<?xmlversion='1.0' encoding='utf-8'?>version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.17 --> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?> <?rfc docmapping="yes"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-bar-cfrg-spake2plus-08" number="9383" submissionType="independent" category="info" obsoletes="" updates=""submissionType="IETF"xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 3.11.1 --> <front> <title abbrev="spake2plus">SPAKE2+, an AugmentedPAKE</title>Password-Authenticated Key Exchange (PAKE) Protocol</title> <seriesInfoname="Internet-Draft" value="draft-bar-cfrg-spake2plus-08"/>name="RFC" value="9383"/> <author initials="T." surname="Taubert" fullname="Tim Taubert"> <organization>Apple Inc.</organization> <address> <postal> <street>One Apple Park Way</street><city>Cupertino, California 95014</city><city>Cupertino</city> <region>California</region> <code>95014</code> <country>United States of America</country> </postal> <email>ttaubert@apple.com</email> </address> </author> <authorinitials="C.A."initials="C. A." surname="Wood" fullname="Christopher A. Wood"> <organization/> <address> <email>caw@heapingbits.net</email> </address> </author><date/> <keyword>Internet-Draft</keyword><date year="2023" month="September" /> <abstract> <t>This document describes SPAKE2+, aPassword AuthenticatedPassword-Authenticated Key Exchange (PAKE) protocol run between two parties for deriving a strong shared key with no risk of disclosing the password. SPAKE2+ is an augmented PAKE protocol, as only one party has knowledge of the password. This method is simple to implement, compatible with anyprime order groupprime-order group, andiscomputationally efficient.</t> <t>This document was produced outside of the IETF andIRTF,IRTF and represents the opinions of the authors. Publication of this document as an RFC in the Independent Submissions Stream does not imply endorsement of SPAKE2+ by the IETF or IRTF.</t> </abstract><note removeInRFC="true"> <name>Discussion Venues</name> <t>Source for this draft and an issue tracker can be found at <eref target="https://github.com/chris-wood/draft-bar-cfrg-spake2plus"/>.</t> </note></front> <middle> <section anchor="introduction" numbered="true" toc="default"> <name>Introduction</name> <t>This document describes SPAKE2+, aPassword AuthenticatedPassword-Authenticated Key Exchange (PAKE) protocol run between two parties for deriving a strong shared key with no risk of disclosing the password. SPAKE2+ is an augmented PAKE protocol, as only one party makes direct use of the password during the execution of the protocol. The other party only needs a record corresponding to theotherfirst party's registration at the time of the protocol execution instead of the password. This record can be computed once, during an offline registration phase. The party using the password directly would typically be aclient,client andactswould act as aprover,Prover, while the other party would be aserver,server andactswould act asverifier.</t>a Verifier.</t> <t>The protocol is augmented in the sense that it provides some resiliencetoagainst the compromise or extraction of the registration record. The design of the protocol forces the adversary to recover the password from the record to successfully execute the protocol.HenceHence, this protocol can be advantageously combined with a salted Password Hashing Function to increase the cost of the recovery and slow down attacks. The record cannot be used directly to successfully run the protocol as aprover,Prover, making this protocol more robust than balancedPAKEsPAKEs, which don't benefit from Password Hashing Functions to the same extent.</t> <t>This augmented property is especially valuable in scenarios where the execution of the protocol is constrained and the adversary cannot query the salt of thepassword hash functionPassword Hashing Function ahead of the attack.ConstraintsFor example, a constraint mayconsist in being inbe when physical proximity through a local network is required or wheninitiation of the protocol requiresa first authenticationfactor.</t>factor is required for initiation of the protocol.</t> <t>This document has content split out from a relateddocument specifying SPAKE2document, <xreftarget="I-D.irtf-cfrg-spake2"target="RFC9382" format="default"/>, which specifies SPAKE2. SPAKE2 is a symmetric PAKE protocol, where both parties have knowledge of the password. SPAKE2+ is the asymmetric or augmented version of SPAKE2, wherein only one party has knowledge of the password. SPAKE2+ is specified separately in this document because the use cases for symmetric and augmented PAKEs aredifferent,different and therefore warrant different technical specifications. Neither SPAKE2 nor SPAKE2+ was selected as the result of theCFRGCrypto Forum Research Group (CFRG) PAKE selection competition. However, this password-based key exchange protocol appears in <xref target="TDH" format="default"/> and is proven secure in <xref target="SPAKE2P-Analysis" format="default"/>. It is compatible with any prime-order group and relies only on group operations, making it simple and computationally efficient. Thus, it was felt that publication was beneficial to make the protocol available for wider consideration.</t> <t>This document was produced outside of the IETF andIRTF,IRTF and represents the opinions of the authors. Publication of this document as an RFC in the Independent Submissions Stream does not imply endorsement of SPAKE2+ by the IETF or IRTF.</t> </section> <section anchor="requirements-notation" numbered="true" toc="default"> <name>Requirements Notation</name> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xreftarget="RFC2119" format="default"/>target="RFC2119"/> <xreftarget="RFC8174" format="default"/>target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </section> <section anchor="definition-of-spake2" numbered="true" toc="default"> <name>Definition of SPAKE2+</name> <t>Let G be a group in which the computational Diffie-Hellman (CDH) problem is hard. Suppose G has order p*h where p is a large prime; h will be called the cofactor. Let I be the unit element in G, e.g., the point at infinity if G is an elliptic curve group. We denote the operations in the group additively. We assume that there is a representation of elements of G as byte strings: common choices would beSEC1SEC 1 uncompressed or compressed <xreftarget="SEC1" format="default"/>target="SEC1"/> for elliptic curve groups orbig endianbig-endian integers of a fixed (per-group) length for prime field DH. We fix agenerategenerator P of the (large) prime-order subgroup of G. P is specified in the document defining the group, and so we do not repeat it here.</t> <t>|| denotes concatenation of strings. We also let len(S) denote the length of a string in bytes, represented as an eight-bytelittle endianlittle-endian number. Finally, let nil represent an empty string, i.e., len(nil) = 0.</t> <t>KDF is akey-derivationkey derivation function that takes as input a salt,intermediateinput keying material (IKM), info string, and derived key length L to derive a cryptographic key of length L. MAC is a Message Authentication Code algorithm that takes a secret key and message as input to produce an output. Let Hash be a hash function from arbitrary strings to bit strings of a fixed length. Common choices for Hash are SHA256 or SHA512 <xref target="RFC6234" format="default"/>. <xref target="Ciphersuites" format="default"/> specifies variants of KDF, MAC, and Hash suitable for use with the protocols contained herein.</t> <t>Let there be two parties, aproverProver and averifier.Verifier. Their identities, denoted as idProver and idVerifier, may also have digital representations such as Media Access Control addresses or other names (hostnames, usernames,etc).etc.). The parties may share additional data (the context) separate from theiridentitiesidentities, which they may want to include in the protocol transcript. One example of additional data is a list of supported protocol versions if SPAKE2+ were used in a higher-level protocolwhichthat negotiates the use of a particular PAKE. Another example is the inclusion of the application name. Includingthosethese data points would ensure that both parties agree upon the same set of supported protocols and thereforepreventprevents downgrade and cross-protocol attacks. Specification of precise context values is out of scope for this document.</t> <section anchor="protocol-overview" numbered="true" toc="default"> <name>Protocol Overview</name> <t>SPAKE2+ is atwo roundtwo-round protocol that establishes a shared secret with an additional round for key confirmation. Prior to invocation, both parties are provisioned with information such as the input password needed to run the protocol. The registration phase may include communicating identities, protocolversionversion, and other parameters related to the registration record; see <xref target="offline-registration" format="default"/> for details.</t> <t>During the first round, theproverProver sends a publicshare sharePshare, shareP, to theverifier,Verifier, which in turn responds with its own publicshareshare, shareV. Both parties then derive a shared secret used to produce encryption and authentication keys. The latter are used during the second round for key confirmation. (<xref target="keys" format="default"/> details the key derivation and confirmation steps.) In particular, theverifierVerifier sends a key confirmationmessage confirmVmessage, confirmV, to theprover,Prover, which in turn responds with its own key confirmationmessagemessage, confirmP. (Note that shareV and confirmVMAY<bcp14>MAY</bcp14> be sent in the same message.) Both partiesMUST NOT<bcp14>MUST NOT</bcp14> consider the protocol complete prior to receipt and validation of these key confirmation messages.</t> <t>A sample trace is shown below.</t> <artwork name="" type="" align="left" alt=""><![CDATA[ Prover Verifier | (registration) | |<- - - - - - - - - - - - ->| | | |(setup(set up the protocol) | (compute shareP) | shareP | |-------------------------->| | shareV | (compute shareV) |<--------------------------| | | | (derive secrets) | (compute confirmV) | confirmV | |<--------------------------| (compute confirmP) | confirmP | |-------------------------->| ]]></artwork> </section> <section anchor="offline-registration" numbered="true" toc="default"> <name>Offline Registration</name> <t>The registration phase computes the values w0 and w1, as well as the registration record L=w1*P.w0 w0 and w1 are derived by hashing the password pw with the identities of the two participants.w0 w0 and the record L are then shared with theverifierVerifier and stored as part of the registration record associated with theprover.Prover. Theprover SHOULDProver <bcp14>SHOULD</bcp14> derive w0 and w1 from the password before the protocol begins. Both w0 and w1 are derived using a function with range [0, p-1], which is modeled as a random oracle in <xref target="SPAKE2P-Analysis" format="default"/>.</t> <t>The registration phase also produces two randomelementselements, M andNN, in the prime-order subgroup of G. The algorithm for selecting M and N is defined in <xref target="pointgen" format="default"/>. Importantly, this algorithm chooses M and N such that their discrete logs are not known.Pre-computedPrecomputed values for M and N are listed in <xref target="Ciphersuites" format="default"/> for each group. ApplicationsMAY<bcp14>MAY</bcp14> use different M and Nvaluesvalues, provided they are computed, e.g., using different input seeds to the algorithm in <xref target="pointgen" format="default"/>, as random elements for which the discrete log is unknown.</t> <t>Applications using this specificationMUST<bcp14>MUST</bcp14> define the method used to compute w0 and w1. For example, it may be necessary to carry out various forms of normalization of the password before hashing <xref target="RFC8265" format="default"/>. This section contains requirements and default recommendations for computing w0 and w1.