%!PS-Adobe-2.0
%%Creator: dvips 5.519 Copyright 1986, 1993 Radical Eye Software
%%Title: main.dvi
%%CreationDate: Sat May  2 11:24:55 1998
%%Pages: 42
%%PageOrder: Ascend
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: dvips -o foc3.ps main
%DVIPSSource:  TeX output 1998.05.02:1124
%%BeginProcSet: tex.pro
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
TR matrix currentmatrix dup dup 4 get round 4 exch put dup dup 5 get
round 5 exch put setmatrix}N /@landscape{/isls true N}B /@manualfeed{
statusdict /manualfeed true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0
0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn
begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N string /base X
array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N end dup{/foo
setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{/sf 1 N /fntrx
FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]N df-tail}B /E{
pop nn dup definefont setfont}B /ch-width{ch-data dup length 5 sub get}
B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128 ch-data dup
length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127 sub}B
/ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type
/stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp
0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2
index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff
ch-yoff ch-height sub ch-xoff ch-width add ch-yoff setcachedevice
ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff .1 add]{
ch-image}imagemask restore}B /D{/cc X dup type /stringtype ne{]}if nn
/base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup length 1
sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{cc 1 add D
}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin 0 0
moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul add
.99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore showpage
userdict /eop-hook known{eop-hook}if}N /@start{userdict /start-hook
known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
/IE 256 array N 0 1 255{IE S 1 string dup 0 3 index put cvn put}for
65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N /RMat[1 0 0 -1 0
0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V
{}B /RV statusdict begin /product where{pop product dup length 7 ge{0 7
getinterval dup(Display)eq exch 0 4 getinterval(NeXT)eq or}{pop false}
ifelse}{false}ifelse end{{gsave TR -.1 -.1 TR 1 1 scale rulex ruley
false RMat{BDot}imagemask grestore}}{{gsave TR -.1 -.1 TR rulex ruley
scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave
transform round exch round exch itransform moveto rulex 0 rlineto 0
ruley neg rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta
0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}
B /c{-4 M}B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{
3 M}B /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p
-1 w}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{
3 2 roll p a}B /bos{/SS save N}B /eos{SS restore}B end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 300 300
(/a/oded/PAPERS/SURVEYS/CRYPTO97/main.dvi) @start /Fa
28 122 df<E00000FFFFE0FFFFE0FFFFE0E003C0E00780000700000E00001E00001C0000
380000380000700000700000E00000E00000E00001C00001C00001C00001C00003C00003
8000038000038000038000038000038000038000131D7E9C18>55
D<03F8000FFE001FFF003E0F803803807001C07001C07001C07001C03803803C07801FFF
0007FC000FFE001F1F003C07807001C0F001E0E000E0E000E0E000E0E000E07001C07803
C03E0F801FFF000FFE0003F800131C7E9B18>I<03F0000FFC001FFE003C0F0078078070
0380E001C0E001C0E001C0E001E0E001E07001E07803E03C0FE01FFFE00FFEE003F0E000
00E00001C00001C00001C0300380780780780F00783E003FFC001FF00007C000131C7E9B
18>I<FFFC00FFFF00FFFF801C03C01C01C01C00E01C00E01C00E01C00E01C01E01C01C0
1C07C01FFF801FFF001FFFC01C03C01C00E01C00F01C00701C00701C00701C00701C00F0
1C00E01C03E0FFFFC0FFFF80FFFE00141C7F9B18>66 D<7FFF00FFFF807FFF0001C00001
C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001
C00001C00001C00001C00001C00001C00001C00001C00001C0007FFF00FFFF807FFF0011
1C7D9B18>73 D<7F07F0FF87F87F07F01C03C01C07801C07001C0E001C1E001C3C001C38
001C70001CF0001DF0001DF0001FB8001FB8001F1C001E1C001C0E001C0E001C07001C07
001C03801C03801C01C07F03F0FF87F87F03F0151C7F9B18>75 D<0FF8003FFE007FFF00
780F00700700F00780E00380E00380E00380E00380E00380E00380E00380E00380E00380
E00380E00380E00380E00380E00380E00380E00380F00780700700780F007FFF003FFE00
0FF800111C7D9B18>79 D<FFFE00FFFF80FFFFC01C03C01C01E01C00E01C00701C00701C
00701C00701C00701C00E01C01E01C03C01FFFC01FFF801FFE001C00001C00001C00001C
00001C00001C00001C00001C0000FF8000FF8000FF8000141C7F9B18>I<03F3801FFF80
3FFF807C0F80700780E00380E00380E00380E000007000007800003F00001FF00007FE00
00FF00000F800003C00001C00000E00000E06000E0E000E0E001E0F001C0F80780FFFF80
FFFE00E7F800131C7E9B18>83 D<1FE0003FF8007FFC00781E00300E0000070000070000
FF0007FF001FFF007F0700780700E00700E00700E00700F00F00781F003FFFF01FFBF007
E1F014147D9318>97 D<01FE0007FF001FFF803E0780380300700000700000E00000E000
00E00000E00000E00000E000007000007001C03801C03E03C01FFF8007FF0001FC001214
7D9318>99 D<001F80003F80001F8000038000038000038000038000038003E3800FFB80
1FFF803C1F80380F80700780700380E00380E00380E00380E00380E00380E00380700780
700780380F803C1F801FFFF00FFBF803E3F0151C7E9B18>I<01F00007FC001FFE003E0F
00380780700380700380E001C0E001C0FFFFC0FFFFC0FFFFC0E000007000007001C03801
C03E03C01FFF8007FF0001FC0012147D9318>I<001F80007FC000FFE000E1E001C0C001
C00001C00001C0007FFFC0FFFFC0FFFFC001C00001C00001C00001C00001C00001C00001
C00001C00001C00001C00001C00001C00001C00001C0007FFF007FFF007FFF00131C7F9B
18>I<01E1F007FFF80FFFF81E1E301C0E003807003807003807003807003807001C0E00
1E1E001FFC001FF80039E0003800001C00001FFE001FFFC03FFFE07801F0700070E00038
E00038E00038E000387800F07E03F01FFFC00FFF8001FC00151F7F9318>I<7E0000FE00
007E00000E00000E00000E00000E00000E00000E3E000EFF800FFFC00FC1C00F80E00F00
E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E07FC3
FCFFE7FE7FC3FC171C809B18>I<03800007C00007C00007C00003800000000000000000
00000000007FC000FFC0007FC00001C00001C00001C00001C00001C00001C00001C00001
C00001C00001C00001C00001C00001C00001C000FFFF00FFFF80FFFF00111D7C9C18>I<
7FE000FFE0007FE00000E00000E00000E00000E00000E00000E00000E00000E00000E000
00E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E000
00E0007FFFC0FFFFE07FFFC0131C7E9B18>108 D<7CE0E000FFFBF8007FFFF8001F1F1C
001E1E1C001E1E1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C
001C1C1C001C1C1C001C1C1C001C1C1C007F1F1F00FFBFBF807F1F1F001914819318>I<
7E3E00FEFF807FFFC00FC1C00F80E00F00E00E00E00E00E00E00E00E00E00E00E00E00E0
0E00E00E00E00E00E00E00E00E00E07FC3FCFFE7FE7FC3FC1714809318>I<01F0000FFE
001FFF003E0F803803807001C07001C0E000E0E000E0E000E0E000E0E000E0F001E07001
C07803C03C07803E0F801FFF000FFE0001F00013147E9318>I<7E3E00FEFF807FFFC00F
C1E00F80E00F00700E00700E00380E00380E00380E00380E00380E00380F00700F00700F
80E00FC1E00FFFC00EFF800E3E000E00000E00000E00000E00000E00000E00000E00007F
C000FFE0007FC000151E809318>I<7F87E0FF9FF07FBFF803F87803F03003E00003C000
03C0000380000380000380000380000380000380000380000380000380007FFE00FFFF00
7FFE0015147F9318>114 D<07F7003FFF007FFF00780F00E00700E00700E007007C0000
7FE0001FFC0003FE00001F00600780E00380E00380F00380F80F00FFFF00FFFC00E7F000
11147D9318>I<0180000380000380000380000380007FFFC0FFFFC0FFFFC00380000380
000380000380000380000380000380000380000380000380400380E00380E00380E001C1
C001FFC000FF80003E0013197F9818>I<7E07E0FE0FE07E07E00E00E00E00E00E00E00E
00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E01E00F03E007FFFC03
FFFE01FCFC1714809318>I<FF8FF8FF8FF8FF8FF83800E03800E03800E01C01C01C01C0
1C71C01CF9C01CF9C01CD9C01CD9C00DDD800DDD800DDD800D8D800F8F800F8F80070700
15147F9318>119 D<7F8FF0FF8FF87F8FF00E01C00E03800E0380070380070700070700
038700038600038E0001CE0001CE0000CC0000CC0000DC00007800007800007800007000
00700000700000F00000E00079E0007BC0007F80003F00001E0000151E7F9318>121
D E /Fb 1 118 df<FC7C3010301030103010301030103010301030101020186007800E
0D808C0F>117 D E /Fc 1 118 df<FF81FC1C00701C00201C00201C00201C00201C0020
1C00201C00201C00201C00201C00201C00201C00201C00200E004006008003830000FC00
1613809217>117 D E /Fd 20 122 df<FFF0FFF0FFF00C0380890F>45
D<78FCFCFCFC78000000000078FCFCFCFC7806117D900C>58 D<0FF0001C3C003E1E003E
0E003E0F001C0F00000F0000FF000FCF003E0F007C0F00F80F00F80F00F80F00F817007C
27E01FC3E013117F9015>97 D<FE0000FE00001E00001E00001E00001E00001E00001E00
001E00001E7F001FC3C01F00E01E00F01E00781E00781E007C1E007C1E007C1E007C1E00
7C1E00781E00781E00F01F00E01D83C0187F00161A7F9919>I<03FC000F0E001C1F003C
1F00781F00780E00F80000F80000F80000F80000F800007800007800003C01801C03000F
060003FC0011117F9014>I<000FE0000FE00001E00001E00001E00001E00001E00001E0
0001E003F9E00F07E01C03E03C01E07801E07801E0F801E0F801E0F801E0F801E0F801E0
7801E07801E03C01E01C03E00F0DFC03F9FC161A7F9919>I<03F0000E1C001C0E003C07
00780700780780F80780F80780FFFF80F80000F800007800007800003C01801C03000E06
0003FC0011117F9014>I<1C003E003E003E003E001C0000000000000000007E007E001E
001E001E001E001E001E001E001E001E001E001E001E001E00FF80FF80091B7F9A0D>
105 D<FE0000FE00001E00001E00001E00001E00001E00001E00001E00001E0FF01E0FF0
1E07001E0E001E1C001E30001E60001FF0001FF8001F3C001E1C001E0E001E0F001E0780
1E0380FFC7F8FFC7F8151A7F9917>107 D<FE00FE001E001E001E001E001E001E001E00
1E001E001E001E001E001E001E001E001E001E001E001E001E001E001E00FFC0FFC00A1A
7F990D>I<FE1F01F000FE63C63C001E81C81C001F01F01E001F01F01E001E01E01E001E
01E01E001E01E01E001E01E01E001E01E01E001E01E01E001E01E01E001E01E01E001E01
E01E001E01E01E00FFCFFCFFC0FFCFFCFFC022117F9025>I<FE1F00FE63C01E81C01F01
E01F01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E0FFCF
FCFFCFFC16117F9019>I<03F8000E0E003C07803803807803C07803C0F803E0F803E0F8
03E0F803E0F803E0F803E07803C07C07C03C07800E0E0003F80013117F9016>I<FE7F00
FFC3C01F01E01E00F01E00F81E00781E007C1E007C1E007C1E007C1E007C1E00781E00F8
1E00F01F01E01F83C01E7F001E00001E00001E00001E00001E0000FFC000FFC00016187F
9019>I<FC78FC9C1D3E1D3E1E3E1E1C1E001E001E001E001E001E001E001E001E00FFC0
FFC00F117F9012>114 D<1FB020704030C030C030F000FF807FE03FF807F8003CC00CC0
0CE00CE008F830CFE00E117F9011>I<06000600060006000E000E001E003FF0FFF01E00
1E001E001E001E001E001E001E001E181E181E181E181E180F3003E00D187F9711>I<FE
0FE0FE0FE01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E01E
01E01E03E01E03E00F05FC03F9FC16117F9019>I<FF03F0FF03F01E01801E01801F0380
0F03000F070007860007860003CC0003CC0001F80001F80001F80000F00000F000006000
14117F9017>I<FF03F0FF03F01E01801E01801F03800F03000F070007860007860003CC
0003CC0001FC0001F80001F80000F00000F00000600000600070C000F8C000F9C000F980
007300003C000014187F9017>121 D E /Fe 5 111 df<07FE1FFE386060606020C060C0
60C06040C061801E000F0B7E8A12>27 D<0FF00180018003000300030003000600060006
0006000C010C010C020C06180EFFFC10117E9015>76 D<00780018001800300030003007
3018E0306060606060C0C0C0C0C0C841C862D03C700D117E9010>100
D<040C0000000000705898983030606464683006127E910B>105
D<71F09A189C18981818183030303030323062606460380F0B7E8A13>110
D E /Ff 3 107 df<FFFEFFFE0F027D8516>0 D<0C000C00EDC07F801E007F80EDC00C00
0C000A097E890F>3 D<C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C002157C8F0A>
106 D E /Fg 2 116 df<0300068004800C80090019001A001C00380030003000D00010
800F00090E7F8D0C>96 D<3E4342703C06C2847808097D880E>115
D E /Fh 1 79 df<FF803F8010400A00084004000C2004000A1004000A08040009080400
088404000842040008410400082104000810840008084400080824000804240008021400
08010C000800840008008400080044000800240008001400140014007F000C0000000400
1919809712>78 D E /Fi 11 107 df<60F0F06004047D8A0B>1
D<007F00000188C000060830000808080010080400200802002008020040080100400801
00800800808008008080080080FFFFFF8080080080800800808008008080080080400801
004008010020080200200802001008040008080800060830000188C000007F0000191A7E
951E>8 D<FFFFFF807FFFFF800000000000000000000000000000000000000000000000
00FFFFFF80FFFFFF800000000000000000000000000000000000000000000000007FFFFF
80FFFFFF8019127E911E>17 D<00000600001E0000780001E0000780001E0000780001E0
000780001E0000780000E000007800001E000007800001E000007800001E000007800001
E000007800001E0000060000000000000000000000000000000000007FFFFCFFFFFE171F
7D971E>20 D<0400000004000000080000001000000020000000FFFFFFFFFFFFFFFF2000
000010000000080000000400000004000000200C7D8E26>32 D<007FE003FFE00780000C
0000180000300000300000600000600000C00000C00000FFFFE0FFFFE0C00000C0000060
00006000003000003000001800000C000007800003FFE0007FE013187D941A>50
D<0181F00787F80F98FC07B07C07E03C07C03807C0380F80700F80400F01800F0E000F3F
C00E7FE01E03F01E01F81C00F81C00783C00783C00783800703800707000E0730080F783
00EFFC0087F000161A7E9919>66 D<00FFF80003FFFE000C787F8030781F80707807C0E0
7807C0C07003C0007003C000F0038000F0038000F0070000E0060000E00C0001E0180001
E0300001C0C00001DF000003FC000003800000038000000780000007000000070000000F
0000000E0000000C000000180000001A1B7E991B>80 D<007001C0038007000700070007
000700070007000700070007000700070007000E001C00F0001C000E0007000700070007
00070007000700070007000700070007000700038001C000700C257D9B13>102
D<F0001C000E000700070007000700070007000700070007000700070007000700038001
C0007001C0038007000700070007000700070007000700070007000700070007000E001C
00F0000C257D9B13>I<C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C002257C9B0B>106 D E /Fj 23 123 df<03F00E0018003800
70007000FF80E000E000E000E000E0006000600030400F800C107E8F10>15
D<03FFE007FFE00FFFC01C3C00381C00701C00601C00E01C00E01C00E01C00C03800C038
00C0700060600061C0001F000013107E8F16>27 D<000400000400000800000800000800
00080000100000100000100000100000FC000727000C21801821803041C07041C06041C0
E041C0E081C0E08180E08380E08300610600610C003938000FC000020000020000020000
02000004000004000004000012217E9917>30 D<60F0F06004047D830B>58
D<60F0F07010101020204080040B7D830B>I<0004000C00180018001800300030003000
600060006000C000C000C00180018001800300030003000600060006000C000C000C0018
0018001800300030003000600060006000C000C0000E257E9B13>61
D<01FFC000380000380000380000700000700000700000700000E00000E00000E00000E0
0001C00001C00001C00001C0000380000380080380080380100700100700300700200700
600E01C0FFFFC0151A7E991A>76 D<01F803FC003C00E0003C0040003C0040004E008000
4E0080004E008000470080008701000083010000838100008381000101C2000101C20001
01C2000100E2000200E4000200E40002007400020074000400780004003800040038000C
0038001C001000FF8010001E1A7E991F>78 D<000FE0000038380000E00E0001C0070007
0007000F0003800E0003801C0003803C0003C0380003C0780003C0780003C0F0000780F0
000780F0000780F0000F00F0000F00F0000E00F0001E00F0003C00700038007000700038
00E0001C03C0000E0F000003F800001A1A7E991D>I<01FFF80000381E00003807000038
07800070078000700780007007800070078000E00F0000E00E0000E01C0000E0700001FF
C00001C0C00001C0600001C07000038070000380700003807000038070000700F0000700
F0000700F0400700F0800E007980FFE01E001A1A7E991D>82 D<3FFFFF80380E0180200E
0080400E0080401C0080801C0080801C0080801C00800038000000380000003800000038
00000070000000700000007000000070000000E0000000E0000000E0000000E0000001C0
000001C0000001C0000001C0000003C000007FFE0000191A7F9916>84
D<001C0024006200C200C401840184038803080710071007200E200E400E800F000E000C
001C001C002C004C008C040C08063003C00F1A809910>96 D<003F000700070007000E00
0E000E000E001C001C039C0C5C1838383830387038E070E070E070E070C0E2C0E2C0E2E1
E262643C38101A7E9914>100 D<00E60317060E0E0E0C0E1C0E381C381C381C381C3038
30383038387818F00F700070007000E060E0E1C0C3807E0010177F8F12>103
D<03000380030000000000000000000000000000003C004E004E008E008E009C001C001C
0038003800390071007100720072003C00091A7E990D>105 D<383C004CC6008F07008E
07008E07008E07001C0E001C0E001C0E001C1C00381C40381C4038384038388070190030
0E0012107E8F17>110 D<070F0009918011E1C011C0C011C0C011C0C00381C00381C003
81C00381C00703800703000707000706000E8C000E70000E00000E00001C00001C00001C
00001C0000FF00001217818F13>112 D<03840C5C1838383830387038E070E070E070E0
70C0E0C0E0C0E0E1E063C03DC001C001C003800380038003803FE00E177E8F11>I<3870
4D988F388E188E008E001C001C001C001C003800380038003800700030000D107E8F11>
I<03E006180818183818301C001FC00FE007F000700030E030E030806040C03F000D107E
8F12>I<0F1E11A321E741C341C041C0038003800380038007020702C702EB04CB0870F0
