From 8b4a26a1800a4956ac56d43134567885b0008d91 Mon Sep 17 00:00:00 2001
From: Sander Dijkhuis <44112+sander@users.noreply.github.com>
Date: Tue, 20 Feb 2024 21:03:37 +0100
Subject: [PATCH] docs: introduce SCAL3
---
.gitignore | 1 +
README.md | 113 +++++++++++++++++++++++++++++++++++++++++++
docs/media/scal3.png | Bin 0 -> 39364 bytes
3 files changed, 114 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 docs/media/scal3.png
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e43b0f9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.DS_Store
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..653fe78
--- /dev/null
+++ b/README.md
@@ -0,0 +1,113 @@
+
Verify that systems operate under your sole control
+
+**You need identity wallets and trust services to [participate securely in online society](https://repository.tudelft.nl/islandora/object/uuid%3A4c2005ea-9cfd-420f-80fb-e8714be0bdd5). Whether you are booking a holiday, signing a contract, or providing financial services. Underlying central systems mitigate risks of identity theft, fraud, and data loss. But you need assurance that these systems process user data only under their sole control. With SCAL3, [Vidua](https://vidua.nl/english/) empowers its users with this assurance made available on scale.**
+
+Depending on the risks, wallet and trust service providers leverage central systems with a [sole control assurance level](https://www.enisa.europa.eu/publications/assessment-of-standards-related-to-eidas) (SCAL):
+
+- SCAL1 systems authenticate users before operating on their data.
+- SCAL2 systems also operate only on instructions linked to multiple authentication factors.
+- SCAL3 systems also enable users to verify [tamper-evident logs](https://transparency.dev/) proving sole control.
+
+Adoption of mobile wallets is accelerating with the “eIDAS 2.0” [European Digital Identity](https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en) framework. But the phones in use today are not equipped for security at scale. Users will therefore rely on central systems for cryptography, for example [hardware security modules](https://en.wikipedia.org/wiki/Hardware_security_module) (HSMs). With the increasing reach and impact of such technology, only the transparency of SCAL3 puts users truly in control.
+
+## Prove sole control with SCAL3
+
+1. A subscribed user is enrolled using a device they control.
+2. The user authorizes an instruction, for example by entering a PIN code.
+3. The provided system only executes instructions generated using multi-factor authentication.
+4. The provider keeps a tamper-evident log with evidence of instructions.
+5. Upon request, the provider proves that a particular operation was authorized.
+
+```mermaid
+flowchart LR
+subgraph Provider
+ direction TB
+ system(Central system)
+ log[(Tamper-evident log)]
+ system -- 3. execution --> system
+ system -- 4. evidence --> log
+end
+subgraph Subscriber
+ direction TB
+ user((User))
+ device[
Device
]
+ user -- 1. control --> device
+end
+Subscriber -- 2. instruction --> Provider
+Provider -- 5. proof --> Subscriber
+```
+
+## Verify transparent systems
+
+Publishing open source code is not enough. To verify if the system does what its provider claims, you need to check its actual behaviour.
+
+Providers with SCAL3 enable users to verify that their systems only operated upon sole control. Under normal circumstances, the provider can prove that each operation has an instruction that was generated by an authentic subscriber.
+
+If anyone suspects compromise or corruption, they can easily investigate and make their case. All evidence of instructions is available in a tamper-evident log.
+
+This empowers users with cryptographic proof.
+
+## Two ways to achieve SCAL3
+
+1. Using the [SECDSA](https://eprint.iacr.org/2021/910) [technology](https://www.cs.ru.nl/E.Verheul/presentations/SECDSA%20Assissted%20Wallet%200.31.pdf). This technology is based on algorithms that were invented in 2021 and patented by Eric Verheul. Users verify evidence by applying homomorphic encryption.
+2. The method presented below. With this SCAL3 solution, users verify evidence using open standard ECDSA and ECSDSA signature verification.
+
+In 2023, [Cleverbase](https://cleverbase.com/en/) experimented with both solutions. In 2024, the [Vidua](https://vidua.nl/english/) identity wallet is rolling out solution 2 to its users. By enabling verification using open standards, this method makes it easy for users to verify the tamper-evident logs.
+
+## How it works
+
+> [!NOTE]
+> Patent NL2037022 pending. For inquiries, [contact Cleverbase](mailto:sander.dijkhuis@cleverbase.com).
+
+Upon enrolment, the central system provider issues a certificate with two authentication factors:
+
+- 🔑 Something you have: an ECDSA key bound to a device.
+- 💭 Something you know or are: a PIN code or biometry-protected data.
+
+The second factor is protected using [Shamir’s secret sharing](https://dl.acm.org/doi/10.1145/359168.359176) technique. The certificate enables verification by protecting:
+
+- 🫱 A secret share encrypted using the second authentication factor.
+- 🫲 A secret share encrypted with a user-specific key only known to the provider.
+- 🤝 A verification key enabling ECSDSA signature verification using both secret shares.
+
+Subscribers generate instructions and providers prove them using an innovative method combining:
+
+- Multi-party computation of signatures proving the second factor
+- Digital signatures proving possession of the enrolled device
+- Digital signatures binding the two authentication factors
+
+Using the certificate, anyone can verify a proof of multi-factor authentication using open standards from the [SOG-IS Agreed Cryptographic Mechanisms v1.3](https://www.sogis.eu/uk/supporting_doc_en.html).
+
+## Technical details
+
+### Tamper-evident log record format
+
+Each tamper-evident log record is based on an ephemeral ECDSA key pair `(binding_sk, binding_vk)` generated on the user’s device. It contains an ECSDSA signature proving the second authentication factor using [FROST](https://eprint.iacr.org/2020/852) two-round threshold signing.
+
+```
+ || || || ||
+```
+
+- `message`: ` || || `
+- `user_sig`: `ecsdsa()` represented as `c || z`
+- `checksum`: `sha256()`
+- `device_sig`: `ecdsa( || )` created with `device_sk`
+- `binding_sig`: `ecdsa()` created with `binding_sk`
+
+### Authentication protocol
+
+1. Provider commits in FROST.
+2. Provider shares its commitments with Subscriber in a challenge.
+3. Subscriber commits in FROST, completing the first FROST round.
+4. Subscriber generates `(binding_sk, binding_vk)`.
+5. Subscriber forms the `message` to sign.
+6. Subscriber signs in FROST to create `c` and `user signature share`.
+7. Subscriber computes the hash digest `checksum`.
+7. Subscriber creates the device signature `device_sig`.
+8. Subscriber creates the binding signature `binding_sig`.
+9. Subscriber destroys `binding_sk`.
+10. Subscriber responds to Provider with the results.
+11. Provider validates the input and verifies the signatures.
+12. Provider signs in FROST, completing the second FROST round.
+13. Provider aggregates the `user_sig` in FROST.
+14. Provider writes the record to the tamper-evident log.