</t> <t>TheRECOMMENDED<bcp14>RECOMMENDED</bcp14> method for generating w0 and w1 is via a Password-Based Key Derivation Function (PBKDF), which is a function designed to slow down brute-force attackers. Brute-force resistance may be obtained through various computation hardness parameters such as memory or CPUcycles,cycles and are typically configurable.ScryptThe scrypt <xref target="RFC7914" format="default"/> function and the Argon2id <xref target="RFC9106" format="default"/> function are common examples of PBKDFs. Absent an application-specific profile,RECOMMENDED<bcp14>RECOMMENDED</bcp14> parameters (N, r, p) forScryptscrypt are (32768,8,1), andRECOMMENDED<bcp14>RECOMMENDED</bcp14> parameters for Argon2id are inSection 4 of<xref target="RFC9106"format="default"/>.</t>sectionFormat="of" section="4"/>.</t> <t>Each half of the output of the PBKDF will be interpreted as an integer and reduced modulo p. To control bias, each half must be of length at least ceil(log2(p)) + k bits, with k >= 64. Reducing such integers mod p gives bias at most 2^-k for any p; this bias is negligible for any k >= 64.</t> <t>The minimum total output length of the PBKDF then is 2 * (ceil(log2(p)) + k) bits. For example, given the prime order of the P-256 curve, the output of the PBKDFSHOULD<bcp14>SHOULD</bcp14> be at least 640 bits or 80 bytes.</t> <t>Given a PBKDF, password pw, and identities idProver and idVerifier, theRECOMMENDED<bcp14>RECOMMENDED</bcp14> method for computing w0 and w1 is as follows:</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ w0s || w1s = PBKDF(len(pw) || pw || len(idProver) || idProver || len(idVerifier) || idVerifier) w0 = w0s mod p w1 = w1s mod p]]></artwork>]]></sourcecode> <t>If an identity is unknown at the time of computing w0s or w1s, its length is given as zero and the identity itself is represented asthean empty octet string. If both idProver and idVerifier are unknown, then their lengths are given as zero and both identities will be represented as empty octet strings.idProver idProver and idVerifier are included in the transcript TT as part of the protocol flow.</t> </section> <section anchor="online-authentication" numbered="true" toc="default"> <name>Online Authentication</name> <t>The online SPAKE2+ protocol runs between theproverProver andverifierVerifier to produce a single shared secret upon completion. To begin, theproverProver selects x uniformly at random from the integers in [0, p-1], computes the public share shareP=X, and transmits it to theverifier.</t> <artwork name="" type="" align="left" alt=""><![CDATA[Verifier.</t> <sourcecode type="pseudocode"><![CDATA[ x <- [0, p-1] X = x*P + w0*M]]></artwork>]]></sourcecode> <t>Upon receipt of X, theverifierVerifier checks the received element for group membership and aborts if X is not in the large prime-order subgroup of G; see <xref target="security" format="default"/> for details. TheverifierVerifier then selects y uniformly at random from the integers in [0, p-1], computes the public shareshareV=YshareV=Y, and transmits it to theprover.Prover. Upon receipt of Y, theproverProver checks the received element for group membership and aborts if Y is not in the large prime-order subgroup of G.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ y <- [0, p-1] Y = y*P + w0*N]]></artwork>]]></sourcecode> <t>Both participants compute Z and V; Z and Vthatarenowthen shared as common values. TheproverProver computes:</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ Z = h*x*(Y - w0*N) V = h*w1*(Y - w0*N)]]></artwork>]]></sourcecode> <t>TheverifierVerifier computes:</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ Z = h*y*(X - w0*M) V = h*y*L]]></artwork>]]></sourcecode> <t>The multiplication by the cofactor h prevents small subgroup confinement attacks. All proofs of security hold even if the discrete log of the fixed group element N is known to the adversary. In particular, oneMAY<bcp14>MAY</bcp14> set N=I,i.e.i.e., set N to the unit element in G.</t> <t>It is essential that both Z and V be used in combination with the transcript to derive the keying material. The protocol transcript encoding is shown below.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ TT = len(Context) || Context || len(idProver) || idProver || len(idVerifier) || idVerifier || len(M) || M || len(N) || N || len(shareP) || shareP || len(shareV) || shareV || len(Z) || Z || len(V) || V || len(w0) || w0]]></artwork>]]></sourcecode> <t>Context is an application-specific customization string shared between both parties andMUST<bcp14>MUST</bcp14> precede the remaining transcript. It might contain the name and version number of the higher-level protocol, or simply the name and version number of the application. The contextMAY<bcp14>MAY</bcp14> include additional data such as the chosen ciphersuite and PBKDF parameters like the iteration count or salt. The context and its length prefixMAY<bcp14>MAY</bcp14> be omitted.</t> <t>If an identity is absent, its length is given as zero and the identity itself is represented asthean empty octet string. If both identities are absent, then their lengths are given as zero and both are represented as empty octet strings. In applications where identities are not implicit, idProver and idVerifierSHOULD<bcp14>SHOULD</bcp14> always be non-empty. Otherwise, the protocol risksUnknown Key Shareunknown key-share attacks (discussion ofUnknown Key Shareunknown key-share attacks in a specific protocol is given in <xref target="RFC8844" format="default"/>).</t> <t>Upon completion of this protocol, both parties compute shared secrets K_main, K_shared, K_confirmP, and K_confirmV as specified in <xref target="keys" format="default"/>. Theverifier MUSTVerifier <bcp14>MUST</bcp14> send a key confirmationmessage confirmVmessage, confirmV, to theproverProver so both parties can confirm that they agree upon these shared secrets. After receipt and verification of theverifier'sVerifier's confirmation message, theprover MUSTProver <bcp14>MUST</bcp14> respond with its confirmation message. Theverifier MUST NOTVerifier <bcp14>MUST NOT</bcp14> send application data to theproverProver until it has received and verified the confirmation message. Key confirmation verification requires recomputation of confirmP or confirmV and checking for equality against the data thatwhichwas received.</t> </section> <section anchor="keys" numbered="true" toc="default"> <name>Key Schedule and Key Confirmation</name> <t>The protocol transcript TT, as defined in <xref target="online-authentication" format="default"/>, is unique and secret to the participants. Both parties use TT to derive the shared symmetric secret K_main from the protocol. The length of K_main is equal to the length of the digest output, e.g., 256 bits for Hash() = SHA-256. The confirmation keys K_confirmP and K_confirmV, as well as the shared keyK_sharedK_shared, are derived from K_main.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ K_main = Hash(TT) K_confirmP || K_confirmV = KDF(nil, K_main, "ConfirmationKeys") K_shared = KDF(nil, K_main, "SharedKey")]]></artwork>]]></sourcecode> <t>Neither K_main nor its derived confirmation keys are used for anything except key derivation and confirmation andMUST<bcp14>MUST</bcp14> be discarded after the protocol execution. ApplicationsMAY<bcp14>MAY</bcp14> derive additional keys from K_shared as needed.</t> <t>The length of each confirmation key is dependent on the MAC function of the chosen ciphersuite. For HMAC, theRECOMMENDED<bcp14>RECOMMENDED</bcp14> key length is equal to the output length of the digest output, e.g., 256 bits for Hash() = SHA-256. For CMAC-AES, each confirmation keyMUST<bcp14>MUST</bcp14> be of length k, where k is the chosen AES key size, e.g., 128 bits for CMAC-AES-128.</t> <t>Both endpointsMUST<bcp14>MUST</bcp14> employ a MAC that produces pseudorandom tags for key confirmation. K_confirmP and K_confirmV are symmetric keys used to compute tags confirmP and confirmV over the public key shares received from the other peer earlier.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ confirmP = MAC(K_confirmP, shareV) confirmV = MAC(K_confirmV, shareP)]]></artwork>]]></sourcecode> <t>Once key confirmation is complete, applicationsMAY<bcp14>MAY</bcp14> use K_shared as an authenticated shared secret as needed. For example, applicationsMAY<bcp14>MAY</bcp14> derive one or moreAEADkeys and nonces fromK_sharedK_shared, for use with Authenticated Encryption with Associated Data (AEAD) and subsequent application data encryption.</t> </section> </section> <section anchor="Ciphersuites" numbered="true" toc="default"> <name>Ciphersuites</name> <t>This section documents SPAKE2+ ciphersuite configurations. A ciphersuite indicates a group, cryptographic hash algorithm, and pair of KDF and MAC functions, e.g., P256-SHA256-HKDF-HMAC-SHA256. This ciphersuite indicates a SPAKE2+ protocol instance over P-256 that uses SHA256 along with HKDF <xref target="RFC5869" format="default"/> and HMAC <xref target="RFC2104" format="default"/> for G, Hash, KDF, and MAC functions, respectively. Since the choice ofPBKDF andPBKDF, its parameters for computing w0 andw1w1, anddistributing doesthe distribution of w0 and w1 do not affect interoperability, the PBKDF is not included as part of the ciphersuite.</t> <t>If no MAC algorithm is used in the key confirmation phase, its respective column inTable 1<xref target="tab-1"/> can be ignored and the ciphersuite name will contain no MAC identifier.</t> <table anchor="tab-1" align="center"> <thead> <tr> <th align="left">G</th> <th align="center">Hash</th> <th align="center">KDF</th> <th align="center">MAC</th> </tr> </thead> <tbody> <tr> <td align="left">P-256</td> <td align="center">SHA256 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA256 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA256 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">P-256</td> <td align="center">SHA512 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA512 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA512 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">P-384</td> <td align="center">SHA256 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA256 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA256 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">P-384</td> <td align="center">SHA512 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA512 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA512 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">P-521</td> <td align="center">SHA512 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA512 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA512 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">edwards25519</td> <td align="center">SHA256 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA256 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA256 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">edwards448</td> <td align="center">SHA512 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA512 <xref target="RFC5869" format="default"/></td> <td align="center">HMAC-SHA512 <xref target="RFC2104" format="default"/></td> </tr> <tr> <td align="left">P-256</td> <td align="center">SHA256 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA256 <xref target="RFC5869" format="default"/></td> <td align="center">CMAC-AES-128 <xref target="RFC4493" format="default"/></td> </tr> <tr> <td align="left">P-256</td> <td align="center">SHA512 <xref target="RFC6234" format="default"/></td> <td align="center">HKDF-SHA512 <xref target="RFC5869" format="default"/></td> <td align="center">CMAC-AES-128 <xref target="RFC4493" format="default"/></td> </tr> </tbody> </table> <t>The following points represent permissible point generation seeds for the groups listed inTable 1,<xref target="tab-1"/>, using the algorithm presented in <xref target="pointgen" format="default"/>. Thesebytestringsbyte strings are compressed points as in <xref target="SEC1" format="default"/> for curves from <xref target="SEC1" format="default"/> and <xref target="RFC8032" format="default"/>. Note that these values are identical to those used in the companion SPAKE2 specification <xreftarget="I-D.irtf-cfrg-spake2"target="RFC9382" format="default"/>.