10107E8F16>120 D<1C062607470E870E8E0E8E0E0E1C1C1C1C1C1C1C38383838383818
381C700FF00070006060E0E0C0C18043003C0010177E8F13>I<03020F840FFC10081010
002000400180030004000808100820187FF043E081C00F107E8F12>I
E /Fk 13 121 df<03C0000C2080183080301900601900601A00601A00C01C00C0180040
180060380020CD001F0600110D7E8C16>11 D<03FE0FFE18603030603060306030C060C0
60C0C0408023001E000F0D7E8C13>27 D<000100000300000700000780000B80001B8000
13800023800023800043800083800083C00101C003FFC00201C00401C00401C00801C018
01E0FE07F815147F9319>65 D<07FFE000E03801C01801C01C01C01C01C01C0380380380
700380E003FFC00700E00700700700300700380E00700E00700E00E00E00E01C0380FFFE
0016147F9319>I<07E01FC000E0060001700400017004000138040001380400021C0800
021C0800020E0800020E0800040710000407100004039000040390000801E0000801E000
0800E0000800E00018004000FE0040001A147F931A>78 D<00F880030580060300040100
0C01000C01000C00000E00000FE00007F80001FC00001C00000E00000E00400C00400C00
400800601800D020008FC00011147E9314>83 D<006001A0012003200220062004400C40
0C800D0019001A001C0018001800380058009810086007800C1480930E>96
D<007C000C0018001800180018003007B00C7010703060606060606060C0C0C0C8C0C841
C862D03C700E147E9311>100 D<06070600000000384C4C8C9818183032626264380814
7F930C>105 D<30F8590C4E0C9C0C980C180C180C30183019303130316032601C100D7F
8C15>110 D<0C78168C130426062606060606060C0C0C0C0C080C101A2019C018001800
300030003000FC000F13818C11>112 D<0700188019C0318038001E000F0003804180E1
80C10082007C000A0D7E8C10>115 D<0E3C13CE238E430C43000300030006000608C608
E610CA2071C00F0D7F8C13>120 D E /Fl 6 113 df<FFFFC0FFFFC012027D871A>0
D<040004000400C460E4E03F800E003F80E4E0C4600400040004000B0D7E8D11>3
D<040E0E1C1C1C38383070706060C0C0070F7F8F0A>48 D<03FC0FFC1C00300060006000
6000C000C000FFFCFFFCC000C00060006000600030001C000FFC03FC0E147D9016>50
D<C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0021D7D950A>
106 D<00000040000000C000000180000001800000030000000300000006000000060000
000C000000180000001800000030000000300000006000000060003000C000D800C00018
0180000C0180000C0300000603000006060000030C0000030C0000019800000198000000
F0000000F0000000600000006000001A1E7F811B>112 D E /Fm
6 53 df<04081030206040C0C0C0C0C0C0C0C04060203010080406167D8F0B>40
D<804020301018080C0C0C0C0C0C0C0C0818103020408006167E8F0B>I<18F818181818
181818181818FF080D7D8C0E>49 D<3E00418080C0C0C000C000C0018003000400084030
407F80FF800A0D7E8C0E>I<3E0041806180018003001E00018000C000C0C0C0C0C04180
3E000A0D7E8C0E>I<0300070007000B00130023006300C300FFC00300030003001FC00A
0D7E8C0E>I E /Fn 15 113 df<FFFFFFC0FFFFFFC01A027C8B23>0
D<70F8F8F87005057C8D0D>I<003FC00000C2300003020C000402020008020100100200
801002008020020040400200204002002040020020800200108002001080020010800200
10FFFFFFF080020010800200108002001080020010800200104002002040020020400200
20200200401002008010020080080201000402020003020C0000C23000003FC0001C207D
9A23>8 D<03C00FF01FF83FFC7FFE7FFEFFFFFFFFFFFFFFFFFFFFFFFF7FFE7FFE3FFC1F
F80FF003C010127D9317>15 D<07C000101FE000103FF0001078380010601E0030C00F00
30C00780608001C1E08000FFC080007F8080003E001C0B7D9023>24
D<0000000400000000020000000002000000000100000000008000000000400000000020
FFFFFFFFFCFFFFFFFFFC0000000020000000004000000000800000000100000000020000
00000200000000040026107D922D>33 D<003FF800FFF803C0000700000C000018000030
0000300000600000600000C00000C00000C00000FFFFF8FFFFF8C00000C00000C0000060
00006000003000003000001800000C000007000003C00000FFF8003FF8151C7C981E>50
D<C0C0C0C0C0C0C0E0E0C0C0C0C0C0C0C003107D9200>55 D<400001C000036000066000
0660000630000C30000C30000C1800181800181800180FFFF00FFFF00C00300600600600
600600600300C00300C001818001818001818000C30000C30000C3000066000066000066
00003C00003C00003C000018000018001821809F19>I<0000000000F80000000003F000
00000007F00000C0000FF00001C0000E000003E00018000003E00010000003E000100000
03E00020000007F00020000007F00020000004F00020000004F80040000004F800400000
047800400000087800800000087C00800000087C00800000083C00800000103E01000000
103E01000000101E01000000101F01000000201F02000000200F02000000200F82000000
400F820000004007C40000004007C40000008003C40000008003E40000010003EC000063
0001F80000FE0001F80000FE0000F00000FC00006000007800000000002D2581A225>78
D<003FFFC001FFFFF0071E03FC081E00FE181E003E701E001F701E001FC01E000F001C00
0F001C000F003C000E003C000E003C001C0038001C003800380078003000780040007000
800070030000F01C0000F3F00000E7800000E0000001E0000001C0000001C0000003C000
00038000000380000007000000070000000E0000000C00000020217F9E20>80
D<000F0038006000E001C001C001C001C001C001C001C001C001C001C001C001C001C001
C001C0038007001E00F8001E000700038001C001C001C001C001C001C001C001C001C001
C001C001C001C001C001C000E000600038000F102D7DA117>102
D<F8001E000700038001C001C001C001C001C001C001C001C001C001C001C001C001C001
C001C000E000600038000F0038006000E001C001C001C001C001C001C001C001C001C001
C001C001C001C001C001C0038007001E00F800102D7DA117>I<C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C002
2D7BA10D>106 D<00000000080000000018000000003000000000300000000060000000
006000000000C000000000C0000000018000000001800000000300000000030000000006
0000000006000000000C000000000C000000001800000000180000000030000000003000
00000060000000006000000000C000060000C0001E000180002F000180004F0003000087
80030000078006000003C006000003C00C000003C00C000001E018000001E018000000F0
30000000F030000000786000000078600000003CC00000003CC00000001F800000001F80
0000000F000000000F00000000060000000006000000252E7E8126>112
D E /Fo 1 79 df<FFE003FFFFF003FF38300070181800301C0C00301E0600301B060030
1B0300301981803018C0C0301860C030186060301830303018183030180C1830180C0C30
180606301803063018030330180181B01800C0F0180060F0180060701800303018001830
18000C3018000C301800063018000330180001B0180001B01C0000F0FFC00070FFC00030
0000001020237DA123>78 D E /Fp 14 122 df<001800001800001800003C00003C0000
4E00004E00004E000087000087000187800103800103800201C00201C003FFC00400E004
00E00800700800701800703C0078FE01FF18177F961C>97 D<FFFC001C07001C07801C03
801C03C01C03C01C03C01C03C01C03801C07001FFE001FFF001C03801C03C01C01E01C01
E01C01E01C01E01C01E01C01C01C03C01C0780FFFE0013177D961A>I<007E0803819807
00780C00381C0018380018780008700008F00000F00000F00000F00000F00000F00000F0
00007000087800083800081C00100C0010070060038180007E0015177E961B>I<FFFC00
1C07001C03801C01C01C00E01C00E01C00701C00701C00781C00781C00781C00781C0078
1C00781C00781C00701C00701C00F01C00E01C01C01C03801C0700FFFC0015177D961C>
I<FFFF801C03801C01801C00801C00C01C00401C00401C10401C10001C10001C30001FF0
001C30001C10001C10201C10201C00201C00601C00401C00401C00C01C01C0FFFFC01317
7D9619>I<FFFF001C07001C01001C01001C01801C00801C00801C20801C20001C20001C
60001FE0001C60001C20001C20001C20001C00001C00001C00001C00001C00001C0000FF
C00011177D9618>I<FF801C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C00FF8009177E960E>105
D<FFC01C001C001C001C001C001C001C001C001C001C001C001C001C001C011C011C011C
011C031C021C061C0EFFFE10177D9617>108 D<FC001FC01C001E001C001E0016002E00
16002E0016002E0013004E0013004E0013004E0011808E0011808E0010C10E0010C10E00
10C10E0010620E0010620E0010620E0010340E0010340E0010340E0010180E0038180E00
FE187FC01A177D9622>I<FC07F01C01C01E008017008017008013808011808011C08010
E08010E080107080107080103880101C80101C80100E80100E8010078010038010038010
0180380180FE008014177D961C>I<00FE000383800E00E01C00703C007838003878003C
70001CF0001EF0001EF0001EF0001EF0001EF0001EF0001E70001C78003C3800383C0078
1C00700E00E003838000FE0017177E961D>I<0F84306C601C400CC004C004C004E00070
007F003FE01FF801FC001C000E0006800680068006C004E008D81087E00F177E9615>
115 D<7FFFFC70381C403804403804C03806803802803802803802003800003800003800
003800003800003800003800003800003800003800003800003800003800007C0007FFC0
17177F961B>I<FF803F803E001C001E0018000E00100007003000078020000380400001
C0400001E0800000F1800000710000007A0000003E0000001C0000001C0000001C000000
1C0000001C0000001C0000001C0000001C0000001C000000FF800019177F961C>121
D E /Fq 17 118 df<FFFFFFFFFF800000FFFFFFFFFFF80000FFFFFFFFFFFF0000FFFFFF
FFFFFF8000007FE00003FFE000007FE00000FFF000007FE000003FF800007FE000001FFC
00007FE000001FFC00007FE000000FFE00007FE000000FFE00007FE000000FFF00007FE0
000007FF00007FE0000007FF00007FE0000007FF00007FE0000007FF00007FE0000007FF
00007FE0000007FF00007FE000000FFE00007FE000000FFE00007FE000000FFE00007FE0
00001FFC00007FE000003FF800007FE000007FF000007FE00000FFE000007FE00001FFC0
00007FE0000FFF0000007FFFFFFFFC0000007FFFFFFFFC0000007FFFFFFFFF8000007FE0
0000FFE000007FE000003FF800007FE000000FFC00007FE000000FFE00007FE0000007FF
00007FE0000003FF80007FE0000003FF80007FE0000001FFC0007FE0000001FFC0007FE0
000001FFE0007FE0000001FFE0007FE0000001FFE0007FE0000001FFE0007FE0000001FF
E0007FE0000001FFE0007FE0000001FFE0007FE0000001FFE0007FE0000001FFC0007FE0
000003FFC0007FE0000003FF80007FE0000007FF80007FE000000FFF00007FE000001FFE
00007FE000007FFC00007FE00001FFF800FFFFFFFFFFFFF000FFFFFFFFFFFFC000FFFFFF
FFFFFF0000FFFFFFFFFFF000003B3B7CBA45>66 D<0000001FFE000060000003FFFFE000
E000001FFFFFF801E000007FFFFFFE03E00001FFFC00FF07E00007FFC0001FCFE0000FFF
000007FFE0001FFC000001FFE0003FF0000000FFE0007FE00000007FE000FFC00000003F
E001FF800000001FE003FF000000000FE007FF000000000FE00FFE0000000007E00FFE00
00000007E01FFC0000000003E01FFC0000000003E03FF80000000003E03FF80000000001
E03FF80000000001E07FF80000000001E07FF80000000001E07FF00000000000007FF000
0000000000FFF0000000000000FFF0000000000000FFF0000000000000FFF00000000000
00FFF0000000000000FFF0000000000000FFF0000000000000FFF0000000000000FFF000
0000000000FFF0000000000000FFF00000000000007FF00000000000007FF00000000000
007FF80000000000007FF80000000001E03FF80000000001E03FF80000000001E03FF800
00000001E01FFC0000000001E01FFC0000000003C00FFE0000000003C00FFE0000000003
C007FF00000000078003FF00000000078001FF800000000F0000FFC00000001F00007FE0
0000003E00003FF00000007C00001FFC000000F800000FFF000003F0000007FFC0000FE0
000001FFFC007F800000007FFFFFFF000000001FFFFFFC0000000003FFFFE00000000000
1FFE0000003B3D7BBB46>I<3FFFFFFFFFFFFFC03FFFFFFFFFFFFFC03FFFFFFFFFFFFFC0
3FFFFFFFFFFFFFC03FF8007FF001FFC07FC0007FF0003FE07F80007FF0001FE07F00007F
F0000FE07E00007FF00007E07C00007FF00003E07C00007FF00003E07C00007FF00003E0
7800007FF00001E07800007FF00001E07800007FF00001E07800007FF00001E0F000007F
F00000F0F000007FF00000F0F000007FF00000F0F000007FF00000F0F000007FF00000F0
0000007FF00000000000007FF00000000000007FF00000000000007FF00000000000007F
F00000000000007FF00000000000007FF00000000000007FF00000000000007FF0000000
0000007FF00000000000007FF00000000000007FF00000000000007FF00000000000007F
F00000000000007FF00000000000007FF00000000000007FF00000000000007FF0000000
0000007FF00000000000007FF00000000000007FF00000000000007FF00000000000007F
F00000000000007FF00000000000007FF00000000000007FF00000000000007FF0000000
0000007FF00000000000007FF00000000000007FF00000000000007FF00000000000007F
F00000000000007FF0000000000FFFFFFFFF8000000FFFFFFFFF8000000FFFFFFFFF8000
000FFFFFFFFF80003C3A7DB943>84 D<FFFFFFF8001FFFFF80FFFFFFF8001FFFFF80FFFF
FFF8001FFFFF80FFFFFFF8001FFFFF80007FF00000001F8000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000007FF00000000F0000007FF00000000F0000007F
F00000000F0000007FF00000000F0000003FF00000001E0000003FF00000001E0000003F
F80000001E0000001FF80000003C0000001FF80000003C0000000FFC0000007800000007
FC000000F800000007FE000001F000000003FF000003F000000001FF800007E000000000
FFE0001FC0000000003FFC01FF80000000001FFFFFFE000000000007FFFFF80000000000
00FFFFE00000000000000FFE00000000413C7CBA4A>I<003FFE00000001FFFFE0000007
FFFFF800000FE007FC00000FF001FE00001FF800FF00001FF8007F80001FF8007FC0001F
F8003FC0000FF0003FE00007E0003FE00003C0003FE0000000003FE0000000003FE00000
00003FE0000000003FE0000000FFFFE000001FFFFFE000007FF83FE00003FF803FE00007
FC003FE0000FF0003FE0001FE0003FE0003FE0003FE0007FC0003FE0007FC0003FE000FF
80003FE000FF80003FE000FF80003FE000FF80003FE000FF80007FE0007FC0007FE0007F
C000DFE0003FE0039FF0001FF80F0FFFE007FFFE0FFFE001FFF807FFE0003FE000FFE02B
267DA52F>97 D<0001FFF000000FFFFE00003FFFFF8000FF801FC001FE003FC003FC007F
E007F8007FE00FF0007FE01FF0007FE03FE0003FC03FE0001F807FE0000F007FC0000000
7FC00000007FC0000000FFC0000000FFC0000000FFC0000000FFC0000000FFC0000000FF
C0000000FFC0000000FFC00000007FC00000007FC00000007FE00000007FE00000003FE0
0000003FF00000F01FF00000F00FF80001E007F80001E003FC0003C001FF000F8000FFC0
3F00003FFFFE00000FFFF8000001FFC00024267DA52B>99 D<000000003F800000003FFF
800000003FFF800000003FFF800000003FFF8000000001FF8000000000FF8000000000FF
8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF
8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF8000000000FF
8000000000FF8000000000FF800000FF80FF80000FFFF0FF80003FFFFCFF8000FFC03FFF
8001FE000FFF8003FC0003FF8007F80001FF800FF00000FF801FF00000FF803FE00000FF
803FE00000FF807FE00000FF807FC00000FF807FC00000FF807FC00000FF80FFC00000FF
80FFC00000FF80FFC00000FF80FFC00000FF80FFC00000FF80FFC00000FF80FFC00000FF
80FFC00000FF80FFC00000FF807FC00000FF807FC00000FF807FC00000FF803FE00000FF
803FE00000FF801FE00000FF800FF00001FF8007F00003FF8003F80007FF8001FE001FFF
C000FF807EFFFE007FFFF8FFFE000FFFE0FFFE0001FF00FFFE2F3C7DBB36>I<0001FF80
00000FFFF000003FFFFC0000FF81FE0003FE007F8007F8003F800FF8001FC00FF0000FE0
1FE0000FE03FE0000FF03FE00007F07FC00007F07FC00007F87FC00007F8FFC00007F8FF
C00007F8FFFFFFFFF8FFFFFFFFF8FFFFFFFFF8FFC0000000FFC0000000FFC0000000FFC0
0000007FC00000007FC00000007FC00000003FE00000003FE00000781FE00000781FF000
00780FF00000F007F80001F003FC0003E001FE000FC000FFC07F80003FFFFE00000FFFF8
000000FFC00025267DA52C>I<000000001F000007FE00FF80003FFFC1FFC000FFFFF3C7
E001FE07FF0FE003F801FC0FE007F000FE0FE00FF000FF07C01FE0007F83801FE0007F80
003FE0007FC0003FE0007FC0003FE0007FC0003FE0007FC0003FE0007FC0003FE0007FC0
003FE0007FC0001FE0007F80001FE0007F80000FF000FF000007F000FE000003F801FC00
0001FE07F8000003FFFFF00000073FFFC000000607FE0000000E00000000000E00000000
000F00000000000F00000000000F80000000000FC0000000000FFFFFF800000FFFFFFF80
0007FFFFFFE00007FFFFFFF00003FFFFFFF80001FFFFFFFC0003FFFFFFFE000FFFFFFFFF
001FC0000FFF003F000000FF007F0000007F80FE0000003F80FE0000003F80FE0000003F
80FE0000003F80FE0000003F807F0000007F007F0000007F003F800000FE001FC00001FC
000FF00007F80007FE003FF00001FFFFFFC000007FFFFF00000007FFF000002B397DA630
>103 D<01E00007F80007FC000FFE000FFE001FFE001FFE000FFE000FFE0007FC0007F8
0001E0000000000000000000000000000000000000000000000000000000000000000000
0000FE00FFFE00FFFE00FFFE00FFFE0007FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE00FFFFF0FFFF
F0FFFFF0FFFFF0143D7DBC1A>105 D<00FE00FFFE00FFFE00FFFE00FFFE0007FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE0003FE
0003FE00FFFFF8FFFFF8FFFFF8FFFFF8153C7DBB1A>108 D<01FC007FC0000FF80000FF
FC03FFF8007FFF0000FFFC0FFFFC01FFFF8000FFFC1F03FE03E07FC000FFFC3800FF0700
1FE00007FC7000FF8E001FF00003FCC0007F98000FF00003FDC0007FF8000FF80003FD80
007FF0000FF80003FF00007FE0000FF80003FF00007FE0000FF80003FF00007FE0000FF8
0003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007F
C0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003
FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC000
0FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00
007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF8
0003FE00007FC0000FF80003FE00007FC0000FF80003FE00007FC0000FF80003FE00007F
C0000FF800FFFFF81FFFFF03FFFFE0FFFFF81FFFFF03FFFFE0FFFFF81FFFFF03FFFFE0FF
FFF81FFFFF03FFFFE04B267CA552>I<01FC00FF8000FFFC03FFF000FFFC0FFFF800FFFC
1E03FC00FFFC3801FE0007FC6001FF0003FCC000FF0003FDC000FF8003FD8000FF8003FF
0000FF8003FF0000FF8003FF0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE
0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE
0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE
0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE
0000FF80FFFFF83FFFFEFFFFF83FFFFEFFFFF83FFFFEFFFFF83FFFFE2F267CA536>I<00
01FFC00000000FFFF80000007FFFFF000000FF80FF800003FE003FE00007F8000FF0000F
F00007F8000FF00007F8001FE00003FC003FE00003FE003FE00003FE007FC00001FF007F
C00001FF007FC00001FF007FC00001FF00FFC00001FF80FFC00001FF80FFC00001FF80FF
C00001FF80FFC00001FF80FFC00001FF80FFC00001FF80FFC00001FF80FFC00001FF807F
C00001FF007FC00001FF007FC00001FF003FE00003FE003FE00003FE001FE00003FC001F
F00007FC000FF00007F80007F8000FF00003FE003FE00000FF80FF8000007FFFFF000000
0FFFF800000001FFC0000029267DA530>I<003FF07003FFFEF007FFFFF01FC01FF03F00