diff --git a/docs/media/scal3.png b/docs/media/scal3.png
new file mode 100644
index 0000000000000000000000000000000000000000..e7b030654db7f6d71f44f920083b3fcf0ce79880
GIT binary patch
literal 39364
zcmeFYbyU<{+dn!(OCu>rN=OggU4qgK14zTrJ*0FB7@&wCN?J%a(jkbblt?!cN{4iv
zJ*f9{-_QG=_5OZqo%K8Gob~X}%=bGxuD!4LT-RrB;&imsi12CgArJ_W`ZZ-e2n4GH
z0>SXc!vSwFVn-1W2#>psm7)>))5*ux8oXuzpSCuF9##-C2x%Auk_Qog>WO*&0<=>9
z-Ae6OE7yOv^6_$$^zm`Dm9#?Ih*?R93G)iridpdri&}~BTG@#U@CrzX2v`e>h}ei)
z!N6S5^54U8{u<5-^uZ|@D-^V_()
zdbp#&LnLcf{VSo7kG4aw9y1YSb=5b|6bPB|NCV*SfL#FY^}V}%^`v4
zg}rn_`rEkppwN30o`XbrTX}iYFx$Bx-R!*`F7X7~x>>m*-OwZ3F}Yf~Iog3HHdZe7
zb|?ocK@m|~^oT}Gvf*(rR#jO$ad3zmTF2L-K7L&afQ{S1?h8G9&Rbc}ZR25OdksD3
zuRjdj-=eafiz;a2@?SMz<6`CL3YtU5&|>B~*xE>XJ9@hy-PMq8NG~g}>rCpdR`y6o
z@PnPZm#dYxqa*s6-^0z`$e-
zn*cwIPmE8L3H_DV3k9A8Mfe20|7{!#M>jk7@TT+4^!#NWe;d-?7wLsofGv9HGe?x8
zy_=P{j~CMa5(?>JcjbKZWzNm*ub-U$Wzi8iHa=c1{v7|__Fpad&-?y1;NKe4aBOKf
z%biq!`8Tqze%=?5Z0WO27B=+EB67wl7yDZLYf#SrY0$q6>i4iO(!S&z=VUkbD2+a*
za*p4bOmKcQNFBMj0Vz(g$A9+qZ>9r*T$TTA2EQy;(B{AK+`m=~OyMdi+7!M-DQ82)
zS)bd1pA1mm*^b^QZv%H{B(UFX8(%9IV`5QQ1hF6t69WnXUpR3taK&7U*&~ADVq`@S
z(}Gu27*I?B5*QKA1jAZUO^VB^9fFxIoc0x&R0u^BQR
z3^6>wubY!GUG1G1K}+ykOeg^m+eUx@b^!+yj)g;x0oNCxhEbv)@X3jlLEKRSQICg7
z-OYwiKnf;-{sEI*@XrrS2429Zfgh;}GwJCo2*V^qne?wI0Iy~;aCAlLdt14BIJ((0
zDJj4hsEGuHU=lEK*!iCcHIb08fFMjvP)I~VM8X7S^uH(s4953M2#&vm_~i`>3I;dM
zX9a%i>cOOkM0o&zKzhN9VdOZtV7=Wk7*HI%^DmfCTuem>mL^Y;?g8dm<>EGWieZ5$
zBk88pQ^^*}kX5cnY3*M+pI2k-Fwcw}LjpN6-3BCo#N1OLoRUcXIXtD&h11c0=<+-Q
zdIuH(y$vG9TWFhcY*IrB)Ha0FM9*hb7
zo(by`j2ecAgJT~~2nEdv{%$Oc=oVM7Xkb)f6tz?%uA0&OC{EurexJKeObHnu++pLI2E%r4Q4EX=iC>U5`=!gBxBhLVReL
zumS4j1L(m2XE%RqR89D|K7Xn6@7h#S;Ir{^frTgjSqc=26&?u-4}-D(c>{yS(EOgs
z-3I0HkC|Xbf3?Dhx$#FHE3_b}e>D8x70LVG>>4uyxUWC=UB!+l(kP=x5uKDrk6V8d
zeCZ6Y+$m-=>b#=c7C@+Gy+lyni@az__%$RkjdSDFefaW^Qz7miVv5wA~A>~imS+Lj7jv*f0Z@4;`s
z`Eo2!wM3Nsk=e5k?cFTzAC?=l@V?mc>q`w+43W|Iz_gNBi7pSeQ*Iu7Fm*i2Ka$Mf
zFl1}rPSb=hQ&0ElhSXvz#9p~s!_gN~?yJ~DqL?VuZ7lYPwM7?WeSLVcMs;>>XakgX-*4TPU7ic!gt`zxg42mHA$C7;);mh{Ez|
zdV+6s@|gP4f|UaO4xa7}-m{(>xu1#`1@#rpRwD6J^sk)m3G~X1H`zb%JjS9bm~XwA
zk&Y4mviaZQxXSa-T4%3I232ukka(Os*iI=tvr_5HOoRf(Y<
zFS~M8fVuHZpnxp#)VA}32VPI7P4stjE7YA+D%cHLF3;
zuv)>%RXZ;8oBw7qFzbItAxaQB&O;&LANN2SUsm~C4R#NMRnW)FUe?8~^3VEQqkf??6$*U@bDA^{ew0w;_EGnLbW@>pQD6JQA}nuMKXL2#~))a6abX+qwNJLCcpC&hC-Q9-2j~
z#-#L3$tEn&$Blz6F;!BWtbBJjV?pZXO86uT#YhBK$HS(q$#1ebsKZ4@6PHI@ddXzm
zM&9yQ^HECOQySTqoyFTZw?F1RMkzXER;iY!OFkdKoNn64k^ZPSPIE1kLb&J4jr{ee
zGN;6EZMhD8uCgkuDmGz1vs2g8`Kh}ts;+s5=?f1+B!D}2Tg9^e$~~jKajVIsQ;Ft-
zGT6%-LqAeAjAZ*UV^7Ny`pvKVUerzMyh|u`GoB^4g&psJg7hM0u*H=++iy10uV!R-
zTfNKV7%up(;7T(!5nt6K{cbY-?!!qvGWtcFG3Yvr5Kn{
z2o&I(8NfGV*hMssoZ}fD32*
zv+MS4);jIy>NS3L4>rA?{kV>y_gX9@Nxwjf9#5U*QJ2K6i8D5vCmcL7a?Y>-p)ozfJ@-Mtmc+{30xQcHfByn58
z|CacVXEPI5PUx@pcN~1*Otm=T9uC=3P50qp;NW2&bEgbsxO7MKZPM3;E$S!6A3Zk2
zno=QCOjOz&N0#<%P@McNQn3B{i?$u<4YRLi0RDlZX3ncgr;UnayO)vVk5hL|j
zhY^#4Q&@2ukS?>IRtK|B>AMzpoJfR@h{P_rYlY
zsu?a|3K0FH&VgP2*KgPYBp}iMduamW{##=VLV?RLS{O)Zu_#7pYlKdz3x7l~ydvLu
zA?c|l8xjoT|JP7h0xVcez0c)7Y4!SkA+;{_Vql3Fms{6k&zmK_=G99ly-B^(4io$P
z===g#VeBwg80Z)=y7?$MP&5idC1HRA;&^J^L1B29K@gL_&+%QKiDLwviJ#X3AY;c;
zgQ;LJL*6IP=~ho?dJSREA&u-un%CGW@dDr2%2VPQcxdzyF<~%;)*v6iO^)%aE?Eif
z>xg~mAaG;N4M>R1eR67F9*HMz?=NEG0LYaHV;oYDc@V-PFn|8eJVLj;8T;N(DpfwZ
zbsy=Gk@0u*MHgW{|I9qDz?ji_1U@hgz!(DLFtT&u2=RXnd|n;?Zih>Vr*GxPq~VT2{%MCth_7Vj
z;s_`fH%F^~E|Uqy@Gpf!smRb%xO<@Ft
zJXUyD&dGhlt=-yq_%gL%%^Nq8rwux9x0_~MG;QugzOyQp)78ExLpFW0&ga$YDSz$}
zsnxOV#dH{RQKX?2u^m-&0QJ~y_CckMeUqc{q_`*~W1^ky50;P)i$Y7ceryIkgZHXX
zuP;|Iru4C(H+zNxSco3esje`F-dsMTP!IUPqJ@q7+7+8(r+o%?P0B-J!U!jMNcf_i
ziq(+tW8>{K#?fB=TOZ^SKlK;Ps<(%Y>{W^n6BSjfeAywJpZ)B
zz11jBRWEutJMw}e
zln)i)YUShYa9+XMSXqc!iP#8P!ED5Y1O&u{VWL*HwgM7D0)o~y0@gNyLU#N&fD9;a
zCA}NxC9K$=6@l!68^#Ia`11_vSGwPLkDlqghW*=A=Q;kLx*WlIOHlLk>70mGGb1ai
z8>OE=<@9gPeU9tQHUr0F*6YtnLbwdl6EWoWk_)aM?ASbIn2)ga-@)alqjfV#6P}jA