</t> <t>ForP256:</t>P-256:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ M = 02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f seed: 1.2.840.10045.3.1.7 point generation seed (M) N = 03d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f98baa1292b49 seed: 1.2.840.10045.3.1.7 point generation seed (N) ]]></artwork> <t>ForP384:</t>P-384:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ M = 030ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba366434b363d3dc 36f15314739074d2eb8613fceec2853 seed: 1.3.132.0.34 point generation seed (M) N = 02c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca21518f9c543bb 252c5490214cf9aa3f0baab4b665c10 seed: 1.3.132.0.34 point generation seed (N) ]]></artwork> <t>ForP521:</t>P-521:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ M = 02003f06f38131b2ba2600791e82488e8d20ab889af753a41806c5db18d37d85608 cfae06b82e4a72cd744c719193562a653ea1f119eef9356907edc9b56979962d7aa seed: 1.3.132.0.35 point generation seed (M) N = 0200c7924b9ec017f3094562894336a53c50167ba8c5963876880542bc669e494b25 32d76c5b53dfb349fdf69154b9e0048c58a42e8ed04cef052a3bc349d95575cd25 seed: 1.3.132.0.35 point generation seed (N) ]]></artwork> <t>For edwards25519:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ M = d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf seed: edwards25519 point generation seed (M) N = d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab seed: edwards25519 point generation seed (N) ]]></artwork> <t>For edwards448:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ M = b6221038a775ecd007a4e4dde39fd76ae91d3cf0cc92be8f0c2fa6d6b66f9a12 942f5a92646109152292464f3e63d354701c7848d9fc3b8880 seed: edwards448 point generation seed (M) N = 6034c65b66e4cd7a49b0edec3e3c9ccc4588afd8cf324e29f0a84a072531c4db f97ff9af195ed714a689251f08f8e06e2d1f24a0ffc0146600 seed: edwards448 point generation seed (N) ]]></artwork> </section> <section anchor="iana-considerations" numbered="true" toc="default"> <name>IANA Considerations</name><t>No<t>This document has no IANAaction is required.</t>actions.</t> </section> <section anchor="security" numbered="true" toc="default"> <name>Security Considerations</name> <t>SPAKE2+ appears in <xref target="TDH" format="default"/> and is proven secure in <xref target="SPAKE2P-Analysis" format="default"/>.</t> <t>The ephemeral randomness used by theproverProver andverifier MUSTVerifier <bcp14>MUST</bcp14> be generated using a cryptographically securePRNG.</t>Pseudorandom Number Generator (PRNG).</t> <t>Elements received from a peerMUST<bcp14>MUST</bcp14> be checked for group membership: failure to properly deserialize and validate group elements can lead to attacks. An endpointMUST<bcp14>MUST</bcp14> abort the protocol if any received public value is not a member of the large prime-order subgroup of G. Multiplication of a public value V by the cofactor h will yield the identity element I whenever V is an element of a small-order subgroup. Consequently,proverthe Prover andverifier MUSTVerifier <bcp14>MUST</bcp14> abort the protocol uponofreceiving anyreceivedvalue V such that V*h = I. Failure to do so may lead to subgroup confinement attacks.</t> </section><section anchor="acknowledgements" numbered="true" toc="default"> <name>Acknowledgements</name> <t>Thanks to Ben Kaduk and Watson Ladd, from which this specification originally emanated.</t> </section></middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <reference anchor="TDH"> <front> <title>The Twin-Diffie Hellman Problem and Applications</title><author><author initials="D" surname="Cash" fullname="David Cash"> <organization/> </author> <author initials="E" surname="Kiltz" fullname="Eike Kiltz"> <organization/> </author> <author initials="V" surname="Shoup" fullname="Victor Shoup"> <organization/> </author> <date month="April" year="2008"/> </front><seriesInfo name="EUROCRYPT<refcontent>EUROCRYPT 2008,Volume 4965 ofLecturenotesNotes in Computer Science, Volume 4965, pages 127-145, Springer-Verlag, Berlin,Germany" value=""/>Germany</refcontent> <seriesInfo name="DOI" value="10.1007/978-3-540-78967-3_8"/> </reference> <reference anchor="SPAKE2P-Analysis" target="https://eprint.iacr.org/2020/313.pdf"> <front> <title>Security analysis of SPAKE2+</title><author><author initials="V." surname="Shoup" fullname="Victor Shoup"> <organization/> </author> <date month="March" year="2020"/> </front> </reference> <reference anchor="SEC1" target="https://secg.org/sec1-v2.pdf"> <front><title>Elliptic<title>SEC 1: Elliptic CurveCryptography, StandardsCryptography</title> <author> <organization>Standards for Efficient CryptographyGroup, ver. 2</title> <author> <organization/> </author> <date year="2009"/> </front> </reference> <reference anchor="I-D.irtf-cfrg-spake2"> <front> <title>SPAKE2, a PAKE</title> <author fullname="Watson Ladd"> <organization>Sealance</organization> </author> <author fullname="Benjamin Kaduk"> <organization>Akamai Technologies</organization> </author> <date day="8" month="February" year="2022"/> <abstract> <t> This document describes SPAKE2 which is a protocol for two parties that share a password to derive a strong shared key without disclosing the password. This method is compatible with any group, is computationally efficient, and SPAKE2 has a security proof. This document predated the CFRG PAKE competition and it was not selected, however, given existing use of variants in Kerberos and other applications it was felt publication was beneficial. Applications that need a symmetric PAKE (password authenticated key exchange) and where hashing onto an elliptic curve at execution time is not possible can use SPAKE2. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-spake2-26"/> </reference> <reference anchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"> <organization/> </author> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/>Group</organization> </author> <date month="May"year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC6234"> <front> <title>US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)</title> <author fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"> <organization/> </author> <author fullname="T. Hansen" initials="T." surname="Hansen"> <organization/> </author> <date month="May" year="2011"/> <abstract> <t>Federal Information Processing Standard, FIPS</t> </abstract>year="2009"/> </front><seriesInfo name="RFC" value="6234"/> <seriesInfo name="DOI" value="10.17487/RFC6234"/><refcontent>version 2.0</refcontent> </reference><reference anchor="RFC8265"> <front> <title>Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords</title> <author fullname="P. Saint-Andre" initials="P." surname="Saint-Andre"> <organization/> </author> <author fullname="A. Melnikov" initials="A." surname="Melnikov"> <organization/> </author> <date month="October" year="2017"/> <abstract> <t>This document describes updated methods for handling Unicode strings representing usernames and passwords. The previous approach was known as SASLprep (RFC 4013) and was based on Stringprep<!-- draft-irtf-cfrg-spake2 (RFC3454). The methods specified in this document provide a more sustainable approach to the handling of internationalized usernames and passwords. This document obsoletes RFC 7613.</t> </abstract> </front> <seriesInfo name="RFC" value="8265"/> <seriesInfo name="DOI" value="10.17487/RFC8265"/> </reference> <reference anchor="RFC5869"> <front> <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"> <organization/> </author> <author fullname="P. Eronen" initials="P." surname="Eronen"> <organization/> </author> <date month="May" year="2010"/> <abstract> <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="5869"/> <seriesInfo name="DOI" value="10.17487/RFC5869"/> </reference>9382) --> <referenceanchor="RFC2104">anchor='RFC9382' target='https://www.rfc-editor.org/info/rfc9382'> <front><title>HMAC: Keyed-Hashing for Message Authentication</title> <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"> <organization/> </author> <author fullname="M. Bellare" initials="M." surname="Bellare"> <organization/> </author> <author fullname="R. Canetti" initials="R." surname="Canetti"> <organization/> </author> <date month="February" year="1997"/> <abstract> <t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with<title>SPAKE2, asecret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t> </abstract> </front> <seriesInfo name="RFC" value="2104"/> <seriesInfo name="DOI" value="10.17487/RFC2104"/> </reference> <reference anchor="RFC4493"> <front> <title>The AES-CMAC Algorithm</title> <author fullname="JH. Song" initials="JH." surname="Song"> <organization/> </author> <author fullname="R. Poovendran" initials="R." surname="Poovendran"> <organization/> </author> <author fullname="J. Lee" initials="J." surname="Lee"> <organization/> </author> <author fullname="T. Iwata" initials="T." surname="Iwata"> <organization/> </author> <date month="June" year="2006"/> <abstract> <t>The National Institute of Standards and Technology (NIST) has recently specified the Cipher-based Message Authentication Code (CMAC), which is equivalent to the One-Key CBC MAC1 (OMAC1) submitted by Iwata and Kurosawa. This memo specifies an authentication algorithm based on CMAC with the 128-bit Advanced Encryption Standard (AES). This new authentication algorithm is named AES-CMAC. The purpose of this document is to make the AES-CMAC algorithm conveniently available to the Internet Community. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="4493"/> <seriesInfo name="DOI" value="10.17487/RFC4493"/> </reference> <reference anchor="RFC8032"> <front> <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title> <author fullname="S. Josefsson" initials="S." surname="Josefsson"> <organization/> </author> <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"> <organization/> </author> <date month="January" year="2017"/> <abstract> <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.</t> </abstract> </front> <seriesInfo name="RFC" value="8032"/> <seriesInfo name="DOI" value="10.17487/RFC8032"/> </reference> <reference anchor="RFC5480"> <front> <title>Elliptic Curve Cryptography Subject PublicPassword-Authenticated KeyInformation</title> <author fullname="S. Turner" initials="S." surname="Turner"> <organization/> </author> <author fullname="D. Brown" initials="D." surname="Brown"> <organization/> </author>Exchange</title> <authorfullname="K. Yiu" initials="K." surname="Yiu"> <organization/> </author> <author fullname="R. Housley" initials="R." surname="Housley"> <organization/> </author> <author fullname="T. Polk" initials="T." surname="Polk"> <organization/>initials='W' surname='Ladd' fullname='Watson Ladd'> <organization /> </author> <datemonth="March" year="2009"/> <abstract> <t>This document specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. This document updates Sections 2.3.5 and 5, and the ASN.1 module of "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279. [STANDARDS-TRACK]</t> </abstract>year='2023' month='September' /> </front> <seriesInfo name="RFC"value="5480"/>value="9382"/> <seriesInfo name="DOI"value="10.17487/RFC5480"/>value="10.17487/RFC9382"/> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6234.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8265.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5869.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2104.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4493.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5480.xml"/> </references> <references> <name>Informative References</name><reference anchor="RFC7914"> <front> <title>The scrypt Password-Based Key Derivation Function</title> <author fullname="C. Percival" initials="C." surname="Percival"> <organization/> </author> <author fullname="S. Josefsson" initials="S." surname="Josefsson"> <organization/> </author> <date month="August" year="2016"/> <abstract> <t>This document specifies the password-based key derivation function scrypt. The function derives one or more secret keys from a secret string. It is based on memory-hard functions, which offer added protection against attacks using custom hardware. The document also provides an ASN.1 schema.