03F03E0001F07C0001F07C0000F0FC0000F0FC0000F0FE0000F0FF000000FFC00000FFFC
00007FFFF0003FFFFE003FFFFF801FFFFFC00FFFFFE003FFFFF000FFFFF8001FFFFC0000
7FFC000007FE700001FEF00000FEF000007EF800007EF800007EFC00007EFC00007CFE00
00FCFF0000F8FF8001F0FFF00FE0F9FFFFC0F07FFF00C01FF8001F267DA526>115
D<000F0000000F0000000F0000000F0000000F0000001F0000001F0000001F0000001F00
00003F0000003F0000007F0000007F000000FF000001FF000003FF000007FF00001FFFFF
F0FFFFFFF0FFFFFFF0FFFFFFF001FF000001FF000001FF000001FF000001FF000001FF00
0001FF000001FF000001FF000001FF000001FF000001FF000001FF000001FF000001FF00
0001FF000001FF000001FF000001FF000001FF003C01FF003C01FF003C01FF003C01FF00
3C01FF003C01FF003C01FF003C00FF007800FF8078007F80F0003FC1E0001FFFC0000FFF
800001FE001E377EB626>I<00FE00003F80FFFE003FFF80FFFE003FFF80FFFE003FFF80
FFFE003FFF8007FE0001FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF80
03FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF80
03FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF80
03FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF8003FE0000FF80
03FE0001FF8003FE0001FF8003FE0003FF8001FE0003FF8001FE0006FF8000FF000CFFC0
007F8078FFFE003FFFF0FFFE001FFFE0FFFE0003FF80FFFE2F267CA536>I
E /Fr 27 122 df<FF80FF80FF0009037D880E>45 D<03FFFF00700700700300700100E0
0100E00100E00100E00101C08001C08001C08001C18003FF000381000381000381000702
000700040700040700080E00080E00180E00100E00301C00E0FFFFE0181A7D991A>69
D<000FC100302100C01301800F0700060E00060C00061800063800043000047000007000
00E00000E00000E00000E007FEE00070E00070E00070E000706000E06000E03000E01801
E00C064003F840181A7A991E>71 D<03F8001FC00078003C000078003C000078005C0000
B800B80000B800B800009C013800009C013800011C027000011C027000011C047000011C
087000021C08E000021C10E000021C10E000021C20E000041C41C000041C41C000041C81
C000041C81C000080F038000080F038000080E038000180C038000380C070000FF083FF0
00221A7D9922>77 D<001F8000706001C03003001806001C0E000C1C000C18000E38000E
30000E70000E70000EE0001CE0001CE0001CE00038E00038E00030E00070E000E0E000C0
6001807003003806001C1C0007E000171A7A991D>79 D<03FFF000701C00700E00700700
E00700E00700E00700E00701C00E01C01C01C03801C0E003FF800380C003806003807007
00700700700700700700700E00E00E00E00E00E10E00E21C0062FFC03C181A7D991C>82
D<03CC0E2E181C381C301C701CE038E038E038E038C072C072C07260F261341E180F107C
8F14>97 D<01F006080C181838301070006000E000E000E000E000E008E010602030C01F
000D107C8F12>99 D<001F80000380000380000380000700000700000700000700000E00
000E0003CE000E2E00181C00381C00301C00701C00E03800E03800E03800E03800C07200
C07200C0720060F2006134001E1800111A7C9914>I<01E006181C08380870087010FFE0
E000E000E000E000E0086010602030C01F000D107C8F12>I<000700001980001B80003B
0000300000300000700000700000700000700007FF0000E00000E00000E00000E00000E0
0001C00001C00001C00001C00001C0000380000380000380000380000380000700000700
00070000660000E40000CC0000700000112181990C>I<1F800003800003800003800007
00000700000700000700000E00000E00000E7C000F86001E07001E07001C07001C070038
0E00380E00380E00381C00701C80701C80703880703900E01900600E00111A7E9914>
104 D<030706000000000000384C4E8E9C9C1C3838707272E2E4643808197C980C>I<1F
8003800380038007000700070007000E000E000E0E0E131C271C431C801F003C003F8039
C038E070E270E270E270E4E0646038101A7E9912>107 D<3F0707070E0E0E0E1C1C1C1C
3838383870707070E4E4E4E46830081A7D990A>I<307C1E00598663009E0783809E0703
809C0703809C070380380E0700380E0700380E0700380E0E00701C0E40701C0E40701C1C
40701C1C80E0380C80601807001A107C8F1F>I<307C005986009E07009E07009C07009C
0700380E00380E00380E00381C00701C80701C80703880703900E01900600E0011107C8F
16>I<01F006180C0C180E300E700E600EE00EE00EE00CE01CE018E030606030C01F000F
107C8F14>I<030F000590C009E0C009C06009C06009C0600380E00380E00380E00380E0
0701C00701800703800703000E8E000E78000E00000E00001C00001C00001C00001C0000
FF00001317808F14>I<30F059189E389C189C009C003800380038003800700070007000
7000E00060000D107C8F10>114 D<03E004300830187018601C001F801FC00FE000E000
60E060E06080C041803E000C107D8F10>I<06000E000E000E000E001C001C00FFC01C00
38003800380038007000700070007000E100E100E100E200640038000A177C960D>I<38
064C074E0E8E0E9C0E9C0E1C1C381C381C381C7039703970393079389A0F0C10107C8F15
>I<38184C1C4E1C8E0C9C0C9C0C1C08380838083808701070107020304018C00F000E10
7C8F12>I<380C304C0E384E1C388E1C189C1C189C1C181C381038381038381038381070
702070702070704030704018B8800F0F0015107C8F19>I<078F0008D18010F38020E180
20E00020E00001C00001C00001C00001C000038200038200C38200E78400C5880078F000
11107E8F12>I<38064C074E0E8E0E9C0E9C0E1C1C381C381C381C703870387038307838
F00F700070006060E0E1C0C18047003C0010177C8F13>I E /Fs
14 103 df<00C00000C00000C00000C00000C00000C00000C00000C00000C000FFFF80FF
FF8000C00000C00000C00000C00000C00000C00000C00000C00000C00011147E8F17>43
D<1F00318060C04040C060C060C060C060C060C060C060C060404060C031801F000B107F
8F0F>48 D<0C003C00CC000C000C000C000C000C000C000C000C000C000C000C000C00FF
8009107E8F0F>I<1F00618040C08060C0600060006000C00180030006000C0010202020
7FC0FFC00B107F8F0F>I<1F00218060C060C000C0008001800F00008000400060C060C0
60804060801F000B107F8F0F>I<0300030007000F000B001300330023004300C300FFE0
03000300030003001FE00B107F8F0F>I<20803F002C002000200020002F003080204000
6000600060C06080C061801F000B107F8F0F>I<0780184030C060C06000C000CF00F080
E040C060C060C060406060C030801F000B107F8F0F>I<40007FE07FC080808080010002
00040004000C0008000800180018001800180018000B117E900F>I<1F00318060C060C0
60C071803F000F00338061C0C060C060C060404060801F000B107F8F0F>I<1F00318060
C0C040C060C060C06040E021E01E600060004060C0608043003E000B107F8F0F>I<01E0
006000600060006000600F6030E06060C060C060C060C060C060606030E01F780D117F90
11>100 D<1F00318060C0C0C0FFC0C000C000C000604030801F000A0B7F8A0E>I<07000D
801800180018001800FE001800180018001800180018001800180018007E00091180900A
>I E /Ft 18 117 df<01020408103020606040C0C0C0C0C0C0C0C0C0C0406060203010
08040201081E7E950D>40 D<80402010080C040606020303030303030303030302060604
0C0810204080081E7E950D>I<0060000060000060000060000060000060000060000060
00006000006000FFFFF0FFFFF00060000060000060000060000060000060000060000060
0000600000600014167E9119>43 D<0F0030C0606060604020C030C030C030C030C030C0
30C030C030C03040206060606030C00F000C137E9211>48 D<0C001C00EC000C000C000C
000C000C000C000C000C000C000C000C000C000C000C000C00FFC00A137D9211>I<1F00
60C06060F070F030603000700070006000C001C00180020004000810101020207FE0FFE0
0C137E9211>I<0FC030707038703870380038003000E00FC0007000380018001C601CF0
1CF018E03860701FC00E137F9211>I<006000E000E00160026006600C60086010602060
6060C060FFFC0060006000600060006003FC0E137F9211>I<60607FC07F804400400040
0040004F0070C040E0006000700070E070E070E06040E021C01F000C137E9211>I<07C0
0C201070207060006000C000CF00D0C0E060C020C030C030C03040306020206010C00F00
0C137E9211>I<40007FFC7FF8401080108020004000800100010003000200060006000E
000E000E000E000E0004000E147E9311>I<0FC0107020186018601870183C303F600F80
0FE031F06078C01CC00CC00CC00C601830300FC00E137F9211>I<0F00308060404060C0
20C030C030C0304030607030B00F30003000200060E040E08041003E000C137E9211>I<
00780018001800180018001800180F98187820386018C018C018C018C018C01860182038
10580F9E0F147F9312>100 D<0F80104020206030C010FFF0C000C000C0006000201018
200FC00C0D7F8C0F>I<03C00CE018E01840180018001800FF0018001800180018001800
1800180018001800180018007F000B1480930A>I<F00030003000300030003000300033
E034303818301830183018301830183018301830183018FC7E0F147F9312>104
D<10001000100030007000FF80300030003000300030003000300030803080308011000E
0009127F910D>116 D E /Fu 39 123 df<0000F000F8F001F8F003F8F0078000070000
0F00000F00000F00000F00000F00000F00000F0000FFF8F0FFF8F0FFF8F00F00F00F00F0
0F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F00F0
0F00F00F00F00F00F0142180A018>12 D<0000000780007E07C78001FE0FC78003FE1FC7
8007803C000007003800000F007800000F007800000F007800000F007800000F00780000
0F007800000F00780000FFF87FC780FFF87FC780FFF87FC7800F007807800F007807800F
007807800F007807800F007807800F007807800F007807800F007807800F007807800F00
7807800F007807800F007807800F007807800F007807800F007807800F007807800F0078
0780212180A025>14 D<FFC0FFC0FFC00A037F8B0F>45 D<FFFFC0FFFFC0FFFFC00001C0
000380000700000F00000E00001C00001C0000380000780000780000F00000F00000E000
01E00001E00001C00003C00003C00003C00003C000038000078000078000078000078000
078000078000121E7E9D17>55 D<03F00007F8000FFC001E1E003C0F00780700780780F0
0780F00380F003C0F003C0F003C0F003C0F003C0F003C07807C07807C07C0FC03E1FC01F
FBC00FF3C007C780000780000780000700000F00001E00201E00307C007FF8003FF0000F
C00012207E9E17>57 D<F0F0F0F0000000000000000000000000F0F0F0F004147C930D>
I<001F0000001F0000003F8000003B8000003B8000007BC0000073C0000071C00000F1E0
0000E1E00000E0E00001E0F00001E0F00001C0F00003C0780003C078000380780007803C
0007803C0007003C000FFFFE000FFFFE000FFFFE001E000F001E000F003C000F803C0007
803C000780780007C0780003C0780003C0F00003E01B207F9F1E>65
D<FFF800FFFF00FFFF80F00FC0F003E0F001E0F000F0F000F0F000F0F000F0F000F0F001
E0F003C0F01F80FFFF00FFFF00FFFF80F007E0F001E0F000F0F00078F00078F00078F000
78F00078F00078F000F0F001F0F007E0FFFFC0FFFF80FFFC0015207B9F1E>I<001FC000
FFF801FFFC03E03C07800C0F00001E00003E00003C00007C0000780000780000780000F0
0000F00000F00000F00000F00000F00000F00000F000007800007800007800007C00003C
00003E00001E00000F000207800E03E03E01FFFC00FFF0001FC017227DA01D>I<FFFC00
FFFF80FFFFC0F007E0F001F0F000F8F00078F0003CF0003CF0001EF0001EF0000EF0000F
F0000FF0000FF0000FF0000FF0000FF0000FF0000FF0000FF0001EF0001EF0001EF0003C
F0007CF000F8F001F0F007E0FFFFC0FFFF80FFFC0018207B9F21>I<FFFFC0FFFFC0FFFF
C0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000FFFF
80FFFF80FFFF80F00000F00000F00000F00000F00000F00000F00000F00000F00000F000
00F00000F00000FFFFE0FFFFE0FFFFE013207B9F1B>I<FFFFC0FFFFC0FFFFC0F00000F0
0000F00000F00000F00000F00000F00000F00000F00000F00000F00000FFFF00FFFF00FF
FF00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F0
0000F00000F00000F0000012207B9F1A>I<FFF800FFFF00FFFF80F007C0F003E0F001E0
F000F0F000F0F000F0F000F0F000F0F001E0F003E0F007C0FFFF80FFFF00FFF800F03C00
F01E00F01E00F00F00F00F00F00780F00780F003C0F001C0F001E0F000F0F000F0F00078
F00078F0003C16207B9F1D>82 D<01FC0007FF800FFFC01F03C03C00C03C000078000078
00007800007800007800007C00003C00003F00001FE0000FFC0007FE0001FF00003F8000
07C00003C00003E00001E00001E00001E00001E00001E00001C0C003C0F007C0FC0F807F
FF001FFE0003F80013227EA019>I<07E03FF87FFC701E401F000F000F000F003F07FF1F
FF7E0FF80FF00FF00FF00FF83F7FFF3FEF1F8F10147E9316>97 D<F00000F00000F00000
F00000F00000F00000F00000F00000F00000F00000F00000F00000F1F000F7FC00FFFE00
FC3E00F80F00F00F00F00780F00780F00780F00780F00780F00780F00780F00F00F00F00
F81F00FC3E00FFFC00F7F800F1E00011207D9F17>I<03F00FFC1FFE3E0E3C0278007800
F000F000F000F000F000F000780078003C013E0F1FFF0FFE03F010147E9314>I<000780
00078000078000078000078000078000078000078000078000078000078000078007C780
0FF7801FFF803E1F807C0780780780F80780F00780F00780F00780F00780F00780F00780
F00780780780780F803E1F801FFF800FF78007C78011207E9F17>I<03F0000FFC001FFE
003E1F003C0700780700700380FFFF80FFFF80FFFF80F00000F00000F000007000007800
003C01003E07001FFF0007FE0001F80011147F9314>I<007E01FE03FE078007000F000F
000F000F000F000F000F00FFF0FFF0FFF00F000F000F000F000F000F000F000F000F000F
000F000F000F000F000F000F000F000F20809F0E>I<03E0F00FFFF01FFFF03E3E003C1E
00780F00780F00780F00780F00780F003C1E003E3E001FFC003FF80033E0003000003800
003FFE003FFF801FFFC03FFFE07803F0F000F0F000F0F000F0F801F07E07E03FFFC00FFF
0003FC00141E7F9317>I<F000F000F000F000F000F000F000F000F000F000F000F000F1
F8F3FCF7FEFC1FF80FF80FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF0
0FF00F10207D9F17>I<F0F0F0F00000000000000000F0F0F0F0F0F0F0F0F0F0F0F0F0F0
F0F0F0F0F0F004207D9F0B>I<01E001E001E001E0000000000000000000000000000000
0001E001E001E001E001E001E001E001E001E001E001E001E001E001E001E001E001E001
E001E001E001E001E001E001E001E0C3C0FFC0FF803F000B29839F0C>I<F00000F00000
F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F01F00F01E00
F03C00F07800F0F000F1E000F3C000F78000FFC000FFC000FFE000F9F000F8F000F0F800
F07C00F07C00F03E00F01E00F01F00F00F8011207D9F16>I<F0F0F0F0F0F0F0F0F0F0F0
F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F004207D9F0B>I<F0FC07E0F3FE1FF0
F7FF3FF8FE0FF07CF807C03CF807C03CF007803CF007803CF007803CF007803CF007803C
F007803CF007803CF007803CF007803CF007803CF007803CF007803CF007803CF007803C
1E147D9327>I<F1F8F3FCF7FEFC1FF80FF80FF00FF00FF00FF00FF00FF00FF00FF00FF0
0FF00FF00FF00FF00FF00F10147D9317>I<01F80007FE001FFF803F0FC03C03C07801E0
7801E0F000F0F000F0F000F0F000F0F000F0F000F07801E07801E03C03C03F0FC01FFF80
07FE0001F80014147F9317>I<F1F000F7FC00FFFE00FC3E00F81F00F00F00F00F80F007
80F00780F00780F00780F00780F00780F00F00F00F00F81F00FC3E00FFFC00F7F800F1E0
00F00000F00000F00000F00000F00000F00000F00000F00000F00000111D7D9317>I<F0
E0F3E0F7E0FF00FC00FC00F800F800F000F000F000F000F000F000F000F000F000F000F0
00F0000B147D9310>114 D<07F01FFC3FFC780C7800780078007C003FC01FF00FF803F8
007C003C003CC03CF07CFFF87FF00FC00E147F9311>I<1E001E001E001E001E001E00FF
F0FFF0FFF01E001E001E001E001E001E001E001E001E001E001E001E001E001E201FF00F
F007C00C1A7F9910>I<F00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00F
F00FF00FF01FF03FFFFF7FEF3F0F10147D9317>I<F003C0F003C0780380780780780780
3C0F003C0F003C0F001E0E001E1E001E1E000F1C000F3C000F3C0007380007380007B800
03F00003F00001E00012147F9315>I<F01F00F0F01F80F0F01F80F0781B81E0783B81E0
783BC1E07839C1E03C31C3C03C71C3C03C71E3C01C70E3801E60E7801E60E7801EE0E780
0EE077000EC077000EC0770007C07E0007C03E0007803E001C147F931F>I<7801E07C03
C03E07801E0F000F0F00079E0003FC0003F80001F80000F00001F00001F80003FC00079E
000F0F000E0F001E07803C03C07801E0F801F01414809315>I<F003C0F003C078078078
07807C07803C0F003C0F001E0F001E1E000E1E000F1C000F1C00073C0007380003B80003
B80003B00001F00001F00000E00000E00001C00001C00001C0000380000780007F00007E
00007C0000121D7F9315>I<7FFF7FFF7FFF003E003C007800F800F001E003E007C00780
0F001F001E003C007C00FFFFFFFFFFFF10147F9314>I E /Fv 68
124 df<00003F03E00000C386700001878CF00003879CF0000303186000070038000007
0038000007003800000E003800000E007000000E007000000E00700000FFFFFF80001C00
7000001C00E000001C00E000001C00E000001C00E000003800E000003801C000003801C0
00003801C000003801C000007001C0000070038000007003800000700380000070038000
006003800000E007000000E007000000E007000000E007000000C006000001C00E000001
C00E000031860C0000798F180000F31E100000620C6000003C07C000002429829F1C>11
D<00003FE00000E010000180380003807800030078000700300007000000070000000700
00000E0000000E0000000E000000FFFFE0000E00E0001C01C0001C01C0001C01C0001C01
C0001C03800038038000380380003803800038070000380700007007000070071000700E
2000700E2000700E2000E00E2000E0064000E0038000E0000000C0000001C0000001C000
003180000079800000F3000000620000003C0000001D29829F1A>I<00003FC0FF800000
E0E38040000181E600E0000381EC01E0000300DC01E00007001C00C00007001800000007
00380000000E00380000000E00380000000E00380000000E0070000000FFFFFFFF80001C
00700380001C00700700001C00700700001C00700700001C00E00700001C00E00E000038
00E00E00003800E00E00003800E00E00003801C01C00003801C01C00007001C01C000070
01C01C40007001C0388000700380388000700380388000E00380388000E00380190000E0
03000E0000E00700000000C00700000001C00600000001C00600000031860E000000798F
0C000000F31E18000000620C300000003C07C00000002B29829F28>14
D<0E1F3F3F1D0102020404081020C0080E779F0E>39 D<1C3C3C3C3C0404080810202040
80060E7D840E>44 D<7FF0FFE07FE00C037D8A10>I<70F8F8F0E005057B840E>I<000F80
0030E000E07001C0700380300380380700380F00780F00780E00781E00781E00703C00F0
3C00F03C00F03C00F07801E07801E07801E07801C07003C0F003C0F00380F00780F00700
700700700E00701C003038001870000FC000151F7C9D17>48 D<000200020006000E003C
00DC031C001C0038003800380038007000700070007000E000E000E000E001C001C001C0
01C003800380038003800780FFF80F1E7B9D17>I<001F000061800080E00100E0020070
0220700420700410700820F00820F00820F00840E00881E00703C0000380000700000C00
0018000060000080000300000400000800401000401000802001807E030047FF0041FE00
80FC00807800141F7C9D17>I<001F800060E00080700100300200380420380420380410
380420700460700380600000E00001C000030000FE00001C000006000007000007800007
80000780300780780780780780F00F00800F00401E00401C0040380020E0001F8000151F
7C9D17>I<0000600000E00000E00000E00001C00001C00001C000038000038000030000
0700000700000600000E00000C0000180000180000300000300000630000C70000870001
