ML-KEM"/>: Module-Lattice-based<dl> <dt><xref target="ML-KEM"/>:</dt> <dd> <t>Module-Lattice-Based Key-Encapsulation Mechanism Standard(FIPS-203).</t> </li> <li> <t><xref target="HQC"/>: Hamming(FIPS 203).</t> </dd> <dt><xref target="HQC"/>:</dt> <dd> <t>Hamming Quasi-Cyclic codingalgorithmalgorithm, which is based on the hardness of the syndrome decoding problem for quasi-cyclic concatenated Reed-Muller and Reed-Solomon (RMRS) codes in the Hamming metric. Reed-Muller (RM) codes are a class of block error-correcting codes commonly used in wireless and deep-space communications, while Reed-Solomon (RS) codes are widely used to detect and correct multiple-bit errors. HQC has been selected as part of the NIST post-quantum cryptography project but has not yet been standardized.</t></li> </ul></dd> </dl> </section> <section anchor="pqc-signatures"> <name>PQC Signatures</name><ul spacing="normal"> <li> <t><xref target="ML-DSA"/>: Module-Lattice-Based<dl> <dt><xref target="ML-DSA"/>:</dt> <dd> <t>Module-Lattice-Based Digital Signature Standard(FIPS-204).</t> </li> <li> <t><xref target="SLH-DSA"/>: Stateless(FIPS 204).</t> </dd> <dt><xref target="SLH-DSA"/>:</dt> <dd> <t>Stateless Hash-Based Digital Signature(FIPS-205).</t> </li> <li> <t><xref target="FN-DSA"/>: FN-DSA(FIPS 205).</t> </dd> <dt><xref target="FN-DSA"/>:</dt> <dd> <t>FN-DSA is a lattice signature scheme(FIPS-206) (<xref target="lattice-based"/>(FIPS 206) (see Sections <xref target="lattice-based" format="counter"/> and <xreftarget="sig-scheme"/>).</t> </li> </ul>target="sig-scheme" format="counter"/>).</t> </dd> </dl> </section> </section> </section> <section anchor="iso-candidates-selected-for-standardization"> <name>ISO Candidates Selected for Standardization</name> <t>At the time of writing, ISO has selected three PQC KEM algorithms as candidates forstandardization, whichstandardization; these are mentioned in the following subsection.</t> <section anchor="pqc-key-encapsulation-mechanisms-kems-1"> <name>PQC Key Encapsulation Mechanisms (KEMs)</name><ul spacing="normal"> <li> <t><xref target="FrodoKEM"/>: Key Encapsulation mechanism<dl> <dt><xref target="FrodoKEM"/>:</dt> <dd> <t>KEM based on the hardness of learning with errors in algebraically unstructured lattices.</t></li> <li> <t><xref target="ClassicMcEliece"/>: Based</dd> <dt><xref target="ClassicMcEliece"/>:</dt> <dd> <t>KEM based on the hardness of syndrome decoding of Goppa codes. Goppa codes are a class of error-correcting codes that can correct a certain number of errors in a transmitted message. The decoding problem involves recovering the original message from the received noisy codeword.</t></li> <li> <t><xref target="NTRU"/>: Key encapsulation mechanism</dd> <dt><xref target="NTRU"/>:</dt> <dd> <t>KEM based on the "N-th degree Truncated polynomial Ring Units" (NTRU) lattices. Variants include Streamlined NTRU Prime (sntrup761), which is leveraged for use in SSH <xreftarget="I-D.ietf-sshm-ntruprime-ssh"/>.</t> </li> </ul>target="RFC9941"/>.</t> </dd> </dl> </section> </section> <section anchor="timeline"> <name>Timeline for Transition</name> <t>Thetimeline,timeline and driving motivation for transitiondiffersdiffer slightly between data confidentiality (e.g., encryption) and data authentication (e.g., signature)use-cases.</t>use cases.</t> <t>For data confidentiality, one is concerned with the so-called "harvest now, decrypt later" (HNDL) attack where a malicious actor with adequate resources can launch an attack to store sensitive encrypted data today that they hope to decrypt once a CRQC is available. This implies that, every day, sensitive encrypted data is susceptible to the attack by not implementing quantum-safe strategies, as it corresponds to data possibly being deciphered in the future.</t> <t>For authentication, it is often the case that signatures have a very short lifetime between signing and verifying (such as during a TLShandshake)handshake), but some authenticationuse-casesuse cases do require long lifetimes, such as signing firmware or software that will be active for decades, signing legal documents, or signing certificates that will be embedded into hardware devices such assmartcards.smart cards. Even for short-livedsignaturessignature use cases, the infrastructure often relies on long-lived rootkeyskeys, which can be difficult to update or replace on in-field devices.</t> <figure anchor="Mosca"> <name>Moscamodel</name>Model</name> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width="448" viewBox="0 0 448 160" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,32 L 8,128" fill="none" stroke="black"/> <path d="M 208,32 L 208,80" fill="none" stroke="black"/> <path d="M 296,80 L 296,128" fill="none" stroke="black"/> <path d="M 440,32 L 440,80" fill="none" stroke="black"/> <path d="M 8,32 L 440,32" fill="none" stroke="black"/> <path d="M 8,80 L 440,80" fill="none" stroke="black"/> <path d="M 312,96 L 440,96" fill="none" stroke="black"/> <path d="M 8,128 L 296,128" fill="none" stroke="black"/> <polygon class="arrowhead" points="448,96 436,90.4 436,101.6" fill="black" transform="rotate(0,440,96)"/> <polygon class="arrowhead" points="320,96 308,90.4 308,101.6" fill="black" transform="rotate(180,312,96)"/> <g class="text"> <text x="104" y="68">y</text> <text x="320" y="68">x</text> <text x="136" y="116">z</text> <text x="356" y="116">Security</text> <text x="408" y="116">gap</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ +------------------------+----------------------------+ | | | | y | x | +------------------------+----------+-----------------+ | | <---------------> | z | Security gap +-----------------------------------+ ]]></artwork> </artset> </figure> <t>These challenges are illustrated nicely by the so-called Mosca model discussed in <xref target="Threat-Report"/>. In <xref target="Mosca"/>, "x" denotes the time that systems and data need to remain secure, "y" the number of years to fully migrate to a PQC infrastructure, and "z" the time until a CRQC that can break current cryptography is available. The model assumes either that encrypted data can be intercepted and stored before the migration is completed in "y" years, or that signatures will still be relied upon for "x" years after their creation. This data remains vulnerable for the complete "x" years of theirlifetime, thuslifetime; thus, the sum "x+y" gives us an estimate of the full timeframe that dataremainremains insecure. The model essentially asks how one is preparing IT systems during those "y" years (in other words, how one can minimize those "y" years) to minimize the transition phase to a PQC infrastructure and hence minimize the risks of data being exposed in the future.</t> <t>Finally, other factors that could accelerate the introduction of a CRQC should not beunder-estimated, likeunderestimated, forexampleexample, faster-than-expected advances in quantum computing and more efficient versions ofShor’sShor's algorithm requiring fewer qubits. Innovation often comes in waves, so it is to theindustry’sindustry's benefit to remain vigilant and prepare as early as possible.BearAlso, bear in mindalsothat while the industry tracks advances from public research institutions such as universities and companies that publish their results, there is also a great deal of large-budget quantum research being conducted privately by various national interests. Therefore, the true state of quantum computer advancement is likely several years ahead of the publicly available research at the date this document is published.</t> <t>Organizations should alsoconsidercarefully and honestly consider what their migration timeline "y" actually is. If youthinkonly think of the time between receiving a patch from your technologyvendor,vendor and rolling that patch out, then "y" might seem as short as a few weeks. However, this represents the minority of migration cases; more often, a PQC migration will involve at least some amount of hardware replacement. For example, performance-sensitive applications will need CPUs with PQC hardware acceleration. Security-sensitive applications will need PQC TPMs,TEEs, Secure Enclaves,Trusted Execution Environments (TEEs), secure enclaves, and other cryptographic co-processors.SmartcardSmart card applications will require replacement of the cardsas well as of theand readers. The readerswhichcan come in manyform-factors:form factors: tap-for-entry door and turnstile readers, PIN pad machines, laptops with built-insmartcardsmart card readers, and many others.</t> <t>Included in "y" is not only the deploymenttime,time but also the preparation time: integration, testing, auditing, andre-certificationrecertification of cryptographic environments.Consider alsoAlso consider upstream effects that contribute to "y", includinglead-timeslead times foryourvendors to produce PQC-ready products, which may itself include auditing and certification delays, time for regulating bodies to adopt PQC policies, time for auditors to become familiar with the new requirements, etc. If you measure the full migration time "y" from when your vendors begin implementing PQCfunctionality,functionality to when you switch off your last non-PQC-capable device, then "y" can be quitelong;long, likely measured in years for even mostmoderately-sized organizations, thismoderately sized organizations. This long tail should not discourage early action.</t> <t>Organizations responsible for protecting long-lived sensitive data or operating critical infrastructure will need to begin transitioning immediately, particularly in scenarios where data is vulnerable to HNDL attacks.PQ/TPost-quantum and traditional (PQ/T) <xref target="PQT"/> or PQ key exchange is relatively self-contained, typically requiring changes only to the cryptographic library (e.g., OpenSSL). In contrast, migrating to post-quantum or PQ/T digital signatures involves broader ecosystem changes, including updates to certificates,CAs,certificate authorities (CAs), Certificate Management Protocols, HSMs, and trust anchors. Starting early with hybrid key exchange deployments allows organizations to gain operational experience, while prototyping and planning for PQ/T or PQ digital signature integration helps identify ecosystem-wide impacts early. This phased approach reduces long-term migration risks and ensures readiness for more complex updates.</t> </section> <section anchor="pqc-categories"> <name>PQC Categories</name> <t>The post-quantum cryptographic schemes standardized by NIST can be categorized into three main groups: lattice-based, hash-based, and code-based. Other approaches, such as isogeny-based, multivariate-based, and MPC-in-the-Head-based cryptography, are also being explored in research and standardization efforts. In addition, NIST issued a call for additional digital signature proposals to expand the set of post-quantum signatures under evaluation <xref target="AddSig"/>.</t> <section anchor="lattice-based"> <name>Lattice-Based Public Key Cryptography</name> <t>Lattice-based public key cryptography leverages the simple construction of lattices (i.e., a regular collection of points in a Euclidean space that are evenly spaced) to create "trapdoor" problems. These problems are efficient to compute if you possess the secret information but challenging to compute otherwise. Examples of such problems include the shortest vector, closest vector, short integer solution, learning with errors, module learning with errors, and learning with rounding problems. All of these problems feature strong proofs for worst-to-average case reduction, effectively relating the hardness of the average case to the worst case.</t> <t>Lattice-based public keys and signatures are larger than those of classical schemes such as RSA or ECC, but typically by less than an order of magnitude for public keys (about6–10×)6-10x) and by roughly one to two orders of magnitude for signatures (about10–100×),10-100x) rather than by several orders of magnitude, making them the best available candidates for general-purposeuseuse, such as replacing the use of RSA in PKIX certificates.</t> <t>Examples of this class of algorithms include ML-KEM, FN-DSA,ML-DSAML-DSA, and FrodoKEM.</t> <t>It is noteworthy that lattice-based encryption schemes require a rounding step duringdecryptiondecryption, which has a non-zero probability of "rounding the wrong way" and leading to a decryption failure, meaning that valid encryptions are decrypted incorrectly. However, the parameters of NIST PQC candidates are carefully chosen so that the probability of such a failure is cryptographically negligible, far lower than the probability of random transmission errors and implementation bugs. In practical terms, these rare decryption failures can be treated the same way as any fatal transport error:bothBoth sides simply perform a fresh KEM operation, generating a new ciphertext and shared secret.</t> <t>In cryptanalysis, an oracle refers to a system that an attacker can query to learn whether decryption succeeded or failed. If such an oracle exists, an attacker could significantly reduce the security of lattice-based schemes that have a relatively high failure rate. However, for most of the NIST PQC proposals, the number of required oracle queries to force a decryption failure is above practical limits, ashas beenshown in <xref target="LattFail1"/>. More recent works have improved upon the results in <xref target="LattFail1"/>, showing that the cost of searching for additional failing ciphertexts after one or more have already beenfound,found can be sped up dramatically <xref target="LattFail2"/>. Nevertheless, at the time this document is published, the PQC candidates by NIST are considered secure under theseattacksattacks, and constant monitoring as cryptanalysis research is ongoing.</t> </section> <section anchor="hash-based"> <name>Hash-Based Public Key Cryptography</name><t>Hash based PKC<t>Hash-based Public Key Cryptography (PKC) has been around since the 1970s, when it was developed by Lamport and Merkle. It is used to create digital signaturealgorithmsalgorithms, and its security is based on the security of the underlying cryptographic hash function. Many variants of hash-based signatures(HBS)(HBSs) have been developed since the70s1970s, including the recent XMSS <xref target="RFC8391"/>, HSS/LMS <xreftarget="RFC8554"/>target="RFC8554"/>, or BPQS <xref target="BPQS"/> schemes. Unlike many other digital signature techniques, most hash-based signature schemes are stateful, which means that signing necessitates the update and careful tracking of the state of the secret key. Producing multiple signatures using the same secret key state results in loss of security and may ultimately enable signature forgery attacks against that key.</t> <t>Stateful hash-based signatures with long service lifetimes require additional operational complexity comparedwithto other signature types. For example, consider a 20-year root key; there is an expectation that 20 years is longer than the expected lifetime of the hardware that key is stored on,and thereforeso the key will need to be migrated to new hardware at some point. Disaster-recovery scenarios where the primary node fails without warning can be similarly tricky. This requires careful operational and compliance consideration to ensure that no private key state can be reused across the migration or disaster recovery event. One approach for avoiding these issues is to only use statefulHBSHBSs for short-term use cases that do not require horizontal scaling, forexampleexample, signing a batch of firmware images and then retiring the signing key.</t> <t>The SLH-DSA algorithm, which was standardized by NIST, leverages the HORST(hash(Hash toobtain random subsetObtain Random Subset withtrees)Trees) technique and remains the only standardized hash based signature scheme that is stateless, thus avoiding the complexities associated with state management. SLH-DSA is an advancement on SPHINCSwhichthat reduces the signature sizes in SPHINCS and makes it more compact.</t> </section> <section anchor="code-based"> <name>Code-Based Public Key Cryptography</name> <t>This area of cryptography started in the 1970s and80s1980s and was based on the seminal work of McEliece andNiederreiterNiederreiter, which focuses on the study of cryptosystems based on error-correcting codes. Some popularerror correctingerror-correcting codes include Goppa codes (used in McEliece cryptosystems), encoding and decoding syndrome codes used inHamming quasi-cyclic (HQC),HQC, or quasi-cyclic moderate density parity check (QC-MDPC) codes.</t> <t>Examples include all the unbroken NIST Round 4 finalists: Classic McEliece, HQC (selected by NIST for standardization), and BIKE <xref target="BIKE"/>.</t> <!-- [rfced] Please review the following sentence. The expansion of "KEM encapsulation" would be "key encapsulation mechanism encapsulation" if it were left as is. Is this correct? Or may we update as follows to avoid repetition? Current: The KEM encapsulation results in a fixed-length symmetric key that can be used with a symmetric algorithm, typically a block cipher, in one of two different ways: Perhaps: The KEM results in a fixed-length symmetric key that can be used with a symmetric algorithm, typically a block cipher, in one of two different ways: --> </section> </section> <section anchor="KEMs"> <name>KEMs</name> <t>A Key Encapsulation Mechanism (KEM) is a cryptographic technique used for securely exchanging symmetric key material between two parties over an insecure channel. It is commonly used in hybrid encryptionschemes,schemes where a combination of asymmetric (public key) and symmetric encryption is employed. The KEM encapsulation results in a fixed-length symmetric key that can be used with a symmetric algorithm, typically a block cipher, in one of two different ways:</t> <ul spacing="normal"> <li><t>Derive<t>To derive a data encryption key (DEK) to encrypt the data</t> </li> <li><t>Derive<t>To derive a key encryption key (KEK) used to wrap a DEK</t> </li> </ul> <t>These techniques are often referred to as"hybrid public key encryption (HPKE)"the Hybrid Public Key Encryption (HPKE) <xref target="RFC9180"/> mechanism.</t> <t>The term "encapsulation" is chosen intentionally to indicate that KEM algorithms behave differently at the API level from the key agreement or key encipherment/and key transport mechanisms that are in use today. Key agreement schemes imply that both parties contribute apublic / privatepublic-private key pair to the exchange, while key encipherment/and key transport schemes imply that the symmetric key material is chosen by one party and "encrypted" or "wrapped" for the other party. KEMs, on the other hand, behave according to the following API primitives <xref target="PQCAPI"/>:</t> <ul spacing="normal"> <li> <t>def kemKeyGen() -> (pk, sk)</t> </li> <li> <t>def kemEncaps(pk) -> (ss, ct)</t> </li> <li> <t>def kemDecaps(ct, sk) -> ss</t> </li> </ul> <t>where <tt>pk</tt> is the public key, <tt>sk</tt> is the secret key, <tt>ct</tt> is the ciphertext representing an encapsulated key, and <tt>ss</tt> is the shared secret. The following figure illustrates a sample flow of a KEM-based key exchange:</t> <figure anchor="tab-kem-ke"><name>KEM based key exchange</name><name>KEM-Based Key Exchange</name> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="336" width="536" viewBox="0 0 536 336" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,272 L 8,304" fill="none" stroke="black"/> <path d="M 24,80 L 24,112" fill="none" stroke="black"/> <path d="M 184,32 L 184,64" fill="none" stroke="black"/> <path d="M 208,80 L 208,112" fill="none" stroke="black"/> <path d="M 208,272 L 208,304" fill="none" stroke="black"/> <path d="M 224,72 L 224,320" fill="none" stroke="black"/> <path d="M 264,32 L 264,64" fill="none" stroke="black"/> <path d="M 280,32 L 280,64" fill="none" stroke="black"/> <path d="M 320,72 L 320,320" fill="none" stroke="black"/> <path d="M 336,176 L 336,208" fill="none" stroke="black"/> <path d="M 360,32 L 360,64" fill="none" stroke="black"/> <path d="M 528,176 L 528,208" fill="none" stroke="black"/> <path d="M 184,32 L 264,32" fill="none" stroke="black"/> <path d="M 280,32 L 360,32" fill="none" stroke="black"/> <path d="M 184,64 L 264,64" fill="none" stroke="black"/> <path d="M 280,64 L 360,64" fill="none" stroke="black"/> <path d="M 24,80 L 208,80" fill="none" stroke="black"/> <path d="M 24,112 L 208,112" fill="none" stroke="black"/> <path d="M 232,160 L 312,160" fill="none" stroke="black"/> <path d="M 336,176 L 528,176" fill="none" stroke="black"/> <path d="M 336,208 L 528,208" fill="none" stroke="black"/> <path d="M 232,256 L 312,256" fill="none" stroke="black"/> <path d="M 8,272 L 208,272" fill="none" stroke="black"/> <path d="M 8,304 L 208,304" fill="none" stroke="black"/> <polygon class="arrowhead" points="320,160 308,154.4 308,165.6" fill="black" transform="rotate(0,312,160)"/> <polygon class="arrowhead" points="240,256 228,250.4 228,261.6" fill="black" transform="rotate(180,232,256)"/> <g class="text"> <text x="220" y="52">Client</text> <text x="316" y="52">Server</text> <text x="48" y="100">pk,</text> <text x="76" y="100">sk</text> <text x="96" y="100">=</text> <text x="152" y="100">kemKeyGen()</text> <text x="216" y="100">-</text> <text x="244" y="148">pk</text> <text x="328" y="196">-</text> <text x="360" y="196">ss,</text> <text x="388" y="196">ct</text> <text x="408" y="196">=</text> <text x="472" y="196">kemEncaps(pk)</text> <text x="292" y="244">ct</text> <text x="28" y="292">ss</text> <text x="48" y="292">=</text> <text x="112" y="292">kemDecaps(ct,</text> <text x="184" y="292">sk)</text> <text x="216" y="292">-</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ +---------+ +---------+ | Client | | Server | +---------+ +---------+ +----------------------+ | | | pk, sk = kemKeyGen() |-| | +----------------------+ | | | | | pk | |---------->| | | +-----------------------+ | |-| ss, ct = kemEncaps(pk)| | | +-----------------------+ | | | ct | |<----------| +------------------------+ | | | ss = kemDecaps(ct, sk) |-| | +------------------------+ | | | | ]]></artwork> </artset> </figure> <section anchor="authenticated-key-exchange"> <name>Authenticated Key Exchange</name> <!-- [rfced] May we update the title of Figure 4 as follows? Original: Figure 4: Diffie-Hellman based AKE and NIKE simultaneously Perhaps: Figure 4: Simultaneous DH-Based AKE and NIKE --> <t>Authenticated Key Exchange (AKE) with KEMs where both parties contribute a KEM public key to the overall session key is interactive as described inSection 9.4 of<xref section="9.4" sectionFormat="of" target="RFC9528"/>. However, a single-sided KEM, such as when one peer has a KEM key in a certificate and the other peer wants to encrypt for it (as in S/MIME or OpenPGP email), can be achieved using non-interactive HPKE <xref target="RFC9180"/>. The following figure illustrates theDiffie-Hellman (DH)DH Key exchange:</t> <figure anchor="tab-dh-ake"><name>Diffie-Hellman based<name>DH-Based AKE</name> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="480" width="552" viewBox="0 0 552 480" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,320 L 8,368" fill="none" stroke="black"/> <path d="M 24,80 L 24,128" fill="none" stroke="black"/> <path d="M 136,336 L 136,344" fill="none" stroke="black"/> <path d="M 184,32 L 184,64" fill="none" stroke="black"/> <path d="M 216,80 L 216,128" fill="none" stroke="black"/> <path d="M 216,320 L 216,368" fill="none" stroke="black"/> <path d="M 232,72 L 232,464" fill="none" stroke="black"/> <path d="M 264,32 L 264,64" fill="none" stroke="black"/> <path d="M 280,32 L 280,64" fill="none" stroke="black"/> <path d="M 328,72 L 328,464" fill="none" stroke="black"/> <path d="M 344,192 L 344,256" fill="none" stroke="black"/> <path d="M 344,432 L 344,464" fill="none" stroke="black"/> <path d="M 360,32 L 360,64" fill="none" stroke="black"/> <path d="M 544,192 L 544,256" fill="none" stroke="black"/> <path d="M 544,432 L 544,464" fill="none" stroke="black"/> <path d="M 184,32 L 264,32" fill="none" stroke="black"/> <path d="M 280,32 L 360,32" fill="none" stroke="black"/> <path d="M 184,64 L 264,64" fill="none" stroke="black"/> <path d="M 280,64 L 360,64" fill="none" stroke="black"/> <path d="M 24,80 L 216,80" fill="none" stroke="black"/> <path d="M 24,128 L 216,128" fill="none" stroke="black"/> <path d="M 240,176 L 320,176" fill="none" stroke="black"/> <path d="M 344,192 L 544,192" fill="none" stroke="black"/> <path d="M 344,256 L 544,256" fill="none" stroke="black"/> <path d="M 240,304 L 320,304" fill="none" stroke="black"/> <path d="M 8,320 L 216,320" fill="none" stroke="black"/> <path d="M 8,368 L 216,368" fill="none" stroke="black"/> <path d="M 240,416 L 320,416" fill="none" stroke="black"/> <path d="M 344,432 L 544,432" fill="none" stroke="black"/> <path d="M 344,464 L 544,464" fill="none" stroke="black"/> <polygon class="arrowhead" points="328,416 316,410.4 316,421.6" fill="black" transform="rotate(0,320,416)"/> <polygon class="arrowhead" points="328,176 316,170.4 316,181.6" fill="black" transform="rotate(0,320,176)"/> <polygon class="arrowhead" points="248,304 236,298.4 236,309.6" fill="black" transform="rotate(180,240,304)"/> <g class="text"> <text x="220" y="52">Client</text> <text x="316" y="52">Server</text> <text x="72" y="100">Long-term</text> <text x="140" y="100">client</text> <text x="188" y="100">key:</text> <text x="116" y="116">sk1,</text> <text x="152" y="116">pk1</text> <text x="224" y="116">-</text> <text x="256" y="164">pk1</text> <text x="336" y="212">-</text> <text x="392" y="212">Long-term</text> <text x="460" y="212">server</text> <text x="508" y="212">key:</text> <text x="436" y="228">sk2,</text> <text x="472" y="228">pk2</text> <text x="364" y="244">ss</text> <text x="384" y="244">=</text> <text x="436" y="244">KeyEx(pk1,</text> <text x="500" y="244">sk2)</text> <text x="312" y="292">pk2</text> <text x="28" y="340">ss</text> <text x="48" y="340">=</text> <text x="96" y="340">KeyEx(pk2</text> <text x="164" y="340">sk1)</text> <text x="92" y="356">encryptContent(ss)</text> <text x="224" y="356">-</text> <text x="280" y="388">encrypted</text> <text x="288" y="404">content</text> <text x="428" y="452">decryptContent(ss)</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ +---------+ +---------+ | Client | | Server | +---------+ +---------+ +-----------------------+ | | | Long-term client key: | | | | sk1, pk1 |-| | +-----------------------+ | | | | | pk1 | |---------->| | | +------------------------+ | |-| Long-term server key: | | | | sk2, pk2 | | | | ss = KeyEx(pk1, sk2) | | | +------------------------+ | | | pk2| |<----------| +-------------------------+ | | | ss = KeyEx(pk2, sk1) | | | | encryptContent(ss) |-| | +-------------------------+ | | | encrypted | | content | |---------->| | | +------------------------+ | | | decryptContent(ss) | | | +------------------------+ ]]></artwork> </artset> </figure><t>What's important<!-- [rfced] Figure 4 is not referred tonote aboutin the text. May we update this sentence as shown below? Original: However, a DH key exchange can be an AKE and a NIKE at the same time if the receiver's public key is known to the sender in advance, and many Internet protocols rely on this property of DH- based key exchanges. Perhaps: However, a DH key exchange can be an AKE and a NIKE at the same time if the receiver's public key is known to the sender in advance (see Figure 4), and many Internet protocols rely on this property of DH- based key exchanges. --> <t>In the sample flowaboveabove, it is important to note that the shared secret <tt>ss</tt> is derived using key material from both theClientclient and theServer,server, which classifies it as an AKE. There is another property of a key exchange, called Non-Interactive Key Exchange(NIKE) which(NIKE), that refers to whether the sender can compute the shared secret <tt>ss</tt> and encrypt content without requiring active interaction (an exchange of network messages) with the recipient. <xref target="tab-dh-ake"/> shows aDiffie-HellmanDH keyexchangeexchange, which is anAKE,AKE since both parties are using long-term keyswhichthat can have established trust (for example, via certificates), but it is not aNIKE,NIKE since the client needs to wait for the network interaction to receive the receiver's public key <tt>pk2</tt> before it can compute the shared secret <tt>ss</tt> and begin content encryption. However, a DH key exchange can be an AKE and a NIKE at the same time if the receiver's public key is known to the sender in advance, and many Internet protocols rely on this property of DH-based key exchanges.</t> <figure anchor="tab-dh-ake-nike"><name>Diffie-Hellman based<name>DH-Based AKE and NIKEsimultaneously</name>Simultaneously</name> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="400" width="536" viewBox="0 0 536 400" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,80 L 8,192" fill="none" stroke="black"/> <path d="M 136,160 L 136,168" fill="none" stroke="black"/> <path d="M 168,32 L 168,64" fill="none" stroke="black"/> <path d="M 200,80 L 200,192" fill="none" stroke="black"/> <path d="M 216,72 L 216,368" fill="none" stroke="black"/> <path d="M 248,32 L 248,64" fill="none" stroke="black"/> <path d="M 264,32 L 264,64" fill="none" stroke="black"/> <path d="M 312,72 L 312,368" fill="none" stroke="black"/> <path d="M 328,288 L 328,368" fill="none" stroke="black"/> <path d="M 344,32 L 344,64" fill="none" stroke="black"/> <path d="M 456,336 L 456,344" fill="none" stroke="black"/> <path d="M 528,288 L 528,368" fill="none" stroke="black"/> <path d="M 168,32 L 248,32" fill="none" stroke="black"/> <path d="M 264,32 L 344,32" fill="none" stroke="black"/> <path d="M 168,64 L 248,64" fill="none" stroke="black"/> <path d="M 264,64 L 344,64" fill="none" stroke="black"/> <path d="M 8,80 L 200,80" fill="none" stroke="black"/> <path d="M 8,192 L 200,192" fill="none" stroke="black"/> <path d="M 224,272 L 304,272" fill="none" stroke="black"/> <path d="M 328,288 L 528,288" fill="none" stroke="black"/> <path d="M 328,368 L 528,368" fill="none" stroke="black"/> <polygon class="arrowhead" points="312,272 300,266.4 300,277.6" fill="black" transform="rotate(0,304,272)"/> <g class="text"> <text x="204" y="52">Client</text> <text x="300" y="52">Server</text> <text x="56" y="100">Long-term</text> <text x="124" y="100">client</text> <text x="172" y="100">key:</text> <text x="100" y="116">sk1,</text> <text x="136" y="116">pk1</text> <text x="208" y="116">-</text> <text x="56" y="132">Long-term</text> <text x="124" y="132">server</text> <text x="172" y="132">key:</text> <text x="96" y="148">pk2</text> <text x="28" y="164">ss</text> <text x="48" y="164">=</text> <text x="96" y="164">KeyEx(pk2</text> <text x="164" y="164">sk1)</text> <text x="92" y="180">encryptContent(ss)</text> <text x="208" y="180">-</text> <text x="244" y="228">pk1,</text> <text x="264" y="244">encrypted</text> <text x="272" y="260">content</text> <text x="320" y="308">-</text> <text x="376" y="308">Long-term</text> <text x="444" y="308">server</text> <text x="492" y="308">key:</text> <text x="420" y="324">sk2,</text> <text x="456" y="324">pk2</text> <text x="348" y="340">ss</text> <text x="368" y="340">=</text> <text x="416" y="340">KeyEx(pk1</text> <text x="484" y="340">sk2)</text> <text x="412" y="356">decryptContent(ss)</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ +---------+ +---------+ | Client | | Server | +---------+ +---------+ +-----------------------+ | | | Long-term client key: | | | | sk1, pk1 |-| | | Long-term server key: | | | | pk2 | | | | ss = KeyEx(pk2, sk1) | | | | encryptContent(ss) |-| | +-----------------------+ | | | | | pk1, | | encrypted | | content | |---------->| | | +------------------------+ | |-| Long-term server key: | | | | sk2, pk2 | | | | ss = KeyEx(pk1, sk2) | | | | decryptContent(ss) | | | +------------------------+ ]]></artwork> </artset> </figure> <t>The complication with KEMs is that a KEM <tt>Encaps()</tt> is non-deterministic; it involves randomness chosen by the sender of that message. Therefore, in order to perform an AKE, the client must wait for the server to generate the needed randomness and perform <tt>Encaps()</tt> against the client key, which necessarily requires a network round-trip. Therefore, a KEM-based protocol can either be an AKE or a NIKE, but it cannot be both at the same time. Consequently, certain Internet protocols will necessitate a redesign to accommodate this distinction, either by introducing extra networkround-tripsround trips or by making trade-offs in security properties.