</t> </abstract> </front> <seriesInfo name="RFC" value="7914"/> <seriesInfo name="DOI" value="10.17487/RFC7914"/> </reference> <reference anchor="RFC9106"> <front> <title>Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications</title> <author fullname="A. Biryukov" initials="A." surname="Biryukov"> <organization/> </author> <author fullname="D. Dinu" initials="D." surname="Dinu"> <organization/> </author> <author fullname="D. Khovratovich" initials="D." surname="Khovratovich"> <organization/> </author> <author fullname="S. Josefsson" initials="S." surname="Josefsson"> <organization/> </author> <date month="September" year="2021"/> <abstract> <t>This document describes the Argon2 memory-hard function for password hashing and proof-of-work applications. We provide an implementer-oriented description with test vectors. The purpose is to simplify adoption of Argon2 for Internet protocols. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t> </abstract> </front> <seriesInfo name="RFC" value="9106"/> <seriesInfo name="DOI" value="10.17487/RFC9106"/> </reference> <reference anchor="RFC8844"> <front> <title>Unknown Key-Share Attacks on Uses of TLS with the Session Description Protocol (SDP)</title> <author fullname="M. Thomson" initials="M." surname="Thomson"> <organization/> </author> <author fullname="E. Rescorla" initials="E." surname="Rescorla"> <organization/> </author> <date month="January" year="2021"/> <abstract> <t>This document describes unknown key-share attacks on the use of Datagram Transport Layer Security for the Secure Real-Time Transport Protocol (DTLS-SRTP). Similar attacks are described on the use of DTLS-SRTP with the identity bindings used in Web Real-Time Communications (WebRTC) and SIP identity. These attacks are difficult to mount, but they cause a victim to be misled about the identity of a communicating peer. This document defines mitigation techniques that implementations of RFC 8122 are encouraged to deploy.</t> </abstract> </front> <seriesInfo name="RFC" value="8844"/> <seriesInfo name="DOI" value="10.17487/RFC8844"/> </reference><xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7914.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9106.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8844.xml"/> </references> </references> <section anchor="flow" numbered="true" toc="default"> <name>Protocol Flow</name> <t>This section describes the flow of the SPAKE2+ protocol, including computations and mandatory checks performed by theproverProver andverifier.Verifier. The constants M, N, P, p, and h are defined by the chosen ciphersuite.</t> <section anchor="prover" numbered="true" toc="default"> <name>Prover</name> <t>TheProver's behavior consists ofProver implements two functions, ProverInit and ProverFinish, which are described below.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ def ProverInit(w0): // ComputeproverProver key share x <- [0, p-1] X = x*P + w0*M return (x, X) def ProverFinish(w0, w1, x, Y): if not_in_subgroup(Y): raise "invalid input" // Compute shared values Z = h*x*(Y - w0*N) V = h*w1*(Y - w0*N) return (Y, Z, V)]]></artwork>]]></sourcecode> </section> <section anchor="verifier" numbered="true" toc="default"> <name>Verifier</name> <t>TheVerifier's behavior consists ofVerifier implements a single function, VerifierFinish, which is described below.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ def VerifierFinish(w0, L, X): if not_in_subgroup(X): raise "invalid input" // ComputeverifierVerifier key share y <- [0, p-1] Y = y*P + w0*N // Compute shared values Z = h*y*(X - w0*M) V = h*y*L return (Z, V)]]></artwork>]]></sourcecode> </section> <section anchor="transcript-computation" numbered="true" toc="default"> <name>Transcript Computation</name> <t>Both the Prover and the Verifier share the same function to compute the protocol transcript, ComputeTranscript, which is described below.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ def ComputeTranscript(Context, idProver, idVerifier, shareP, shareV, Z, V, w0): TT = len(Context) || Context || len(idProver) || idProver || len(idVerifier) || idVerifier || len(M) || M || len(N) || N || len(shareP) || shareP || len(shareV) || shareV || len(Z) || Z || len(V) || V || len(w0) || w0]]></artwork>]]></sourcecode> </section> <section anchor="key-schedule-computation" numbered="true" toc="default"> <name>Key Schedule Computation</name> <t>Both the Prover and the Verifier share the same function to compute the key schedule, ComputeKeySchedule, which is described below.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ def ComputeKeySchedule(TT): K_main = Hash(TT) K_confirmP || K_confirmV = KDF(nil, K_main, "ConfirmationKeys") K_shared = KDF(nil, K_main, "SharedKey") return K_confirmP, K_confirmV, K_shared]]></artwork>]]></sourcecode> </section> <section anchor="protocol-run" numbered="true" toc="default"> <name>Protocol Run</name> <t>A full SPAKE2+ protocol run initiated by theproverProver will look as follows, where Transmit and Receive are shorthand for sending and receiving a message to the peer:</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ Prover(Context, idProver, idVerifier, w0, w1): (x, X) = ProverInit(w0) Transmit(X) Y = Receive() (Z, V) = ProverFinish(w0, w1, x, Y) TT = ComputeTranscript(Context, idProver, idVerifier, X, Y, Z, V, w0) (K_confirmP, K_confirmV, K_shared) = ComputeKeySchedule(TT) expected_confirmV = MAC(K_confirmV, X) confirmV = Receive() if not_equal_constant_time(expected_confirmV, confirmV): raise "invalid confirmation message" confirmP = MAC(K_confirmP, Y) Transmit(confirmP) return K_shared Verifier(Context, idProver, idVerifier, w0, L): X = Receive() (Y, Z, V) = VerifierFinish(w0, L, X) Transmit(Y) TT = ComputeTranscript(Context, idProver, idVerifier, X, Y, Z, V, w0) (K_confirmP, K_confirmV, K_shared) = ComputeKeySchedule(TT) confirmV = MAC(K_confirmV, X) Transmit(confirmV) expected_confirmP = MAC(K_confirmP, Y) confirmP = Receive() if not_equal_constant_time(expected_confirmP, confirmP): raise "invalid confirmation message" return K_shared]]></artwork>]]></sourcecode> </section> </section> <section anchor="pointgen" numbered="true" toc="default"> <name>AlgorithmusedUsed for Point Generation</name> <t>This section describes the algorithm that was used to generate the points M and N inthe table in<xreftarget="Ciphersuites" format="default"/>.target="tab-1"/> (<xref target="Ciphersuites"/>). This algorithm produces M and N such that they are indistinguishable from two random points in the prime-order subgroup of G, where the discrete log of these points is unknown. See <xref target="SPAKE2P-Analysis" format="default"/> for additional details on this requirement.</t> <t>For each curve inthe table below,<xref target="tab-1"/>, we construct a string using the curve OID from <xref target="RFC5480" format="default"/> (as an ASCII string) or its name, combined with the neededconstant,constant -- forinstanceinstance, "1.3.132.0.35 point generation seed (M)" forP-512.P-521. This string is turned into a series of blocks by hashing with SHA256, and hashing that output again to generate the next 32 bytes, and so on. This pattern is repeated for each group and value, with the string modified appropriately.</t> <t>A byte string of length equal to that of an encoded group element is constructed by concatenating as many blocks as are required, starting from the first block, and truncating to the desired length. The byte string is then formatted as required for the group. In the case of Weierstrass curves, we take the desired length as the length for representing a compressed point(section 2.3.4 of <xref(<xref target="SEC1"format="default"/>),sectionFormat="of" section="2.3.4" relative="#subsubsection.2.3.4"/>) and use the low-order bit of the first byte as the sign bit. In order to obtain the correct format, the value of the first byte is set to 0x02 or 0x03 (clearing the first six bits and setting the seventh bit), leaving the sign bit as it was in the byte string constructed by concatenating hash blocks. For the curves described in <xref target="RFC8032"format="default"/> curvesformat="default"/>, a different procedure is used. Foredwards448edwards448, the 57-byte input has the least-significant 7 bits of the last byte set to zero, and foredwards25519edwards25519, the 32-byte input is not modified. For both of the curves described in <xref target="RFC8032"format="default"/> curvesformat="default"/>, the (modified) input is then interpreted as the representation of the group element. If this interpretation yields a valid group element with the correct order (p), the (modified) byte string is the output. Otherwise, the initial hash block is discarded and a new byte string constructed from the remaining hash blocks. The procedureoffor constructing a byte string of the appropriate length, formatting it as required for the curve, and checking to see if it is a valid point of the correctorder,order is repeated until a valid element is found.</t> <t>The followingpythonPython snippet generates the above points, assuming an elliptic curve implementation following the interface of Edwards25519Point.stdbase() and Edwards448Point.stdbase() inAppendix A of<xref target="RFC8032"format="default"/>:</t> <artwork name="" type="" align="left" alt=""><![CDATA[sectionFormat="of" section="A"/>:</t> <sourcecode type="python"><![CDATA[ def iterated_hash(seed, n): h = seed for i in range(n): h = hashlib.sha256(h).digest() return h def bighash(seed, start, sz): n = -(-sz // 32) hashes = [iterated_hash(seed, i) for i in range(start, start + n)] return b''.join(hashes)[:sz] def canon_pointstr(ecname, s): if ecname == 'edwards25519': return s elif ecname == 'edwards448': return s[:-1] + bytes([s[-1] & 0x80]) else: return bytes([(s[0] & 1) | 2]) + s[1:] def gen_point(seed, ecname, ec): for i in range(1, 1000): hval = bighash(seed, i, len(ec.encode())) pointstr = canon_pointstr(ecname, hval) try: p = ec.decode(pointstr) if p != ec.zero_elem() and p * p.l() == ec.zero_elem(): return pointstr, i except Exception: pass]]></artwork>]]></sourcecode> </section> <section anchor="testvectors" numbered="true" toc="default"> <name>Test Vectors</name> <t>This section contains various test vectors for SPAKE2+.(Choice(The choice of PBKDF isomittedomitted, and values for w0 and w1 are provided directly.) All points are encoded using the uncompressed format, i.e., with a 0x04 octet prefix, specified in <xref target="SEC1" format="default"/>.idProver idProver and idVerifier identity strings are provided in the protocol invocation.</t><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P256-SHA256-HKDF-SHA256-HMAC-SHA256 Test Vectors '] [idProver=b'client'] [idVerifier=b'server'] w0 = 0xbb8e1bbcf3c48f62c08db243652ae55d3e5586053fca77102994f23ad9549 1b3 w1 = 0x7e945f34d78785b8a3ef44d0df5a1a97d6b3b460409a345ca7830387a74b1 dba L = 0x04eb7c9db3d9a9eb1f8adab81b5794c1f13ae3e225efbe91ea487425854c7f c00f00bfedcbd09b2400142d40a14f2064ef31dfaa903b91d1faea7093d835966efd x = 0xd1232c8e8693d02368976c174e2088851b8365d0d79a9eee709c6a05a2fad5 39 shareP = 0x04ef3bd051bf78a2234ec0df197f7828060fe9856503579bb17330090 42c15c0c1de127727f418b5966afadfdd95a6e4591d171056b333dab97a79c7193e3 41727 y = 0x717a72348a182085109c8d3917d6c43d59b224dc6a7fc4f0483232fa6516d8 b3 shareV = 0x04c0f65da0d11927bdf5d560c69e1d7d939a05b0e88291887d679fcad ea75810fb5cc1ca7494db39e82ff2f50665255d76173e09986ab46742c798a9a6843 7b048 Z = 0x04bbfce7dd7f277819c8da21544afb7964705569bdf12fb92aa388059408d5 0091a0c5f1d3127f56813b5337f9e4e67e2ca633117a4fbd559946ab474356c41839 V = 0x0458bf27c6bca011c9ce1930e8984a797a3419797b936629a5a937cf2f11c8 b9514b82b993da8a46e664f23db7c01edc87faa530db01c2ee405230b18997f16b68 TT = 0x38000000000000005350414b45322b2d503235362d5348413235362d484b4 4462d5348413235362d484d41432d534841323536205465737420566563746f72730 600000000000000636c69656e7406000000000000007365727665724100000000000 00004886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12 f5ff355163e43ce224e0b0e65ff02ac8e5c7be09419c785e0ca547d55a12e2d20410 000000000000004d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f9 8baa1292b4907d60aa6bfade45008a636337f5168c64d9bd36034808cd564490b1e6 56edbe7410000000000000004ef3bd051bf78a2234ec0df197f7828060fe98565035 79bb1733009042c15c0c1de127727f418b5966afadfdd95a6e4591d171056b333dab 97a79c7193e341727410000000000000004c0f65da0d11927bdf5d560c69e1d7d939 a05b0e88291887d679fcadea75810fb5cc1ca7494db39e82ff2f50665255d76173e0 9986ab46742c798a9a68437b048410000000000000004bbfce7dd7f277819c8da215 44afb7964705569bdf12fb92aa388059408d50091a0c5f1d3127f56813b5337f9e4e 67e2ca633117a4fbd559946ab474356c4183941000000000000000458bf27c6bca01 