0700030700060E00040E00080E003F8E00607C00801FC0001C00001C0000380000380000
380000380000700000700000600013277E9D17>I<00C06000FFC001FF8001FE00010000
010000020000020000020000020000040000047800058C000606000C0700080700000780
000780000780000780000F00700F00F00F00F00E00E01E00801C00803800803000406000
61C0001F0000131F7B9D17>I<0007C0001C200030200060E000C1E00181E00380C00700
000F00000E00001E00001E78001D84003E06003E07003C07007C07807807807807807807
80700F00700F00F00F00F00E00F01E00701C00601C0070380030700010C0000F8000131F
7B9D17>I<08E0100BF01017F0201FF0603E19C0380E8020008060010040030080030000
0600000E00000C00001C00001C0000380000380000700000700000F00000F00001E00001
E00001E00003C00003C00003C00007C000078000078000030000141F799D17>I<001F00
0061800080C00100600300600600600600600600600E00C00F00800F818007C30007E400
03F80001F80003FC00047E00183F00300F00200700600700C00300C00300C00300800600
800600C00C00C008004030003060001F8000131F7B9D17>I<001F0000718000C0C00180
C00380E00700E00F00E00F01E01E01E01E01E01E01E01E01C01C03C01C03C01C03C01C07
C01C0F800C0F8006378003C700000F00000E00000E00001C00601C00F03800F07000E060
0080C0004380003E0000131F7B9D17>I<070F1F1F0E0000000000000000000070F8F8F0
E008147B930E>I<01C003C007C007C00380000000000000000000000000000000000000
00001C003C003C003C003C000400040008000800100020002000400080000A1D7D930E>
I<007800018600060300080100080180100180200180200300400300700700780E00F03C
0060780000F00003E0000780000F00000E00000C00001840001840000880000F00000000
000000000000000000000000001C00003E00003E00003C0000380000112178A017>63
D<00000200000006000000060000000E0000001E0000001E0000003F0000002F0000004F
0000004F0000008F0000010F0000010F0000020F0000020F0000040F00000C0F0000080F
0000100F0000100F0000200F80003FFF800040078000C007800080078001000780010007
800200078002000780060007801E000F80FF807FF81D207E9F22>65
D<01FFFFC0001E00F0001E0078001E0038001E003C003C003C003C003C003C003C003C00
3C0078007800780078007800F0007801E000F0078000FFFE0000F00F8000F003C001E001
C001E001E001E001E001E001E003C001E003C001E003C001E003C001C0078003C0078007
8007800F0007801E000F007800FFFFE0001E1F7D9E20>I<0000FE0200078186001C004C
0038003C0060003C00C0001C01C0001803800018070000180F0000181E0000101E000010
3C0000003C00000078000000780000007800000078000000F0000000F0000000F0000000
F0000000F00000807000008070000080700001003800010038000200180004000C001800
060020000381C00000FE00001F217A9F21>I<01FFFF80001E00E0001E0070001E003800
1E001C003C001C003C000E003C000E003C000E0078000E0078000E0078000E0078000E00
F0001E00F0001E00F0001E00F0001E01E0003C01E0003C01E0003C01E0007803C0007003
C0007003C000E003C001C0078001C00780038007800E0007801C000F007000FFFFC0001F
1F7D9E22>I<01FFFFFE001E001C001E000C001E0004001E0004003C0004003C0004003C
0004003C00040078080800780800007808000078180000F0300000FFF00000F0300000F0
300001E0200001E0200001E0200001E0001003C0002003C0002003C0004003C000400780
00800780018007800100078007000F001F00FFFFFE001F1F7D9E1F>I<01FFFFFC001E00
38001E0018001E0008001E0008003C0008003C0008003C0008003C000800780010007808
00007808000078080000F0100000F0300000FFF00000F0300001E0200001E0200001E020
0001E0200003C0000003C0000003C0000003C00000078000000780000007800000078000
000F800000FFF800001E1F7D9E1E>I<0000FC040007030C001C00980030007800E00078
01C000380380003003800030070000300E0000301E0000201E0000203C0000003C000000
78000000780000007800000078000000F0000000F000FFF0F0000780F0000780F0000F00
70000F0070000F0070000F0070001E0038001E0018003E001C002E000E00CC0003830400
00FC00001E217A9F23>I<01FFF3FFE0001F003E00001E003C00001E003C00001E003C00
003C007800003C007800003C007800003C007800007800F000007800F000007800F00000
7800F00000F001E00000FFFFE00000F001E00000F001E00001E003C00001E003C00001E0
03C00001E003C00003C007800003C007800003C007800003C007800007800F000007800F
000007800F000007800F00000F801F0000FFF1FFE000231F7D9E22>I<01FFF0001F0000
1E00001E00001E00003C00003C00003C00003C0000780000780000780000780000F00000
F00000F00000F00001E00001E00001E00001E00003C00003C00003C00003C00007800007
80000780000780000F8000FFF800141F7D9E12>I<001FFF0000F80000F00000F00000F0
0001E00001E00001E00001E00003C00003C00003C00003C0000780000780000780000780
000F00000F00000F00000F00001E00001E00301E00781E00F83C00F83C00F07800807000
40E00021C0001F000018207D9E18>I<01FFF800001F0000001E0000001E0000001E0000
003C0000003C0000003C0000003C00000078000000780000007800000078000000F00000
00F0000000F0000000F0000001E0000001E0000001E0000001E0008003C0010003C00100
03C0030003C00200078006000780060007800C0007801C000F007800FFFFF800191F7D9E
1D>76 D<01FE00007FC0001E0000FC00001E0000F8000017000178000017000178000027
0002F00000270004F00000270004F00000270008F00000470009E00000470011E0000047
0021E00000470021E00000870043C00000838043C00000838083C00000838083C0000103
810780000103820780000103820780000103840780000203840F00000203880F00000203
900F00000203900F00000401E01E00000401E01E00000401C01E00000C01801E00001C01
803E0000FF8103FFC0002A1F7D9E29>I<01FF007FE0001F000F00001F00040000178004
00001780040000278008000023C008000023C008000023C008000041E010000041E01000
0041F010000040F010000080F0200000807820000080782000008078200001003C400001
003C400001003C400001001E400002001E800002001E800002000F800002000F80000400
0F0000040007000004000700000C000700001C00020000FF80020000231F7D9E22>I<00
01FC0000070700001C01C0003000E000E0006001C000700380007007800038070000380E
0000381E0000381C0000383C0000383C00003878000078780000787800007878000078F0
0000F0F00000F0F00000E0F00001E0F00001C0F00003C0700003807000070078000F0038
001E0038003C001C0070000E00E0000783800001FC00001D217A9F23>I<01FFFF80001E
00E0001E0070001E0038001E003C003C003C003C003C003C003C003C003C007800780078
0078007800F0007800E000F003C000F00F0000FFFC0000F0000001E0000001E0000001E0
000001E0000003C0000003C0000003C0000003C000000780000007800000078000000780
00000F800000FFF000001E1F7D9E1F>I<0001FC0000070700001C01C0003000E000E000
E001C000700380007007800078070000380F0000381E0000381E0000383C0000383C0000
7878000078780000787800007878000078F00000F0F00000F0F00000E0F00001E0F00001
C0F00003C070000380701C070070200F0038411E0038413C001C4170000E41E000074380
8001FD0080000101800001010000038300000386000003FE000003FC000001F8000000F0
001D297A9F23>I<01FFFF00001E03C0001E00E0001E0070001E0078003C0078003C0078
003C0078003C0078007800F0007800F0007801E0007801C000F0070000F01E0000FFF000
00F0380001E01C0001E01E0001E00E0001E00F0003C01E0003C01E0003C01E0003C01E00
07803C0007803C0807803C0807803C100F801C10FFF00C20000007C01D207D9E21>I<00
07E040001C18C0003005800060038000C0038001C0018001800100038001000380010003
8001000380000003C0000003C0000003F8000001FF800001FFE000007FF000001FF00000
01F800000078000000780000003800000038002000380020003800200030006000700060
0060006000E0007000C000E8038000C606000081F800001A217D9F1A>I<0FFFFFF01E07
80E0180780201007802020078020200F0020600F0020400F0020400F0020801E0040001E
0000001E0000001E0000003C0000003C0000003C0000003C000000780000007800000078
00000078000000F0000000F0000000F0000000F0000001E0000001E0000001E0000001E0
000003E00000FFFF00001C1F789E21>I<7FFC1FF807C003C00780010007800100078001
000F0002000F0002000F0002000F0002001E0004001E0004001E0004001E0004003C0008
003C0008003C0008003C00080078001000780010007800100078001000F0002000F00020
00F0002000F0004000F0004000700080007001000030020000380400000C18000007E000
001D20779E22>I<FFF1FFC0FF801F003E001C001F003C0018000F003C0010000F003C00
10000F003C0020000F003C0020000F003E0040000F003E00C0000F005E0080000F005E01
00000F009E0100000F009E0200000F011E0200000F021E0400000F021E0400000F041E08
00000F041E0800000F081E1000000F081E2000000F101E2000000F101E4000000F201E40
00000F601E8000000FC01E80000007801F00000007801F00000007001E00000007001E00
000006000C0000000600080000000400080000002920779E2D>87
D<00F1800389C00707800E03801C03803C0380380700780700780700780700F00E00F00E
00F00E00F00E20F01C40F01C40703C40705C40308C800F070013147C9317>97
D<07803F8007000700070007000E000E000E000E001C001C001CF01D0C3A0E3C0E380F38
0F700F700F700F700FE01EE01EE01EE01CE03CE038607060E031C01F0010207B9F15>I<
007E0001C1000300800E07801E07801C07003C0200780000780000780000F00000F00000
F00000F00000F0000070010070020030040018380007C00011147C9315>I<0000780003
F80000700000700000700000700000E00000E00000E00000E00001C00001C000F1C00389
C00707800E03801C03803C0380380700780700780700780700F00E00F00E00F00E00F00E
20F01C40F01C40703C40705C40308C800F070015207C9F17>I<007C01C207010E011C01
3C013802780C7BF07C00F000F000F000F0007000700170023804183807C010147C9315>
I<00007800019C00033C00033C000718000700000700000E00000E00000E00000E00000E
0001FFE0001C00001C00001C00001C000038000038000038000038000038000070000070
0000700000700000700000700000E00000E00000E00000E00000C00001C00001C0000180
003180007B0000F300006600003C00001629829F0E>I<003C6000E27001C1E00380E007
00E00F00E00E01C01E01C01E01C01E01C03C03803C03803C03803C03803C07003C07001C
0F001C17000C2E0003CE00000E00000E00001C00001C00301C00783800F0700060E0003F
8000141D7E9315>I<01E0000FE00001C00001C00001C00001C000038000038000038000
038000070000070000071E000763000E81800F01C00E01C00E01C01C03801C03801C0380
1C0380380700380700380700380E10700E20700C20701C20700C40E00CC060070014207D
9F17>I<00C001E001E001C000000000000000000000000000000E003300230043804300
470087000E000E000E001C001C001C003840388030807080310033001C000B1F7C9E0E>
I<0001800003C00003C0000380000000000000000000000000000000000000000000003C
00004600008700008700010700010700020E00000E00000E00000E00001C00001C00001C
00001C0000380000380000380000380000700000700000700000700000E00000E00030E0
0079C000F180006300003C00001228829E0E>I<01E0000FE00001C00001C00001C00001
C0000380000380000380000380000700000700000703C00704200E08E00E11E00E21E00E
40C01C80001D00001E00001FC00038E00038700038700038384070708070708070708070
3100E03100601E0013207D9F15>I<03C01FC0038003800380038007000700070007000E
000E000E000E001C001C001C001C0038003800380038007000700070007100E200E200E2
00E200640038000A207C9F0C>I<1C0F80F0002630C318004740640C004780680E004700
700E004700700E008E00E01C000E00E01C000E00E01C000E00E01C001C01C038001C01C0
38001C01C038001C01C0708038038071003803806100380380E100380380620070070066
00300300380021147C9325>I<1C0F802630C04740604780604700704700708E00E00E00
E00E00E00E00E01C01C01C01C01C01C01C03843803883803083807083803107003303001
C016147C931A>I<007C0001C3000301800E01C01E01C01C01E03C01E07801E07801E078
01E0F003C0F003C0F003C0F00780F00700700F00700E0030180018700007C00013147C93
17>I<01C1E002621804741C04781C04701E04701E08E01E00E01E00E01E00E01E01C03C
01C03C01C03C01C0380380780380700380E003C1C0072380071E000700000700000E0000
0E00000E00000E00001C00001C0000FFC000171D809317>I<00F0400388C00705800E03
801C03803C0380380700780700780700780700F00E00F00E00F00E00F00E00F01C00F01C
00703C00705C0030B8000F380000380000380000700000700000700000700000E00000E0
000FFE00121D7C9315>I<1C1E002661004783804787804707804703008E00000E00000E
00000E00001C00001C00001C00001C000038000038000038000038000070000030000011
147C9313>I<00FC030206010C030C070C060C000F800FF007F803FC003E000E700EF00C
F00CE008401020601F8010147D9313>I<018001C0038003800380038007000700FFF007
000E000E000E000E001C001C001C001C003800380038003820704070407080708031001E
000C1C7C9B0F>I<0E00C03300E02301C04381C04301C04701C08703800E03800E03800E
03801C07001C07001C07001C07101C0E20180E20180E201C1E200C264007C38014147C93
18>I<0E03803307802307C04383C04301C04700C08700800E00800E00800E00801C0100
1C01001C01001C02001C02001C04001C04001C08000E300003C00012147C9315>I<0E00
C1C03300E3C02301C3E04381C1E04301C0E04701C060870380400E0380400E0380400E03
80401C0700801C0700801C0700801C0701001C0701001C0602001C0F02000C0F04000E13
080003E1F0001B147C931E>I<0383800CC4401068E01071E02071E02070C040E00000E0
0000E00000E00001C00001C00001C00001C040638080F38080F38100E5810084C6007878
0013147D9315>I<0E00C03300E02301C04381C04301C04701C08703800E03800E03800E
03801C07001C07001C07001C07001C0E00180E00180E001C1E000C3C0007DC00001C0000
1C00003800F03800F07000E06000C0C0004380003E0000131D7C9316>I<01C04003E080
07F1800C1F00080200000400000800001000002000004000008000010000020000040100
0802001002003E0C0063FC0041F80080E00012147D9313>I<FFFFF014017C8C17>I
E /Fw 31 122 df<00030004000800100020006000C0018001000300060006000C000C00
1C0018001800380030003000700070006000600060006000E000E000E000E000E000E000
60006000600060006000300030001000180008000C00040002000100102E7CA112>40
D<008000C000600020003000180018000C000C000C000E00060006000600060006000600
060006000600060006000E000E000E000C000C001C001800180038003000300060006000
C000C001800100030006000C0018003000600080000F2E7FA112>I<1C3E7E7E3A020204
0408081020C0070E7D840D>44 D<FFC0FFC00A027D8A0F>I<3078F8787005057C840D>I<
0000100000001800000038000000380000007800000078000000FC000001BC0000013C00
00033C0000023C0000063C0000043E0000081E0000081E0000101E0000101E0000201E00
00200F0000400F0000400F0000FFFF0000800F0001000F80010007800200078002000780
04000780040007800C0007C03E0007C0FF807FFC1E207E9F22>65
D<07FFE0007C00003C00003C0000780000780000780000780000780000780000F00000F0
0000F00000F00000F00000F00001E00001E00001E00001E00001E00001E00003C00003C0
0003C00003C00003C00003C00007800007C000FFFC00131F7F9E10>73
D<07FFFC00007C0700003C03C0003C01E0007801E0007801F0007801F0007801F0007801
F0007801E000F003E000F003C000F0078000F00F0000F03C0000FFF00001E0300001E038
0001E01C0001E01C0001E01C0001E01E0003C03E0003C03E0003C03E0003C03E0003C03E
0003C03E0207803E0407C01F04FFFC0F18000003E01F207E9E21>82
D<003F040060CC01803C03801C03001C0700180600080E00080E00080E00080E00000F00
000F80000FE00007FE0003FF8001FFC0007FE00007E00001E00000E00000F00000F04000
E04000E04000E04000E06000C0600180E00380F80300C60C0081F80016217D9F19>I<07
F8000C0C001E06001E07001C070000070000070000070000FF0007C7001E07003C0E0078
0E00F00E10F00E10F00E10F01E10F02E20784F401F878014147D9317>97
D<0700003F00000F00000700000700000E00000E00000E00000E00000E00000E00001C00
001C7C001D87001E03801C01C01C01C03801C03801E03801E03801E03801E03801E07003
C07003C0700380700780700700700E00E81C00C4380083E00013207B9F19>I<01FC0706
0E0F1C0F380E78007000F000F000F000F000E000E000E000E000F0027004300818300FC0
10147C9314>I<0000700003F00000F00000700000700000E00000E00000E00000E00000
E00000E00001C000F9C00305C00E03C01C03C03801C0780380700380F00380F00380F003
80F00380E00700E00700E00700E00700E00700700F00301E00186F000F8FE014207C9F19
>I<00F800070E000E07001C0700380380780380700380F00380F00380FFFF80F00000E0
0000E00000E00000E00000F001007002003004001C180007E00011147D9314>I<000780
0018C00031E00061E000E1C000C00001C00001C00001C00001C00001C0000380007FF800
0380000380000380000380000700000700000700000700000700000700000E00000E0000
0E00000E00000E00000E00001C00001E0000FFE00013207E9F0E>I<00000E003E1100E1
A301C1C20381E00780E00701E00F01E00F01E00F01E00703C007038007870004FC000800
000800001800001C00000FFF000FFFC007FFE01800F0300030600030C00030C00030C000
306000603000C01C070007FC00181F809417>I<00E00007E00001E00000E00000E00001
C00001C00001C00001C00001C00001C000038000038F800390E003A0E003C06003806007
80E00700E00700E00700E00700E00700E00E01C00E01C00E01C00E01C00E01C00E01C01C
03801E03C0FFCFF815207E9F19>I<01C003E003E003E001C00000000000000000000000
0003801F800780038003800700070007000700070007000E000E000E000E000E000E001C
001E00FF800B1F7F9E0C>I<00E007E001E000E000E001C001C001C001C001C001C00380
038003800380038003800700070007000700070007000E000E000E000E000E000E001C00
1E00FFC00B207F9F0C>108 D<0387C07C001F9861860007A072070003C0340300038038
03000780780700070070070007007007000700700700070070070007007007000E00E00E
000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E001C01C01C001E01E01E00
FFCFFCFFC022147E9326>I<038F801F90E007A0E003C0600380600780E00700E00700E0
0700E00700E00700E00E01C00E01C00E01C00E01C00E01C00E01C01C03801E03C0FFCFF8
15147E9319>I<00FC000387000E01801C00C03800E03800E07000F0F000F0F000F0F000
F0F000F0E001E0E001E0E001C0E003C0F00380700700380E001C1C0007E00014147D9317
>I<00E3E007EC3800F01C00E01E00E00E01C00E01C00F01C00F01C00F01C00F01C00F03
801E03801E03801C03803C0380380380700740E00721C0071F000700000700000700000E
00000E00000E00000E00001E0000FFC000181D809319>I<038E001FB38007C78003C780
0383000780000700000700000700000700000700000E00000E00000E00000E00000E0000
0E00001C00001E0000FFE00011147E9312>114 D<01F2060E080618061802380438001E
001FE00FF003F8003C401C400C400C600C6018E010D0608FC00F147E9312>I<00800100
01000100030007000F001E00FFF80E000E000E000E001C001C001C001C001C001C003800