zVY6WUw&^Jscdzah4L1W3XRH(ziBwH_^Q{|iXa$k{5hJpC1TQ+PrhI!9zvr*g629$w
z_m)_JB5Px|LRx?DDxKnMjU32TgS<#Glh@SK(F%mCF7}tA^kht5tXv>u+`TNtcTw?q
zZnN-32-bLFB@Y!#(&RNoD;XmyewK_^SOTmc?<{?wu_w#hO?;>roOS)9Nhm8e&*dl0
z@=C|jUX@hF{IB+qx1tYrjZ3sGN-jHkT3I)JRB43hNcNT|vro}|lyZY;vjxG@QN`!3(AyJh)>X5)djoBD
z4OEp*$A(avIrnCh!S>~~v@ZL{#vz-%a0*zb!;;g{M4?{kBdIBj
z{tVccDE5fronQYj#(4=KAsZBH3QTH(Xe1C26%Y`V_zMYy0W1iL|3QNPmjLR2Dpac(`5GE7l$&02
zIVFrNa)B=C`m?3e*@y^TjXU<+qB9YRQo&8p);sh+C
zFY_srqAs&%tRaHU!gq6Wjq|=JGpkV08cUex8-Ray$3>CwE0Z&#MNm-`m^GpS6UNe!v_Z_|_3=;3}jrv@f&Yc1w)-
zMofn7DbZ*}p8zI}Yb~Tv+dEQ&B8u%uH1B(kio&Xex0OU|Wx0M_xU9=)k0%{pXdR`a
z2L>&-bq-?i9C}|oN31ugpU(SK*2bOdZ
zvq${Ciwk=yr4mwkZ{F
zaLud9?akeRxfOx0{}yr1amurM9{296ao+I{(^5!t$iwjDIz{wGSuR7SOEgqqCP`fLlIQEeq9~HFy
zR4u(VrICe~Th%}>p_ye^h093UymM(s?g1WP2%hrf@`a~j!R41+7B+kpF7ZzHoob5uMZ3V@gHMFdf0%~KcCMDIeqrH9u
z?rpsN=40hqzDu?CdEw1m0XxyVYX#}Vq(6Am&E`=(|GJ2)0Ih`!M;}W&GzI+p#7cydpQ
z)Yo4<-iy#@^PSuQMi6=BVhTCQi5`Q=;GnFAH?)67;wpvpi-s-@rHz+^P2V^3x=Aiz
zKpzB7bS5WcUKK8pTn)i`w!ZFg@pb1d99_09=KibX0zW4|lF4%C
zI>V~w1v!$dC|Z1*6??p2yU57k+B2>)orX(Rm6NPEe!9BzY}QZBQ4Q*sP3gz#$*XiXN-hm6#;8EqZF$Vfe-i*YfID<-=+*i3
zv59Gz`uWE6$3mRGC5e6D$UjLd;pw4a8d(*UxUf-f|+%2t7TR`|v=31f!YNml+H6W#uZyp)`-qJUc$H
z-OI2d!D?nbmyx>tb3R@P&X4bXHl5!eJZB*MEeL=76GWu%%5b0Uo;jrvB%za9iusfh-^HVpX^$^s*XS
zwTa4MKK@xljH{70HfrXFN99*=Wv)W_FQTpBE}hgZm#m@C{f!x|*a4BUvqW6%X_a#+
zZA-R`S>8$p?e9~m0%`cqt%fzSuvxP7kV{%B2ZJE%`mf=!2T#LI*MV>zdOL8PaO@31
zwEZBIUsQ;yf{feY`z+y{h1t~`Tx#_|nx;{SB&Ebw`
z76i=ApX|_Powe$_Lc6wn#IayVuN88-y_ke(-1<3JP~NR!*R{01!PT1o#srsxPDb$Y
zX9-jlE}nx75EB9k_CGyXObR_2vX_h;N??!~J)jMh^IdW1Ng-Q&Qsm=NCKI@4>=CAX
zE<2%|(3k!_75|-;ayi*IUQVxko5}gVy_P$1)Si-(lw4?mUOV6H&V|A{yW@->t@%X`
z+;{umv<2*~Gd?NxDRHjG=LsW5ueaBUE^}P=8*!9SG@>E?Q!3|N8jqbN)G}5I{HAB4
zmcW(}a`a|y#$7t(i+1v=L8!zGbPS)PY8*JD_IIVwblk|mx|-0epQf1mvgR817(X7&0{
zCd@((w2u6B*#$m?L{w%lNdy~eWt|xnTkJUVI*Yk
z+{!ACDjp0SdoE_Kn{g@w-I-!yS2ON
z(w4(9OtjIO_-ZnG$!KDOYZTXBFt@5j1W~jF!8~`DtoQHlGhFv+l#D{8m{zbDH!N9`
z2+FgZkMH6?b=ugYe|v+=1b3=wSCRzQeCL<(6de{e=UpG0u0&Y;G7p+xW}Q`a_#_lQ
zu)!6P*M4V#<5P-xVu88OgX~p^J}KHEDk%mKK#!CCd&H9UOECsY+Y7!Jc@AXHgzSCG
zf__{iVU;IATZH_ovj5J(QB%gkE%
zN)uxD0-R?7&1YPe{yBbkDih%^BI;}VeuFEoz^!T3E}T*xiXODNS>|w9A8l)rq4$^a
zW`eIg;TJ02;Od^bK0k0<*5mmGeijqjIV~+&3Tl`8&l0a&iWtky42;;HedK(X|MuD2
zdi}WRkJ8*>v(M}{v^<3@!L*Um9$9sLHwtFv{w0$RgCBD6`;Xes>nA{A-)w0^tS1&tLQ{PIK
zN}4mPX6^h@UU=cni#N?5uhhr)E={*!*4##*x__ELu0DhigpK<9&RKH2h_~cAl`cD*
z-XBs*ms>=(m$9W61C!a%>#YQ~aA!*RC`5cGlSDe5wc~#M@m{WAdkU7@78@gcbLY7Pc>TW!Ia%R|$~!R$0|!vWi@U+v9-R1Vz+IGw<-fut5
z0P*!<(CKOM-tkF84B~ZW$gQFoc#w{Ou(03pG6rQ0gmNRk@8sq;zfC_Qd8wf=CLej3uM#TsEL>kN%76?rp^8Rq1Oa;_Z6ZL>lT6Odv0OzzzuZL@CpZIDzd#+!&Tz6
z*AW)CJj)j1tMfmmX;eT}Eh%5)<*}3K+rwBsFX5PM`gk2#eXfo7ZPAZ&Djt4P;uN{q
z3CBWsa_M0q$Sk{9dq8+=bwAtaVzB%*`ijDb2c@fW%2+e}3CAb0dWH&i~R7Q>s
zBR@4;xaMQL(=v{+XFMc7Wl)pZ@VRS{SD?jqzTU|=jl4glfd$myDKK(HX({l(5PKWd
zv}5e4hC!{2+i(*yTg{@9B}3yrVu7zGX(WqM@)_aIUjCG_x5m0+DliRF&G4Wf_NKpm
zF!Gwhv{*JU^(^BZ^Sz%bJ2KA1&6Uqmuw-b`rzPNV#_gwNV11#KHv7j6C1d~~3sWX0
zNnu3rlgqXf{wM3+z5)e>czM>%eo=zipIU)!FNWhWbz8F`5q3+zapQplU6fq8Z!C%2t=+t5Wy2ounhf9
zR;i_!2}hLi-g@>wo*T{QzdmSMlXoa4-kR?~wv5abTcwhses8%~ZEnNsqzdLs2J>BG
z<0@JUoX)3W>A|eIV$&(JCo3M(`<5+WD)cR%gu8>Ah`WPdhYk%-qLjSZ5;Shu&fTv30aIG&u+)%k4Y+W>u3lVkcu{HY4Jm4S_JfRr!M
z5PN<6C-GZ9b8(5XunjDsz2$fYIf}7f2354&I91i1^+StwN#+J6l|IA4QAVX1y7yGr
zh=3y^Ye#OyOdIn>bY+R;L@t26ZYg4r$$IDVY*pMU@4@xN2
zK)L_S@m#R;RR4iVEuQM>>7Z9}Ih~ddX1*vEJV4IQGoGsuuYzSb?;~N6KTqhHVL~6|
zLNWWKzB_6Y5eu)4
zyq$6VblV~{dt+m1#6I*Hs1lmQ=l7Dq_(A#GG2QBq`5UsxkNIiko&;d)@PmA`m$^P~
z(Pl7R*U%}JQlY>2MD=0N+0&CugeBZ;)2PjHUW#K>`4eGD$i_t6q7s%dQKik0$KvuZ
zs8u!^A6#k*Z8^@i-Oca52Eatdcw;o%)cyK+OjF%nlZa@2e3+Ai!`l83c4s{Dx};Sy
zK6lt5s2iB-^J>DQjNBXSW}W$&4J)90x4wPKrW_cg$FQi{$xPoj*(T+V$fK{zSThi(
zm-c?Uy(s-TBUqK=g9$9uTyXCh!tXSw<$&O@@flumj%!H@DQ}@dG-8v12L7g%E6nbT
zB3`doYyN`&+34~|caFPRHvP4%Bijur+`hGN!--y}TC?rkSL@@MMYVi|o!i|x7zL_5