1c9ce1930e8984a797a3419797b936629a5a937cf2f11c8b9514b82b993da8a46e66 4f23db7c01edc87faa530db01c2ee405230b18997f16b682000000000000000bb8e1 bbcf3c48f62c08db243652ae55d3e5586053fca77102994f23ad95491b3 K_main = 0x4c59e1ccf2cfb961aa31bd9434478a1089b56cd11542f53d3576fb6c2 a438a29 K_confirmP = 0x871ae3f7b78445e34438fb284504240239031c39d80ac23eb5ab9 be5ad6db58a K_confirmV = 0xccd53c7c1fa37b64a462b40db8be101cedcf838950162902054e6 44b400f1680 HMAC(K_confirmP, shareV) = 0x926cc713504b9b4d76c9162ded04b5493e89109 f6d89462cd33adc46fda27527 HMAC(K_confirmV, shareP) = 0x9747bcc4f8fe9f63defee53ac9b07876d907d55 047e6ff2def2e7529089d3e68 K_shared = 0x0c5f8ccd1413423a54f6c1fb26ff01534a87f893779c6e68666d772 bfd91f3e7 ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P256-SHA512-HKDF-SHA512-HMAC-SHA512 Test Vectors '] [idProver=b'client'] [idVerifier=b'server'] w0 = 0x1cc5207d6e34b8f7828206fb64b86aa9c712bc952abf251bb9f5856b24d8c 8cc w1 = 0x4279649e62532b01dc27d2ed39100ba350518fb969672061a01edce752d0e 672 L = 0x043a348ad475d2200d46df876f1eb2e136056da31dafff52cc7762bf3be84d e0097c4e69b0b9321326af1f0af4a14561a9c7b640cb5afd6822d14cb34830fc4511 x = 0xb586ab83f175c1a2b56b6a1b6a283523f88a9befcf11e22efb48e2ee1fe69a 23 shareP = 0x04a7928c4b47f6b8657a5b8ebcb6f1bd266192e152fb9745a4180c946 57a2f323b4d50d536c0325cdb0ec42c9bd8db8d7af3ff6dc85edb4b5365375c62e09 def4a y = 0xac1fb828f041782d452ea9cc00c3fa34a55fa8f7f98c04be45a3d607b092d4 41 shareV = 0x04498c29e37dbd53ebf8db76679901d90c6be3af57f46ac3025b32420 839f0489c6c3b6bf5ddc8ecbc3d7c83d0891ad814a00ad23eba13197c9d96a5b1027 5e35d Z = 0x04a81e31be54283cee81bf7bdc877764b6b2ac6a399f1176380aac8a82172c 18051aa17dfcf438896ad253f53b52cd45ec2c7399488a919bcfcfecc0261cbf5284 V = 0x04de0a53f96cbe4abcd31c1e0a23ea6f169c162dc5a007393c8fcddd2abd5d 518bb2d9734b1d2dfce3fd916e991ab9dc3a2760d439c083eb39b65408857d2bb4aa TT = 0x38000000000000005350414b45322b2d503235362d5348413531322d484b4 4462d5348413531322d484d41432d534841353132205465737420566563746f72730 600000000000000636c69656e7406000000000000007365727665724100000000000 00004886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12 f5ff355163e43ce224e0b0e65ff02ac8e5c7be09419c785e0ca547d55a12e2d20410 000000000000004d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f9 8baa1292b4907d60aa6bfade45008a636337f5168c64d9bd36034808cd564490b1e6 56edbe7410000000000000004a7928c4b47f6b8657a5b8ebcb6f1bd266192e152fb9 745a4180c94657a2f323b4d50d536c0325cdb0ec42c9bd8db8d7af3ff6dc85edb4b5 365375c62e09def4a410000000000000004498c29e37dbd53ebf8db76679901d90c6 be3af57f46ac3025b32420839f0489c6c3b6bf5ddc8ecbc3d7c83d0891ad814a00ad 23eba13197c9d96a5b10275e35d410000000000000004a81e31be54283cee81bf7bd c877764b6b2ac6a399f1176380aac8a82172c18051aa17dfcf438896ad253f53b52c d45ec2c7399488a919bcfcfecc0261cbf5284410000000000000004de0a53f96cbe4 abcd31c1e0a23ea6f169c162dc5a007393c8fcddd2abd5d518bb2d9734b1d2dfce3f d916e991ab9dc3a2760d439c083eb39b65408857d2bb4aa20000000000000001cc52 07d6e34b8f7828206fb64b86aa9c712bc952abf251bb9f5856b24d8c8cc K_main = 0x527613439c279a375c116342a4216a8d92441d2fe1921dd1e60f140b2 855916ccac7db4dbf22bd56e344a8cd506d08949bde1e9d83c24d68ff4246458dc14 288 K_confirmP = 0x0aa129d7b82067c2a9607677c9c4fdedc1cd7cfed9ff72c54c0ae bb2b1a8aa915b96834b2986725c6040852ceaafbb17d638a715198f795654eac89bf 0739878 K_confirmV = 0xa1f1038de30a8c12d43d06c27d362daa9699249e941faa2d5cbc5 9a9683bf42aed9537818245677fdb54b5274506542994f4a83455f6d7b3af5ec017f aa58f61 HMAC(K_confirmP, shareV) = 0x6b2469b56cf8ac3f94a8d0b533380ea6b3d0f46 b3e12ee82550d49e129c2412728c9437a64ee5f80c8cdc5e8a30faa0a6deb8a52513 46ba81bb6fc955b2304fc HMAC(K_confirmV, shareP) = 0x154174fc278a935e290b3352ba877e179fa9281 c0a76928faea703c72d383b267511a5cf084cb07147efece94e3cfd91944e7baab85 6858fbebc087167b0f409 K_shared = 0x11887659d9e002f34fa6cc270d33570f001b2a3fc0522b643c07327 d09a4a9f47aab85813d13c585b53adf5ac9de5707114848f3dc31a4045f69a2cc197 2b098 ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P384-SHA256-HKDF-SHA256-HMAC-SHA256 Test Vectors '] [idProver=b'client'] [idVerifier=b'server'] w0 = 0x097a61cbb1cee72bb654be96d80f46e0e3531151003903b572fc193f23377 2c23c22228884a0d5447d0ab49a656ce1d2 w1 = 0x18772816140e6c3c3938a693c600b2191118a34c7956e1f1cd5b0d519b56e a5858060966cfaf27679c9182129949e74f L = 0x04f27dd5384d6b9beb4c5022c94b1978d632779e1d3abe458611e734a529d0 04e25053398e5dc9eeaa4ffa59743ca7ddbc0e7ce69155295cb2b846da83ee6a4449 0dd8e96bb0b0f6645281bfd978dd5f6836561ea0d8b2c045ff04cef2e5873d2c x = 0x2f1bdbeda162ff2beba0293d3cd3ae95f663c53663378c7e18ee8f56a4a48b 00d31ce0ef43606548da485058f12e8e73 shareP = 0x049fb0404ca7ce71fb85d3aaa8fd05fa054affac996135bc245149be0 9571e43e2bf76e00d6d52ac452b8224f6b9da31420a4f5e214b377546daad4d61da5 ca0cfdea59a5a92ebdb6b42da5d14663b8d1f9eb97050139ab89788e0ada27b048fc f y = 0xbbcaf02404a16ed4fa73b183f703a8d969386f3d34f5e98b3a904e760512f1 1757f07dfcf87a2ada8fc6d028445bd53e shareV = 0x0493b1c1f6a30eac4ac4a15711e44640bae3576787627ee2541104298 1e94b2e9604b9374f66bb247bc431759212ef3fa0a20c087863b89efb32219e1337c e94be2175f8cb9fd50cf0b84772717fd063c52b69de1229a01ab840b55993287f32e d Z = 0x048cd880e5147e49b42b5754c1bc6d2091ad414789bc3b030f2d787ea480f3 e35d0fa0d02d0dd06fee7f242b702a2d984efd79c76d99ab35b99e359a205cea56bb a8dd8f995c101a69a5157686d1cf6a7288d7cff2f2a9748db99b24f646ea7b37 V = 0x041c3c9cc38b03a06a49cf17cc5e7754cf1ccbbc6fffc0ddf1a6e23f57294a 25d96f7da5ce4ac0a617c78502f2f235a5fcf2f76a62385434ed2b6e95521b41eff3 c4ce93ecf8fb32005dd76335d0a7c78153257288d7fde1a22d404f5d73d068e2 TT = 0x38000000000000005350414b45322b2d503338342d5348413235362d484b4 4462d5348413235362d484d41432d534841323536205465737420566563746f72730 600000000000000636c69656e7406000000000000007365727665726100000000000 000040ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba366434b363d3 dc36f15314739074d2eb8613fceec285397592c55797cdd77c0715cb7df2150220a0 119866486af4234f390aad1f6addde5930909adc67a1fc0c99ba3d52dc5dd6100000 00000000004c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca21518 f9c543bb252c5490214cf9aa3f0baab4b665c10c38b7d7f4e7f320317cd717315a79 7c7e02933aef68b364cbf84ebc619bedbe21ff5c69ea0f1fed5d7e3200418073f406 100000000000000049fb0404ca7ce71fb85d3aaa8fd05fa054affac996135bc24514 9be09571e43e2bf76e00d6d52ac452b8224f6b9da31420a4f5e214b377546daad4d6 1da5ca0cfdea59a5a92ebdb6b42da5d14663b8d1f9eb97050139ab89788e0ada27b0 48fcf61000000000000000493b1c1f6a30eac4ac4a15711e44640bae3576787627ee 25411042981e94b2e9604b9374f66bb247bc431759212ef3fa0a20c087863b89efb3 2219e1337ce94be2175f8cb9fd50cf0b84772717fd063c52b69de1229a01ab840b55 993287f32ed6100000000000000048cd880e5147e49b42b5754c1bc6d2091ad41478 9bc3b030f2d787ea480f3e35d0fa0d02d0dd06fee7f242b702a2d984efd79c76d99a b35b99e359a205cea56bba8dd8f995c101a69a5157686d1cf6a7288d7cff2f2a9748 db99b24f646ea7b376100000000000000041c3c9cc38b03a06a49cf17cc5e7754cf1 ccbbc6fffc0ddf1a6e23f57294a25d96f7da5ce4ac0a617c78502f2f235a5fcf2f76 a62385434ed2b6e95521b41eff3c4ce93ecf8fb32005dd76335d0a7c78153257288d 7fde1a22d404f5d73d068e23000000000000000097a61cbb1cee72bb654be96d80f4 6e0e3531151003903b572fc193f233772c23c22228884a0d5447d0ab49a656ce1d2 K_main = 0x61370f8bf65e0df7e9a7b2c2289be1ee4b5dd6c21f4b85165730700c4 4ce30af K_confirmP = 0x2c8940419d94e53d5d240801e702c4658531aa7a9f14ec75f0d67 f12fa84196c K_confirmV = 0x8e74afe16c53a44590ad6bf43aa89324978b8f20014336675f618 387f99f3fdc HMAC(K_confirmP, shareV) = 0x7ae825e242a5a1f86ad7db172c2c12fcb458b6a 2b1ddfc96b2b7cfd2eed5f7ab HMAC(K_confirmV, shareP) = 0x1581062167d6a3d14493447cd170d408f6fdc58 e31225438db86214167426a7a K_shared = 0x99758e838ae1a856589689fb55b6befe4e2382e6ebbeca1a6232a68 f9dc04c1a ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P384-SHA512-HKDF-SHA512-HMAC-SHA512 Test Vectors '] [idProver=b'client'] [idVerifier=b'server'] w0 = 0xb8d44a0982b88abe19b724d4bdafba8c90dc93130e0bf4f8062810992326d a126fd01db53e40250ca33a3ff302044cb0 w1 = 0x2373e2071c3bb2a6d53ece57830d56f8080189816803c22375d6a4a514f9d 161b64d0f05b97735b98b348f9b33cc2e30 L = 0x049ca7217ff6456bb2e2bcf71b31d9b1e5ed6e0c9700936ae617e990cee87e e1ce3a03629dd5532948c39b89f38b39f13c7f513c5b1ada00f6533a4a8b02b9cd04 e1b2a5db1f24ec5fe959198a19666037e04b768cc02e75ac9da0048736db6e5b x = 0x5a835d52714f30d2ef539268b89df9558628400063dfa0e41eb979066f4caf 409bbf7aab3ddddea13f1b070a1827d3d4 shareP = 0x042f382eef464a2c9aecfdf4b81d25c4de2de113ba67405ce336c762c 69217ae7e27bda875144140d7536c4cc08b9b4dace5f872a6a2ed57f34042688ad3c 5d446c187dc0caf9cea812df3a4dd6fdbc64b9d7d7d7ff4bf6965abb06eeb108d55e e y = 0xc883ee5b08cf7ba122038c279459ab1a730f85f2d624a02732d519faab56a4 98e773a8dec6c447ed02d5c00303a18bc4 shareV = 0x04d72e11eee332305062454c0a058b8103a3304785d445510cd8d101e 9cb44cfb159cb7b72123abaf719ab1c42e0558c84c14b0886e8b446e4c880bff2f4b 291fafafc748cb4115824e66732bdeba7fae176388e228ab9d7546255994ca3fb5a5 2 Z = 0x043cb63f5fcb573cf3e2ee40bca5fbc1f00ff2554caab3790329184c45ed69 c39b2e1323bc13c8f821b844feb5921b1470e7b3f70bd10508e5de6db157305badf8 20fa28d68742d8287fb201383a8deec70d5bcf2a61498a481290ed8cc94ab3a0 V = 0x0468604d188f4da560ddaaece126abe40f5de255f8af093c7c3aff71f95d90 92804426127d73d46a817085e9095de6bcf30733a5124a98f567148efe92a7134994 0c7244623247d33a8b78cbc9a53cd45bb22430f318a635084d1840c905f236c8 TT = 0x38000000000000005350414b45322b2d503338342d5348413531322d484b4 4462d5348413531322d484d41432d534841353132205465737420566563746f72730 600000000000000636c69656e7406000000000000007365727665726100000000000 000040ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba366434b363d3 dc36f15314739074d2eb8613fceec285397592c55797cdd77c0715cb7df2150220a0 119866486af4234f390aad1f6addde5930909adc67a1fc0c99ba3d52dc5dd6100000 00000000004c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca21518 f9c543bb252c5490214cf9aa3f0baab4b665c10c38b7d7f4e7f320317cd717315a79 7c7e02933aef68b364cbf84ebc619bedbe21ff5c69ea0f1fed5d7e3200418073f406 100000000000000042f382eef464a2c9aecfdf4b81d25c4de2de113ba67405ce336c 762c69217ae7e27bda875144140d7536c4cc08b9b4dace5f872a6a2ed57f34042688 ad3c5d446c187dc0caf9cea812df3a4dd6fdbc64b9d7d7d7ff4bf6965abb06eeb108 d55ee610000000000000004d72e11eee332305062454c0a058b8103a3304785d4455 10cd8d101e9cb44cfb159cb7b72123abaf719ab1c42e0558c84c14b0886e8b446e4c 880bff2f4b291fafafc748cb4115824e66732bdeba7fae176388e228ab9d75462559 94ca3fb5a526100000000000000043cb63f5fcb573cf3e2ee40bca5fbc1f00ff2554 caab3790329184c45ed69c39b2e1323bc13c8f821b844feb5921b1470e7b3f70bd10 508e5de6db157305badf820fa28d68742d8287fb201383a8deec70d5bcf2a61498a4 81290ed8cc94ab3a061000000000000000468604d188f4da560ddaaece126abe40f5 de255f8af093c7c3aff71f95d9092804426127d73d46a817085e9095de6bcf30733a 5124a98f567148efe92a71349940c7244623247d33a8b78cbc9a53cd45bb22430f31 8a635084d1840c905f236c83000000000000000b8d44a0982b88abe19b724d4bdafb a8c90dc93130e0bf4f8062810992326da126fd01db53e40250ca33a3ff302044cb0 K_main = 0x571af2e9a0bf4b354cca18d713f8a84315a46c999ceb92ca6a88b8a6d 615795140862dbccd6fdc0abecc5956c43f8ab40343a22fc1b91752cb7c2737dab90 41e K_confirmP = 0x6c8c7fc6becf3bc07f081b4f7f867bec76fd8eeddbd7968356723 bae701e04f35f800e647dfa013b2876958efe0ce68e7595ba46f1de0b17adfc02dfe 3f18a18 K_confirmV = 0x2d0c9702a0f5536bacddd596eb6ea365d17f176db30081b97b83e 05bb87e9a36c0565b7616251c93bc76c76fc5c3531a28db40779d986d4e7b71a24c4 3fbc731 HMAC(K_confirmP, shareV) = 0x7f806ae56ea3e49a8b16ffee528086489418913 641f529d50ff92aa456ad4648e522f9540b403bff6bd94ee1adc95c7d1b2666f7ba6 f9c10748bc7bfb4181d27 HMAC(K_confirmV, shareP) = 0x8daa262decb79cceda4421f4f8dacf22ec027c0 8e036f071beea563c8e00813a29807963ff9d7d6bbff48dd5bdcdd9ca9fd7ffc272b 162258d981913f7253dcb K_shared = 0x31e0075a823b9269af5769d71ef3b2f5001cbfe044584fe8551124a 217dad078415630bf3eda16b5a38341d418a6d72b3960f818a0926f0de88784b59d6 a694b ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P521-SHA512-HKDF-SHA512-HMAC-SHA512 Test Vectors '] [idProver=b'client'] [idVerifier=b'server'] w0 = 0x009c79bcd7656716314fca5a6e2c5cda7ef86131399438e012a043051e863 f60b5aeb3c101731e1505e721580f48535a9b0456b231b9266ae6fff49ee90d25f72 f5f w1 = 0x01632c15f51fcd916cd79e19075f8a69b72b0099922ad62ff8d540b469569 f0aa027047aed2b3f242ea0ac4288b4e4db6a4e5946d8ad32b42192c5aa66d9ef8e1 b33 L = 0x040135072d0fa36f9e80031294cef5c3c35b882a0efa2c66570d64a49f8bec 6c66435bf65bb7c7b2a3e7dece491e02b4d567e7087dbc32fe0fae8af417dcb50be6 d704012a194588b690e6d3db492656f72ddea01fc1c7fcec0f5d34a5af0102939f6f