38203820382038203840384018800F000D1C7C9B12>I<1C0380FC1F803C07801C03801C
0380380700380700380700380700380700380700700E00700E00700E00700E00701E0070
1E00703C00305E001F9FC012147B9319>I<FF83F81E00E01C00C01C00800E00800E0100
0E02000E02000F040007040007080007080007100003900003A00003E00003C000038000
01800001000015147C9318>I<FF9FE1FC3E0780701C0300601C0300401C0380401C0380
800E0780800E0581000E0981000E09C2000E11C2000731C4000721C4000760C8000740C8
000780F0000780F0000300E00003006000020040001E147C9321>I<1FF0FF03C07801C0
6001C04000E08000E180007300007600003C00003C00001C00002E00004E000087000107
000203800603800C01C03E03E0FF07FC18147F9318>I<0FF83F8001E00E0001C00C0001
C0080000E0180000E0100000E0200000E0200000F0400000704000007080000070800000
71000000390000003A0000003E0000003C00000038000000180000001000000010000000
200000002000000040000070C00000F0800000F1000000E20000007C000000191D809318
>I E /Fx 36 123 df<01801801C01C0380380380380380380380380700700700700700
700700700E00E00E00E00E00E00E00E11E01C21E01C21E03C21E05C43F08C439F0783800
00380000700000700000700000700000E00000E00000E00000C00000181E7F931B>22
D<007FFE01FFFE07FFFE0F07801E03801C01C03801C07001C07001C07001C0E00380E003
80E00380E00700E00700E00E00600C003018001860000F800017147E931A>27
D<0FFFF01FFFF03FFFF0604000C0400080C00000C0000080000180000180000180000180
000380000300000300000700000700000700000E000006000014147E9314>I<70F8F8F8
7005057C840D>58 D<70F8FCFC74040404080810102040060E7C840D>I<000001C00000
078000001E00000078000001E00000078000000E00000038000000F0000003C000000F00
00003C000000F0000000F00000003C0000000F00000003C0000000F0000000380000000E
0000000780000001E0000000780000001E0000000780000001C01A1A7C9723>I<000100
030003000600060006000C000C000C00180018001800300030003000600060006000C000
C000C00180018001800300030003000600060006000C000C000C00180018001800300030
003000600060006000C000C000C000102D7DA117>I<E0000000780000001E0000000780
000001E0000000780000001C0000000700000003C0000000F00000003C0000000F000000
03C0000003C000000F0000003C000000F0000003C00000070000001C00000078000001E0
0000078000001E00000078000000E00000001A1A7C9723>I<000002000000060000000E
0000000E0000001E0000001F0000002F0000002F0000004F0000008F0000008F0000010F
0000010F0000020F0000040F0000040F0000080F80000807800010078000200780002007
80007FFF800040078000800780018007800100078002000780020007C0040003C00C0003
C01E0007C0FF807FFC1E207E9F22>65 D<00FFFFE0000F0078000F003C000F001C000F00
1E001E001E001E001E001E001E001E001E003C003C003C003C003C0078003C00F0007803
C0007FFF80007803C0007801E000F000F000F000F000F000F000F0007001E000F001E000
F001E000F001E000E003C001E003C003C003C0038003C00F0007801E00FFFFF0001F1F7E
9E22>I<0000FE0200078186001C004C0038003C0060003C00C0001C01C0001803800018
070000180F0000181E0000101E0000103C0000003C000000780000007800000078000000
78000000F0000000F0000000F0000000F0000000F0000080700000807000008070000100
3800010038000200180004000C001800060020000381C00000FE00001F217E9F21>I<00
FFFFFF000F000E000F0006000F0002000F0002001E0002001E0002001E0002001E000200
3C0404003C0400003C0400003C0C0000781800007FF800007818000078180000F0100000
F0100000F0100000F0000401E0000801E0000801E0001001E0001003C0002003C0006003
C0004003C001C0078007C0FFFFFF80201F7E9E22>69 D<00007E0100038183000E004600
38002E0070001E00E0000E01C0000C0380000C0700000C0F00000C1E0000081E0000083C
0000003C00000078000000780000007800000078000000F0000000F0007FFCF00001E0F0
0001E0F00003C0700003C0700003C0700003C038000780380007801C000F800C000B8006
0033000380C100007F000020217E9F24>71 D<00FF803FF0000F800780000F800200000B
C00200000BC002000013C004000011E004000011E004000011E004000020F008000020F0
08000020F808000020780800004078100000403C100000403C100000403C100000801E20
0000801E200000801E200000800F200001000F400001000F4000010007C000010007C000
02000780000200038000020003800006000380000F00010000FFE0010000241F7E9E25>
78 D<0001FC0000070700001C01C0003000E000E0006001C00070038000700780003807
0000380E0000381E0000381C0000383C0000383C00003878000078780000787800007878
000078F00000F0F00000F0F00000E0F00001E0F00001C0F00003C0700003807000070078
000F0038001E0038003C001C0070000E00E0000783800001FC00001D217E9F23>I<0007
E0800018118000300B000060070000C0070001C003000180020003800200038002000380
0200038000000380000003C0000003F8000003FF800001FFC00000FFE000003FF0000003
F0000000F0000000700000007000000070002000700020007000200060006000E0006000
C0006001C00070018000E8030000C60E000081F8000019217D9F1C>83
D<0FFFFFFC1E03C0381803C0181003C0082003C008200780086007800840078008400780
08800F0010000F0000000F0000000F0000001E0000001E0000001E0000001E0000003C00
00003C0000003C0000003C00000078000000780000007800000078000000F0000000F000
0000F0000000F0000001F000007FFFC0001E1F7F9E1B>I<7FFC1FF807C003C007800100
07800100078001000F0002000F0002000F0002000F0002001E0004001E0004001E000400
1E0004003C0008003C0008003C0008003C00080078001000780010007800100078001000
F0002000F0002000F0002000F0004000F000400070008000700100003002000038040000
0C18000007E000001D207C9E1F>I<00FFF83FF8000FC00F80000F800600000780040000
07C008000003C010000003C020000003E040000001E080000001F100000000F300000000
F600000000FC0000000078000000007C000000007C000000007C00000000BE000000011E
000000021E000000061F0000000C0F000000080F800000100780000020078000004007C0
00008003C000010003E000030003E0000F0007E000FFE01FFE00251F7F9E26>88
D<FFF801FF0F8000780F8000600780004007C0008007C0018003C0010003E0020003E004
0001E0080001F0180000F0100000F0200000F8400000788000007D0000007D0000003E00
00003C0000003C0000003800000078000000780000007800000070000000F0000000F000
0000F0000000F0000001E000003FFF0000201F7F9E1A>I<000700000C80001880003080
00308000608000610000C10000C10001C200018200038400038400038800070800071000
0720000720000E40000E80000F00000E00000E00000E00000E00001E00002E0000C60100
06030006040003180001E0001120809F13>96 D<07803F8007000700070007000E000E00
0E000E001C001C001CF01D0C3A0E3C0E380F380F700F700F700F700FE01EE01EE01EE01C
E03CE038607060E031C01F0010207E9F14>98 D<0000780003F800007000007000007000
00700000E00000E00000E00000E00001C00001C000F1C00389C00707800E03801C03803C
0380380700780700780700780700F00E00F00E00F00E00F00E10F01C20F01C20703C2070
5C40308C400F078015207E9F18>100 D<00007C0000CE00019E00039E00030C00070000
0700000700000700000E00000E00000E0000FFF0000E00000E00001C00001C00001C0000
1C00001C0000380000380000380000380000380000700000700000700000700000700000
E00000E00000E00000E00000C00001C000318000798000F300006200003C000017297E9F
16>102 D<001E3000713800E0F001C0700380700780700700E00F00E00F00E00F00E01E
01C01E01C01E01C01E01C01E03801E03800E07800E0B8006170001E70000070000070000
0E00000E00300E00781C00F038006070003FC000151D809316>I<01E0000FE00001C000
01C00001C00001C000038000038000038000038000070000070000071F000761800E80C0
0F00C00E00E00E00E01C01C01C01C01C01C01C01C0380380380380380380380704700708
700E08700E10700610E006206003C016207E9F1A>I<00E001E001E000C0000000000000
00000000000000000E00130023804380438043808700070007000E000E001C001C001C20
384038403840388019000E000B1F7E9E10>I<1E07C07C00231861860023A032030043C0
3403004380380380438038038087007007000700700700070070070007007007000E00E0
0E000E00E00E000E00E00E000E00E01C101C01C01C201C01C038201C01C038401C01C018
4038038018801801800F0024147E9328>109 D<1E07802318C023A06043C07043807043
80708700E00700E00700E00700E00E01C00E01C00E01C00E03821C03841C07041C07081C
03083803101801E017147E931B>I<03C1E004621804741C08781C08701E08701E10E01E
00E01E00E01E00E01E01C03C01C03C01C03C01C0380380780380700380E003C1C0072380
071E000700000700000E00000E00000E00000E00001C00001C0000FFC000171D819317>
112 D<1E1E0023210023C38043C7804387804383008700000700000700000700000E0000
0E00000E00000E00001C00001C00001C00001C000038000018000011147E9315>114
D<007C018203010603060706060E00078007F803FC01FE001F00077007F006F006E00440
0820301FC010147E9315>I<00C000E001C001C001C001C003800380FFF8038007000700
070007000E000E000E000E001C001C001C001C10382038203820384018800F000D1C7F9B
10>I<03C1C00C62201034701038F02038F020386040700000700000700000700000E000
00E00000E00000E02061C040F1C040F1C080E2C080446300383C0014147E931A>120
D<0F00601180702180E021C0E041C0E04380E08381C00701C00701C00701C00E03800E03
800E03800E03800E07000C07000C07000E0F00061E0003EE00000E00000E00001C007818
0078380070700060600021C0001F0000141D7E9316>I<01E02003F04007F8C00C1F8008
010000020000040000080000100000600000C0000100000200000400800801001003003F
060061FC0040F80080700013147E9315>I E /Fy 43 122 df<000FF000007FFC0001F8
0E0003E01F0007C03F000F803F000F803F000F801E000F800C000F8000000F8000000F80
00000F800000FFFFFF00FFFFFF000F801F000F801F000F801F000F801F000F801F000F80
1F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F801F000F80
1F000F801F000F801F000F801F007FF0FFE07FF0FFE01B237FA21F>12
D<0007F80FF000007FFE7FFC0001F80FF80E0003E00FE01F0007C01FC03F000F801F803F
000F801F803F000F800F801E000F800F800C000F800F8000000F800F8000000F800F8000
000F800F800000FFFFFFFFFF00FFFFFFFFFF000F800F801F000F800F801F000F800F801F
000F800F801F000F800F801F000F800F801F000F800F801F000F800F801F000F800F801F
000F800F801F000F800F801F000F800F801F000F800F801F000F800F801F000F800F801F
000F800F801F000F800F801F000F800F801F007FF07FF0FFE07FF07FF0FFE02B237FA22F
>14 D<387CFEFEFE7C3807077C8610>46 D<00180000780001F800FFF800FFF80001F800
01F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800
01F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F80001F800
7FFFE07FFFE013207C9F1C>49 D<03FC000FFF003C1FC07007E07C07F0FE03F0FE03F8FE
03F8FE01F87C01F83803F80003F80003F00003F00007E00007C0000F80001F00003E0000
380000700000E01801C0180380180700180E00380FFFF01FFFF03FFFF07FFFF0FFFFF0FF
FFF015207D9F1C>I<00FE0007FFC00F07E01E03F03F03F03F81F83F81F83F81F81F03F8
1F03F00003F00003E00007C0001F8001FE0001FF000007C00001F00001F80000FC0000FC
3C00FE7E00FEFF00FEFF00FEFF00FEFF00FC7E01FC7801F81E07F00FFFC001FE0017207E
9F1C>I<0000E00001E00003E00003E00007E0000FE0001FE0001FE00037E00077E000E7
E001C7E00187E00307E00707E00E07E00C07E01807E03807E07007E0E007E0FFFFFEFFFF
FE0007E00007E00007E00007E00007E00007E00007E000FFFE00FFFE17207E9F1C>I<10
00201E01E01FFFC01FFF801FFF001FFE001FF8001BC00018000018000018000018000019
FC001FFF001E0FC01807E01803E00003F00003F00003F80003F83803F87C03F8FE03F8FE
03F8FC03F0FC03F07007E03007C01C1F800FFF0003F80015207D9F1C>I<001F8000FFE0
03F07007C0F00F01F81F01F83E01F83E01F87E00F07C00007C0000FC0800FC7FC0FCFFE0
FD80F0FF00F8FE007CFE007CFC007EFC007EFC007EFC007E7C007E7C007E7C007E3C007C
3E007C1E00F80F00F00783E003FFC000FF0017207E9F1C>I<6000007800007FFFFE7FFF
FE7FFFFC7FFFF87FFFF87FFFF0E00060E000C0C00180C00300C00300000600000C00001C
0000180000380000780000780000F00000F00000F00001F00001F00001F00003F00003F0
0003F00003F00003F00003F00003F00001E00017227DA11C>I<00FE0003FFC00703E00E
00F01C00F01C00783C00783E00783F00783F80783FE0F01FF9E01FFFC00FFF8007FFC003
FFE007FFF01E7FF83C1FFC7807FC7801FEF000FEF0003EF0001EF0001EF0001CF8001C78
00383C00381F01F00FFFC001FF0017207E9F1C>I<FFFFFF8000FFFFFFE00007F001F800
07F000FC0007F0007E0007F0007E0007F0007F0007F0007F0007F0007F0007F0007F0007
F0007F0007F0007E0007F000FE0007F000FC0007F003F80007FFFFF00007FFFFF00007F0
01FC0007F0007E0007F0003F0007F0003F8007F0001F8007F0001FC007F0001FC007F000
1FC007F0001FC007F0001FC007F0001FC007F0003F8007F0003F8007F0007F0007F001FE
00FFFFFFF800FFFFFFC00022227EA128>66 D<0003FE0080001FFF818000FF01E38001F8
003F8003E0001F8007C0000F800F800007801F800007803F000003803F000003807F0000
01807E000001807E00000180FE00000000FE00000000FE00000000FE00000000FE000000
00FE00000000FE00000000FE000000007E000000007E000001807F000001803F00000180
3F000003801F800003000F8000030007C000060003F0000C0001F800380000FF00F00000
1FFFC0000003FE000021227DA128>I<FFFFFF8000FFFFFFF00007F003FC0007F0007E00
07F0003F0007F0001F8007F0000FC007F00007E007F00007E007F00007F007F00003F007
F00003F007F00003F007F00003F807F00003F807F00003F807F00003F807F00003F807F0
0003F807F00003F807F00003F807F00003F807F00003F007F00003F007F00003F007F000
07E007F00007E007F0000FC007F0001F8007F0003F0007F0007E0007F003FC00FFFFFFF0
00FFFFFF800025227EA12B>I<FFFFFFF8FFFFFFF807F001F807F0007807F0003807F000
1807F0001C07F0001C07F0000C07F0000C07F0180C07F0180C07F0180007F0180007F038
0007F0780007FFF80007FFF80007F0780007F0380007F0180007F0180007F0180007F018
0007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F00000FFFFE0
00FFFFE0001E227EA123>70 D<0003FE0040001FFFC0C0007F00F1C001F8003FC003F000
0FC007C00007C00FC00003C01F800003C03F000001C03F000001C07F000000C07E000000
C07E000000C0FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000
FE00000000FE000FFFFC7E000FFFFC7F00001FC07F00001FC03F00001FC03F00001FC01F
80001FC00FC0001FC007E0001FC003F0001FC001FC003FC0007F80E7C0001FFFC3C00003
FF00C026227DA12C>I<FFFFE0FFFFE003F80003F80003F80003F80003F80003F80003F8
0003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F8
0003F80003F80003F80003F80003F80003F80003F80003F80003F80003F80003F800FFFF
E0FFFFE013227FA115>73 D<FFFFFF00FFFFFFE007F007F007F001FC07F000FC07F0007E
07F0007E07F0007F07F0007F07F0007F07F0007F07F0007F07F0007E07F0007E07F000FC
07F001FC07F007F007FFFFE007FFFF0007F0000007F0000007F0000007F0000007F00000
07F0000007F0000007F0000007F0000007F0000007F0000007F0000007F00000FFFF8000
FFFF800020227EA126>80 D<01FC0407FF8C1F03FC3C007C7C003C78001C78001CF8000C
F8000CFC000CFC0000FF0000FFE0007FFF007FFFC03FFFF01FFFF80FFFFC03FFFE003FFE
0003FF00007F00003F00003FC0001FC0001FC0001FE0001EE0001EF0003CFC003CFF00F8
C7FFE080FF8018227DA11F>83 D<7FFFFFFF807FFFFFFF807E03F80F807803F807807003
F803806003F80180E003F801C0E003F801C0C003F800C0C003F800C0C003F800C0C003F8
00C00003F800000003F800000003F800000003F800000003F800000003F800000003F800
000003F800000003F800000003F800000003F800000003F800000003F800000003F80000
0003F800000003F800000003F800000003F800000003F800000003F8000003FFFFF80003
FFFFF80022227EA127>I<FFFF803FFCFFFF803FFC07F000018007F000018007F0000180
07F000018007F000018007F000018007F000018007F000018007F000018007F000018007
F000018007F000018007F000018007F000018007F000018007F000018007F000018007F0
00018007F000018007F000018007F000018007F000018007F000018007F000018003F000
030003F800030001F800060000FC000E00007E001C00003F80F800000FFFE0000001FF00
0026227EA12B>I<FFFF800FFEFFFF800FFE07F00000C007F80000C003F800018003F800
018001FC00030001FC00030001FE00070000FE00060000FF000600007F000C00007F800C
00003F801800003F801800003FC03800001FC03000001FE03000000FE06000000FF06000
0007F0C0000007F0C0000007F9C0000003F980000003FD80000001FF00000001FF000000
00FE00000000FE00000000FE000000007C000000007C0000000038000000003800002722
7FA12A>I<07FC001FFF803F07C03F03E03F01E03F01F01E01F00001F00001F0003FF003
FDF01FC1F03F01F07E01F0FC01F0FC01F0FC01F0FC01F07E02F07E0CF81FF87F07E03F18
167E951B>97 D<FF000000FF0000001F0000001F0000001F0000001F0000001F0000001F
0000001F0000001F0000001F0000001F0000001F0000001F0FE0001F3FF8001FF07C001F
801E001F001F001F000F801F000F801F000FC01F000FC01F000FC01F000FC01F000FC01F
000FC01F000FC01F000FC01F000F801F001F801F801F001FC03E001EE07C001C3FF80018
0FC0001A237EA21F>I<00FF8007FFE00F83F01F03F03E03F07E03F07C01E07C0000FC00
00FC0000FC0000FC0000FC0000FC00007C00007E00007E00003E00301F00600FC0E007FF
8000FE0014167E9519>I<0001FE000001FE0000003E0000003E0000003E0000003E0000
003E0000003E0000003E0000003E0000003E0000003E0000003E0001FC3E0007FFBE000F
81FE001F007E003E003E007E003E007C003E00FC003E00FC003E00FC003E00FC003E00FC
003E00FC003E00FC003E00FC003E007C003E007C003E003E007E001E00FE000F83BE0007
FF3FC001FC3FC01A237EA21F>I<00FE0007FF800F87C01E01E03E01F07C00F07C00F8FC
00F8FC00F8FFFFF8FFFFF8FC0000FC0000FC00007C00007C00007E00003E00181F00300F
C07003FFC000FF0015167E951A>I<003F8000FFC001E3E003C7E007C7E00F87E00F83C0
0F80000F80000F80000F80000F80000F8000FFFC00FFFC000F80000F80000F80000F8000
0F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F8000
0F80000F80007FF8007FF80013237FA211>I<03FC1E0FFF7F1F0F8F3E07CF3C03C07C03
E07C03E07C03E07C03E07C03E03C03C03E07C01F0F801FFF0013FC003000003000003800
003FFF801FFFF00FFFF81FFFFC3800FC70003EF0001EF0001EF0001EF0001E78003C7C00
7C3F01F80FFFE001FF0018217E951C>I<FF000000FF0000001F0000001F0000001F0000
001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F0000001F07E0
001F1FF8001F307C001F403C001F803E001F803E001F003E001F003E001F003E001F003E
001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E
001F003E00FFE1FFC0FFE1FFC01A237EA21F>I<1C003F007F007F007F003F001C000000