zDR_~!;qV|{L5j3)?8T-ca$BFKZtuXSwC3%65sbC-s>K#zIQrq(z1FSyc9*WP8AcJ=
zQHy+9dmUf5(y0L7bM8{cs|Z*wvfTz)T^uP&mZ6e7^er9OP^lr`&4&f1AtA4^J-1ff
zoct*#jeY$|Nu+N9Y^%@A<
zAFVx{s0$tEC+<&kEtn2?z8}c?NoyXB>XAW!z|Du2icIJMOIuFxTFqXI?Pd;k=hn;X
zJUI0Z9Yr&9+k2r6`oSveheYV)2lerc+#K3l+|L7*-=5fO9$FC}_UhBP+8o7tN$M8Q
z!B#C%r&(r*y#K)KkazhKsE~m34v8^f9W&Nz1HmLgl~vVKkgXtqoV~|FCj7qC^&k!J
z9kEJ0Rd#^SZ)ikw%5Q_E(DHD(EnPNwCMG<@cS|BZz{oSgQ1%Se6&H$Q_U;+om4(aH
zV`R|->4~TcBXtAx5za;afo13brNmfr$K1T);ulqcWiBn8%DrMbbCsj%8vtS`)IlMw
z()-wTx%4YoaAujZWwu5fz-OjCre46yn4Yi{9i(SjWR>GaflDC
zdy8U`f*T1x+2DFA34BhW1C&$?3YZR1FzP$yJ4Wd@ah0MB`YWT9DIb$^*QMU0Qs5BQ
z6ss3p=Sr_{%@+^7BvkBHJHy2r1>pr%p+jn*?4IT7ZSS6+jfPx;IC?>-ZM7(I)aXLXQvit>i%#Hkh(;Il-wa!jiJ!bpVBpw
zO!Xxht`K9x>O$i?e)infobH^hB@VfhC($2To=KoyoivsAoF<3gM)X=CB0
z)h>LHD{uaK3TyS0FA69*NIRCoz)Dvwv*~OZL{&0^2T8`|c0PFpT2ia~N>O;l-Lgk3
zoIU!6z;g#~&;>zyT`+jUaB>6pNpac9@6}LGGU4@nW{tBT@cT`waFf{V
z)w9K5i%L=zdZuT-CSLC^6)!!@;d16`<%VdS9oSxgEV-VmS?_UYh|
z?R`?H;to>W78acVUCw<_347{2rJE-+hr;kewlKe%rYqeR7w0US;5Wfv-*4l6bNgMj
z08Q=@k4W0ObAq(h+5o^-2n_|;pnC%WZn_4l^CObt=~{PYcMv|loCfy>#!&cqPG}$Q
zbC*Lh<0$)MH!}gxa#{fuic{d2od2hL(V%AKh-u4zpEmN?RZ0pqkQM*Af%chA$9;S-
z_Ej*prpkws(pOMJ17(#!i;>y^BLO;RP{m~^_Z#h%SgjfKpy|DXPVG=TW(|t$f$!gY
zBwGd&LU{mFQUZvCuv>Y~{*<^^Ba0&9H&%8@rpArm1+E3_wD(c;@Yadzu^o{dgGeb*
z7^xD!+uYaJr{zEy%Fxz>0}SUiu;Sb|lHFYK)46wR03`(7@{F&nUk@+7P-afCToSn6
z7;eznVqooYG(0Ropc_VQ?$0dYzaj7S^LtuUPU||rHQa?E$gtu)#?e;rSbd_
z;*7P^{F_p^Iyep5u+Qmv;(+6{1@OVE3?*g^;Tx%THv)l?7bFx;xo)fA%5Snvh0JQW
zf!GJ9z@5JLwC<$xs{W%x`d^O4Wff
z8R3H;HJinyb+cpW;DK7E15!lK;GkVyg*Ni%^BG2tz|(mPUgi5N_3_y&k*O%3*`oq5
zNJuVNc(x?G<7-Wt)ytl^!1xjmx1zgg#ceCQeLS#fba~v
zsPtu-FYiMw+*mi6qD9L9Ip9ic+?4ahy;n;0i@BY}{B^LX3AFz0K2_bqG6Fqtxiran
zeaM#DI9m(wC>WwqSo~_^<~WR)0<}rDj(G0t@#_>*ZFtDAc<(#
zw*#1@`(uoHKtuCQeVTfdvF8$wkM4s?pRxPhLm>IYHO#KG9(ibc@P$CKCz&VQ9?Q#<
zaa6W9qh1m@IWE?T|Oz?2#`64KA^I)AZR6)C&=&1Qg}i$vvU@-aOX
zb98Mqf_XG4zn1d?WB`Qk+&G1^9L8j6kkq~JR{vz#z+?WF=^JW2SLFqTl&_2{*`Yzl
zMxJxNuP)@!l3Fn=ZCI#zDL=PXa5=BBn@*CW|G;l7F7e^Y@O;f+acvC3>eFs|dL}=l
zmjJLP{qZB}WTw0pwQbg4k3B!n#)>j(Y<+HGD8UOB_n4MpU#3zu_p
zE8?N6L*~IxqH#4g-_gsJ;RVNTIC=lHuWTf_2?+6CTy)raByu~K&eW0G<$eLBH?bh+
zyA7c$RM~2pc*V8WsEbb{e$7n}3WV_sMP*e_p)UmLwZjJPu%lOwhiwG;sR&X9Yh7gJ
z;g>r}B8Yl34{XA(+98roWOlt38-Ty}`hZCwuZ@=K!J?K2nW2gUB|r;>Ec_7RW1Bl3
z_?m>pTc;y9^5tlsV@XJ#wyxXqE2@2aaqMxz{i#eq5&14;wn1-nU%dt+3-4TigO
z#*HA~$l-d5qX%jVG&fmq9spJ;|B0GBIpk1aG{(O#0d
z_r`4Csr7N7&D-OnA#+6B7$YSj6tzdKjX(M7qSfGI*UXibB^rgx9`P2}><^N?xim?N
zTXXSwAh%9}TP{L$V(^M(xB9eqgG(+ZYh5`aVXqF|UkIN(eM?VfzT-ThME9OVzJrUr
zRe|z?fYxBl20rA_6HN--jqDemfg=orCQ$2>8Q)r<;PF~rgdcwJg-_JT1Xmvr26y3=$3?U`^G*DJg(b`pDSZj2HilF(1&mr@@C
z$zB0U#v#sLjhJZemd!>0C4W95Vd!`lbBC!OBTOF@Z92KU64fWk6RL0R*FD@)C-uLGV}GBwXSWdfUzH3A-(wyM&fh@WEbppd0frokYAMVtPqi
zW{4#YS~8=02ZdMLi^l50*8*@gAdwf*q%#IY=qd67BsZxnKYZbtMBT1ys4?z-rbHu7
z^Cs12Mva9GlwsL)r4s+i7>VEURWw#VK4;Mvsm-DCp=bjxb(lH6vB+pJ|E0HnSf;cQ
zu78KRtH)=xO!mH`E&X(p{|pAdJiZS&STh;#u34;?teF*?dWJ601drhM&wie5hB9Lm
zfaAaO6B^EUJTn8EQFFkB2$Utf4fz<3;EW&MuyQ`ZioV
zacNAgyxSu336I4sg_rIYScuS|cWHB17>}RNJrv_j7p#}uJmL=?i%wrZi*yd*ej;-;
zzfNtQ?y?Dq2!puXG(08E~A%f*Ve=8Btu#NL!|8IWDvC%bA6scMuXZIboD
zOg&F0E=7LI4p{Wx)XfDaXenF)bs>Az2u%Z>E*(#iB=IvwizfDi%K62>5^WFj_nFR+
zireTITh`6;QS!4?AzntAVS-uU&OD}6?>QHSTAl*lBbK<^QaDzA`!O+$bF_8n%rCi4
zQ=o@y6tYdRjv1NPR*<(Hg9SDb_@K@eW2G$V*1MqM3z!<+dqM0m8|F?rfZ%7e?9v41
z9}8cr<%msi`%Ybe@>a|k9g8g_j#9W$H*+S6r4nV_H$$dNo1WE7`w50UwizEA0Blw!n0Y-!L#m4+tO=VPK;s&gsDp>jR{{FCNo=H%Oac<
zbLhEi$+Z9jAJJ%hZOAQfBAGkFe`ri{tIBOmqIWD5oz`CPv6FO&i+{O4sbFZHo=exN
zk}KN(jWin`w4OBswWX=QB(3uD#lA?7>|IiCg0>H^w{i3_03X<8^qo`W{~5y#;SL
zDQz@f%;2@i8;JAb@n7w2c2_b8Z!Zc*#%j`oMBB;|UJ5V01|k~xj}wRpdE|IGmQiF{
zq{vS26N_c-sVn1eyqd{pEU9$aavE-z8DwKPBjf6@R6o!&vKLHkC_6K58)2eF)Bsl9
zWlMibM=4P!RF$ktVoY)uZlU{Xh~Hn+{`4zTAy2^D!>72WL{biSsNXbVWci_eH%^Dy
zInd;(+@|{-=?D#}m%3F$jSJ)9=4aT8DRqu5TaTOG1FESxi6JZl0LIe(_0ac`89cnP
zUzHdVO7VF2FCrLQJ`=qy
z6q%;>6Ak<(pGO;m1NG4*zM#c>aEx&C8qVyoO0ny}2|c~*;*rM~?l5Mr92#j0YrNo9