deae39c20cff74fcdb7f09855f0fc9520d20b0520b0b096b8d42c7c3d68b4a66f751 x = 0x00b69e3bb15df82c9fa0057461334e2c66ab92fc9b8d3662eec81216ef5ddc 4a43f19e90dedaa2d72502f69673a115984ffcf88e03a9364b07102114c5602cd93c 69 shareP = 0x0400a14431edf6852ff5fe868f8683e16e9e0a45d9e27f9a96442285a c6b161fc0bf267362a5ffb06f9cbd14b7a37e492146d77cae4c77812df00a91dbae0 9e27e1fac00ae019317ef9768548325bca35ce258e6206fe03c6338b2eb889d09d9f 11400a36cf6328a7e1f81c6c7a2af7ff1d9b5210768318f27e57b75b39b9fbfc7b37 a60ab y = 0x0056d01c5246fbde964c0493934b7ece89eafd943eb27d357880a2a2202249 9e249528c5707b1afe8794c8a1d60ceedaeed96dd0dd904ea075f096c9fec5da7de4 96 shareV = 0x0401aa5af0f3027f63b7170572db5ff06dd1f3d6ea8ea771b26b434fb bc6c9de7d80975131c9c2e94d30c0ed2d62449c4c1b7e95037a85ed7598e415a2591 26365e89500d0f2156b551b70416d719944736990f346f6f9ba4fbaf2f63e0987369 0bcf730582e0a7b03ffede50f5787b631d5021a94287f0a29a081b62b9f5a3bf393b 001b3 Z = 0x0401e3015bf2811891a518d342c63541294dc80e0ee210e8220a5b9cab010d 77945724ef1185d739a62847fdada9da9b1bca6b9fa173fa551185c6084c3db26d3a f0ac01f9356d01beebebd5ff026ca19f9df5d614355f3498816ac20b63bc936eed82 8a7039d1e17dba740471d9afc0e0b4427d65b2d27a57a87e42300004e2b4620c23c9 V = 0x0401058b21ca71e4439281579d6df3b86ae874d70742fe8eae2de60e77e07e 6e1c31b9c277de36b38531f5b769e9e4030ba09258f510c83c5c21957610355ce920 1fe600672db35efd1d0903bc285d4e27e9fb4472c30f17118dfa028f182bc9361c6a 749f560e31b9c404624d24e68010f064101d4a1154e77be8f2105dbeb8b0349adb0e TT = 0x38000000000000005350414b45322b2d503532312d5348413531322d484b4 4462d5348413531322d484d41432d534841353132205465737420566563746f72730 600000000000000636c69656e7406000000000000007365727665728500000000000 00004003f06f38131b2ba2600791e82488e8d20ab889af753a41806c5db18d37d856 08cfae06b82e4a72cd744c719193562a653ea1f119eef9356907edc9b56979962d7a a01bdd179a3d547610892e9b96dea1eab10bdd7ac5ae0cf75aa0f853bfd185cf782f 894301998b11d1898ede2701dca37a2bb50b4f519c3d89a7d054b51fb84912192850 00000000000000400c7924b9ec017f3094562894336a53c50167ba8c596387688054 2bc669e494b2532d76c5b53dfb349fdf69154b9e0048c58a42e8ed04cef052a3bc34 9d95575cd2501c62bee650c9287a651bb75c7f39a2006873347b769840d261d17760 b107e29f091d556a82a2e4cde0c40b84b95b878db2489ef760206424b3fe7968aa8e 0b1f33485000000000000000400a14431edf6852ff5fe868f8683e16e9e0a45d9e27 f9a96442285ac6b161fc0bf267362a5ffb06f9cbd14b7a37e492146d77cae4c77812 df00a91dbae09e27e1fac00ae019317ef9768548325bca35ce258e6206fe03c6338b 2eb889d09d9f11400a36cf6328a7e1f81c6c7a2af7ff1d9b5210768318f27e57b75b 39b9fbfc7b37a60ab85000000000000000401aa5af0f3027f63b7170572db5ff06dd 1f3d6ea8ea771b26b434fbbc6c9de7d80975131c9c2e94d30c0ed2d62449c4c1b7e9 5037a85ed7598e415a259126365e89500d0f2156b551b70416d719944736990f346f 6f9ba4fbaf2f63e09873690bcf730582e0a7b03ffede50f5787b631d5021a94287f0 a29a081b62b9f5a3bf393b001b385000000000000000401e3015bf2811891a518d34 2c63541294dc80e0ee210e8220a5b9cab010d77945724ef1185d739a62847fdada9d a9b1bca6b9fa173fa551185c6084c3db26d3af0ac01f9356d01beebebd5ff026ca19 f9df5d614355f3498816ac20b63bc936eed828a7039d1e17dba740471d9afc0e0b44 27d65b2d27a57a87e42300004e2b4620c23c985000000000000000401058b21ca71e 4439281579d6df3b86ae874d70742fe8eae2de60e77e07e6e1c31b9c277de36b3853 1f5b769e9e4030ba09258f510c83c5c21957610355ce9201fe600672db35efd1d090 3bc285d4e27e9fb4472c30f17118dfa028f182bc9361c6a749f560e31b9c404624d2 4e68010f064101d4a1154e77be8f2105dbeb8b0349adb0e4200000000000000009c7 9bcd7656716314fca5a6e2c5cda7ef86131399438e012a043051e863f60b5aeb3c10 1731e1505e721580f48535a9b0456b231b9266ae6fff49ee90d25f72f5f K_main = 0xf672a73216568d20cc3433247bc43a3b875a421cbdba76cf1db8bfe57 2b658bf3f7a4ef8cc9ff1f6a2827ff7b19860454b775a4097009040f3b36b7420407 16e K_confirmP = 0xa211c60ea8d4b3b294bd6ca9515663b77f3caac28af3658b34fe1 512f25077f2f64b8de426caa662b4cbbdc9c2f8f12347993c8d57fdf68c177732d7d da7277b K_confirmV = 0x0e9bf6b9a37339144cb32a78a872f50b10839f81eda6c09a827dd bb158c47162bec274af920cdf809f162b98fa701efebada26cdfbeac408b5a35b052 d18f0c6 HMAC(K_confirmP, shareV) = 0xf0f5c903dfa42fe367659656a26058cd984b76a 8e91ae4d0fa4c13db149008e2ae57713fb230a627761174fefd263b9c10e9a4b6a37 46cde59c5943040c17133 HMAC(K_confirmV, shareP) = 0xa8f7ab43f3a800171d3a3fb26d742e1ed236c2d 5804ecd328f220a7d245cd2e3bfb6c0526983bff9229c94f70fe64ba9bb5a4d0dc10 afcda64a4c96d4c3d81ad K_shared = 0xd1c170e4e55efacb9db8abad286293ebd1dcf24f13973427b9632bb c323e42e447afca2aa7f74f2af3fb5f51684ec543db854b7002cde6799c330b032ba 8820a ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P256-SHA256-HKDF-SHA256-CMAC-AES-128 Test Vector s'] [idProver=b'client'] [idVerifier=b'server'] w0 = 0x9aad90c603cf16cec4ee40d81acd7a865130b28cc6d0664ae2e0f406aa47e d61 w1 = 0x872be859cec1e78d191882bd9c2f032af018a25016813788fe8954bfffc58 c8e L = 0x04d79a53698c5dd79e14b426e73b4a7f1b42469815fe24e8f53ce01579e902 eb198d59f05bc451c41826b88e3db5476a69e197fdf474c75b387f6d40361c3fda35 x = 0x9d39a3511a007a7d3fe6af5555cf60301bcda503f2bf6634b2caf9e4fd0743 a1 shareP = 0x04788218027ba4b17f7279ef0aef47a8733cf88b5bf65d6127ecadc78 b8a0f65b9001f7e54719fb63c072ddd1e1a4adfb376dde37ba1aa2082362b6c2ca14 a8e53 y = 0x9c3219841626325c68d89c22fb6c55611e3136442daa8b9b784db7242afff3 ed shareV = 0x04c05953ea9d1cd6248b8c61becd7d55e46237526d8b1e23495ea7566 b7f6bc24b3da1cfb2e88a975fcfb5dc4e72b5cbea509b1cfdd1ef8f8195fa8bf2bd5 ca1e5 Z = 0x049444a17ad5909548a084fa182275a89a496ec6669bd08892aa9c64a512d4 0212147e6005bf1d510e3bbcfee8efc38243acaf4c5f2decffa009341b1e330b0442 V = 0x0457a8919af393e2da1de209a01fdda275eab0a682d8931b0e6ee1b9339794 63a25ccbcda1956a6a555706f0b062aa880617bd219d09391ad8576d3a73e9233f57 TT = 0x39000000000000005350414b45322b2d503235362d5348413235362d484b4 4462d5348413235362d434d41432d4145532d313238205465737420566563746f727 30600000000000000636c69656e74060000000000000073657276657241000000000 0000004886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa 12f5ff355163e43ce224e0b0e65ff02ac8e5c7be09419c785e0ca547d55a12e2d204 10000000000000004d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4 f98baa1292b4907d60aa6bfade45008a636337f5168c64d9bd36034808cd564490b1 e656edbe7410000000000000004788218027ba4b17f7279ef0aef47a8733cf88b5bf 65d6127ecadc78b8a0f65b9001f7e54719fb63c072ddd1e1a4adfb376dde37ba1aa2 082362b6c2ca14a8e53410000000000000004c05953ea9d1cd6248b8c61becd7d55e 46237526d8b1e23495ea7566b7f6bc24b3da1cfb2e88a975fcfb5dc4e72b5cbea509 b1cfdd1ef8f8195fa8bf2bd5ca1e54100000000000000049444a17ad5909548a084f a182275a89a496ec6669bd08892aa9c64a512d40212147e6005bf1d510e3bbcfee8e fc38243acaf4c5f2decffa009341b1e330b044241000000000000000457a8919af39 3e2da1de209a01fdda275eab0a682d8931b0e6ee1b933979463a25ccbcda1956a6a5 55706f0b062aa880617bd219d09391ad8576d3a73e9233f5720000000000000009aa d90c603cf16cec4ee40d81acd7a865130b28cc6d0664ae2e0f406aa47ed61 K_main = 0x6002da6b2740056f2836ac0316ae9e02e2b24c5c109883136e90ed868 b2fcf62 K_confirmP = 0x857d0db7f5e06385853bf4b8abd43b5a K_confirmV = 0x268c75933332157118063550c6bfe846 CMAC(K_confirmP, shareV) = 0xd340bc94a03feafd14491e316514ca5f CMAC(K_confirmV, shareP) = 0x2b42d0fe76bcf9ccc208d06d60082f96 K_shared = 0xe832094adfc028bf288e49ab902fc208b7eeff084f259da7613c047 9869d4fc9 ]]></sourcecode> <sourcecode type="test-vectors"><![CDATA[ [Context=b'SPAKE2+-P256-SHA512-HKDF-SHA512-CMAC-AES-128 Test Vector s'] [idProver=b'client'] [idVerifier=b'server'] w0 = 0x56e0299ac95739b616a973276c1338e3651285345dde2f7faf74c25c0b50e b90 w1 = 0x462fe5b522a17d3d35b27323113bdd252de9cbfdd6f264b35721bf59a9a74 f0b L = 0x040540332ffec8a2faa8d17ae6da5973c11e078b8c10c89fd6af996726b802 3513eff2914c3ced64fbedd4e261438fb0ea6ef9fc1faef4ba1ead780636faac1bc1 x = 0x254dd22780eeb6af2464dd6a2bd026b46a34966d6933607f1be956314f74b0 ea shareP = 0x049661cfdb0f7bd24b637f8d1d0f464c17f0b9c15129ea31156dcc581 da6c840240b275d72f28ea73a5c088c99d73896af24a5ae26e036eb2dedaf26e511a 24a48 y = 0x695beec24305fbd5660bc200228598e7c891fdf60a55df4bdd3a57debc3847 4a shareV = 0x0461f580eb3eb4b2f412d5c07491f360ad6e4492d8f23e346f0ba999f bbcb9715a3c2485c3b250a6672e6698da3c9a9725645f607ee90a9b1b34fd44b9df6 e551a Z = 0x0406f77a4bca254219dc3eeca9989f377037407105540bfddc5bdeff3d27a8 7d68442e69d543a000077bd4c42e33930f890d29fb4be5e8dcc627f6811ace96c274 V = 0x0442952a531a2937e03808e74f6d65afbedb4cfb7fcf91991498f77db21b14 6f5c2249e727e374de03f32848465aba5c5ebfe6501d3537d09160c7f42e4b3f133d TT = 0x39000000000000005350414b45322b2d503235362d5348413531322d484b4 4462d5348413531322d434d41432d4145532d313238205465737420566563746f727 30600000000000000636c69656e74060000000000000073657276657241000000000 0000004886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa 12f5ff355163e43ce224e0b0e65ff02ac8e5c7be09419c785e0ca547d55a12e2d204 10000000000000004d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4 f98baa1292b4907d60aa6bfade45008a636337f5168c64d9bd36034808cd564490b1 e656edbe74100000000000000049661cfdb0f7bd24b637f8d1d0f464c17f0b9c1512 9ea31156dcc581da6c840240b275d72f28ea73a5c088c99d73896af24a5ae26e036e b2dedaf26e511a24a4841000000000000000461f580eb3eb4b2f412d5c07491f360a d6e4492d8f23e346f0ba999fbbcb9715a3c2485c3b250a6672e6698da3c9a9725645 f607ee90a9b1b34fd44b9df6e551a41000000000000000406f77a4bca254219dc3ee ca9989f377037407105540bfddc5bdeff3d27a87d68442e69d543a000077bd4c42e3 3930f890d29fb4be5e8dcc627f6811ace96c27441000000000000000442952a531a2 937e03808e74f6d65afbedb4cfb7fcf91991498f77db21b146f5c2249e727e374de0 3f32848465aba5c5ebfe6501d3537d09160c7f42e4b3f133d200000000000000056e 0299ac95739b616a973276c1338e3651285345dde2f7faf74c25c0b50eb90 K_main = 0x111790ae23de3fc5bb43bdc1f63106461dbd8d86360adf056bf117164 8bfb231503853db2625275b7136b5a823dd5a94482514fce7f791c4daca2b21c7bde 756 K_confirmP = 0xb234d2e152a03168b76c6474d5322070 K_confirmV = 0x683d62024626fe0c5126ef4df58b88ee CMAC(K_confirmP, shareV) = 0x0dc514d262e37470eb43e058e0d615f4 CMAC(K_confirmV, shareP) = 0xde076589efcd5d96c2ea6061d96772d9 K_shared = 0x488a34663d6be5e02590bb8e9ad9ad3e0f580dec41e8b99ed4ae4b7 34da49287638cac4c9f17fe3c3ae18dda0d6d7f14c17e4640d5a2aaab959efa0cbea 4e546]]></artwork>]]></sourcecode> </section> <section anchor="acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>Thanks to <contact fullname="Ben Kaduk"/> and <contact fullname="Watson Ladd"/>, from whom this specification originally emanated.</t> </section> </back><!-- ##markdown-source: H4sIAFOqc2IAA+19+3cct7Hm7/grep1z1qRDMg2gH4DuencVWbZ1/NJaihLH m/XBk5z1cIZ3ZmiJsX3/9v0KQPf0DIeUKOfuyZ69ciLNoxsNFKq++qpQwJye nrLNbDMPj6oXzx9/8VT8/qQyi+rx9fllWGyCr+hDZqxdhZ8eVesr82MQV/Pr NfNLtzCXuM2vTNycWrM6dXF1frq95LRWzJsNLvn5k8cvn/7KHN6cL1c3j6rZ Ii4Zm12tHlWb1fV6I+pa14L9GG5eL1f+UfUMj14twub0E2qcsfXGLPwPZr5c oLWbsGZXs0fV95ulO6nWy9VmFeIar24u8wt07dJcXc0W539jzFxvLparR6w6 ZRX+zBbrR9XLs+qlubZhtUmf5XG8nF3ufLpcnT+qHl9dzQO6487SZ2s8Kmwe Vd8sQvnquVn9WP3Z3KSv3WyDwT25vkIbs8XypHpi5rO4XC1mptJtzZt81fJ6 sSEp/GkxIwm/2EAu62oZq8eXYTVzJl0VLs1sDvFscpf+u6HHnbnl5c5InpxV j8+qPy+XfjKSJxer2XqzvLoIq51vS5POvP7vF8GQfOxssz6DnBlbLFeXZjP7 KUBS1ctPPn+U7iia8cHLi1C9fD1bnH4yi3EWqs/DfH4JNXm+Wtp5uITG+CQP dH4zWy7WH2RpYTRhTXP9qHr6p2+/efLtd89fVphrdVK9Ws6vL0PV6K6lkX8Z 3OZ6FarFkkQxW1RPlpdX11CC6oWbhYULJ9WVOcdXXPSnvGlPqhdXKwwgrE5f hdXcnJ9Uf8S/s8VJ9VnASBZ5QrL60RPT26wL6zy2qjrNMvzkDPO0vtj98OlZ 9cVsvvn77qevzqoXF8vrK3yareX56eOFmd+sZ+tdgb0I7noFbYBk8tc0yGJg WTgbszonVbrYbK7Wj/7wh0Dj2ZzNjFudQfX+IGpR/0FyeXbl485YRH3PWKYd fPqE73bq6Xw+u9rMHDR09VOonqxurjbL85W5urg5IS1ceLPy6woKWz3FNJPg NztXVZ+t0PZJ9VNYnVXi8DjWwZ2nAeAFP/1J3Op/rRk7PT2tjIU1GQfde3kB +cBorwlyKh/WbjWzmOstIMHM1muCBgDT5gJXkaLBdL4IN9XTN+7CQBOqI7r8 uLpaLQEMyzlbXS8qGzavQ1hUm9dLKBCsMuTxeajmT9AfNI1eLPFifWFWaBEQ VL2ebS6giRWs6EeaNz9bu/lyTZfj4Wgn9+WMlQ5W6D6Mwexg5tgPdB+zv5jf 4K+QOnFTXeCjHxfL1/Pg0XE8YrfdJJDLgAn21PZ6dklQs1lW6QU95AQocnkF Y4P55f5C5fHIGWwKTcBuzmmqkmGiBZesKdmmmaMnYZjes33pv0bP0HN/7TCO 5fVmPfNjB589fflpavHZty8/PUmvVlDbsMaN63TFEqBC9j/cUZT0jD2/tgM4 5O+mzzRJfN9++oQMPz1o4cNVwF/48sW1vZyt16nVF4Bfc4kbMYtAiiQODGbh 8YwkFra1ssrebDuNGac+n2XNu5x5Pw+M/Y78TBpr6tfPv5tN3v76/6NeXsJ3 Y8izFeC4ul7fUs3KX6+Gx4U3wLjthIaxYdJf3Lkh95ObTU9ZhABwMVAZRy3h L2jO1XLhU4PLrD/bmz5c48rzGWFEeojZpCs2ScN3HzjpCkBwE4y/w6SGRxua gGIUpObJv5ShGRpPhCcJu8+/gs2GPLQ8qOtbgi+Cw1hfL6/nvtrcXEEfyN7w NFO5+SxZLtkNcG+d9J4GATg9Ya8vZmTje5LLDaXb4U3pwp3b8cEM/niVzHgi EJr4cdaLUcFK1/QACHK2SY+FaQNclpc00vVsnvzsMBMknNUSlkd4AgEnqJ5M 9o5sslyzcNDm7PyWTpByu5BBwnh0e21WN/QsuhVvd+UY8eTylDRhuG597XD/ Ol4n+ErzHfa07vPcf5ro8bFlqvFIs9iAQCyv17gfg7OYYF+Qs1qbeTKP4fmf gw7Q5H56vciDJuhdOIDPOhTprDdbSaQR3KSJWc+XrwEZr0lfN8b9uM5C2Soe wRY6BNuaqMv++AghdqS3oykw0qx504FeLsGewMZApmmOMWozNwtXjH5dQb3c