000000000000000000000000FF00FF001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F001F001F00FFE0FFE00B247EA310>I<FF00FF001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B237EA210>108
D<FF07F007F000FF1FFC1FFC001F303E303E001F403E403E001F801F801F001F801F801F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F00FFE0FFE0FFE0FFE0FFE0FFE02B167E9530>I<FF07E000
FF1FF8001F307C001F403C001F803E001F803E001F003E001F003E001F003E001F003E00
1F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E00
1F003E00FFE1FFC0FFE1FFC01A167E951F>I<00FE0007FFC00F83E01E00F03E00F87C00
7C7C007C7C007CFC007EFC007EFC007EFC007EFC007EFC007EFC007E7C007C7C007C3E00
F81F01F00F83E007FFC000FE0017167E951C>I<FF0FE000FF3FF8001FF07C001F803E00
1F001F001F001F801F001F801F000FC01F000FC01F000FC01F000FC01F000FC01F000FC0
1F000FC01F000FC01F001F801F001F801F803F001FC03E001FE0FC001F3FF8001F0FC000
1F0000001F0000001F0000001F0000001F0000001F0000001F0000001F000000FFE00000
FFE000001A207E951F>I<FE1F00FE3FC01E67E01EC7E01E87E01E87E01F83C01F00001F
00001F00001F00001F00001F00001F00001F00001F00001F00001F00001F00001F0000FF
F000FFF00013167E9517>114 D<0FF3003FFF00781F00600700E00300E00300F00300FC
00007FE0007FF8003FFE000FFF0001FF00000F80C00780C00380E00380E00380F00700FC
0E00EFFC00C7F00011167E9516>I<018000018000018000018000038000038000078000
0780000F80003F8000FFFF00FFFF000F80000F80000F80000F80000F80000F80000F8000
0F80000F80000F80000F80000F81800F81800F81800F81800F81800F830007C30003FE00
00F80011207F9F16>I<FF01FE00FF01FE001F003E001F003E001F003E001F003E001F00
3E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F003E001F00
3E001F003E001F007E001F00FE000F81BE0007FF3FC001FC3FC01A167E951F>I<FFE01F
E0FFE01FE00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0180001F030
0001F0300000F8600000F86000007CC000007CC000007FC000003F8000003F8000001F00
00001F0000000E0000000E00001B167F951E>I<FFE7FF07F8FFE7FF07F81F007800C00F
807801800F807C01800F807C018007C07E030007C0DE030007E0DE070003E0DF060003E1
8F060001F18F0C0001F38F8C0001FB079C0000FB07D80000FE03D800007E03F000007E03
F000007C01F000003C01E000003800E000001800C00025167F9528>I<FFE01FE0FFE01F
E00F8006000F8006000FC00E0007C00C0007E01C0003E0180003E0180001F0300001F030
0000F8600000F86000007CC000007CC000007FC000003F8000003F8000001F0000001F00
00000E0000000E0000000C0000000C00000018000078180000FC380000FC300000FC6000
0069C000007F8000001F0000001B207F951E>121 D E /Fz 66 124
df<000FE000007FF80000F81C0001E07C0003E07C0007C07C0007C07C0007C0380007C0
000007C0000007C0000007C1FE00FFFFFE00FFFFFE0007C03E0007C03E0007C03E0007C0
3E0007C03E0007C03E0007C03E0007C03E0007C03E0007C03E0007C03E0007C03E0007C0
3E0007C03E0007C03E0007C03E003FF9FFC03FF9FFC01A20809F1D>12
D<3807007C0F80FE1FC0FF1FE0FF1FE07F0FE03B07600300600300600600C00600C00E01
C00C0180180300700E0020040013107E9F1B>34 D<387CFEFFFF7F3B030306060E0C1870
2008107C860F>44 D<FFF0FFF0FFF0FFF00C047F8B11>I<387CFEFEFE7C3807077C860F>
I<01FC0007FF001F07C01E03C03E03E07C01F07C01F07C01F0FC01F8FC01F8FC01F8FC01
F8FC01F8FC01F8FC01F8FC01F8FC01F8FC01F8FC01F8FC01F8FC01F87C01F07C01F07C01
F03E03E01E03C01F8FC007FF0001FC00151D7E9C1A>48 D<00E00001E0000FE000FFE000
F3E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E000
03E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E000FFFF80
FFFF80111D7C9C1A>I<07F0001FFE00383F007C1F80FE0FC0FE0FC0FE0FE0FE07E07C07
E03807E0000FE0000FC0000FC0001F80001F00003E0000780000F00000E00001C0000380
600700600E00601C00E01FFFC03FFFC07FFFC0FFFFC0FFFFC0131D7D9C1A>I<01FC0007
FF000E0F801E0FC03F07E03F07E03F07E03F07E01E0FC0000FC0000F80001F0001FC0001
FC00000F800007C00003E00003F00003F83803F87C03F8FE03F8FE03F8FE03F0FC03F078
07E03C0FC01FFF8003FC00151D7E9C1A>I<0001C00003C00007C00007C0000FC0001FC0
003BC00073C00063C000C3C00183C00383C00703C00E03C00C03C01803C03803C07003C0
E003C0FFFFFEFFFFFE0007C00007C00007C00007C00007C00007C000FFFE00FFFE171D7F
9C1A>I<3803803FFF803FFF003FFE003FFC003FF0003F80003000003000003000003000
0033F80037FE003C1F00380F801007C00007C00007E00007E07807E0FC07E0FC07E0FC07
E0FC07C0780FC0600F80381F001FFC0007F000131D7D9C1A>I<003F0001FFC007E0E00F
81E01F03F01E03F03E03F07C03F07C01E07C0000FC1000FCFF00FDFFC0FD03E0FE01F0FE
01F0FC01F8FC01F8FC01F8FC01F87C01F87C01F87C01F83C01F03E01F01E03E00F07C007
FF8001FE00151D7E9C1A>I<6000007FFFF87FFFF87FFFF07FFFE07FFFC0E00180C00300
C00300C00600000C0000180000380000380000780000700000F00000F00001F00001F000
01F00001F00003F00003F00003F00003F00003F00003F00001E00000C000151E7D9D1A>
I<01FC0007FF000F07801E03C01C01E03C01E03C01E03E01E03F01E03FC3C01FE3801FFF
000FFE0007FF8007FFC01FFFE03C3FF0780FF07803F8F001F8F000F8F00078F00078F000
707800707C00E03E03C00FFF8003FC00151D7E9C1A>I<01FC000FFF001F07803E03C07C
03E07C01E0FC01F0FC01F0FC01F0FC01F8FC01F8FC01F8FC01F87C03F87C03F83E05F81F
FDF807F9F80041F80001F03C01F07E01F07E03E07E03E07E07C03C0780381F001FFC0007
F000151D7E9C1A>I<387CFEFEFE7C38000000000000387CFEFEFE7C3807147C930F>I<00
00E000000000E000000001F000000001F000000001F000000003F800000003F800000006
FC00000006FC0000000EFE0000000C7E0000000C7E000000183F000000183F000000303F
800000301F800000701FC00000600FC00000600FC00000C007E00000FFFFE00001FFFFF0
00018003F000018003F000030001F800030001F800060001FC00060000FC000E0000FE00
FFE00FFFE0FFE00FFFE0231F7E9E28>65 D<FFFFFE00FFFFFFC007C007E007C003F007C0
01F807C001FC07C001FC07C001FC07C001FC07C001FC07C001F807C003F807C007F007C0
0FE007FFFF8007FFFFC007C003F007C001F807C001FC07C000FC07C000FE07C000FE07C0
00FE07C000FE07C000FE07C000FC07C001FC07C003F807C007F0FFFFFFE0FFFFFF001F1F
7E9E25>I<0007FC02003FFF0E00FE03DE03F000FE07E0003E0FC0001E1F80001E3F0000
0E3F00000E7F0000067E0000067E000006FE000000FE000000FE000000FE000000FE0000
00FE000000FE0000007E0000007E0000067F0000063F0000063F00000C1F80000C0FC000
1807E0003803F0007000FE01C0003FFF800007FC001F1F7D9E26>I<FFFFFE0000FFFFFF
C00007E007F00007E001F80007E000FC0007E0007E0007E0003F0007E0003F0007E0001F
8007E0001F8007E0001F8007E0001FC007E0001FC007E0001FC007E0001FC007E0001FC0
07E0001FC007E0001FC007E0001FC007E0001FC007E0001F8007E0001F8007E0001F8007
E0003F0007E0003F0007E0007E0007E000FC0007E001F80007E007F000FFFFFFC000FFFF
FE0000221F7E9E28>I<FFFFFFE0FFFFFFE007E007E007E001E007E000E007E0006007E0
007007E0003007E0003007E0603007E0603007E0600007E0E00007E1E00007FFE00007FF
E00007E1E00007E0E00007E0600007E0600C07E0600C07E0000C07E0001807E0001807E0
001807E0003807E0007807E000F807E003F0FFFFFFF0FFFFFFF01E1F7E9E22>I<FFFFFF
E0FFFFFFE007E007E007E001E007E000E007E0006007E0007007E0003007E0003007E060
3007E0603007E0600007E0E00007E1E00007FFE00007FFE00007E1E00007E0E00007E060
0007E0600007E0600007E0000007E0000007E0000007E0000007E0000007E0000007E000
0007E00000FFFF8000FFFF80001C1F7E9E21>I<0007FC0200003FFF0E0000FE03DE0003
F000FE0007E0003E000FC0001E001F80001E003F00000E003F00000E007F000006007E00
0006007E00000600FE00000000FE00000000FE00000000FE00000000FE00000000FE003F
FFE0FE003FFFE07E00007E007E00007E007F00007E003F00007E003F00007E001F80007E
000FC0007E0007E0007E0003F000FE0000FE01FE00003FFF8E000007FC0600231F7D9E29
>I<FFFF0FFFF0FFFF0FFFF007E0007E0007E0007E0007E0007E0007E0007E0007E0007E
0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E00
07FFFFFE0007FFFFFE0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007
E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0007E0
007E00FFFF0FFFF0FFFF0FFFF0241F7E9E29>I<FFFFFFFF07E007E007E007E007E007E0
07E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E007E0
07E007E007E0FFFFFFFF101F7E9E14>I<FFFF00FFE0FFFF00FFE007E0001E0007E00018
0007E000300007E000600007E001C00007E003800007E006000007E00C000007E0180000
07E030000007E0F0000007E1F8000007E3F8000007E6FC000007EC7E000007F87F000007
F03F000007E01F800007E00FC00007E00FE00007E007E00007E003F00007E001F80007E0
00FC0007E000FC0007E0007E0007E0007F00FFFF03FFF0FFFF03FFF0241F7E9E29>75
D<FFE000003FF8FFF000007FF807F000007F0006F80000DF0006F80000DF0006F80000DF
00067C00019F00067C00019F00063E00031F00063E00031F00061F00061F00061F00061F
00060F800C1F00060F800C1F000607C0181F000607C0181F000607C0181F000603E0301F
000603E0301F000601F0601F000601F0601F000600F8C01F000600F8C01F0006007D801F
0006007D801F0006003F001F0006003F001F0006003F001F0006001E001F00FFF01E03FF
F8FFF00C03FFF82D1F7E9E32>77 D<FFE000FFF0FFF000FFF007F000060007F800060006
FC000600067E000600063F000600063F800600061F800600060FC006000607E006000603
F006000601F806000601FC06000600FC060006007E060006003F060006001F860006001F
C60006000FE600060007E600060003F600060001FE00060000FE00060000FE000600007E
000600003E000600001E000600000E00FFF0000600FFF0000600241F7E9E29>I<001FF8
0000FFFF0001F81F8007E007E00FC003F01F8001F81F0000F83F0000FC7F0000FE7E0000
7E7E00007EFE00007FFE00007FFE00007FFE00007FFE00007FFE00007FFE00007FFE0000
7FFE00007F7E00007E7F0000FE7F0000FE3F0000FC3F8001FC1F8001F80FC003F007E007
E001F81F8000FFFF00001FF800201F7D9E27>I<FFFFFE00FFFFFF8007E00FE007E003F0
07E001F807E001F807E001FC07E001FC07E001FC07E001FC07E001FC07E001F807E001F8
07E003F007E00FE007FFFF8007FFFE0007E0000007E0000007E0000007E0000007E00000
07E0000007E0000007E0000007E0000007E0000007E0000007E00000FFFF0000FFFF0000
1E1F7E9E24>I<FFFFF80000FFFFFF000007E01FC00007E007E00007E003F00007E003F0
0007E003F80007E003F80007E003F80007E003F80007E003F00007E003F00007E007E000
07E01FC00007FFFF000007FFFC000007E03E000007E01F000007E00F800007E00F800007
E00FC00007E00FC00007E00FC00007E00FE00007E00FE00007E00FE00007E00FE03007E0
07F03007E003F860FFFF01FFC0FFFF007F80241F7E9E27>82 D<03FC080FFF381E03F838
00F8700078700038F00038F00018F00018F80000FC00007FC0007FFE003FFF801FFFE00F
FFF007FFF000FFF80007F80000FC00007C00003CC0003CC0003CC0003CE00038E00078F8
0070FE01E0E7FFC081FF00161F7D9E1D>I<7FFFFFFC7FFFFFFC7C07E07C7007E01C6007
E00C6007E00CE007E00EC007E006C007E006C007E006C007E0060007E0000007E0000007
E0000007E0000007E0000007E0000007E0000007E0000007E0000007E0000007E0000007
E0000007E0000007E0000007E0000007E0000007E00003FFFFC003FFFFC01F1E7E9D24>
I<FFFE003FF8FFFE003FF807E000038007E000030007F000070003F000060003F8000E00
01F8000C0001FC000C0000FC00180000FC001800007E003000007E003000003F00600000
3F006000003F80E000001F80C000001FC1C000000FC18000000FE180000007E300000007
E300000003F600000003F600000003FE00000001FC00000001FC00000000F800000000F8
000000007000000000700000251F7F9E28>86 D<FFFE0FFFC0FFE0FFFE0FFFC0FFE00FC0
00FC000E000FE000FC000E0007E000FE000C0007E000FE000C0003F000FE00180003F001
FF00180003F001BF00180001F801BF00300001F8031F80300001FC031F80700000FC031F
80600000FC060FC06000007E060FC0C000007E0E0FE0C000007E0C07E0C000003F0C07E1
8000003F1803F18000003F9803F38000001F9803F30000001FB001FB0000000FF001FE00
00000FF001FE0000000FE000FE00000007E000FC00000007C0007C00000007C0007C0000
0003C0007800000003800038000000018000300000331F7F9E36>I<3FFFFF803FFFFF80
3F803F003E007F0038007E003800FC007001FC007001F8006003F0006007F0006007E000
000FC000001FC000001F8000003F0000007F0000007E000000FC000001FC018001F80180
03F0018007F0018007E003800FC003801FC003001F8007003F000F007F001F007E007F00
FFFFFF00FFFFFF00191F7D9E20>90 D<FFFFFFE0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0
E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0FFFFFF082D7BA10F>I<0400800E
01C0180300300600700E00600C00600C00C01800C01800DC1B80FE1FC0FF1FE0FF1FE07F
0FE03E07C01C038013107B9F1B>I<FFFFFF070707070707070707070707070707070707
070707070707070707070707070707070707070707FFFFFF082D7FA10F>I<07FC001FFF
003F0F803F07C03F03E03F03E00C03E00003E0007FE007FBE01F03E03C03E07C03E0F803
E0F803E0F803E0FC05E07E0DE03FF8FE0FE07E17147F9319>97 D<FF0000FF00001F0000
1F00001F00001F00001F00001F00001F00001F00001F00001F00001F1FC01F7FF01FE0F8
1F807C1F007E1F003E1F003E1F003F1F003F1F003F1F003F1F003F1F003F1F003E1F003E
1F007C1F807C1EC1F81C7FE0181F8018207E9F1D>I<01FE0007FF801F0FC03E0FC03E0F
C07C0FC07C0300FC0000FC0000FC0000FC0000FC0000FC00007C00007E00003E00603F00
C01F81C007FF0001FC0013147E9317>I<0007F80007F80000F80000F80000F80000F800
00F80000F80000F80000F80000F80000F801F8F80FFEF81F83F83E01F87E00F87C00F87C
00F8FC00F8FC00F8FC00F8FC00F8FC00F8FC00F87C00F87C00F87E00F83E01F81F07F80F
FEFF03F8FF18207E9F1D>I<01FE0007FF800F83C01E01E03E00F07C00F07C00F8FC00F8
FFFFF8FFFFF8FC0000FC0000FC00007C00007C00003E00181E00180F807007FFE000FF80
15147F9318>I<001F8000FFC001F3E003E7E003C7E007C7E007C3C007C00007C00007C0
0007C00007C000FFFC00FFFC0007C00007C00007C00007C00007C00007C00007C00007C0
0007C00007C00007C00007C00007C00007C00007C00007C0003FFC003FFC0013207F9F10
>I<01FC3C07FFFE0F079E1E03DE3E03E03E03E03E03E03E03E03E03E01E03C00F07800F
FF0009FC001800001800001C00001FFF800FFFF007FFF81FFFFC3C007C70003EF0001EF0
001EF0001E78003C78003C3F01F80FFFE001FF00171E7F931A>I<FF0000FF00001F0000
1F00001F00001F00001F00001F00001F00001F00001F00001F00001F0FC01F3FE01F61F0
1FC0F81F80F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F8
1F00F81F00F81F00F8FFE3FFFFE3FF18207D9F1D>I<1C003E003F007F003F003E001C00
000000000000000000000000FF00FF001F001F001F001F001F001F001F001F001F001F00
1F001F001F001F001F001F00FFE0FFE00B217EA00E>I<0038007C00FE00FE00FE007C00
3800000000000000000000000001FE01FE003E003E003E003E003E003E003E003E003E00
3E003E003E003E003E003E003E003E003E003E003E303E783EFC3CFC7C78783FF01FC00F
2A83A010>I<FF0000FF00001F00001F00001F00001F00001F00001F00001F00001F0000
1F00001F00001F01FE1F01FE1F00F01F00C01F03801F07001F0C001F18001F7C001FFC00
1F9E001F0F001E0F801E07C01E03C01E01E01E01F01E00F8FFC3FFFFC3FF18207E9F1C>
I<FF00FF001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F001F
001F001F001F001F001F001F001F001F001F001F001F001F00FFE0FFE00B207E9F0E>I<
FE0FE03F80FE1FF07FC01E70F9C3E01E407D01F01E807E01F01F807E01F01F007C01F01F
007C01F01F007C01F01F007C01F01F007C01F01F007C01F01F007C01F01F007C01F01F00
7C01F01F007C01F01F007C01F01F007C01F0FFE3FF8FFEFFE3FF8FFE27147D932C>I<FE
0FC0FE3FE01E61F01EC0F81E80F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F
00F81F00F81F00F81F00F81F00F81F00F8FFE3FFFFE3FF18147D931D>I<01FF0007FFC0
1F83F03E00F83E00F87C007C7C007CFC007EFC007EFC007EFC007EFC007EFC007E7C007C
7C007C3E00F83E00F81F83F007FFC001FF0017147F931A>I<FF1FC0FF7FF01FE1F81F80
FC1F007E1F007E1F003E1F003F1F003F1F003F1F003F1F003F1F003F1F003E1F007E1F00
7C1F80FC1FC1F81F7FE01F1F801F00001F00001F00001F00001F00001F00001F0000FFE0
00FFE000181D7E931D>I<01F81807FE381F87783F01F83E01F87E00F87C00F8FC00F8FC
00F8FC00F8FC00F8FC00F8FC00F87C00F87E00F87E00F83F01F81F87F80FFEF803F8F800
00F80000F80000F80000F80000F80000F80000F80007FF0007FF181D7E931C>I<FE3E00
FE7F801ECFC01E8FC01E8FC01F8FC01F03001F00001F00001F00001F00001F00001F0000
1F00001F00001F00001F00001F0000FFF000FFF00012147E9316>I<0FE63FFE701E600E
E006E006F800FFC07FF83FFC1FFE03FE001FC007C007E007F006F81EFFFCC7F010147E93
15>I<01800180018003800380038007800F803F80FFFCFFFC0F800F800F800F800F800F
800F800F800F800F800F860F860F860F860F8607CC03F801F00F1D7F9C14>I<FF07F8FF
07F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F00F81F
00F81F00F81F01F81F01F80F06F807FCFF03F8FF18147D931D>I<FFE07F80FFE07F801F
001C000F8018000F80180007C0300007C0300003E0600003E0600001F0C00001F0C00001
F9C00000F9800000FF8000007F0000007F0000003E0000003E0000001C0000001C000019
147F931C>I<FFE7FE1FE0FFE7FE1FE01F00F003001F00F803000F80F806000F80F80600
07C1BC0C0007C1BC0C0007C1BE0C0003E31E180003E31E180001F60F300001F60F300001
F60FB00000FC07E00000FC07E000007803C000007803C000007803C00000300180002314
7F9326>I<FFE1FF00FFE1FF000F80700007C0E00007E0C00003E1800001F3800000FF00
00007E0000003E0000003F0000007F8000006F800000C7C0000183E0000381F0000701F8
000E00FC00FF81FF80FF81FF8019147F931C>I<FFE07F80FFE07F801F001C000F801800
0F80180007C0300007C0300003E0600003E0600001F0C00001F0C00001F9C00000F98000
00FF8000007F0000007F0000003E0000003E0000001C0000001C00000018000000180000
78300000FC300000FC600000C0E00000E1C000007F8000001E000000191D7F931C>I<3F
FFE03FFFE03C07C0380F80701F80603F00603E00607C0000F80001F80003F00003E06007
C0600F80601F80E03F00C03E01C07C03C0FFFFC0FFFFC013147F9317>I<FFFFFF80FFFF
FF801902808C1A>I E /FA 45 122 df<FFFFFFFFFFFFFFFFFFFFFFFF10067F9016>45
D<003F800001FFF00007E0FC000FC07E001F803F001F001F003F001F803E000F807E000F
C07E000FC07E000FC07E000FC0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE0FE000F
E0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE0FE000F
E07E000FC07E000FC07E000FC07E000FC03F001F803F001F801F001F001F803F000FC07E
0007E0FC0001FFF000003F80001B277DA622>48 D<000E00001E00007E0007FE00FFFE00
FFFE00F8FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE00
00FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE00
00FE0000FE0000FE0000FE0000FE0000FE0000FE007FFFFE7FFFFE7FFFFE17277BA622>
I<00FF800007FFF0000FFFFC001E03FE003800FF807C003F80FE003FC0FF001FC0FF001F
E0FF000FE0FF000FE07E000FE03C001FE000001FE000001FC000001FC000003F8000003F
0000007E000000FC000000F8000001F0000003E00000078000000F0000001E0000003C00
E0007000E000E000E001C001C0038001C0060001C00FFFFFC01FFFFFC03FFFFFC07FFFFF
C0FFFFFF80FFFFFF80FFFFFF801B277DA622>I<007F800003FFF00007FFFC000F80FE00
1F007F003F807F003F803F803F803F803F803F801F803F801F003F8000007F0000007F00
00007E000000FC000001F8000007F00000FFC00000FFC0000001F80000007E0000003F00
00003F8000001FC000001FC000001FE000001FE03C001FE07E001FE0FF001FE0FF001FE0
FF001FC0FF003FC0FE003F807C007F003F00FE001FFFFC0007FFF00000FF80001B277DA6
22>I<00000E0000001E0000003E0000007E000000FE000000FE000001FE000003FE0000
077E00000E7E00000E7E00001C7E0000387E0000707E0000E07E0000E07E0001C07E0003
807E0007007E000E007E000E007E001C007E0038007E0070007E00E0007E00FFFFFFF8FF
FFFFF8FFFFFFF80000FE000000FE000000FE000000FE000000FE000000FE000000FE0000
00FE00007FFFF8007FFFF8007FFFF81D277EA622>I<180003001F801F001FFFFE001FFF
FC001FFFF8001FFFF0001FFFC0001FFF00001C0000001C0000001C0000001C0000001C00
00001C0000001C0000001C7FC0001DFFF8001F80FC001E003F0008003F0000001F800000
1FC000001FC000001FE000001FE018001FE07C001FE0FE001FE0FE001FE0FE001FE0FE00
1FC0FC001FC078003F8078003F803C007F001F01FE000FFFFC0003FFF00000FF80001B27
7DA622>I<0007F800003FFE0000FFFF0001FC078003F00FC007C01FC00F801FC01F801F
C01F001FC03F000F803F0000007E0000007E0000007E000000FE020000FE1FF000FE3FFC
00FE603E00FE801F00FF801F80FF000FC0FF000FC0FE000FE0FE000FE0FE000FE0FE000F
E07E000FE07E000FE07E000FE07E000FE03E000FE03F000FC01F000FC01F001F800F801F
0007E07E0003FFFC0001FFF800003FC0001B277DA622>I<380000003E0000003FFFFFF0
3FFFFFF03FFFFFF07FFFFFE07FFFFFC07FFFFF807FFFFF0070000E0070000E0070001C00
E0003800E0007000E000E0000001E0000001C000000380000007800000070000000F0000
001F0000001E0000003E0000003E0000007E0000007C0000007C000000FC000000FC0000
00FC000000FC000001FC000001FC000001FC000001FC000001FC000001FC000001FC0000
00F80000007000001C297CA822>I<003FC00001FFF00003FFFC0007C07E000F003F001E
001F001E000F803E000F803E000F803F000F803F800F803FC00F803FF01F001FFC1E001F
FE3C000FFFF8000FFFE00007FFF80001FFFC0001FFFE0007FFFF000F0FFF801E03FFC03E
01FFC07C007FE07C001FE0F8000FE0F80007E0F80003E0F80003E0F80003E0F80003C07C
0003C07E0007803F000F001FC03F000FFFFC0003FFF800007FC0001B277DA622>I<007F
800001FFF00007FFF8000FC0FC001F803E003F001F007E001F807E001F807E000F80FE00
0FC0FE000FC0FE000FC0FE000FE0FE000FE0FE000FE0FE000FE0FE000FE07E001FE07E00
1FE03F003FE01F002FE00F80CFE007FF8FE001FF0FE000080FE000000FC000000FC00000
0FC000001F803E001F807F001F807F003F007F003E007F007E007E00FC003E03F8001FFF
E0000FFF800001FE00001B277DA622>I<00000780000000000780000000000FC0000000
000FC0000000000FC0000000001FE0000000001FE0000000003FF0000000003FF0000000
003FF00000000077F80000000077F800000000F7FC00000000E3FC00000000E3FC000000
01C1FE00000001C1FE00000003C1FF0000000380FF0000000380FF00000007007F800000
07007F8000000F007FC000000E003FC000000E003FC000001C001FE000001C001FE00000
3FFFFFF000003FFFFFF000003FFFFFF00000700007F80000700007F80000F00007FC0000
E00003FC0000E00003FC0001C00001FE0001C00001FE0003C00001FF00FFFE003FFFFCFF
FE003FFFFCFFFE003FFFFC2E297EA833>65 D<00007FE0030007FFFC07001FFFFF0F007F
F00F9F00FF0001FF01FC0000FF03F800007F07F000003F0FE000001F1FC000001F1FC000
000F3F8000000F3F800000077F800000077F800000077F00000000FF00000000FF000000
00FF00000000FF00000000FF00000000FF00000000FF00000000FF00000000FF00000000
7F000000007F800000007F800000073F800000073F800000071FC00000071FC000000E0F
E000000E07F000001C03F800003C01FC00007800FF0001F0007FF007C0001FFFFF800007
FFFE0000007FF00028297CA831>67 D<FFFFFFFFE0FFFFFFFFE0FFFFFFFFE003FC001FE0
03FC0007F003FC0001F003FC0001F003FC0000F003FC00007003FC00007003FC00007003
FC01C07803FC01C03803FC01C03803FC01C03803FC03C00003FC03C00003FC0FC00003FF
FFC00003FFFFC00003FFFFC00003FC0FC00003FC03C00003FC03C00003FC01C00E03FC01
C00E03FC01C00E03FC01C01C03FC00001C03FC00001C03FC00001C03FC00003C03FC0000
3803FC00007803FC0000F803FC0001F803FC0003F803FC001FF8FFFFFFFFF0FFFFFFFFF0
FFFFFFFFF027297EA82C>69 D<FFFFFFFFC0FFFFFFFFC0FFFFFFFFC003FC003FC003FC00
0FE003FC0003E003FC0001E003FC0001E003FC0000E003FC0000E003FC0000E003FC0000
F003FC01C07003FC01C07003FC01C07003FC01C00003FC03C00003FC03C00003FC0FC000
03FFFFC00003FFFFC00003FFFFC00003FC0FC00003FC03C00003FC03C00003FC01C00003
FC01C00003FC01C00003FC01C00003FC00000003FC00000003FC00000003FC00000003FC
00000003FC00000003FC00000003FC00000003FC000000FFFFFC0000FFFFFC0000FFFFFC
000024297EA82A>I<FFFFF00FFFFFFFFFF00FFFFFFFFFF00FFFFF03FC00003FC003FC00
003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00
003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00
003FC003FC00003FC003FFFFFFFFC003FFFFFFFFC003FFFFFFFFC003FC00003FC003FC00
003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00
003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00003FC003FC00
003FC003FC00003FC003FC00003FC003FC00003FC0FFFFF00FFFFFFFFFF00FFFFFFFFFF0
0FFFFF30297EA835>72 D<FFFFFCFFFFFCFFFFFC01FE0001FE0001FE0001FE0001FE0001
FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001
FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001FE0001
FE0001FE0001FE0001FE0001FE0001FE00FFFFFCFFFFFCFFFFFC16297FA819>I<FFFFF0
01FFFCFFFFF001FFFCFFFFF001FFFC03FC00001E0003FC00003C0003FC0000780003FC00
00F00003FC0001E00003FC0003C00003FC0007000003FC001E000003FC003C000003FC00
78000003FC00F0000003FC01E0000003FC0380000003FC07C0000003FC1FC0000003FC3F
E0000003FC7FF0000003FCFFF8000003FDE7F8000003FF83FC000003FF03FE000003FE01
FF000003FC00FF000003FC007F800003FC007FC00003FC003FE00003FC001FE00003FC00
0FF00003FC000FF80003FC0007F80003FC0003FC0003FC0001FE0003FC0001FF0003FC00
00FF0003FC00007F80FFFFF00FFFFEFFFFF00FFFFEFFFFF00FFFFE2F297EA835>75
D<FFFC00007FFFFFFE00007FFFFFFF00007FFF03FF800001C003FFC00001C003BFE00001
C0039FE00001C0039FF00001C0038FF80001C00387FC0001C00383FE0001C00381FF0001
C00380FF8001C003807F8001C003807FC001C003803FE001C003801FF001C003800FF801
C0038007FC01C0038003FC01C0038003FE01C0038001FF01C0038000FF81C00380007FC1
C00380003FE1C00380001FF1C00380000FF1C00380000FF9C003800007FDC003800003FF
C003800001FFC003800000FFC0038000007FC0038000007FC0038000003FC0038000001F
C0038000000FC00380000007C0FFFE000003C0FFFE000001C0FFFE000001C030297EA835
>78 D<FFFFFFF800FFFFFFFF00FFFFFFFFC003FC003FE003FC0007F003FC0003F803FC00
03FC03FC0001FC03FC0001FE03FC0001FE03FC0001FE03FC0001FE03FC0001FE03FC0001
FE03FC0001FE03FC0001FC03FC0003FC03FC0003F803FC0007F003FC003FE003FFFFFF80
03FFFFFE0003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003
FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC00000003FC
00000003FC00000003FC000000FFFFF00000FFFFF00000FFFFF0000027297EA82E>80
D<FFFFFFE00000FFFFFFFE0000FFFFFFFF800003FC003FE00003FC000FF00003FC0007F8
0003FC0003FC0003FC0001FC0003FC0001FE0003FC0001FE0003FC0001FE0003FC0001FE
0003FC0001FE0003FC0001FE0003FC0001FC0003FC0003F80003FC0007F80003FC000FE0
0003FC003FC00003FFFFFE000003FFFFFE000003FC00FF800003FC003FC00003FC001FE0
0003FC000FF00003FC0007F80003FC0007F80003FC0007F80003FC0007F80003FC0007F8
0003FC0007F80003FC0007F80003FC0007F80003FC0007F80003FC0007F80E03FC0007F8
0E03FC0003F80E03FC0001FC1CFFFFF000FE1CFFFFF0007FF8FFFFF0000FE02F297EA832
>82 D<00FF00C003FFE1C00FFFF9C01F80FFC03F003FC03E000FC07C0007C07C0007C0FC
0003C0FC0003C0FC0001C0FE0001C0FE0001C0FF000000FFC000007FFC00007FFFE0003F
FFF8001FFFFE001FFFFF0007FFFF8003FFFFC000FFFFC0000FFFE000007FE000001FF000
000FF0000007F0E00003F0E00003F0E00003F0E00003F0F00003E0F00003E0F80007E0FC
0007C0FF000F80FFE01F80E3FFFF00E1FFFC00C01FF0001C297CA825>I<7FFFFFFFFF80
7FFFFFFFFF807FFFFFFFFF807F807F807F807C007F800F8078007F80078078007F800780
70007F800380F0007F8003C0F0007F8003C0E0007F8001C0E0007F8001C0E0007F8001C0
E0007F8001C0E0007F8001C000007F80000000007F80000000007F80000000007F800000
00007F80000000007F80000000007F80000000007F80000000007F80000000007F800000
00007F80000000007F80000000007F80000000007F80000000007F80000000007F800000
00007F80000000007F80000000007F80000000007F80000000007F80000000007F800000
00FFFFFFC00000FFFFFFC00000FFFFFFC0002A287EA72F>I<3FFFFFFF003FFFFFFF003F
FFFFFF003FF001FE003F8003FC003F0007FC003E0007F8003C000FF00078001FF0007800
1FE00078003FE00070003FC00070007F80007000FF80007000FF00000001FE00000003FE
00000003FC00000007F80000000FF80000000FF00000001FF00000001FE00000003FC000
00007FC00380007F80038000FF00038001FF00038001FE00038003FC00078007FC000780
07F80007800FF8000F000FF0000F001FE0001F003FE0003F003FC000FF007F8003FF00FF
FFFFFF00FFFFFFFF00FFFFFFFF0021297CA829>90 D<03FF80000FFFF0001F01FC003F80
FE003F807F003F803F003F803F801F003F8000003F8000003F8000003F8000003F80003F
FF8001FC3F800FE03F801F803F803F003F807E003F80FC003F80FC003F80FC003F80FC00
3F80FC005F807E00DF803F839FFC1FFE0FFC03F803FC1E1B7E9A21>97
D<003FF00001FFFC0003F03E000FC07F001F807F003F007F003F007F007F003E007E0000
007E000000FE000000FE000000FE000000FE000000FE000000FE000000FE0000007E0000
007E0000007F0000003F0003803F8003801F8007000FE00E0003F83C0001FFF800003FC0
00191B7E9A1E>99 D<00007FF000007FF000007FF0000007F0000007F0000007F0000007
F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0000007F0003F87
F001FFF7F007F03FF00FC00FF01F8007F03F0007F03F0007F07E0007F07E0007F07E0007
F0FE0007F0FE0007F0FE0007F0FE0007F0FE0007F0FE0007F0FE0007F0FE0007F07E0007
F07E0007F03F0007F03F0007F01F800FF00FC01FF007E07FFF01FFE7FF007F87FF202A7E
A925>I<003FC00001FFF00003E07C000F803E001F801F001F001F003F000F807E000F80
7E000FC07E000FC0FE0007C0FE0007C0FFFFFFC0FFFFFFC0FE000000FE000000FE000000
7E0000007E0000007F0000003F0001C01F0001C00F80038007C0070003F01E0000FFFC00
003FE0001A1B7E9A1F>I<0007F8003FFC007E3E01FC7F03F87F03F07F07F07F07F03E07
F00007F00007F00007F00007F00007F00007F000FFFFC0FFFFC0FFFFC007F00007F00007
F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007
F00007F00007F00007F00007F00007F00007F0007FFF807FFF807FFF80182A7EA915>I<
007F80F001FFE3F807C0FE1C0F807C7C1F003E7C1F003E103F003F003F003F003F003F00
3F003F003F003F003F003F001F003E001F003E000F807C0007C0F80005FFE0000C7F8000
180000001C0000001C0000001E0000001FFFF8001FFFFF000FFFFFC007FFFFE003FFFFF0
0FFFFFF03E0007F07C0001F8F80000F8F80000F8F80000F8F80000F87C0001F07C0001F0
3F0007E00FC01F8007FFFF00007FF0001E287E9A22>I<FFE00000FFE00000FFE000000F
E000000FE000000FE000000FE000000FE000000FE000000FE000000FE000000FE000000F
E000000FE000000FE000000FE07E000FE1FF800FE30FC00FE40FE00FE807E00FF807F00F
F007F00FF007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00F
E007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F0FF
FE3FFFFFFE3FFFFFFE3FFF202A7DA925>I<07000FC01FE03FE03FE03FE01FE00FC00700
0000000000000000000000000000FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE00FE0
0FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE0FFFEFFFEFFFE0F2B7EAA
12>I<FFE00000FFE00000FFE000000FE000000FE000000FE000000FE000000FE000000F
E000000FE000000FE000000FE000000FE000000FE000000FE000000FE03FF80FE03FF80F
E03FF80FE007000FE00E000FE03C000FE078000FE0F0000FE1E0000FE3C0000FE780000F
EFC0000FFFE0000FFFE0000FF7F0000FE3F8000FC1FC000FC1FC000FC0FE000FC07F000F
C07F000FC03F800FC01FC00FC01FC0FFFC7FFCFFFC7FFCFFFC7FFC1E2A7EA923>107
D<FFE0FFE0FFE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F
E00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00FE00F
E00FE00FE00FE0FFFEFFFEFFFE0F2A7EA912>I<FFC07F001FC000FFC1FFC07FF000FFC3
07E0C1F8000FC407F101FC000FC803F200FC000FD803FE00FE000FD003FC00FE000FD003
FC00FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F8
00FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F800
FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F800FE000FE003F800FE
000FE003F800FE00FFFE3FFF8FFFE0FFFE3FFF8FFFE0FFFE3FFF8FFFE0331B7D9A38>I<
FFC07E00FFC1FF80FFC30FC00FC40FE00FC807E00FD807F00FD007F00FD007F00FE007F0
0FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F0
0FE007F00FE007F00FE007F00FE007F00FE007F00FE007F0FFFE3FFFFFFE3FFFFFFE3FFF
201B7D9A25>I<003FE00001FFFC0003F07E000FC01F801F800FC03F0007E03F0007E07E
0003F07E0003F07E0003F0FE0003F8FE0003F8FE0003F8FE0003F8FE0003F8FE0003F8FE
0003F8FE0003F87E0003F07E0003F03F0007E03F0007E01F800FC00FC01F8007F07F0001
FFFC00003FE0001D1B7E9A22>I<FFE1FE00FFE7FF80FFFE0FE00FF803F00FF001F80FE0
01FC0FE000FC0FE000FE0FE000FE0FE0007F0FE0007F0FE0007F0FE0007F0FE0007F0FE0
007F0FE0007F0FE0007F0FE0007E0FE000FE0FE000FE0FE000FC0FE001FC0FF001F80FF8
03F00FFC0FE00FEFFF800FE1FC000FE000000FE000000FE000000FE000000FE000000FE0
00000FE000000FE000000FE00000FFFE0000FFFE0000FFFE000020277E9A25>I<FFC3E0
FFC7F8FFCC7C0FD8FE0FD0FE0FD0FE0FF0FE0FE07C0FE0000FE0000FE0000FE0000FE000
0FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE0000FE000FFFF00
FFFF00FFFF00171B7E9A1B>114 D<03FE300FFFF03E03F07800F07000F0F00070F00070
F80070FE0000FFE0007FFF007FFFC03FFFE01FFFF007FFF800FFF80007FC0000FCE0007C
E0003CF0003CF00038F80038FC0070FF01E0E7FFC0C1FF00161B7E9A1B>I<0070000070
0000700000700000F00000F00000F00001F00003F00003F00007F0001FFFE0FFFFE0FFFF
E007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F00007F0
0007F00007F07007F07007F07007F07007F07007F07007F07003F0E001F8C000FFC0003F
0014267FA51A>I<FFE07FF0FFE07FF0FFE07FF00FE007F00FE007F00FE007F00FE007F0
0FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F00FE007F0
0FE007F00FE007F00FE007F00FE007F00FE007F00FE00FF00FE00FF007E017F003F067FF
01FFC7FF007F87FF201B7D9A25>I<FFFE07FFFFFE07FFFFFE07FF07F000E007F000E007
F801E003F801C003F801C001FC038001FC038001FE078000FE070000FF0F00007F0E0000
7F0E00003F9C00003F9C00003FFC00001FF800001FF800000FF000000FF000000FF00000
07E0000007E0000003C0000003C000201B7F9A23>I<FFFC7FFC1FFCFFFC7FFC1FFCFFFC
7FFC1FFC0FE00FE001C007F007E0038007F007E0038007F807F0078003F807F0070003F8
07F8070001FC0FF80E0001FC0FF80E0001FE1FFC1E0000FE1CFC1C0000FE1CFE1C0000FF
387E3C00007F387E3800007F787F3800003FF03F7000003FF03F7000003FE01FF000001F
E01FE000001FE01FE000000FC00FC000000FC00FC000000FC00FC0000007800780000007
800780002E1B7F9A31>I<FFFE07FFFFFE07FFFFFE07FF07F000E007F000E007F801E003
F801C003F801C001FC038001FC038001FE078000FE070000FF0F00007F0E00007F0E0000
3F9C00003F9C00003FFC00001FF800001FF800000FF000000FF0000007F0000007E00000
07E0000003C0000003C000000380000003800000078000380700007C070000FE0E0000FE
0E0000FE1C0000FE3800007C7000003FE000000F80000020277F9A23>121
D E /FB 88 124 df<003FC00000E0700003801C0007000E000F000F001E0007803E0007
C03C0003C07C0003E07C0003E07C0003E07C0003E07C0003E07C0003E07C0003E03C0003
C03E0007C01E0007801E0007800E0007000F000F0007000E0003000C0003801C00018018
00818018108080101040C03020404020207FC03FE03FC03FC03FC03FC01C207E9F21>10
D<001F83E000F06E3001C078780380F8780300F030070070000700700007007000070070
00070070000700700007007000FFFFFF8007007000070070000700700007007000070070
000700700007007000070070000700700007007000070070000700700007007000070070
00070070000700700007007000070070007FE3FF001D20809F1B>I<003F0000E0C001C0
C00381E00701E00701E0070000070000070000070000070000070000FFFFE00700E00700
E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700
E00700E00700E00700E00700E07FC3FE1720809F19>I<003FE000E0E001C1E00381E007
00E00700E00700E00700E00700E00700E00700E00700E0FFFFE00700E00700E00700E007
00E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E007
00E00700E00700E07FE7FE1720809F19>I<001F81F80000F04F040001C07C06000380F8
0F000300F00F000700F00F00070070000007007000000700700000070070000007007000
000700700000FFFFFFFF0007007007000700700700070070070007007007000700700700
070070070007007007000700700700070070070007007007000700700700070070070007
00700700070070070007007007000700700700070070070007007007007FE3FE3FF02420
809F26>I<07070F1C383060C00808779F17>19 D<3E004100808080808080808041003E
00090874A022>23 D<70F8F8F8F8F8F8F870707070707070707070202020202000000000
0070F8F8F87005217CA00D>33 D<7038F87CFC7EFC7E743A040204020402080408041008
1008201040200F0E7E9F17>I<000300C0000300C0000300C0000300C000060180000601
80000601800006018000060180000C0300000C0300000C0300000C0300000C0300001806
007FFFFFFCFFFFFFFE00300C0000300C0000300C0000300C000060180000601800006018
0000601800FFFFFFFE7FFFFFFC00C0300001806000018060000180600001806000018060
000300C0000300C0000300C0000300C0000300C0000601800006018000060180001F297D