</t> <!-- [rfced] In Figure 5, please review the second box on the left side of the diagram. There seems to be an extra "-|", and the box is not closed. Would you like to make any updates here? Please check out the suggested update in these test files and let us know your thoughts: https://www.rfc-editor.org/authors/rfc9958-TEST.md https://www.rfc-editor.org/authors/rfc9958-TEST.txt https://www.rfc-editor.org/authors/rfc9958-TEST.html --> <figure anchor="tab-kem-ake"><name>KEM based<name>KEM-Based AKE</name> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="480" width="560" viewBox="0 0 560 480" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,80 L 8,112" fill="none" stroke="black"/> <path d="M 8,288 L 8,352" fill="none" stroke="black"/> <path d="M 184,32 L 184,64" fill="none" stroke="black"/> <path d="M 208,80 L 208,112" fill="none" stroke="black"/> <path d="M 208,336 L 208,352" fill="none" stroke="black"/> <path d="M 224,72 L 224,464" fill="none" stroke="black"/> <path d="M 264,32 L 264,64" fill="none" stroke="black"/> <path d="M 280,32 L 280,64" fill="none" stroke="black"/> <path d="M 320,72 L 320,464" fill="none" stroke="black"/> <path d="M 336,176 L 336,224" fill="none" stroke="black"/> <path d="M 336,416 L 336,464" fill="none" stroke="black"/> <path d="M 360,32 L 360,64" fill="none" stroke="black"/> <path d="M 552,176 L 552,224" fill="none" stroke="black"/> <path d="M 552,416 L 552,464" fill="none" stroke="black"/> <path d="M 184,32 L 264,32" fill="none" stroke="black"/> <path d="M 280,32 L 360,32" fill="none" stroke="black"/> <path d="M 184,64 L 264,64" fill="none" stroke="black"/> <path d="M 280,64 L 360,64" fill="none" stroke="black"/> <path d="M 8,80 L 208,80" fill="none" stroke="black"/> <path d="M 8,112 L 208,112" fill="none" stroke="black"/> <path d="M 232,160 L 312,160" fill="none" stroke="black"/> <path d="M 336,176 L 552,176" fill="none" stroke="black"/> <path d="M 336,224 L 552,224" fill="none" stroke="black"/> <path d="M 232,272 L 312,272" fill="none" stroke="black"/> <path d="M 8,288 L 200,288" fill="none" stroke="black"/> <path d="M 8,352 L 208,352" fill="none" stroke="black"/> <path d="M 232,400 L 312,400" fill="none" stroke="black"/> <path d="M 336,416 L 552,416" fill="none" stroke="black"/> <path d="M 336,464 L 552,464" fill="none" stroke="black"/> <polygon class="arrowhead" points="320,400 308,394.4 308,405.6" fill="black" transform="rotate(0,312,400)"/> <polygon class="arrowhead" points="320,160 308,154.4 308,165.6" fill="black" transform="rotate(0,312,160)"/> <polygon class="arrowhead" points="240,272 228,266.4 228,277.6" fill="black" transform="rotate(180,232,272)"/> <g class="text"> <text x="220" y="52">Client</text> <text x="316" y="52">Server</text> <text x="36" y="100">pk1,</text> <text x="72" y="100">sk1</text> <text x="96" y="100">=</text> <text x="152" y="100">kemKeyGen()</text> <text x="216" y="100">-</text> <text x="240" y="148">pk1</text> <text x="328" y="196">-</text> <text x="364" y="196">ss1,</text> <text x="400" y="196">ct1</text> <text x="424" y="196">=</text> <text x="492" y="196">kemEncaps(pk1)</text> <text x="364" y="212">pk2,</text> <text x="400" y="212">sk2</text> <text x="424" y="212">=</text> <text x="480" y="212">kemKeyGen()</text> <text x="288" y="260">ct1,pk2</text> <text x="32" y="308">ss1</text> <text x="56" y="308">=</text> <text x="124" y="308">kemDecaps(ct1,</text> <text x="204" y="308">sk1)</text> <text x="236" y="308">-|</text> <text x="36" y="324">ss2,</text> <text x="72" y="324">ct2</text> <text x="96" y="324">=</text> <text x="164" y="324">kemEncaps(pk2)</text> <text x="28" y="340">ss</text> <text x="48" y="340">=</text> <text x="112" y="340">Combiner(ss1,</text> <text x="188" y="340">ss2)</text> <text x="240" y="388">ct2</text> <text x="328" y="436">-</text> <text x="360" y="436">ss2</text> <text x="384" y="436">=</text> <text x="452" y="436">kemDecaps(ct2,</text> <text x="532" y="436">sk2)</text> <text x="356" y="452">ss</text> <text x="376" y="452">=</text> <text x="440" y="452">Combiner(ss1,</text> <text x="516" y="452">ss2)</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ +---------+ +---------+ | Client | | Server | +---------+ +---------+ +------------------------+ | | | pk1, sk1 = kemKeyGen() |-| | +------------------------+ | | | | |pk1 | |---------->| | | +--------------------------+ | |-| ss1, ct1 = kemEncaps(pk1)| | | | pk2, sk2 = kemKeyGen() | | | +--------------------------+ | | | ct1,pk2| |<----------| +------------------------+ | | | ss1 = kemDecaps(ct1, sk1)|-| | | ss2, ct2 = kemEncaps(pk2)| | | ss = Combiner(ss1, ss2)| | | +------------------------+ | | | | |ct2 | |---------->| | | +--------------------------+ | |-| ss2 = kemDecaps(ct2, sk2)| | | | ss = Combiner(ss1, ss2) | | | +--------------------------+ ]]></artwork> </artset> </figure><t>Here,<t>In the figure above, <tt>Combiner(ss1, ss2)</tt>, often referred to as a KEMCombiner,combiner, is a cryptographic construction that takes in two shared secrets and returns a single combined shared secret. The simplest combiner is concatenation <tt>ss1 || ss2</tt>, but combiners can vary in complexity depending on the cryptographic properties required. For example, if the combination should preserve IND-CCA2 (see <xreftarget="INDCCA2"/>target="INDCCA2"/>) of eitherinputinput, even if the other is chosen maliciously, then a more complex construct is required. Another consideration for combiner design is the so-called "binding properties" introduced in <xref target="KEEPINGUP"/>, which may require the ciphertexts and recipient public keys to be included in the combiner. KEM combiner security analysis becomes more complicated in hybrid settings where the two KEMs represent different algorithms, for example, where one is ML-KEM and the other is ECDH. For a more thorough discussion of KEM combiners, see <xref target="KEEPINGUP"/>, <xreftarget="I-D.draft-ounsworth-cfrg-kem-combiners"/>,target="I-D.ounsworth-cfrg-kem-combiners"/>, and <xref target="I-D.irtf-cfrg-hybrid-kems"/>.</t> </section> <section anchor="security-properties-of-kems"> <name>Security Properties of KEMs</name> <t>The security properties described in this section (IND-CCA2 and binding) are not an exhaustive list of all possible KEM security considerations. They were selected because they are fundamental to evaluating KEM suitability in protocol design and are commonly discussed in current PQC work.</t> <section anchor="INDCCA2"> <name>IND-CCA2</name> <t>IND-CCA2 (INDistinguishability under adaptive Chosen-Ciphertext Attack) is an advanced security notion for encryption schemes. It ensures the confidentiality of the plaintext and resistance against chosen-ciphertext attacks. An appropriate definition of IND-CCA2 security for KEMs can be found in <xref target="CS01"/> and <xref target="BHK09"/>. ML-KEM <xref target="ML-KEM"/> and Classic McEliece provide IND-CCA2 security.</t> <t>Understanding IND-CCA2 security is essential for individuals involved in designing or implementing cryptographic systems and protocols in order to evaluate the strength of the algorithm, assess its suitability for specific use cases, and ensure that data confidentiality and security requirements are met. Understanding IND-CCA2 security is generally not necessary for developers migrating to using an IETF-vetted key establishment method (KEM) within a given protocol or flow. IND-CCA2 is a widely accepted security notion for public key encryption mechanisms, making it suitable for a broad range of applications. When an IETF specification defines a new KEM, its security considerations should fully describe the relevant cryptographic properties, including IND-CCA2.</t> </section> <section anchor="binding"> <name>Binding</name> <t>KEMs also have an orthogonal set of properties to consider when designing protocols around them: binding <xref target="KEEPINGUP"/>. This can be "ciphertext binding", "public key binding", "context binding", or any other property that is important to not be substituted between KEM invocations. In general, a KEM is considered to bind a certain value if substitution of that value by an attacker will necessarily result in a different shared secret being derived. As an example, if an attacker can construct two different ciphertextswhichthat will decapsulate to the same sharedsecret; orsecret, can construct a ciphertextwhichthat will decapsulate to the same shared secret under two different public keys, or can substitute whole KEM exchanges from one session into another, then the construction is not ciphertext binding, public key binding, or contextbindingbinding, respectively. Similarly, protocol designers may wish to bind protocol state information such as a transaction ID or nonce so that attempts to replay ciphertexts from one session inside a different session will be blocked at the cryptographic level because the server derives a different shared secret and is thus is unable to decrypt the content.</t> <!-- [rfced] Will readers understand what "it" in the phrase "pass it through" refers to here? Does "it" refer to "KEMs", "secrets", or something else? Original: Even though modern KEMs such as ML-KEM produce full- entropy shared secrets, it is still advisable for binding reasons to pass it through a key derivation function (KDF) and also include all values that you wish to bind; then finally you will have a shared secret that is safe to use at the protocol level. --> <t>The solution to binding is generally achieved at the protocol design level: It is recommended to avoid using the KEM output shared secret directly without integrating it into an appropriate protocol. While KEM algorithms provide key secrecy, they do not inherently ensure source authenticity, protect against replay attacks, or guarantee freshness. These security properties should be addressed by incorporating the KEM into a protocol that has been analyzed for such protections. Even though modern KEMs such as ML-KEM produce full-entropy shared secrets, it is still advisable for binding reasons to pass it through a key derivation function (KDF) and also include all values that you wish to bind;then finallythen, you will have a shared secret that is safe to use at the protocol level.</t> </section> </section> <section anchor="hpke"> <name>HPKE</name> <t>Modern cryptography has long used the notion of "hybrid encryption" where an asymmetric algorithm is used to establish akey,key and then a symmetric algorithm is used for bulk content encryption. The previous sections explained important security properties of KEMs, such as IND-CCA2 security and binding, and emphasized that these properties must be supported by proper protocol design. One widely deployed scheme that achieves this isHPKE (HybridHybrid Public KeyEncryption)Encryption (HPKE) <xref target="RFC9180"/>.</t> <t>HPKE(hybrid public key encryption)<xref target="RFC9180"/> works with a combination of KEMs,KDFsKDFs, andAEAD (authenticated encryptionAuthenticated Encryption withadditional data)Associated Data (AEAD) schemes. HPKE includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of akey encapsulation mechanism (KEM)KEM private key. HPKE can be extended to support hybrid post-quantum KEM <xref target="I-D.ietf-hpke-pq"/>. ML-KEM does not support the static-ephemeral key exchange that allows HPKE that is based onDH basedDH-based KEMs and its optional authenticated modes as discussed insection 1.5 of<xreftarget="I-D.draft-connolly-cfrg-xwing-kem"/>.</t>section="1.5" sectionFormat="of" target="I-D.connolly-cfrg-xwing-kem"/>.</t> </section> </section> <section anchor="pqc-signatures-1"> <name>PQC Signatures</name> <t>Any digital signature scheme that provides a construction defining security under a post-quantum setting falls under this category of PQC signatures.</t> <section anchor="security-properties-of-pqc-signatures"> <name>Security Properties of PQC Signatures</name> <section anchor="euf-cma-and-suf-cma"> <name>EUF-CMA and SUF-CMA</name> <t>EUF-CMA (existential unforgeability under chosen message attack) <xref target="GMR88"/> is a security notion for digital signature schemes. It guarantees that an adversary, even with access to a signing oracle, cannot forge a valid signature for an arbitrary message. EUF-CMA provides strong protection against forgery attacks, ensuring the integrity and authenticity of digital signatures by preventing unauthorized modifications or fraudulent signatures. ML-DSA, FN-DSA, and SLH-DSA provide EUF-CMA security.</t> <t>SUF-CMA (strong unforgeability under chosen message attack) builds upon EUF-CMA by requiring that an adversary cannot produce a different valid signature for a message that has already been signed by the signing oracle. Like EUF-CMA, SUF-CMA provides robust assurances for digital signature schemes, further enhancing their security posture. ML-DSA, FN-DSA, and SLH-DSA also achieve SUF-CMA security.</t> <t>Understanding EUF-CMA and SUF-CMA security is essential for designing or implementing cryptographic systems in order to ensure the security, reliability, and robustness of digital signature schemes. These notions allow for informeddecision-making,decision making, vulnerability analysis, compliance with standards, and designing systems that provide strong protection against forgery attacks. For developers migrating tousingan IETF-vetted PQC signature scheme within a given protocol or flow, a deep understanding of EUF-CMA and SUF-CMA security may not be necessary, as the schemes vetted by IETF adhere to these stringent security standards.</t> <t>EUF-CMA and SUF-CMA are considered strong security benchmarks for public key signature algorithms, making them suitable for most applications. Authors of IETFspecification authorsspecifications should include all security concerns in the "Security Considerations" section of the relevant RFC and should not assume that implementers are experts in cryptographic theory.</t> </section> </section> <section anchor="sig-scheme"> <name>Details of FN-DSA, ML-DSA, and SLH-DSA</name> <t>ML-DSA <xref target="ML-DSA"/> is a digital signature algorithm based on the hardness of lattice problems over module lattices (i.e., the Module Learning with Errorsproblem (MLWE)).(MLWE) problem). The design of the algorithm is based on the "Fiat-Shamir with Aborts" <xref target="Lyu09"/> framework introduced byLyubashevsky,Lyubashevsky that leverages rejection sampling to render lattice-based Fiat-Shamir (FS) schemes compact and secure. ML-DSA usesuniformly-distributeduniformly distributed random number sampling over small integers to compute coefficients in error vectors, which makes the scheme easier to implement comparedwithto FN-DSA <xreftarget="FN-DSA"/>target="FN-DSA"/>, which uses Gaussian-distributed numbers, necessitating the need to usefloating pointfloating-point arithmetic during signature generation.</t> <t>ML-DSA offers both deterministic and randomized signing and is instantiated with3three parameter sets providing different security levels. Security properties of ML-DSA are discussed inSection 9 of<xreftarget="I-D.ietf-lamps-dilithium-certificates"/>.</t>section="9" sectionFormat="of" target="RFC9881"/>.</t> <t>FN-DSA <xref target="FN-DSA"/> is based on the GPV hash-and-sign lattice-based signature framework introduced by Gentry, Peikert, and Vaikuntanathan, which is a framework that requires a certain class of lattices and a trapdoor sampler technique.</t> <t>The main design principle of FN-DSA is compactness, i.e., it was designed in a way that achieves minimal total memory bandwidth requirement (the sum of the signature size plus the public key size). This is possible due to the compactness of NTRU lattices. FN-DSA also offers very efficient signing and verification procedures. The main potential downsides of FN-DSA refer to the non-triviality of its algorithms and the need forfloating pointfloating-point arithmetic support in order to support Gaussian-distributed random number sampling where the other lattice schemes use the less efficient but easier to supportuniformly-distributeduniformly distributed random number sampling.</t> <!-- [rfced] Will readers know what "NIST's report" is here? Would a citation be helpful? If so, please provide the appropriate reference entry. Original: This requirement is extremely platform-dependent, as noted in NIST's report. --> <t>Implementers of FN-DSA need to be aware that FN-DSA signing is highly susceptible to side-channelattacks,attacks unless constant-time 64-bit floating-point operations are used. This requirement is extremely platform-dependent, as noted in NIST's report.</t> <t>The performance characteristics of ML-DSA and FN-DSA may differ based on the specific implementation and hardware platform. Generally, ML-DSA is known for its relatively fast signature generation, while FN-DSA can provide more efficient signature verification. The choice may depend on whether the application requires more frequent signature generation or signature verification(See(see <xref target="LIBOQS"/>). For further clarity on the sizes and security levels, please refer to the tables in Sections <xreftarget="RecSecurity"/>target="RecSecurity" format="counter"/> and <xreftarget="Comparisons"/>.</t>target="Comparisons" format="counter"/>.</t> <t>SLH-DSA <xref target="SLH-DSA"/> utilizes the concept of stateless hash-based signatures, where each signature is unique and unrelated to any previous signature (as discussed in <xref target="hash-based"/>). This property eliminates the need for maintaining state information during the signing process. SLH-DSA was designed to sign up to 2^64 messages under a given key pair, and it offers three security levels. The parameters for each of the security levels were chosen to provide 128 bits of security, 192 bits of security, and 256 bits of security. SLH-DSA offers smaller public key sizes, larger signature sizes, slower signature generation, and slower verification when compared to ML-DSA and FN-DSA. SLH-DSA does not introduce a new hardness assumption beyond those inherent to the underlying hash functions. It builds upon established foundations in cryptography, making it a reliable and robust digital signature scheme for a post-quantum world.</t> <t>All of thesealgorithms, ML-DSA,algorithms (ML-DSA, FN-DSA, andSLH-DSASLH-DSA) include two signature modes: pure mode, where the entire content is signed directly, and pre-hash mode, where a digest of the content is signed.</t> </section> <section anchor="details-of-xmss-and-lms"> <name>Details of XMSS and LMS</name> <t>The eXtended Merkle Signature Scheme (XMSS) <xref target="RFC8391"/> and Hierarchical Signature Scheme (HSS) / Leighton-Micali Signature (LMS) <xref target="RFC8554"/> are stateful hash-based signature schemes, where the secret key state changes over time. In both schemes, reusing a secret key state compromises cryptographic security guarantees.</t> <t>XMSS and LMS can be used for signing a potentially large but fixed number ofmessagesmessages, and the number of signing operations depends upon the size of the tree. XMSS and LMS provide cryptographic digital signatures without relying on the conjectured hardness of mathematical problems, instead leveraging the properties of cryptographic hash functions. Multi-tree XMSS and LMS (i.e., XMSS-MT and HSS, respectively) use ahyper-tree basedhyper-tree-based hierarchical approach with a Merkle tree at each level of the hierarchy. <xref target="RFC8391"/> describes both single-tree and multi-tree variants of XMSS, while <xref target="RFC8554"/> describes the Leighton-Micali One-Time Signature (LM-OTS) system as well as the LMS and HSS N-time signature systems. Comparison of XMSS and LMS is discussed inSection 10 of<xref section="10" sectionFormat="of" target="RFC8554"/>.</t> <t>The number of tree layers in multi-tree XMSS and HSS provides a trade-off between signature size on the one side and key generation and signing speed on the other side. Increasing the number of layers reduces key generation time exponentially and signing time linearly at the cost of increasing the signature size linearly. HSS allows for customization of eachsubtreesubtree, whereas XMSS-MT does not, electing instead to use the same structure for each subtree.</t> <t>Due to the complexities described above,theXMSS and LMS are notasuitablereplacementreplacements for traditional signature schemes like RSA or ECDSA. Applications that expect a long lifetime of a signature, like firmware update or secure boot, are typical use cases where those schemes can be successfully applied.</t> <section anchor="lms-key-and-signature-sizes"> <name>LMS Key and Signature Sizes</name> <t>The LMS scheme is characterized by four distinct parameter sets: the underlying hash function (SHA2-256 or SHAKE-256), the length of the digest (24 or 32 bytes), the LMS tree height parameter that controls a maximal number of signatures that the private key can produce, and the width of the Winternitz coefficients (see <xreftarget="RFC8554"/>, section 4.1)section="4.1" sectionFormat="comma" target="RFC8554"/>) that can be used to trade-off signing time for signature size. Parameters can be mixed, providing 80 possible parameterizations of the scheme.</t> <t>The public (PK) and private (SK) key size depends on the length of the digest (M). The signature size depends on the digest, the Winternitz parameter (W), the LMS tree height (H), and the length of the digest. The table below provides key and signature sizes for parameterization with the digest size M=32 of the scheme.</t> <table> <thead> <tr> <th align="left">PK</th> <th align="left">SK</th> <th align="left">W</th> <th align="left">H=5</th> <th align="left">H=10</th> <th align="left">H=15</th> <th align="left">H=20</th> <th align="left">H=25</th> </tr> </thead> <tbody> <tr> <td align="left">56</td> <td align="left">52</td> <td align="left">1</td> <td align="left">8684</td> <td align="left">8844</td> <td align="left">9004</td> <td align="left">9164</td> <td align="left">9324</td> </tr> <tr> <td align="left">56</td> <td align="left">52</td> <td align="left">2</td> <td align="left">4460</td> <td align="left">4620</td> <td align="left">4780</td> <td align="left">4940</td> <td align="left">5100</td> </tr> <tr> <td align="left">56</td> <td align="left">52</td> <td align="left">4</td> <td align="left">2348</td> <td align="left">2508</td> <td align="left">2668</td> <td align="left">2828</td> <td align="left">2988</td> </tr> <tr> <td align="left">56</td> <td align="left">52</td> <td align="left">8</td> <td align="left">1292</td> <td align="left">1452</td> <td align="left">1612</td> <td align="left">1772</td> <td align="left">1932</td> </tr> </tbody> </table> </section> </section> <section anchor="hash-then-sign"> <name>Hash-then-Sign</name> <t>Within the hash-then-sign paradigm, the message is hashed before signing it. By pre-hashing, the onus of resistance to existential forgeries becomes heavily reliant on the collision-resistance of the hash function in use. The hash-then-sign paradigm has the ability to improve application performance by reducing the size of signed messages that need to be transmitted between application and cryptographicmodule,module and making the signature size predictable and manageable. As a corollary, hashing remains mandatory even for short messages and assigns a further computational requirement onto the verifier. This makes the performance of hash-then-sign schemes more consistent, but not necessarily more efficient.</t> <t>Using a hash function to produce a fixed-size digest of a message ensures that the signature is compatible with a wide range of systems and protocols, regardless of the specific message size or format. Crucially for hardware security modules, Hash-then-Sign also significantly reduces the amount of data that needs to be transmitted and processed by a Hardware Security Module (HSM). Consider scenarios such as a networked HSM located in a different data center from the calling application or a smart card connected over a USB interface. In these cases, streaming a message that is megabytes or gigabytes long can result in notable network latency, on-device signing delays, or even depletion of available on-device memory.</t> <t>Note that the vast majority of Internet protocols that sign large messages already perform some form of content hashing at the protocol level, so this tends to be more of a concern with proprietary cryptographicprotocols,protocols and protocols from non-IETF standards bodies. Protocols like TLS 1.3 and DNSSEC use the Hash-then-Sign paradigm. In TLS 1.3 <xref target="RFC8446"/> CertificateVerify messages, the content that is covered under the signature includes the transcript hash output(Section 4.4.1 of <xref target="RFC8446"/>),(<xref section="4.4.1" sectionFormat="of" target="RFC8446"/>) while DNSSEC <xref target="RFC4034"/> uses it to provide origin authentication and integrity assurance services for DNS data. Similarly, the Cryptographic Message Syntax (CMS) <xref target="RFC5652"/> includes a mandatory message digest step before invoking the signature algorithm.</t> <t>In the case of ML-DSA, it internally incorporates the necessary hash operations as part of its signing algorithm. ML-DSA directly takes the original message, applies a hash function internally, and then uses the resulting hash value for the signature generation process. In the case of SLH-DSA, it internally performs randomized message compression using a keyed hash function that can process arbitrary length messages. In the case of FN-DSA, the SHAKE-256 hash function is used as part of the signature process to derive a digest of the message being signed.</t> <t>Therefore, ML-DSA, FN-DSA, and SLH-DSA offer enhanced security over the traditional Hash-then-Sign paradigmbecausebecause, by incorporating dynamic key material into the message digest, a pre-computed hash collision on the message to be signed no longer yields a signature forgery. Applications requiring the performance and bandwidth benefits of Hash-then-Sign may still pre-hash at the protocol level prior to invoking ML-DSA, FN-DSA, or SLH-DSA, but protocol designers should be aware that doing sore-introducesreintroduces the weakness that hash collisions directly yield signature forgeries. Signing the full un-digested message is recommended where applications can tolerate it.</t> </section> </section> <section anchor="RecSecurity"> <name>NIST Recommendations for Security/and PerformanceTradeoffs</name>Trade-offs</name> <t>This information is are-printreprint of information provided in the NIST PQC project <xref target="NIST"/> as of the time this document is published.The Table 2<xref target="security-levels-table"/> denotes the five security levels provided by NIST for PQC algorithms. Neither NIST nor the IETFmakemakes any specific recommendations about which security level to use. In general, protocols will include algorithm choices at multiple levels so that users can choose the level appropriate to their policies and data classification, similar to how organizations today choose which size of RSA key to use. The security levels are defined as requiring computational resources comparable to or greater than an attack on AES (128,192192, and 256) and SHA2/SHA3 algorithms, i.e., exhaustive key recovery for AES and optimal collision search for SHA2/SHA3.</t><table><table anchor="security-levels-table"> <thead> <tr> <th align="left">PQ Security Level</th> <th align="left">AES/SHA(2/3) hardness</th> <th align="left">PQC Algorithm</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">AES-128 (exhaustive key recovery)</td> <td align="left">ML-KEM-512, FN-DSA-512, SLH-DSA-SHA2/SHAKE-128f/s</td> </tr> <tr> <td align="left">2</td> <td align="left">SHA-256/SHA3-256 (collision search)</td> <td align="left">ML-DSA-44</td> </tr> <tr> <td align="left">3</td> <td align="left">AES-192 (exhaustive key recovery)</td> <td align="left">ML-KEM-768, ML-DSA-65, SLH-DSA-SHA2/SHAKE-192f/s</td> </tr> <tr> <td align="left">4</td> <td align="left">SHA-384/SHA3-384 (collision search)</td> <td align="left">No algorithm tested at this level</td> </tr> <tr> <td align="left">5</td> <td align="left">AES-256 (exhaustive key recovery)</td> <td align="left">ML-KEM-1024, FN-DSA-1024, ML-DSA-87, SLH-DSA-SHA2/SHAKE-256f/s</td> </tr> </tbody> </table> <t>The SLH-DSA-x-yf/s "f/s" in the above table denotes whether SLH-DSA is using SHAKE or SHA-2 as an underlying hash function "x" and whether it is the fast (f) or small (s) version for "y" bit AES security level. Refer to <xreftarget="I-D.ietf-lamps-cms-sphincs-plus"/>target="RFC9814"/> for further details on SLH-DSA algorithms.</t> <t>The following table compares the signature sizes for different SLH-DSA algorithm categories at equivalent securitylevels,levels using the "simple" version. The categories include"(f)""f" for fast signaturegeneration,generation and"(s)""s" for smaller signature size and faster verification, although with slower signature generation. Both SHA-256 and SHAKE-256 parameterizations produce the same signature sizes and are therefore included together in the table.</t> <table> <thead> <tr> <th align="left">PQ Security Level</th> <th align="left">Algorithm</th> <th align="left">Public key size (in bytes)</th> <th align="left">Private key size (in bytes)</th> <th align="left">Signature size (in bytes)</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-128f</td> <td align="left">32</td> <td align="left">64</td> <td align="left">17088</td> </tr> <tr> <td align="left">1</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-128s</td> <td align="left">32</td> <td align="left">64</td> <td align="left">7856</td> </tr> <tr> <td align="left">3</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-192f</td> <td align="left">48</td> <td align="left">96</td> <td align="left">35664</td> </tr> <tr> <td align="left">3</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-192s</td> <td align="left">48</td> <td align="left">96</td> <td align="left">16224</td> </tr> <tr> <td align="left">5</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-256f</td> <td align="left">64</td> <td align="left">128</td> <td align="left">49856</td> </tr> <tr> <td align="left">5</td> <td align="left">SLH-DSA-{SHA2,SHAKE}-256s</td> <td align="left">64</td> <td align="left">128</td> <td align="left">29792</td> </tr> </tbody> </table> <t>The following table illustrates the impact of performance on different security levels in terms of private key sizes, public key sizes, and ciphertext/signature sizes.