zk*@&Zd#FZ)avyKm*#DO1a|$Ap9nm%BLb0ObbzHB8cRhCr=WdOSb_d4+5>OT_(d78k
zS?%p6Br_emVrN0JPhK(2i{ww;+IBsBp$r4y>~?NCdr_mITl6-h4mbnv@+yjWyI~4w~HteyU74phFU;W
zcH(OVxD{ZHim3-RXj~&V(_EiB7dMV4(T05m3cV+O^)1gfQW@ga(?DYKIW0~?GT<}p
zX7G>pg)cf1DW`|gm~UDSe`u3%WbRL$@}XcsIlnM^A*9BKl=tJO6u!+DI7}iy(@MmI
zTe+>HZym2MD$BGfY)p-xw43rdcTwgQ=Vpu)OFsX}Rd9aGq9qddVR~KWT9jr0k%>FX
zpK@zI3p>mgK%%&~xE2|sVS>9&GtS@|$#o^SEVs25ppohR&NCYG
z^!<$e2MNJt+qKJTSQhBhgY?}M(NLJ>E+r%&6`*9AccOpbkUWBb%*{|fKdLTbJUb-54(%oEGxP-qJYDl;Yx`}uE&=8Wx)(0u
z_8Y703`~Ru=g+KuZM|>y4$YP^?R{Eht7kb0{7j$uR^=M8JRitng+BulCgUbk-@+4K
zIA!6rfG7kr*KQQzYdiKL|20ECIk}-v6y}sC+t;EwAO~pf<_6Y9u?Y`2UkXS=N%JLh
zWP}rHK%eD`SUs^&k1qFl(OytR6!<3ySdfHC0|%tN8dK9zq#Y1z_IB-HJd(<%+1lSb
z-#Fe&>8vgM5y~5xG6$ldoIABce=HW3$eC~0n(9E=QZ0b<&E@?6%
zhD#s8osynuy7lVin;!mpu1P>0AwyUoH9+UWUzLwkLvE(1#ZqFR8w1)d#0qKajjI
zs%d0Mnr8;SIomKFSv~H+47nNwz;lhtevsNOnWdc)a2jJXP{`o`UP4C$0J+2^)ErbtfFx
zC?P7q^(y2ICg&=-tx{Un+OM+Ixh&39&t-&#$diIz1?T!%
zZ1J>3b?D5$y%*dr;`PEQeP=^P>FVk6MleFue=75M(v#UR3IXmP@!SZXZD7Ojf}HnL
z$-#de8+p$m@TfU+>WRxlV?WCtXI^1WJg={R!KZITa0)4MU!?-PVpX+JJ6(KMz?r%<
zc`u(GGM+gcFS7tUCB8$=cTF|nvS!Fz8~37=qwUP5joG!R;t#=-hWb7WX2C1^HF8wU
zqbg^!yJwsdC&|SXy%q1d?YlJiOam0kJp1>OGLL_jU~|R-=0X8P+=||&&~HuGGw3BA
zt&G(1?|r(@RRFI1ET;-}^lto6{xqE)igIV(ewSnRvx?+IeNCt*i&t#^Ph(F$`Bgeu|le%SJQ_K{pga^UV0J)_XGRlaVIA|7fl{jjYolAa}
zsrGw1?eoG8DEl*>(X{8Z`LT~DUfnUA8*VX#b3h`&jlrx6QgExofzuQ+v)+YzY`+udZP%Wf}uGC5JzYPviHUHE~)EpPX9E
zq4fe45zl)E83%
z3e*TnwM5EalX`q9kFecYDUlNXjLfwCHYP-e8cb_PL1_ez6KtRA1CX%uWFM=7JNjQ%E+Bg2CZCs_{^t>g9*Zc
zR>u(349hsuh12C}ZX)_Xtb(vLOc}W#2d*Q0oiGO3IsK-r-pGVG3FEbgn#&Jud-mAD
zt+s$-?T5+hHy(=Bw8rf-rEQO#Xf3TR^6kR27QA$-}{g2OMstVCC2*pRsORG{bU_@neD3y(fmH+3jsZ
zw5zQC(?3{i&TLN7IZQ4fnuf@Uv)aKtwp2pa=#%3rr=x@VcFTDYMB_vOx5I}(>v~36
zDKCfP9>7FA79C!4)AF4!=s6ez&oDzs*
zUJt%=34x|)d=(tx{6ok4mBwarqPL&YIZQQ(P8>|`uEn*iK`PMqgvLp_2W5U1cHiYu
z82p(tzxaMR^z|g10&)^>hI@88=)HIk5J{~VS;^>IXO-G#tAO|IU;pbsz#K1V;;U?)akN;Ig~J0w!w^bW2Laidg0)fOU^}S
zK;frnuWROijL+g4#hQ{1i7$pcv)sO-zBQckCG#v^PV=FPd&PYS@0Df@%PimZiJ=Q+
zIb8WgR)$fApHg@OI4ksAu|4pOacXc~qacMK-^>zZX^v-d2C7PS7rHxv2`(lv8JBv;
zX>f;y1n;b|j+_`AZcqKRU>_xeIuM~R7*&D`M&Kswj8;~qJz&2L9SXs1IpYcs1&)$<
zCvLbQUATyS
z_lm8<JzS|SwmRC)~wQWBppBx!QG?3}Y
z5&Z@8*hey@HzjbL<^8m6GCO+krUKEapQJIRv=F1vD6AhvvZgHjZ(P@!&RC6(D{eZF
zQg2B)ed}dm$e4)ZXa~K}C3S}2ogdPW_4mGecC^g@Uj04YKV05iyc2{<%!(18lj86h
zWhKRh0MpBB%Afl0_oPC5MQ1XYz-Dl|nEohu{v_|TTVM=&$F0tkc;4jS9eQl&wE}0m
zqI?bd*TFqh+x1?|&NC_rf$1GZgEpaxKR3i^e}c7weD&%IvOVRav-om0E%
zLz0ZEwy7VkY?`H?9HBwzMf|&TcP!rzgVhz0nr9Y}l2Hl#@xJVt9v={8Nk;*U88#D*
z<}{Xot{NxG8m_yG1hta%fEsd0`2#ky7sJ1Pgpxq2sIvtUT^hkb2oUIllgBRlrDB5U
zf5YMENyUN9D6s*&+>ZIu=dFbNY
zq)%hpz;dDzJ#Q*Qti-wwIlUQi%C*y?Z9Y5$f8c8Xd$H#Mc!4S*iT@d<(?9TF6AfPd
z3V7Gl7NzZyrhE%pW=Iu(q_r*etzZ(DZS~sb@O4DjKuMN89k|Fm#{jd
zV|5XeETamr32JUA^U-MM^hgvox6yd(UMvaJ5-C`K<9y%T-6D*51i@c}*QJ_{U$|Lg
zJc}%7>AKD6n!v4+0X#&DW&kcuVEM~&v~UyRsR5E
z@Vc$N0H5*1C@3^`Fs8yxLf4wWPRH3aCeWYx#zGzboq(f2#e)T~Sr&;6e8s!-b^%Ai9dm$u%yoTOcO5
zx}u&kq-_L1Wd2qhB?XV=wIMrduo&^y$+}X6r8j#OGMW?1aT6+rW&3ZUECljp>|)!a
z`mM}UV3+t;m1SY{ubYpf%lisGHU2)l$gLV~NS}$!d&^^HVq{`BBTK)VUl7O3@i`l=
zc~3m0%`xx6`cbasp21BcGfpoaayw!JG~Sx(f}gBi&w^Abj9MBaBrWp?+1#?-OyZt=
z2N}-eR;$`|cQL|f+#y4d+{kx)G8egslpz&p-|(yGg(-a|&be^A*s8I4Nz?)k=2dsv
zxlvd;#>1ST(_8n>ni6Z)yxklqoF5~kT!sB9tNVs&*Cmd`!Hl3dE+}l_(5v?mnP8$p
z@&`ZyGk%mDZE$S*J`i}`1bd76NwNW-_FFw2Rw>h?7tt8szZ>T83$++?=+lzU%-N@D
zogKP$JdtFmO?V|GDbDt~r$CzFzRQ+tuKC8g+Q{
z&;DI{u9oFU=9-e(z*I!~EP2=*8548?OhjoGrr}vpoYu{sd3s}N9S(S*=7ouR!EpES
z`Q4^;!Qd{|_9v#1s?}27E^PFX}R5gSrtSvNqiU~EN
zh7c2uJx;vj*>iXQyMa4sZc)3gn&TD`*MI&+(Fv)~>h#K8v!Va=cmngb{~Fp@jg4DF
z`wTM#$~+mBC2$W|(E-Eb$4lQ0JSQs^$2WPTZ%9s`&1QMkQ)*6CfAlvrb;`C-fzqpjAzVM#C_9+{{(
zUdJ;!KL?`+w>UPMw{2*gEQ31n-df@A`lc@Acirlz%dKk*VZ{eDfBXP
zhD=O+o_6aJI{GL~dR`=z@Yb3F$uxg~^j|kL4<%DH^MwA^m)lAxu4`HnQ9S~J(bJ5v
zjyO^q*@l$}!`knCtd|fs=x=l|;+q3LtQwi
zzz-Ao(+xYy*YiR26_p@LiM|IWNuI