BXq2+JCevwgROpDEfOeg14MqrEEqSQMm7mKrXOgAsd0bUjmYc3CzpPA/mfm1 Id8E5Vu7sDCr2ZI6EVbhfvDI3mpBqkUzxEiou0pThPiv1yTz3L/55hZQwVov qjjMn7mYgEKemTP2ZHgMbOnS3KTHQqepyzaQJGZk9SBvsGHq35vZJTG6zQU8 6zmpzXxJ34A+44kA5BVsOBAEzTYzc3Bsq/Cv15hzmsw4W+FRZus16PoIG1uu bvlkYgvoHE0AIrA5Zg6OOc8ewek8uZzx6jQJ8YYGkP1A9fPP/+nZ6Sdns9Um TmO0X39NqAO1oBml8AmUA/HHvpvIs2YBS6OrujDgj/cQmIkDShLftg0w2SoP TWmRU76jPAyCfxhhmjwvD3+G1tcB90I2aChB4FSkNjhzXYyZ/nWw7OyBt11N QLvjO9cMvhhmGyM6OUA5oXWIZH6vzWpliCkMF1Sb4C4WSX9Kt0p8dFZ9HWYJ 5ssUIfwaaAUjCrYOc0ADHmvWBWTW11stf/Lpt5/lWcrXkQwJsAOYPl6fVZ8v X4fkLDJIFDkhSF8XKhEKOWFbiLm6CmaVYq+ff0YA+OuvA3lMuAMzppAm5O/3 g59ffz2rnm0GprlHS1mipaf7tBSKS6pUJrp8QWCSRXRSFZyDuhcCTHfdw2Rf XlzjrlnmsDHMN9nZXU2oJ32T0Y9wigCOGM8e1v6EKDlhF6nD6xn1OkGDL137 /44z/676NgPXZer018ss/8w5EjFdUtz4wVd/evHyg5P8b/X1N+n1t0//x5+e ffv0E3r94vPHX345vshXMLz55k9flu/p1fbOJ9989dXTrz/JN+PTau+jrx5/ 90ESKfvgm+cvn33z9eMvP7ht6mSymGhLqrsJK8i+2NVA6BND+uOT54w3BJWQ qeBcQ//zG8X7Bm8I2/P8JY3NbyGsm2I51Ag0kjlzNduY+TrR6/UFUQECiCTG T6B4i9lmB/J+z9iXYVN9lkletgI0lYF5YGKjxlc5AXM6JGCOnnzy+TEZcUrD zAiZgYdQgKurJWDtswSc2fKu/udHFwXLrzLizyl0z0HjvzB8N5vPEy/GMIIv zy4uqaI+PqNvE2JiEFXIkSg6yz47qcLZ+dlJNqTljKROX6TRAn0jOpJjkTCk IFxKQaThnlV/JtpIqR9qgG0xYNDtAhrezyhDNb9JdwDUKIOU4DePZzSswWZY 6WOyrc9oQuwNHgKvD2BZPyLRXhJ0XixnRE5Hsk2pEwbuQBwYpIyselVN3gEA cQWUghDi0JBI5pWdnTPY2cwskuadw9lRP8j3v0EjRxjmabr6uJqHxTnAkprL MTzmGF355PMz9md684ZUA7hF7qx6Tq0cpck7rqbYur62BUUx2jNcN3WHrMhy Es/S9JQQ5jwndhKFXVav6bKEFhBpyAFDUeJffilTlSgJRbuLEaGKXPPszNHO HEqDoR29OJ7ObxlsEkW+JVEuzAyMZpzDbKOkMrPzi81pmjhQnw0C9yLUxfWl pUTUp7PkCk7S4xaz+baNdPvlFVQwPwfe4SycnVAPjnDhcfVxVWNMX3zyaVYg YNlpisALHRvpP/mRTYqNDSkl7LFEDScZVC4DerQJlMCm4Vzi9YoczNGzL746 Pknp7rELJOP0kOKKizi+JJDKn1eGuW3WDZpFl0Fcw5Vn7KvHT3KPv4JCIqyZ ph+ow0+WnqbgfLmCD77c6T/5cUBgapOg87K0MA4M3SjOLMXC1xt8eJYwiiKE DFO77Doz0ZWdgU2vBlmn8MGS8y5vJ6qfB3JGSd6J/TFS//QMgmz4CNF2ZEd4 1XJR0LgTEmh8xn7++cmMEtzr6xn0BqY4KDqCYgQbphg9pvakgrSy2KlxRneM 7p24X+IpUwqQ2XaKP6pMR88ySGesIRDcpm1OxsgsE8ZtTF7BPc7gF8glz/Kl 2QpIs9nMP9/eNfOvyl0nKRRJ1pNItp+dkzvZw7Y1xYsXNGdfkeZVj1PwCHlS AmtOSJmQas0wxJxOoJWBdXV0gcA1vTyhoa/Ky7Bxx6m7I8GnTqTMU0Hd5Hu8 2Rh2lP0CtP7N5njk2GPIvjPgrRe7SS2+JnacY+n5tSeHzHaoF/RnQT75CgpH SyzhjUnEj1RntxvFgc1yGL4md7cq4WhuqoQWa3I+A7t5jdljKfImX11dAFgA wXMw5fn2xtzlRThfUhRXUhYlFWayfNw1wDfx77Pq8SLJlw1dLRFPGuF6EgOa 7epImoszWlSCEDIAk6/O3ics1ternKZhOyGXOV8FdORqudgG5etwx/DXe5EJ dOenhPmgIwAVn7g0QGa5Xp9uiW/JWFQvprEKPQC3O8oElWlP0T0t06xTIEo9 cHDayaB2uBeRnt/RIlF+wDeYlJ9m4TXbSVAmY4L7WUxmLwFWWJOdztYXGbZy HrSgV4kt2EQtchPUB4I2dBUh9mUm7OjCjPpGmvfTMo/rZDeiReMs5cRo0obM EOF2aWM0uDy7BJRjroEymyFlqUriZoyqslHdziMmaxisgFjI9SKJm1zhBC7G lPEQKCf6OaQHoQEb4hRDBqCkaw5k5v4FYguAzJLYPJ1eUliMDwC8OaIO9sk2 xZuTFEmwJwNCEmQBh1IqN4dWBSjS38+HXvw04llJMUAw16sFKznfdREwoTQY 8u2GXp1Vf5zOD7m30T3uKkM26YnbCovkPgeB7SVZoB3rPC8QG60w0jNzPm47 crSMXrL7dOro55+pKcivyC7dSNdNKEQOWbe3wRuGq/XZMXu2mGDJyY7IRvHu P7MafHX58NUg7EkOeSvq6rCo39bo8zN29HWmarDBPBfTYbyCO/2OfOA6k/8t GpWGMLidmRuiwTGI3g23iVaDuKU4JNsodDbABSSIAtLM/DSZtg53joCU9zF1 JS2WrYxLaJxDMBvmy9f4/t/+7d/KgunkT3HEh/4MbpndvquqfhleHE0N6jh/ d/CG/3Ja3fHffz18w8FOVfc8YegRXAMCgUHKx/mGo7LkUWz1eP8JxYTvf8Lp nX/eYQxFn7bf7Xbp1fEdYrvzzz9YbAVhMrCsj/f6OJjA4V5OXo+2cu9D7x3W /kMxWwee8Pz+J9w7V8kYyEF/U9a7vp1oMWN3eK7SrYx2hQi8rhNCvOYp6fEa EfE2bzlpsqyCfPnxa/4/P3p+tr0tQfAQE9mU7b24tbh29XrL1LdOkhV+NTJy N7si8j+2PllG+jLngsiTFAcyNjhiL4HOerNc5fCTWrxnxYtyEEs3S953GkX8 VNh/ec1KYqso13bY4zrXOEib+doOQlo8mFLGCVXzzWxPZnkt0mxDstSbVVp+ /r4GkTjlfxs9Mdg9wsN5CbDpKr+8RKRg3Pzu9O6d+pBCleJ515nLpQarMffy VRru14OvmGQs2F7Ggh6xjVpTNj7ntzG4sZV1zlxkFv/zzynddB4W1Mdnl8SD Mf2UDUhMdNsagswl5fiHdhKfy4FxilpoMZ1Sg9V8eZ7oIOU/GK05JP4YTsfl 4qL01L2hMbqcgpGhU3uxaUoTGXfBSr5rWiqV3CnFF9tVg6HV8qCyVOtLtnG1 Xbk+YTntlqd/20Dmp+u04F4owlYQe1JLJrs3ZSkS32Ygp6Ih+V8vsljgbqcD GRbEt1mnwrgSA8iTltorlS0DbRuAbrSLM/ZpWnNOnjxl9Ikug3IsAoW5ZeXY mRVeUABCAf/yOs3IZYr6UzHbfPb3KXFg+zY2gEzJ8oqupVWMlNlfj2sqKQ2w Hhbusj7nBE401/NNgrRLfOyLDGJJFF4nnZ2MKJnPJH89CIFuKJm9nTtIzj8h st+WmJz+Ma3efBFu2CdbgjkuUR89/+MXn3x6PLHyCRzkRfks7u0StV1B7Kdp ZZ7l4A86C5zZfpwKA6j40oVhDpa2ZEaGddBB+pM8dcpCLzBVbBKmDAHUZbhc 0sStqifP/1S5G6DOulQ1EPKNNRPJw51fryhXc8ZeJEqPyfpvmKxe86asTz1e nS8XYubLN5rXHX2TjYSSS0WNkl4kEYEmPrZDdnASlp8OSksGF2ekedP5mozk 6OuTCpz96jjZSekZPfJIir5TJ+qEH+cR3dEA3TZ0PC0pwiZfFJ1rqKPTwUB3 ngI7INN5HHxRzsoN79KwxvT93irHNvtcFp/SMhWDC7ieA7ih8cuk55Q3sjND 2aDxaZdUTWDDJPdoKKFr8Cko+vwIeCCOro6Pq99XPzKqJT3JjufH6r9+XHXN GRgFnkZ6nSZ/zILj4dVVdQ7XtU7PpGYvqaRC/K/TH5N00rLhv2QwSVfg30U4 n8/OZ0Pqjgrehgdl87qcLWaX1/CoS8qYFRlts81bUSUKgBZF9RHI3f5IjqtU FrsLQtTZif8qaypDq6eUqkz5/5O75mcgAZQ/HYTYNXV6FhmDqnMKHGP5LD3L 5PtOpgzopGQLxwTbnVnEzS7csAncHMCnBBekl3OAw/pRpoav63X1yy/4dl19 nPtyRInzq9fH9DHo2C8HSSddM3QrXTn28b7rh56XO8a36AWeTl1JSkPE5+PU pfw2UdhnMWl5lsrNxEPtF41NR56EjoZOUmRctAS3polmEMbfw2o5Msht4xtQ klilYrKdlYpU1ZLWGpZuE4a091mFzlGi6a58b84+5O6eZMXMfCT3KDORrHzT PpUmt4nWYvx7nbrdIeD7PT1hJSc1Fo1tM7LVy5f7jHhb3JWDawolFimS2F2O yNa5zF8Nqb9tUcz1Yr2th9wmmah3Iy2fLkow4hnzsJcRTJnRkkxI+ZmXy8yc 9zJXxCfX1RtawyS+ML+B6xv4z8jHR6SCGLb8eSf0OZD7+vgvJ7leiYR2SWo1 2+znw0oO4k31X07HltlfoNNvPnoO8Hldf/RVVuo/XeUwI6VCIPC/7CWJ3EVw Pw5BFq6iMGBYkk2kIvFqOFuLcVzMrlLPjAU/TjnxvyREXY4ZnMla8KHVxJRB hFtal7r2X39l06xhYu7byUoRVpH0zVbS1T2SZg+R9KuPv6vuEnQJv27J77sd PfiN0vvuYdIrk36zM+nfYdJvhkn/Ok/6NnFWwtiRHP81DfhVjlhydPJ6sIBU HpbITo4YzoZi0DTSIsoC6n/FUy8+evPR0XfVaXrwMXuVPnrNp5+l3uxM6sF2 bj46+ku+56uhnZuPvtzefQmOPNsufJTykqGqoLoYFibADkHY51upJfK3yPMx VlI+nqd1mmVMZG5QxepiSesmhJCzeDteKViVFx5z42WiWQoms6MYoqShypCW Z3YStFSKRpEaLbl8/fGzvJKc35Wb2V5VRJr2XBRFa3FAQ1MWNtLCwzChQzHo bFHKUs02gN9D4M2SlRRCyTRP15rHhMP+Uhqlw5dpnelgNhSw/nHywU+GNT04 4PIa7hpv7nTo06/v8N/bS75K33y1/eDr9MHX2w+GpCTe5pd7X73afvVq+9Vf 06d/3X6QL5tc8bpOn7yus16WsQ3F8YcCAAfeu7wc4sdSo1CMbfBUyQOPq0eY yhTl0kpZ8KEAy6UpFRbbdU0qk7ukioYhuEyqQyuCg8NLCz25tmFQ3oMrlSdE YNa5nIsu2m+D7bYxGWhWlWExj7R6WIraX2WdLHoxR6uUUNJtaiM9LTPqSXAz n5WKOlxRMkVpx1vqrplvMjoNT08cZEvAID+qdilLDJiDDZjM2SGKZ1IMd5C9 VW9hb+zB7G1KudOieHk4eTr2rnwtffUOBI3Whsw0sZKLtva6MNTywVOQFO7g dCXoMPPX5oZYFltAz9NDz6pvaCHx9WwdRs9YCNlsDdf4p0KhaSvLi1wJkHG4 OiJ8vU7lhZR9vfvCtMo+jarHCu8soJSJokBXqQbx/PFZYT1bFjfWPW6VfmfV dmfxYKCC6+qLH8jyTtgXP+QvTvDJkDDPIdT4/lUq0xtrhlOX8rLeHqlJ5k0r c3lhjj1gYY5Kqna7bRbDpWMKEjx0Z4V/vT+qs+pxpOXKyfJY6d20RnTb4w/X B/u4Q4PSoMo64XaZ8NBtZ+y2NGhRL0tkUtyQcGN3+DD+2TzVkJn1SLfYhN8P xYYHHpvUauebnTEPFfU5ETfmn1KsVxZIUsQ7zDWtYxL1I1ROWdl/vTbztE/z nBJ9pWQ4p9Bem9Rs6m2ObpKK435/XaqR6YMn0879/LukPHvbcXaiqJNcezpJ YefI6HR3nZoysymSnf3rdX5YCXTAAjZDpc642LGz4krZZLj1bT1ZWqItyjSW t5fmsq2MhHyvdGGbPSnXEZshmQ1TvJte8bPzsN6U9MdQFEq5EcpyjPVdR1R4 9+Lzx5Q1GX3RVoYkwYnB7tnrrSWmPDAqvasGe99ZG0kjy70vlKcM5ePcmZcv j9nkaWAKE3D4mCrIqFbwZACV6oPphEMB1h8cj0Bz8PoEih5XflB49VD7X/pB tf9kdkOHbwtjrFAoea9NSlyHNy5cpUI+dl/FwchNbGbGZkXxvUlYsoP7456c M3ZrgWKovNjyg9SxItttHJJLYUo+bqsbKaW4P668lDPUrJe6JqpsHNPWRasy 82AT5nFWUXLu81TYt5fpmtZU7ivrfkqQvVVnq8M6S09/gqefPn76IidM2a3R DTLfJk9/HPbS/DiUiRVOhVbSLevZ38OwpsOF2vZgeNYpPj0rYSLkllZxSoUF nPp8eUMloZBg3vgwLMpdrcO1X5bIe2PO14crWtidNpcUcIscaer3V29Su9P7 2Xj3doNfjuTTUElltt5gmxAo5U0h0JLZar5NmYxtf0xDPJp69KF2YGK2O5e8 OhkqHrIBfkPrGbfKSMruFSpGOdklYMMS3VTT08bazXbPL9tNR21todrJI99q t1gWxZe4Lm3je/z08ScsGz6mYUHbU/dNLa2NXoOFwjlQiLzvgLclUGnjwXQ9 Ej5qZ3my7GYZ1ryG2r1xm/MO4x8XZco2psfTb9ls4ZMw1sNOhpNqt5A51Q2P S5GZil2Z2aqU6masmiDAutgjew6zO80lwaef48pTsv3yQVm0m3Zz2pFbCUfy 82lFK8WwOXefDOaa1odL3TGdNXKeKRE9r6wStqrTZeGJOjBuF6mbkhD77CSh xUkuPD4wnFXaJDlsY3gxy1tWQ6mBHhep2BAX7a0aHcrdp/VIWpaf2fzVuNfH xIhnsbQilHZV2BmRnZPJUsiYxyp5370U7xRzUxS2WKYRTZaT12P+Yqh/27Gq VCWQw7Tt2HHJ/PpyQUm/l6kWmw87dWfni1x8UUK36aymCDdluofYOfemJMJL evWX6rP9wpxUVE4vaMTpBY0hVc388mi/8qZ88OjAC7Sd1eWXQU2mRen0IFLN na+KxvxSTRR2R22qvVb3S90nrW6/utXq9qudVqVq/h36Orb6D+1rK/g/vNXg X9ORJqJtuf6HC6I03jTq30Ea76llU6JQvmsaLX+rmt3XbKJ6eeWQwKdwku0e HOBO2oxIZp73hg31DpRbSzUquXB83DuVK2km4HAyOWxhizzbRMp+IRDFFHDX aT217D6hxa3JDq7SS1P2u062c6VV3OJuxy8IjUqdSC0FPWEskWU5Vi+1OmZM 1LiBdlJt/xQh0w5Z2vE57P3dLZb5+efDe7WBbEQkyBGWFPxX1cesFkp1QUTd GxeaLrStNdr7XjSi7XUUWkvbNYF3IUrvjNWtib7RvZTSq2i4iIym4FHFz8SZ auozXtdNeybP+Fl/eLaqo6+OEcLQs9GEtb5zndSuE1r2tm681n2Uysm+r3ue Pvd9zRs81IjGNlEra/BcLWyjH/7sYWkiiQI4NBWFrGOsFUYY2mBjx1Vfq9oo 4RWeJYLouzZIK6LqG+36UOMqI7uukY2VnfSQD5Nd5K3kTS913TdeBKs6LqML wQnVyrG/6KMUZ/WZbN4qJOF64aIIaBEtGO64a4xXvDOdiJ63SjSx7epeaa5i I6MWwhnBW7zTrm2ktUy0Aq90LXjjojZGxhoytI3tutbx+gG92hEfAHdHk+oa DXeYPC65FdaIrq57zQN6qFRQXtTGKqVN7DGOhqu6c623XHnZe4UhKOaiCXVn lQiNwah93zQOSsC1bDthulYGwyPnOoRIH0HGwTtt8arXuhO+N+b2YNq3i7iu Xa+hXTq4mkP9at3ggUo3Unamla6teddbo1yrO6n6Tqm6bYR1XadDoxsrWibx dIzHttJHKxsdfew0b6lNaCXuVAY6pIKvGxdi3QojrcN1Xrdt3zqPJt6959Np mLqoyXTgOQQ1rgumtp2HhLx36EBnvVGtkdJ447SoI7eRq8Bt7TrPOwzXBefN YNY7DvAtcvTSRkt61zRRNrAmmG6NZ5jY1lJ1reHBS6G4d522svVedbBl1UZA EHTaPuCRBwQANzoZvu0E3KFUpu9bjAeKaJrQeA8zipgoEzT30sXaoX82KLwQ 0UBMMAlYCBdMNyK2Rouu6XiNiRRAnKbDwAKZetsAk1yvGuV1dBJqrerd7pNX f4u8ulo2rmvxyNBA102jbY2Iz8kgnXbONa1SQFvlohRNEDoCjBpT9wII4xpv GVA7oreR6zb4njemU1q0HCAWFewoCM+jwB0xQq2bDub4zn0cBPy76tnjrx9T jnJ7fsEa3V/mz8uZPrOxwjElOqvx9Lrd+xA5juv/2z1cv/XgiEwgAmj+JR40 LxUCVD2Y3WZZND5UFVJSLGzYGr0thN4JO1M5YenF82+/pnXZp0Nx8m4CwuTE w5C6SaniEm3vVwQ8qqKZzdNevSXLp+DMaevPOq3Gzv5e1uLy/pWwu/KcVwDm dCYNKMK47+7xYkzqsNSFVHCwm6SbxVT4Nna7pFQS/RiCOVO6OVS+vq06ofpq d5k+73ScNvyqzAKbLN2nQOwm7VPfWWMbVsCfpTMS6BgS3D7s/s9f0QNYWvHf 689Z0ric1KAa7jsn/bZkWFo4We6JZ+j+ttr7FR2D8HH17Kz6dJw/2u2+XqYK 12FShh6xg5UIsJHHbjyPJtdMQ43N4sdUcP1HaP0Xxl//mHr+Z7NZo2tfGu9P spoNpdW3KqXBbM9n5WCTS7MwefGTzqyzeDA9dtxM+SmV8f78Oyq9upXCGU+q S5UPdGEJ5/dzIScl8CejmayfrFP64ZIOhNxQrW6ploGKUyHPvTY55vMpx0K5 yZPq6xP2HFOZ0yEXJTeflz+GgpBbS8vjzlFK0SSAyK8/pEXMC/PTbLkazmvK B6e8Xk6zLPniZ1SQkdao09tPZ4sZpWaS9PNJPuMJINOKCHRu0gCVD6RjNP/w h+FQ0mHcYx6Tvt6t6MIHe0Vd+GQV0r68ozcn1V/gQ7bPyT3Dk07SHhp8/11+ 5owSLpsfZosfBn08Kt9Qc4b25H4wWySQyUX/H7C9rpZ8YQ5P6LsDBUD49FAN 0LTL351Ufz2pXh2Pe4a2G+Nocl6Na46Hp8dUpWZvmKOT8ZbdWZmt75mU3VuS uL4kUd4lqr88TFQjwuzM683+vO7Vbb2bvHcKpUZ5U63UVMq7In65XTV8srXN kv2fLPePi/25Qm4z7MeMk9Prxiz9FDG3y5InQ/9fTj4aNxLcPSO37hqqiLYV CSc7Zck5DT9k7LNS4UnFxN5Si1S9tRypeqeKpOpAUVJ1oC6purc0qbq3Oqk6 UKBUHahRqu4qU9pfbp6qwG/QADYkadel4XHq8bQX42fvPveT22gpNc3j7QXW 9OFvW2NNTbzjMuvWpqbLRNP1oKGpUdijY/32ekH7iOkkxoPFysMBf7fcYCJE 8+Xyx0kpPe3JphW/l6VSNe8Kyewkr6pdgMhcmLLLnKop8iGkvnAYvGNmrC8Z 6ipAUkuwlLXgbWaXPUuenOx+qKR/x8cl+yu9BHIOSFf6epQ+yAA13nrIbY1m /GBo+MtJ9d0EENLz3jZ7x9sH7ekh3R7eXKVD9H64Z10wj3Rywc6Ai1NJi8g/ DKTmB9pOcHSr8ZPt9uA73M6hApfshe5Z2/xud2bG3cBsR8mLMrNBnO+iEF/m fv7l1iwPzh5f3OVyd/r0zzXrb53sfVm+yrLcn9C7J2Nywftqy/NRW54/XFv2 Z71E+o/HzPhYK/I8ZQc+22YHfv7dmCa/N2jYOzuKTjgcFvyHYDtXIZUKhN0t vpvh6Nf9nbBlqXZsnY01Cge35ebdrrSYu6aFzWuoYD65KRULjFuNWenF7Q3G u4HuyeQA2mmNOBuPlhga2u5xrV6kfQ+38xa5Fmesh2HDISDLcv7gZMtoSd3n Iph0SNyOnJJjPaFD1/LBt9duM56MxrYLH/nOb559MqxNpBWaRtXoy1EuSHj8 4smzZyzfeVyVsiJaNT1hu0cep3rhfGrNoKcnaUDj2vgH0zwmuzMT9kFWs9OW i7OqbJ4tR7qt0ykkaR2Hkhzl1yBoIux8SeHkZKN/6lRe0Sph4ngCgNmwUraT SvSmGliG8WZTSTGcH1dOsKMi59QddpUOeSk5LjrMrphGmo3taaSJsJ9spVPE f7n0uUDRXFGOZzVL58mmg0YmRwlOanwm9UYmJzoWuQB/2H3Axh0C6+18Zy4x OVCPOACdwrW4GaRl8hrWkKcDhd5QuR/VMQ6lM/m4nnR9OZoWdKUcK1T2KNBG 4NXkBLYUrU9HMitH7eSDj0qV8vBQtrNQh7uflSUtk8/H+nMAptP5AOt1WUdL ar0pZ6zuPX0o4JscfjiuGpYs3t6CHTsa0EpAO8tO2bxEd5y3Xg1n+sKiCgLQ EXTjHpAkHxrtUDtIR5XjilRzna+HoPIW57JYt0pn4WdxlC1YKac0bZOlNhOY pn1I9ZtakPnhX1kduXkwe0cqrWdvcklkruvcbLbnDtF2mAv68pgONDQ/jd+U rqY1y4TIw4mO0+m7V6NS9U1Wp7y7le6eLmsOi59mcpYA1N7Bv+YzNskHnO1l 7VMrbZ9PaMwnD1yMM2vWm1PqeUpxobW+7HcdEpPDfBTBUb18Vt24tzSS2pNi +hQYN2U7BxOFOlLHUqH1XQOjhx4NNxyP7WSVn2ycZuPxJXsnim61f0hmnlFV TEL88f58cUqNkiyzO9+5acQZNihYVr6jq+OsY5NO3rbO4VDGalLCn7xxjkzm k4lOIdy26DNVry/C67t0hk1O3h82r0y1ZthjVDQil1nnm5PFsj1QLBtPBuQs pn4yoEs53jnVWWeEGUsBymbqnYJt8KtZ3rdTZJrd0lCqlCXJkiRPpnjPcgH6 cNcEgCOd73V2q4ThZnNBPm4xu7oKo9sbmJEFiS1EAZhDh9CWn43YOwh2/K2W cpjo2DxNe9KVaHLF19OJnifGdrbeeDqr++g4FVI+HW1t/1sgwOMrqqAFnjzO cDjq/KNtqJ534oB90lweke8+qRaJd1IqnN7jZXL/1GI6NuZoUXgpXUG3zWf2 DPQLHvro4vgsF80m2lvY6EVOaNrZ+eQhyUfhn7+nxigjcHp0uv47JcykoJvp 2kD7y78/1MfZ8X6vhgbpn+r3GMTftj2wH3549r8hoKPc6PH3j9Z//1vuFbBn ufghT9pmdRTST5ehmdQtqFX+oPr44+rDKeh8mEVQ2qd0XpgfvBpTs3ft949O +d+q32dacvT9+nt6+5/hEVT9t+PU0Drs3FEuPFp/X9OFnI57En+jAwnW3/NH ZRxQxTyKIqBhIMGlkewJCzE5r+t6mEhoPwS9O0Gzk5R7Cu4sk5Sj4+N8uNUg K9xxh/CovXwt/ZhZiWGucD0a8yE1NtwznJcF2V1V/yldQUj/A1li1nF8/lF1 dTanMuv974e2R1ENzaL7+XfNciH80/QPbG3sDKxzCI5eUo33q0BrV7SOSYVB P+V3+4HQeOjLcLAJXVuVi5OIS1bojB092a3aTCdi5j1rW1KZ79k962o80mf4 CZCz47y7tZQlrcJIGrcBwM6B1AMhSQcaD79jAr7R5M1kLG+kO9nf2pTJ0t1n AIyreKVuiu30dgywxkra4TTNkhdk35dw/2P7YZHS6a3S3eH1pLZuOjvsw7+x 74f+oZ38szn5w6Gf+Dj/HA4+TgdE1G+spSoI66J0jYqdcLXyVjSya4UJbesl /lJd3croTN/zWmjdRCGN122jGbcyHy1Rv+mDbtooG9+rXrVWGRli0/jax9Zw o3vfWWmbrm5qbWTTojUla6l60zeWMyAz+zK1UzfB9k57K702OlgelfHGKm7b XjeORy5NkEGINkQbNA+mUX0jWtU2ro/M1XWsaxuDd9bXGkOpa94I39SGo+N1 