</t> <table> <thead> <tr> <th align="left">PQ Security Level</th> <th align="left">Algorithm</th> <th align="left">Public key size (in bytes)</th> <th align="left">Private key size (in bytes)</th> <th align="left">Ciphertext/signature size (in bytes)</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">ML-KEM-512</td> <td align="left">800</td> <td align="left">1632</td> <td align="left">768</td> </tr> <tr> <td align="left">1</td> <td align="left">FN-DSA-512</td> <td align="left">897</td> <td align="left">1281</td> <td align="left">666</td> </tr> <tr> <td align="left">2</td> <td align="left">ML-DSA-44</td> <td align="left">1312</td> <td align="left">2560</td> <td align="left">2420</td> </tr> <tr> <td align="left">3</td> <td align="left">ML-KEM-768</td> <td align="left">1184</td> <td align="left">2400</td> <td align="left">1088</td> </tr> <tr> <td align="left">3</td> <td align="left">ML-DSA-65</td> <td align="left">1952</td> <td align="left">4032</td> <td align="left">3309</td> </tr> <tr> <td align="left">5</td> <td align="left">FN-DSA-1024</td> <td align="left">1793</td> <td align="left">2305</td> <td align="left">1280</td> </tr> <tr> <td align="left">5</td> <td align="left">ML-KEM-1024</td> <td align="left">1568</td> <td align="left">3168</td> <td align="left">1588</td> </tr> <tr> <td align="left">5</td> <td align="left">ML-DSA-87</td> <td align="left">2592</td> <td align="left">4896</td> <td align="left">4627</td> </tr> </tbody> </table> <!-- [rfced] We note that the title of Section 12 contains the only abbreviation of KEX in the document. May we rephrase the section title as follows? Or should "(KEXs)" be left here as is? Original: Comparing PQC KEMs/Signatures vs. Traditional KEMs (KEXs)/Signatures Perhaps: Comparing PQC KEMs/Signatures and Traditional KEMs/Signatures --> </section> <section anchor="Comparisons"> <name>Comparing PQC KEMs/Signaturesvs.and Traditional KEMs (KEXs)/Signatures</name> <t>This section provides two tables for comparison of different KEMs andsignaturessignatures, respectively, in the traditional and post-quantum scenarios. These tables focus on the secret key sizes, public key sizes, and ciphertext/signature sizes for the PQC algorithms and their traditional counterparts of similar security levels.</t> <t>The first table compares traditionalvs.and PQC KEMs in terms of security, public and private key sizes, and ciphertext sizes.</t> <table> <thead> <tr> <th align="left">PQ Security Level</th> <th align="left">Algorithm</th> <th align="left">Public key size (in bytes)</th> <th align="left">Private key size (in bytes)</th> <th align="left">Ciphertext size (in bytes)</th> </tr> </thead> <tbody> <tr> <td align="left">Traditional</td> <td align="left">P256_HKDF_SHA-256</td> <td align="left">65</td> <td align="left">32</td> <td align="left">65</td> </tr> <tr> <td align="left">Traditional</td> <td align="left">P521_HKDF_SHA-512</td> <td align="left">133</td> <td align="left">66</td> <td align="left">133</td> </tr> <tr> <td align="left">Traditional</td> <td align="left">X25519_HKDF_SHA-256</td> <td align="left">32</td> <td align="left">32</td> <td align="left">32</td> </tr> <tr> <td align="left">1</td> <td align="left">ML-KEM-512</td> <td align="left">800</td> <td align="left">1632</td> <td align="left">768</td> </tr> <tr> <td align="left">3</td> <td align="left">ML-KEM-768</td> <td align="left">1184</td> <td align="left">2400</td> <td align="left">1088</td> </tr> <tr> <td align="left">5</td> <td align="left">ML-KEM-1024</td> <td align="left">1568</td> <td align="left">3168</td> <td align="left">1568</td> </tr> </tbody> </table> <t>The next table compares traditionalvs.and PQC signature schemes in terms of security, public, private key sizes, and signature sizes.</t> <table> <thead> <tr> <th align="left">PQ Security Level</th> <th align="left">Algorithm</th> <th align="left">Public key size (in bytes)</th> <th align="left">Private key size (in bytes)</th> <th align="left">Signature size (in bytes)</th> </tr> </thead> <tbody> <tr> <td align="left">Traditional</td> <td align="left">RSA2048</td> <td align="left">256</td> <td align="left">256</td> <td align="left">256</td> </tr> <tr> <td align="left">Traditional</td> <td align="left">ECDSA-P256</td> <td align="left">64</td> <td align="left">32</td> <td align="left">64</td> </tr> <tr> <td align="left">1</td> <td align="left">FN-DSA-512</td> <td align="left">897</td> <td align="left">1281</td> <td align="left">666</td> </tr> <tr> <td align="left">2</td> <td align="left">ML-DSA-44</td> <td align="left">1312</td> <td align="left">2560</td> <td align="left">2420</td> </tr> <tr> <td align="left">3</td> <td align="left">ML-DSA-65</td> <td align="left">1952</td> <td align="left">4032</td> <td align="left">3309</td> </tr> <tr> <td align="left">5</td> <td align="left">FN-DSA-1024</td> <td align="left">1793</td> <td align="left">2305</td> <td align="left">1280</td> </tr> <tr> <td align="left">5</td> <td align="left">ML-DSA-87</td> <td align="left">2592</td> <td align="left">4896</td> <td align="left">4627</td> </tr> </tbody> </table> <t>As is clear from the above table, PQC KEMs and signature schemes typically have significantly larger keys and ciphertexts/signatures than their traditional counterparts. These increased key and signatures sizes could introduce problems in protocols. As an example,IKEv2the Internet Key Exchange Protocol Version 2 (IKEv2) uses UDP as the transport protocol for its messages. One challenge with integrating a PQC KEM into IKEv2 is that IKE fragmentation cannot be utilized in the initial IKE_SA_INIT exchange. To address this issue, <xref target="RFC9242"/> introduces a solution by defining a new exchange called the "IntermediateExchange"Exchange", which can be fragmented using the IKE fragmentation mechanism. <xref target="RFC9370"/> then uses this Intermediate Exchange to carry out the PQC key exchange after the initial IKEv2 exchange and before the IKE_AUTH exchange. Another example from Section 6.3.3 of <xref target="SP-1800-38C"/>section 6.3.3shows that increased key and signature sizes cause protocol key exchange messages to span more network packets,therefore itwhich results in a higher total loss probability per packet. In lossy network conditions, this may increase the latency of the key exchange.</t> </section> <section anchor="PQT"> <name>Post-Quantum and Traditional (PQ/T) Hybrid Schemes</name> <t>The migration to PQC is unique in the history of modern digital cryptography in that neither the traditional algorithms nor the post-quantum algorithms are fully trusted to protect data for the required lifetimes. The traditional algorithms, such as RSA and ECDH, will fall to quantum cryptanalysis, while the post-quantum algorithms face uncertainty about the underlying mathematics, compliance issues, unknown vulnerabilities, and hardware and software implementations that have not had sufficient maturing time to rule out traditional cryptanalytic attacks and implementation bugs.</t> <t>During the transition from traditional to post-quantum algorithms, there may be a desire or a requirement for protocols that use both algorithm types. <xreftarget="I-D.ietf-pquip-pqt-hybrid-terminology"/>target="RFC9794"/> defines the terminology forthe post-quantum and traditional (PQ/T)PQ/T hybrid schemes.</t> <section anchor="pqt-hybrid-confidentiality"> <name>PQ/T Hybrid Confidentiality</name> <t>The PQ/T Hybrid Confidentiality property can be used to mitigate both "harvest now, decrypt now" and HNDL attacks described in <xref target="timeline"/>. If the PQ portion were to have a flaw, the traditional (T) algorithm, which is secure againsttoday’stoday's attackers, prevents immediate decryption ("harvest now, decrypt now"). If the T algorithm is broken in the future by CRQCs, the PQ portion, assuming it remains secure, prevents later decryption("harvest now, decrypt later").(i.e., HNDL). A hybrid construction therefore provides confidentiality as long as at least one component remains secure. Two types of hybrid key agreement schemes are discussed below.</t><ul spacing="normal"> <li> <t>Concatenated<dl> <dt>Concatenated hybrid key agreementscheme: Thescheme:</dt> <dd> <t>The final shared secret that will be used as an input of the key derivation function is the result of the concatenation of the secrets established with each key agreement scheme. For example, in <xref target="I-D.ietf-tls-hybrid-design"/>, the client uses the TLS supported groups extension to advertise support for a PQ/T hybrid scheme, and the server can select this group if it supports the scheme. The hybrid-aware client and server establish a hybrid secret by concatenating the two shared secrets, which is used as the shared secret in the existing TLS 1.3 key schedule.</t></li> <li> <t>Cascaded</dd> <dt>Cascaded hybrid key agreementscheme: Thescheme:</dt> <dd> <t>The final shared secret is computed by applying as many iterations of the key derivation function as the number of key agreement schemes composing the hybrid key agreement scheme. For example, <xref target="RFC9370"/> extendsthe Internet Key Exchange Protocol Version 2 (IKEv2)IKEv2 to allow one or more PQC algorithms in addition to the traditional algorithm to derive the final IKESASecurity Association (SA) keys using the cascade method as explained inSection 2.2.2 of<xref section="2.2.2" sectionFormat="of" target="RFC9370"/>.</t></li> </ul></dd> </dl> <t>Various instantiations of these two types of hybrid key agreement schemes have been explored. One must be careful when selecting which hybrid scheme to use. The chosen scheme for protocols like TLS 1.3 <xref target="I-D.ietf-tls-hybrid-design"/> has IND-CCA2 robustness. That is, IND-CCA2 security is guaranteed for the scheme as long as at least one of the component algorithms is IND-CCA2 secure.</t> </section> <section anchor="pqt-hybrid-authentication"> <name>PQ/T Hybrid Authentication</name> <t>The PQ/T hybrid authentication property provides resilience against catastrophic breaks or unforeseen vulnerabilities in PQC algorithms, allowing systems additional time to stabilize before migrating fully to pure PQ deployments.</t> <t>This property ensures authentication using a PQ/T hybridscheme,scheme as long as at least one component algorithm remains secure. For example, a PQ/T hybrid certificate <xref target="I-D.ietf-lamps-pq-composite-sigs"/> can be employed to facilitate a PQ/T hybrid authentication protocol. However, a PQ/T hybrid authentication protocol does not need to use a PQ/T hybrid certificate; separate certificates could be used for individual component algorithms <xreftarget="I-D.ietf-lamps-cert-binding-for-multi-auth"/>.target="RFC9763"/>. When separate certificates are used, it may be possible for attackers to take them apart or put them together in unexpected ways, including enabling cross-protocol attacks. The exact risks this presents are highly dependent on the protocol and use case, so a full security analysis is needed. Best practices for ensuring that pairs of certificates are only used as intended are discussed in more detail in Sections <xreftarget="COMPOSITE"/>target="COMPOSITE" format="counter"/> and <xreftarget="REUSE"/>target="REUSE" format="counter"/> of this document.</t> <t>The frequency and duration of system upgrades and the time when CRQCs will become widely available need to be weighed to determine whether and when to support the PQ/T Hybrid Authentication property.</t> </section> <section anchor="hybrid-cryptographic-algorithm-combinations-considerations-and-approaches"> <name>Hybrid Cryptographic Algorithm Combinations: Considerations and Approaches</name> <section anchor="hybrid-cryptographic-combinations"> <name>Hybrid Cryptographic Combinations</name> <t>It is also possible to use more than two algorithms together in a hybrid scheme, with various methods for combining them. For post-quantum transition purposes, the combination of a post-quantum algorithm with a traditional algorithm is the most straightforward and recommended. The use of multiple post-quantum algorithms with different mathematical bases has also been considered. Combining algorithms in a way that requires both to be used together ensures stronger security, while combinations that do not require both will sacrifice security but offer other benefits like backwards compatibility and crypto agility. Including a traditional key alongside a post-quantum key often has minimal bandwidth impact.</t> </section> <section anchor="COMPOSITE"> <name>Composite Keys in Hybrid Schemes</name> <t>When combining keys in an "and" mode, it may make more sense to consider them to be a single compositekey,key instead of two keys. This generally requires fewer changes to various components of PKI ecosystems, many of which are not prepared to deal with two keys or dual signatures. To those protocol- or application-layer parsers, a "composite" algorithm composed of two "component" algorithms is simply a new algorithm, and support for adding new algorithms generally already exists. Treating multiple "component" keys as a single "composite" key also has securityadvantagesadvantages, such as preventing cross-protocol reuse of the individual component keys and guarantees about revoking or retiring all component keys together at the same time, especially if the composite is treated as a single object all the way down into the cryptographic module.</t> <t>All that needs to be done is to standardize the formats of how the two keys from the two algorithms are combined into a single datastructure,structure and how the two resulting signatures or KEMs are combined into a single signature or KEM. The answer can be as simple asconcatenation,concatenation if the lengths are fixed or easily determined. At the time this document is published, security research is ongoing as to the security properties of concatenation-based composite signatures and KEMsvs.versus more sophisticated signature and KEMcombiners,combiners andin whichprotocol contexts in which those simpler combiners are sufficient.</t> <t>One last consideration is the specific pairs of algorithms that can be combined. A recent trend in protocols is to only allow a small number of "known good" configurations that make sense, often referred to in cryptography as a "ciphersuite", instead of allowing arbitrary combinations of individual configuration choices that may interact in dangerous ways. The current consensus is that the same approach should be followed for combining cryptographicalgorithms,algorithms and that "known good" pairs should be explicitly listed ("explicitcomposite"),composite") instead of just allowing arbitrary combinations of any two cryptographic algorithms ("generic composite").</t> <t>The same considerations apply when using multiple certificates to transport a pair of related keys for the same subject. Exactly how two certificates should be managed in order to avoid some of the pitfalls mentioned above is still an active area of investigation. Using two certificates keeps the certificate tooling simple and straightforward, but in theendend, simply moves the problems with requiring that bothcertscertificates are intended to be used as a pair, must produce two signatureswhichthat must be carried separately, and both must validate, to the certificate management layer, where addressing these concerns in a robust way can be difficult.</t> <t>At least one scheme has been proposed that allows the pair of certificates to exist as a single certificate when being issued andmanaged,managed but dynamically split into individual certificates when needed(<xref target="I-D.draft-bonnell-lamps-chameleon-certs"/>).</t>(see <xref target="I-D.bonnell-lamps-chameleon-certs"/>).</t> <!-- [rfced] This sentence is difficult to follow, especially the phrase "with requiring...must validate". How may we revise for clarity? Current: Using two certificates keeps the certificate tooling simple and straightforward, but in the end simply moves the problems with requiring that both certs are intended to be used as a pair, must produce two signatures that must be carried separately, and both must validate, to the certificate management layer, where addressing these concerns in a robust way can be difficult. Perhaps: Using two certificates keeps the certificate tooling simple and straightforward, but in the end, this simply moves problems (i.e., problems with the requirement that both certificates be used as a pair, that two signatures that must be carried separately, and that both validate) to the certificate management layer, where addressing these concerns in a robust way can be difficult. --> <!-- [rfced] Will readers understand "hybrids" and "a hybrid" in these sentences? The document discusses "hybrid keys", "hybrid schemes", "hybrid settings", etc. Original: However, key reuse becomes a large security problem within hybrids. ... Therefore, it is recommended that implementers either reuse the entire hybrid key as a whole, or perform fresh key generation of all component keys per usage, and must not take an existing key and reuse it as a component of a hybrid. ... Another potential application of hybrids bears mentioning, even though it is not directly PQC-related. That is using hybrids to navigate inter-jurisdictional cryptographic connections. ... If "and" mode hybrids become standardized for the reasons mentioned above, --> </section> <section anchor="REUSE"> <name>Key Reuse in Hybrid Schemes</name> <t>An important security note, particularly when using hybrid signature keys, but also to a lesser extent hybrid KEM keys, is key reuse. In traditional cryptography, problems can occur with so-called "cross-protocol attacks" when the same key can be used for multiple protocols; forexampleexample, signing TLS handshakes and signing S/MIME emails. While it is notbest-practicebest practice to reuse keys within the same protocol,for examplee.g., using the same key for multiple S/MIME certificates for the same user, it is not generally catastrophic for security. However, key reuse becomes a large security problem within hybrids.</t> <t>Consider an {RSA, ML-DSA} hybrid key where the RSA key also appears within a single-algorithm certificate. In this case, an attacker could perform a "stripping attack" where they take some piece of data signed with the {RSA, ML-DSA} key, remove the ML-DSAsignaturesignature, and present the data as if it was intended for the RSA only certificate. This leads to a set of security definitions called "non-separability properties", which refers to how well the signature scheme resists various complexities ofdowngrade / strippingdowngrade/stripping attacks <xreftarget="I-D.draft-ietf-pquip-hybrid-signature-spectrums"/>.target="I-D.ietf-pquip-hybrid-signature-spectrums"/>. Therefore, it is recommended that implementers either reuse the entire hybrid key as awhole,whole or perform fresh key generation of all component keys per usage, and must not take an existing key and reuse it as a component of a hybrid.</t> </section> <section anchor="future-directions-and-ongoing-research"> <name>Future Directions and Ongoing Research</name> <t>Many aspects of hybrid cryptography are still under investigation. The LAMPSWGWorking Group at IETF is actively exploring the security properties of these combinations, and future standards will reflect the evolving consensus on these issues.</t> </section> </section> </section> <section anchor="impact-on-constrained-devices-and-networks"> <name>Impact on Constrained Devices and Networks</name> <!-- [rfced] Please review the parenthetical here. Is the intent of "(e.g., LAKE, Core)" to be "(e.g., in the LAKE and CoRE Working Groups)"? Original: In the IoT space, these constraints have historically driven significant optimization efforts in the IETF (e.g., LAKE, CoRE) to adapt security protocols to resource-constrained environments. Perhaps: In the IoT space, these constraints have historically driven significant optimization efforts in the IETF (e.g., in the LAKE and CoRE Working Groups) to adapt security protocols to resource-constrained environments. --> <t>PQC algorithms generally have larger keys, ciphertext, and signature sizes than traditional public key algorithms. This has particular impact on constrained devices that operate with limited data rates. In theIoTInternet of Things (IoT) space, these constraints have historically driven significant optimization efforts in the IETF (e.g.,LAKE,LAKE and CoRE) to adapt security protocols to resource-constrained environments.</t> <t>As the transition to PQC progresses, these environments will face similar challenges. Larger message sizes can increase handshake latency, raise energy consumption, and require fragmentation logic. Work is ongoing in the IETF to study how PQC can be deployed in constrained devices (see <xref target="I-D.ietf-pquip-pqc-hsm-constrained"/>).</t> </section> <section anchor="security-considerations"> <name>Security Considerations</name> <section anchor="cryptanalysis"> <name>Cryptanalysis</name> <t>Traditional cryptanalysis exploits weaknesses in algorithm design, mathematical vulnerabilities, or implementationflaws,flaws that are exploitable with classical(i.e.(i.e., non-quantum) hardware, whereas quantum cryptanalysis harnesses the power of CRQCs to solve specific mathematical problems more efficiently.AnotherQuantum side-channel attacks are another form of quantumcryptanalysis is "quantum side-channel" attacks.cryptanalysis. In such attacks, a device under threat is directly connected to a quantum computer, which then injects entangled or superimposed data streams to exploit hardware that lacks protection against quantumside-channels.side channels. Both pose threats to the security of cryptographic algorithms, including those used in PQC.DevelopingIt is crucial to develop andadoptingadopt new cryptographic algorithms resilient against these threatsis crucial for ensuringto ensure long-term security in the face of advancing cryptanalysis techniques.</t> <t>Recent attacks on the side-channel implementations using deeplearning basedlearning-based power analysis have also shown that one needs to be cautious while implementing the required PQC algorithms in hardware. Two of the most recent works include one attack on ML-KEM <xref target="KyberSide"/> and one attack on Saber <xref target="SaberSide"/>. An evolving threat landscape points to the fact thatlattice basedlattice-based cryptography is indeed more vulnerable to side-channel attacks as in <xreftarget="SideCh"/>,target="SideCh"/> and <xref target="LatticeSide"/>. Consequently,there weresome mitigation techniques forside channelside-channel attacksthathave beenproposed as inproposed; see <xref target="Mitigate1"/>, <xref target="Mitigate2"/>, and <xref target="Mitigate3"/>.</t> </section> <section anchor="cryptographic-agility"> <name>Cryptographic Agility</name> <t>Cryptographic agility is recommended for both traditional and quantum cryptanalysis as it enables organizations to adapt to emerging threats, adopt stronger algorithms, comply with standards, and plan for long-term security in the face of evolving cryptanalytic techniques and the advent of CRQCs.</t> <t>Several PQC schemes are available that need to be tested; cryptography experts around the world are pushing for the best possible solutions, and the first standards that will ease the introduction of PQC are being prepared.ItThis is of paramount importance and is a call for imminent action for organizations, bodies, and enterprises to start evaluating their cryptographic agility, assess the complexity of implementing PQC into their products, processes, and systems, and develop a migration plan that achieves their security goals to the best possible extent.</t> <t>An important and often overlooked step in achieving cryptographic agility is maintaining a cryptographic inventory. Modern software stacks incorporate cryptography in numerous places, making it challenging to identify all instances. Therefore, cryptographic agility and inventory management take two majorforms:forms. First, application developers responsible for software maintenance should actively search for instances of hard-coded cryptographic algorithms within applications. When possible, they should design the choice of algorithm to be dynamic, based on application configuration. Second, administrators, policy officers, and compliance teams should take note of any instances where an application exposes cryptographic configurations. These instances should be managedeitherthrough either organization-wide written cryptographic policies or automated cryptographic policy systems.</t> <t>Numerous commercial solutions are available forbothdetecting hard-coded cryptographic algorithms in source code and compiled binaries, as well as providing cryptographic policy management control planes for enterprise and production environments.</t> </section> <section anchor="jurisdictional-fragmentation"> <name>Jurisdictional Fragmentation</name> <t>Another potential application of hybrids bears mentioning, even though it is not directlyPQC-related. That isrelated to PQC: using hybrids to navigate inter-jurisdictional cryptographic connections. Traditional cryptography is already fragmented byjurisdiction: considerjurisdiction. Consider that while most jurisdictions supportElliptic Curve Diffie-Hellman,ECDH, those in the United States will prefer the NIST curves while those in Germany will prefer the Brainpool curves. China, Russia, and other jurisdictions have their own national cryptography standards. This situation of fragmented global cryptography standards is unlikely to improve with PQC. If "and" mode hybrids become standardized for the reasons mentioned above, then one could imagine leveraging them to create"ciphersuites"ciphersuites in which a single cryptographic operation simultaneously satisfies the cryptographic requirements of both endpoints.</t> </section> <sectionanchor="hybrid-key-exchange-and-signatures-bridging-the-gap-between-post-quantum-and-traditional-cryptography">anchor="hybrid-key-exchange-and-signatures-bridging-the-gap-between-pqt-cryptography"> <name>Hybrid Key Exchange and Signatures: Bridging the Gap BetweenPost-Quantum and TraditionalPQ/T Cryptography</name> <t>Post-quantum algorithms selected for standardization are relatively new andtheyhave not been subject to the same depth of study as traditional algorithms. PQC implementations will also be new and therefore more likely to contain implementation bugs than the battle-tested crypto implementations that are relied on today. In addition, certain deployments may need to retain traditional algorithms due to regulatory constraints,for examplee.g., FIPS <xref target="SP-800-56C"/> orPCIPayment Card Industry (PCI) compliance <xref target="PCI"/>. Hybrid key exchange is recommended to enhance security against the"harvest now, decrypt later"HNDL attack. Additionally, hybrid signatures provide for time to react in the case of the announcement of a devastating attack against any one algorithm, while not fully abandoning traditional cryptosystems.</t> <t>Hybrid key exchange performs both a classical and a post-quantum key exchange in parallel. It provides security redundancy against potential weaknesses in PQC algorithms, allows for a gradual transition of trust in PQC algorithms, and, in backward-compatible designs, enables gradual adoption without breaking compatibility with existing systems. For instance, in TLS 1.3, a hybrid key exchange can combine a widely supported classical algorithm, such as X25519, with a post-quantum algorithm like ML-KEM. This allows legacy clients to continue using the classical algorithm while enabling upgraded clients to proceed with hybrid key exchange. In contrast, overhead-spreading hybrid designs focus on reducing the PQ overhead. For example, approaches like those described in <xref target="I-D.hale-mls-combiner"/> amortize PQ costs by selectively applying PQ updates in key exchange processes, allowing systems to balance security and efficiency. This strategy ensures a post-quantum secure channel while keeping the overhead manageable, making it particularly suitable for constrained environments.</t> <t>While some hybrid key exchange options introduce additional computational and bandwidth overhead, the impact of traditional key exchange algorithms (e.g., key size) is typically small, helping to keep the overall increase in resource usage manageable for most systems. In highly constrained environments, however, those hybrid key exchange protocols may be impractical due to their higher resource requirements compared to pure post-quantum or traditional key exchange approaches. However, some hybrid key exchange designs distribute the PQC overhead, making them more suitable for constrained environments. The choice of hybrid key exchange design depends on the specific system requirements and use case, so the appropriate approach may vary.</t> </section> <section anchor="caution-ciphertext-commitment-in-kem-vs-dh"> <name>Caution: CiphertextcommitmentCommitment in KEM vs. DH</name> <t>The ciphertext generated by a KEM is not necessarily directly linked to the shared secret it produces. KEMs allow for multiple ciphertexts to encapsulate the same shared secret, which enables flexibility in key management without enforcing a strict one-to-one correspondence between ciphertexts and shared secrets. This allows for secret reuse across different recipients, sessions, or operational contexts without the need for new secrets for each use, simplifying key distribution and reducing computational overhead. In contrast, cryptographic schemes like Diffie-Hellman inherently link the public key to the derived shared secret, meaning any change in the public key results in a different shared secret.</t> </section> </section> <section anchor="iana-considerations"> <name>IANA Considerations</name> <t>This document has no IANAconsiderations.</t>actions.</t> </section> <sectionanchor="further-reading-resources">anchor="further-reading-and-resources"> <name>Further Reading&and Resources</name> <t>A good book on modern cryptography isSerious"Serious Cryptography, 2ndEdition,Edition" by Jean-PhilippeAumasson, ISBN 9781718503847.</t>Aumasson <xref target="Serious-Crypt"/>.</t> <t>The Open Quantum Safe (OQS) Project <xref target="OQS"/> is an open-source project that aims to support the transition to quantum-resistant cryptography.</t> <t>The IETF's PQUIP Working Group <xref target="PQUIP-WG"/> maintains a list of PQC-related protocol work within the IETF.