ztj5;EL{FN4V9z?6A3*GWq8>$`lrWKl)AxnrsP
zFjUxH4QZ8~fV`VQtCAcVtyk`O5n4eR8F
z+x|6u$j6;mG-2;{rxu1k6&H*tq)LVz%(y*d5N%yXis;oC&cm=9xr2)l2C7dlH?$Xs
zDJ_CpNXAMZJg~!KDs87hVbyf24{q^7o~%F;p-V5=>J*#&;28gzC-SeV(q3?&d|<-D
z6Z&EB_}%~a@!#wl%syn$`F(r-s=A}*#75y%v;|k^aeFmszWMl+h-OAkOp(mG;aqXQ
zMdX^`9F7W$e={3MoHrQo?)-Q?ql_0tiuUOA4HlN$MhM!B=(BwkzNdY-^Y?N`XbSsq
z-VVIN_u%EXkMaVVgz&sq$?a;55}}Y8SP{w`3uCdGFRh^s;gvyUd`TzU#Fb{DgF-I-
z(hW!XcAin!r;(~$zV3AH3C@)jmX;1cd{-tFb&DZ!0ubV_aJA|rO#5eanOyDjCA;7H>2)80>RNV`ng2RD}m9BMr+iem3U^61G@)#`V$R!
zN&IRO6}B7Sq>r&iX?J_8?@m-Bj0D~AN#%jARlnBlpTBly<35gV5Fb53T>!CwPs^eN
zx)us)1QsQe1_`CUk7c0j^j$z&gO!UC7xL2Uw={e$$>g~{n(T};7?ti9e(doa;4FgO)_|eb(!}7|TzS)xF84rC(dq9{1eK&yzsPG{#EvuXMZVY1Z
z7oJ$h+Z_9iTz`gUKkNS~M*IUT!78WchRX1tbqjt2o{w9hp9ZlVEaM!`{mOiCy7^Wigf~JiuUHE>wem7
zNK&XDM1~+7CL2*a+EaNCpQDW(|JLWmrM23J?A~HE%xz@-=tJW*-|v}!MLWQ>HJx_=
zHS}~8jqzE|drltmGp~U(6dk;FwB$xAu
zqKn|$Pl$z(vLW?$TXI8sA5~RE{j{f<&AICkE(GMASM@Isw8rh;uzk|<%>!;V!o56T
z8Q6zg+-6WyjeKjJj
zSHHv7(uqf@2}=}bC-J*RGM5Gkd6eMj_3C_T`fB+5ai76Vf$c829U>$`GC0+IXTt=W
z3@fP;i5UOX?;8azHuMi3sMwED_IG5Vq{}5kBT;GJqLPh{1s%KCAsnc*Lg?Hv%i-~F
z;@!-5G2sI0CgbmA1X9B2nE
zRK{#sNecp0nJkH^%ROQhpDXMAhk@>oA7mo&GfIM@yy#+S#kY0r;?Lt)ILs+^JqIxI
zDb6(7N4r6!buet-WtJRFT}lAkALX^0?ZQbNKBvQW4azy)I|D9sdd*IGeeOBwV{gk-H-x-t=jvLl
z#^)fRmEe>qB6qLMhJsm%AuF~0?rp?uLrpG}|J_2^>2NAz$f)OMdI8f*uVC_!P*7Y^
zGPaL!y+|+rg#C{~0trQ5d%NGK=s_*7X{3@5DC*H3}1Nz9w
zs`*c>VUDC9=5oH{p@qSRF<3vG^4?e0?#>`4qcaayOW-LfAXy}yui5w;{;DB}Ba(%K
zZW}Bd6*n*Boh|1ghEQ`m?Nf-IKFOjn%$(+1K0aH!gg2bu`BrGh+fiy-s>N*nekEW%
zWl;dO-*wEe_-M}QN-+8t#0m-yJ@5$1q|#QSxu4D7wk9W2ME^u>s(g?4DssaT5VhfV
z`lIL;^SyUD7+ZE*d^t|w2Zv0t_r)mlJ;wvrR6Maf>OyJt_W2IevLotjF5w3Dg5}EL
z2BTj|xD1HoY=Ni+#$~Zuqy4U^9zKk-9Rp>1@f?8IiI2B&p`TU}r0Hu^?A~PgU433*
z#yJV%+o-T(T&Uj9L75hkz}>o*?Y2Ds`sq3q0)peQhCD~Do!X&kfk|SV8~=JhyBj|xH^j@ag{Q+)m$ttd9__D6Me{E(+WxTJ(%R8jN$#d&)xiwk#jIes}z
zh#JoX7Q>uUcPSdwJAeUhd^0sBEjUr}(Mi(Y(C+Z3Mq$~afacR!&EC?
zWChY@(fm%~Y9t5~vQ_0H&{)(PulIHAFcMbKF9%UAsc^c-t{7<=`g~U`*&>cxqoWYD
zmXG3*{8P37wz$P*@{8TEmjuD_F8E=;`6mfMLiq}SORRWSbI<1~C+#zOIx
zjL2wC3ARW|ly3A`JT5dr6Z#l8sMFAlma3}o0&hi;H}+v^CB`cK6xP<%r`VD^iefWW
z%kqXFg~@*A?*vgR5m%5OtofA&wH!9f7Nr%z$ib?b^Gm$KEFNV>9SWeDff^jf-O)CR
zwH;lwcRw@ud)``J03Tr1>e=G>?PtCvDAWi(d#MGf0jF+vgUK+Ao>C(T%f9reAoteS
zxh7&FO5hLPTi*z)GVF$3>%+auqQP2w@gu`KjA6~v;F
zvPjiU1eC0Z0RT-lsbkS}gEZ|ktD)-E;L?v$F=1se3_ch3m%{V9fkS_l<;$pfxB5N`
zd253qm8&e>NkOVg0vf)uzh4cR%8P9Vjkg>+$X_(5>o-o~Q$Ldkyzq5mO(`*pw7utN
zfXa6U$|}I)<5P~B5D45CHPBY#aoV#D*qSZ^IJ0qJXf_WqeSZ-kO&cxY^-jq%I(OlVV;;LnOA9=Q-
z%2wv5ZW)hG7srI$Xnb8lmiV`M`ES=4NWWJCm$o6v74@I>E5~?=tC5LaL3dxR+)6r@
z_Z_P~RJ2RCH}ov9O=)L;2eaAqarO=?@Zo6Py#BnyEG>R~aWxGe#IaT)Oh^SQ*-A{7
zj1tX%mLi43-QSB7zU}AH4&Xnwz?+Zd5OzBEU^iuz3aTI6x>C&%I4c|fmuTM`CLEg<*Gx5hD@w`6Hk5m!`IEpD+Y}^on
z@$Qb5%|sr$pycQ>vG{fs%s`4L+N_Tj`&zqh*?~fdzDn+W#E;U|>3QUCQxd2p?i)Zc
z#1o)OI9+KhiY_Fx`St5@*(d9v4?kAPx!&7je2h#aSs6_vVO0fN%!8tm49IY#++j{I
z0JPVspc4`u*?+~cMD2`DP$U1IuB{rO0p6WhP{Z8;8$o!P4RRIiy=O=+r$H)7tjf`V
z+G%pw86{m%2$*h40yUcJS0*U0Loqn
z<^E
zg1YdFz!lL#7RLsT<`2ZC2pVET)%^q>$!?Is~LPadcGG2=nEPxe)HO$Zj|8J8gvAYZ&VeHAsto>>1+u!@w9brn>y8=x?7tOh96Ho_OK_$3H
z+DLJH;`p5ud4`PrDC`9=3nF5Y7qkL;-lglVAA<*KCBCF?B6lTmb-n}{k6T&26*?J6
zAt4s%Gh#pyj9u>S70R^o2#7H!>AW#d4QP=u$SslnS0+bsSN>}yDDD*!?;?SC3{dgL
zpmaPnl@VMF?3ZyCp3n&HgCzFx5uhCU^1PuUgd%dw?-1apM1~0;coP%r-ys
z%`(gNXelam`Tt#X8Tx{0L}@peSS=#JXkB~o#X(LLc06>Bb;@1$Rj&J3M&@%?JxQLeDmU$s-xT$R1ZamR
zK>d6r74)w(BQp}3BcKc*491e)SBwucJzcBH>&!gH&Ry(CziIWsLhNKJW%5Q3I}|b~
z(aataU*=)xOs-|rnB9XZ$47^*0R5ILM46ulx4t2kuQ|u+9uWCiejhw
zoS?%8L>innh`jxw*x)HF6^W)V7H}11VuxrfDIX9?;k78qkA5N;JUliy9Yn{cTQ`Q}*i;TSe-FXr7K=hJg=k>Pp8D(IR21b_*QhTco3!LaSm_mP4y}Sv-
z2-=qYR8Zn-L@7>AGk88RPe;B*GvXH`Acb!&o^#K?(K)
z+&tW9@uqyQEXK^UnCo1IH5k1nz+&wWLz!c$?BSC6CB@WnRNK{9ywLJZ@m@inp~)cK
z7DS9^SOE}YSs*u>7=uzkx~EjK@`>gLU_xRTEOj*-g}$#Ii=qqdx@ImVcmM?iQ=&-9
zIno{r;F6i68y3V?k2Em(bY_5j*Q%)H+gW2=^WczcIjH{dLv_8+&k)xXZoviT!#@J?