14QouY/G6FpazT2PJpi+1tIr2equC9GzN6knngspnAqqw5e1kJ3Sfed43wRR K6VabhXEhBH21NEQ0IjrTN0aEY1vmdSsHAxYhhUleoS7Yq+MELIJDsLhusd7 oequjkGrtmtriYFay3sp6ecdWSMcb13tuA9c9L3oY8OVpa4aPCd6zITpQtPS WDBBLeQsJSSmIVpNdUQySNZw3Mhu8kxxfIPnK8MVRtJy9Ft5qTnmyDXSt5Ca aDzG0kfXxLpREoKIpmt55xXDlJfjCPO4XB0hBVN7zrXoLebbt13tOh24772W GiKxdVBKaK4UntFr6JJnkHqreB1t6xyHOjS6waTroESMIrZ1BxWEAvYdJBFq rVVnoD+YatdrZbTpVCMZ1c6ptKueumJtdKH3vo8QlOI0LKoJaxoTba+7pq/b ttPoIhfRamGMpJIm3UDnWwZhc1O7NnIvIejYdopL20rZRx2a0PVBONNJySG+ JlrftjAF6lPfyBaC4wozPgilVRZ9cJ11pubcaRcwDxCCVg1mpYcFYOJ1b7Xs OqFNa7TsHYaNayFh3fLGKmE1FM8o03Sh68jqPCyj5lBt1UOBW1l7W3MnQmjq VsjackVlhLyzncob1Os3UtU7f1rZ1g1ab1ophBUe6iZkKzu8gkY0fHiH17Zh TXPoC48G5N7nddt0bS8xPdDAru3wqovQOVmzbrcHneygHLgk9E29910Pg8JN Hf3d8MkXjP5qfmPRJottjBIMpZOhkQ4Y0oQaqtnh41oYmHrregtdw+Q4gFio nWmbHjONm4PwApLLPdn+ad6rmJNNqjlrmERtTGdhzTDjulbQso7UDh1VrkNz 1kuqmlK1crCtBvdYHjoGEXoLKfJ6r08PgBo2xZr3hRo2xZoENbf79FaYYIdx 4mEwwQ7jRIKJ2326Ay/YOwHGW/CCvRNg3O7TDnKwB0LHQeRgD4QOsdelRBHY +3IEogjjwmb9pnEtZtyhww4S7ThEyq3XjWwa6CqvFdW1OihJS5WIVHPYd9F2 TjDTSCiznm63owZVz8EHYm971TQt1A+XRSsULKmB8xcSfp47qb2qjRMy2BbI wGxoje+8bZVhO2uq9RsHG5OuB9Mw0JuugRBhppCXsoFDZpBhVFLRDxND/jUh H2yxgV2DesBia/b5HRvtUvNadA6WQjBstW2ofFajIU8lshbykphpeGQW4Wuh LsJ5Klp1QFPoZt/Ci39+xya93Hzf9NbBbSvYeOwkwp8QWmmctjWYWecJb1p4 u6YPHSwI34uAZjUkj4mE45isFsOTQb8VJMIB9A2mtG0iKBDki3trDg9goE8K Ggjzh66prus8gIPZ6DWPMvT3ctuWi9PJ9onT6eaOfwC3hZq1guAVWmFVwj4Q QGgT3nUggJgGYZ2GFsPkgJZWR9DIDqrtlWMY9sBtG0FgoEMn4DVhN96J3otA nAnmYTCXVP8LddZdjycAFsjSSKy+JiAQI7eVhniXb/rWC9iZbzofMSuRBysC B8q3nYdFeBNjbAUUpYfyAc0DvC4LgJzeQdswlzB/Ad8LYOaxNrEBu23xYIwJ w6udJd8HUxaYOWfxTFmDy7WcF24LxQcSKRl53zpuBIzOdobj/wI0WMioAJ02 RAdYgZ8E1W5UAFrwiKcbJuQutwUwCeVgAn3sINu2N4gAgnUWI7NedB0wP/CW QLRv2lQF76DcDBeKCAYBO2hrmF3nQEdaB2wKDgAO5AXSKN+bKCMMwsEnewsz AfRIdLwTcNYU4TemcFtDyol5BmvlmG/ftCJAKIgKnIQ9N6Zto4EqRK0c7A2+ zEi4X/gHjYtBk3e5bYPLhA6y94BvYEdEd8BOeq2hBBreywZpYgs/2Rkna9Fa CTZSMyA78WbYhAMnsfB16Htw1knfO4VoAjZOuxkaU9fGEyoZLgHriHt0B9kB Q3sGMGv9yG2N4gFQGYCLCtwlKPLulvAcOtLgISAwnZFaY8b6DrTPgNAYJeCN HYO8W0AtGD5mFACp8BQPZQbCWqgZxBQc/CXubmjiuQbYuxggN9Fxh/4DT0du 60MNBxJ15yA/YwFQ3HF8hmEYzHenHeGZaw3xOS2dis57DyPzGA4MxYJ2gpUh 7PMC/QF4Ayu6oCESq72TgLkOlgFCVStIRmrbtfC4qoXNWdsY897ctpUwmUPc dvvFLrfNn/8Ht/0n4rYPgBo2xZr3hRo2xZoENbf79FaYYIdx4mEwwQ7jRIKJ A3I6jBfsnQDjLXjB3gkwbvdpBznYA6HjIHKwB0LHPrdNFIG9L0cgijDhtiBn HWgSng6+YEhpOMyxEaYRvDPKawGZeBFB6AX3HmoOwtjUVjCF2ICDFxoHFUJ8 E4FfsAZis4bsou5IFxooaeABVFY6PL9TMTa0O6dV3vGGCaX2yXGdLNH3lgbV O2E0fF3XQ3/AEEE5EVFB02LwOgLQXIsozQRQfWE5ogfMawtSoyAZgbCqh7lQ /k5BA4JBhGQpY0SbjXjLNWSnEVI2AVqkbWQ0gapX++yadrLVUvkga4yMA3Oh 5h3xKcJpPLLTEJMOwCnEKQBiWEPLtKFuWAzXoK+wR8WVAOHp+wgODytFxAkh Qdcp9IDMZANHDypqyezy9jaGsAfRC7+fntPMdikGiQqmGjUa8zWFdbAQKKlF d2HFzEqEyLAqxJ5QOIQ0ArPeIA4EOCGa6Q3QOoA711ASKHRQBgzMmNp0Plhl ELNyyZrOwkwtoAsa1lrEYU109/N7xEW8x1UC0ZKWbQBxRxDeCjTU94HDVxjg I2eYyL7Dq5zdRDwjvIQERdeDBJrWxVqBGALCEQfAbiHvIB05Yt00oad9kqpl nYLELMC1RpTVAf5jU+vdAIFTrN61wCOwUwBsEw30WPQ1wpa2p1wsB9AgMkSY KWBV0kExQG58rU1jdGz69CiEzp5LB9OCqA3ljAFxoSUfw+GJFXk9yU2D+DiC gIIZAwUZuLhWhyMMqZr/C9lz8HFDeGcRFoYeEAMVtEEjdCMlCXUgBgHrqGsK Qy08f0THJYJj+E8mEI86gT9K0Q433yIG9rWB3zSgEIj7vRgiEI7ZxbR2gIsA Z4F4FnbXASFBMqzgmmMeQG8d2SBIOsy6tWiQkyYHBsVvKe2jO6i1iYAphGsa JsTJXjTcbBwjFHzr4cTAhDrEp8EiYK8F/CNAV/cK9i4Q66Fr0hB7Vh3ig554 Ne16RFQZBIIhCdMPrXc6ACeaGE0L2i+dQcvQpdC7QJtEcQusW1iFIAgWG0Jn GrhSVnuvIEOLIKeOHeBNkO/y9HSP2aeke8cD5KWscKQQMW0uFaFVvfTwTjnE EcQHbPAGLgWBLoZiapAYL+F1TNBoqYPCyY7oiHKwHQVzji06YRplQYXIOWEK 4f86ghbl8TkGpyKnHa39XgikI9gROmIwup6CkBaPMYg1fI2QAxQSIR2UWsND tBZQ0XLAOSWs2p6DsQWEeT00pvadh7NBrAbBgMSB5GiKCMEWIEnYO/gtdKcl mSGO9B1ixZY5U8N4A+RM+SARMPDONsDT1tMOSAliw6MOiL7qtuZSw+QgTgXP S0kFSo4Bd2KJoax1BpwRg4HogodF99JyxIrAEfJiUDvVwSAl9UcrQKzGvMPx ImyPnCGi7GOdmIMC58IT0Dj8FzGCNvGj3RgLzBYkIIKKAF9dQ//jkAmEAteG 6DpQCohSF6IP0K6G8xowrxgcIfwSFIUSKaDkmE84Lsp+NBJ9gItF2IqgD+yi JgBTJAaNSBaMnkODMe2OURuQaU9ZDrh2eFogIzSSkp/wGXBN0BHglqaMqNAI 7CE69IpyeVIoUGER2DZIA9YruImWUBXT2yCuxlQ5biEAQflCCi96+EfwPdp4 L2i1jFaw6igZ8Tj4iBqi8rABsBBgSgRPtD0YPJiPakL0lGftwMKNhR5pkE7M OeISeGSwEsswQQgItKYd7hwIYVoIs1Od5w4iBoYocvhRRHCBHjqNJixpGdDK wFv2Y5THXdqOKxU6ampYhXaR96BLgbQPrx1gz3WRdtl6H/GsIMAPewGPyUQL NYm9p23VmFF4PdyKqAMeAv/J1rSRUpY97eaXqm1kE0DQQOQACtw2PCCWYQ5W rWWAGtGcIbxDPARjhZAMNcYR5bV5QFB9bih+A3y1vidGoYJ4QJgI5w6e9k+3 BNLdDhN/42ENDG70/sMaNJmOaxF19uDeoIpwwYBp2LPg5AlqUzMOuodGQZDB yAADaAlgRDYMth5aLWsN9+5d14PuOYRfGr0ArIEIeV8GNYk1m/c+64ENhz28 5awHUuMeegKYgsXWwAfwXt5L3iKcZD1JCq4BbgHuBYICM4owNqg3HCjFoYLH 2NJahQFjB12GkgVSSQouewlW1LFbwc57OARGHuG3OgRGHuG3OgRGHiF2twf1 ELBmW7R+f7BmW7R+f7BmW7T2twf1jqjNDsL2A1GbHYTtB6I2uwXbtwf1Vvxm 9wD4O+M3uwfA3xm/2R0ALvfGdC/bZm+j2+/CtifBPMwS4YsCyLah9rEPGoJG GwLeG0F4QNAJLHNAhgamzQn5676uHTyGo+A27sfiAnExxscRKjWhBRx6UCxV gz7XwsFzAPq4MT1iIt4EByWH5feMVh4NfIzu3H4oDQ4KDAm8c3SwTNMChMHZ AZAAGah7A4O2Kgqqf5HwAWgR/oJJmIHWsDW/H2nuRcK9oeg2QJMBITwC7H3v LWWHBOL26CwtVXbw9ZZDfRwIO1QeoIOoGDS9N/ZtgazidScQVnqgCVAJ2IIZ cZ4jdoRgYocetgqsCLYMBaPsHC5vOC3twibMbhyq4bdUUIiKoEm0tq10pwDB CKs7iwgXgYlUInTB2uAMJ7UVpiMH4hFDOG7uDSP/nReqgMYNVFLDiSuFuApe pxfgGNabSOfv6BqxlOTA3BrzGxHKISSqtcYYOs8MF5BVzT1C59DUCMAcHXQj YYK1qBsK84cwUsgejgUe3ZHPNB2xcYcwW0nYQ4eGoY8KaN2pmmxF9q2neAjI CDkxhJ+I4IF2NSCs7wnIFK0tRW2lRNAPtR/DSA2/B6iOgCgCOFAT62LPreRe Ww724mGvDu6n1rIzAfgStK4pT9kHFmDgAC1JyWXfAic0MFpqeIQIPJOwEOko hQy4t0BnU1NtAYbcGKCdsNr5ukEjGCGdtAQwDq6NwCYN3mJgSl1XS7j8xgJj KWUZ+pRvMOQLwL/gK0NrSxjZIjRt4YF7yABSgpsCRxKgCUr7qGnhG4FN4nQe XiAA+iAbXXddhOuPrKm1hSMHF5GeyJEB1eIWSEHFV72XvtkNI0UkNUXQ2QGF nTaAT08IA3RqXeODAFJyaQ2sgLwHDBuOBTFvBxcKi+0D1VYY1WPK4LRq31Om u8EgVVptNo6SUj2m3sAVIlCTgCSMRhnExayFGnYOpBI2gc5reCfFhY+QLLAu Injv4L4BA8Sl0KtIJNYgUO9CsJyKIlpMXgkjnaKYvrW1wsRbKCl4l6LMKJDK YNqAl1G18KUdHdYDmiwoXxEhKYrBmQa89RRvBocBwDOTg20doB3+jCsQh90w 0vcCkgkBIoHjaGEiTUpnImCH9HCPlDWcOA2xhYeAy/fwtYFpABncoeUtXvWw Oy6ksQa6Sr10INU1JtkpYESDsaguKNxAZxeBM1jyyY1lQvNo8J+Dc0Z7PHHW AMyVwnpQ8D4ClijJDq8mFOWqibCJVBECYwVMIYgXYxgpne3gioGx8CoOHCPV aSAsb6MF+4K6R9yLO6FV0DVJFTMNGCKMSjMyFFpLFhLXUgpdwSMj9o7BEs+y oDJ1AGdAOG8hgramVE2A0nNyYa01PiomQGmE8h2VViK2gM+wAjxRpQmBdwJc wJ6hRryBSTXQEl0HD2MCebAw3TGMBInB3HAF4g420YFpGOg0+FlH+aMa3h4x PVTSRACB650EKwZb1iAgNdNCAb8QBsFSQAqaDuqIgKcNCC+oz1SSAv4tAVDQ IU3ZG5ipAtxrYXouG4iX1YguKIiDR+yplgKRAOYIptVKWvi0VOwIVZSc1qYg DeptA2gCSxewnYdU0u2Gkf80q43/EUb+PxxGvodDYOQRfqtDYOQRfqtDYOQR wu3g5EFgzbZo/f5gzbZo/f5gzbZoLW4P6h1Rmx2E7QeiNjsI2w9EbXYLtm8P 6q34ze4B8HfGb3YPgL8zfrM7AHw/jLyXbbO30e13YdvTNeGeG2CSNtQUYn9Y HtgLUENCZKoh6ICFaQ3TsprqRY2CCYCZsw4TS+WcNRgmDM2RvcFEEL64VlP9 KLVgm1oi4BMU6FrNe+AXgjA4i552ANQMdHQ/DoVEQJ6pdAnSt8BleAKE7LFH iNfjwx7PUYjhvPU9rbpiSoRkFlACA0R8LmlVsw4dZgOEF9ADPet0S5MG/o64 HcgPdYTT4h4CBAghOgR3i4GB+tKmg/1AVvgUCQigIsh+Zw0t+rcasVoXDG2x QBwBg/QWM4mu6t6CWTLovFUUllMpBwI+kHkOK+WYOotB0Dhc68ipkk1AUH2P 0Ft1ntY3MSsCpoce4Vr5ljXhnlQArpJ6ExoNDeRdpLJKqLeC/9LAb80l6xoe aR2shaVTsTAiHwOlhz63mCDdAgwwXUChjipeAwJV6Fnreo9IBTEJseSOXBGH QwXB7W0EOhHQv6XmU8EmBZWQYu61c8EbGB0nzQW8RyECxA8HzFRASBXhiG2g tBNQJpBAoT4a/kcDvCJhOcI1YDkttlmPmUAkR4eHRlpzFhZBIMJxBUFyDDnS qZze2d1YXEJPaoRUCmCGUElT5UuHljnVpVPNdk0lItClplUAOAU+TubP4LC8 8XDQDUfvYDAyrd4BbolXcZAlMgx0QuoOsQPeAWEwIB+Uwk0ASk8JKQ1CfjCY bwX/vxDMI6J1vbZgBh2hWQeOFOEDKL0GffSmD5GYEqfaGYkZ4NB7AFjLg+ok i12N8QYrKRMIzQxgS22Ao2spyQVe0xpta4qpheQkXQqeI+ZLB6AqOAGmhGrB hoi/Rgeoqh/RcnRULIN+aUBeTVlUyArQZ9FjgJswnhZKEcSRnsKiEUtEEDLo DnyxofyepLwmyIuBpwVM0dGyFrEaqFrTeQohiT1y4n3GdJ3XGClVjks5pgVq KnzuBWVMoYo6AEkknBCt37a0rN0CkiGPAD/miLvWngqwdVQAJga2CwraUkrO AuV6KiwIPdQeRgmVE1Ta1fXAKfAV66SAisGVwzM1UCx45dqGjvmeeiEM13TQ rO3gADuE4baBLFsi2hSk1xAWJ5SE6SBEofVt+DeqbJc6dhE+zwQq86kdnB2m 11ugqIYix5pKOQQmorZ1S3/ZWnfkcQT5Rrhm2xgy9XaoxIU/AiEE9+QteXCH CBixBTg/l7IJJAUAOeBdoxGq+Icfh9umQkCqFmOQDlBV09wHggGYB2VpqRIZ FBg8CRZGK7Fk+0aDk1LNB/gtCC68uYBKSEoe7CYhatosB98UPIhsC6VoYaUd OAncAdUg6lAD3DC/oo9UmgO4Aec3DE6Fd0TVbRR4fidAfSLIIDANpKWxvZGU YQe7pipxZ8DLaN8FfAOeqOFSDS2Io9UAhoZQH285HDEsRvfoCG1EA4ExEjwX GBQ6qtTCuFyHwMtSBKK0rwHyEaEFDQKeIUL9laEGFXdwCkaALcZIWSjAQY1m EfhFPLGFU2ipYkxHC2pIS6Gmg7st2YyaKrOBW62AYwNNxKAdLYdohEQ9NFCB 1EfaxxAspXXaHnwTz0KgA3qiaVAN9EI5KmmxoARB0W5GeEPfUdbLG/xfd56W EGg13ZB9QnOgDgEs3EDLG6a73ZRHzU3SS2IePQYKr9ZDdcAWqCYCjfEIjQNl D7QtAz7GIoADxQFrp+qa3qsaYRqgyEGVg268rB3oYMrIIO6jFRD4V8S1vaFq SPh1FQDNRrSaM4Hosw20DaKGNQOfgNMtbkAwg8nlADeEhp3W6B0kBhWwtAkG XAgdDbAV+pLVlBQE9iHCqU1va3iggMgPNterHmyaw5cKbnRDXBbyBI0CAegE VeEZeFKInyo1aI/JX0ehBFlzgAQ4G7ll09JR6zA/cMOGoMY7BWIXEIzVQVEg 2lq4OAvr9qyn7BTIYIi4lxYitKH0Xh/hl4zG/yyH/nV4vAE4R0OeS1FVHHg8 MAT0EFwWHXUAEDqqHRoDX2uD9akMtwP30/CxMF1QcNnSflmtKEIFlGC4YLUS kROoO7hsX0vtgf/AMoPYrumhswhaiJTC3uCmWytADUyL2YFV5dUSIAawG7gk pNvuRsTYEFgJ2j5FK3WSKsRALn2HSI7KHKGMCMnAOgCZUBaKKTtEGwhn+8C6 wB25Grh/aCHomaSVikh8C7ADCgxPTY64BXtHpKYQNTo4gZbWpDBEByqPUD+i xboj3ZRtQDQOOwUVolQB+BjMD1YHhREOTJ73ECpxS6HAF0USCmzXsB6OAKAV Um8gEaipp8hNYXzQ9wYe0zcEemB4PR1vjiluEXZbWgMDb6Na3wdkc/AKvumf Lpuj2tvZnN/2EwSMUrS/9ScIGJymBeRQ5SsoBM2+0kAVC1TDzQHxOSJXXAhy gEABXQG1iFAlC22ADVHpbWT04wPAfA2KzT0tRQAOwD+4B+oDuy058QZ6hnjZ Y0C9r6n6k1bXQQGIekA6+1Xs7/UzB2zndw7e82cO2OR3DuA7gFshdC39OIDq aTs1WAzoP1CM6pIRtcPj92RWCF89omYIs+9qBsH16Rx8eMgWIQUIkqCj8yHF hpa/LcIt8F/akkdL5riFtrljwDIGiuAMHACQFs5ANjvKU6Tzzr6eTZ39+/p6 NnX27+vr2dTZv6+vZ1Nnn3z9Aem8zcWywz72YS6WHfaxD3Ox7LCPfZiLZYd9 bHKxh6Rz0Neyd3K2b/G17J2c7Vt8LXsnZ/sWX8veydkeks7E67IHut2DXpc9 0O0e9LrsgW73oNdlD3S7zf7GCwqS2ftGydMgmb1vlExB8iRRFyEm00tEVm1H HtMBv6UsJUqwAwWHheAW4AYVAdZw2hAcASXwFB1t2paRfmyFdstqYE6knZSA jAi2rymHCmfRUxN1WvOmFRhpMa1EDJq6Z0Da/USdQZQGbQe2eGC5hTXRZiyj WwABIREchzNQZgS4knoA3EG0TUW48Db4FijQIGiE7HEXgk4oq7PWExJFKmKG s9G0x4ay/gT+Du6GVmF7zyB/6J3dT9TVcOdUfwZol1JzSnZKCE3BJiitQxl/ xMcKvsR0rtaGVrg9o9BWOdgU+T/oc2MidNMh2q0B3gQ0KhpKLsZgqfysw1eW qstqRamflgJpBjIQaSPVvYk64HTrwCuhxWRTsqOdCZhPIkToAtViwXwMUwFY FaiSwQCBgSW80XWtAm1n7yk1S1sxgEZwv5x2W8B0gMWWMnNBm8Z2EABr0M/Q arAG6GVTQ3qI2O9P1NHOUwMHEaUB/cQNnhLHhGRQgwCxUb5aeAYtboKjXw2K hJk9WC5xiEC/NETJTgGKQHlELYR2uol9DUNvLHQeAqMzd8gugF+YhgYjBAMj xFTc+N1EnefoNYwztEAH46yGThvMgVC03Q9ICt4VRRNhhT1CqB5cToKDMQdm DLVCKNHjKXCzpqc0iKC9c7ZNe/uo5KKBZBXpfU2JhkD74ZwEbNVoBJOgMLQH HX2083N6k0wdW79fpk4bk3bngVVAD11wDS3YkJzod4kUCBo6i5idqtc7SDLA hdIinTEN4iJ4lSHJBvUH7kEXguMBTIzTCRbCerI0DJZSR8oQBaQjInqlIjn1 xlLpXauYAz37cqxioHUNTC8tcVKiDtGGQEQgLXh55Jb2e2l4kRjgOIH80gEa 4VOAaoIFghrfaqrPoc3edMQECAlCAEm7pKjamlJ/ZO1NDzrWWioGg3LUhPQS jle2JSulPdyxpK1C9BtSvQeV7Exs8QcsC64HntkbsJYoLO2jAEem5cHQRA93 JpnhuwkljFkg7IAGwXrAwYEuYKrgfLT/h3gvZahsyux5Wi0KznjXKwZ1pNIe C+vkEbwNIAKP1dEmIuFpBx03jSFK3nf0I1dUZkJ7/BTsSNChEeAADQM3g+vM aRwoIJwkwrMOBk372RTCCCcE2RW4Nac9k5IorgdrtpoOlfC0OiRoQ75kw+8V b88+ajXFRiAPjiidssp1oCHQH1r5pFWrHtbqEc4E4K1u6TSTrmOWNq86ouje cAcECLSLsqeqStt66CEUqnUAwbYGC3KRhgrMVvDv0dABISA5DIML7Zj3ABmE E+4N5r+GckFwqolUZCQoEw/U0l1AREOnmdSgzoL2NnZU2kX73sEABVW/gi1g EkAJAXSSTvwIICbRSQSS0mCGG0cFO8FFSlJq2XCMK1k0JLY9+whTisjREHME pzEcIVxN1bgYBh1hgVAQ4ErFBuD7tEU5BPhoOBQQQtZJGIpzpF4YLDQWtK/t wf3xEMQYBsFZx3vrMYsgMzLtjwXnAZD2EpRHUgXrGOPrt8b4Dzz7SA4xPv6m ujRPMT6kc1eUz+R+JP8eO8RLPPvbdogzLn77DvHb1QnvsUOc7fyW5XvuEGeh u3OH+DuDDdtFm/cDG7aLNglsDp1+dC9QsLuQ4iFAwe5CigQUt/t0EDHYO0LG vYjB3hEyDpx+tMUO9mDwOIAd7MHgsR+ogCSw92cJRBKmReVgQiBlFiSYFhQQ N0uEo7Xk9NOMoaYqWQGBgb4hUiVPFFJ9RgdPKGg/hrh1+lHbg+5BS2CuHULE lE9riMUBrEAGby21w6b6FvJCaJM2bkAiwAQ6yQSkpOnYk/v4NWL72lKtCBw/ LXdQ0TZ5TMigoTKXvbv32C8tDoJyh57qPuiXHuGoITLYP0wo6m6XmwYlMfFN Lh4gRQaNAYLAOiEJ3Gn7EKiIDbSz1YhXECw62D5DsKU9Ykn9oJOH/tHUEuBE x2AZh4CcTiHABGva99wh3EA4C6DnVCXXgOUB0/towJ8dlBdxbR0YVW4MRw91 CGRa2wpBpzHQeViWSmUl1Xx5BLIwLe1spGos0VGBCYJgG1ttNAJ3BsXfLr22 4HlS0G/bKzqiEmElFYh1nnbnIpLmoSYMpDI3paMH3dN0nBH4I6glqKCEuAWC Pgff4bsGIZqnHALlVlS0tDc+RB3p2CwAraWMr+9Juzo8ivbSDAueom3QcYHv QkAkFekEA3TfAKlqSp8huALw0G+3SuA+kd4AY6b8QN/YmgWzt++26wj2bE2n WwAo4XujokwHVcwhvIEIELdB3DoY2hzSeQfSzRmFqKqhba4QaAs/Cg0D5kqD SVDKaTgtScde0E+JtjDqjoongqWDuvAZ/C+4MRO0V7hQy063loofKUtBp711 HWwFaELZUipmhlQ5xdk1GA1V8HnADqw3WGAl9LYxu9Sy4xFhYLAIw8CuY8NT 9XPf0LFaHe30QPSlAYNR0Jl7BHFGax3pnDare47AGV1RrZMWgQei/14EILkC x3dQjh52QFvp654SIinVJkHeG6rmix0Du8DoxiU1cJkevhSRXkvr+95JDBSP o3p8eHmwHVpUbqlwAJroWutp/w/lyxSDf1eA+gCrREBoEs/BTDVUrAfYpiJw yshQIsqGNihMT0epVgX5uqDpaIjt0UONoJM4UkmPpgp+CVJAu9ehLaA7VGNJ 1YE9oBJORFOVG3rubaqfY11sHS3Gwmf2cN90GgkicaHA8KhoERNPxbCUoEdc 3koAq+Zd7fpIka6ViIKlf29q+dblo/+glv8PUMt3Bhu2izbvBzZsF20S2Nzu 01uAgt2FFA8BCnYXUiSguN2ng4jB3hEy7kUM9o6QceCQpi12sAeDxwHsYA8G j31qSUdzvD9LIJIwoZac8x7zg+ABsUmEQC0IoKe9upLX9HPenk64Ul1yHpHO bqVzn3jXMJArSpPTr5W3aV0FrKJvbQ/6aVMRn/etQbCgBO0DcwERlaZf4ga7 F7S8gbkJDMHKPjdFo7QvgEPqxHDB2GDNDWRHGFn39T437ZREaAQj6QQt9TkM HojT+EhF4Qr6cy83raFEQAL0nuanh3waGepWhRocvI3N/dwU89nTnsEQAQSe VAh8BsECXvaI/vYOvaEzryRto/YdKWANBppOSdXG4394LFkkYp6GB0WbfT2i gsYCsiG0hhZ/QdWdcY3TEZgRpJMmcOXpdNzOg/EQlATaUA3BI2whxEXPTE2B HmsQy3Xp2Pj/AySLEbKFzgAA --></rfc>