</t> </section> </middle> <back> <displayreference target="I-D.bonnell-lamps-chameleon-certs" to="ENC-PAIR-CERTS"/> <displayreference target="I-D.connolly-cfrg-xwing-kem" to="X-WING"/> <displayreference target="I-D.hale-mls-combiner" to="PQ-MLS"/> <displayreference target="I-D.ietf-hpke-pq" to="PQ-HPKE"/> <displayreference target="I-D.ietf-lamps-pq-composite-sigs" to="ML-DSA-X.509"/> <displayreference target="I-D.ietf-pquip-hybrid-signature-spectrums" to="HYBRID-SIG-SPECT"/> <displayreference target="I-D.ietf-pquip-pqc-hsm-constrained" to="CONSTRAIN-DEV-PCQ"/> <displayreference target="I-D.ietf-tls-hybrid-design" to="TLS-HYB-KEY-EXCH"/> <displayreference target="I-D.irtf-cfrg-bbs-signatures" to="BBS-SIG-SCHEME"/> <displayreference target="I-D.irtf-cfrg-hybrid-kems" to="PQ-KEM"/> <displayreference target="I-D.ounsworth-cfrg-kem-combiners" to="KEM-COMBINER"/> <references anchor="sec-combined-references"> <name>References</name> <references anchor="sec-normative-references"> <name>Normative References</name> <reference anchor="ML-KEM" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf"> <front><title>FIPS-203: Module-Lattice-based<title>Module-Lattice-Based Key-Encapsulation Mechanism Standard</title> <author><organization/><organization>NIST</organization> </author><date/><date year="2024" month="August"/> </front> <seriesInfo name="NIST FIPS" value="203"/> <seriesInfo name="DOI" value="10.6028/nist.fips.203"/> </reference> <reference anchor="ML-DSA" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf"> <front><title>FIPS-204: Module-Lattice-Based<title>Module-Lattice-Based Digital Signature Standard</title> <author><organization/><organization>NIST</organization> </author><date/><date year="2024" month="August"/> </front> <seriesInfo name="NIST FIPS" value="204"/> <seriesInfo name="DOI" value="10.6028/NIST.FIPS.204"/> </reference> <reference anchor="SLH-DSA" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf"> <front><title>FIPS-205: Stateless<title>Stateless Hash-Based Digital Signature Standard</title> <author><organization/><organization>NIST</organization> </author><date/><date year="2024" month="August"/> </front> <seriesInfo name="NIST FIPS" value="205"/> <seriesInfo name="DOI" value="10.6028/NIST.FIPS.205"/> </reference> <reference anchor="Shors" target="https://arxiv.org/pdf/quant-ph/9508027"> <front><title>Polynomial-time algorithms<title>Polynomial-Time Algorithms forprime factorizationPrime Factorization anddiscrete logarithmsDiscrete Logarithms on aquantum computer</title> <author>Quantum Computer</title> <author initials="P." surname="Shor" fullname="Peter W. Shor"> <organization/> </author><date>n.d.</date><date year="1996" month="January" day="25"/> </front> <refcontent>arXiv:quant-ph/9508027v2</refcontent> </reference> <reference anchor="Grovers" target="https://dl.acm.org/doi/10.1145/237814.237866"> <front> <title>A fast quantum mechanical algorithm for database search</title><author><author fullname="Lok K. Grover"> <organization/> </author><date>n.d.</date><date year="1996" month="July" day="01"/> </front> <seriesInfo name="DOI" value="10.1145/237814.237866"/> <refcontent>STOC '96: Proceedings of the twenty-eighth annual ACM symposium on Theory of Computing, pp. 212-219</refcontent> </reference> <reference anchor="RSA" target="https://dl.acm.org/doi/pdf/10.1145/359340.359342"> <front> <title>A Method for Obtaining Digital Signatures and Public-KeyCryptosystems+</title> <author>Cryptosystems</title> <author fullname="Ronald L. Rivest"> <organization/> </author><date/> </front> </reference> <reference anchor="RFC6090"> <front> <title>Fundamental Elliptic Curve Cryptography Algorithms</title> <author fullname="D. McGrew" initials="D." surname="McGrew"/> <author fullname="K. Igoe" initials="K." surname="Igoe"/> <author fullname="M. Salter" initials="M." surname="Salter"/> <date month="February" year="2011"/> <abstract> <t>This note describes the fundamental algorithms of Elliptic Curve Cryptography (ECC) as they were defined in some seminal references from 1994 and earlier. These descriptions may be useful for implementing the fundamental algorithms without using any of the specialized methods that were developed in following years. Only elliptic curves defined over fields of characteristic greater than three are in scope; these curves are those used in Suite B. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="6090"/> <seriesInfo name="DOI" value="10.17487/RFC6090"/> </reference> <reference anchor="RFC8391"> <front> <title>XMSS: eXtended Merkle Signature Scheme</title><authorfullname="A. Huelsing"initials="A."surname="Huelsing"/> <author fullname="D. Butin" initials="D." surname="Butin"/> <author fullname="S. Gazdag" initials="S." surname="Gazdag"/> <author fullname="J. Rijneveld" initials="J." surname="Rijneveld"/> <author fullname="A. Mohaisen" initials="A." surname="Mohaisen"/> <date month="May" year="2018"/> <abstract> <t>This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system that is based on existing descriptions in scientific literature. This note specifies Winternitz One-Time Signature Plus (WOTS+), a one-time signature scheme; XMSS, a single-tree scheme; and XMSS^MT, a multi-tree variant of XMSS. Both XMSS and XMSS^MT use WOTS+ as a main building block. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, is relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers.</t> </abstract> </front> <seriesInfo name="RFC" value="8391"/> <seriesInfo name="DOI" value="10.17487/RFC8391"/> </reference> <reference anchor="RFC8554"> <front> <title>Leighton-Micali Hash-Based Signatures</title> <author fullname="D. McGrew" initials="D." surname="McGrew"/> <author fullname="M. Curcio" initials="M." surname="Curcio"/> <author fullname="S. Fluhrer" initials="S." surname="Fluhrer"/> <date month="April" year="2019"/> <abstract> <t>This note describes a digital-signature system based on cryptographic hash functions, following the seminal work in this area of Lamport, Diffie, Winternitz, and Merkle, as adapted by Leighton and Micali in 1995. It specifies a one-time signature scheme and a general signature scheme. These systems provide asymmetric authentication without using large integer mathematics and can achieve a high security level. They are suitable for compact implementations, are relatively simple to implement, and are naturally resistant to side-channel attacks. Unlike many other signature systems, hash-based signatures would still be secure even if it proves feasible for an attacker to build a quantum computer.</t> <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. This has been reviewed by many researchers, both in the research group and outside of it. The Acknowledgements section lists many of them.</t> </abstract> </front> <seriesInfo name="RFC" value="8554"/> <seriesInfo name="DOI" value="10.17487/RFC8554"/> </reference> <reference anchor="RFC8446"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>surname="Shamir"> <organization/> </author> <authorfullname="E. Rescorla" initials="E." surname="Rescorla"/>initials="L." surname="Adleman"> <organization/> </author> <datemonth="August" year="2018"/> <abstract> <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t> </abstract>year="1978" month="February"/> </front> <seriesInfoname="RFC" value="8446"/> <seriesInfoname="DOI"value="10.17487/RFC8446"/> </reference> <reference anchor="RFC4034"> <front> <title>Resource Records for the DNS Security Extensions</title> <author fullname="R. Arends" initials="R." surname="Arends"/> <author fullname="R. Austein" initials="R." surname="Austein"/> <author fullname="M. Larson" initials="M." surname="Larson"/> <author fullname="D. Massey" initials="D." surname="Massey"/> <author fullname="S. Rose" initials="S." surname="Rose"/> <date month="March" year="2005"/> <abstract> <t>This document is partvalue="10.1145/359340.359342"/> <refcontent>Communications ofa family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of resource records and protocol modifications that provide source authentication fortheDNS. This document defines the public key (DNSKEY), delegation signer (DS), resource record digital signature (RRSIG), and authenticated denial of existence (NSEC) resource records. The purpose and format of each resource record is described in detail, and an example of each resource record is given.</t> <t>This document obsoletes RFC 2535 and incorporates changes from all updates to RFC 2535. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4034"/> <seriesInfo name="DOI" value="10.17487/RFC4034"/>ACM, vol. 21, no. 2, pp. 120-126</refcontent> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6090.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8391.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8554.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4034.xml"/> <reference anchor="NTRU" target="https://ntru.org/index.shtml"> <front> <title>NTRU</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="FrodoKEM" target="https://frodokem.org/"> <front> <title>FrodoKEM</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="ClassicMcEliece" target="https://classic.mceliece.org/"> <front> <title>Classic McEliece</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="FN-DSA" target="https://falcon-sign.info/"> <front><title>Fast<title>FALCON: Fast Fourier lattice-based compact signatures over NTRU</title> <author> <organization/> </author> <date/> </front> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8235.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9180.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9881.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9242.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9370.xml"/> </references> <references anchor="sec-informative-references"> <name>Informative References</name> <referenceanchor="RFC8235"> <front> <title>Schnorr Non-interactive Zero-Knowledge Proof</title> <author fullname="F. Hao" initials="F." role="editor" surname="Hao"/> <date month="September" year="2017"/> <abstract> <t>This document describes the Schnorr non-interactive zero-knowledge (NIZK) proof, a non-interactive variant of the three-pass Schnorr identification scheme. The Schnorr NIZK proof allows one to prove the knowledge of a discrete logarithm without leaking any information about its value. It can serve as a useful building block for many cryptographic protocols to ensure that participants follow the protocol specification honestly. This document specifies the Schnorr NIZK proof in both the finite field and the elliptic curve settings.</t> </abstract> </front> <seriesInfo name="RFC" value="8235"/> <seriesInfo name="DOI" value="10.17487/RFC8235"/> </reference> <reference anchor="RFC9180"> <front> <title>Hybrid Public Key Encryption</title> <author fullname="R. Barnes" initials="R." surname="Barnes"/> <author fullname="K. Bhargavan" initials="K." surname="Bhargavan"/> <author fullname="B. Lipp" initials="B." surname="Lipp"/> <author fullname="C. Wood" initials="C." surname="Wood"/> <date month="February" year="2022"/> <abstract> <t>This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.</t> <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t> </abstract> </front> <seriesInfo name="RFC" value="9180"/> <seriesInfo name="DOI" value="10.17487/RFC9180"/> </reference> <reference anchor="I-D.ietf-lamps-dilithium-certificates">anchor="Serious-Crypt"> <front><title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA)</title> <author fullname="Jake Massimo" initials="J." surname="Massimo"> <organization>AWS</organization> </author> <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis"> <organization>AWS</organization> </author> <author fullname="Sean Turner" initials="S." surname="Turner"> <organization>sn3rd</organization> </author><title>Serious Cryptography, 2nd Edition</title> <authorfullname="Bas Westerbaan" initials="B." surname="Westerbaan"> <organization>Cloudflare</organization>fullname="Jean-Philippe Aumasson"> <organization/> </author> <dateday="26" month="June" year="2025"/> <abstract> <t> Digital signatures are used within X.509 certificates, Certificate Revocation Lists (CRLs), and to sign messages. This document specifies the conventions for using FIPS 204, the Module-Lattice- Based Digital Signature Algorithm (ML-DSA) in Internet X.509 certificates and certificate revocation lists. The conventions for the associated signatures, subject public keys, and private key are also described. </t> </abstract>year="2024" month="August"/> </front><seriesInfo name="Internet-Draft" value="draft-ietf-lamps-dilithium-certificates-12"/><refcontent>ISBN 9781718503847</refcontent> </reference> <referenceanchor="RFC9242">anchor="Grover-Search" target="https://link.aps.org/doi/10.1103/PhysRevA.60.2746"> <front><title>Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2)</title> <author fullname="V. Smyslov" initials="V." surname="Smyslov"/> <date month="May" year="2022"/> <abstract> <t>This document defines a new exchange, called "Intermediate Exchange", for the Internet Key Exchange Protocol Version 2 (IKEv2). This exchange can be used for transferring large amounts of data in the process of IKEv2 Security Association (SA) establishment. An example of the need to do this is using key exchange methods resistant to Quantum Computers (QCs) for IKE SA establishment. The Intermediate Exchange makes it possible to use the existing IKE fragmentation mechanism (which cannot be used in the initial IKEv2 exchange), helping to avoid IP fragmentation of large IKE messages if they need to be sent before IKEv2 SA<title>Grover's quantum searching algorithm isestablished.</t> </abstract> </front> <seriesInfo name="RFC" value="9242"/> <seriesInfo name="DOI" value="10.17487/RFC9242"/> </reference> <reference anchor="RFC9370"> <front> <title>Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)</title> <author fullname="CJ. Tjhai" initials="CJ." surname="Tjhai"/> <author fullname="M. Tomlinson" initials="M." surname="Tomlinson"/> <author fullname="G. Bartlett" initials="G." surname="Bartlett"/>optimal</title> <authorfullname="S. Fluhrer" initials="S." surname="Fluhrer"/> <author fullname="D. Van Geest" initials="D." surname="Van Geest"/> <author fullname="O. Garcia-Morchon" initials="O." surname="Garcia-Morchon"/> <author fullname="V. Smyslov" initials="V." surname="Smyslov"/>fullname="Christof Zalka"> <organization/> </author> <datemonth="May" year="2023"/> <abstract> <t>This document describes how to extend the Internet Key Exchange Protocol Version 2 (IKEv2) to allow multiple key exchanges to take place while computing a shared secret during a Security Association (SA) setup.</t> <t>This document utilizes the IKE_INTERMEDIATE exchange, where multiple key exchanges are performed when an IKE SA is being established. It also introduces a new IKEv2 exchange, IKE_FOLLOWUP_KE, which is used for the same purpose when the IKE SA is being rekeyed or is creating additional Child SAs.</t> <t>This document updates RFC 7296 by renaming a Transform Type 4 from "Diffie-Hellman Group (D-H)" to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num" to "Key Exchange Method". It also renames an IANA registry for this Transform Type from "Transform Type 4 - Diffie- Hellman Group Transform IDs" to "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize key exchange algorithms that can be used in IKEv2.</t> </abstract>year="1999" month="October"/> </front> <seriesInfoname="RFC" value="9370"/> <seriesInfoname="DOI"value="10.17487/RFC9370"/> </reference> </references> <references anchor="sec-informative-references"> <name>Informative References</name> <reference anchor="Grover-search"> <front> <title>C. Zalka, “Grover’s quantum searching algorithm is optimal,” Physicalvalue="10.1103/PhysRevA.60.2746"/> <refcontent>Physical Review A, vol. 60, no. 4, pp.2746-2751, 1999.</title> <author> <organization/> </author> <date/> </front>2746-2751</refcontent> </reference> <reference anchor="Threat-Report" target="https://globalriskinstitute.org/publications/quantum-threat-timeline-report-2020/"> <front> <title>Quantum Threat Timeline Report 2020</title><author><author fullname="Michele Mosca"> <organization/> </author><date/><author fullname="Marco Piani"> <organization/> </author> <date year="2021" month="January" day="27"/> </front> <refcontent>Global Risk Institute</refcontent> </reference> <reference anchor="QC-DNS" target="https://www.icann.org/octo-031-en.pdf"> <front> <title>Quantum Computing and the DNS</title><author><author fullname="Paul Hoffman"> <organization/> </author><date/><date year="2024" month="April" day="22"/> </front> <refcontent>ICANN Office of the Chief Technology Officer, OCTO-031v2</refcontent> </reference> <reference anchor="NIST" target="https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization"> <front> <title>Post-Quantum Cryptography Standardization</title> <author><organization/><organization>NIST</organization> </author> <date/> </front> </reference> <reference anchor="Cloudflare" target="https://blog.cloudflare.com/nist-post-quantum-surprise/"> <front><title>NIST’s<title>NIST's pleasant post-quantum surprise</title><author><author fullname="Bas Westerbaan"> <organization/> </author><date/><date year="2022" month="July" day="08"/> </front> <refcontent>Cloudflare Blog</refcontent> </reference> <reference anchor="CS01" target="https://eprint.iacr.org/2001/108"> <front> <title>Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack</title><author><author fullname="Ronald Cramer"> <organization/> </author><date/><author fullname="Victor Shoup"> <organization/> </author> <date year="2001"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2001/108</refcontent> </reference> <reference anchor="BHK09" target="https://eprint.iacr.org/2009/418"> <front> <title>Subtleties in the Definition of IND-CCA: When and How Should Challenge-Decryption be Disallowed?</title><author><author fullname="Mihir Bellare"> <organization/> </author><date/><author fullname="Dennis Hofheinz"> <organization/> </author> <author fullname="Eike Kiltz"> <organization/> </author> <date year="2009"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2009/418</refcontent> </reference> <reference anchor="GMR88" target="https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Digital%20Signatures/A_Digital_Signature_Scheme_Secure_Against_Adaptive_Chosen-Message_Attack.pdf"> <front> <title>A digital signature scheme secure against adaptive chosen-messageattacks.</title> <author>attacks</title> <author fullname="Shafi Goldwasser"> <organization/> </author><date/><author fullname="Silvio Micali"> <organization/> </author> <author fullname="Ronald L. Rivest"> <organization/> </author> <date year="1988" month="April"/> </front> <seriesInfo name="DOI" value="10.1137/0217017"/> <refcontent>SIAM Journal on Computing, vol. 17, no. 2, pp. 281-308</refcontent> </reference> <reference anchor="PQCAPI" target="https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/example-files/api-notes.pdf"> <front> <title>PQC - API notes</title> <author><organization/><organization>NIST</organization> </author> <date/> </front> </reference> <reference anchor="RSA8HRS" target="https://arxiv.org/abs/1905.09749"> <front> <title>How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits</title><author><author fullname="Craig Gidney"> <organization/> </author><date/><author fullname="Martin Ekera"> <organization/> </author> <date year="2021" month="April" day="13"/> </front> <refcontent>arXiv:1905.09749v3</refcontent> </reference> <reference anchor="RSA10SC" target="https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art"> <front> <title>Breaking RSA Encryption - an Update on the State-of-the-Art</title> <author><organization/><organization>QuintessenceLabs</organization> </author><date/><date year="2019" month="June" day="13"/> </front> </reference> <reference anchor="RSAShor" target="https://arxiv.org/pdf/quant-ph/0205095.pdf"> <front> <title>Circuit forShor’sShor's algorithm using 2n+3 qubits</title><author><author fullname="Stephane Beauregard"> <organization/> </author><date/><date year="2003" month="February" day="21"/> </front> <refcontent>arXiv:quant-ph/0205095v3</refcontent> </reference> <reference anchor="LIBOQS" target="https://github.com/open-quantum-safe/liboqs"> <front> <title>LibOQS - Open Quantum Safe</title> <author> <organization/> </author><date/><date year="2025" month="November"/> </front> <refcontent>commit 97f6b86</refcontent> </reference> <reference anchor="KyberSide" target="https://eprint.iacr.org/2022/1452"> <front> <title>A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber</title><author><author fullname="Yanning Ji"> <organization/> </author><date/><author fullname="Ruize Wang"> <organization/> </author> <author fullname="Kalle Ngo"> <organization/> </author> <author fullname="Elena Dubrova"> <organization/> </author> <author fullname="Linus Backlund"> <organization/> </author> <date year="2022"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2022/1452</refcontent> </reference> <reference anchor="SaberSide" target="https://link.springer.com/article/10.1007/s13389-023-00315-3"> <front> <title>A side-channel attack on a masked and shuffled software implementation of Saber</title><author><author fullname="Kalle Ngo"> <organization/> </author><date/><author fullname="Elena Dubrova"> <organization/> </author> <author fullname="Thomas Johansson"> <organization/> </author> <date year="2023" month="April" day="25"/> </front> <seriesInfo name="DOI" value="10.1007/s13389-023-00315-3"/> <refcontent>Journal of Cryptographic Engineering, vol. 13, pp. 443-460</refcontent> </reference> <reference anchor="SideCh" target="https://eprint.iacr.org/2022/919"> <front> <title>Side-Channel Attacks on Lattice-Based KEMs Are Not Prevented by Higher-Order Masking</title><author><author fullname="Kalle Ngo"> <organization/> </author><date/><author fullname="Ruize Wang"> <organization/> </author> <author fullname="Elena Dubrova"> <organization/> </author> <author fullname="Nils Paulsrud"> <organization/> </author> <date year="2022"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2022/919</refcontent> </reference> <reference anchor="LatticeSide" target="https://eprint.iacr.org/2019/948"> <front> <title>Generic Side-channel attacks on CCA-secure lattice-based PKE and KEM schemes</title><author><author fullname="Prasanna Ravi"> <organization/> </author><date/><author fullname="Sujoy Sinha Roy"> <organization/> </author> <author fullname="Anupam Chattopadhyay"> <organization/> </author> <author fullname="Shivam Bhasin"> <organization/> </author> <date year="2019"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2019/948</refcontent> </reference> <reference anchor="Mitigate1" target="https://eprint.iacr.org/2022/873"> <front> <title>POLKA: Towards Leakage-Resistant Post-Quantum CCA-Secure Public Key Encryption</title><author><author fullname="Clément Hoffmann"> <organization/> </author><date/><author fullname="Benoît Libert"> <organization/> </author> <author fullname="Charles Momin"> <organization/> </author> <author fullname="Thomas Peters"> <organization/> </author> <author fullname="François-Xavier Standaert"> <organization/> </author> <date year="2022"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2022/873</refcontent> </reference> <reference anchor="Mitigate2" target="https://ieeexplore.ieee.org/document/9855226"> <front> <title>Leakage-Resilient Certificate-Based Authenticated Key Exchange Protocol</title><author><author initials="T." surname="Tsai"> <organization/> </author><date/><author initials="S." surname="Huang"> <organization/> </author> <author initials="Y." surname="Tseng"> <organization/> </author> <author initials="Y." surname="Chuang"> <organization/> </author> <author initials="Y." surname="Hung"> <organization/> </author> <date year="2022"/> </front> <seriesInfo name="DOI" value="10.1109/OJCS.2022.3198073"/> <refcontent>IEEE Open Journal of the Computer Society, vol. 3, pp. 137-148</refcontent> </reference> <reference anchor="Mitigate3" target="https://eprint.iacr.org/2022/916"> <front> <title>Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks</title><author><author fullname="Melissa Azouaoui"> <organization/> </author><date/><author fullname="Yulia Kuzovkova"> <organization/> </author> <author fullname="Tobias Schneider"> <organization/> </author> <author fullname="Christine van Vredendaal"> <organization/> </author> <date year="2022"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2022/916</refcontent> </reference> <reference anchor="CNSA2-0" target="https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF"> <front> <title>Announcing the Commercial National Security Algorithm Suite 2.0</title> <author><organization/><organization>NSA</organization> </author><date/><date year="2022" month="September"/> </front> </reference> <reference anchor="LattFail1"target="https://link.springer.com/chapter/10.1007/978-3-030-17259-6_19#chapter-info">target="https://link.springer.com/chapter/10.1007/978-3-030-17259-6_19"> <front> <title>Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes</title><author><author fullname="Jan-Pieter D'Anvers"> <organization/> </author><date/><author fullname="Qian Guo"> <organization/> </author> <author fullname="Thomas Johansson"> <organization/> </author> <author fullname="Alexander Nilsson"> <organization/> </author> <author fullname="Frederik Vercauteren"> <organization/> </author> <author fullname="Ingrid Verbauwhede"> <organization/> </author> <date year="2019" month="April" day="06"/> </front> <seriesInfo name="DOI" value="10.1007/978-3-030-17259-6_19"/> <refcontent>Public-Key Cryptography - PKC 2019, Lecture Notes in Computer Science, vol. 11443, pp. 565-598</refcontent> </reference> <reference anchor="LattFail2" target="https://link.springer.com/chapter/10.1007/978-3-030-45727-3_1"> <front> <title>(One) Failure Is Not an Option: Bootstrapping the Search for Failures in Lattice-Based EncryptionSchemes.</title> <author>Schemes</title> <author fullname="Jan-Pieter D'Anvers"> <organization/> </author><date/><author fullname="Mélissa Rossi"> <organization/> </author> <author fullname="Fernando Virdia"> <organization/> </author> <date year="2020" month="May" day="01"/> </front> <seriesInfo name="DOI" value="10.1007/978-3-030-45727-3_1"/> <refcontent>Advances in Cryptology - EUROCRYPT 2020, Lecture Notes in Computer Science, vol. 12107, pp. 3-33</refcontent> </reference> <reference anchor="BSI-PQC" target="https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Brochure/quantum-safe-cryptography.html?nn=916626"> <front> <title>Quantum-safe cryptography–- fundamentals, current developments and recommendations</title> <author><organization/><organization>BSI</organization> </author> <date year="2022"month="May"/>month="May" day="18"/> </front> </reference> <reference anchor="PQRSA" target="https://cr.yp.to/papers/pqrsa-20170419.pdf"> <front> <title>Post-quantum RSA</title><author><author fullname="Daniel J. Bernstein"> <organization/> </author> <author fullname="Nadia Heninger"> <organization/> </author> <author fullname="Paul Lou"> <organization/> </author> <author fullname="Luke Valenta"> <organization/> </author> <date year="2017"month="April"/>month="April" day="19"/> </front> </reference> <reference anchor="SP-800-56C" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf"> <front> <title>Recommendation for Key-Derivation Methods in Key-Establishment Schemes</title><author><author fullname="Elaine Barker"> <organization/> </author><date/><author fullname="Lily Chen"> <organization/> </author> <author fullname="Richard Davis"> <organization/> </author> <date year="2020" month="August"/> </front> <seriesInfo name="NIST SP" value="800-56Cr2"/> <seriesInfo name="DOI" value="10.6028/NIST.SP.800-56Cr2"/> </reference> <reference anchor="Lyu09" target="https://www.iacr.org/archive/asiacrypt2009/59120596/59120596.pdf"> <front><title>V. Lyubashevsky, “Fiat-Shamir<title>Fiat-Shamir With Aborts: Applications to Lattice and Factoring-BasedSignatures“, ASIACRYPT 2009</title> <author>Signatures</title> <author fullname="Vadim Lyubashevsky"> <organization/> </author> <date/> </front> <refcontent>ASIACRYPT 2009</refcontent> </reference> <reference anchor="SP-1800-38C" target="https://www.nccoe.nist.gov/sites/default/files/2023-12/pqc-migration-nist-sp-1800-38c-preliminary-draft.pdf"> <front> <title>Migration to Post-Quantum Cryptography Quantum Readiness: Testing Draft Standards, Volume C: Quantum-Resistant Cryptography Technology Interoperability and Performance Report</title><author><author fullname="William Newhouse"> <organization/> </author><date/><author fullname="Murugiah Souppaya"> <organization/> </author> <author fullname="William Barke"> <organization/> </author> <author fullname="Chris Brown"> <organization/> </author> <author fullname="Panos Kampanakis"> <organization/> </author> <author fullname="Jim Goodman"> <organization/> </author> <author fullname="Julien Prat"> <organization/> </author> <author fullname="Robin Larrieu"> <organization/> </author> <author fullname="John Gray"> <organization/> </author> <author fullname="Mike Ounsworth"> <organization/> </author> <author fullname="Cleandro Viana"> <organization/> </author> <author fullname="Hubert Le Van Gong"> <organization/> </author> <author fullname="Kris Kwiatkowsk"> <organization/> </author> <author fullname="Anthony Hu"> <organization/> </author> <author fullname="Robert Burns"> <organization/> </author> <author fullname="Christian Paquin"> <organization/> </author> <author fullname="Jane Gilbert"> <organization/> </author> <author fullname="Gina Scinta"> <organization/> </author> <author fullname="Eunkyung Kim"> <organization/> </author> <author fullname="Volker Krumme"> <organization/> </author> <date year="2023" month="December"/> </front> <seriesInfo name="NIST SP" value="1800-38C"/> <refcontent>Preliminary Draft</refcontent> </reference> <reference anchor="KEEPINGUP" target="https://eprint.iacr.org/2023/1933"> <front> <title>Keeping Up with the KEMs: Stronger Security Notions for KEMs and automated analysis of KEM-based protocols</title><author><author fullname="Cas Cremers"> <organization/> </author><date>n.d.</date><author fullname="Alexander Dax"> <organization/> </author> <author fullname="Niklas Medinger"> <organization/> </author> <date year="2023"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2023/1933</refcontent> </reference> <reference anchor="NISTFINAL" target="https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards"> <front> <title>NIST Releases First 3 Finalized Post-Quantum Encryption Standards</title> <author><organization/><organization>NIST</organization> </author><date>n.d.</date><date year="2024" month="August" day="13"/> </front> </reference> <reference anchor="ANSSI" target="https://cyber.gouv.fr/sites/default/files/document/follow_up_position_paper_on_post_quantum_cryptography.pdf"> <front> <title>ANSSI views on the Post-Quantum Cryptographytransition</title>transition (2023 follow up)</title> <author><organization/><organization>ANSSI</organization> </author><date>n.d.