zM5c)Tn=}99MT{MGCjx)mZw>y1^(PSOk4;L+gvrLZt9{a=cdLCSKUZd!h;q#2wvuM}
zg4YmHc;A1+(8>3u!QD-2x$MA{3xoY1-bXWqgHXpE;P36y`PnuMbQb3s*>0-gU-4LL(^zkFI*c4IvmDNs@v2ryaGLIPQKF(
zF@KS>PkJztG5Zg2+Tn)oa~&%kEu3RO>A|B%`?&g=$-p3eU5K0m&k-cK;nhrTpJq{B!pYBEc`*d+_>2A6Ggbo}@X
z<*aYih*C7OD9iA-D~#4)I~Y^Cd;E{ShW~uv)#jI6-s8tF>J+G>cCkQ}U?r>GTj)2Q
z_TBWYnQ}ECv{=Yy
z3lcD@+ZtGY-kZ6fV82!wLz;qYeUZ?f_P*&rVN4#o=f%5^A858&OtV|*0nM%tfwSTHU
zI`+f};OF+=;0HjADZwjM{|wSzxd13K#bf;e$V>iLZq{F$>uwIk?G^-$j$c*ip2gvX
zeNr8D;FSa&LFDm!b>-NF>^#PY`7Zg@4AWDtzjo0pi(!
zN8$5<@==zlxflr|pnLUXCy$bS2(Z^sW4f)*7I8^{v*M-o#iUw#6sTr}o!7Zbyoo(H
zc=Vd`iR=!e%A=#Sy4}7C(_yNTY`yt4bpET<1}-r`*f9!!hc>Q6dK6{PGG?TKEeP)e
zc+~gBeb={oMloaD(E_Axf9Z;vV*fkcC_aA=69WMmaEjP?-c!C(^N|r&G-!N(JZ@
zV%aRWS?{SvO8M_xN<|e{y)-BeJSH9ue>3Ul^T9jAvd-xNv|S)YPjLDv*YxcEy4uF{gRU9ts6&&2;C0Ql&dN?2mv
z!eUTwA41ICiz=Vuf}pPmqLDkc^ps+
zHylqr#lPhvj>|+D(R&MqQ}0MZ(Xeee^hUFj0p$69pZ(T%L(wF*id7)O!P`ta#Rqiq
zGQ2G3>tXSAN7`&^)m=f}0@Mgv>@>t|7wa=VPq=Zk^!?j!A}j3aPn+IS2u$nW$p@
zz~a%#T(B0A{FPRsnT-eWvjp7JRU$6kj(%lDJY~pHVPeSUES5i-OK3uD#*t&yoc?=D
zVAUbknP3e2cQ`wUC>Ia|ig$~*04?ywt%K4eT734|Vl)sl_~85%e}@yNM1I?MRn!k4
z-LugFsNEkm$_0h6-+cCjo2X*n!iY1R~o
z8tn;yCw*3{NpCqDs7R744Q!)hsu?gFpG6{G0)3D-cR4idLIGXxx1aAZjz&vhLToe5
z6ewAp;dmOtd>ure#zIvG4pnOo8+S$k>bI+_@DYTFv(0y{sc4znl9#WuS1-iG7-y1<
zs)7u#%nK-eHH!LYgU^$gu`f-?Em4utB<<3E?p1i7G^{EJhwZ5W#J#cv5VkWx54sW%FMz7XTjLEv#_
z{d_fPu*zv;!(@Hd)gt!Y!elVN$vLP
zKGrAHJ~6vi`z7a|RTtEF(`*G%^oRnFVT{#GFqrFB+MK<#r1IyT!5R(_uPP_BoqGT2
z4`d9|a`=h%@0Zb#YJy$Y^+;?L*nD@urFoi8&6D7rm77TPVGYBcQNEg^j^HnrdhzOM
zy#kE**BC}F2ZPqdCA@Us_^r2uvdzZA46#I>>Nis_tVY&IFSi7d=nXQfPliY%nflM>
zJ&ns1@zgDR_kgNsl*P<6_3O%AGTxQnc@kvf6LT?a2Zd>V
z)@|onHmrBguRQWvjsU&EL|{@qYEGD%D$m1H-_6I(e8VG$bDu)XFE|JP9Z{{gz+c1q
zdu^wt&ij1uBpXf7jrwUis0W^O`q+)2;^fR$<9Yb{JT0!_g}MQXee%dF$J6EMc2kSN
zVL_(a_CVcjxoF-=Io*#6?uCnOS8CMG7}Q^AO}!ob>Fe5hLYDzF3esGqd|cohp;<~K
zyoaAE2){Nzyng-=9U(}ThrL~F|ICEbL%C$cW6soR1pdk;ux7RV8{C9Fa8+zBKolAU
z1x_Wa+eOpSEmn)cpY@|W=erced`*f4W0g-
z8yI4{xmx8i)|g-7WY_fj#av1;f-F^$Oma-_R9p`Xkfl1?{J6@zZUmwwZf>bJAaJEoyrrL?191@_hxEW$`53Y!(V#
zIHBM(@PWL+6j=DHg8M;Mi20q4`qPEq+TGrxwxU4+S)0K-VrEr8hxvvP1|-L7W9D5^
zp48P6SjRY_tEA$r;5ytr(Sch{FBA`D$zmiTzuIGet$Ca8+K>jeAE9qi7-}A;pM&6w
z3NN9Ma=(+x9M&O+isKgBTDJzJ0jaB1d+XLNw9qaQ0qI~AlYi}2KFk@1;*wM)-8dSb
zlg=#)IFOc5spV`>I!?Js719cdOG^3HL2%_y9gp&=lTQ23O^DltgsabVKdlsSU8!)A
zWqLnjQt@-Uy5F|T(>d9mkl)dhKkvK$Mzxj$xA$t_mJ*HLmC*DMQeDm-~v_e?tjcdW!lmNlR(-gAoTzDDy
z9{TzcIBa9FZ#^C8h^oI82w3jU5(|2+VFtm;>M$21P|W{`QVkY&V9>H
z!@#?l+p)$*OdD%lSTp6ha9yfey(pf^oK&fOekY_YEvJ*f30ceD*d>Sxk!eppsvh+EOTsa<7?Ao
zV6A)F-q??^PVHc1z_ZQyROY6H^9niv%Tb!q6J9$a^QAQLvDy!$P5ieAQEX+m%ezvc
z4v>?Bu?fn89L#d^K66uZa3t7Hb^2#?=l6}3T=eM6T)MkLaXWJXx`c(yk(JQZB|%_8
zxUYW8D-DA4U&2j1O`@dcJK?b;4WI%Ez2_G?Uf!FlsIChZwMY-J)W3exF|$i;)ZJ|_
zA~?pt@T9XQl03ya?iWG)xBRe{MG8eV2D^xdRo$ew7BhBVLh!>K0`4
zXvvzX_(fusSW_Nc#>1W4q>!h6=sS
z46s6}*?JD;BcZZGnwYP{<2!f>gmp*UWBtf{nS+{wmi_^lv6^$CK&~}u*>)v@FC0Jpz`5>
zgDgh8?qwCG>x?i)+xeuX_b_;UW+gvW?~>=QzE4^N`%4O0BCh3w3;XX93`e@|3K`^n
zCAH`US3x~5!f#SNNilv?`F`yx)|ZZ;H=>38brI6=PQMGl#^cFo
zgFI6w3Wt96EdRk=lVKE{-PSTsJ*rSUW&%KpFHDM#8)z?LHh6Q
zZdO~z*PCpP92LgrbTL*Wx=N`+iJ*`UL345C<+}N2@rxtXr#f!iqcN&3ykR4@9Pw}y
z8q3!R<$^r5V*mUWz2!37XOkp$|K6vAhoDBKhknnt{i8FT$+p}45Bx4TLEQ`xx@j(f
z#+!o}5pdA4|$sc#Rw+12t8Oz}&gv+uz~j;kppBD;WV+Ycedfd)DRp%%hEKhW{~
z?JqD#WAQ9q>#GzH{5xvWij%I}UJqUE-np1A(wgpDvw7LK(Ai|OymoJ!FEITAkuys?