</date><date year="2023" month="December" day="21"/> </front> </reference> <reference anchor="HQC" target="http://pqc-hqc.org/"> <front> <title>HQC</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="BIKE" target="http://pqc-hqc.org/"> <front> <title>BIKE</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="PQUIP-WG" target="https://datatracker.ietf.org/group/pquip/documents/"> <front> <title>Post-Quantum Use In Protocols(pquip) Working Group</title>(pquip)</title> <author><organization/><organization>IETF</organization> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="OQS" target="https://openquantumsafe.org/"> <front> <title>Open Quantum Safe Project</title> <author> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="CRQCThreat" target="https://sam-jaques.appspot.com/quantum_landscape_2024"> <front><title>CRQCThreat</title> <author><title>Landscape of Quantum Computing</title> <author fullname="Sam Jaques"> <organization/> </author><date>n.d.</date><date/> </front> </reference> <reference anchor="QuantSide" target="https://arxiv.org/pdf/2304.03315"> <front><title>QuantSide</title> <author><title>Exploration of Quantum Computer Power Side-Channels</title> <author fullname="Chuanqi Xu"> <organization/> </author><date>n.d.</date> </front> </reference> <reference anchor="AddSig" target="https://csrc.nist.gov/Projects/pqc-dig-sig/standardization"> <front> <title>AddSig</title> <author><author fullname="Ferhat Erata"> <organization/> </author><date>n.d.</date> </front> </reference> <reference anchor="BPQS" target="https://eprint.iacr.org/2018/658.pdf"> <front> <title>BPQS</title> <author><author fullname="Jakub Szefer"> <organization/> </author><date>n.d.</date><date year="2023" month="May" day="09"/> </front> <refcontent>arXiv:2304.03315v2</refcontent> </reference> <referenceanchor="PCI" target="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf">anchor="AddSig" target="https://csrc.nist.gov/Projects/pqc-dig-sig/standardization"> <front><title>Payment Card Industry Data Security Standard</title><title>Post-Quantum Cryptography: Additional Digital Signature Schemes</title> <author><organization/><organization>NIST</organization> </author><date>n.d.</date><date/> </front> </reference> <referenceanchor="I-D.irtf-cfrg-bbs-signatures">anchor="BPQS" target="https://eprint.iacr.org/2018/658"> <front><title>The BBS Signature Scheme</title> <author fullname="Tobias Looker" initials="T." surname="Looker"> <organization>MATTR</organization> </author><title>Blockchained Post-Quantum Signatures</title> <authorfullname="Vasilis Kalos" initials="V." surname="Kalos"> <organization>MATTR</organization>fullname="Konstantinos Chalkias"> <organization/> </author> <authorfullname="Andrew Whitehead" initials="A." surname="Whitehead"> <organization>Portage</organization>fullname="James Brown"> <organization/> </author> <author fullname="MikeLodder" initials="M." surname="Lodder"> <organization>CryptID</organization>Hearn"> <organization/> </author><date day="7" month="July" year="2025"/> <abstract> <t> This document describes the BBS Signature scheme, a secure, multi- message digital signature protocol, supporting proving knowledge of a signature while selectively disclosing any subset of the signed messages. Concretely, the scheme allows for signing multiple messages whilst producing a single, constant size, digital signature. Additionally, the possessor of a BBS signatures is able to create zero-knowledge, proofs of knowledge of a signature, while selectively disclosing subsets of the signed messages. Being zero-knowledge, the BBS proofs do not reveal any information about the undisclosed messages or the signature itself, while at the same time, guaranteeing the authenticity and integrity of the disclosed messages. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-bbs-signatures-09"/> </reference> <reference anchor="I-D.ietf-sshm-ntruprime-ssh"> <front> <title>Secure Shell (SSH) Key Exchange Method Using Hybrid Streamlined NTRU Prime sntrup761 and X25519 with SHA-512: sntrup761x25519-sha512</title><authorfullname="Markus Friedl" initials="M." surname="Friedl"> <organization>OpenSSH</organization>fullname="Tommy Lillehagen"> <organization/> </author> <authorfullname="Jan Mojzis" initials="J." surname="Mojzis"> <organization>TinySSH</organization>fullname="Igor Nitto"> <organization/> </author> <authorfullname="Simon Josefsson" initials="S." surname="Josefsson">fullname="Thomas Schroeter"> <organization/> </author><date day="15" month="August" year="2025"/> <abstract> <t> This document describes a widely deployed hybrid key exchange method in the Secure Shell (SSH) protocol that is based on Streamlined NTRU Prime sntrup761 and X25519 with SHA-512. </t> </abstract><date>n.d.</date> </front><seriesInfo name="Internet-Draft" value="draft-ietf-sshm-ntruprime-ssh-05"/><refcontent>Cryptology ePrint Archive, Paper 2018/658</refcontent> </reference> <referenceanchor="RFC9528">anchor="PCI" target="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf"> <front><title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title> <author fullname="G. Selander" initials="G." surname="Selander"/> <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/> <author fullname="F. Palombini" initials="F." surname="Palombini"/> <date month="March" year="2024"/> <abstract> <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object<title>Payment Card Industry Data Securityfor Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t> </abstract> </front> <seriesInfo name="RFC" value="9528"/> <seriesInfo name="DOI" value="10.17487/RFC9528"/> </reference> <reference anchor="I-D.draft-ounsworth-cfrg-kem-combiners"> <front> <title>Combiner function for hybrid key encapsulation mechanisms (Hybrid KEMs)</title> <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth"> <organization>Entrust Limited</organization> </author> <author fullname="Aron Wussler" initials="A." surname="Wussler"> <organization>Proton AG</organization> </author> <author fullname="Stavros Kousidis" initials="S." surname="Kousidis"> <organization>BSI</organization> </author> <date day="31" month="January" year="2024"/> <abstract> <t> The migration to post-quantum cryptography often calls for performing multiple key encapsulations in parallel and then combining their outputs to derive a single shared secret. This document defines a comprehensible and easy to implement Keccak- based KEM combiner to join an arbitrary number of key shares, that is compatible with NIST SP 800-56Cr2 [SP800-56C] when viewed as a key derivation function. The combiners defined here are practical split- key PRFs and are CCA-secure as long as at least one of the ingredient KEMs is. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ounsworth-cfrg-kem-combiners-05"/> </reference> <reference anchor="I-D.irtf-cfrg-hybrid-kems"> <front> <title>Hybrid PQ/T Key Encapsulation Mechanisms</title> <author fullname="Deirdre Connolly" initials="D." surname="Connolly"> <organization>SandboxAQ</organization> </author> <author fullname="Richard Barnes" initials="R." surname="Barnes"> <organization>Cisco</organization> </author> <author fullname="Paul Grubbs" initials="P." surname="Grubbs"> <organization>University of Michigan</organization>Standard</title> <author> <organization>PCI Security Standards Council</organization> </author><date day="20" month="July" year="2025"/> <abstract> <t> This document defines generic constructions for hybrid Key Encapsulation Mechanisms (KEMs) based on combining a traditional cryptographic component and a post-quantum (PQ) KEM. Hybrid KEMs built using these constructions provide strong security properties as long as either of the underlying algorithms are secure. </t> </abstract><date/> </front><seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-hybrid-kems-05"/><refcontent>PCI DSS: v4.0.1</refcontent> </reference><reference anchor="I-D.ietf-hpke-pq"> <front> <title>Post-Quantum and Post-Quantum/Traditional Hybrid Algorithms for HPKE</title> <author fullname="Richard Barnes" initials="R." surname="Barnes"> <organization>Cisco</organization> </author> <date day="30" month="June" year="2025"/> <abstract> <t> Updating key exchange and public-key encryption protocols to resist attack by quantum computers is a high priority given the possibility of "harvest now, decrypt later" attacks. Hybrid Public Key Encryption (HPKE) is a widely-used public key encryption scheme based on combining a Key Encapsulation Mechanism (KEM), a Key Derivation Function (KDF), and an Authenticated Encryption<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.bonnell-lamps-chameleon-certs.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.connolly-cfrg-xwing-kem.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.hale-mls-combiner.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-hpke-pq.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-lamps-pq-composite-sigs.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-pquip-hybrid-signature-spectrums.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-pquip-pqc-hsm-constrained.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tls-hybrid-design.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.irtf-cfrg-bbs-signatures.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.irtf-cfrg-hybrid-kems.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ounsworth-cfrg-kem-combiners.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9941.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9528.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9814.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9794.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9763.xml"/> </references> </references> <?line 1623?> <!-- [rfced] References a) FYI - We note that draft-hale-mls-combiner-01 has been replaced withAssociated Data (AEAD) scheme. Indraft-ietf-mls-combiner-02. Should thisdocument, we define KEM algorithms for HPKE based on both post-quantum KEMs and hybrid constructions of post- quantum KEMs with traditional KEMs, as well as a KDF based on SHA-3reference entry be updated accordingly? Note thatis suitable for use with these KEMs. When used with these algorithms, HPKE is resilient with respect to attacks by a quantum computer. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-hpke-pq-01"/> </reference> <reference anchor="I-D.draft-connolly-cfrg-xwing-kem"> <front> <title>X-Wing: general-purpose hybrid post-quantum KEM</title> <author fullname="Deirdre Connolly" initials="D." surname="Connolly"> <organization>SandboxAQ</organization> </author> <author fullname="Peter Schwabe" initials="P." surname="Schwabe"> <organization>MPI-SP & Radboud University</organization> </author> <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan"> <organization>Cloudflare</organization> </author> <date day="7" month="July" year="2025"/> <abstract> <t> This memo defines X-Wing, a general-purpose post-quantum/traditional hybrid key encapsulation mechanism (PQ/T KEM) built on X25519 and ML- KEM-768. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-connolly-cfrg-xwing-kem-08"/> </reference> <reference anchor="RFC5652"> <front> <title>Cryptographic Message Syntax (CMS)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="September" year="2009"/> <abstract> <t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="70"/> <seriesInfo name="RFC" value="5652"/> <seriesInfo name="DOI" value="10.17487/RFC5652"/> </reference> <reference anchor="I-D.ietf-lamps-cms-sphincs-plus"> <front> <title>Use oftheSLH-DSA Signature Algorithmtitle has changed. Original: [I-D.hale-mls-combiner] Joël, Hale, B., Mularczyk, M., and X. Tian, "Flexible Hybrid PQ MLS Combiner", Work inthe Cryptographic Message Syntax (CMS)</title> <author fullname="Russ Housley" initials="R." surname="Housley"> <organization>Vigil Security, LLC</organization> </author> <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer"> <organization>Cisco Systems</organization> </author> <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis"> <organization>Amazon Web Services</organization> </author> <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan"> <organization>Cloudflare</organization> </author> <date day="13" month="January" year="2025"/> <abstract> <t> SLH-DSA is a stateless hash-based signature scheme. This document specifies the conventions for using the SLH-DSA signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifierProgress, Internet-Draft, draft-hale-mls-combiner-01, 26 September 2024, <https://datatracker.ietf.org/doc/html/draft-hale-mls- combiner-01>. Perhaps: [PQ-MLS] Tian, X., Hale, B., Mularczyk, M., andpublic key syntax are provided. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-cms-sphincs-plus-19"/> </reference> <reference anchor="I-D.ietf-pquip-pqt-hybrid-terminology"> <front> <title>Terminology for Post-Quantum Traditional Hybrid Schemes</title> <author fullname="Flo D" initials="F." surname="D"> <organization>UK National Cyber Security Centre</organization> </author> <author fullname="Michael P" initials="M." surname="P"> <organization>UK National Cyber Security Centre</organization> </author> <author fullname="Britta Hale" initials="B." surname="Hale"> <organization>Naval Postgraduate School</organization> </author> <date day="10" month="January" year="2025"/> <abstract> <t> One aspectJ. Alwen, "Amortized PQ MLS Combiner", Work in Progress, Internet-Draft, draft-ietf-mls-combiner-02, 20 October 2025, <https://datatracker.ietf.org/doc/html/draft-ietf-mls-combiner-02>. b) The URLs in both of thetransitionfollowing reference entries point topost-quantum algorithms in cryptographic protocols isthedevelopment of hybrid schemes that incorporate both post-quantum and traditional asymmetric algorithms. This document defines terminologysame URL. Should the URL forsuch schemes. It is intended to[BIKE] beused as a reference and, hopefully, to ensure consistency and clarity across different protocols, standards, and organisations. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-pqt-hybrid-terminology-06"/> </reference> <reference anchor="I-D.ietf-tls-hybrid-design"> <front> <title>Hybrid key exchange in TLS 1.3</title> <author fullname="Douglas Stebila" initials="D." surname="Stebila"> <organization>University of Waterloo</organization> </author> <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer"> <organization>Cisco Systems</organization> </author> <author fullname="Shay Gueron" initials="S." surname="Gueron"> <organization>University of Haifa and Meta</organization> </author> <date day="21" month="July" year="2025"/> <abstract> <t> Hybrid key exchange refersupdated tousing multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if a way issomething else? We do not see BIKE mentioned at this URL. Note that we foundto defeattheencryptionfollowing page forall but oneBIKE (Bit Flipping Key Encapsulation): https://bikesuite.org/. Current: [BIKE] "BIKE", <http://pqc-hqc.org/>. ... [HQC] "HQC", <http://pqc-hqc.org/>. Perhaps (update URL for [BIKE]): [BIKE] "BIKE", <https://bikesuite.org/>. ... [HQC] "HQC", <http://pqc-hqc.org/>. c) We updated many of thecomponent algorithms. It is motivated by transition to post-quantum cryptography. This document provides a construction for hybrid key exchangereference entries in theTransport Layer Security (TLS) protocol version 1.3. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-tls-hybrid-design-14"/> </reference> <reference anchor="I-D.ietf-lamps-pq-composite-sigs"> <front> <title>Composite ML-DSA for use in X.509 Public Key Infrastructure</title> <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth"> <organization>Entrust Limited</organization> </author> <author fullname="John Gray" initials="J." surname="Gray"> <organization>Entrust Limited</organization> </author> <author fullname="Massimiliano Pala" initials="M." surname="Pala"> <organization>OpenCA Labs</organization> </author> <author fullname="Jan Klaußner" initials="J." surname="Klaußner"> <organization>Bundesdruckerei GmbH</organization> </author> <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer"> <organization>Cisco Systems</organization> </author> <date day="7" month="July" year="2025"/> <abstract> <t> This document defines combinations of ML-DSA [FIPS.204] in hybrid with traditional algorithms RSASSA-PKCS1-v1_5, RSASSA-PSS, ECDSA, Ed25519, and Ed448. These combinations are tailoredreferences section tomeet security best practicesinclude titles, URLs, andregulatory guidelines. Composite ML-DSA is applicable in any application that uses X.509 or PKIX data structuresadditional publication information thataccept ML-DSA, but where the operator wants extra protection against breaks or catastrophic bugs in ML-DSA. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-pq-composite-sigs-07"/> </reference> <reference anchor="I-D.ietf-lamps-cert-binding-for-multi-auth"> <front> <title>Related Certificatesmay be helpful forUse in Multiple Authentications within a Protocol</title> <author fullname="Alison Becker" initials="A." surname="Becker"> <organization>National Security Agency</organization> </author> <author fullname="Rebecca Guthrie" initials="R." surname="Guthrie"> <organization>National Security Agency</organization> </author> <author fullname="Michael J. Jenkins" initials="M. J." surname="Jenkins"> <organization>National Security Agency</organization> </author> <date day="10" month="December" year="2024"/> <abstract> <t> This document defines a new CSR attribute, relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. The use of the relatedCertRequest attribute in a CSRfuture readers. Please review and let us know if you have any concerns or corrections. --> <section numbered="false" anchor="acknowledgements"> <name>Acknowledgements</name> <!-- [rfced] Acknowledgements: a) Would you like theinclusion of the RelatedCertificate extension incite theresulting certificate togetherdraft here? If so, please provideadditional assurance that two certificates each belong tothesame end entity. This mechanism is particularly useful in the context of non-composite hybrid authentication, which enables users to employ the same certificates in hybrid authentication as in authentication done with only traditional or post-quantum algorithms. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-cert-binding-for-multi-auth-06"/> </reference> <reference anchor="I-D.draft-bonnell-lamps-chameleon-certs"> <front> <title>A Mechanism for Encoding Differences in Paired Certificates</title> <author fullname="Corey Bonnell" initials="C." surname="Bonnell"> <organization>DigiCert</organization> </author> <author fullname="John Gray" initials="J." surname="Gray"> <organization>Entrust</organization> </author> <author fullname="D. Hook" initials="D." surname="Hook"> <organization>KeyFactor</organization> </author> <author fullname="Tomofumi Okubo" initials="T." surname="Okubo"> <organization>DigiCert</organization> </author> <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth"> <organization>Entrust</organization> </author> <date day="16" month="April" year="2025"/> <abstract> <t>draftstring so we can create a reference entry. Original: This documentspecifies a method to efficiently convey the differences between two certificates inleverages text from anX.509 version 3 extension. This method allows a relying party to extract information sufficientearlier draft by Paul Hoffman. b) Would you like toreconstruct the paired certificate and perform certification path validation using the reconstructed certificate. In particular, this method is especially useful as part ofinclude akey or signature algorithm migration, where subjects may be issued multiple certificates containing different public keys or signed with different CA private keys or signature algorithms. This method does not require any changes to the certification path validation algorithm as described in RFC 5280. Additionally, this method does not violate the constraints of serial number uniquenesssurname forcertificates issued by a single certification authority. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-bonnell-lamps-chameleon-certs-06"/> </reference> <reference anchor="I-D.draft-ietf-pquip-hybrid-signature-spectrums"> <front> <title>Hybrid signature spectrums</title> <author fullname="Nina Bindel" initials="N." surname="Bindel"> <organization>SandboxAQ</organization> </author> <author fullname="Britta Hale" initials="B." surname="Hale"> <organization>Naval Postgraduate School</organization> </author> <author fullname="Deirdre Connolly" initials="D." surname="Connolly"> <organization>SandboxAQ</organization> </author> <author fullname="Flo"Florence D"initials="F." surname="D"> <organization>UK National Cyber Security Centre</organization> </author> <date day="20" month="June" year="2025"/> <abstract> <t> This document describes classification of design goalsandsecurity considerations for hybrid digital signature schemes, including proof composability, non-separability of the component signatures given a hybrid signature, backwards/forwards compatibility, hybrid generality, and simultaneous verification. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-hybrid-signature-spectrums-07"/> </reference> <reference anchor="I-D.ietf-pquip-pqc-hsm-constrained"> <front> <title>Adapting Constrained Devices for Post-Quantum Cryptography</title> <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K"> <organization>Nokia</organization> </author> <author fullname="Dan Wing" initials="D." surname="Wing"> <organization>Cloud Software Group Holdings, Inc.</organization> </author> <author fullname="Ben"Ben S"initials="B." surname="S"> <organization>UK National Cyber Security Centre</organization> </author> <author fullname="Kris Kwiatkowski" initials="K." surname="Kwiatkowski"> <organization>PQShield</organization> </author> <date day="4" month="July" year="2025"/> <abstract> <t> This document offers guidance on incorporating Post-Quantum Cryptography (PQC) into resource-constrained devices, including IoT devices and lightweight Hardware Security Modules (HSMs), which operate under tight limitations on compute power, memory, storage, and energy. It highlights how the Root of Trust acts as the foundation for secure operations, enabling features such as seed- based key generation to reduce the need for persistent storage, efficient approaches to managing ephemeral keys, and methods for offloading cryptographic tasks in low-resource environments. Additionally, it examines how PQC affects firmware update mechanisms in such constrained systems. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-pqc-hsm-constrained-01"/> </reference> <reference anchor="I-D.hale-mls-combiner"> <front> <title>Flexible Hybrid PQ MLS Combiner</title> <author fullname="Joël" initials="" surname="Joël"> <organization>AWS</organization> </author> <author fullname="Britta Hale" initials="B." surname="Hale"> <organization>Naval Postgraduate School</organization> </author> <author fullname="Marta Mularczyk" initials="M." surname="Mularczyk"> <organization>AWS</organization> </author> <author fullname="Xisen Tian" initials="X." surname="Tian"> <organization>Naval Postgraduate School</organization> </author> <date day="26" month="September" year="2024"/> <abstract> <t> This document describes a protocol for combining a traditional MLS session with a post-quantum (PQ) MLS session to achieve flexible and efficient hybrid PQ security that amortizes the computational cost of PQ Key Encapsulation Mechanisms and Digital Signature Algorithms. Specifically, we describe how to use the exporter secret of a PQ MLS session, i.e. an MLS session using a PQ ciphersuite, to seed PQ guarantees intorather than just anMLS session using a traditional ciphersuite. By supporting on-demand traditional-only key updates (a.k.a. PARTIAL updates) or hybrid-PQ key updates (a.k.a. FULL updates), we can reduce the bandwidth and computational overhead associated with PQ operations while meetinginitial? If so, please provide therequirement of frequent key rotations. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-hale-mls-combiner-01"/> </reference> </references> </references> <?line 855?> <section numbered="false" anchor="acknowledgements"> <name>Acknowledgements</name> <t>Thissurnames. Original: This document leverages text from an earlier draft by Paul Hoffman. Thanks to Dan Wing, Florence D, Thom Wiggers, SophiaGrundner-Culemann,Grundner- Culemann, Panos Kampanakis, Ben S, Sofia Celi, Melchior Aelmans, Falko Strenzke, Deirdre Connolly, Hani Ezzadeen, Britta Hale, Scott Rose, Hilarie Orman, Thomas Fossati, Roman Danyliw, Mike Bishop, Mališa Vučinić, Éric Vyncke, Deb Cooley, Dirk Von Hugo and Daniel Van Geest for the discussion, review, and comments. --> <t>This document leverages text from an earlier Internet-Draft by <contact fullname="Paul Hoffman"/>. Thanks to <contact fullname="Dan Wing"/>, <contact fullname="Florence D"/>, <contact fullname="Thom Wiggers"/>, <contact fullname="Sophia Grundner-Culemann"/>, <contact fullname="Panos Kampanakis"/>, <contact fullname="Ben S"/>, <contact fullname="Sofia Celi"/>, <contact fullname="Melchior Aelmans"/>, <contact fullname="Falko Strenzke"/>, <contact fullname="Deirdre Connolly"/>, <contact fullname="Hani Ezzadeen"/>, <contact fullname="Britta Hale"/>, <contact fullname="Scott Rose"/>, <contact fullname="Hilarie Orman"/>, <contact fullname="Thomas Fossati"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="Mike Bishop"/>, <contact fullname="Mališa Vučinić"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Deb Cooley"/>, <contact fullname="Dirk Von Hugo"/>, and <contact fullname="Daniel Van Geest"/> for the discussion, review and comments.</t> <t>In particular, the authors would like to acknowledge the contributions to this document byKris Kwiatkowski.</t><contact fullname="Kris Kwiatkowski"/>.</t> <!-- [rfced] Would you like to make use of <sup> for superscript in this document? In the HTML and PDF, it appears as superscript. In the text output, <sup> generates a^b, which was used in the original document. (Note that if you would like to use <sup>, we will make the update once the file is converted to RFCXML.) Instances in document: 2^{64} 2^c 2^{(128−c)/2} 2^64 --> <!-- [rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. Updates of this nature typically result in more precise language, which is helpful for readers. For example, please consider whether "tradition" should be updated for clarity. While the NIST website <https://web.archive.org/web/20250214092458/https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1> indicates that this term is potentially biased, it is also ambiguous. "Tradition" is a subjective term, as it is not the same for everyone. --> <!-- [rfced] Abbreviations a) We note that KEM is expanded in the following ways in this document: key encapsulation mechanism (KEM) key encapsulation method (KEM) key establishment method (KEM) Should the latter two (one instance each) be updated to "key encapsulation mechanism (KEM)" (most common in document) or simply "KEM" (as the abbreviation was already expanded)? Or should these be handled in some other way so that the expansion of KEM is consistent in the document? b) How should "MAC" be expanded? As "Media Access Control (MAC)", "Message Authentication Code (MAC)", or something else? Original: It is crucial for the reader to understand that when the word "PQC" is mentioned in the document, it means asymmetric cryptography (or public key cryptography), and not any symmetric algorithms based on stream ciphers, block ciphers, hash functions, MACs, etc., which are less vulnerable to quantum computers. c) We have updated the expansion for "AEAD" below as follows. Please review and let us know any objections. Original: HPKE [RFC9180] works with a combination of KEMs, KDFs, and authenticated encryption with additional data (AEAD) schemes. Current: HPKE [RFC9180] works with a combination of KEMs, KDFs, and Authenticated Encryption with Associated Data (AEAD) schemes. d) How should "BIKE" be expanded? As "Bit Flipping Key Encapsulation"? Original: Examples include all the unbroken NIST Round 4 finalists: Classic McEliece, HQC (selected by NIST for standardization), and [BIKE]. e) We have added expansions for the following abbreviations upon first use per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each expansion in the document carefully to ensure correctness. Security Association (SA) Trusted Execution Environments (TEEs) Hash to Obtain Random Subset with Trees (HORST) Hashed Message Authentication Code (HMAC) Internet of Things (IoT) Payment Card Industry (PCI) --> <!-- [rfced] We see both of the following forms used in the document. Should these be uniform? If so, please let us know which form is preferred. hash-then-sign Hash-then-Sign --> </section> </back> <!