z5h11gtjw#QGzd=5lj*kyLqFf{bj1h8vY%$i_@CTQm3E6rJI*9y
zt$>{K!K|)-%{q8mo^h=$>*MP7LZMTt(m80380B23Y%r?V`c5`51PjWLqA1jX?!Y?
zcj3mr?a6U^3q6>)uPq*??g>gmx?hunvh=#3+Vwyow+A<-Dav6Jc27T|p44nIy|
z-dV+~p@~N{yl0ny66yi;d2=^V_qF?652D2lF1thZZf0A7blbRP6jf+zg@W1sdZo|b
z4O7MRlV6ousszi%Y-+Qc0qp;Dhrlyl5H`hpjS+vWtz2+Nji5&$`|1A3Ccoj9@51NN
zn&7tA!Bcmsdw7UhcJp6}`CApb3Fw%|xHX6{3Vg;oW_(N#LyNEEdEE0u-}Ybv*_e+O
zO1=QE_1`-zJt?h;fCnSkGdwp}-=9k=B(64Sz=fz0&vf2Ex8k62-iaqHBvg(&ONs-R
zBI|r-tWvRyoThSXA^h$cC7nU&hzn+jOCQaT_SEKUQsW#76WdD83Sq+4_tV(-C#X2h
z{>9}`kDr9e+yzFyFUblXHRdB`$e;f6YlpXK;>bK8X8q_m*
z4E+5sC0i7r?GpF%`%h29v}OnP21UrmoJUV-gLk*P$|Y2S>ZY#dZ&_#63Ze@yWYiuC
ztcs!a$_ql&RELZBT-j8F_@PdaaX}%nmwi`Na&9>GJl2%GFZQ^n**3wPDqims6QZjU
zzxZPb8-#v;p<#C25s6LtIk9a{;g*M2TTA@59gXP`Y^oiLAJeY(di`T~;bnAme479P
zC`te&K!~L-{p8D4h2yr&y?R9vRLsn4%CbZyK5jLp1RW}0d=Yx#*U}q&K2YB48!;06
zUNU|e8|63@4Nipd&AQsawLhkqk5t>Q*>^9I1N9LI{`aDH_H#6wV%ph!{1h5D*Z!J5
zCN8lO&MdOM;17c1De<}ceBt;4v{^)LH#Lw)0qTj6IE(dz1d}>#!|m>h`QQ$hlh-r%
zcs&H8gM6GbHj5%ee)WhOywv1FR*)c9gn$Z|0+`T@n-X`?0gAO~v`Kwc!PVBFvGp(4
zFO*2iHsDXr>l>3Y9C_-ONiPMG{i{Yd{In@Q@zh5UfJ_HX|JK=09a*g9@i_{{MQ4RT
zXeHDH{ZrHy|B6PN*>Q${GDgMy0f`T)bUqj^Y_8zXG>9?r2D&IcK(Z9VAsW$}0+c2Q
z0!Az-?<&X1&;(I=56IHF5+ekW1n8Q3ZUnp83j*ciy&ZN@@A3@{u-&SuzE2NHP(`%YrpM{(jBold!$UW7T#4YSgs0Ij0#P
z5?$9<$6|hvbYhrtWp!-J!9$DfT_z)vS|CAS
z{i9tm6j$#SoO-#+a3j+|HS+1g;f+QxM|~2NOI#vla7Z(~f>Giw
zhTK@NY%Xag$L&CB9yttz5wU{b>&HCGZpZ
zOCdoA9hK8RL_V1>b6>n^R^_-fUrxD@^*pfGAV
z9nz@m1_99AJLYP*##MR-XFn
zaHQEb&)B1@&1x)(%PT?44Lx(AQkn|9?MdUSN|59`;OY#AS5HoQ$f#I_^Unu8-n(;W
zbU#r|IU79gRj;Gh{;AYS=SIKt!PAt*5*B-^O-1!H2_nzY#9HFvv3Ss_CKfO*C%I2E|=E<86NK
z%mty4IZ*Z$KYh{HJfLJj;VsXGp)M}D@%Sb;5}Db~wa2E2tdv4;oMhK}ELB8LN1GdO
zj2qQEI~9WvMXQ=aMOm{H`>#jXbKyMZQE_ft7OFvMDyt%31WT~BEvb4mN_DzXFB~w5
zi?`;``*JLP2kG11EvbD;EwMsuK#b*q#hXtH>LY3oZhyf@hJw?G2)LjsRZMXLF2ZkF
z2kmsy87z#dKPlZ`O@i{@EqpwBbfT3(pr(Np*r=6t=2w?{Mx=@11i5$vCLSHT79VHX
zvcp2?iK?Sf#XnBtaw?GuUo(T`67Xo;nUmwm4!7;S+5M*1$)SV5WlT62Mi^5MVMRZj
z&C|0spg__fA}$(zirx8fiW{l0%^AECLJ#6kyQri40iu7XPo3so7&;04!6#7Jp8KGe
zMTibJ_3hYdJKhq|4@K@Ha;0Rb^6?ph2;_bpg+u|x!TQgVyiG(Tp)Pnbixf1K#f`!8
zh=BOcinM^jJbY+SB3M#tAn+h=C!9C0VZlH-;b*qGh4k%Vd^bgNw-`5~G4Ch7Vd30v
z#lq_SNCNFXrxbA`%nL!EiBKe-857P`;YDYDjegOFn}hz84B=lcI3D1`^D@zbT-U3BdV0@LS;#32`n+iV
z^I&WG?+@(h;3vrLB{1KQHGxw~lFgglw{QFUqc6#Qfc|z*emqb>7}b{3A@it9@D@UN
zujaq?`T5V75tlSHPferIc?Ssys!0VOINt({b+RgJ_#`uQ8Tt&q`K3p>+FWjmw2*|=
zNHZ>U<#eVy+H&lh4aZjU`3OqPY__WkSyLCm@_1qo3zy+<#v
z0YrLnbotpAZDMG!8KLuy9TbdDq~?#VekHXN0C<|{WJ-NSWY6;~InFc?gEBmk6&UO$
z`a7)FghRcc5R^cyo!Wmc1};u8|17IS5&J#E#)4>0^S|Uqpw4m8K)_i>kydxk_%`mD
zDlsT*0l{&K%NZpgtQGS5(Z^KzZC$sWqgXg6wXPsW+9g0kj#^UXxd?^J$nSma*=x`y
zxPfbII2g>C5$tGs8wA%y`}U+s^H;O^J!c_^`Co1TWel#kgHRcK35*0W^9J8u0$^C+
z$3IXO_&M-D-}qz