-- ##markdown-source:H4sIAAAAAAAAA+S96XIbWZYm+J9P4cWwtiI7AXDVQsVkd1EUFaJpCYagyKiZ 6WmlA3CQngTcEe4OMhBMjeXP+T31Y6zNep5m3iSfZM53lrs4HJSUmZ1V3a3M kEjAl3vPvffs5zv9fn+ryZtZ9izZvizrpv/DMi2a5Tw5q1aLpryq0sX1KpmW VXJeXOVFllX19lY6GlXZLe744az93ThtsquyWj1L8mJabm1NynGRzunxkyqd Nv08a6b9xc/LfEF/j/uZ3dif0X11s1UvR/O8rvOyaFYLuuvi/MPLrWI5H2XV s60JXfNsa1wWdVbUy/pZ0lTLbIsGcrSVVllKAxpm42WVN6vtrbuyurmqyuWC h/njxeX21k22ok8nz7aSfkIj39raus2KJT0xSexKHtk2fSBv3/6JnpIXV8l3 +B6fz9N8xteN/wlTGZTVFT5Oq/E1fXzdNIv62d4ersJH+W02sMv28MHeqCrv 6myP7t/bpgHUTVpMPqazsqC3rbJ6a5E/S/73phz3krqsmiqb1vTTaq4/NFU+ bnrJuJzPs6KhT4i683SxoCH+H1tb6bK5LitMj0aUJNPlbCakPyWSVGnyPC2y 6g9Zxt/SiNIi/zVtiNTPknflTZ7y52Oi3rPkTVlMykI+KJdFg/X8scibbJK8 ppdNyjl/lyk5Un7BYKQv+KcCjxvQMLfXB/Mhr5bzdJbVd2mVvM8mk9UXjIeG fkVUqmTsVXbFV71OqyJt0ps0HuhFMdGbbXw3gyZ468cKb31wkC/yOc0oL+tk OL4u8yJPi/Qmr79gpKfNNW3OeEDfVVk2zqIRTewFgzp8gQyqP8pmMzoRo3oj DedlQ+fyVTmbZaMsu+kY2Iv8Kj/LqiYY22XeNPVoWV1dt1Z2eBoNrsnng2t7 9D9N6EFjelA0lryg4/d2kHy/LGo6VI08UUb3Nr/JWl/Q0J4Rl6DzWjfJG8w9 m/AXxkr0O/6MtnmWNc+Sw0f7+8mwnNERaZL3ZTpJ/vynf0mGS7o5OdjfDyb2 fdOkd2kv+b5oaCuW8ezOiLQT2yITGt/rw9fJ0XePwinPaciD0ob8T5mMBjOm Q1qU1ZyIesuc4u2b/uvzt8/45sQ458uLy2H/cP+I5l5OlrOs/yZtGiJaf5TW ODLZqn9ejNNFvZzx6iRvs/E1rVU9T4bgAGk12dYnptUV5m6cpLidLZa0D+ja ZnBV3u7hB3yyh3fuvbsYfhjgpwG9fbCYTOUpzCiTaTqrMxnyi+Fp95CP14b8 nIeM3dOks2SYX9ERW1bZ33Cgx5sGOnzzavNIHz3DEJqMznCdvErr67/DSB9t HCkx2lrG6aXnbFWU8zyd9en8ZEk6IzGYN9fzmkXkosKH03Tc0KdyRhMaZjLJ 63GV0Y6elVepXo+vkp9VENMeXCybrJLZtCeTVr/ktyxeaKR7fE9/cb138mj/ 6f7hE7qFJNdt1h7rKQ2EDqK9Yi67cUxUdKPmQdOkU2zhpM4gvbqHMJkN0vGc xzAp872D/cHBwfGjvcOjJ08Pjgf45/FjuvH92sKe0jEgiTXhV30/alJigyRr 1xa0ZkJdLkezfNyns6S6Sb2qm2xe/2bDMreGBfLY0I4enRwd7w/4n8Ou5X3/ 8uzx/sn+M/nx6dHJgf346NGx/Xh8/Fh/PN4/4k/ffXj/Y0xofNJNNXAYHlxe TLJfBvV1M5/RhS+rclI6BuOOgH7a/agpvr3JZK50xdksJQ1q/HZ8PstJ7sSP 0i8T+7b7kWO5ajAfZ3yVPfrlu64Dir30siTFK6uSWcT5sHlpyye1X0tsx8TT ZX026Yw0vD7uGECF3PuCBTo8evSMGDUud6za7f2+bN7WoM8Gyf+Wzm5IaPz5 T/9VLvzzn/5L7c6E3IT96I9ETqNf0OFOZ70//+n/TS6vVzUfmvfZbZ7dJae9 5LacDZLH+71ksRgkh0+OH/cPnzw66CUHJycng3jCXdP6cE1qbNN/ny1IDLUG bIq5XAMVgJamyBK5ODncP9zfQNGrWTlKZ1Vekypb0+OImwjH4BPFrKje03n3 GxlCo4/vV/z4Ph7fuRI/nPVfvBtuGOsZ8y4mIp1g0owSunbDKO/u7gY0mqLg sZXEJ/v7RwdkIWziwWDUrfdutmBMJijr3TCGcV2NvVxYVOUfsnFT7y3wWCPQ OHjs5m/6dfzCrgmczcrlZEqGQtaaBmbGm3Exy9KaHp6E70nqZUXSpM42TGJE kmQwds+GEsMirh8N1h7Suahnw/2D1pheZDiRvI6nRTqjnU+HYZpcVnS8+RAE /Jl0HZACIo7U52xOp54NMxKKVyn2YHI6SRc4psnZdUnGXHKWL65Jxcx+oa9I lxvfbJhbRmMumkGejiveJof7+wfE1p92TeL5q9f7J61ZDJcj+qHJaUR5IRsy m5LY4bHSdC7eveifnZ0+S34iLZ4n+6q8g7RfziY01pR04uIq67/I3ARH9Ii8 pi/Ku2zyH7982Cd7xwedw/7u7funT9ck5USFomOkSc2UJT4VETY1wo6ZsH2i fZ1e0fdM1XqwYYCLrKS9NhjXpA0PSDsfZJPlXp3PbvNyb0gq15j09X93uD8c 56Qa59N8TL9cpgtSLPZUXONbx+T3Tj/qxx/dhx9lK3yUnfDxVAb80XbCR9kJ /bcy4I+yDTadfTLfTy8v2qf/hzOy7OnzpCibrP6iM342fH+2N8/IYNy7tOMe cpF+yEVIkRgv2fLey35J50Sx/jQnfXQvXeR9fuem8ZLy8/TV+zabxN5qSlUK iYMfP01GeYOLaXc22RWRF9v0aUL7j35c1uCkh/tkrcxm2HtFmdcrklh006bZ ev2QrMm9gxNSafdPnhyfbBjkwf7wrDXI5yQP2AeCYQUnu0/HI/lxgUdAYcVZ Yv28X05JiGT906p5gNP/vMQMa1px0jDU0GXOtTfS9/WrOiXub+/rL/lV4Kv0 d6p27foMhuICiUR9Xo3JaGQ1E18za/VSXcla/OboS0kZqdokGB/tn2y0FN5c PP/+h/bCv8lH9CGR8PsFsRkTWMN0uomn01m6Xo6YSCXd4rk43bI3y0flz3XX y1+vRlk1zCdtAXOa4MM+MbSiyGbKcsXseEUy647ERnKB/Y3NnhpzPHv/vw4/ nL4Z9vmxX8zqDg/3SOnu1LOH6abx1RjfWMeXBuObp/UNKZZgzfX1cjqd0S91 OW14zPnamPkNG4ZK+s3NoMZ46aQxbWlb5eNZxobC/v6Tvfrg6OjpSX//8Ki/ T8rIo/5R5yxorGdt/bKDwGzYxWY26fR1ckojf1c2JEuzWxo7fTxaJa/yK5KI /e+rCanLb1PobldfQ/KTg84zrq/voPl3WZFVZBgM1ynPAyex2FdhE+v4l6/P eTloLiqUNp2g9YEenOydHHeKwbckk6/ok7Yecvn9m9cknz+UtOCTOnlDzILE BanMpJA0UJViHZAGraqH6CdJrJ98DUWfPulcfRvoYfuMByObQWwm8MZBdoKB yfKfLuEtbPijiQztF5CeBDZJo6Ycl7MNI8yzLPtlAY/oAD+qmSvSae+EzNTD w8cPjfboIc05HlbA803LUFkdaG1d2/3rtmvncM/eDU8P+/tt9lAU5bIYg21D 7JzBHV6Nc1KP3vHBh/NAAwHJqePz4jg8HGwyk1gLGEyyaVbUGSsHNLJHe2/T 1d7RPlS2oyeHT58cH+z1+f/7pDucfsQAP9IzP56++e779xcfXr0dDi5fvNx0 9F6SfrWuWTv64mvs1YBfqEZqCnTMPoYPHrd1/kZ7a9FkleNvJ0+e9om1He33 D54cPjrpP/54cPKNXtTn+M0D82hv+J3vi2zXTeGiZp5GOsL3C3FIPy/Lpm4q CVeIvsA2NstlvY31nXiO68bEJiX2a+Z7/OjJ4ZP+0ceDTstheNEnZbLbqGWZ m4S2Hrulp0sy91j0zOpeQmtV4chPiKPPygXrjMwkq0yCNxMxux/QkEZ1PhjR Q2lH7g2vSbpNXpRjUrfLu2JWppN67/zdHg107zK04p9X5fia6LgXKgiRYTqA o+k/FsVv6cQ9jnnEwdMBqYc4jqxhrzvsLkMrlL7epGFXg9Vi0JR7C7EQFj9D lSNm/2T/+OCkrSjh88H+8YDl1fCy/3R/v//ocZv47yO68ZaBV/0Fiaxbc6nD l8gbiP3tJA2IMPU1aP+Zg7LZIzxcZOArEY3ZQTy8HOhAq8ONqt9q6QxQN5Hf DfA5Sc7r7La+WbH76WWeNn1a43leJT8Rr0pOR2XV1M+S08XCvReWgp4M3kkv xZVMirLyAmd90RN7yenw4pQUtssPCYzNbRtFl9PFGLFGLPfSGh/RlmEz9dHJ AWm4J4/dD366bT3osn8Aohw9PWvP+m1Ou4+XiWax2UtjH77P0klekHnwzD4K BHx0x4dsfF2UZDeskgtSnSrSjqt0RAKXWD97jbOKfYJkZqin7CFSFONxmflt UJPAqPdIIqTLWbMnpt4hlMGDQ0Rw+3ObVZ/9K/XC5j/uL6psls/zIq1WfY58 b6Ta6/Pzy4t33/14GftpX2cZ88kfF8kdtgT4JbRFREGqEhzOyzhitLxD+FRA o8TM02VTzlmAp4G/hr5WtW2hCkbd7QHukNJHZD8eHann7eXFu9M3LWc3fUxE hs+KGPnLvCJN4Yj+pdfnv0JRDNc9ZOvqKtswEl4YdzKzu7rPanLNP2Ncx3v7 T8XDVenLySynlxOrn9rLY+dXYFaanw720+m74fCiFSnBRwncu7VZuZu3Lwm3 os69XrnGGGE30TSWt4Np1bm7nAo3LeFR+rhcfKSB8yM/Mjf9iB9oAB91Kh8j 3i577JWJLudn+OFsfUDw+tAevv55bM795xevz+Mb8cmX3MkJFv2fvovujuj0 Y00qQeG02jrZ4VSL3STKsOikGoJQRNnxDdHOJVNwwsYePyPwytD9ztjWUaxZ 2In6eTrfBeNaKQvJ6SIq7384E797K5jiPu9e8Dqd9/+Q/rwknYXUnnpRckjZ hPNHRLbrMS3rR+xiONPxhbfNIs0DH39JDPDwiITp/hFZq9jRkwnJhdaW5s82 7NDIOeY8YljuSX6FoMzeumP7+WWL5tv45EvZysHTvcePnurWvTxrnb/LdMUC /IzeiMSOJWmQq+QFbQnP/uJ479r2Ia2J2PHtYDHOa73FHXoeA7303x3uvxgO 9+xJ+KhPH/Rvjz/ufzzgwW1t9fv9JB1BhaXds/WBWEE6AScCX01DjRD+8Nkq ATe6hcRqh3KTHWyc3eSO3cqkKMLGr0PnWVo1PbCTSa72jMRqkhsyEYPA8iQj E3BFrLUpJ+kqKUd1OcuarJekNbMq4v+k96TioE/rejlfiKRY4pUkXwpVxUnx MNroqIoymYmYuS5nkwEZ3DTbSYXge3Odk4rr5AdLGzIWqpRIsxyzc3qOPA/P DiH1oxCGn0MvuSN6XSdw30w4xsDTIapA3iejErIvIARe5p6iTu3kA40oMTaQ wDCGnUpPXiUuwyyhv/nJI1o39hZh2ehpTAveEfEYIxV/h+yB3R6NsCFDxeyX XIKb7Br74YwFRPYLjRrfa3TaBb7GFjyAhnpbzm6zCYcgHI34oRvJNEh+LGbI qyHF4jYvl3W83xLxjhI1sThJfZ1PG1p97EFikYgWEGHZ94Bgkq4cfSkUTybL DO/GOJdFTvwK1yzgrshYa9g0KDkT83wymWVbW99ABavKCe0BMIatH6Jtj/nR 0Py++gP2SIqXllUmW3Rckp62aEAYucnM+RqBB1V8Fxx2rb9N8kYeeAcrE2Go 2wzbKMWIafuIccnK08JFqeAhNI16kJzR38RWSWOcZf6WbDqF+s0vy5D8w+Qu K9Ie4ezGx1eIFxe822D4YW5QvkDAwORj0rlX/7xGDrdHaIHUYiS2McqYVMVt Rt/SyTtt+LmcVNJEG51+Zr5AtsSk9zUMqBYOVO/SA9MmoV2RsNudqDXJ6MYl FMS0XpHFhZTDkOXskNpaJjdE9QJcppMv7fKMCjL/Vxkt8S2yIYnCAwTTiDoV dmkGdy2OzFWJ6Tric05MQEIN003zjJgS0XONij2vH1+VRGa6ZrTMZ7wmc9pZ tHnvyAhYCusgcctjWScJbebvi4xzK+kcz1f0zLwW+qyTD/NDCk2GNU+xWwtI AtmsZ5c/yub5Dj/QBGgxeGMap+JdK6s6JnX1W2KXmHktN5TLZiFWS3IFn2w6 6y+WtPlIg+InlwWtEA2xhm1KR5pzVeWYViVNDTyVlugun7X3HI2cSF+WveQ6 xVlJCuK8CCE24d14tvBkGiAx0F/G2QzsB4diWSADSxKCg/3GD9aQ1ZflOPXW 5ZN7fyScmDQ0Os1IiUVhyKIxqQWUPY6o0dyxLXT3yDwfWEsSGRzjxM08YZIt dPJ8Okjj7UwS+jAn62AX4x2k3GEH0ABBnOmS5eD62+gFSvyQJZskKZznKGbv yikGiBFM8nFjEkiib9Mkm2ek9YBDsi6Cw41xpU7s8A1pfdMzgRQfv2WBDE8S mg24xhXUO/r0DkFw3gS8mUbwwWSeo2Ef0KbOcZzu770u/OkTnaXzX4gcNViy O9rX4BcsHxCzASPAam4QuTHX4aUrp9OsatEa61XUIHW4F/6xRpLEbX4Lji9b YJ370utDjtQWxGk8tJaCo0c4RbJqml9dN7ToiEisEZk5IbHrioWIVwLoDZAh oOgguWhMUPOalfMR2a0WwjINhscsoom1L5N4NRm8NfNKFlg056W71/Fev4Fz 7Fx2EBDzqTJmjAt+3DXrHyLAIx4sPBmqJn6lxb2U7VXT4CGWaho9LU0l54dW edsMbXpaOd3u+Q9gVdHvdELcR5V5draZEHqcWmJ0484IdUYNT4GFLwuV8jJ4 2AtgxKTcViRH7nhpulmBExck+pdXTBORjaEW2nk6ie0qH0eofOd9Dgn+5z/9 i3j26IdTUpPmabHLYzo/O0t2zmeznFTycXJG2zWLvAm7A2Q5hFPlCCcxWWKP psg62jHhNWowWnXxfWHpJNnty36Q9kksvKDFLFImI7TTDbyZD6IMxJ19FgaO PYcC9VTWUnLKvJ48qdI76OP0HDp5XkOn2SygkdlDZW1Zxs/BmyRBVHavmCt0 JDqXQgwQ0pUXLKlVNQs5roTZdEL4kjV3Y6EyTuF6eMvAl7g4OyKwG64lkcOF nzcpzLwHA59uz+7UU5sJuWijwRKc0lJmzV1GTNgZZ6wAe5+m0MIeIoxwRJuA WREnXza5ekNZSzLpYmSSg4AZQdMMlRPiWBD0pEwXWZ9e16d/aYHIshpndij9 xL7FzGhEK1ZoVLqLFQKHL+1jpqVaPs7wwPo9aEdiV49ZJZsYdcJFnOQQCVg0 Ji3tn3JZ0QoSg5+FCgh0hTr/NfMEbZuU8VEbJC+8RQSduE/SgWWoJl/R5Omr 2kxAVOKQjrPkwiVTxcTGsn1mhxceY+yf6wrchXS9lk5f4dipVimWAOmW01w5 HLSG4mrGaV8Y/QB+iPD2NJ/XysZvadymQSZXy3zCTnDeJ7aV79T5Br0jOkaz fFSRpoaVLIhidJnbgr2udQq4dU83Fay8PvGBud+8tHlEqcthvi4RWcGmy/zw x5ysToNckIXn2GnNGWicRgpJtahybIZ4yXrBeXTaUbA9bOFxF7ZDFtVjzK0e gwwceNCFRYeb5AU9K8/6r7LZbJ7KrgKXr5sVrcaN6Mmy1EIgXQDsyxr6AX5g 5VIVTbqFTDYXQFem5rP7eLfqg2j8nKPEJuCmSbUHHO7m04l9PKO35o3t1qyt uiqnhhBwxl/kB2F2k9bXMHvHGnWoyrkwTNqNIsDpVJCaomKpIn6B+j2VHX+l VTmDe89MVDD2LqHvKRPWRNVQO0h6LkjlbZTzw0cCdsc6uflW6PE4qtBzYVjX ZUtbT+eoLWK1pCyhKqeaCtrxTllYtUXwo11FyrRxYfDfWiV6k97Ql7xXwPno PYNkiHPgFVRhJlC+lA+RnVs3zO5nmrOhSi+UPvpZvaYykNnMO4Wa9IoudmEs ZqKqJyyuIIVIS7zi2LUJvXHZZ0HJD/M0z0S8FJynF9+ZspZMmgHkDHL/R9kU ZjkfV57tQJypHbkbMGlWyc674emuTVWrEDnVsE404DNhD5Akb4GZqfUVcQib tcTisXN+HCaFczDZO21NyKCR3JNPnxIJmGn4xygBDk9H2eXEeAW59hqEeS94 PMLrvssgupOX2YQZ8/fEVsaiolxY+QJiYjaenefDi102nfiI+Anz7NzSdSUX eLZ6f68pDTQZWV87RumM9nUtqxeT1i3HhRUNcD6dec75hUH0dQfRP2GbRDcn b3rJaGlyWtQfuC2agLebFyNeLKIuR8Robwgl2f+RBgyKPcMBMykij1VLK9TE kcgBFTyr+8YV2zj+3BO5rnAH7WF1mCKb9B+xV7gejIjrJmD6dtu11me+FfA3 HVrCzl1IFLUN6NR/OQdO4RpNkIJeJajzEJ4sVS08Pq0Ci0eYzpprMXG8L5tm zAV2bJ6LrxNTaFYLtfiJRc01h4zzFCcl5kLCiZk1O3tIBjYJzNzm2jRMvIEH xtovVkIEhWoBTkMnSiEWEmvXzKjNFwGdZcK53tt4wFy8bp7l2Z5nMTfPUnDL Dau7g7K8bmfSrrBtNvGLVdIpsxxXQL1qOldhTgx/NCvHN/7XeLF6ydvTM/o7 a8aDMPbBVL9dzgr1RhMJ1l2UrUDHpMxEWWe1SY6Uqk5prRTr1AjAN64bc+gE b92RhUiJfHXmiemP6/29FPxgJxGBSiirNZmqW21FtDW2ZUGcSzTfwBEhu97m iUUgxYToTDwDPG3nh9cvdiG0wytEo8X3HTYtEVvTl0XXmpW5d/llxITAegLm 3dIa2LUvz2eljtYJNmnGnpbZSizyPFj6yO8LiznZwZzpm3ZtpaqULlXZThaM +GXBuc3Fyqnr5vC1pV/T8x15r0pRFsRnki0Cu531HSY3G+bGaZ1ziJMZWko0 uLWaIE6DpVFiDbnGLTIfVCKaUan81EW1XezLxSE2+G2us9mClS95CiYuz4Lq SlJP2HXLBQR+b4+j352Bc0VLVQg3CAlWSw2P07DSmrUVwUzIGy4aTPIpuAYM LmIKjYpF9q1aDVsGAxa/uPcxq8X4Lt5/eEnMVnw4ycuy4kQm9X1yekOyc/by /Xe7A4TKPpAakIvsbEfKsupZcuqDxcz+1Oavw7iYVYQ86M9xcnZJj7BcEg1t EXe9EocFH2BXz8hlEM9YW6GdTsRd2Dd0VhpxpLWZkx3GnH28BR9A1KfILsiq qmSP0NYbOvjBO1CJvJw1/aac0cbnUNVIlkCMSyj5IPCcLsoXxKEW0SBbJJD3 IFZXiX1sQUJ28PDxxzLzLMDpkKTVEQ1K1bTe2pzqw/HgZ+Fnm92So7UqLecZ AhNwnjMLZ5PKsxbKe29HKC6tdLkEoORamgFv33oJDZMT0Gch7etuz+ZGHSq0 1rLBFQkvaCsAfzlDKoMaOEG8E9bqtErnGRzGPvk+JiMrtZgisuH9qyNHKJ8G UOlBR7AzXWo4/YyBs2x1tmIWpLKzT9t+ZY80W5PqlcLXxPMcv4To7fbYqC6Z 4XBumiZXTXbPzg+QTU7xIdCeXOFIfmjHabyXKUlHGAoJefEXlSwGbSjJduiB DBzwrGGt4g/M/R655XXLbiNgiN08JqmcrYVkNEuDVXQXVTB8HrZaLAo8gs1L Lyd1dzLgDEL+elyKa6t73OI+mMr8cE37/Qs2+vKFGb3Y1tj+WcP7uc/6hbqP iGbqS/nWiQcaq3hf3ABUJvNiLBC05CMMRTLZbnywtD2QdvoKKYUSMguE3xRn cj3owPb0dqBwSiqQuPNGst/CBJ2Br6/2a9e1dLxxRubRCAPk4rsM5f61GEbi VZBqUPGJVGkuhfyIEBY621kKhBo+J/5khpGKumt/dY5xzGKZjFp1LxTTJW9v EsWQInQLB/F50GU0aHUHgajTclkYqyUGK8y2rEQGuV3aEe+pXeid01BW0EIQ X8UeDaiMI8PUpCUs5LSGOzNFyERU1n4fvtCcPfMwdcQGBmMxxa/mWja6jimJ M6CnApqbZmCBb0sYlrm0+Y293lbDD3G3kRmCW9HD6zSfyNYWNadmDwExuF8z F/cQ/sJ2bXKbVrklT9MJ4bACv0u4m3GqthmyrFlJXPmxyfUthhaRTNSSMJPo g+Oi26pQ9raT7bWsuG0+J9vKEPFrbeyzzZfdy+C/7rk4dE9za2DDikUWuG54 raKqDXe8NXADdSENUnLg7PflAdAavjGMhjAxLOT5W1tcXj7W7CNzVzsfFCxl bM66HOfM2VyGi60OR/nX5L2LAW6KVYrzt+2gnUjK2jInO9XFR4L0tqLb/mXn tDef6bQiblKRkZRhMHCJ8DX46E15q+4IIy6O0F25xkdlu4hAuEtXZvHP8Ele 3DCjcXRiH4F4sLG4UfrDYF2r5h3cg9NCGKq42on3rUZVPqnjLJMwzzDORYP2 SDN9CX1CqsB75gjy/ite21pcgWsR/W71r5Xx1mQLPsfLOpBOjn0i87Sq04r4 UmDZsDtH5FMQhM+Ka7ChSXBTjyWabryVZqSMx5zdqa61LyGFGJec37y19YIs 5bzJTEJUV1lf3L7rfHdSOr1AvMkaGQFGEhzrhTnofGpgnJDYMRw+ozQ/Yp8k m8x/VJbEroRfMUZDHZiv4jIVpqCpOUjScroVp0MuFgC1AWJZ+GJP02AEFhmb qIdYkysfTmrBqOMoPoKokLb5baqB8Hk0ZTzOSjpgSn4TeAojzfL+G3duP21t Yb8uCxey06QIZx66R6iObBfEiV70PdxZHOQy76GwOOhNta/nc25dk4xE7nFV 1rwMcOZKlD8viHjh8XDGhXNeOoLt9pA8uhZUBzuTwJG3Z641vDBbcZqliz9G e0hEFW/zrKXABM7X/nqemRq6xXi2hHuELuByGuwRpHw4mkZ+QJvX6flQPEEO mcMX27YjkXLHq7enZ/3hq9PDR493e2yyZixRaFp0OMTKqblAMOLetaSVa1yA dpP7Zc7J0aolZeotaaU7Mc/d7IOG1eYI0PJG67BpxH0M2W/zdsjOKCAeY044 yxs2sNjnKlMC+VHGVHGwGLSQxDa3wZyrgPPM8S6J/ksq1drWdQNVa8VT8UuJ 6JKk4HPfsIoAGqSzub6JZfAxyFTwrRg1zvEWcUC6aQIlcIy5Z5PlQmnpcKqK 9fMNR2VPEkE0OyvUDNqvJ3bCnBJK6Uwvv/YpsWR7Sn62o7TnGqCfufyDRHuO DuiqR5o/2zGsBa3KpdOENClUKoTpRPKCITVGEuZEbLN3B4lCHOfnS5iNrEeR q6yfz2l1dlmrg3j3Bet8OGs/xfCZXD4QXMX1FJvJi5VPAgixcDnd8s1cLn7t YyZ4tc9NUZdsp7LlDpHPE3fFH5u1UTGplkWjpF3fQsyJNLfKZwcZw5xBV/N5 QaNsnMLL0DlXoslyrAkFPkDO9ZiuflXY88Hh0z6cfBvCMnTd4X++f3z8ye0Y /xBjvhK/qNnsi1SSICc1iPatP0gyuH3NNuipiRWNeBy9/gPNFjtARxV84R+n boPMfG30PHihZrOMyw97m6ckqWqjzFy8nBsLbodUjblA78CjH2bcsSuju65A Eu+6Gc81UW22Yr+3H5wYNOzazpzZLXsLUx53ab8QGPYEWVd6MbLEmCdiR4tb dn0YbIBwEgKnKyApHIZbPpeSEzJKVLPkTbBDW+XP/9f/Pd7dO/yEM9xLoC7U yLMj4ihwz6PHHRomv4Iz5WVfIsjCbxkhp00Rl2h/HjzuJQf7h8d/xSOODjWy Ay6HCBAiZ/f3cHFplOz+3kO9ffq0G2SX4VwV17LrWMlURZKdNRoLYsW4Cdxq VpZAqkSfCJTsnEpG+qSrqHa3LfBzt3c0e9AzIFXLiwyGQFrl2CtrvFySfO7M 5mAjShYsrW+cP1IzMIIyHCKmmn6QuohG5DAQY9En3qCgAqJrIxcReZBwGBz1 s2uynhtaFkZ3ZFFGBtKdCqyOx6UkPbNbZVwjhK6ddipb9BdwQomLgvKrRSZG qPgSzI4i1TROFdDyEKevWo51XvskMAvMK0TlJ6jpuWVpFSrvgozuMQ0ZvIGH c/nDWU8cqXmtWeBrngRm4JaQiIjiZGNq6mileoJjOBat4OAJiS4aBwfoNlTj uZfS23Rr9uSHk0PZafiFjqsJFBK2Y0414aWxmXC64yQo/WEgh2yTFk/P7Dkl tu0K+LLqwVNoWnTXctb0nHAKKKO83ZSUzD1CoEAsdwFZTXT0xWjThB+3LTlH mhO0OGio8V2u1IHUjjPGau+TTF4i1e/aZ+NoTpS9dBgQPcof0jSmHS5g36Wd xj8oQ0JqE5Bwkp2vxc7ZDROjej7jSGyuOrPFxzKzbboh7LG19ec//dd1MDbA qoYylFPRhRDd5UWamE6qn481s8tsvebIrt11eQNaZ6Srt3R5U6qI3QLXdp7+ oTQCb0gWcb5U9VSxP5Qrcm2nzznpRRMr8rBCx3nDenKHwH52Fvv6qFuvKxs1 s1KCMZcSxCYr0kHgFUk1vUdUektHYr9vmOVxPvsundNOuL9XoF3dN0OkblRV COfLlwCAlwSb5atqPrcWEnsJounjnDfUdiS6u1xFopT7eHcH5maekrGPpUrm KTAw1PXUAfEHWFnEAZYFdlQm9XNpR9ECqydBKY56EiNfX90sJ1jNWvzj8ZJK FcGkJ3kELCNZ56VV6zPAI/vVgeaIR95Kaj+ZHVzLnYn5gbEFtdrijGpHtkF4 QTv89Il/BL6k/ggUx0+fYF/lYJxY1DnEXKF56MR9MokIOeOyZUPcEd241EJU lNkMGaTKq8Vn0CzpLsscck5phIRprS0bGHTb5HHym7yOc5+JAXqXEnoeKBto u3WQ6hMUDVoMYIPnW9Sytp+WdLHnatSkkCBjOAAzJ3kQKFFmQOMkpZnEsZXH OztdnAictG1RoB3aG1VjBOEpOgOOqySu8qt0tGqkbIFfc3/PiEt0inriMBbl uFVxEcVAuVTDlW6QYIIE6sUCfhPLYqOj0pOwXt3TsoXwWraCuqi86RU7+SAb 9D7Pu+USRuEFnirqfDczb1da5/hdX/jdA/xeBJHDAAnxDRVorZVx0YU+Wbt0 MpeBEqNNhnIbyD9XPSklY71BDzP7ITgaTVRNrwocPsQ+ARQo7mfN5POuPY2M ufrn8ecH6tL5cXJgBrDtDXZJO2tUIlccP/LVyPPiUcKz02K23rvvzFvzenNA qssJH9xzf+9wSzwzSvlEh3kMgWs7mk3wJHY9rEpd+HpcLvRYRuE+txycmtam lEsM9OESQYEQeaOeD+j/fTOPas0ICQYVyB+rHEB2j0+xWcvw0ZBLziGSb5IP wcGJ99yldyDzkM54mM8ZtspJTW5bdEoM5PNpOj5JsfP09fTEJZtOXK2bNdIq urpVaG1wK3nVNqMY6WvxMZa/LF1bweQp/VBnLrcQcDHI75gFDmYOb3X6jp5t bf17zr5Jr6osc7WrYE1cPsGw+q0LNAG7F+Q4t6pZW8rWzotXnJTaqt1sX3V+ RtdFmlc0jPB9QiOICp+g1PMucwTHDM0Owkbc1PGy49mbqmFYOkiiEadUaM2I DzR4EIhYR2MLU+wQud1tKQdzson5s3NdEr9FLrW2R3tDkBUmChSGkc3hfVrf NCBEYBzQBp7YJnG9VTTiyvHHcHQ7KtPhLlDBvOtDOQkpHoXjcsLoLYhX5ap7 LBhrkFWBAcCswsfFq98zdfA6Xauw4nS3MQrP5KkdgktXyLSIytfS7ba3mZ+h HKSeTabn0IVuMy7sykyqqHrbnt1aBBDMGc/FmXrRhp+vn61/5moZwp0bBEbk PWzbuxwGCbAwsA7ysZeFJuQCL25eTlz+HYsw6I89j9nDpht3lGLJJpU7AxLw c3Rfww034UnvhWYLRwpE5RZeJITsB2ucsLoX1f7U6TyLEqxTkRE3D7McrdIV BBs1CPIvOETMWXmkKeeuRmrXWkcAZHHxKzR3gxM8xA+iVia/K9QO15/Bq/38 +TBaafy+85x4x3X/ebnKCmBVEvOg3RhSFCkyckbGqz57YSrOlF5rWeDBHOrk 16wq+4jYzLLJFfuAy2lfgY6cm4fNxVl5J8HcmWbx4uDMylrLcX3AWXLwSP5w HUFWu6iiHAXzkWEXVi6fT+/CDpMyrdCbFdMjCMHiOVAsAFVpp/Yh3TV0538F P/RRbbag3JHierWWW8wNGJn8hjLDtznHGrEhriwbqiX5eHCCm+7v/+NF/8Ug r5ppfzytrvqjUd3304bjGpvjDCmTQNlyXOJZx2dtaeoibcElRjAMTkRgHE8M 8xNNtWZ3XwD6Ec9Jlu6zRazQN7QAlq2Z+3ufKPGJ1TR2RqI2wrnAyEYAEFPb PtZE1tss8bh4Ut6drRdXsNbM6Ywh3swouNclspkLMdmRSALDbXLs4EMrd9Nh LYVu+wlthj5XxDvzUTjVV6Z6S5oTNFpJZISOwi4GdQgBxCJ0EqkEVfwo8b+m nfXW3PgLtda7WrqnNbYhp9BScpGhkqjow5/FJqw0r85YEIGH4fRHjTtLnWqE QNCZHacklM1rHFs9nRuqq6RsJOdAiNRpAhu/tF/8NIUMvdj3o2mX3Q9P7iSw bVm9AhEgWZlxlTfK2Fl7s+Rt3er4HK5b8ZMj3dgb++idwsgDOvhYrqmgc2It yHlpOdFZYQzh54zEfQ5IMCk8DIZ+aEgJOSqotQqQ83kd9NpELHk+c2eo82fM u8Qa1EiDjxY8Jd3wjSyBAP93NWG0on+wt/t76fD46dNf0cwx2bGOkMQz8cxX KL19lrxK5/AMwBdR5/2z1XjGCSyTuM2YK6SJdI+2nKlXBZ1yAAJk+gTzhWuy Bb1hbG8ooH4V7Bh/n2WT/lsywjWvhX8flrMSOR4779++H+5y+oorXrZBC6sY RA+g6+1qkf8uG1ySn9hr2TevJYNZ4FpzPzt/0l1eSWNHKcvIFv16gUMX1+ex vj7L2kMehkMIEexYwZUibc4T4FG4UiIO82hhEjBzWVkfCdqKbiictbRynjfe eJsxIrVfGEvetdKHUDwM/K70qN1u870Ad/3qtpxuyx3rltNmmnjUF/bNtCc8 0idIsz88QH6S3CVt/rGu1tntj3chtKIeIS4OXgNEli8XdeKb5GL4/Ref5dMN Tmo849rhhETiF4w3LkwY+5exwRy/IyzJXastFlBmVlSWI4/A8hUMhsmqzRxB 2PV7nFm++fTPsrQqLF1Od7DADF5loyo1p0KYrKSrUcvCthpEYiDPN71snc3Q h9+Vi0Uqh24Q/tJmAhuOvxPQdiTpFoGfS6TVt7tX5iUih0QN1lYz7hQ4ps37 FGGoNleqafu0Aa5yLtLVhD3n19a8vol208IIUWIulEKfSlunDYgx8Tptv+vT mkwyCM3kQ7UsBI9j4ZrDJu8Z1R1ZNNvJDp6/61cn+Z1F4jS5EmDvWTqfcZEU LmY3IVwD6B+6ePL4YDcovJwxpt6Vnp6lBDKGw1dOtUfz9bq+nvf5bjwJv6rO 6zpK4uYPHrv3/htrBvlJqzT0VzFrJ2TxCdZmY60YVNG0Bxj6Qz1D1hYrLZJh 2W2WSJjT2wm7HsKtlWWplzpOtIs59xmBSoNPXW/osRdMMg1Q0xTWV9RlX4sR t+kQoEoE+LI9qxSUciNat1fvXrzZtWILgThAayoStozNK7lB/NR0QipQypEc AacSZ/osXRaMduoqNshaaUo2SJlut1k7E1swni3WvCI9cZGJiJOxleJecNiP Hna1IwidcaY8PbC3+YVAv1jWnPCpViqHn2S8I/F+O6d7WIjMaRESMFS4wVri oZZk6bw5lmtjiizNhVM022aQLme8/qauS1WW88ZJZqo31xVukycsHrVZPs0k k8vg1dpVnxxg3DGjcyJIc2ny4c2QHkfjv05vaLdB0HP+Rmtful2IjCpTgeHD c28OLFp79zSv5gJLHRSLCfSFOtgV8FGQ8ca0seqeu3uWXcEnZHgNUnKm3419 36k6fiJwmSYTqT0tfYhEKtgCjJY5KUFjxktPzhGzZsEJUvZnzDoDaoPrBBhw LZwwWSrvQGHHpjyjKktNZg+QUyQSmY9JZeMSV203WDmrjMMbFjWUYdNe+T/x J0nT+vZqa+s3/Q1/Nn7BX279MdnwZ+MX/GV032rzfb+07/uSca5f88A4o1f/ L637/sPafb923pf4dKCrdLF5kNGQZAG27p8l37wt63EqcP6/3ZZf5iRiZ9si TOoIGZ1B8lyywQS4vVDmpWIrYM7Bc9qenKiFMuKOF/iUb4DVu/3LNu0T7tXp dUnNZfeA7cyaLHFF8ic1skJPWG3znV5TWZE+xhxNkhUEk0mCYAIYEp0BkZrb v2779yOvdGasu4XI3YEHvFpj75nSgtNGaGZqvvOjWkw9rG8Ga8+0lyJkz8Sw uTg+5KCl8trlIzCRQQGeM3OZNrtl3hJWP+d013KhagHoL/SScmhN6ceaaaQK zjkM1NJWAz+pJb257Aj/NLHQ8spxWLCfpawx0YSu/A2N+orDq0tO5kfJyVzh k0XQzALMAplWMBBXVxzSmxuYaqQ9Rc0mfDeqXQj4KPjvxQe3uVSSSCmzoyMH pxhKh9GNFBYUz8FqkfGdz6VkN7prlwvT/ZdZqHMtrlkUdm/BIBwR3S91p4gX YN4ikbNfJG10TRxbnqqM24JvQRYv6glnAqWjOSCuN0CAUq3heI2kc1ynb0sz 6QlA0NSnX2labR9eqr7zohokN0a5DvTMNQ7sdXVhegTlLZbckS8mMpulcnbH Sbwjrvm8KIry1so4Gy7hnctb70jJENx1BRwpddKCvcfPH2VFNs2bgKfcklEy SzVkZGi1JHBpeXlHuVRkpCmlFYOs5gx8U5cqydkhEr4q4V45tacJWzoaYnL5 2NYJnolgcn5Z5EwYDroowN+CjBxTG7TZgJ40cfaFMOgSqtJi8kkmWANSCTpa Tq4ynxbhxuEgTicC9qLxN2H6yEuEOu1Q+phr0e6oo4Qn2frLTHAT1stD4egS YljXBOwqJMcoBrkypGuAECg3EHphERyCtm9R4IIq2pAh7MOANgIR5qRucAE6 sTonRd6eKZwbcqtgGN2pck/U9ezXzC0++XTMlsxucmzHKVdPcWW0tgWYeqli yq0YuKLALtIGBZrYEXRnFcLak143QYUF17qVM42TMcYG7imXjVY6YRhaf5Mh S7xWrZpd+HReEnrrTYy1l8MeV4ezdqbJC5dW66fKiuO3hvhAB6y3hnMY4Qij 0DhDlq5o4a7qyGmyQfyjVbEdgCj3vQUUgjPLq1gL4L4LbM5dsp9Qn+44HIsu 05M+/zg85MMl3PMfzs/pb+3teU42v7ARB63WCsyMy75CmLDTcmh6eceLzOzo SCAcC36jT0zRzwV8L9S/GR7OkJ1Brr7y+WdJky4YFpqeC0Oy1GJ/pB5A+Lun 9ZLLi3e0hyYuBZWYekpzWihF0ayjQazKWRn+VqlOA7IEiMH4suIXcXqIolXz 5udD6aAcEtECYKPx2RP26o/UsxBWgzaplKDSO5cTdStK1Wffm08queI1yYrb vCq5F0zQUUbeuVwoNqCDnhPxWGhsGqJgG9X44u4RQy6d9AVUH2KPT6kcTQOu 41ok2kJ9xiUxwH5fGpeuAIOTzabOiWRTEp4eTYe0mBQwd8wxBBLril1cdPWo 5DxnKBGTctHwtl2U8HFk4R38dB2eIgpO03k+y9PKO1aAVhICsAoAonGwOR3i peqdrIfF3I9XmpnWnVaMepqMsisoZ6EbAuO0aJ96fAACYsWmNQ2Ke4pM5Umz lL08BfBRycBYMLM3EBfH8VRv/pkLIWC2fmtSRAfPW1IkydRyuxmXF6pixTKt X3NwuFXtweyRvQPoLRUqRDBtaIRwV6pGYC7nWMS0cfMV3ZC3kzewPVuywn4t QmQQ/Vz7I8WKoudZvLhXax2r8jm3TcbseorGRNunYgTlpB5nBUS4oYCaVylO fYAvzRfjXP6w94GToVE8x1VOEbp2wqJklgogIzz+0z7OUwoPaZzDZyqcxRWF R2i9bwfauXM9omXgcPhml21HPqxEkZ7tyY42XTxMGvZ6Oo33R4+qkqFNHexz 4uDC/eHXLl6cJBY4bXrJ2Sn+8h8lb9OCtgXzuUsfvn41fKtcU/KiSLpdM+7e sMHSQJ3nteFjKbAnMXVDEGPFy4gRtC2R2NWvWoEi9+eyAB2He7EWynMc8PvU SCUru0awCOoIsJC15otNV55yfcT4DHlfZqSGI1s9E19rZzXJHoveMxYF2WEg xFrzerTrLA+TlRCtALSFYT852MsZXJslsnrFJf5AFxtLiovyQ0i55WCilZbp 4341V5wEsNhG4E6XJHCjgJqgytrPoqpP9LtB8r1kHigVQmdjXpdXWbGyGzkU ytU/TRY+7O3lGUlkxlx6BXkkIY5WSREUIAg5ZyfOSuWCUTOvVoDNWtjw4Uo1 Y8HVMdbLTBrTzAQTOJ1sznfTksZ0Vit8jFUGWD+rcE1CDyVDOgRVlff30hJT 4iDftPqPb8L0u/8mDnFubcV5ApuS+ixIo74JllwxiAUbTRIRsiKKVOUyqglm hmbHc8wlWkRXnC/HMzoYwGFZSMKKFnNAFIFX4tMJew3Y30JiFd3YobptuxIQ yy9yJSFpZDczngDbVKh5gjSFhSpNIV2CaR7UIUL9inpQ+QewTneXo3r3XLRy CThiq7rXmwrDj4eZgZDMbQYltJcg/S/8XewQS3e3apxeZ8C0B7m8nGUbvsRe ir+pSm3050l1OgvQ9NyQp5mGxblPs6Q0Cku5K9GVuCn7qWwBiVcwk5KBOohS ad6Xuj5f7eSP6AHWpwRPl3LozXuxXWvleypozxFxMkVQWI6DBd2NBPdT1OsA HHwl5YX8pNTyeGDipVdF3mAhpxHoNjA7uLzt8Z//9C8H+//f/yPBPnoOg21y eZJM8K6Up9Xrjwtmo0872OfH4Xm9uKOKN/o7nhYnaDZWD+5dAK3cgXZ7PsQ+ jEhid9n6LV3SOc7q5euLf44EPFDjwjMg2JQdwIp2HCRHqaeJGb1E0kaYdpZe 4JpxwNl9B2QCDR5GbCvMx7R1NtMx9XseaGTmvPSoqWpxcHMC1qCRzcsHISgJ 3HYP4U3KZ+IuXW3bEZu4fmvBg6dEcfaVe5gyxickBheMuFbYTXNwc6oYEgqg EERQ/7D85plVBrnszmA9GVvFeWXGOAUoFnXx1va0ZJ1toIJl3wbtLbKrGUmt EfwN07RSgH49ZmtPJL16gpwEyXWQ4ihNgmBcsajajA7elcjQAHAX6Ik9ZUdV QJqAoq6Uq2ERMPFp7UDbSwXHcZpC0Po8Px7FM+24wMhEAsHhEiyJDvToa0lz NM2w56Da2fXEeJUef4fZkFSyiNhg4z5GN+sJD0nH7E6wLGLL9FcBF1SyYWo/ LxHnpcuYezs8ioAStHJjrppkzF8iC1SmC1tR90LO9ZQh+BewaRbjPCg4SNPK GY9PmR0txfzkgHRgxgCYxW0l2Iot5AC2I8MkNDbFTf3pteJRrsBDZwKSqCFv EC3rG4P9t6PyNujvqLB3HL73uXEMpsGhNsiYl3T3AcJsb8tKcmmKhvE2Ne5O +wQIFxoBEi8Tu43XHsHi+86ddYnzyLQ9xlVLJ5xqM2a/ryyuFGLHCr1n4i7h SXCxf8+OQr3g8aEtnfa7oyXxYzvE9N5hMWhMEG+9qFr6oZa8uKjFZ0zzT6sI UULrthyiZZ25CjrR7gsBCJyT2Y0iPhypOj4tgXPfAUaLQhtk/W3WZr1BQaos 7tDEpsvXQWZkyswcTch0yx+cPNln1xMAOBrOTvYAnzTXNynnUotVkVU3s8xa f1iGpuqi6+p9CyEAsEPugLWTY8OT18Rl4g9AwA1gRq88/IEijtmZDdSKV8+H u7KPmAx+ip4SRIfAkrfMMlqyf347HCpMwtEJb/RXw+Hem7f24aNHx+LqeH75 Az7DP/SB61mjjb+9H7SDVr5YtifMomseUX0Wx0pI2Dm3IbdKccFchrThgoK8 cXX/mn4hrSukdSgHmzQrsLkOQjCBPcDFaZfspuREMYPyj7JGHHQNZFEIytdo 8pQxjVlZxyiw4iReJXjsXGJHWSGQMW7mxDeuIBfcmXLQNmmjRW5DJciGLcA2 AHvpuK6JFt3l8niFyXOm0D8SwAg5JD5+nKxmsIpo5NyKU7iQUZoc7vfhX3SZ Mt8GkbdCS0pSD853uK/uSHUvhqqHi5y6VChdMt8/RSnDWWCSHGAIp42r6WwE GKHtJrQUCP4Vct9HTDRUw3brIHmR1xLO1WzN1ZrLsNHyTrjnihIKP3FkX9J1 pxaacXIp/YOfr8rHN+YWcoAetmvD1bE4pyLzGL0dfp5WGjE9UHMSFAjK3nSF s1L1IiincQYFMrZ0qombKqNoDBI0HXcOK5Zvt2VuPAQpnHCK1BpTtqR5d3wT 4kxBOhb7uFwKliYxGAi6bFKuroTHdMZd2TjSEQbYXS4ccVjxk/vUNEZTrG0T wNHT5B6+Wm+U4wSvmKagr3fFgpjo8of1Wt6RV9+/J1G5w0wbsx9xjrAqypyD 3WiIocoyJEQYG4yQTjn/tzAwBHvltRdx3RWKvPE1cV6zScKl8ceao+UtsG7Z GnPnpR04YshpDQPSgGu6fHXx7myo5AmhFNstIXN/sTC+m4yTK527kpQ3kfpn 8Ah+Tup7t+EnbTGERvWtKBdTrgr6CrLU5/c/3V+TxHPOs+aeofQYSzKXznA5 ut5VWc7dSXiurXp/gOus/Ostb8YXnndmlBN1hass2EcWY+W4tHMznsOE9R2r QHHjjF68y4nIWqAjHUPkF5cWL4+xp1itTFR+s/PqhzOBII0+trgQ8tFqruBM WZ7RFhzfJDs/nPXfvrg809qWQeAgcGG92UyVnVFVoqcRK5bvWUM7RnU8nW4y YZ4lmu/v5tjjcpcdVy5hOmlHPYQ2QiOt5OL1uSaKo5SBtg4Xkm1tnT5U+KAV fvk6Fq8/qi1Y4JkLR6xXhBoQsMfovSsl6oQdJAjHvgGEgna4XnPtoiMNgKx7 QHoupbsF3B5UTO54J5Z29uqqnwfY31xgWiVvDBZyXEgQqDZkRue/ZJO+AOm2 5h6CNPAMJL28Cy42jIOlEQw1wwMYCMRdGZT+kflfM3zGC4EESCVaF2MBJDsv zl/vilSUpHNNhEnDG7XcM7rvNe4zlf+O9gBdR8+yHNAA7CUN0oTjpvK6XoFj PXjLzqvL1+e727RT/4GU6pODpyhHdUUaQX+JZDuiP6cQqLuHm6s7HFluvDEx 4AIifquWaJSxQeBICGILQVBGKTWNrsqks5IyK2RV+LO9VnFlG59DGkhLlx/B luvEMUnEM8O3sMPGjkeQdWBoB/TONbwDK9PWiKBF9D473I7XNxGqRHR+Pc1H 4uLFKEWV33YJq9IwBptlgV8s+1O0Zr5hoFWuKjzkGyTo92x10EO3MhdjE9Vw YZUC1HbEnM/os0+f+BhMsikNeU40/i4rdnaT/n+gI3/TS+qbXf+tcD36XL6H njBugu9fZPz9uOH7cE1db20Jc/n94ub31prMb+le8vvaf+7tIPp83LjPAz+a y6tSCHC/uTNtMg2i/r6u/UMjrxtzJU+UaX61jJKwuS5bUy9nyEpF5iZRXS2k MHr8LE68785E9wnkvwl/3nD1H0l2ceCJfvpjMiTLixY4+eNXP3tD2vpvopx8 PPaPiSxy8tto9f/Yb1/4xU/c+OcrLlzcfNmFQXr/l79601Q2Lsr6I4g6sveF bP5Y/F1H8SUXjpvPXRgUSjxUk9F6NQggk2+d+fbO+eInfvGsfa1Fk476NAL6 zwouILLWDypqLxibNcDmmYgap1eQWrfxu2TnlCStqB+sCgo/2yxsMIhAaCsj LjkMhyYEEupQX4M1XmdVogVeYIAlJ4NjBSyBqH90+BQeWucwhytplvVhxU8S jpJZTI69lCxtMpYTtQ6OX11oFapl2Fg2gYob3HHHXsJA+4FIIttrJxW7bO/t xdtzCC1kEF1+d5nAAJ3tOkezQk1P1N2FiFk4XWgw4hMU9eULeDMG2AVP9vq/ a7bcyZffuByesbybVu0Zv799pf2pbw56xDoP9LsvZeFfcxK/6ko3lM9d6Yfy MBv/Qg76MAtd4+Se0LUsLBP6a+gQrcEh1uDQvvqqhzBLpa18/gvJkgPw08Pd r3zI34ImX3YlTfIzV36ZZNkkWowOh6DDwa68u32lMibFYyKFdFe/+1Ip9JWb 3xeXfZ5KYwWJ+re7+el/GhhtE/BvNJJYVE+u+6kX1S02LlKbJC2E9U9kTv1j C5cIaR1Bo7JQR5c4rrWJWNP5nTUg6H8mjiIDjQ1Xgc+n25Xbm0gUhm/OXEkU mubih5ROOTRuLdERf6cK0QCiLI00kp71AH5HMvEikImx4vHugjUPdZJaQoDr gXvtGjZp8QLnmW2Yv2R+ihy3remR4ix5WIfhxDQ8DRxs0SHRTIqsYWenIkvU uz7rvUI5e87u3/t7v+SI7l0jtzZtC+8oGdfhOghBexpsjBQtgVp0md7MtltF 1GwHOwDRzHKDd6ZhmOk2j7QfOD6R2pVbBhENFcTvBQFPFcMI+8gypNpVW/L9 hSgh4QTgODPASWuo9Y8R4D2ZxYe/tzrUvPnSlZTc9PEaDl2gFxKxX8UENrWM yav9wDBL8+NwLJKjY/n0gSGHDeiCPZg7L39QyMJ7m4gTAN4bCjcnEoRH5MWr DiO7Xd7ezZH+Z1TnNmkuDz3TayZCh/Uru2Vv15XdsvffhNrZ+7Ir/8eS5v+j qbL/GspJv8g/r6FIaA98s86R3JEWGYMTKsSDRtfHVr9pbgPTT8QG/706jXZ/ LxKn6AO6rUJ9et3k429ZFDlwJ44Ac0K0dyMHrJeTGdImwoqyauEQXtDlL6qA DcQaN0iIRJpuIVTASF5jppKOcwmDIXHFiz45mFbYTsnzPNOiQvTOoAGJyVHO u+o3Vb6IJhO6Yk2iCIS2IEB46cbokyLCOSdfOqKMVJ1oCzwpZKRhcFyj5+C5 OsSX5n64VCHObNTWtwjcjDnu5oulpdu0JbzrMFcOHkBqSZqqa+rcNGW0clna VTpBb/CpdNFY7w/1b1ZUfoVbUbnFwWcc0n97t+JDF3pPxt/VIf05/r/ukz6A U/qg5ZU++Bq3NFaAxf5hawW+hph/mxl99kKaau9zboi/wr990HJwy8bcDbei XHgIqh+2qH642+nWOOMIe1bt8GLRvbtt3ervu7Ux8C+68F97ax+2VkM26ddt 7Q0r8Lfb2uuxibQrOKFujlcZZNrv1wf0+153SoCoDnZ9ryvPZL09dCMpU5I8 EpmT1hKeQQwYjxqRBE0Cydr1CgITz2UZtfUwh9lXB3i7eOnvcXL+yEv2exW+ eq0UY9witzEvwjTRCA96vV45gMa3XP9W1qjaq2H6itaVKzB/lly8e9E/Ozs9 TO7v6Uf8hCzkqYlk6cxuPWF9IMRH7h3cIRQETgdM46JZR/okDwd6qt6gONNS GyQKDVV9QAaeB2Qc5a7+Tme/7bQGD259fnnx7rsfL5Fm7fEQLPcxjp3bcquP JipLc9jTDm3C0zOrOO/ADzdIRdZUfMFBqAN6aCDNpx3VWYOYfZjoig3JqrEL 6gcJOiGQfOS6kfsVdUoKw1rBK/oc3Whkj+giocsGSuxarZjCeaFumFvZRlRV LNFJlU6bPqlmNdeWSccAHHB3Ny6W3LFWXwEhAC6ureTWYcxdRs09QQyxIbq6 f0axQdYtFZM32XGbm31DsnF2HVI+O/CuU9Lw4YtCkpyU2c1861fQwb0z2qm1 ttO5yxis01LotItcY61ygt7SHDHUcmPav/zoJenKWvrFDXlVddeNb91zXMpa BHJnkHCoLIGGrHDS/kB/Ywd6a8t9CJIIeP0yJz6m75Z6k3SSLpgUZ3yy+2c+ vUQapO3GWasTTxoip53e9Tw6zryz6no5PzHWq4EtuX7rciDXejwKx+mH5WOu eWsh2dMLLmJH4g3aWuludrN348VA+Yip748rgYR3nA33DxxQ9fNXr/dPuK5J DpSHhZcGqq2MStcLcO2NtDg/gsicV8locGtjQpKgAclJSJmupKctUdquNi+P UXYHi4UqhjxpQQ4EUIbeUAsNX92O6lJtKkk4bDcY7GlbYam9CbYsZ2taw5UA 8dOjKSQeP6+96JwsaXMPMWEUdLtByctnKaa1t7NV1PtipeioUp5DAjYC7RBH OS38xfmHl/3brGnMuWrecU5ti5pTwF/BuQHADgxOKmoHZ+XdwI+OlQ+Fnwcy FDvSug5KdwKjz/dzZch5o1RXXJdUUETga5DQQwj7pG0tdHZueQzmZyrdP7kc g5MionqqmMOZriC1sMZm1QM+o70T41FGGkkIZ2KkGSTCoZ4LI97a4hPI4BGS pIedSTS/4oIMg2/wjL4JkNM4h8MfBL+9tTQNpdvPjOXHskurQfTkbwfcRC/f 7iXbweIEn7K3M7qQ8a6sIMt57a1woB2pky6BI8HcY3Eh+ctgLTjhbg0vCtvZ 6txRfdLqBKGXMAKgc8ngJHOAwj3f9daRkumldKwPylgDl405nJCDLDkwXuOI Qy0G0MwhQ+n3UUQKZ7sS16t/caZxqIBpOYg0h3eJiy6QwrVg4Si+Bd3jh6dh NuTXPs8KLqMBBnpgz97nF4/eUaqC4GIyEi6FCmbZTIzionFP1Y5VAHprRCNr 6/uwl6zvQhlJvA0Z+MkAI1zjM0ZiihUK5oQp6rSkkIa3kLtGalVC1A5LmFLk fY3fXbzAGArGGbfKeFrxbL6QrCiGPFhF69tBl1pa5gbbTL8yUGrOV0clVdNh +khadaBtmVtWNmb9wAbmItJaCnlQf1oYAJUBqOsCwbeu+eKuoa/SjJlyKHtc RpcHCYgUOR7uMy1AcM3S1X5FMVFQ+cjF88sGZlc88EkumAYuPO1AkkRG6F6L 9CAbiPVdbeWum7rCVWx4y3ilXXu0Wiwvri2pXQW6oNdHzcd6hjTmFDXdAqqd 8Z69Wqa0h5osE4wAeMgNZKZLqQ/as04mVcY6L7uHrQtQSC6Zuae6ltdbsTKs sV+tuERhZZrMukAxkjkIenUttTiFaIa2+VXzM8Q9CENGOywXq5bbwIDoBfWY lOS8djLbH9W0VgCtRcoqFb1bLDBJheANrLaw1ieTCvLipfbHgrAMC3+YsWsE BTg84dH+VhjOVCB69evZzIAH4t3lat0A2s9KUra2m3kbay05Jyl+c724QTuI t0K3qFYM9OdCWSn3uM5M9wEYyFrNzbbV2hRhdU3U47qrCarLbFfHw0O38jIs Zzed6QEfeJ7ST8vsR+n1zJBygSTv2q1qo/oU03VdNbBAVUGeA6ZM28QJpeuo 3SGHnlhhWODdcgDk+zaDkfJRVToFvM2hTSiDFg5VJ4ZUywu480rWISgMPA8a boRJqFtbcsdD1TfRHQr/oOVJrQoqoRZta7FOTs9PXyQ7aZRrHOjE2kHDY4CR PbHrrUsemB4KTBCYafGzrLQ/1EoZUYhJE1xaG5CVQ6emTdHXk8LFO9hrACFa WIV3YccvanHafkxX77u4OC5qK8tTcn1oGycsdC+Y8yjCNhP71Hd4wdnsL34O rNdJmYmuYY+xUv183M8WoCYQkaLcGJmZQADyoFwJ5otX+rNo8QrN4OgSL8Bc 2gK1Gi6an+Zg8CjoPCkuJTqkRUlsS3xFvyDzGa4irT1s98xCL+x1OITwAKio Y89wqH2Jp4Dr+fWkqjOkBRwnbrpkSrSoHT4HmxGM2cdOjKirX/2gS6s9AdhF 5z++7J+9Ffimofy8tWUf7jAQjXoHlgUjGcTuG/PHamejVF029/ffvX3/9Ckd SLZMuyzRTZQTz42T3LbPC9fOfNUT17Ac0PGYQb9KbeEoDgpAz/QszsyjRhMW RnCKcBn4sdUobxiC00Xsbfpu+Tycmopwp3S0wB16orGYniDKknHiqHcqkO7X ITuZ2XJxPkNybu5IDBdAlS6BIleELRAGCsfl4bl4YbX+21Qvm2DgKBrakutc v2a1AaM8qQVmxx49CmFQ15bQ1sYUnFBz7lwn906nZkWgOtpC1zIxoo0wSN4g kUQH1rNd7le3KkcMWFrTyils/UP7s0c6UsWmd1YQvzKctTzwxeMUc7uGhxZD EOtFRLpBbXTddZzTB7x4X+uti/xzhcNDthf0uJeG7gWDaQfRDBfwgcMs6rYc fAV2VUcjbL6M69pzyKy+eJ56DqI3n4VxjV6IlGE4B1wurs4/P2ebVciDv/wM S6jiq/x4cWdVlQCf8d71GAorW8jRcutMxHxwqWFKq1PHOR4ZJYvXSwthdVh0 HNgfl04kzFOqvkekoFdloV7paDnw3D98fxsySojpbh+RmnE9T6F7tbyMXZhK MdZh5GZkAKHYtdjhUhS26Ay20DYJ3YrosOZaiW47oXgWORy3nUbgoOjVzUha pULFOVRsaXKjdosdK+yRVBsrV1JN38IbuM5IWItofpE1jCJDL4sBFGPmcP9N 0K6SbB3BWPQ9OkWuPgBc9UALR22i6UBDGbzAEElb4K+4WbqBJm8iSNJzQQe0 3oc7b9/8dL67a50R2QHRdumvIWdtv8zTBg3d57nCtZ+OgM+LSvo3qyWCIAl3 xLF0bou3AtxrtaRnXWe39Q27D7gdg+G3VNkfdE25NEGPbiUJejE6XjiEnZdD p+EbnokPGTh2njBoyLLIwcBIWURWmRQcWiqeAeK5tzOJ63k6mxlEbB3C0Y5L B3PL20dARARaNgDXv8nCY56QVZ8Ly3ZbsQXypL1TfTtVfRRP4LsUode0iMYv A6d3+qw6U2YMYwlGOjEw+YLBlBLpNZ8RWQ2o0+9IA2Jk7HglYClNGTn9L0q1 FNHCNGSlJ2yOxwWajEQXYN0ceXhNqMvmXWJ3ceDl05PPvoTat8tomdOGZAr0 ytBkcLWfYjD8g7N2ZrS+NdFvBla/nPfDKgY2GtYXoH0Gvrv8naB+0RT74reL 0Ru9HrThJHzHbTB6yWVGak7VCB/5XZrfLAvg8wF3K+jTmQbP4VMTJHyaW9+h vzpuIPUJBtmsBT+Vh85QnyWDhuvpJ9MSmA2zzLM66+ZFx6pgYCPhMQ67T7U4 Fpp31m/SORG4XRRHtBvupTqHATSikd3lE2Ak+2hessOnBOj4U6cQeiCjZDFb trEP+Itda1fpmx/RfnYu/GDojOSKlqi+fapOkbU63d8CteUArNc6PZo4474q E1HfHRkXpRlek/KuEOhTT0lORrKBIWO5QStUF9nOm7qNYeiO8FQUkA3n16z0 UCO0zzo5xgaO5zNLJEzlWjcrezUXOmM2exohRcnzNXvx1/BaYLmGktnTLACJ Sz3OnH5pi0NrD0RUIHbF/UexAn2F9fHm3rLgCRhGJndPSR4fc39vI3JfiOyA 36xySnB5fH6SgXgiBZl+AcYtUY1b30hSFn3Pqh7K7/iYADnpHzllh6ikZzBo LgQUIhRA0V4Dc414HNCaZebQKIVXttC0LMjeQv/lrlEGqmcjHIANSWDCIUK7 2iQpVY+aZ0y5c1KHkDDQFx0c3FGmwbf6qPm7w8MkJ4gMVWw2nhqTLimLqFYv UDE9B+QXTCtJPe8cnbU2XX9vsjPkfKU3F8+/B4bmrpgRZioSSxWMUKUt46lF 2Qgim3pE0UyQ2YMDzvqxwta+z8YmvlzGyBlL/RxOfhY7Tov0ndiTZUNi6lef DIO9zViWrkF7J/ik5XhlgAgMemWwAmRod8uCl1ZjS8Uq8Gr7Du9tR9z9fQD7 +sl4rwtnZ0AALhzSgGNdYI6QUgIN3o4eTpZrmIDatcqj4EXChk82iavlAj8e /ufHx66Y0jnlxIAzmKKe+h2Ny4vvd03H4LPoob85Sykdu0SX1vWS0qX+Fem1 xHv+4PBpMsqbCHW0lxycHHZ8imEdPnq89o2fuY6YFdGsaos/7o7FaPwt4L9e Ugt8ePeB5W0sF0QngtMlnEJKk1rjPX5kzkvsdBvNF3GWC5te4pofZauSJVrJ bcYlWmhnJYDfjQB3xa8YuqrCulTOxVLuHNtvqzAlJlVHyCwLnCCbncDiuop8 uqR4zdCoL+rfEJrGD7mMXEeKuzJ4Gfu5n9Fq6s+9QPhChahcaJljbbLvLbDb 00ytrM/UCu9n+zLz6N9rD1mzaBluGM9783Yo0ij7Z40jCACzdz8nQyHRDu7Z DTGK+QGvSANg4G1gga/f9Ar37JFJil6ApP28xXV5cOEOjcCeKiDHIfDwgxDF IfnWwIBdQycux+JqpYtC0entdqCxCorp+u0lMMnnOeyvlifOdTp2nm8ib0jQ CIDPek/Ie5yuSJKVjzDrUQzoF2CzO77m1EH3lfMWeh1F5GbtwdNZdbYmj8Ty BtFyO44VT6vDx+0L3eWUli49BUY7dzML3RVztNBQbHTns+ixKYiemWr0G9OP DboH8LfhKQdqcx9TiWeirg981n/7QbbjcNiLMl52JVadXK8W6AiLZ8h2ug43 rsPW1YCkHgK+HO2R8ZVklRgEst69GkQnwtLgauuDwChD8hhUd/uJhHjimICp U+FJ8E/DK9tn6Psi63+AFhsdpv73H+AbkeYHQftGfsLboREpeScacHCoxBeL oj7TUdqcIsnrbnv7YF8Mbjd0VXH9vuU5z9IVpBp6RXasKEYVxOFc4Z7Lg2sZ h4bnh8QhThcqJAgbKIHWxoZVkEXmVWYD1Z4wWwC6vMuw8WPW4RrQbuvZTD40 Pi58d+fgdfw1OrJKT764V0Eev7I1MbtrwCTR8CqXPpAMg7/FBcpF11uOmJDM DGml7TiYpO4lnH/OglHPojqHfLqb6+XntB99Ki3ki9iwdmjGPrOeoUTEBRlt F5dK713HYadRrpmlVbbA/ToGPWPau05CrIechk1MpXc5w5TTSzifJMQqT/0j rUm0gVQrSr0DlKXzCkqlArDOPMEjZJuYgRbjvI4KJr7kuKa26cXYVNp+wxR4 rUkBgWCEnianAxeo/sEFM2YCKtb1FH0nrRC25T179qAGRSbOq9PDPlRMmiD9 /Pocv+z21JAP87hVc9g5PMa1R6SurgTZwxgG761r5j3BIHyPUk6rJeb/C/t8 YkmlgiRoj+OBRNVgxNlySTqJeIh0aD8xLkiRN7/GftcdKThxzKbnAgPHg4Pd ZA0DF5vXMZPofEaNofjwDZJLbwroQ+YQz73AYfl037udHElc90OzG3hlzdYX BX7n8vWuqnFCiJ0hfWBqvZPkyqS6F+rtrhWVRUyjda9c3WvT0S/gzk8b1njn 1a5fj64hyOvlOI8yRAkd17YcmDYeOYeaWoTyADg6M57G29/SFmxT8I/J5WsU UuOvn1BZ+Oq3j+ifV78lucP/yG+H8tvhIxSOcumq/aV1mA/+Q2+h80J/HdJf B/Tf08dPj/HP02P8c7K/z/8cPOZ/jui8xLfgv+PjxxjD8WMeyvGTp/zPyTH+ eXSwv9+6BU86PDp+in8e7fM/jx/zP08P+Z+Tp09bt+Djg8MTHuOxDPXxAf/z 5An/QyOjW1xDFyQy9MF9trZ+kjCnRJnsK/EAp+DCV3PZEBbAz8XRwInoDLTj PG+0BZ6vnCnCoWCRxMtaWgu52hzuuegzUySAC+FhtW/XWXoryeUIGDdex5zN JNYcPMx1nwhZnaAdy57cMC3OQmBfkkaqJRCDlkOReyl0yI20Z5MX0aJTq1Hm NHTp+OD9ldqYqwnz98N3cCOJSNmVeJ6h/9xs0AmI2JN83DiDVpoG4FfJsgeQ PdGMY8y6KK61wRwR46bUbhK+EURsZ6BW6YorWp0rjINe1gIj9H2WhSoE4kZA rSP7hHzkK6SldczxK2NCVCsfi1q2iBS+hqU62BqxNxH5Fmq0xRsh6HttEOnC GJ1p7HNTfLmZYVqE/jL2hIg7Wc0B7iXrCmo6K6dgdVyRNTQLGjA6x6y9V3ZR lYgbjFRtUrtEdcSiOF+tzyHgvYGevdFZlthFV4cx3eeuxz3XVrk9WndsUp3E 2CVRp/QyHYeLvmlgmax5SB/Xvtz3YfG1AArIkUGff0sqmatoDTOHpOSL/f4e /RwlvLywwXFhtwz3fOeG9NgrhdRSCpB/8uPwucCHTUmrZBNfHDVaayad1WW7 RIlJ2Ky0XqzscAJ6br+wFgnJ7+tdaEfywTOwEXhQCyTDMwAN9/kx3mit0q25 N9JtM9cZwPWI9DdKeIx29bvSIOT5YMHtPk//UFrDqg5QFdeHSV0J/jhrxpXh y3A3Hf4JprY6h4xLdKZx96R2A5UQrFVox56yUr1aczbkfEhBQdZwuli74stO R1xmyIuOaJjkjFhOi3aTH/h21aK2f3gzTA4GR/yQF++Gw/MzZ7+0TobxfN4K dpvoiiScyaYO+mP/DszLZRNqhzwjj+0S7sMD+ENruhb1oXZZxXqoyCBaCGmt SmNn6HRT0k69mcyj2TWrXyfFXx3vH8H459B/3oQ+ZtoMALALkmdNpAT5i5Yc Zy2oRPuiF/CpiwqAMOyzaMHe6hkZroom/SXZORPnHCCUHz1+hOJ/N+c0kCt2 tEyTQyNQQ+crbssOoeYcqdLRUc6/9D81v6oUrdAuYwbpaztcnMGqOYXcQdCu ZuRDC68675t7pfm3Xc1M4+SWkJjD1jylnhp19Zq88WMLagyWtT5HmIezzKTC zoFEdQWsXPSjRQ51KbfpoWe7DpMwbBnYean55ebhJNU8m7RFpllK+u4gxVYV fzsba6Mypzc+cwZmm0JaWhGsRzx7ey2XV1lDkciTbTOSukLnzP7gwa0e8sJz FEWTP8MyW/EJy5l13ocNjMSVka3VF01WBYmWds8K04ziI9HTWgHNI9KFcFqu qb1ORJXSqIx1zaK0zmyrPENMJHBrWEpkyy8SJvTGuhgXmrhUjBFtv6kGoVrz R0RWSpVcyKFTUsCULSW3yU56e0ngg7BNDAWvo+4wKOjyAf9JyYuOfLC+izbJ 8brL0ptCm0g3LWLW/lwzwdaoxRJmaH6Aa6naIgbfl7UKDlKrHk+jLSGlcXqa ciZIbzk31dIOS3afXoiz7/SpveQyWJMPcE4wQtn9N2HQWHtthVFTzgsiciBn Rz2J/ksVEw6IJGwCC489MXJ8hBCLU1E/051U7KoPrLMcogdVaex3iuPajo26 EYTNojACHzdDl1QBj+ELCmWJrAfAfOCotFOcqxYVBcpYcqTil6tPMy6ObgHQ +fRTS3SU9IMaW9t1nNS5WPEqPVRdQXRx6ZJh8MqwllKOfV4lixKIN2pUiaKr 2MdjDcNqA0Lcco1mKdVVWjjvEbftsVfpRNX2hCNUeyM4k7e9AtLQecpVaWnI CNrGnFRqqrFTWZUrNGFutaptIF25NjjU6fkw2Tk4fCphbQ1iiz8L/sY9+uso ipBKeCZAUcHoXWtD7A08EvejMGjOXTCNI2qX2qk4MOXhgAj4I+0nf5De8DqE WFN4JC7eOdw72vXxqQfQqewP9ump2xkPQVvRINZgrJKOzx7+8/V3RDdv+Tkc +KFh+n3kIuxsIPtuJyWkBKz/6ODQ2Lb8rHy7b0tAcp4ePt2rPSXsz2HwSLoS +gAvGisGO+2F3e0YxNofEST94+OHViMaxFGbErRR/yJKPHn81HSL/uNH3YQ4 OXSEiAZxHDwSlDh6eiyUoB/+Ekq8KwOO1YiEYlmMnq18ADoG8ahFCV6FL6aE UuFg//DYbQj5RWny9EknTegtoMkfo9ae/V/6K3y6TX9tm3AS+Hmxq02uWN5X 0AVT1Fd+uMYy+ocKH78x+rH9yzYzFXuc1F2z0EoZ03yX4z6c5L1T78KJVVux 2/ZqG2k5zJhi3jogka6ZXmEdpWQWj+d1vyYLqhjXfSStIh8+SCqbWOZFsd7u tNYQgW/hIkTRfJzuBp9S92TulLVnWt1hLqINQoAskI4M614ALbAtMHXbRg9N 0PNPMvG5TRSUTmsPJAdylzairlxoiUwtryYumkrH2zAhie6eac291A9tTmoa JM8RaFeGY7JIzZH12Ix5CH3ks0VYA9VqXPtiB+9GVrLup8Ln+g02SSQvSf5o BdQuzrOTFxpmw5dhr+C1b4cxwcLvuqTQFwmVh6/5a74NLtuSIIqxgHswiR4v zScWIfQdIhUJh1MOnuxrpOOhe+ronidPERWhW4423kIMGlEWxExOEEE5evT4 8fFn76mjew4eH1qoZ9M9YHpuJhy4OT6xwT10Ux3fdHjy5OTQWGebG7T7OeVS 8wIIpNDTXmwupuBtm8FjwLhJ8aarex05hhyrcDgte62jsmHnt5Sxlj714Fn4 zGEArPKm0fyVB+OvOhFfcyTsz0EobN0fr4W1v3y6v9+hGAS3Hjw+Onzg6yQh habjCXzZZ8flNcK1cZ08+cy4Dp8ePPB1kjx+/PgLxhXMLbx7TUG0Lw+ODtbI Ed1Kx2+NotG4Do8Pu0iebNI3O9YxILkb18HTDmU2HNfx+kpH4zoAp/wLx+UV 2rVxnTx6mF7H+5/ZX0dH+yefH9ej4GP/Y6Bgtsf15CSYSseth0f7jx74mjfg F6xj97gCLbg9rkddxym49ehg/YJ4XI++ZB27x+WV8PaXh49OPrOOT0/Wzls0 ruPHh11HmscF55ZmB5Jggr0MdI89j1SR3CKfPnCqMvrHzuvzf653w8vuvwkL IdTPZUk8LpsEydNaUKHAv0FeopdzDmEkyDgKM0B7TmELBsbhqAjCw2KZVgjv 3jxe+sbzQZrwXyY1XQwg9opZBCGPM+LGiONmFbznUiignqN2DYPqDHmFzhEt 6yF4HFbHVi1SB3xpgs4nzFHaOLcH9YD/lmqA/TmLhxJd9Rd4af6+WkB4TPyc LkkwfXz1+sXLj2bSBAf08Rqrax3fdR7dlradT0iS5LPjenR44MelmoCXth1M Onxxl4yPuWHnEz4/rn8+fPTo4KRNMPu2ixxfR6/uJ0Tj4uF33fyvr815NaBj XP+K2kmypn8E4/pvJG03EUztrQJM5AtY53qO8kN8tLeJiX6ZLfX34KGbHQzJ f688VP68H54e7h8/ddSSP8pRN++Vrgtiw6DzCUatzwyLk9j7l+4ZjrN3uri/ irNvdJJ/nlOtGXh/b/MuWWOR/Kdt3v29rbtu/rlmRf29jahu9rlmRf29bagN w2rbKn8nU+WU0SHGsywNUgyDoEPPa8Ithqx8XctAZitBRI2zLbX8lruAxEpx vReYIRxDfVitN3NDS4ICIMngOWI6jBVDyepuHS5Q0ByiXgPdvnh9fnsoiUk/ vri0UjDOVmPIBqv596k+QAsdX8Nhzw1m4YEPwYRTo5wku8jzrU8fGvxNq/TK oxD4JnJa2O7yE7gHA5GD7vk4PP148e7ig4OWJLKUBu6bKCppvczQWeQfACJK B5iT0VxWSOpxmEcrj9sotclBM1duE8PhDs6onGcTDt9b++DtoCfuKHNTyUIM 5vU5OrTOgY3v6AlATsOcMJpC5xsZXiitgBGpXZpB3ghmM502mrAUkIyI7i8o XJK+DvDj6Y8fXgXUtH46ui3kSNzfDy/7B6SN9o+enqHfsFrgjwdHgyPtPix5 kJs3p+1NzpFymT3R8H2yfJnUCyIs55FaMu0CYPCNZF9WrqOv5M/VkjgMnA+O vKFAdVbWgmZl2fyMeMsP4eQPfL9yTx+XhRw7fkEuCOc2HUnlkGReS4gJRy5g ovAS/KBeAkw9lO6KkDtUnnH/zeUPH7ShpYLRSWY6ltQjMVgVRl43ig2q0NJW hBtBJeeFZXBL3syaK8N7ESybJvJshF6GKtN+DdzeWaoWDJ6bc1XMPWGdmFw9 nQIldL/YQxu/V9gAtBLqSdYNQFHxHhsPT86DBUoC7EOjRmo3kU5Bj5Dj6hqa BzFgX34cIxAy32AAGME4CUELc9PHXeo97+1y2vAvMZ6KSza7larG65QuXTqU kzmOg6ssA4oZUuZ5oCHrd5NnEC1Bp5EU3hi8ZbS8qrn40qXxMcuWrjUi0ILH Yhm7qafnivf9iBMssxpAA5xZH9Z0cI1WnFvOaY/c+dOnH6wW2AphBHxBz1jQ 3431bBKYsHJWXq24iFm6ivAU/Ddup8XjhhssmNfO5Q97H3ZdNyyFquTyJnxj 5+8s7h4jB/CBCzx4SatOcE4vvgJ35mlv07a4RTZqARRI6wBAv0h+wat3L964 JYz6TN3fYxOgjhf4yhdTZesJBC6XvinKo2KtT2fpXW/tXO/QxIMuOw4YTAtW XadYJIz9+U//pXaNNeCWFGxa9BgxeaPD5/LQzRPbdcP90MIDrMqbrDDWNV0y 7ydJe/b+hzNNnfcT7AkIiGJxWB2SDDwY3IwTzT4/ML4OQzu1ndBq2GeCw7mO 19oJaV1HyvkQAO5puHAcfIILuFuDJGYH5zM2O5cvyVtZ+F1VmRwYUxRjFDqu iKQd+u+x57TBH/J9Nz/hWSLOWy6BXkfdt44XlkqdFtp2LxBYXW0B8jARPUAG CZoOeoQb7msYwqyw1seF4F1DbjcSLCKG0MxqYwWS4YsSXX67dMV1SfKoz/D4 9VdVuVzUAmheq9xkHOImrx3OvSK18NmOuIKvWdVeH9yQhSvfRfDz49GCJncI 5yFIo1YQyrAlCVmHK+BP/MywuYDr0CeNb1YhbY1jr/WODI6xrScPIVp2PWNc OIlHWRkLe3JosKjFkh2W1uN08pfuLq10WyoALdKaWZCmXDFIekfjKio+s9V0 Fr72u/ug8GFzWvQDY25tL6k/UZVa8O7lha4milsTmLpptUPJ7zSvC33toC/v 8o5iXGOcfQaxrdYiMdA4tZmAQ/XqUnqCqoXGURimgWTp1oHBMJZ1sp5hadQ6 wqNoHA7ofwp17yZMC/07xKWWIahmsCi1bLMvY1UsbxiHGwMoudMmrD1rJkF2 CKPuMCBU7WAjZM9Gxy1KQlY0rABLadFdv/UZLsGFuq45hgeuxlu4Gqu3oc2b IfFMfImNjGUT33fs0Nh/uAHaDTqydYXjNCrBCvQNJVKrRMupGx7KnKYM9hL2 LyT9G3DNXIg1IgPlhisTGd+dljlbU12xd+LN25PtHUJrB40xTDGtpUXfr5nZ jB43W42DUjCqSKBLuxDuvDfQOK0HftMq2tZkreKok0d/Vg7789WWyBFPiB8f wLl2JGcufu4r62ky1B8jO9O6Z8y1GwpNmcwMEFa60z+8mNo16VV5B1Cj9mg2 XO+h00KA3o0T+ZYmjgRGgFEFaLXqBQrhpXwnyO4N3ZGuSg/sa7+ZPj2iL3g8 GDgU1p/k+He93QAxuRxNbQqHhcGy2ZRQZp7cyBnY4alUgAHKrpFPwnTKZSEg LlA8uHzWN2LJ0IFL8PDpNX1HTIcB/4FFJZLhqry+UU+LdsaV8SpMqIPmtGi+ fxaQEbVomCtfUykJWm/Zi25stHjgm8+hpi4A2eKKLIOWEsCzT3NBNV0jIHdr NfkP1xpXF62hGbN0ktRhbT76/dvL74cXH84dnuT78x+H59KSOSrisYwAgcgc i89msqyc3qcAUcvFFYqPPNIY8whm/6zYm/YJsAbXttJVMQe4B3cAD5HfDCc6 cwnYmoxdhEixTctCO+3mmNpPSq24qFbVB8TOfPug+lkLNV46CCm8l/VS6Xxe +JStLenGxoX2bn/rkdXWyKk0Bw8OWril0zbrY436VkW5aAIur2WUWy3aXPhc ZBQHhj+xZfrK1ypHbZPSDT4AQzHoVmPUTmA8f2SYAgSGhnWHcvtUWl9bAZwc tqVUgLp6qU1uG36rT9OJ4OFGjKsk3UHqUlQS37VgoGsRVe3WLbhpBwbLprrs QjXjdRVMPkkPhKAFtzmdAvrVVnLIDNpagfOj+QjU6Zjz04OKq9FSkUUVTcwV U7LKMyLudMc17QYnkbvGtuLeI8HPHzECmXK7eJFYiYO81HaIEaXxpfS7BxkN c9vXdkqGsGJRnZn8g6rMlFzzXHrmsrX1kwKC6hrc6D2047fp+dsKPqkSgKv2 +EwQy62zqBGrcnrxPAkaXuJksfRnM0wysDA6TniXoon4DopurafZHXe3EWxH erAdKCf4pH/S64uEtq3qQD2xZ+hzUWQNloyEhEM8nWREPEEk0kFAWLFMDXv2 fIBBUAae7j470nxFaJ9B41B5ULMjJkVbWJ3vdligwR9mbtrbbgLbLV2UqzJW GsgIuy7DLA2N4gnvoOiqqAulgkKwWclpepnofO4gh2OQyFbtVy2chuxLbswb tAfmvt8NO/rNGxy0SGqJb0BvOjW8U4FxsbWgw5Q4fumhUmhMsyZDVuob4WRu 3ewYgYG8oOADAq6XcHqgIK/kgSnAuxIMkWsgJxEByhHX0LIzGxXIQKyGP9lV fHfB+ih+7BoCywRKb16rNs7gF9DH2ZDkel6x5chSNT8Cz8gFMluCR9vAj9Si 1CZbPGz26jt8P/V2B8/1QAVBvNH6nz/wXB8AkotFNpCgulPfy4itL6kpwk+R 66lnZBecAY1MMAwqAxDWOStsqkigk3DzJeXKvbBnuFaQ5sjevCrVs2FNfrv7 SkRjVNhZvzECAoGKTCHkBQnvg91WW0e7AOhCrjQyVhpwyAtlRu5EaNveWhmM EK7y9wku7jLAQYLlPoMFFTXmNoHuaqidHhpqKgFGni0w3Ksk7Bn8BB1YorCy blbWXMWFkmoFnff6bEuA5aosSUSwB/ZqWYXSlSUFC4meii4GT1cW3EJzlsOn DbiBH5ltR8LCWboetCKS51wcH/CVYDiu7FtHtRJgDdgQaIsB4VJBqMAWUQ/H spK21PRkqBW1C3g7xuIgZD2WgRTxqJXmxWnMKCLrvdB2nxEpZQH9Y+G7QW86 5CHkHMXb2bbP/Hbd3o3I9QfunPZ5mkFSgi9sGiS9i2UKfRi8ylohgxCtNvHs VxT1XzwDTt5EdpGANGpOQspzFiw5gasX9mfOHa7cWzJDHiTnMP6QpgGuhpGH j/VUE8S0SdQvQ7orMzySiqJF3kgTR27DVhaGbhp07iU9iDPLcSBT2WYIWSBu xAWJAk+2NpKbLFsopn/grWjKcibMV/hkMWkr4YKZYT5hDr2zQjAvbw1rzfJA WH9pNfNjFXbM7a44pFn4dqFhUEEB89kR6IokQ/Bya8MeuAqrnJ3J4iYwGBx+ H1/E7QHpm55Djw3mLavBDJw1JgdlLikfag3VWdQdLDUcdwhf5V4wMPIxbSmI 2tClpB5A1+gZnL6UZsO+aSmTT7daezuyohSpAOEEeEMLLA1HmCcBLJ+umQLE sJZR0/HUJtwhVwpfyU8U70KyE3U7HQH1bDYz5801bf9ZRgKKlxUdGUTJhxf8 PetVXfq9uArQDLWrXTEKsHsM0wNiMmZxcGTNlHVSTdreY5KsB7JiAOQ7zjAR eDG5BaJPLs5rrTk3lI61sLiD8XcbGmtcjmmIWgdc9jWBZ7vbG7StbgbjEYYz G3rLvN1qsu1bcd5oZozBRcFnTXbGpL5mcKgQ23m49/bi7XkC/yQSrqR5ulSZ S6oTmWnmGZJ+ZlgUZmF3HoSTR2iD6EVj8KEDN41o6DqAaPtEzBGgJb1gSN4M iLzM09IbxYE7062Tg+lMFWIu1Ju4nZzOR1YbLmIHDkhk/0/3733bvP/0KYxN eOR+QzWRLpuLBWlttW/JqAjqgeHk56ygVNxmt2bV1nkf1UtqAHikR6Ab0WIh gHe4ZtsPQfC/RAws8kwQK0VvFgQmh1TbnhAbsFU2LzUIpLhisfanvki+gJ8K p9/Ummk5hmzrx3DXULOimX4QsId0Yi10syZMONeEN8MkkjMCfD1hz5Yp5ZTd bQtEsgJWGxQNg8U3Md6AsFGBYa0je9shgYNcpK6wKzHZS9qkdh5o4WZB0ojG f9zb+ly1VS3n6I4DxctQvmQnh1hM650dNT1KNq4IS26pEUbEsJPvrktEEOBl 0+0xpdldt/HdRcVs25RINlsqMBwD+tcCWNoIdJEP2lqinAwnV0Hin8b+Ohna YEv490tJqnjB6FXOd/m9Gi/v1aDZegsVLWVKhRG/WHfmHho5w1pN2CEZqShv Tt9eDpOfvoNlzMhLcHVquZyGBh0D6raUTDh75VEIookhHtGRvWe0jBqIp1W5 LWe3gkhkunRpqJ2Sq8Vpdxda4F6wPxcqEU7ii+zWtbl7Jyl+9dZWK4LrmR3H O4Nc3V6QqNtZiKFu3UAyBQV+IYgVn8drRbYTkelq8gtNT5EhT3TIvGEFpVCT atE3CbotMwUu7XcwexflB6RKjgVVX9QgeWKjUVxJHlTtYlJx46MgR1kQlQxq O5tOS2142hjY1k42uBr0aCu8Pu8Rjd+fS3h8ki6aaNEtIax0oFH9cHpZcZtX ZWERwtMgvdjF0BWD7Aqanfqu6yy60zIFGUlVahxdBjJR5Y0sYQijK8qBy+R0 ktqDs9IA+S1ZdcXJGdaVSNsiq4s3TuSdlVf5mCQ6N2/0joOQbuyyWU7E3sDM TBHNNJSYd6+/otav582N+9f1PKSpanS+GiiOaHBE5CxMoiTjqzPFsM4l06CE V9og8yRu7AWqBN97sX9+LUky7E6t2R+z9K7Whq7aVBcvSh1sssCe4Wncp4Xh XtV5vesSLnuubUVneiiu00FLruCduBokOIWlIGYSAi139aBpIUijsYalQxso bvfL6f/brj446Cq47aOPdF7F2Wl9BlNdcAcYC1eiNE75/xu7liW3jSu6n69A eZHEVaQqsuNIViqLeXg0Y1nyWLSldQ8JzsADAiyAkIuaytrlhT/C3xLnv3LP fXTfBsE4K5U4JNBAd9++j3Pu0aaEqYcxn+Tx1oLF6exkRjmMZupHNvN463CE OD3WD2RFKs0fW36vDBuNWngaEqJVFHf5GJ6Q1J56vF6b6myl2x0e4DBxdiDa kzV+iwUNSWYNWtGk7fIENhyC3SawGVYwVZq5Ppp1MLzELuEeBfuiw4MTKM20 80osqicMSHWAEYUwBnH0OG29jHmZOPlRMhVm7a3kxcyfiUJLTmlyDBYWH56F w2sTZJaMoqxit8SRS+CO3vdI+shB0ZRZwngZwG0Yeq1cZUrxGV77EM1kK0Ew jdZYFeU+zfbxKRq7O+HOqeefkDLJbr3a35bdgh5Ya8/51xYBOcDHR/5XvoVN lg573Qc1zPQybEvRM43Lah2WO1upIj+qydcMCI9BrlBz5g1tNuq46qeU1zEs +uP5PWCIj4/fyA1skLCtoiOpHZG7UuC5HA4oHpjPsbgeVDZkJSJj/n4JIJ6n HGwcrxVe/FSGYv/9DP+Vgr599Dkjv8zQp5q3lAwpzMo3inw89pExTqmOjjof TJu7wP2mGXDBNYC8LaW6BjAxGzpS06TC6GEPpzqrNwUcKOw1fjevUNuB02rg Mf7xJk1OY4afd3NiAAYgRsW95jMCGpssPFYLfddhdhOO4UDEgXvs/SNffSYa HzooEEoNCBKBfK3tIM3ULYi7ZXCI4QaMmdQnkKr0akhucoL6RmKKkZssGuGd 3VkvZCteslhiJU2d0O6MO/9bgkcb/gYOCQUrtEFBBaZMrovPspmeaQ92GSqH VtuOZfCkVtXRCkE364hyrbqx1ZbFyBhwYW854SgRPfbWi6kxTWqfKs/MGHZR JTDKtBVzGcoiZwiakEeaDS+nXIlaLpkU+9pQR5OTT5FkrZ6M0mNs6LhQgT6J ddtC14C7m8OF4rtMJPTTZvQSqGH0NYRkDfg/TyCvAPZP5J30Yk1cy/MDRlAz bKRGwXJavZe+NMeZ56ctBAa/5rKNQkiXyuax6Hp6/FKm0kH6hK2guugsYX0C 9qH6F8UlVvQsU2/QWRIRtX4LL9ZgYvFZ+RWRzeGO9ZKsj5Go6wEbBy5qIt2K HOZVOdZSGaFPqkx7pVdgm835THI/elMVQ9/dR01iXzGzsq1kdGdJf9k/blZj Yu36tlnBOAKcwc3bWuZmoEEw9gHgJFYPdISlHbtyOix+10jOWm0mvQhNmOdj gCDdoWZlXoxLlFO71GGVJHLNOm7D6E3EnNVQfuqgH9KMBR+s+TEACcOu3XDx ZuI7+6g3eHLyxtYyn1wdO3HRZI5MdTzSUBxeaoP9P14NFXYXYtcCX4xvvIJH jQxGJxYvySUmsa/JwbvdoCJobH4iDtCspslemBkfRct0vn9NpqmHtI+czpc+ HIU1kjglacxn6iiW/EGJA2lTLVqxIhPLj2gXzZQIjlEImd25FtcivDrL9rOh bMIH4UNxgXT+Yz7Yg0XWlCbZeRCQOifOkCiOXHu7L/y1X3gEUdip08s+q/9a HwEwX9V1tYVHcD50H5BCo81Vzq9oMmmmZoUJEPP2/qHhrMtiJ1UXbXG/VmYl dyVf4ip9pCbqj1+WHQOJxj85Q9i+bVHD59+RU0mmJ8yKtwNZmiAbXOYxHz17 inJGwfFvwtQLiz6CJp36ajfE6Xev8K5ub4/+VsinAKbVmfwVu2UclV2vHbbL LStGfjqMSkpUI2rHU4wqpTOJXAXVzYT1DVRfy5EALJvUJeNssiK/dAhWoFYs vGULLUp9IFc01DS2kqwHzgv6tF9XmizIf+SojnyGsBEhN1nikAxmmrFJMvVG OubO6BtRxPZl2BZnqvL1P3nCzl0n5/3mCGJSGBcmGhzfucq8dKVUw+VsZJyX OJP7xEnlsEMr4zFkR0FoVW5Fx09yV6E/wuSVLjfjWJZXvCI1/Z2VdsfhWFpc sIi0I6YYrYV1RKATdLeDNK60s1ZE5CThVh+8UvVW0B0572LMhlmhzGBPVmBU h7n0Xcl/PkKaXg1apLsbapGzccnWvC53eX2zENY8SPNf/B2keSgcnF/7A/zx kT5AbHmVKg+RDD8uY7SmT+KAdCnDcYSCKoRIDTsp0I4cD8Sw42JtlGWQnWvs 5FLhLkpQiggItGsA2XoTqxTkxgWoYqeKThwi4yobp6hg0FosRhVFBSS1FXzz waGQnICpdxU1boSE7DKKEtUc4GHTWxYBF/KDaw6QIu/G4cNWEJJnbLw+TDpk 81zpJMemVyYiil4o5buMN8sdozA09Vt4hOixpPDguRObExeUvmQhuF1bUmQq mQkEJLODTNUhYYuFtGkVqCjofOn8Z7650rFmCaSevTzWuhBQmGrfwbZGnqab hTTrhviUhmwzg5wfAaQzQlpSS3qq6Tuty7tAMyLMy96MSdUMviY+MQBddZEs oryGlb8Sx5NWzZ14bjYq7M0FBDKI+O7JT5n3W7grDgah85RaQ2ZKkTffxZ+O OUuRhSAvQByLEXGc6wMUwZXzTd3PDf2HpNsG3OqPfAPoSPdwmpSjxydCJHDS F0TemFdvvqNcTD1miiHECfXIFCEHoInz5d48EO5DfecIYKNWmkJQt+SYTA3g T/aK7P04FUsfwGYolKgcLRi6o4UnAWFw0m5qTcsG6l33HEeMy7VRcokkG6sw LlLb7TFOP/VicVA5KbFZB7ZPGTQY2woxfJLMdVlvNVTHO4ovSMJ1LW9VTay+ SfnZvTqBhjB9w3Y8LWQlPR17YzOUrwTtIctw6qWl6p8yveA2MqyFHnoVZcHJ fdUOLXGMmbelDfVWkVeYrZaRCHj+LuOOceiUo3Ns+xKa2bSjhl2pG/LczWKS WN0ocPf/WmDGc9XEwPHbj4WYY2lKGVfZmzkgnvEB7FSFIqgUE/AhdMqHOudq AIVJrgMqfIpqJ5DohnFXwCZfXAky03VtVYyDqX1yI6f+QHU1BopkTx9URPuQ qR7BgnQrQYwzNjgDK7neWOLuLMO2h6vlZRj8Za0CZsfgGplDPeLUoLn4287E EjzZpWTaMP9ciScHs51LKNJJCmrFnFuT5vVj4yRjxtbPzyYFS+G5BdQRGITm KE70xqptJdurF/09KZ3GiCU4nLcNHC+hMe4ynGvrx8CeJyZ/4NUB57ha7w1c Eld5pRqQ8RTKzVk6jLLjLY+OLC/O51IePdMrv+fH07UghdiEitCFIVT41Xgm N2WQ7GezL5JvNrpE1uzJCRj4Swko5PTN6UE1/PuMDgBMRtPKN3MkMl/hUhVZ 3uqR/ifgakQK6+TklAHX5G22XNTSpkzj9MWiFAiUj+lmxWdoemQBCW2sr+nB 5zd0KFXbbVmcDhvyWfCn68XZm+LLZ8+fPnv6/Iu/fv78b88UO/0tmY3C4sdF WJfFX779bvEp2hmoeBv9Fz3PuAUIrahmrsbW5N0kWqrkKPc8yxyNoYY3Kmvv sifU0QDq8OeebOcP1zcMh8DLesktNCi8wafz9y9pNJbhZohgJcKNLrWU6A3c jcuhH3EDuhfaecIXxtycLoF6r8uV7Oz+5PGFkAvK1T8/WVP4WX7yr/F0a1IB IT9sGxNkAMMi36FCbxkgzjAdN2Go6QhZr2lFc76reeDXdEFffs/5skv0Q4Bt uJjR3+ky76u7O87PLgCWDPT0FDCQ6ZyfDxSkkm8zo6s2bV+8Iv+O7NED+hOc 0SQu8JM1/eKcotZZ8bqsl/fQSDwtsZ/oS5ehfmiLBVgWHx9oa1/QEbqio4hW dtNyDHdFu6b46uNH8mFLus8Zkq0QZoajtFi2u13xtoVRuAJUpqLF03GeC+Om 9X9JZonW/Iy+hA1Mz7ivKwofX2N3n1X9fbul/4S6+s9voXg3/P5r1VS//zwr /v0LYP3v9s1SRnVLI2prYBwvKpq9d7R+roa7VmR4aYTk3L0LyIshQLW0kFKY eR905YdKswUS8rKrdt04F0/8KjDPW+A+OWMk3jHdJy0IrSI10eRpHcevBZrm Vx198OonOjsfyGQ/VE9O/guh4D18vIYBAA==H4sIAMKl72kAA+y92VYjWZYg+q6vsCZWr4QumQAxOJAZGYUL3CHdcccRkZF5 a2V7mKQjyRKTmcIGcAXp93fu6pf+ifqx3tOZTCYBEdHVeXuVV2UAktkZ9tln z0MYhq0yLhN1EmxcZ0UZfqqitKxmQS9fzMtskkfz6SIYZ3lwnk7iVKm82GhF g0Gu7vGNT736d8OoVJMsX5wEcTrOWvE8PwnKvCrK7s7O8U631RplwzSawXyj PBqXYazKcTj/qYrn8N9hqPRI4e5+q6gGs7go4iwtF3N44/L89k0rrWYDBYMe Hx8ctUYw20nQ3ekehjv7rWGWFiotqoKmVC1Y4l4ridLJSaDS1jw+Cf6tzIbt oFjMcjUu4JcsL/G3v7WiXEUnQf+813rI8rtJnlXzk4CW1bpTC/hsdNIKwgA2 3Gq1ijJKR5+jJEth8oUq3KFlRHeSMo+HZTsYZrOZSkv4BEAwi+bzOJ38rdWK qnKa5Th6K4B/4ypJGD6neVzmUfA6SlX+d6Xo2yyfRGn8c1QCTE6CD9ldHNHn w7gEiL/P0lGW8gdZlZZ4Ct+ncalGwTuYbJTN6Ds1i+IETi+iCToDmeBfUxyu A8vcWF7MbZxXsyhRxUOUBzdqNFp03j1jRbD4CcAp59XnakJPvYvyNCqju8hf 6mU6kpf1Cu86pTPv5xznXbvMs3gGe4qzIugPp1mcxlEa3cXFM1Z6Wk4BdfwF vc2VGipvRSM9QadwJ+BFhQOVJGESDYqVUJxlJdyniyxJ1ECpu4aFncWTuKfy 0lnbdVyWxaDKJ1MPjNenjUfdL+FSFEE2Dk5nClDPB2kZzzpTPf2/jmCyIUzm rTdO4QJddYKPVVoA5pc8K+/gKr5TtS9g+SdAAeiSB+8RPmpEX2gyId/RZ3AZ lCrhyh7s7AT9DC7nqAxusmjUDvoVvBns7uw4O/9YltFD1A4+piVga+bvtwew H2kcGsHi3nXfBXtvD9z9zmC9nUyv918VLwW3C/c4zfIZQP1ewe0Lrt6H786v TuhlTRGvslGVqPB9VJYApvB1VOBVUovwPB1G86JK6MyCKzWcwgkWM4R9Oory 0QYPE+UT3Oy0LOfFyfZ2ep/MK0AOeLTsTLL7bfwFP9l+c3nd3/5w2b/t4G+d 7s5eZz4aM8TgDFWBxJTXhv/wyQCfRNq3Zz4++3h5AgDsHO50j2jszjieFx39 iKE09C80r9EB4pD0iSGp++HOEcPlrH8qb60FDGJuGSVBP57A9a5yVQPHr4HH voHH0gKbYeSBaF9/6kHIG5+f8EHkwMgDUv/9RQNM6N4BpSqCi6iY/gfA5OBX weTgSZgcvAgm8Ezh357rLFmk2SyOkhAInwpOExAM4nI6K0houM7xwzfRsIRP mfoFABoAWTHMFZCC99kkkufxq8CIJtlsXpUqb75kUf4lvu/A0rYBOts/4Tvh fLp9fLBztNN9tfYiWEJ9DfPnwQ8d2pb5ngjjtfMhMHiQOUqgKifBH+WxKP9L fH9Sn/e+61yu3eNjkFd2wy5C+G2e3as66E6DcQTU9CfZ8YwJzBAQKdJAJBjC eNEAEA1OO8qH02aIjJJONJwRSEZZvA1Hvbu7f7Dd3Xt1tLvfwR+Hh8+Ey/vs LnjXkTUv7egVbGolXPq3H3vB744PAYJ5NlRqBBIJcSlgvEH5AM8uQhVPpuUU sCCtYKunvSuUouZZEQMMAAVupwokS3yHUQBGaAfzeSfo7nbD7u7xCnqpEbxx 1zdL9/gU6DnAYUQA/jgoI+Dy6WT5JheErdfVIImHITAFEZmLRVGqWbHietfO AlFUr2zv4Hhvf6dDP7pPXT17JDdZGiWj4H0nuAFOJmzWf5jw9hTxNprF+aoH YITTUQJ8M3Vpyhs1yKsIoL57/EooS9Pp4onMKkRRvMfmXOEI28F9luARtYM0 g598YrvdnXC3e7iSVHln5kMGD+1N7xC0iRP+9WjveFf/enCwr3/d3z+UX/d3 9uBT+P3D7c33/kXDT1Ywa5AU6JzidKS+dIppOUscjB9HSYGi4Zs8G2VLgoP+ tHnoMX57pxgNGsbsJRFoPcOr4XkSgwDqDy1fBvrb5imG/FRnNlT01Kqp3nxo 4GRvTt/3Pn6As0ca9Car4HTyIBFePyC+BgLUHCh3UNjbgCQhsPBc3nWUANqE +EYHz3rbRTNez/LRdvcO4ORa+Lwjq/UBYbKqCOnG1dkwf+cpsO2gC1f1fBQj cm48/279SUVpeD2Nk3g+B2QGTaQoMu96nFYTFHuR8y5fjsv+6w8BXJvdV7tH Bzt7R/uvDL0P+0Swa2vn735XGMLPZB3Jj6X7MYB6DmJ8lKwAdBKndx0QT32K v7O3fT1dFDfq/hRYfaf7av/w+YDoTXMQQ+BS/z9RImqbAOAjsG/Qx5EDHC9D AGcktgXTxuohOBVqcLjD1GBf6DcsJuy+Oth9Bj1o3sftFBT4MrxRc5Dza1DV cgM/g0oY3IlUBfwwnt3OCkhOkmwQJbD1O6CQMBxIHSxZENFnUrctZxWWvIRS hg9zGj7E4befD+mreDgFKTK4ygrR3FY+CaiRgW4IgsEy4N/SyoElFHegV8va a7LiLskgiJOfeuHZh/4KsBleS/wOqTo8uwJgDw8PHQBMmhKYMsCNcGdvN1Sp FVWfA4TrqEpASR6Pa8yIBdz9sNttuGy90w8fgo/jMRApzX5601iNg1uQntIs ySYL+ToHhbJ3+xGXRnIZirC1za+2hWn5XUTWFYAYFvnQyvDzPPu7GpbF9hyH 1QgzdIZd/U1Y+BO+RCgPljlLVo3GSZSr2n7xBaA780RFBawhcJcTFFU+h0ug Vux1AKDtDM3IqFyT1hJ6e9KDvOAugAoV/AAijcoH0RIidEnebBBJ7B6D17Ay 3HV/Z7e23zOFfIgw+hTkJ6BSJLNc58DUiGA5ch0o+3geqJ/04XLOgNf11RB1 uWgSIWEAuSmaI28ChMsKlQa9eD5Veam+wFdlGQ3vVkBOAUTSshNHw5wuTHdn Zxeo9dGLpb9eDn81SXb2yT/HqGih7lLNfVCK0O4DkTCQ7oy6xkUGp8iI7lUb Lucc6L2z1NcX73aO61y4GsAvJZBxEC6ZaKgxCNIERQD05YezsNc7PQl+mCo+ hovsgRaHu5lGSaLSiQrPlAH9QKFmCF9kD2r03fMBery9v/sCgF7F0zgPXqsE EWjtk2cqBSxHMjVVcfrz2mfP0Wz2Lk7Kn2ugb+CZzwG93tTbq5ujoyX9ZSSq ihHOgoLwFhirh7aRRtshoW0ImF1EE/iecHaVCjNXGZCJzrCI4qQzi8uOGlXb RZzcx9l2H1jXsFSj/9rd6Q9j2E4M9Bb+oIUX26JD4bdGbtw+/SwffzYffuZ7 9pmv2edTXu9nfc0+8zULr3i9n/mOvYzFgC40joO3WTJ6AKHuibvTp90hb46S +BdoYyIrAnImICgdNRCt/uXpVfAnELXhdVR1HQWXBKbdV5761D3aDffWWHqs uLT3ahs4/audXeTz1596p9eXdVb3qReEAXwOE5Rq1an7DK3Xv+ltz0CHj7av NW9zWWboskyQQYcVuT621ZdoBsgTjuMETj6axyHN+ZyjW8vXQIs/uripSzBI UsoMHiLK193ZPwoGcYkPA1Eq1QRQEqnTUQBkB36tChRyujvBLE4SJDlpFhcL kMXhpVVgsdamaFBs7x7vHHR2jl/tH79AtM6jeBK8jUepWjwl7wFCBOd3Ko98 KoKS3H64u7eMVmyMssu632Ng7e70ezVgvQbp9Q4BgOBxWF4I1Dn4fo5zIWIi KSdLZ5iNQeRV4WlerhEGf6oQ0nDBUlBExTFCAsP2QOYL8yICAVHPF1Y0FUo9 8N9I/CB1SBIyfHLGfg9j+0DZPQ53DhkosKO+fdso0nE+rAAdxswVUe2ySpbg Qvove889f8/aCDL/wc7xwQtJUqnm0wgUk9cqArI3AZmvxi32wh00dK065/r0 dNrvL19//FS/Ge/jAXwIZ/txDuxXy7n9aLxKxgMCPa0GdHoZvGKlOngFFM5B 9pMH/g+gx6KbFpHzYHm56AoFyB+/Gh8OjlB9e7eAh/vxqC6Wngb4YQgCQZqq RIQptgZfAHgeUMi7RIqC5CXSwkXv5q/929P3/ZCGfbao0O1u7+4fvMD09ldY FaLJn57gCVX8swp+iNLJ2sfeodATfJhk6yUJEIyi4Kwa5Nn9ev3wfZxWBcjQ w7ukSmuY1KRAPUPusBDqR6sOrMADG8qBRc6BzaLiTo1I1ium1XicwB9FNi7p EOOlQ6QZ1lk4CjxAoOGElEgbh4kiU8fOzqvtYndv7wgoQBeuDKh5B+He84/1 tz6I22kGewfuDkCp24+6tML9sOmWGHFg7Gqg8dCEWzjiwR7LBfv7e+H+4c7T csFKGOGZ9up2qYZLSD6ZmmP0/KoAnAHQZSVoUuoedgEfDxbBRTwBfSj8mI8A ja4iNKdMXnItj3dfwFCfd3zPvJTPP+UPcVKQ4aLIq9/stvHGBcwN1+2tStHF z1TSv3R0QKBihSL0+/bb63fndBPhzEQ5WMXhlg9k93j7eP8FKhUo1QWsLApu ovv1lLJf/T1bwGbSKTycrReHTtNqHs1QVyzLbB6Npoto/Qt9gC688HoawZ2o ywq/6IAMIK5Ar53AWHUrw/XH9+9Ax73NgMaNiuA9SDygr4Q3cCvRqgO3xDMz wWGJYYGtD4FvfXjJjTl69QKC10v+/X8g7dUmt3Tt069Vmv37/8RQj4EOU1k5 8DTKQdAPrrJZvH5QoZHkdy3WPvkmj9J///9AMg//AugE58AGObOUX3/pGHb6 TLt10ck5xARV3ACjdVDPRYGVKeFphdFEJX004lP8grcTdGtQl8psmK2y3cdK qS9zjJjq4K9iwmf1afv46OCg233SbE/evNtOEML/bkFLX/VIHx6B/11UzUSQ nvkrPHOFw6j1z1x04LCfGugCJ9OPrDuny/PzcxZNHR5IBl1x/Qf9bBirciHs T7gfKLvh7v5ztOKd4+2Pf+phkEO329kDlXzHO/O9ddZg/3AdTUmbVcQ64RgB m/jny/jfC3w1VyqJiyIKTn/Oqiir1lPcv1ZJHAXvqp+z+7sn5ZhsEEcUWZcq 2NB6kwl7jNDNcg/6459zNVJwS6Pkt+OMCJLeh/5pN9ypC6FpmlXpEEVzQZqZ yocxoNEHEi/Ri490Ni4XNihF4s+6nVXOIDJ3dEZqrNJCkRUElZvtq2ixvbeD lsa9V92jV/u72yH9/852r3/6GRf4Gcb8fPr+7ceby9uLq37n+uzNU6fJxo7+ qQutvpqXRqnqiljwJoqTZdu2QUn8GvmJI7OJ5VWbsH0Rrr9WFFgWu4GowaJy I3YfvzoKQZrc2wl3X3UPjsPDzy+R3P6E3taYQm/Ofnea3j/FCj7FgFpvq/WC XrP0vUqoSNQX4CboyAZx7qmn3yBW5/Fd8GdArwjpklr/wmU6yeMRPj6Iqocp vF2XQ1AX2DlcvhRLYSbijQpBkuvRm20QL4Zk7P2AJjU0bFlqibbYodLKwi6o CUwxDw4PwoPjZ1DMNYer0bDOKDc/pmrLYOBlQWoBHNjHOQe6vs6ysihzDoRm uxJ5u8kgI6/RNnwUXfbG/AbYun/wqvsq3Pu8WyNPO+HOgQ5q+t+Cwlf//j+Y Wt9kRbGeVL9RwAnTURb8Oc51oLSHI6cjILVDOXpLRMPg/Pubj72bv17f0pZe gCjd3Z1XjCh74d7eS7HEBerr/mV4/aluc/zkWJGCoY/X4wr4BVkEkqIdAK3K UdYagVaZZHOyJpMCkyuOqx+xN36NKXJQxJ0BDAokfLsPgqkanWXDYvsse0iT LBoV2+cftmGZ29euc/91ng2nAKtt1+Dl+Wc7GBj0XZp+Cxzp8GnhjCg7TFPn g4ho5NK5/rQcknbtemPh61U2+ryzmHfKbHvO7pb5T2hbBeLwamd/9/hlxsiz KI1BWPlTB+T9HKQa9YQA/yECnAwuVErXbb0+iN7991m19qH31Z0K/hwliAA1 IvmKrN1IevrX4dHOTnhwWEesGw8riKJg2PYZ4O69jtnGGD/CfgroBn0Mjr2Y kh60nrCsDtHtzxWKGR4GUURt/7ojC827LzuH8yRCIep1lN89Adb3cQLMYfoE C7qJgQrmIzjf+9gz2dpIptXmIwog7l+fBGYzdRJgg4jdLSOXWFTGSWwDzeKo DDkqMfgBhLDgdJDlJQYrzucGgujCERZAN14ihtOJllmMK3FDD98UlaIF6oiF ye2owI/gHpM79eB4t7tzcHxofrGnVD8mF66ufx0uwAy3OYiKqbov7rQ1wvdU 4T+PaPcvTzVt3hGc3kXA7R316uC6ioHkEPYCSFZHqOgPbxQsKVUFaoOqoAie M8y5MiEsQFf/nCWgWwa9E/2WY5zwBnWCaC5h6XkGFCYagAYMMjTFwaqcQvSA e0hg1brTSIfDTNkLVIDkXWyDaA2Uodxm5yBZRne725gVNtMbDymupJhrEA3D eQ7qzixOo3wRUkbZiw/uB/T2RbPgg3qYZpU5pFWPX1V5NYmjKaig1XweLaJn Dk83+IlnSWkKgOc8pE88eR2lWRG8i2ZzJ8Np9eN/AtR8m2UjE0+1+skKjRpo syufePIG1EEUznIgE9VTo2ZTkNRza6FbBdzl9KI10EoUYF6OAhEA4YmHLyq0 VoHoAxcVlpJZS8WKF97hUbx7AAp1lz0Ud088fZoCqqULmOZpqOE6Xld5+tSh iQoNy72O0I/6FIzRdfg2Tlyr3IpH38J9QVnP8NaVT55X6d2iAsrxLp49RQCz BFgUwK0CzuvRPlBIjeKqs5VWpjUhe9EEsIFeXtv7ztQMnnl3fn59+eHt99d+ pPQ7pUi1+H4ePCBzQRUDfRToac0zFFOsGQBEYeI1JCmgHwNpGtAP0B1LclrZ GDH4Wozoc7HlFc0x2A2mnL3t3eO99dlYzvlHGMUMgojRIZqesirrWfRlzXMf 4rsEBryixAsvecOcykutMGY3eHBvLj+cvq8F1+N53iiMKQQ9402cg3yxBz8B mPHP6IRwWZir12n+1AxXYiBG9lIPRUiupoJ+Ryjvb+9w/luYy+ThGCcHvWSs J/eDE534Ax1uWaw9pTU5cxxzcPqh37+sJfXgRwHGQRc6kmI1EwfFOC04XG4T QQ2YiaFvQTXfWhHxj75uAEl13xnnjRzV2JF5qM/V/DPm1uAcn0lj+Iy/wIo+ C1g+e3qO5qtrQUJ7rOFWuCtBCxdaATQBOp96y5vBEDPg+dOfhquSFl5fvjv3 B8JPfslI15++v7wOf3hbT1xzTuX7QoHEY+z2RbBJaeFyCmuBQfnqTWeFaVtw wEOglx1MgKflUdL5Ng3uREw1LNqEc+j1LgVxBBKU1YwpGMAhJ4za7MoslJtP PQ6Z92d7D/ejGAK+IDFcChJvnrKIZuHfgYmpohPN58U8oxRcrVR/TvSQn00i xdPksQ9C1Z9ozIbF07qsw1Sv/Zx8KybGoJ5RCPfxAbmCY65fQYP8uJ/u3s5+ Z2dvb/fguaQdfSU/xcFfqjUPvVH5NCqDc1hvtOaxP0V31SDo/6zGS1SdrFfH S7Sdo4XsoikI/nQ0Ak1qzUVwyRMamzibJkqaclxd/Xl9JKEJH8SbOoonmB+0 3RTy/hJKbAjFdf2qvE6y4R1owKAX1fhPXY18hh/8aPvw4OiZJ/4OpAvUqmKU 2zHA+S6O1rH1P0UYZ+6qAk1Pkbx8oaJ83UO32Wy2QPNAoqbRRK179HKSoem7 LLN147FFHQ45z9DS+UtkBwO7616NS15HC7LB9NBKcZmOqqJEUQ/ugJXW/Bzq tZgB4y+/BydADqKkmTpnwwL0yvvOfBgX8qqRCujsYdD/2t056/e39Yj4UQgf hPf7n3c+7xpmWVf+m3IncYnw6klwD/exg4wShuoMMiQ/WE5iNi8wtmMGsgzI J1iuQbKFR3ExTyK4jOcfeuH16eVN2Du/ue3LADAPKOzJIhyO80n45QEtJndq Vnv1L+EPIDrLK4CWKpwlMF02A+VO5bWHrz+FV+/1+FS5ZTq/U+H8p+XnLq7f nbsP8jbmP+HQJHUovOn1jXCxgfAvnQMiW+ZtLhAzXQzyeBSasPawmAPpAH2j PszFX1/fXJ6F/cu3Yf/6vHe7PBTJBcUsxJIxwImRHNTG6H380L+9Ob38EJ6d /zm87n1yBykBRrKaEWWS1F6+fd8PYRHhu/O/hud/6V3od3N4l45jMCjsPurL f/26z2vvXZxfnS+9KxPDWdZfBLiDdiIvmKoX/BY8bo61/h6qNL2PV68vP5zf tFphGAbRAMEyLFvw7w//BT7AmN+K9B8Ym8ymOTIcRQ4HuCXk02m1/u1J1P1b iwv/rH0o3HnVujzvv+VQ4xOcMzj/AjwDFDNaxO7udvdwu3sgM67AdT3Xiq+R N75klqXrocdf+gJ9RjcKgDvkADin1pH7mIzr3iQ9pPtZuLP3onWuu3De+Cue QQ2G5it4PseeDeocSlykE6+c+qnb6q3hqYcNKshibt70gvMRiG6qUk+uoeGa N0ze8FS40305yItiOgsxb3yOpS3wT2+y5a/R1UvALaYMUNzc8fH+rjvqEq3x Bl36Ntw9fCm8VlAlM8+K7196fRop2PIkzpcvJQPrSJ6eaN0zIC9784G6EOfL qB6GfxSq+G/5GG7434I3f70MwuAHFTyAlBWMMlLuWc1GC9QDJrk9qAAQ7B6t f/Qt6ORox4fz+cvVeyCd0RZIJXkOaC8SDZVc8kltgAWMuB7bc7C402r12HFK BP9ZtyPw/kmpr3Zw22kHP1DA8Rn81m8Hr+EHRZB2HCtp3K69v8E5WwCDnp0k OFP3MfINKgPjCOG1l12NYwOmz/I7hAaoDBNAv6LNnohUlSFZAtsCk9ooT170 drB7ZPLYMaanvok/rNXbQVzcRh/w9tKJ1IZpnv2PHQefABMIKPbAOR0m2HzO cW8BFv3BvhqlQ8CibzeePvUNkYG/3fiFO23e2gZJuH8Y5yDxamH3DyTn//FF aOEhwh+2eQQ9ntwVyi0FMfvbjdvOBmYs4+X5doPwd8MoL/BtQyG7jT/ak/qD W43tj1Ql7g/b3md64m2eefVCztyF4N1x13EWpXSfVs/dw0JzX37p5K/dyftR gvWSnOlfA0GST1cu4Pt3Nl6uh9ZFq0j1kA6pX7q2d+7aHOLhLrDmfolXLxN0 /GmsktEzV0PXaQYYOf12Qy79Bqhpi283do82ggXo0t9uIBHYCLYZfbct/v6B vRaX6TgLeJk+BdoI7qOkgo+fe0Fwjj9smyv7x1bIxKB1CxwiGqFZGzlP5AbH YBJqsgjQtH2PblodFzLURqxNtNxtBQ+USw3jom+gcFP2ohxoJazCWHC4nkVw pxY2Ba4IRiDAZgu4l2UG8AmyQZEloO+3kR0iB5tF8F8sykJ1qYqims3ZiVLh lPOYk6PgmTgPtB4tq0qzIGEPzDRLRp3gNoPdjpCow/MxUHbjWiEeE6fjPAK4 VRy3NMNABcdADlzUq1dg99AG1hsPpwGmGLF4RNsBqKCTOxhk6BZyAIGTmVE4 ZhIWBysKtEU2wPBsjPOFkReBKVcawH9p5AGcG2U04bHBaAQLsh74a/SinTav 4cCYncYY41RGmEyCMI65zA4ltX3qkd9AfYnZmS+VpkxZjqFOm0eZ4T5L7tWI ku8NoOg4VsKqE3yfJmhPmudAh7GEjod0wokApHhCQTGNxyWgACIiYDjmmAN0 KQwey0fI8QUYIUmVFkYVSTu4ziqNQYfAZ+YYOc+1KlctitXRWTwaJarV+gZZ fp6NKtI3W61PHu7j/mBpFrn+jogS4aRZrhhP4QIO1bxEwPBLmsIVHPpG0JxT 2Zri93gaNOADBi5iaYh7hbgU4YoBhzhekZyLc1M5AlPZdOxKh/gbBktHAxD3 zCtqPMZAF5pMYRlKAneWz9E4zWuYYCmglFAOQ+Fwb8gXEYBOEByBzkz90xI4 DI7AAUkMHdCOgSJQpfekyXWCUxZJsXQNn67Bdvh9rhWU9kuoUMFkqNiCAaMy AKwIKOMXoDVS8GJVkFy9mM0U1sd16c4mMIksuAOop0hqGonTFu0ozUqg2HDE 93BhEMIdLCMB0MkRSxXmFeKVmWS4XQN8hK4LQilQMUYmgvBcgmLb+o8nGScj DKo4oTOZAWYB8j6oHHgXJzcCZOi0l0ACyPwxVZT9Cvd4toAx44Lhsww+3B8W AVR45lHKukOq2fH194w8b/EX2AAcBiGmJleEtXyqw6hQvweaiTsv+IWsKucc rxNMMIMsSsJ5BchXKB45S+GEYImohOOVDrD+Ml/TPIOtIWFtWDEe2zTCKxKk WMYIqH7pvoRDMj2GdQHx/DJUCVIdvAtVitUzWbVx0AzGbetkfUnkd2tFjnSt yMTUimwv8yYzv8eYCCKwOimV5rNBlzy3YVNzdLFRLQEANGKDIA3vM9b7aj5G YBlUFQMHkE2f2hpfpY2siiSC18FenGSeocEY8xcQOuOKmODyVKWBvkuKNQdJ TQytT9aFQnQwsmIUD0sdjM0J/+MA4w8mRBlJEMFLjeuKDLuhF6Lirq0ZkX/t qhQtesAxS6QWmNRuNGLCAtKYBxivqSwlQ0QAZI7xGj0+Wk/k169wh86/ADgK JMXmSk+RThBfwKRiJAB4nCv4rU9t6Ppl47HKa7DGw0oLBLWLDL8rUHS9j++R 0jMOLFNdmN6lRHUGHPlLq0k3cnWjgATFybSEQ8f8wSUgEwUEMp0T87DMH2ZA 3oEQ7QSXpWbQdGZk6TD+T2UTiTVLItFLc7qiAImMaCQxKhRuzbuG5loEjhFz KXAGiA4ItUgQ5zTclOQOZtwe7WVajHIm/gmHe83oVcDikR0VrArnfHnglDd0 yAaMlo032vYD9GXD33BDzEe5jmXcIEDIdaqxz5WY4QqMkkQ7dKtc8uLRMYUE GCTbHPjHAx1NMx0wbAJYfjUhmDBPdEXQxtvZBqRj+o3VOTa5toxEzoZStXOL 1nPe6wWb50kSgyw+DHqAqspTn7c6WAXG3Sal36NLamQkWAM3ArrkDg0Wy9vS 8jVwc/1l6BSrBfqdwkGmEYEQJdIVhJkuIS/E3HviBIY2u0z0lM+RC+5Z2RiU rgcUxGEcuHVWNIfdzFEK04PyuRJfnyFd4gKvjLmsp8B1aDwG1jxAPp4TdxZx zKW2nOUpG8IvSVrX5JPXyRQPZ+nYzglGgXAUhinXrzG1EVYJyYR/TsR0W78p N1YxuADJUAUcw1Gq8kEBATZaGQm9NoKXYaEHYSI4ACQgMkSlP8tYYn9JMtKc RYOJLwHuCKVLVyABaoVcHgToVIUwXQg/4YDIU6IvpN3Y73FnsKIFCTHC2lnz wAhowGOCpWg7RtnA81urQCJWD0kMG2nouIc4isfGtUXW1yKrcrTFlbBnR/pA QaGIf1YWoHVd0r9qneDMakEoB4fAGYh/StwEZ7kWWu3DVhEg4FTUAkOLX6xX aTzTlxfjoxF/pjlSFpDvanJ8jtdOJEmW/kGeHMdC3VBiSCeJ0o68Dhog3Nej eFYICb+HdWupMZhU8YhCvglPNCpjCw2cAmUO7xol8SCPcmITKUAM7bkaBdtN 5+RQ6rYgFWp2IdCBmUVeQB6W6GJUWSvMwECkU3b5QyqxDYucg1ZnSGlBxcqo sCVyqXkeIzLUqaOnwxvhyMEQffb4oiTsN/UGAL0GA0uZSrt4cgZjxSq8UEkC qB5snl3wM0Dpw6JcwKncsbDMR27MBHIWiKIFign4CwmYImzWsBgGwTwqk5Tc dsvDIRLzwHMszl1Q9SPmv+726kt3UdsGBCVwmGjGYNRVdRlWyDZyBKP9edYQ oj1RMUW9dyhhuXk2Y+oJqMmcHK4IyCvCozBKliKMmZH8SrUyQWO41lGRyjdx fwsZ1+xYoPwBrHQOsm8pbACNJEj7SDjXxhUYHu8tCryoWRdZTWyPZtjmguST LEOZOZIqiA1z8smJVoK/6qdAqjYCBFLjQvh7Gd3Bt4QuSAdhok7Qx1thRVUm LSiG6dz7GTAfIv6JpL6L+IviH/wugTq8kiSxZqEymsDDJoWjsNpSNZ8gTwJ5 cUL5fJoFDjPimjSWhbliXpNSjTD/xYjEZRATkOlgGeqBGqNeTheXNtthk2pD /jfqNotg80P/dEvv1G+kIjHEIzIBcZkhpGyihnnkQm+a0xMRc77vB6mxMOk5 NZsEzYbz179+DTiiXMKCNSCQ3JM/UCoLWEm5sOKENl/QepjwvVXIx4M3mJ4M E0tRXFzPpS6kjWHWej2br/uXW6RD0RWxG6bdmZNryre0NPbxUXI8YTOE9voW RQmgdcGH50PWnIapUEyFn0yQFs7n5B1tYpQf00YAm+U9g0qzbJaEKHTAIfPa iOEfFcCWwqLRR0pwJPNH5JAnsg47pCT1DFY1AZEjHn37kzNW84sLUnXsrQdo TfANwGCxly4Vpnt8pE4bX79q0bvZsuZQN1laQLZdVB9ETYAr/3z6G6FlNEgo PBbrYTNFNvXK3fVJQwtcYZSUU9Z0rCkbdkxNUkhLZ1MnbqFczEXxB/o0kzoc HDuT4V6AHxGpJqMPsEHALxA4yqkWNnEGWhgJwngSzCZEIDDCOkAK/SG+oE34 SiYJrIa5ge/N2NZmyZxGdOJtMxUhhVxxqJsw1wpbEqMv6ffpImjkU4YSYK+k aCYsGyj4AGNX7Z/+EbWDq9Me/FeVw47r9SBY31dJKiZo2PiyXbLm4hhliqV1 kpvqYhObbhqlAKQV01Jbc5xZNxn8EUodysLSDvr4yDXIgXgggDKUVgvQVVt1 SbS2tioFasWir2OFYFzX+8QzAGEE4AyUghIqPr0720JG7T7BIi1+36DUBlNd bZAlrCSLrc1WAelBguMQ7JqkQPZ8Hl+JIIZKqSIzS7JglTx2jt4z9qLKHGzi nuGbeksYESh1IT0jHRJZAHSvUqq+ly6WLL36+JeEfQPiScYyAhtN1NxR3knO IZCTdq5prLEOUXKLL0kjmRY1xIiusEg8RuoN4KkQwgi1YimE1OQJGJ+X8T+s sNtMVTInmYtHwX3zWCixArNjOl0zASGh18PB34bRTOC0UqYHLrwKrlpt5Kqo ICGF/c5xSV0rgnhMpwJKF5CFUtgh2VZ1ZX2FSiz+YeYjGovru7y5ffM73dIi eJPllN0rts+3mDcSbPbe3Lzd6qCL7Ba4f8w8s+4hw4jek+DU+oqJ8onmX7ge MV0Od61Vx7DYCobQuUTi1ALCOmGzBd1i0wmCyqmeBK0TklQA4wHCc/0l3JmS rWl1IqUvZUyG3pQuItbnZVRQeZ6Raaj1HgiAPw32UqqSMiyzBPCfXFUDPgpW NFHGR0DP4KF4DsRq7i21BgieCn11OevK2klIxh6iBHjctBGO5EniBm9QJGp2 a3UGGDmFaQe951goB0vlvY2hCFmsMaRptzaIPUvevBt9m5YSYzimQOC5FHFA yFxUKGZSRbTEPYSi2c65UpRyVTbVmQA3Q6EFu4z2MKpBtBzH64l66hgL4KP5 2BbO84FJki3uEsuz2ak906hsj2C11jJsNJgCLYGaqBO/NTqjcgqDkZHb/Ik+ HFQqxVKF3wINNOQTuXGzFUeESoVXddVGqaNB8/7s+kjzZHsC4OYCL+ht3W9j LU9BNMClAN9nG1JGnFEvJdhwrZKOQZ5ErYX/gTbHe2Z6wdsNHBkwegh8Wi15 aCRig0R142TQ/V5Jd9HO4AFqvjA3iL2jDucU49fDjK1dzctmI8KYt4fP1Oef k+oXz7Xmi3iN+K9KQuiQJA6xKAHIxIzye8MtKOvji3OEmkPTWczRiUnXGCXL YKO0ztP6QuqhLCAmsgfN4YVjvJTLPgjSqjesBMpRQWzgGzC2ubE6HdsDxp5c 48Eh2gy0WcN1k7M10zXoTrV+RKYF7iXAlpE8irmzFDoM00IrkQNFwn9kr6Vr nSuasKtxjUNi0qDZiokhHVeE3MCYkZ3AK+TKp0Vn3qLFJoQwHWdVqqkt0Fim t1nOzMggaYP3pzAO+JKb2M3Z24oo6kAZLwxBE04w5bvqImaEThSWYcMQraMx 2epR42GzPZIVXVK5oNLL8BwBEq+AXAoU4yQYC+k2O2XJ0SCGZCvDFWiLeFhJ CJFUwdhFFI8YsVnmKchKANTtZ2UcIUxcSLsN7qM81rVD4H6Qn4HmYtKmyVRd LanElmgerJExD1QsmrhxRJfpamq6IYImUqt6qNwGk5sNIYwbdg40YLeNE7ot ATWoubJG5phr6Gi84lXmMovnBmWEyInDQWu/zbtAUeEb3cHKjQZzCXyrRd1U hhJypI3Vxu6E+jHiYpENY6JjJqxFnwa5+JfYu3ECrnJUssG3bpQdcZxaFYOe ahwkTkxb2qz/khXaas9wOdFxknekKSeaP7hPKHz0PrsXI4QGLt6Yh2yJajKW MPl/iJhIscMWxYk7oisGTmQZYKs1Hq4X+9BZFqkJY9toqmD6yUZ1UNApkaHw Y0zcCEM/AA1FRtjpG5QduE1Ge9n8Q2dbsPlvyZ3fLPDVwtxKNad7WxUOLzLU EmNO8yLKgQw5ag0ZcZgbOR54lU6R6oycl9rEvwTxFhKOMhxSXKcY1J4DClYs KV281TrVRiQyKIZs5l0msaPMSABsPRZfCObaoCE91SY5GwvoRyA2LIXuJ+wN KKVKEm0xyjIgTUybqB1R4eitbCJlgiAxORiVZYQoin+cYw4sVjEp3YktPL0V ML+RKMr1USy4Wt91j55T5KfxfSTe75m3VRxO1zZB3fEbxyboiY6P35i7+hVI ESJplRpHnYRBGHXQjCFCsH7Aj+2C79GGRZ4nfcZM11A0KmwxSGPB1dwP4DzM s4Lgj3Zb9u3HKUDNvRNGgVi2U25hOx17YdzmiuwhsjrLVPwIyYICKo3X0UMe ZkuE26ompDh21nA5tEy02nSYVGgQgQeosAwiBwZ5GJh6xj+9r9PzPpt/TOcm W5sYkWfmOB/5jYur017YvzjtHhxutUk5VcRGYFtwK1iNKag4okeyC44iFwcA oJP5Y0ax0CIJKbGP1AKciNCuNjejZmYAUDM8y7JhxSEu2eJ53TenIcDGYQox i0tSocjQyltC8GNBn5xcxNimGz6ULlJuXeeYOjCNVLCJ8NrieDeDhcZyQLHn uCAODOAIqyX8NrsRrcWC+rmQNrFTaINfcdRDWC7c4AaLPC3ebyjqfMvKjbHH efQRXhqhODjEvatRNReAm56k6TIRQBNmm2NEJGjLlRnq0wPRITqK0mkij09t hCyooByubSBtSQvCT7sAnOB78hYIangqACk0JB8tssrISBIsyjVo4drSgVES RyGLicXYgzFE5P+nR4jWLPuUcxXGMzgdsi4j37c1wOkCF3aH7pCUUeA+FRVr gIvn3uR6cY4uMWH5hfWf4Lw2ZEWMtI0imLllNmTcJIOsllFZr6rSUsC6jD5E qiTkyrPvGqqaoBRnQ4YGahihsaFhtwCTaijBBdZZTmUJTdlIpuC73aMQLX4r vDXwXPe/Px7ufzX4YgfR9Jn9GgVpf56o4gSqOr6/5YE4nNuWtEWISnxGyeZH KxehxEtJNrIs5xs7nlgPlLa5wYBoikoSxbW10Nq+clscxzZQ2vJLQbNIFDF0 Y8ZtwNDS74bjkVGjOdGAo/KaSc8UIJcsyCBu18fKDtm8ldHAGcNw18MmyRj5 ih6BzxYmxhAyooqI12ynXV4GKScUk0DRCxgujugXzzgHBRQWkToJETYRXYZb 292vqLO1A5QpCgzBA9BIV7CDwwb5kyagwHnGTHS90BwDDHeTHnSYRXzYDnZ3 uvu/Yoi9rgQrZkjm0DmETrXHR7R1iQPt8dG2Qf36dcuJPMOLlU4Z8UgGFZ8X mW0krIvk5tKxr+k0BRA4QoBPne/HBjdULTBOpPJUoQ4Aaj+iwhKx5pieB61u kP7E5xEVd8buKAEXTtoNplqz1odsFX0QMeqGPm9ju4+T8dCEp6m3fQw2dG6z 3/yaeBXoRg/CkRqGi4A9qnuhTQP0VRsZlTHwC5I6dokiZBdcS0ubEbQKBQKq Hxsg6SBGatWx1XFho760/10ajFPAvJeqvoExJ9TmQMQaanvgm9WM4wkebYu3 uuWGHHGYifuJdoGsj7DpBFcRKlMtSWsWiYcDZKNCUuaJdgPVy+Px4js3hd0c CcUGUygSOcrEpVmIVbEWHFVYyxuW7E+H05ZdpqxOhweYVWOhEzdWRkJ2NqnA 3RaAmX7h29YKNEyDzZc2m9hyo4DaLRtfw4pHQUeD1w6oDvo3sCbYvPjnhQW+ 2Xoqzsrd8hM7pnRYKhlJYYWpiGROLsIQxkfmxWnjn3pttvnHheQvLJnBSMbQ 4bQIq9HKwOrBQkRZwxG1c43cfSBh3VOJ8pVJpIUDQyGebf7lWIi43qnIPCAQ Dik4ioiL3gkF646cZDUqV65WaaMwZtsoY3U71vOSXk+RNsBbVVK2jQTlQEbk Dy1HKzMEF/PXOIRheMCc2PogEWq/Feb+xoj70psLd11u/YsQGo0sKxx0rdZG 3eC34Ul4lEIhicGNOXGSUAF6iY2PiDgYuJ4op5/dMuEukhwn51aZED/RFO6B +4Bw+PdMg3ZFiJMx+YuBlc32mEKucXxGEVoSDxS7WWXGiNvmN363Ik7X8Qy3 awHUbR3fRiI02e0iCTljtVKHyJEXwo1BOk/eRjM49MfHmze9w53jHUEMbHgE 6pqNly74kaPu3gHIVjpsWtINJMHdCjm5UweqbuY2b5kkWc5Es4Y5VJ+0TW9o ffscC00dPPjdZUtxlJJLqkoRbRQndEYNGTUUwODkiImV27NDF2U1wiMr2Ffj nxunuIzaHOBCQhzpXRjATk2XyceDHZZxyHvOOwHNlyoMKNaAcW1OBQE2ltZD LRDs3MoXToZ+x6bP+nfsaQziDuj4WFmHDnWGklgqaRJAXhS7J42Bo6bLPgDk KBOIpeQkwZBmIcZs3CoreEvHtRmXCcYnwFnr+HSE3CrTqMVmxgCLU23H9oll MOS21+2P1LzBJrQWJse/0S/DmkEdN7awqQcr1hGyiCGaqJVhLei2kzuPt24e Ab/VZRuMrYgNWZQ8oF2Sm4AdeakBQls0hgRK4pnEk2iwkJ4zNM3jI7U7gVvU ZncGq2e1hCDPH0+ZRCazCDgPspi2z8FXUSZSe3O5C8vJZzWNHKdFXbwRyqum 2Iw7qtN+mkTzI2MsioLt0DH1fDWNNlmfgZLMvnBImX1ryDpzGlvddLkDXS0C qKlzb2GCHU1QlN+pFyixYcxYln3S5ixHEgzkOpPvkyIjAKrRJMXLh474OzKU kYeEgzkdI7TE65uc/OHTKzUZJnh1MKyX1Aikl4BagwyzF/BXehpjEGmZaF6s UVvrfDJGFu2YIX9pk5/Ieefx0dQettQooivtxtQ4XhhvN85IZP9aZHLyxTCb y730nNjmPChssg4pE7dqvXlcnoQZjpjfWEcVDb6Q6CRnUQ4D0sksGG5mA76W Qs7EIxiTB8/TP3+AFxM0p5GZYz7NKea19OqloeZ/n8VoAtcBNri1jSnKsBst uWOzaMThCVaDJKu5sFu+X1hzXt7j49vQpC8btxCUG5gRSwkPAabmqAcaBcgQ XHuy7FovWp5SCYc8nqA+ctLqA8aDlorLJfFkkivFh+KICmQhZkbHHJgpRzin VkSqZUislwFSRDPlhdtGfCzePMbWQmk7aMhqtyh4n4EhbDh2SsasolpkS6GV RhTC2HJJ3UjqO7u8iqcQbz65/Fm5EAEO5mp5FHl5DIDk92QEGP0zArLTsmgS cEmif3p4kqr8TXDrTOUT+GvrVqS4nR6RhNfUsMeIqKBBt1qngPJPB2haSDey urawt2AVeyuEMzzB0nTGtKrlMWjCz1bZJQGYcISE2Voc0Rh+KZSJMce63hjY lzhuR4p0aHQXnLRa79ajDkZY+49IBk7bSXKpVTVoygHFiFc/j7/+1HkPnvPU HJ8YOPMxjFAus3GpbetIxVgJ3QENJTv2S/rHjmOvSoYkUYwDTCmYTjIGrfvZ FgHyFSKy17BWz68blHryjpE3lTN/WAisoUcdITrBKesruAw1Q2fDMtIgIByF GxB4pJFkpgS9JfiGwlHc1W1qp1bEZAOgrZVrtlxVOcBcyxQsVymJ7shjEfWF muGAneDSH/Dsoq11rmm0lFZL4c1DzDvmkRpkQzkXFtRDxDCTTr0Fozub4Tvj LFtXk7tXlMKrtLAmimN9G0shIMjCcdxW62yJdOGNWfrU5K25SOo4vYVaolHM RK6x8xwD7ygLp0olBwMdYrNsZEKsSTJEvaxt87vJ8pFXIiVKjmYn+C1YU/Db sqbgN2VNwa9nTcHTrP41kIVp+DpbqBTLlmC572Dz9ev+Vg0N4CMPsBgfyXdi uAjJiplTjkwdTQJbxqcIflZ5FqLolqjRhJx82TiU0nbGTErWGJE3JW5buE+S FVKMwQYecbg1cBxKIlOFiS7hG6FtzIiMuQndlrcQ0dhh4lqDazu1oTg4Dort 2LlP39h1qqHrr30BBbTRTWSgMDeLEpRrZmWzYPQq67pi9JoxTAMJolTix8e+ GGsOO8dSLn5lhWn0TIIWyg0RHEqBmLD8aZ19mmAK5xENL1wb8zw/YsQtDakV V7KWO9We/C3xyT1ZtAAFDCl4QLaCx0cbMPeV0rLIlo85ccaWDBr46QoLlElb sK1QuLyHqufVSXE6Cl53C40NlP+ulybueoypcRf5iG9r0fqmxp7rvh0BSoRU FcXYaJhsvTC5hyNd45T1Sk7yITueWF2xkJFriRW+KXUD2YvBfn/lFdyYUWNX KrbBplkprOBSCykmwjyUI9NtpEu6qkKmFWK0K5kWYaRGCS/i4gReDZrG8GgB IGOwptqarDen13LSYEzucE7Oh10iG+c/7DYZCG3fwCpx9s2DBw8cv6SzOLhI DIfh+6U9sIoJyWw6V0fwHT9H9wf7mjC9xNrTTq8vA6o9I4v3WZzwPMPhnPjH miOKxES36KgGcUhOPQKFLYQkH+paOTGmXknyN+VvmIKbIzaW0aXrYZkXqnQa 9IktSDBZ31wm7knkWzUuqZwCyxYHnd3Obpt+iI/vEP+ekec7cDzfCUVyl1lr oEp07GvnX2DisvkURooq9XxHtpNqQtnviDua69CjnFrbIiiT0CiRHboWBked JSir95UIaTwWJU9/YbkHBNaBVKIdbsG6gEECbH5QTnFHcs5Ftv0T9YOgjdvy fpoHEAxAZQrR6adtUBtvPmzgZPATu71siDiMTQxhj+LhpkjzNxHcwzcZ8CKA zi2iB167FhkLP9zefB/6reGXG1EZUrvxHawBCTnPKXX0TdQplWsRjmLO8aiz S4DY3cFzRNbH7WnI5d9/f8G/5wKbWsEATCECMYDpQp83zgL78kwtdyZCYIpK w+BmXCfIBbj6H5SOpkHabYC3VKjg+5v3hFmCt//GD/5NW7labOXS6c+FXlpc OFXnByQ/vLm87gfdnUPOK7J7IKciLnwaz1s6eFU/LD2aAUXl4LbfgFqSGaWH S7375Ri+w2INsCvgiERjzVhYHqPkEl9c3J9C2DvULMHFsV1rlsM63f8tCP4N zgoo0t9OgqtsVCXKoAqL4NTzu7lQkxQK1/c92MTVhN2dPZRVZPCLTz0Y+SKa ockbjexFHPYWw4Sig+kGOIRV5y27wr9MUpfzigU2tJ1hMJyMoz26Es8K8wxp HhkA7ZJAMVJy8t4oNQqvqiSRAGL6uw93HoNpN2+ubkDcxjhhXTNGxtDbYIbd Cbxx4DX9EgvjJg2PQlVlCPLUhdpTR9XF8A3f4YpZszEmKRaFpMSqeVjMgQea zbhVE0h1TlR9F313OW7JE9OzTLQ/rh7EDTV0bjdFMUiyOPWjJBlrwLXwhNib tmyY8qkPhljD6gLec+5iR0TCyUWVgXh8RxjzAnmCgFH1JKij6muNqqtqihEp l0nkzuwR5tOFJ2zFnptBI6YyHyBUZhl3CXP/E2H/E2ENwrYGPsntup6QwBJd RL0loruKP9eIrG7x0N3ZF2JLowqv/dsJF46i88DkjZXDapJ94I4ifPBEiwAU /ZjwApftCXqIwy29qE29e82t9d/ItbeWrzTMsepKrxFU+Fbi5C0Di9qVFnA8 Gxrrxj6w0OXBGTiw8GbZK3hC9tLMc93kxNmNWMKz6vTr2AnXMhlzmPRAcQxN khmi5tCi5qErC5xofv0mz0YZiwPL5NSYqX3znEPqZFcJNtrUqUVyK7n4+kQN 8kib2t2sDcGvwooOPQ7AuRqeJzGo1bCi1ytmbSCuZilvs/k8YrrS8f6qE71m QiejGIVWkx14kYt1Y2FprKeoR+B9sooGqhmQHRlC0pEoIbKBC0hp1kL7+LXK kjnSmh3Fxl1I7tOIarwsaNEPoLxZMCIKymnW9f/G09z4EMKZjRQqnTLpbV6l XMlwniWLNJuhGf2GOsZjwsFGsImTbNkzDII/S8yYjCD6A/aTV9EsIckW3yFP GxpZqNvbq8PdLad8TULlyScsBMtAFYff9PsXwdp2cjUqo9EarisaAlah7yrE lcmfg74sK5hrxOcgqBxoXH5qGf+Jz0v4zHCt0wQGL2JSE0hdVF6NxLKSJ1H5 CSSWYZ6Byh4S37zpYR/Dv8kG6bZqD/U33zy3Vm6r9fjIwvHXr1ScZ5WAvEqX qwkYgWhxj48XWKeShnyWEtdu1uJ+hTj86wThJRH4BRLwr5V9f7XU+2x5d5W4 +xsIuo0irsZM2wpcEPAMrdKrEfApuZbl2SDA0UTakuFeIs8GJM/yKCw8ySDP l2dR8tqSmFAtSz0+Jq5l5OvXx5OAZbBvNySbc0PnlBXYn53Ga36M689d9j8+ 24q6yv+BY0xNjW7P9YH00C8BNLSTUYCCP8fvWYTkMNS6sczGnBXVwFY/fxmJ 0mxRzuOXsOJnypCY1uexiudM2cR2fYb7Yn77qzit5bG/iMW+RFh8fETOswpI z2OkK1noMznoS3nn4+N3wj3FcXgLg+Cg9OCtbXv3+E0p33zlaFn9JxPsPL7n BlUlBiHgC+Kl0++ze8ZGY2pLbrNjlxMurKt1y7Y/qZUikEcNCdqi3VEHB4mO b5qhTZFDnOuEoZZueaIiC6V03wYgNhZZwp5sbV1Uj4tzwQldfDh7v6VrFXFd 4CiYwfBD6mfHCbQ0ajRSP1FnDN3cgYN9k6hKqUOYKXiUATnJyKVPYLtX9Zom 3BxR57wsgimG6RKT47VlHItp+ibZVmUNyTCKis3AgO3VE6JNvCqoKoL4+Sk+ ntc74OhcExTslvCkxCzOaJBWPQWnbOhSBCYsRuerLowDigsZ1N3Icpz++Wtn J9cwM/FLXL7BBjxIqyraMCcOJPFYcbqzbk9Sr5BIGRAm4HzEnVqi4PZ9H4aD 9U+jO7XFrhr2UvmIadAQHSnag4gRUGZqJypATz6O8xk3dHRqq3HBaIlKlG5J 3FpmCJhVtM3biZpgWI2ud8yeFPkOCSaHJGmCqkfEXgajEUGbmnpJDPdI+uOa Jc5QDhpirfROcI6JNWN21ORlmBBBtGKA2bvOTfAabfBZ2RgUCgvjIfIsK6Vm sVNwnJMl4iGIbVQQkp2aVO+UvdoUFKoTG3jdgC3/L/wLoqi4n7Ra/xKu+Lfy C/qy9Y9gxb+VX9CX3nuL1e99qb/3nHUuP7Nmnd7Uf6i998el935ufC+wuYmT aL56kd6SCP4tkNy+ucqKIdAu7KT87Qb/AaKtSjaYlRReN1FqMmOyoUbY9A7F eS545hBnHmeG49SDYbhyXXij0L+PeRGX+Cm9gDEDG182AEuAckmulXSijEqv ySmRJp1ZxyUIJBoVRlhs0JtW+sBWvkTROJuK2xhw4DDX2/augBT5+3nDzo/F FxJNumtdLBt66S2WyLsSWFBmG+xMgh9oqBpRd4uBImlHPQfTw5D3jFwXvu3G EBcmYYqAjBCgPRORqZNbIi1uqdAY3qrmIhUg/BleXDu05Lo3eGYS3YvxTbhQ XfnBiTTTvlyTvmVHYx0tzg2BRWFcV54DoMCj/wLLnlBMekVFbzCYYCa9B5nT JE6JX96XtxJdh9OFOEiIJhcowqKHGPsi8gW370ICfHlr0Et4CfvtDSQppJdq 0WMu60gaa+E4eF6ggMczrnHpvUU5Tc6XyhW65lNihs1IGNjsDe99LtyIMZe4 cebJ6gunri8xZJ0rz+vWIctOLQwsyJdwLXpJUzMddZ0ej+Lvl1wfCpHVRzPi 1G2THcp1KUIMPQlNCJruZYkLXO6QSJWAKGTN5BBhxpAOvl+Ky2ZuTfxYPVAN jAFVS7xM0+xeF0AsqfjljOd8APmCUsl1fe5MdsuNan6HZoVUjePSISb3oGEk kQTd6jZvwGjhVAmRTB0PHT0xgG+oR1lsu0igMcSdCU+fajppgJDeIuG5pppJ LC1QCAKawVdpTFChgFXphjMH9VPLC9KaV+4YB0m5zUM5zFeqro4U1+TlMoqD ajRRNmHLrMM0BxtxaXQJYWZyjynTKEibljZErwAtCi8Xk1G+UlxfeLm2Ihq5 GBi6xzAG52LannTuFFI0xWK9QgYYXngKpu+kbehrAlLXtS+m1C23U5NguFQG p36ViXQ/wbRPVIlMmbAHke8BzJYCG30Lrz7cs4roTYxoOaYqY2ROowKjehue fMt6K8uw86jEaoeIGvBm7naFBcFuJDVP8yyRWGMqSY2vZFUpJcFwFVKoSmGl ikLkaiwmhtcmgEnv/BY1FPQjAXvS1D1OTYK/3SlJjr/XFZLhnrWXmgN5nfiw crPCGCAWw015LiPKOtGjtZKnThvC0OpAbntDnorkAOpWTArdNdkKZXRD4WIO d2NB6enhcJDbawxvvMVMAPjk/Au8TPs7T+/jPEs53nXz9vy82GqbuofpMGFy Y5qX1OJeh1koJcHJstk3knvDUrRm0pAFPTR9kThwiu+d/kMMMjNl2iaSy1ZY wElQRnPqucjBb6NMkAoTPFAyMOO0g+vLD4BeI5NA3waqAbuZC7Cx+3WJQcBW A7HvcpE3mJybuFDlZbKPGClFekHK7dCVv2iffD+waiPeSk6I4Rr7+sKduGWq AYe52iNMW43EdqhrJ2rtSviafyDKOU6m5vayV3NpvWM6uzDzTCX6HznGBha7 ZcMP63lYV5wa5iFr5CurW8JQLS/ArZAKfOs+uLa4XLTAcvIqGRtLkt4ME31v JyDeRKiMEaS4w8SErJPw9CCjKg0oXYyyeUn4PM/Q/KHcN2h0WZ706hlHsziJ o9zaXDCx1m1nxq2FNGWbwe2uRCQlCc2ninTMRMwepOKihclATbB+vmuhwHXq MGo2N2F1bV2rsYA1UavuMQ+URGT/SbHZGKgec2IGuhi6oYQiUf9E5VpQn21r LiNrJ3RkTjPWhSmoxx2KkDnzvIJC571KNCIMk9mgBFbkCkqo9MAK0TgpIoM2 KPucp96RVtoGESJZzduSK108Vyr4UXvamEtY1ARIS8vobCdctcBpPx3PZmoU 0+7a0tQAsCendoRBMVQpsnjdVEvbm/y0ErSy2UJB116sfK1B5Ob1p+3bLSrz gJXpqECT184yIA6URNwICc394xAvGkWJ+gmTWgDU4dxMPqScZkObUWOz/DhX ab//fouUTrrFALC2xlhON/ccSLTM7duGTCZrnB7kGTUSMy0WA9Of01IFNotw OTPH2NN2/wp0nyC8uZu9U2QrPefrqygFfCLieG3zCS76V0JqOWcN2OWUOuD0 SzxT1A/oUOk6cyFyH+5uK0GpYu33sdS1E0zVSF0XMFaUr8GCLsXf4ykJrTK9 WMcaiHzmS6D0mg1gl6ZCcvnGCwvTEB2Huhku70iuH6lRI1sCT1cDte1hLUGS svfUlaiQZCtM0ED3yFgHHklhPn1kZHhHstRDa2mGMdhsY1/TVF4nLHppNyA1 k4dS18uS4X7Wxj32a5H2McFGTsCmPX8c93nTv7MOMJLvOsFHTgURKLjmy7jI Jipd6BfJv0oVj0rlDnZ13QM+Tq0OLgAoEh3tl6g2Ie5G8UwyIZ9WBCdjhed3 0x3l6drpfAFTnK2oFPeJT7g3n5NQsIwrXKctSgop6q6roUienXcmzmXlOv5O qbjHx9PRqB9P2LHyTeC7cVe11Hn8xveQtlp+LPmqTEvt4WHBmmqIKr94NGlj 7E7ShWMi4edYQSXR3WRojzG7muCJ82qYwMXAIulzziCSAjbIw5CK4qcjMkOQ CQfYMdC8OQp8G6bsjU73MmVwIk8bp1q+pKxhpSdkw6j7UiF/m/zrRuuh0KZt hkJU9QAkCD7EWFTznMV89ksiqprptehDw6Pegl6ee4WiK9DLBAvD2b9ZsdFV B3QFonajd7WNDL1K1IovudqH+02Otc8cjyTJh047G7PksRIXe5ln/Hg2ZpLy AENjx7EwYhRgFwgRKV6o6RRGrE3Et6aIEm8A3TocR+cqpatxsV5fynY2ljbg bLXymlMYCiZExDbeYqeK06RzwSXVaKRIJ1ahzhhN0rjEgxx7XTCxVjbFcx6G uztf2HkIg1CjK6rHxLt7yHioYnksZysy1O4OjIWDed3NrRmhYSQ/XRaBSbVv rFGhFktQb5pYUSyqgIcVNH1ylcn6x1t6/e7yLx7Th6NykZ+bQjW0NNL3gOOe 2hLd0ZaIYsZXHXBgmmGj5fwBSwGLJ9IjWG5+rD5hrWNGFtuxM4i2g9puZVpJ oe7AJHVjdjXdAacC2oYZhfCTrsNDtNjQt2ukq/q4fdDGAHOyvNueIdQcCGib s+RCOl5pczml7WHIAcoCXrddVBNnStdBMum2zolSSXNj6RniBcDqeMZ7W98W H7ReKLeTrffMS9UkAYY1YENoLj1yTRpebUSQxUcYtcDREFwKSsIkqHGnV1wL 7tyE2afT7A77FbWFEuUOaByImsJVJVF/4ZVoPcfWN1RbHosJI4+1OZe0ipPg NTU9pmYAXPXaJLsCHGDoKaecaqGwbfqmkhWLmkXZmvdEgbiWCHMMbsPktR1p M/mIhmR/0GndugCD8Danbhdu7acKvcbwGBFuUyHagQSc3JCKxFG3PQALSkuX +kTNhJR3y0uwE5A651delnrcZS2H379m+m5Jvy1ybzu6DVZCN6iE+mWtEirp nm5QG2nvWvJp17xbpu6G7ARBIrq/rom+jBhkEx5k1IZeIxT3oWkHpqo1+euQ q7yBlzAGJbjKcg6ySUvqeSXOe0APLDUtbiQOxCEL9NIQxLAfzBVnZxHv1naT qEmBuGRS9ww6aeeU266NwZywYYVi+rhFm1yAYk7Lw9xBqrFBN9YurYu7+4BH AEtCftb2SkKutiXzadSoixb1o9yriys2QtNUqtDBGoWW51Nu2DMDDR2rJ+FN KvxL4vgJTIdGFmGduMHV8qtVIUB4vTB/rHxj8/pdb8uGXkZE3eFK6EIgu8ev dsh8hRWGS0odt+23AAzvI0p0Zw1D5XfoMGFGpUNARS5dFvXdwgZEEcvCXrl6 +K17F4kF2zqZa/qwYBHydGHrv0rbD32LHTHj4nW/2GIcI0DYTS7Bwir9OiIN TvQvV/2+1IrdO6Z7cNHvb7+/0h8eHOx/pTYDwevrT/gh/vj61XaT/z6lsiXW nNoAMVsxsM00pGkzXjUdcssADzQGSOpmbjzGVHueKj5gCrmoLxLhQQjLHJT9 WhJOSKdROm5bW8uxg3YLIJ8UjKZ77Lpamq3QjSzKbY9TSoSWJipJVvid2tjW vAhw2Bmb7FTKlbHNzoGuTJBd6HJhtoJ3VEpJor4AZAUekFZABj8qPzNUNl7I ClKWcrkWE6fev9sTh8/SOcPFXNV7vxlzdBR0d0I0VJpYnN87Lr5Uqn6I8RU3 1d0Ru6bYKV15xPhnTbSVHJjtcC5w4eRr0vSRz4s5Hr+oGRl1aAX9iRKA9cOI A4iU105wFhfsKZbIzsWSwZElJjjKHOPYUPAHKm2L7TyImqapO9dmQjNgHg/v tG3I1DLWiOoeiPaiSs1xDWTTwEaKwBAQsBKIU8GJ0dEUMeNKJNyHzI/MwEAw 2WpgtkrlgzvBx1RZqxWxPCx0KTcAg0DRMlKIw1qH45sbGyBFcqK8yNJlw9o4 OEL3ImXEpPpXaFFF9Y4qFdW89ybKDmgr29ltzBs1Myp09Vm095Sx7SspL/Id QuOYKYpQz5t4qFeyEV7ZrhlJLj7eAAPdRBaF+/84oIjiGxaa+xihXfJtvM2V wkALTfu8bmQULZzqMrB6SuIBzWSRAUf4LvH4bYpT8Q7H3mXyxte6aDJyzIyx tmOAwZfUdXhjKfrri8sPvX4gvY1tKyNnadRAJbbPMrG7UxS1aYyWIMexJIAN y56UBKzxkAK9YmIIUc09RoDLSxtcQjyOMy6Pj+Q3PNIaM55ReDZKiDigDlGn pz/EIIyD2hY7rdxrdRixxvjCrkRH5tiCgI2R6ABnpjBzMpqtCFfXSrUb6L6p 81zMQr2JtyjYWfKAuIE3/2HC6XkYPcoFVjKsJ/loVxIGtxVUUCsivgVYN7wL Nj/1wquz656kyrgWAuMITBKRbAZ5dgc3kCTMG5LH9rE8YURFZE6WcvHalD2z afIntHDakCAh9V5eX747RxEEfix3jfEr5NYyJ6T8LvuiyTyrSxxvgLLY8vIz N2yfn42m4k06cav2UjwmQRN4RCtR45It3CBUFmJI4QP/LviY1+rs+E1l6lWF 3e4yuHjUbf0VOdIHKMDxFzUKuetcrbAYXuSWW6OKw8yb+qu5bq3Ia+xI9Ra5 gGYLTWG2gBIo7sWJk/ypF/uS5QX15bV++fKCpuVJAVrMiwFSQ/WgWq3TdVk0 UqYrXu6caCl7rdNjYpxYy9XddG9H21ERVklOTiQz3LTS9u2W6tZaNVnKfxO3 WYP1TKcW1PrvOlXPNq3lk22djQUxsXHTjPvq8eX5dfi3dMC/Av8aD7j134Jb U+YzYvewX98z2Dw7f7fFghTnP0hkVlR7V+6+9+o7fFVriA+ACPAcDKcjkp3S 6JETs+4V0iUhgs/NYYLndqLNi+t35+iR/i+YZLN7hKXlDNURMYZbItcpUKEN hjEVJpR6aNw33dTtgkOo5acNFOmPBpQIdIYKFkXjCmUmk6mxLppK+XSay4Eu VdmNuCFbRf4C6rrSWI04YOsevUJ17PQ9ceJcVhcy1ZUXxZ2s3cHPWG7D9MT9 my+yhfqAnQS4Stb7NkwI9QZCagMRZo5/6HhkVrLohY5UrRNRg7/BlJG2Pp9o CDxEm6l9/obn5HTkxWCGHnz29StdiJEaw5JnAOO3Kt3cCsI/wuW/A7H6bst+ y+QPPufvUb4cls73Z4q+H5b0Hj5TFK0Wk5kf53c/6u5qlqq0gx8L+7lVmuHz YWk+d2yxJs6PBRqHzKgRv4hA/bEo7KCe5ZbokwXKOJ5UXloA9ZIj6SUYJxgl jZHEAHVRp93ggxMvEaQ5M8ImNPyL+/uKp/8B8g+5LeG3fwR90NLhfIN/vHjs FWkU/+LliOCw/wj4jINvvcP/R1h/8Nkjrvz3ggfnd8970Ek3ef7Uq7ay8lCW hwDoMOoz2Oyt+A9dxXMeHJZPPegk7qzLEapNjQDgzdeufB1znj3is3dtcn/K aBDCAuB/OgEIr6lTbEyuKeYCUbcyp+i2/0RNSbhaqnBJ4yMpeMPkYt+Rx79z 6/To70/qRe6ZepyCakJqJOooRYxmxChVVKnUEYrtIH3nkeDsQjbnjsLC6uqt BZunKCeQFEUCLRPj1ZwS2b4TCSJcJCNPNDa+Zl+f2NUobl7yBpcrqepaRsed fYQdpQMfdI/QWWE8RljUNp0kKkTz1SggV7H2S5NdnpilIjZXyPJo8lRStU34 mcTSCLfENx7ILO7IcMhRQf3ajNgesX11eXWOPBcj667fXgdod0m2TG176X86 EtMuOo3dDaMExgZwlr+ewVpwgWcXXO3n/69MpJGLvDfxakOeG87ohOavP6n/ FXe7bSD0u/LdcxnOS+jGi540S3nqSbuU9UznmfR+PcFf4jsW0AUfLAH6JXDw zqCLZ9DVX71oEGIAgMnnX4Dz7SL17269cJDfAibPexI2+cSTz+ODqxihhkMX 4bC7xXPXnxQyJBXhQXreku+eyzNfiPw2N/NpKA2lTP0/L/LD/0kkQB2Av9FK PMFiNA0jK1i4rBfFCU9cMDKB5IO4qrwYnlFz6SzJFWiod5pGc9gC1ar+rlb7 z2GXwD68AGjNq1IjFkQsXkRUBdP4I8lHFo+NWzfmbt8Oq4+5T1iqeT53IZH6 amL3d9JiLpEVpqp0un/qloS0NbfnAsAPB1lWoYpaJbh/mo1ydSF9tFv/G/ZN gtulaaFiFE4KbGmstJ+aLqlLaq1ReNkwpUUWzwZB1hnumowqNfNpG4Kc31uX BodSjmP20VCkFUJdsiPZFSSClrPbyNtiO5B0+g8gN106cpMvnuIRbrV5W07g lI6Fcs5HssIoFHcFADg4noU9TdFshxOdeSHrMLIcmtPI/yxrgq3A+ZL/R2r0 FFs2oSjHIiIxucYeHy2pwHCHKZrnlzDXKZYjyMtRF54Mzt2BTOYMcXjbehS3 TuYd091K6YyJTc8Jeh97UnEhVURiHV2p74yN+xA8QDc4Az6KS2N60mBwQcWN LpXukNR8xX4EVvijzvePy+eeHWf6DJdapnR+IWH4TajCr6d9zXTvP8X+BrF/ lYS7bkwrwTIclp9sltGanmyW0f4p1JP28578v0vq+79N5fk/IMSGadwsyVpT VN8zRUnxHIkvGuq8eG1BirWDhowxP4r1c+tHZjFpiGUxc6z7UZTxkLqy21J4 FAFDeSHWHeIQW4rhikqvsp6uxuC2vTGx3ETz2y4jo97YHhMTrMFEQI7xVsLb KK7aWRIl/snIzrZsoJ1yyJzm6m5PKaf7vOacFHIalnk89zbjuhQ0D+GGjlxb x/Iz6oqEh2Q4OTwm1Uy4eVSNy3Ww5VgBKyEnXdvUM2zgWRIAZ0IkKdB7pDB2 h/yQQ/IlO/UoqLuTTv2RlS5M5RXOqivz2u4xqm2OaZn4rE5byaORCrPxmHuo 1/q0NbRbBkFZhPEDuL9LURwwAjaYHmRftG+MwivQqCiBga1RHE3yaKZlWGrT IoF/JPzhujfCf2zYJuU4mohNlLg16gQ/UNDHIqtaFNCKBXJQTUSZQCfJ4ujf 6UATDpCR+u9OoyLRAVk9LFSLssTGcSJBam7bZi6jMcUEoxJ919OyBGVpe/vh 4aEDwAkVJcF3snyyzSm4xTZ8fHx8cBTenvdvO7PRi18pv5QvfmdazhLWaf45 BZsXuDaEtu8+4RT77V0b6x609sn/UKfYU9x62S+2i46x3ZpnbPclrjE8ARLS urUTeAkwf5sdPfkgbLX9lHHxV/jYdmtONkbMLRcV+cEuQr1bg3p3q9FY2aNw H5Vv0mHBu1t1Sfg/FrVx4c968P80andrp8FI+jLUXnECvx1qL/lHoyYHqRgy xf4krioxPf24vLwf281xSiwDDuX5dlMEnJcpztYrDv7lsDbPEqBrAlEpH+Mb 1OPXk/C4Fy3lGmIesSxC197lovQ46Y94j/5BB/gjS1H6Wc4wvI+oh56b5OA1 nCyXKnM4/Xd1Alst60FMDW5knRRYke6/Krj8cBb2eqdd3cQU/sY/v37doqLT LF7F6bzigrqpHpMNbzaiyBQGRmmPwtsjvxaEOYEgdtd7KiY8P3cApWYDSpEF dSCNLV88iE1quQBiw4iByjTSPL++/PD2+2vMDbIlgnRAvx/Xo09ebGtexrXp c2mqL1nQqrzjoaCbUyM5Z1waqHBgIn5yGxtZqBLjidz0DcRNUndMwJETRuhm d3n2N35fKjRy6nPNMw2fY797Rhc5KBSnUL7T1UYlDtPdV8Gtg2pQBaQJzzog ZBeUNc29ifHOm9fwKS567zcw5o3js4WuImEKsV5b7OZVSM2QBjHdd/mLS0NM qga/ybLHCLNlevGSzD2NQFtDSyJGf3MCeWKKE9L+zZwelnLVhwUFUtva+gPp J17iVzjPGLSPiNKQqa+8rqABeEtDV6D0SEpznFo1TJCeDImMMRxP65WC1YVT MXcSVR1pu2D2/PiNvs5AZM1Fh9+4QW4VAymTuTmjMhpFcwJFj2512LMhb6eU 8bXlZ2CMLGgAnPrmLgf5UliwLhjD98aviK4LE2JHS5PtDA/H3NHYqL9MbUI3 LVrXTjpNORdoTnVZuM9rrKOJze7NenGhdLXEcsuprkQzev2d3a+6TcPri3c7 x5S4yxfJNlGhB+qpAniC96jwLc0Ih/M9ApkSBqhi6tKaMIRZF1vlOBF4Ekar sFqL2C9ojYwdxBlyv/pXrYqOU/DXatyuEUPQUQziZc7h0Lpeho1yjrheCWWQ OihLoeS6sbtTFtsWCApskdn6oVMot967Wx5N2kuUmLP5JMSkqkSy8LprL6SE OOeYAo/1KlSxkwMO/vL89k14r8pSm8a1a4MCbr3212h7ooAfLLDr3FTMicfO vnZ1JH9Imxasnkh20KaL4hj+nTtjY5BNgY24FKhLjbOIS2ah3YhdRW7hQ2md Lbszx6Mr3mH740LKC1Ckk5cV7FM4LS5wjQdNZsV/kQDu+FWbPaHETePVoBEC 9ZrpcKtFF9B2Q6ZaAgDyCWUX6oJEls6XTl1Bisuy98BityRYwxpnJ5ri+yxL Uhvl4m84xEQe32gHG87ZOJ+Srdp7kOo+6oRi43LROXB11yllWlYDLk9L3IJz K5Cy4AU3RwgysSC22OlEotSJ8CiOxORl0qY1vMjkXTLjC+3TlUDg28HCq87g mN607RATJDiuzQoavp9MdzEgFy+3FE89kbNeYMJKfn4ahCt32Yr9I2VCqY0T jFKZ3UW0awNHbnD2C8fSxQS8tTmSHx0xTmfPDZAvE9HA+NLYs41Clw5PpJJk 4qIWmVhYn1VFtGVvCQXbwTIC8kp8DGxT/UNd/qiDRnRO423XZQkighj8EXM+ KKGPeYZTLt0aVDoAUtrNiOP18gwXkVIjDl3sBU5bzeYc5UhlfBbe2TYAhkyi HorJV7ppAyXSYEpw2aD4cJ6HI2hp6zojZbEGeakKQsH5qFhBIdV1GHWHETkh 9IrUrb8/cD1Zrg5bGcbE5Yw34nJDKwXzaY5m1415RBwTPiPBeqNlIwvYPnuW wWLpTfqGSqEiSURKI7ooUxhM/C6psIdKClUPzKFuFWyc5STJlCUbfYIiueji qUjMKSIES9dm80VN+9VRH1zfHgS9uDB8R5NTgELBdQ1xnNo+JQSDDkPUOSkW AZz07A2ncBHRdxIzcRyiUUILsEiai6m/5ws05oLs8nWS6NIwvAUcRA7aJCFj nxbi+Eojk8F5wiOJgSHVQkqf6TmJ87oChonFrY8k0joNeCIpcJisPpuhS2lk syVtfQaq/FOV86qOoqOYCzKZmBFT3JEFASErnrCrF4KsPxbK5KRNaZmUEu9x liEr6Qud3x6nU51PJVIbN/KxTV+oqZCUVjXSuFx2U4EFa3xVEVCLUikucIQu LV0cr0lzE/liQDUfckWKDTlzhlkOnNOWcmMGScWMDNSlNpAurIKq9s86vVHK 4ZXSma3ziy7Jb3FBfpPb8Yyr0V5xJ37BheBaOBRY/s10focdsa4YYl5eO0Ke CnlwluFUadEWc5WX8j03dKJn6qZ22qYETj0bI4QLrEzFhMYMTPMmwb9K7hpD d25pn+qeSu4Xul8flt+k6riOoNaEpmKBsFkBy5qIY18Q9WeGdVWpWoIOl+N6 h3pQchKTPDjHuRnz+fs6ZeFSF6JScLVZUyNLeDCTJknhhv9/XuKmzRtoteqp BFKeSnJfa+m5DA5AWFH2/OQPZyp6/dQWeDhDTXDz9Pz0bMtaB2hqwXfcApZx jbwRdYEhV6ugOoe0eefRQtfWNB044NhDuQsGm7A04lyXmEn1zXLHWRqGqYNJ 3ZRFixIBgo6h9HKe2qznFVRlC4LpSoy3K5z/5JgXRigSIEnWo5RSDCgehmqO 4MJijF7oGS+d0/JpTfqqm2oPJvqL9S2pBGUA4EN6xp0Li3rXIdOhvXNAFhXY A1y0NAPGyNa8L5hwgsY8abVX7/55mi4aKi65SCx8isz3rpTMthyqjiC3TcxV tWq1bEANxgCMwtQII02PCgWTmQlXZcsRrTU61jeAquv592/C3tUpAbHPv7da +sNNKoEn9psqpWJJvoFNW8ul62IkRrXHx7dXN0dHcOfIdtBkK1gFObatGbar MZlMdCBsRvlCDPd8j4dDqjRKRQGNCQmL3rV1SAetGpvJUe1Ir/QTDZsP4pIq gpv4GL19c3y2hqvwXyMx1OpHtVnc0EyeJR1NTV3Zg/r1LFcQJ4JJxYCoQngq 5b9/ZjQ2Vg+K+xjnUYWla1O3lVPHlALVpUHpYKXajJab9AYdU15fH7ns9SWn jR0fRgVX+tNDD9yq7EtHqM9GSyeugtN4TmZOIyN5df1IHxyZuCcPETrBe4wq kYW1NZbb082zAVVJL+DkpAnPOvxsg4CTk3VEpUCwdInX2PGS4C2mplPrDoP7 7zCbM4taaVxtuKdr7Kwvtad6FtTUNG/QE7SpJ5jggvTQIKDpYsRrLjPLynzx pZq8mIJRNVdUOycmrsS2wbZpKBAnrsep7Vbm0lWVqFKNcGy7Z70rlwY//w6z E2mVpbVmY/Wor6b9T1hW21R+U80dnVsK5a09ZLR1iMXNGIXbuqyFLpwgy4KL QLbSaMSut0ykNQACTKVcqdBAsWPpvjt/vWAlg9G8PgChdDqLULCqWYCbyza6 FZY9EzBVJ/TNvqccEkXcecnya3QtV61wzb7YJ9a0RN8wLLHnGYQ3jGct02Hs YgYGsVFK1JoOHtyqT8QRfakQQ6g6OrY/4FostWI1UwWsmhnzmSqpZh0mPTeU btak4fEbp5k2KCvv+VPTbZy56pr6mGtaTEsPcFOnnCrf6CLotXrz+DI3NQ/e e1XQz7kq8ebV+x9A7JaxtnTPZrId1F0uS/U5N96AAB32p9Esls4ypwNsCbCB NVgXFTqpAmrrp5MltB8ca4guKhhrqu6LO13U2pSKy9Xf5UgpAUjubc6xsH5R XncFm2/6RoDXtdOsR8fQ8oCqklVpjNSL/ZeS5q2jXnUdXjM7QbiYRUmii9IX bgH8YWYK6xP2UJUyKWbvtAG6U+5ND0Afj5leG0z0ikhK33fbDV6PxBt4G6FH PEpDd/28cJjTRq9qSUYXdEQtG2gYfRFS5cYgouNVAFZdINwipK7/TG1uBIDZ mIyGFGbrRTUzXyEYksTjdviltHiqhOuU1WO9ylT2RnlZ24bIpO9YY+Xyk0Gg sF2/ajqxrJAKZzcrC8f4GFUHOjriFtxLgF5C9LfXf+baobCRkO1qfmloK+qs QPe31JSrHVwrkGTykonFn6P4rkqxCjDW73TzoZxxpISgiaDWzhVTXN5ceU7x 0a0gJHkut3WVpPwRNSORKw7aI5bzkSIOH3RBQ7k8KVVKZEJi6gCLoEbc8UG3 xja6PvW1pLCCklq5z1DHGcDKHuIR9l6wLtVgk0N/Z6akrFcaMZgnVb0oDn2x pTtr23aNgLXGm+IsncrEY59229NdtkiCm2AxV+80jTGWmlJrNyX1dxuxhG7A OM+0bjXKHlKuq24haUzobIlKMd793oYXxGXhmkR1PAxd1DFLGituqdbEXaFP f9ZIF1bQNRvWw85CzVo0EdXODOoFYWGEoWKWeumJX0JR1zoyKLybXRhY0/B3 FGsEM1CRLnZTcLw5+ti4MG4LRCrsMjSuku+oDnxmouG19EiszDFQ0+FQjjFd zU7Ng+GWmtX1wTEYHv5IFuRiAGDhfkOOiYNHSJTDZFS6Hd7SdVqrK3JYPHFq 7Ua2Rq98qRES9x5TM41ae3jEulCK3ZkqyFVKZ6aLj4eU53e4Hw4wAcTHK1M+ V2dbcrW6Ndt/6d65s5Jt/Iil+TBtEq4Xcg2PcGP7C944SsvMAGqFSHVwR62b AnX21KWJ9Qo7SHnZV6IFNZvRyHVPvA5lY+pq2cD9dAk0WRwa2TRm1Rrd2rdd +sFEA9RvvF+0NQIdbsrN6XXEZ0v0aYJxzrkrjavTfeeX59VRlO8vX3/E4uNb rBxpBRi4CFdYF9hSUVovCoYZrpNc4tA0kv25aIy2Xz8+3qihZs5fvz6eBOy/ /XZjiF1CVb6hw5h6JOvE6JRofg5tGlqcfpTfgDlXJaiVP9uoLbwLVDVcF/dt LvOtgxAVVmZ2+pSRKKhLDFcp4YL4x9KFY6A3b2wuGyKdAvxfNX8ygRcKWzCk ps6NIe/IQJCTc3OWuq97VC0VYpYOo7b0sMeQiRIAS6/m+Gv3vx/umyxtY5tk bVZX+dMV+DUnZGFsSdKiy2t7r1A4XTQ0EVm15zn2UMxM3B+TLslu9ygYxKVX 370d7B53Gz7FZXUPDpe+sTuXFZNIrvK6iED9TKkTUq3ccjsouH9L8w0nvOcH vCtEgT2uaL5ErOzKjLXcyH8S2GRUONJB2RMxUIuMuD72HtIeT325nG4HXn8D Nq+6Fjs3+52CBoWc+4rswo3disQelCjHFrTaFs4WPM+0DcJpgk2Xvd5Zjjiz ucZytmXbgT1kzmxk6D+B45Tf246EgnJWbiIhyG/IiK+9022JKVQhgct9nzRt ZfuvLA2ypNtTawcc7/1Vn/mX+ov4U7jjhTXDB32G0Sa+s+X2g6ABLkBMoh4o 2I1l+aULfGcblHPs7Awi4hU+FzsPbsIK9KjUUMLr8bC2G4QLvqW+C6bPJiWB UoLkZco6nXkdq+Bz7fjl1zNsDzOLURWtWSQ1QbAeAACvC1CvkK3u/cXzGIEa eDHdYRI2qTCu0x1HEzabk2i/M2ZTK9Ywqy1sIxtSMHTLbiB6He+8Dc3y99Vg 7Lc1NPieZiaeCg0Y1ITWtdzMsI+ZNKox5ps2qcXYX1gMIJrs+4rtmoYn6DLA DhkhbsXfiViB8LPw6pbxsd/3I7S22PEeTBcwHY0h+DR1Mdc0NRDnq9wCmjIq mSNwFJRuOCFvLzreldARm2I+kCp3PAyWkbAbcRu44Aa0BOZeBTsaTlm/RB9T Fd6i4OvdpvDjLdqJuP8UltNTGDMhI1z1NZCCDyw0O7eKjdKYSKwllzqpCOLV Tsodah+nly5SscVb2nMSLZCvYX/vhhPFVTkOSZMsbGI2ayq0LoeLgW4U3ibV eh25UTcRJCFkrqyUrVuYjIguYD8fEydk1yzL1Q0OamMT+NQXuHTmSrvT0deg DEorZb9vVOxPWduYfqtDIBFHM2XoABdD25MJCmBprxogIIUcwlHr+6CZdTug XAnijXIZxVJmAzRND2YjAMmwcJJnvv3BdJGwWSCSQubhik75MEZ0pyM8b8ft tbzc64dSrU0PR5JCTt1u86RFckMYwBaKi3G7wkR2SO6dbfuCSBq2KcoOdxWB FHErG6IHtiuJ5jEowxjrq3Rwqci5y7HapNoIq/2GAPBOYh8crohSGt8MfECk D8rp0hqjtBcZY/q3TryvWRBP1spPwWb/4rQbooAJG4Tf353jH1ttMXW46QYi Nmx29/HZPRBWF1w9SBMLuqBTojvOImxDeQr/BsL/haxiPpcSJuJ0J7RVuEW/ xHtlmRzb0GRpP1DxoTQuf/btz6LvCaFpa80s2O/sYgrdUiF5xFtDSLy76XXl pIvXCa6tIiCDzJA3tx2j7dGONcwZkJi+01proJPVpgEW3zev322JDMeA2OzD B1qoN1zcFDJoOqirLZ3+6BGM2rv8dLsOR3uAmz+sOOPNiy17Hk1L4On5PlPN OkuxdahPvQcMed1qgLJ1tWRntI2rbwEF6xD8R3D9DgsA4H9+wIzYi28P4MfF t8Bx6Af/1eW/ugeY8Ewp1/o/kj+89gfMAvcF/tOF/+zC/44Oj/bxx9E+/jje 2aEfu4f0Yw/ui/8K/m9//xDXsH9IS9l/dUQ/jvfxx8Huzk7tFRypu7d/hD8O dujH4SH9OOrSj+Ojo9or+PFu95jWuM9LPdylH69e0Q9YGbxiGuthNEeI1KfV +oE9vuxs01+xjTxCKjyZMULoKIaYzQyUMEHVvIydDlDg9cLoIeQPZy5cFdzZ 0aSQUbdrG57DXmzkGzo1c6qie06CQK95aeXLJCGHe+gMZvp8uaSOGwUwTq7Y FoVikOlJ3PXskMLWj541yrXfDaRlpmXPLE+LRmbsDtxmy1o3pS9q6eaZuHNQ 9y5P0BW3pvRGWiEOAKxH8bA02iy3acI/ORkE+8cAyMjbLmdimknN0HdeZtLB y/bespsgt0qBU5JjRhvOyPen2465ltIsFVGAbQiYiUsGIesAdEGpuxPag9E8 VPJy04IxhDO03YQyxAzf9ogxJ6Kw+XjAhhixRnCbEaaLRi228Tk2KVKX0HGN ZWQGYduzaAIYA2rTvhrz+1DhmIAilDidr40ZV8/LSJSLHRCkbBC4WGrEQzGW XRtNQagBY/tXmZ07Tf1dBc1naF+kkBeM+zQoWjTgqGxiaKLAI5hM1mEckOJe B00emY8OTnB639m0Fan/o1CUvwKJzORbu9FTnJhITgLbOQQTzOlgndtCNpli FuXI0HPqNJpyxi/3wgm+77/mEoXjaMjqPVtpJCMScyujGaOLF5yFyArnRbIO RdDH+g8SIpHx27QswEi6eLq2EZpPU4zmp5JX1E5Rk8aRAoWBg/LpsmHYsDLd dUyPbvsi+w8Bqz94JT7v0Ug/i/6e6eagDTWcTLtLMSPY6yxRZ7qiFXUwpN9Q yxbDkKYSjeHo0iwRk3ZIqJAuiVkuYrVErvD9YIeTKilkrp6XqPMDvVxYOnP0 FnLEjA7uARl8hAWgMCJUniSh/fZ9P9jt7NEgZx/6/fOeUVxqF0NTfMIE/RpL isCaQZvu2QqZf0batXAMLa7ZTCMJtT7Eqk26961LKmzotNwp0ITmDFmdZbJp teP9DsinWkGm1WyJui97onXu7+yh1k/xD3Hpmpcz8t25ccOanzgRnDo8UPf5 ZNELJqA752Wq4ap73nFdyQ3pL9Iy+hJs9tgsh9X7Dw4Puhg1oLccOVxFXywt xmEXdl3/M73PGliasaF2TB0SvLDWSdaWnBvAMSKPNjXFuBh0xjFD23HwFVRZ VXufjd3NTKlN2yblpzRcKxP3qN5SWzS6Yonb2LUZWTnlQ+P4LCQdRi3jNFBT lK7JuWUcHzVwiDW5Dg+52YUbiaKPgcyWEkOvbZsgl6tRnWFqNUnmdoKMRerX V2NpVdrejZ8Z7bIOIUkQcc7D372etnT7cXk2bL0jTn41ZuxbW0xvXegqOVAk /NVNBWdrMF9ZY3pYQUd0vmN7OT9qtEiBs9SbPWnByL8T7f9V3bctt5EkWb7j K9KghyHMAFIkJerSsyWjKKqkllSiSNZlraanLAEkyWyBSDQSEJul0fPsPuzL /sE+72fM7I/sl6wfv0R4JBKkSuqutmWZlUggMzIyLh5+OX5cEyIUTaUzEXRc U3rDCVVJbVjWNKeVVcC9LgvEQ5xTw1ChDa+IxzSnqhjnywSoypDW35kGoBoD gPCtpFqFaEPrQQFDthKEl2315pzAA2GrGPpdS4asS0iL4IBxxbMOVFwINMn2 uiry9+xwNpy1G8s67mser5XB4gPmxJwAF5J0RvJ9IFPlNlIjnVDjLH6gsXsW 1USYJUuuYqrlLe0+vRB7/8QnLR25STmNjIgf7/jQstY39TFTRk6Bl6acqhMx fqcHRaDJ4Z4A+0tfwFlPohwfIbwSVNRbqsTDsW0bZyDRzwHrQuyYBhhCZuQM 27cZJg398ZU70Z8YQkPtemE74gumKiJZLRBjAhHqoEfPG8OaD7mmMmPK0qer czNN6W/QX0ZMrqE/BbtQY6mHOt/6MpZ2TY2qY4gurgJ4CI/00BsRA+U8m1Wg aFIbS/ReZVgfaUhWa0BzgjKqjs3P82nwJXH9O3uUvqhaonCLap2eYAA3p4BB gkw+wYI4CoambSeZp2r7zC0/G4oxl7nX8tuBZAASa//wJNvY3nnIIe4Q0Rb3 FtyPW/S/3QRWLZEax/2D7ofy0lgdaBP3I0vqkouPm4isC0RaZCNZ45sZu4be xa31mifCU6ahSVy8sbO124uhqhtI1uwHK3U/LI2bGNqoEytsbFnLZzf//PY7 kps78R22Y9fw+gMAEzbWDHuvdSQkL25wf3vH5Lj8roJ8YFNAJz81frZVx5Gw nx3XJF0JDYEnjVWFjebE9lo6sfIjJ8vg3r2bZiPpxG5zJB7tfNlIPNh7aNrG YO9++0A82gkDkXTinmsSI7H78J6MBP3yJSPxXeVE1kLOLD6cSXKLJGrpxP3G SPAsfPZI6Chs3925FxaE/KFj8vBB65jQUzAm/8ashO0HSVJ3ffDXwTVu6NL/ ArMDB5bU32yHjgHKXIly0XX5uRr1GOxoAYu1cZLuX7uZsElIc5JjzidazhUW ehwhYlj8Rt2Dv6u23MDudRfwHZZZqdzdpPNfIWRiPT16uA2j7syh0sYGxJiu 1pyvNWgQC4rJyys+p73MuqSDmYdlpU1LxyzleMNBQGZJC+7csSV0hWGxa6+t AL/YkJ2g3TOpWboWWsiD3K3lKoM0NVycuAQNNKBJdLJMlEFAEqrWw5s2s6cI uKu0sYNIrZPVOI25C2MAtDGkxgO3MIMjMhGS0awrZhphgpvrjqN4jPyb5YaH mM9GOdWQG7508bHVb0/SAfPftR1Bn3Wi3HzN13zrLutIQMU2+UdIiD5PzSc+ P+g7RC0yDq1sP7irUY+b7qmTex48RISEbtldewtJZ0RcED95hGjK7v29vXu3 3lMn92zv7VjYZ909kHjhTTiIc++Rde6mm+r0pp1HDx5xHKdNDjTrCpaSBwTa Lu92n65PLuFlW8CBwFxf6aKr+y1oQ45bBH6hrcZWWbPyG5pYQ5m6cS/cshlA Db6uN1+5Mb5qR/yWLWE/2/6kDT9RBWt++fDu3RatwN26vbe7c8PXWUbaTEsL fNmt/Yrq4Eq/Hj24pV87D7dv+DrL9vb2PqNf7t383SvaoX25vbu9MhzJrbT9 VkY06dfOvZ22Ic/WKZst8+iGPPRr+2GLJuv7dW91ppN+bUNSfmG/oja70q9H 928er3t3b1lfu7t3H93er/vu4/ir0y6b/XrwyL1Ky607u3fv3/A1L8DPmMf2 fjkVuNmv+23byd26u716Qdqv+58zj+39ihp488ud+49umceHj1b2W9Kve3s7 bVua+9XIbioaNepC3eQADtzh4ApHpAUsMLnu5MMhsg8cwc1PplGZPyoUT5wX SvGmWF8F4OExed2xkszZ27m5E7sb1Fzd68KvyDVBxIGHvLqEzE2xjnS8wuQH W8tWJCDJPiA/wHmKmc1FWnaXuVqGNzeHc7TZnG+Hk6juZL+9kdU+ZR/v+AQU 9SbayAXMDvDpmuWiDOAO+Rk1iMBi4/NNPMi2H3Rh1zOO+yV0MRYzNtKF8OjR MoCXPBT7yxSSEG1J/Y0WqylT4KHm4yBOIdkY6pJrJoqoOlbOUROoYZI1Xtqm LdG0Yv6Hvo+Hgq19txtVrL+nhmU/B2lXkqu+wPv1+ypYfp/EdzqiM/+XF6+e Pf/FrEUn+/ZWTpGGZFw9/pqKTGsLWZbd2q/7O9uxX6pkRUWm5fzzD25Tn9KD prWF2/v10879+9uPmgNm37YNx28br/YWkn5x99tu/scrylHDaunXP1Dxy1ZU O9evv5Mis27A1JSdMlfw7aJzFQp+kxztrxOin2em/h4ydL3vJvv/VYbKz/HJ /s7dew/DaMmPStT1a6XtgtTmam3BRuuWbnGuwOAotBEke2vo4DdJ9rXBh9sl 1Yrt/HtbztmKiOSfpuX8exvO7fJzxUD9ve3TdvG5YqD+3ubpmm41zcDfyQrc Z5qS0aTIHZTTRWz6URNuCGSV65ptM7kWBt0U1ao5zlwLKFWK66jx1xKcvlmt N3NDs64cLalrR0yHkTJ2WXJzYKFypWLqFQ5+xi0YSDMpdG5oxuwHjR6hHMyr ww87PUGMff/syJLzGEXIVCMBJWMMDhGMBVZaanoClJZClD1bdW4jLmgkflKo 3IqSr2fz/DxySsSaoso6EPAjXMmFhpHu+eVk/5eX3708DfynNJyVsUdnyn5b LwvUJWLiIdr4DBcMuJ08En0PryO3qCSOu4LeXGSKg088mJfFmPEUNpjdUKde C8jouxSe5Xv1JUN1j03r4O4DkO162B69Q+sjmQYrn4PIVIt5YnwTMtj8bKGY MjdmNOrxgmlIotAO/rL//ekLN5xWkkvXk+wl853sbe5u7kLx+fjx5GiwTXrt YPfhQag7L2DV9Qvb1jUz94eFlbxBzGeosnpGY8tYXwM8z1BXYhF4vgTeWAuq G4wtHOtE4vCkqjmuNrRMC6ZV5rsZioPvr0OzKNzKe5XBt6VUSrD3EGCNIK0N reS7LGy3cC28U9dC0yuycfRu67RnnMwnKm8+3jl6d6pRZyVNlOwBzGqkyrBE mbJeKIet8pdbjnTCyl1ODWUvaKYVN0j0QBjGKfGKeA/FvNDKL4v5slaeDuOA ZwCRuTasnltIeVQmi/YHRxrtY+V1QDGyvkChQN6L51h/+OUiqaXAlG/qNeD3 NHTK3AWQ29B2iwu+x+zwlCmTZQd9tJwKa40n1yxNlw/pEby2q7MF/5Ey5ARI 4AfJO73I6dJl4K25xHYIyX8g3ENaA3fUHxvh5ZnvTemGGGid0vEMl+c1p8YG rCXLb6l/JYehaxbT2D56fYkw8/IfMgy2qEEEwdkPPu+G0+hS/D+2tBSDjpCQ 6xmWgkIPHjySLHKpQMSdZDa7alKdXyskb+s0lMNTRlROIOMvdPscpGWkZP/c cEEkh2lkYl7SeJxDvnKvuzSrHwD5nYJy1OqB0B+Cy3jx3bPXYQaSgnMfP2IO kSUNHu+XZyqYMxyenFyolKJKy382ya/6K9tyg8SDK7cVyOk0JTiU/wYI75/q UGAH/kghQEatITsvtPOcfrv+tXqhs6cN2sl59b6Ymtw5W7LgpqPy4PjdgSYn xNfrC8WKMp1Yopd023VuwtA93zGB4GFYqSP7NuuNQp2Gdggu4pUaYpomkzOW BKxJC07Bx5bmVPhGl0guwcmMdcnZYPJUPqfO54WsbdMHU15Dzi+l1XgQynoC Pb3+/sdZ53EmTlrOKF+txmDFbgycnk+l0qY/Y9rqRJQe2u9YVly10UgXxAVN PWcNa2mcUt/W62YF0amnq19MaqvZKIhp0GTyw6U2dsg6QL5LLGtwPq+Ws1o4 8ms94pjaelHWofyBst6sSoCYAaxVfrgWE1MIyFHNzaPwVBlY8z31p+ZjSrcF 1K3dFeYtbtOXnAjlOKXc1bUfWhOuKzVj3Za16eQuJLOuO4rTUNGUpQWxw4Y6 i9Q2rLC8HuXjr1hdmjm4VGpjAMX50Ms5A5N0hEXIUbllqelrxFT69p3Cuy0o vTd0u7G89GAQDVhqKNSqsGKNMPk1djPzHc9XQijQ+sYiQgNJWpvG4RI7FmHI oJoH75sVqBDGgv2e2HlRjx/JlFhFwDwpHeKJR3Y26T8MVHwxmtEfEGdaek5W N/i1rKfPk0l8iDCHOzpQcQ1dWGFWTITMA2YqYhatOhBtyOJM9lWC1lYKMUdA NWtPfLtZGnB6c6iNEjnP8RDOYuuvqeFo5EXjmJskXVkn34PUMzHvl0WzPkuh NW28krCfJK85JUIHqZHcFnSISINP7ww54quTkk4Mwm9OYRuS7fCeMzq5NgBN c7GiTmLtpGu6L6ve07LbEofipspiLQU4fy3MlIuc66qwV8LrRee0lIthmpNN DbxGtjzNPm68rOVqrQrjzzhv465rnrzJ1k9bH8VkSL/EJnRxPZj9ZaACZlEg a7umhWZ1Vy61Fg69MCn+GFY0kd8ylVos60V1BRaoZmfWXB/Z5jy789r3+AO9 N5CeoO+Kn5pPxxNyxSqv7evZ1Oe9XSiYP8rObmvaGEU5R09V+MAOwuerqY0s LrkmO4jlc0mLA7XfQj7xoNLlVGhtoDtwRnGswFOgfp6USaDHDMJIhdIAp3zc ARI4L+v36tvQUtbSX6VZDdymFniPbYEpUvOoORk4lzyp1RrbKKZIMwOR+BQa 7wwkNiHz1FUaQZmDvBRW2JUB5DLLdobDm8UpVysc13weCXS6Qcl58PbN0duT l6eHNxJyHh9+f7LuChZuLhHKov1CSjoSn8p4OQ+6nvJrLWfnSOCK7MYsL/go YN3dNE7wXYQCtSET3FFHXIF/Rf4yyvEiINMVpT71dMSLhgm23y49xZgzMy3J +I3BroNYaap+3Kg/ILWmlB3NavK0tudb6XSkJB+TFYQNoRtYi5/DbXtV+W3n 90De1ElZi/6gx7poBQG0Miwto+9ShF5ibDvDnEQ0fRUTvpMKW/kaG92YINo1 HbUNuDoEgLng0aFuXYGygLknYxqh7M6l5NGGJLN1bhV+asTgJOx6Q6amkioz dSXqSayBsalzkeQ+1w1O80C/y7a4rEK103UW7KySihrF3IVexSnkxq+2vE0W 19q2NM1boM5HDOt3aWrDpVKzKhlbyEhl9WdI4uyKiQGMkqMMJazF/UZKAH/E BG4qHtNJYoUOh6dWP01GGl9WZyRseBiN2D0myAqwWum8Duw0hHefR3LFsxiF UKfzozKq6hy813toxXep/a6Sd+qRgVxH2RMko+siqbmsR4N4hoRMMAsnM7+C EbpBgtFuwqOUkCVW0QxTfVZccZEkocakdm0/hVNQynC9epnRqlV1qC8mDH0u Oq3xutGhEhhjxwWNnXA6aSdwuPEB60s/ncJkqJwjesB+rphWO2DKPeRr1Oxq yVEAWl+36xNa+MMivHY3vEC3oZdyGsu1xhp8eXWYot4QHvMCSq5KKpEqrwab kgwLLET9C/vY90GCVnWcNP8asiy5BLerA072OS1MYaMwb60rtdU470FdGnTy VnUmxM1cpTJxzFKjkq1Nr03GqySFwgncuDkIAiPKQZ4MDrh+xtA/Ya8pnV3A qxICkRNHx8kIVEPOQ2ZnM/K4wREOf29Im29jRlIC3hUWmzE04LJWzZwZRKCb s63Jh7vYdWTMmvOA3ygEKRsHj5QQwnZlVUOLtXG32ese2RHZGe2ajWwPLpRI 4ypBz/XNxviMXCxHA51TV+pvGbLmL0lY+C31NumgC1eDxg2YRJbJG+uS9TtV I1AyfBGVk/UJ3/24GKEvcs5tCVzmeaW+DCvp3V6cJOmikqzGZVGnEFYeIOSW LZUKqoYRV1tNRMcXIhfbQM5TPhmrzs3yVeSTUjWWUh7E3YaHLB2XFKz4Ccyp kdd47EAPiedBcfWaiqMZtBmGT5UOe2aQQTGfJGSsi5VVXfGy5JpaGD09XQmA nFcVHRHsdj1fzv3pyicFHxJ9PbqYrl5lcIMOWzZfV6Lm4OBE/NSdFsHqjdQf yXnOBANOrrjuhFx57dW10JPA6EDtFZwuc5wqMF7U27GcSwV6ahlqRR2C0kGw BAbeSAghuG612eJxmgqKFYAvCmv4kZT5i63CjYMSh4AYlBxk2+jaZ3G9dnt+ sP7M9fduHzEclBALa7u40eUjhT50T1Jrg4dh1NC+4UkU5V98BOG4ScwoYblU +EDOryxkfML2L8LP/Dyc7rhkcbyZHcJWBAADQg09983GQRPOuXFSkkUKbDPB lB5Es3IhpUC5mF81NWZYV7yZtCDGjGM75rLIECxBWIizOIXgbaUn74tipiUR nONiUVUTkb0iJqfjpgoutCPmBp6O+6YQXFYfjK7OIB6svzRqQrIGu2KxBiPV qc283aTuALsGQ4app4C3LRN9h/OSvcjiXDBGIX4qX8S1JumbfiDgda8vk8Jy nPWmwAcv2Aw1ieoiKTaXGxs+TmAVYbAyyhGtLJy33smkPqhQ8hsCv5Li07EE Lg+irrjmqmR1KdED/AvwuhaGHw4Djx2/4ZhnTpl2WNOoaY9qNXYvmfwTuUFx SRhTLFxbQ1DHTSbq3SL997KYFHRG4d4aNS0aGS2aLIFZ5gh1HCB2e7FYSpQg HgLJUOliGXXCMtrc3EwmsstOMBaanNfyAREZlm9SquRJp3MgwpLr9HzldkAT t+yIWzYEWli3Jz57M3BBoa/cD2jjb7El0M5v3xUhw+d3mROFxCQzE2ZF47gr s+RgIZeBxm5VfrVMEa7kFr5gasJT0IBNTe93nBpOmlpfbSuWMM264lGqBV7Q NQ+TcU3URce2fP1ECkWalmx+yNra4BOV9KluCp2In3S0NDY+KhajZvmt4AcX 6g0Gcigpbq6Mjl7JxkRb0VZ9iU00Q8JFinkFUjQhsfDUVTa5ST1QhSrJk2XR cfkRHwlDV64uKoQOqjnvYKWUPKPpumiy4YtG2TQhAQFbKpuerHxeT3AfsDOc QZQamzXomnSq1FMjNognoAXpo39/w8/FcnUJj6gF+LD283lQTpi6GPa1LDtm mZDhQ/cCk9jRu4OB6lGbmUXVVBmzdhcV2pjmHwTdwtrw4M80fTWIex2yKKiE SmYKHc+/ycsz5yFy3Wb/sbN0xw4IliPDL2pcaEbo+DWf8M4dhqQey7C2eK7E MY5y8VgkpEHmnjQAqZ19pvHDhuNiBk4dtfUfzDVMu4gzdnGwzQteXIY3Cvmo 3AKbTi4u67gNhG6wCcgKFX6C0IMcqEbURSUGqQYKH+22B0a66kA3/ddI6H1U KHpkzWr7g8QxLIJmfJIIzV7QXNQXSlMWqz6cbL15+eYwQxwOOOEf2U8aV9XQ R0mk6itmhffKVaTo5i5aL2iRbp6TwI+x8fAGSa/10YmwT3R+0Jf1XWeicysJ o55V0dO7+TeRVJ3AGkwj/i8fj2NV4X/55EVOLOdj/GZSgnw2430bqlZrVRXn DozvrHyVAGRw+CrQlrEvANaMiTEyjlHHcTYTJlxc041dEGpQsW5mZSFU1uIM Em7GwGDffCHqN5JjLysFPyjlqKtGoYWcajml1ceE2NeZ1SENOpVNINfBgPMg edVToX3KxS+GMkYLnyKlUGvjK5T9AepdOcQNphucON0I8j3TkCXMQq4gs0hp h8QuEH72OnEjh+ogGC+ywjlAttUc6doHnWektMwM2RAeMuD04vnyskYQ9tYz 7isOOA7Efu3h9pUnWzjWWGA/FwjgMz6EQhjurXrijtU713kDf0PO4+SBLKkb iMtplcxzOebYWmJvQ895vf/m6CT7sZqzV/hbRnchXwBMjAjiaZK3AmCCFGr3 ApoCFx0jMjyKaoyEz1eipp0proym6EM1+SAEheYlqozTW1DCjPt+qYw3U45U QpHGdnxWfAhVgr8TjHnd0AuPrMTjh7K4UqsVhtZFIUE1rDASH8qrI1zQcMtt sPztvN5/ddinZ86LXldtHf3KNHdcwR04qI4P0/Gse90nDR1QeXVfVqdA3Y8k jUR0X3mrhYKPBIeuRvAYoCpWWVy2jHAmWm2N4uys0kLv/ABMo3bU3uH4sKdK Sz7OZ4tkLg1hXAVqyMHIDXQx/VDOq6nBW7xh9I94o7ahR1uN0f/bvC0rVA1I XDxF+dVc1lLfpSy1pqRqENxpO47qwBOlspy/UDZlUcMC8dM08/0d6zZgiSjM 2JomhDKd8AXyYcP8UYHaOaQu0Wo/BTE8GZk0ib3fPotfvCjD3PUEq/p1i3Lf ZVQFsKKy4Z7D2FQEQF0kd1o+BHP6CwtEyLWi0XotU+sLOogiGtJWglIYywRQ B/kpxfycca1WHLOvJ4IEytOMpUl1Xo42eQn7AIwfOg58Lcfit8WbmWFcKDyr bF8Xzinmjt7ZX0aDi/rSD6l4xe5EwGYKC2FYyYHPFOl0TlvzKOpSoJsVQvvG 3ixAvKjACZyxn4IcVjJBqnkzCwPQfl3sOOf0OXko3yF8u2hMvSbQfhQB0AtZ JbFyWmsODK7TTvOhwRyEtFUE4YOZoHPLV/xoq4PYKGWC4m6Wu9Ra4VqSXcSu tfINrb3jXSwBY7m1z0kkXGDCKhcgHCtuTDVqYy0N1htDw4JhnvdDKI2zEv7M +gUGHXo3BxnrJcmWUoPwFiMt8kt1+vI0xKwdnqAJv5dmMzHUWUGcf3HjkOk4 1MrnOBOaZbzAavhxpW5kQjgcQCESEFwqjIw2C1eYhYUgJVgEwEAaTjUT2sdx hYQN0hHWhnEMirqIeSICK449FfQMYzcHiMQ6+K2meeRiVHDgfxQCW2HV0TBd cD4aJNqxBBZtdYRCn27lNLOhxF4cF8UMJsIc5qkGZWUFu+WNcAyXlblA2EzO jmmRRNxHORI4EdQTk9YeZtpgSEhbRYzbMpBMEOP3B15Kw6WsrAVCUTw5Mk0L YwWJrFfXw2J+Qi+shWfTy05yBFE/fuR/5SrkVUadUjfBBBJ6lM+wjfkk0zV1 lo8WtkwXMM4tfp1k+qGTY4D2eDObfLqhTj2bcugWfXlw8cmgiK/lGdZPiFap fg6vKpucminFR1dYB1qyruU5EaRuERqAYSHp32jK1TYyR+KfO/hTOmMf7TJw 3sR6hAkKyoqM+HQzyMdNSww9FEBZg9ijXbLmXOiEQa2Mm0jpz1UPwGa6pPMz TiNkHG/SAE3zO5+t0Gt1DJm5oVY3zT/38fZtGa2RJCXQzYZhPpFZI6YCnwio 686lbifCZuJymyL0c6V0GFM5/yFdb0ABS5QFVa8FNoOy1NzWbCk1fMxDIK4l g1pawrWrISzUVdH+ihlRIeXWcrbN6OW9PLciHAb4Un20FAJRUOtyySnzHWqp Ca5WAN1QENeXgKJAgknj+CyZ7r4WAJL+shU/m3P5ZcH4zGmZoJZKSAkq503x LCuS0+MkM92VK+XDIhFanPI7jVz98uKc3icVsYxGxlBwDAG2Y8KlD/OaEhVk dFEWGkUrHYPYeZVPgqRJ50l8opsN5yvLNwZ4gJN7UlWoqcW1daA18VNagBBx RyILALm4AolML4P9P0Ve8yZKeyGrOeTT1iJMXMGdlUzn6fJSsB1cyrX2NddN Veb5qTLJGTxjuIum4Yw0S9kcOe39l6pG2kkfNRL4PB0hXBuLtSJq7zmWdT/x +OssSe3eegbF1fD44V15iEjwcL0kgTkEP4erNxA6LpXs5mPSkcdFs4xfA7Vb JmX/as0gsDnvi3tRHyqaryxWRtUkSCODu0kUvJ/JoVSlZQUTbM4mNPYKIcR8 DFArcwVXnLaKahTYB4Dhzo1pLiZiL1h9027xWDOro6Ja4kBo1C7tA+ogr9ZK T0FMkYbDmlrFl5B850CM+u+8iBhwJb6rOWrXTZvFxqzSBpCcy0V1ybCXlmuu Q5nrTuc7W8t8fM1ZFQxysyGvmWG9WGhy1+cshBIbC4ZqhgvDYJdQoOEam4uw iwW6Y4nZ1n67jaCld1nyhFwLE5gGjzMx3jCN6Xz/YxqYeu5tTwiirwqm3RBJ MzSS2OKPV2JoXxxAy1YsT6exGXDXsYUMrzPftqtqKGcia7isoPrL6oAXFvIE MStUa/h+ys6Vk4XAULR40pnSQXCBGzoMPhR14FPQm78t5gyvbt7yFGb4rALC ke+jTpJcyfvZ8ZLESC67V2Yq7SSrgnIAQZmf5m3jErQAPcvrcrEME+xG6nxS DdfeK4wZQOtPkrKqrHiJmfX14UwrLc6mqOS9MUPPJR0XU6m+M8/PLfuDwfMM Ps4c8NGBQyMMKVlNoYYcHD/LCfWsIMGAo4A+rc9KNf3TmxzYgo8H1ntJDRbL Ism8STiBkprg9WOa6nJsb5B9m8+yp1o7lvN7nNpNSvjRmmQRSTzVgYwjqwUY 5oVsPjneGOPOpBrKlMGGgyICg5GNiOG4mEkBaPE15fUafpFN0aYaBigvac1P CQ9dBIYBtqHi6lGC4Daejcw4nuj8WywmxUALn2geSCsNiL5zKcclsziwp8Ry O/uZ8pX4dE2GZZlWPi/46zVULuOlxm/PlxMphej8oxayff7y6ER4e0Dbc38P tD0g3cj5cdkBcoReTscg9L/ONo4OXvb8gfzxI30C+/BFDFoF0p5mBKyyancu oyC6JjyZBtnFIb8V9mYzhB+Kd8mmNLaUQuG9i4tYC5Ctn+m0AvnLZYhkkfqV 1wslpBIL3brCiSRTV3bLUomwDCWRNkcKTiX5XCtiPR7ebWMSKiMKKYrz/rFb ZzX/J46mlP0j/XXCzqGQc+wQ8WOywXLOBdSXiSdk6tZszS+ulW4B4VDAFp1v GgMJup/We6HJgS9S06EGrkCxqI5YbGo/W9tsG5daZR0ZH5wZbaW/Yi6VEFNY lNLGlhPoTEfjh2sqej8m5SWDxwXRBASv9ZIhOAMZhZuFOOuW4SLksn1LsVuT gMcZYeIJ0gNLx3RSnOc0I0IvUZsYKafLwlMJrHZAV13IptU8zrFvie1AC/S3 vDeLE1bFchggsNQuSNMY1DMoHA4co/MUaa6T4uJH78KtzYTtkHUpAyA6Q4MJ B558MryKweWkHliyAxxNl2CL+ZXbH1UI0g+vjZ6AT4HAUUEXLGfjXI/JdEM5 U7iZJA/LJJ80JA5Md3Vxj65Nt+BqJecu973BCi6EO+bSkpkBmNJGyIbHFT73 dmcCTcJ5HxT2GyJEAsxhV1vbkpb9UzsiQMcJkNbPS8tqWl8lwTQWZ2mmJUZ2 OJcbIIeGkcn2OEciMCRytghJ62IyUwsbYxQGSKxsjUOV0xAmE4SCGzoBDXG2 qm14WseaFL5uxPqIMwkOSFZh26DFMJ1mwkMhZKgTvbSel6KYKm9c6GOiSSk3 8DhQKiSrpZrfMJZhwzjc0to5tm05ho1cDpeLQvfjgZtFXWasW0qa0mctMKP4 UHt+/eM1DT969C2IpAnmycisJObz+esqT4YcGkzAh3yu6d8H7LufPvZk7gek OpQLyQGbMhgPxQ6evZBUFEdArzAYJbYRbkkjZZA6zJxtZkYeidP3MneLVTae kBVBj5IMOU6FSmBsjuZTtJpRPquhY/liXb5ZC1bZKXgGh5+ecCrQnO1sR2IB ipCROMgw/xxKJ82yGoiRMRfP0ZgzAIaqkPu+sW8wYSRKjyaF0eG9BfeTMzLR ZXTTiJWzUrZXLUWbJcgZrJHc5bdZxzEIU+NtgVZtlFPsBsDkc81ixo6XZ9eG PwqrvNSKbOEQSsVZPIuS0y21fMynzcfSM2Cxi8GLYjK55GD4Bb+ergUJmUZY gy4MIQcaN2fyssjFaTm9zqJq1mgioaB0Za58U4IU2v9ufyVufZrkPwJUMa3k ytzwuB0AsKRU37Ee5RixY6uU2unsc24Z6ZkVR5+UHrLpeuieFIKL8zZcP9sB /6JIsC421R/ppQdHdCCVs1mR7S8vSV2phOKIbx/w7Rydwd58SwIjxI5P8rMi 23j77qQHqlmt9Et/goCV+c1oLU0HKmatFrAYSKUc4p5QIgVMqMgdCMoPfmn/ gtoboBH+qSap+f3LowaEjOwXfDr48VvqjbmkGTZaSp1vB62OCZ3MDuqwsHgA PQuc5FCCG5guLrbIkP1OJ+9lz//ry2yQFqQZz/OzxWBFRRrc3Y5pTfOC3dmi 63XkDoZHpHfsbGYn6h69YPtLnw3v25xPPFGkxp18RBIEC2dy/ST7rqU4Dh4t C3zczA34uVWl+1MnpV/+Y/Uf/5vUgRc5lKGnpDa8gQY0+vX6Pf26Ke6hn0gi kSnZz7rPWSZOikYjakSRBviGVPwDfVS3r9CTKdYU42X6ASM0eIbR6TcaWj/I tNz3spNiRocZIrQ7KBzauPmfLxaLWf14aws4AlqCwOoyOmWzmp9v0Vbdulhc TrYaz2g04h75TQOW9vPRuwG9X3MEZWh+2rxlEP9I9vLkqsAo7qtOPW609Lca v7YlR+N3N3s7WlQ6eve/avTanoDhGvZYY/n++DWLVbaf1b6PBQjT9Q6fGHu6 vMeoQy24TcIt8sH089OXrw7/5LaI4GbA48K0RpO6eIJ9qwQidVF0cIf3Ayr5 ID8hbqkr9NCio7GvMyi9eDBa6Ww8JdXj+UQRyOyMC2oFtd57nNkgDulEY58h j95mmoynL9HFPzTJPPJ0D6On/jLiO77x2Rw/v3h38Kcs69I/6y+3pZptyMg0 hqy39smr3f2Ch496GHWbEyP6EE9sc7ZVIIcvYj2pRdUx9AaLN1rvWEp9hdM0 4I2aZu+q14c88mHRgYEDPj0pmMtgSc3l2mwgeNH4pAAJZoZ8b8Dnr6ulwlmm 152QRMaa+nwe8m20ztb+CLdNirGohnXn42NJxi/G/6V7ltOS7H5qHDfNWx7z qfMjL3c8W+10aLGqr/K+Y2jxE7jD66qfzeQtzMtGV8mRAwUNBnaFRc1OFfFk 582TpnlipCqNusThsob+zpwXQKOTfVyCEZY7RGrHUU6j/KI6O6NZB13fcPVF qgDKISV5OZ/mSlVI50kl/XmmyXRP6RQ96QJXSq/aYX+t5MxPjRb9hte3tuu/ x4txM/n0PSs7z+j6HzlWFd+gT99TSz+W5+ccFj1BGkxOOgxJFUhItHCwnBTU Gh0CR/m0qrNXOdmoU7IN6Xp+ddx2RncdFJOSzo5iMrooUdO+gE5cs8x+nk/e V9kJuCF+fU/nzTOyhMe0uklBnVbsiX1Bym92+OuvtNpx3jxFqDPX0+lkVC04 j++4gnr/AujUkpRBRI/kDUijeE4GBu2oPl0EVZze9npSXlF/MJtPy/qimnFX 3uST8v/8rzz7Yfmf/4Om5z//vZ/9x38HKcEP19OR9G1I/aomSGV5VtJZ9gPt 0hfL84pnm9oti0n2Q86o7W8LIBosgKOpkuxhl30aAs0eRP2bZjY9OzHFH0m3 dLP8STJEbJbpW5voTwJ7+hin2z7xk26fNafept2+b06+fc5LIDZiC8E+aS6H 0KlkRdinzXVhnyerIzw5rpHwfKwUXibhTr9Y/PvHJWOfJgsn9D8un/BRcwXZ F34dxTey1RQ+8WvqU8SifYxLS9bVJy2d3r60Giur83LqvIHiggO1ZIXkMRZt JtbyKMcVJzQN1rEidfz6lBX3ak6fvboq88V7MvDfY8yaxAGrApQ5W5Sr6Z/J 1vpGHAOAz8KPO9OYSll37GlPDJb/4vTNaymK9ew5Zz1ZIlxe+wYCjJ/3TrVc kDXf78izzHlD9/zr0BwlSDAzNCy7D1XkurKbG1HBKs86eJ90/PBC/IQ+zioO 9F0quaUqE1k1HRn5L/CiNY5jMFCL6nf8/OCnN683e5gzQ4MgFqc9IOm/868f 9+59wr8j/mNje+fh//1v/3PU29rhT/futaR+r6b4dJkcrgbjyGsyt5YkZbqB KF5VnWoKLvnOyeKaevrtEqdS0LCurq42qfFBQUpMNWe9qcZ157hsC6ttZ+tO ac/4ZaLP+KbTop1Er4bAS4w7M/te/e9GQ6lJIsH521HmcWPBnMF1VCPLQJ7m uLC9+hT0Jh9W6Oj5GzjmjGWyG/yqXQfMMdXQUVRYWisUF0Y2XBVDENl04qAV w01AqGhEeMTo7y3YLnd3tu/dfbRz7/7DLT++QCltnlcftvDLwLinBpNyCJId +VRwlzQag7qANjpwumQ9kF0+KCOVfX2H3bTb33TAFaJ8JBdmRDDyE9xXFsKb kO5Z5sbkasyVORlJ58tqSbKlexpHh6GNGi9nimtqra9YVvWNBlcle+Vo3V+T EUMzvbpk910ZXHFiJO4L9bcWf6UjZxz3bLR0QLJkMsTtnw47m72VEwvhoFzs m17rFUy27b42lnYWg8nXHWflATMN3MpVlW0wM5vuafZH9hpWX3fluZ1Gz7rZ BgcoINnZUgjv1ePcA6HF6NKldKUQpqfVhK/yiPuxkev58sCC1h9Kxs5EhlWI jFh/BdMEu9fVZ8Nt1KXVKX4jfO9TuMXUgb5wdBFPRJkGzYtVI36zf9BV7inu zBNUkOq+QfUIsingRsdxz6CuDbq2ByKJN5Jn1Gkwux4ASmMXMaIxMaKbSYZJ ooND2SiHk6PHUOyT8SEw1pi6fkT2I2NKgyXeeF0hsixyuPbqazqL4U1HG4k7 dIPJjoMP13/Xk9Mf2wYSMmnDhccC9lEyTQzg08+Gk2r0Pv55kdcXgU9fVG8a rVp4OPqOxBK0BA0QfzMRBkqF2shsVoZlnCwKNon2D/efdaVmBUSB1qRu2Kwr pwIb3CJIxPWc0oQcvTrMfgYV9fbDu3/SPAkNlTfIaxFO6Wevnj2vA9WGY9Xm +FSoBCItRLOc83c28AI9VwTGez6+riP7SUcOGx2xSgBI4m3tSGecbiZ2gqzu ppt9PM3020M5DmPaiRFTLqdajYWPtmP2Ld2TCgbIdX+cHQicgNp4MzqcgBqA zLF3B0itUwwWqYt8cwsWS9e6+HPwbkVcXDQjmCdbVpG9IQp7L+VIiZth8QH/ 3OHqXrSlrSrC7uYeJoNmLHuwu7OTbXTxq9NwUIwm1ZYgqztxUTd2udU5ELCW JjepV4ULDiDrYU1th86pVrM6/Ctdwh8f+rTLjdPDw7rXeYGNS42/HTLw6hg4 oMvsZDkErQEvldM5WEw3Xrw9PjmV66lRlZNNBmyRky8gKDvrElw7NyCx2oiF Ck6qafeOCvLI69VRnZajshNOneW0xOVNl4gXDCKmOPNPCNyF6JGGGfJtgFdl qgQeBfkTmELu9f8DzGTvsRf3AQA= --> </rfc>