9F26>I<70F8FCFC74040404080810102040060E7C9F0D>39 D<00200040008001000200
06000C000C00180018003000300030007000600060006000E000E000E000E000E000E000
E000E000E000E000E000E0006000600060007000300030003000180018000C000C000600
020001000080004000200B2E7DA112>I<800040002000100008000C0006000600030003
0001800180018001C000C000C000C000E000E000E000E000E000E000E000E000E000E000
E000E000C000C000C001C001800180018003000300060006000C00080010002000400080
000B2E7DA112>I<00060000000600000006000000060000000600000006000000060000
0006000000060000000600000006000000060000000600000006000000060000FFFFFFF0
FFFFFFF00006000000060000000600000006000000060000000600000006000000060000
000600000006000000060000000600000006000000060000000600001C207D9A23>43
D<70F8FCFC74040404080810102040060E7C840D>I<FFC0FFC00A027F8A0F>I<70F8F8F8
7005057C840D>I<000100030003000600060006000C000C000C00180018001800300030
003000600060006000C000C000C00180018001800300030003000600060006000C000C00
0C00180018001800300030003000600060006000C000C000C000102D7DA117>I<03F000
0E1C001C0E00180600380700700380700380700380700380F003C0F003C0F003C0F003C0
F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0F003C0700380700380700380
7807803807001806001C0E000E1C0003F000121F7E9D17>I<018003800F80F380038003
800380038003800380038003800380038003800380038003800380038003800380038003
80038003800380038007C0FFFE0F1E7C9D17>I<03F0000C1C00100E0020070040078080
0780F007C0F803C0F803C0F803C02007C00007C0000780000780000F00000E00001C0000
380000700000600000C0000180000300000600400C00401800401000803FFF807FFF80FF
FF80121E7E9D17>I<03F0000C1C00100E00200F00780F80780780780780380F80000F80
000F00000F00000E00001C0000380003F000003C00000E00000F000007800007800007C0
2007C0F807C0F807C0F807C0F00780400780400F00200E001C3C0003F000121F7E9D17>
I<000600000600000E00000E00001E00002E00002E00004E00008E00008E00010E00020E
00020E00040E00080E00080E00100E00200E00200E00400E00C00E00FFFFF0000E00000E
00000E00000E00000E00000E00000E0000FFE0141E7F9D17>I<1803001FFE001FFC001F
F8001FE00010000010000010000010000010000010000011F000161C00180E0010070010
07800003800003800003C00003C00003C07003C0F003C0F003C0E0038040038040070020
0600100E000C380003E000121F7E9D17>I<007C000182000701000E03800C07801C0780
380300380000780000700000700000F1F000F21C00F40600F80700F80380F80380F003C0
F003C0F003C0F003C0F003C07003C07003C07003803803803807001807000C0E00061C00
01F000121F7E9D17>I<4000007FFFC07FFF807FFF804001008002008002008004000008
0000080000100000200000200000400000400000C00000C00001C0000180000380000380
00038000038000078000078000078000078000078000078000078000030000121F7D9D17
>I<03F0000C0C001006003003002001806001806001806001807001807803003E03003F
06001FC8000FF00003F80007FC000C7E00103F00300F806003804001C0C001C0C000C0C0
00C0C000C0C000806001802001001002000C0C0003F000121F7E9D17>I<03F0000E1800
1C0C00380600380700700700700380F00380F00380F003C0F003C0F003C0F003C0F003C0
7007C07007C03807C0180BC00E13C003E3C0000380000380000380000700300700780600
780E00700C002018001070000FC000121F7E9D17>I<70F8F8F870000000000000000000
0070F8F8F87005147C930D>I<70F8F8F8700000000000000000000070F0F8F878080808
101010202040051D7C930D>I<7FFFFFE0FFFFFFF0000000000000000000000000000000
0000000000000000000000000000000000FFFFFFF07FFFFFE01C0C7D9023>61
D<0FC0307040384038E03CF03CF03C603C0038007000E000C00180018001000300020002
0002000200020002000000000000000000000007000F800F800F8007000E207D9F15>63
D<000100000003800000038000000380000007C0000007C0000007C0000009E0000009E0
000009E0000010F0000010F0000010F00000207800002078000020780000403C0000403C
0000403C0000801E0000801E0000FFFE0001000F0001000F0001000F0002000780020007
8002000780040003C00E0003C01F0007E0FFC03FFE1F207F9F22>65
D<FFFFE0000F80380007801E0007801F0007800F0007800F8007800F8007800F8007800F
8007800F8007800F0007801F0007801E0007803C0007FFF00007803C0007801E0007800F
0007800F8007800780078007C0078007C0078007C0078007C0078007C00780078007800F
8007800F0007801F000F803C00FFFFF0001A1F7E9E20>I<000FC040007030C001C009C0
038005C0070003C00E0001C01E0000C01C0000C03C0000C07C0000407C00004078000040
F8000000F8000000F8000000F8000000F8000000F8000000F8000000F8000000F8000000
780000007C0000407C0000403C0000401C0000401E0000800E0000800700010003800200
01C0040000703800000FC0001A217D9F21>I<FFFFE0000F803C0007801E000780070007
800380078003C0078001E0078001E0078001F0078000F0078000F0078000F8078000F807
8000F8078000F8078000F8078000F8078000F8078000F8078000F8078000F0078000F007
8000F0078001E0078001E0078003C0078003800780070007800E000F803C00FFFFE0001D
1F7E9E23>I<FFFFFF000F800F0007800300078003000780010007800180078000800780
008007800080078080800780800007808000078080000781800007FF8000078180000780
800007808000078080000780800007800020078000200780002007800040078000400780
0040078000C0078000C0078001800F800F80FFFFFF801B1F7E9E1F>I<FFFFFF000F800F
000780030007800300078001000780018007800080078000800780008007800080078080
000780800007808000078080000781800007FF8000078180000780800007808000078080
000780800007800000078000000780000007800000078000000780000007800000078000
000FC00000FFFE0000191F7E9E1E>I<000FE0200078186000E004E0038002E0070001E0
0F0000E01E0000601E0000603C0000603C0000207C00002078000020F8000000F8000000
F8000000F8000000F8000000F8000000F8000000F8007FFCF80003E0780001E07C0001E0
3C0001E03C0001E01E0001E01E0001E00F0001E0070001E0038002E000E0046000781820
000FE0001E217D9F24>I<FFF8FFF80F800F8007800F0007800F0007800F0007800F0007
800F0007800F0007800F0007800F0007800F0007800F0007800F0007800F0007FFFF0007
800F0007800F0007800F0007800F0007800F0007800F0007800F0007800F0007800F0007
800F0007800F0007800F0007800F0007800F000F800F80FFF8FFF81D1F7E9E22>I<FFFC
0FC007800780078007800780078007800780078007800780078007800780078007800780
07800780078007800780078007800780078007800FC0FFFC0E1F7F9E10>I<0FFFC0007C
00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C
00003C00003C00003C00003C00003C00003C00003C00003C00003C00203C00F83C00F83C
00F83C00F0380040780040700030E0000F800012207E9E17>I<FFFC0FFC0FC003E00780
018007800100078002000780040007800800078010000780200007804000078080000781
00000783000007878000078F80000793C0000791E00007A1E00007C0F0000780F0000780
780007803C0007803C0007801E0007801E0007800F000780078007800780078007C00FC0
07E0FFFC3FFC1E1F7E9E23>I<FFFE000FC0000780000780000780000780000780000780
000780000780000780000780000780000780000780000780000780000780000780000780
0007800207800207800207800207800607800407800407800C07801C0F807CFFFFFC171F
7E9E1C>I<FF80001FF80F80001F800780001F0005C0002F0005C0002F0005C0002F0004
E0004F0004E0004F000470008F000470008F000470008F000438010F000438010F000438
010F00041C020F00041C020F00041C020F00040E040F00040E040F00040E040F00040708
0F000407080F000407080F000403900F000403900F000401E00F000401E00F000401E00F
000E00C00F001F00C01F80FFE0C1FFF8251F7E9E2A>I<FF803FF807C007C007C0038005
E0010005E0010004F001000478010004780100043C0100043C0100041E0100040F010004
0F010004078100040781000403C1000401E1000401E1000400F1000400F1000400790004
003D0004003D0004001F0004001F0004000F0004000700040007000E0003001F000300FF
E001001D1F7E9E22>I<001F800000F0F00001C0380007801E000F000F000E0007001E00
07803C0003C03C0003C07C0003E0780001E0780001E0F80001F0F80001F0F80001F0F800
01F0F80001F0F80001F0F80001F0F80001F0F80001F0780001E07C0003E07C0003E03C00
03C03C0003C01E0007800E0007000F000F0007801E0001C0380000F0F000001F80001C21
7D9F23>I<FFFFE0000F80780007801C0007801E0007800F0007800F8007800F8007800F
8007800F8007800F8007800F8007800F0007801E0007801C000780780007FFE000078000
000780000007800000078000000780000007800000078000000780000007800000078000
000780000007800000078000000FC00000FFFC0000191F7E9E1F>I<001F800000F0F000
01C0380007801E000F000F000E0007001E0007803C0003C03C0003C07C0003E07C0003E0
780001E0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0F80001F0
F80001F0780001E0780001E07C0003E03C0003C03C0F03C01E1087800E2047000F204F00
07A03E0001E0380000F0F010001FB01000003010000038300000387000003FF000001FE0
00001FE000000FC0000007801C297D9F23>I<FFFF80000F80F0000780780007803C0007
801E0007801E0007801F0007801F0007801F0007801F0007801E0007801E0007803C0007
8078000780F00007FF80000781C0000780E0000780F00007807000078078000780780007
80780007807C0007807C0007807C0007807C0407807E0407803E040FC01E08FFFC0F1000
0003E01E207E9E21>I<07E0800C1980100780300380600180600180E00180E00080E000
80E00080F00000F000007800007F00003FF0001FFC000FFE0003FF00001F800007800003
C00003C00001C08001C08001C08001C08001C0C00180C00380E00300F00600CE0C0081F8
0012217D9F19>I<7FFFFFE0780F01E0600F0060400F0020400F0020C00F0030800F0010
800F0010800F0010800F0010000F0000000F0000000F0000000F0000000F0000000F0000
000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000
000F0000000F0000000F0000000F0000001F800007FFFE001C1F7E9E21>I<FFFC3FF80F
C007C0078003800780010007800100078001000780010007800100078001000780010007
800100078001000780010007800100078001000780010007800100078001000780010007
80010007800100078001000780010007800100038002000380020001C0020001C0040000
E008000070180000382000000FC0001D207E9E22>I<FFF003FE1F8000F80F0000600F80
0060078000400780004003C0008003C0008003C0008001E0010001E0010001F0010000F0
020000F0020000F806000078040000780400003C0800003C0800003C0800001E1000001E
1000001F3000000F2000000F20000007C0000007C0000007C00000038000000380000003
8000000100001F207F9E22>I<FFF07FF81FF01F800FC007C00F00078003800F00078001
000F0007C00100078007C00200078007C00200078007C0020003C009E0040003C009E004
0003C009E0040003E010F00C0001E010F0080001E010F0080001F02078080000F0207810
0000F02078100000F0403C10000078403C20000078403C20000078C03E2000003C801E40
00003C801E4000003C801E4000001F000F8000001F000F8000001F000F8000001E000780
00000E00070000000E00070000000C000300000004000200002C207F9E2F>I<7FF83FF8
0FE00FC007C0070003C0020001E0040001F00C0000F0080000781000007C1000003C2000
003E4000001E4000000F8000000F8000000780000003C0000007E0000005E0000009F000
0018F8000010780000207C0000603C0000401E0000801F0001800F0001000780020007C0
070003C01F8007E0FFE01FFE1F1F7F9E22>I<FFF003FF1F8000F80F8000600780004007
C0004003E0008001E0008001F0010000F0030000F80200007C0400003C0400003E080000
1E0800001F1000000FB0000007A0000007C0000003C0000003C0000003C0000003C00000
03C0000003C0000003C0000003C0000003C0000003C0000003C0000007C000007FFE0020
1F7F9E22>I<7FFFF87C00F87000F06001E04001E0C003C0C003C0800780800F80800F00
001E00001E00003C00003C0000780000F80000F00001E00001E00003C00403C004078004
0F80040F000C1E000C1E00083C00183C0018780038F801F8FFFFF8161F7D9E1C>I<FEFE
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0FEFE072D7CA10D>I<080410082010201040204020804080408040B85CFC7E
FC7E7C3E381C0F0E7B9F17>I<FEFE060606060606060606060606060606060606060606
0606060606060606060606060606060606060606FEFE072D7FA10D>I<1FE00030300078
1800781C00300E00000E00000E00000E0000FE00078E001E0E00380E00780E00F00E10F0
0E10F00E10F01E10781E103867200F83C014147E9317>97 D<0E0000FE00000E00000E00
000E00000E00000E00000E00000E00000E00000E00000E00000E3E000EC3800F01C00F00
E00E00E00E00700E00700E00780E00780E00780E00780E00780E00780E00700E00700E00
E00F00E00D01C00CC300083E0015207F9F19>I<03F80E0C1C1E381E380C70007000F000
F000F000F000F000F00070007000380138011C020E0C03F010147E9314>I<000380003F
8000038000038000038000038000038000038000038000038000038000038003E380061B
801C0780380380380380700380700380F00380F00380F00380F00380F00380F003807003
807003803803803807801C07800E1B8003E3F815207E9F19>I<03F0000E1C001C0E0038
0700380700700700700380F00380F00380FFFF80F00000F00000F0000070000070000038
00801800800C010007060001F80011147F9314>I<007C00C6018F038F07060700070007
000700070007000700FFF007000700070007000700070007000700070007000700070007
00070007000700070007007FF01020809F0E>I<0000E003E3300E3C301C1C30380E0078
0F00780F00780F00780F00780F00380E001C1C001E380033E00020000020000030000030
00003FFE001FFF800FFFC03001E0600070C00030C00030C00030C000306000603000C01C
038003FC00141F7F9417>I<0E0000FE00000E00000E00000E00000E00000E00000E0000
0E00000E00000E00000E00000E3E000E43000E81800F01C00F01C00E01C00E01C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0FFE7FC
16207F9F19>I<1C001E003E001E001C000000000000000000000000000E007E000E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A1F80
9E0C>I<00E001F001F001F000E0000000000000000000000000007007F000F000700070
007000700070007000700070007000700070007000700070007000700070007000700070
00706070F060F0C061803F000C28829E0E>I<0E0000FE00000E00000E00000E00000E00
000E00000E00000E00000E00000E00000E00000E0FF00E03C00E03000E02000E04000E08
000E10000E30000E70000EF8000F38000E1C000E1E000E0E000E07000E07800E03800E03
C00E03E0FFCFF815207F9F18>I<0E00FE000E000E000E000E000E000E000E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00
0E000E00FFE00B20809F0C>I<0E1F01F000FE618618000E81C81C000F00F00E000F00F0
0E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E
000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E000E00E00E00
FFE7FE7FE023147F9326>I<0E3E00FE43000E81800F01C00F01C00E01C00E01C00E01C0
0E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0FFE7FC
16147F9319>I<01F800070E001C03803801C03801C07000E07000E0F000F0F000F0F000
F0F000F0F000F0F000F07000E07000E03801C03801C01C0380070E0001F80014147F9317
>I<0E3E00FEC3800F01C00F00E00E00E00E00F00E00700E00780E00780E00780E00780E
00780E00780E00700E00F00E00E00F01E00F01C00EC3000E3E000E00000E00000E00000E
00000E00000E00000E00000E0000FFE000151D7F9319>I<03E0800619801C05803C0780
380380780380700380F00380F00380F00380F00380F00380F00380700380780380380380
3807801C0B800E138003E380000380000380000380000380000380000380000380000380
003FF8151D7E9318>I<0E78FE8C0F1E0F1E0F0C0E000E000E000E000E000E000E000E00
0E000E000E000E000E000E00FFE00F147F9312>I<1F9030704030C010C010C010E00078
007F803FE00FF00070803880188018C018C018E030D0608F800D147E9312>I<02000200
0200060006000E000E003E00FFF80E000E000E000E000E000E000E000E000E000E000E00
0E080E080E080E080E080610031001E00D1C7F9B12>I<0E01C0FE1FC00E01C00E01C00E
01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E
03C00603C0030DC001F1FC16147F9319>I<FF83F81E01E01C00C00E00800E00800E0080
07010007010003820003820003820001C40001C40001EC0000E80000E800007000007000
00700000200015147F9318>I<FF9FE1FC3C0780701C0300601C0380200E0380400E0380
400E03C0400707C0800704C0800704E080038861000388710003C8730001D0320001D03A
0000F03C0000E01C0000E01C0000601800004008001E147F9321>I<7FC3FC0F01E00701
C007018003810001C20000E40000EC00007800003800003C00007C00004E000087000107
000303800201C00601E01E01E0FF07FE1714809318>I<FF83F81E01E01C00C00E00800E
00800E008007010007010003820003820003820001C40001C40001EC0000E80000E80000
7000007000007000002000002000004000004000004000F08000F08000F100006200003C
0000151D7F9318>I<3FFF380E200E201C40384078407000E001E001C00380078007010E
011E011C0338027006700EFFFE10147F9314>I<FFFFFC1601808C17>I
E /FC 8 122 df<FFFCFFFC001C00380070007000E001E001C003C00380078007800700
0F000F000F000F001E001E001E001E001E001E000E187E9713>55
D<07801FE0387070307038E038E018E01CE01CE01CE01C703C707C3FFC1F9C001C001800
3800380070206061C03F801F000E187E9713>57 D<007FC001FFF007C0F00F00301E0000
3C00003C0000780000780000F00000F00000F00000F00000F00000F00000F00000F00000
7800007800003C00003C00001E00100F003007C0F001FFE0007F80141A7E9919>67
D<07E01FF83C3C381C700E6006E007E007E007E007E007F00F700E781E3C3C1FF807E010
117F9013>111 D<E7C0FFF0F878F038E01CE01CE00EE00EE00EE00EE00EE01CE01CF038
F070FFE0E7C0E000E000E000E000E000E000E0000F187D9014>I<E7EFFFFCF0F0E0E0E0
E0E0E0E0E0E0E0E008117D900D>114 D<1C001C001C001C00FFC0FFC01C001C001C001C
001C001C001C001C001C001C001C001C001C200FE00F800B157F940E>116
D<E00EE00E700C701C781C383838381C381C700C700E600E6006E006C003C00380038003
800300030006008600FC00F8000F187F9012>121 D E /FD 71 124
df<00FC7C0183C607078E0607040E07000E07000E07000E07000E07000E0700FFFFF00E
07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E07000E
07000E07007F0FF0171A809916>11 D<00FC000182000703000607000E02000E00000E00
000E00000E00000E0000FFFF000E07000E07000E07000E07000E07000E07000E07000E07
000E07000E07000E07000E07000E07000E07007F0FE0131A809915>I<007E1F8001C170
400703C060060380E00E0380400E0380000E0380000E0380000E0380000E038000FFFFFF
E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380E00E0380
E00E0380E00E0380E00E0380E00E0380E00E0380E07F8FE3FC1E1A809920>14
D<60C0F1E0F9F068D0081008100810102010202040C1800C0B7F9913>34
D<60F0F868080808101020C0050B7D990B>39 D<00800100020004000C00080018003000
300030006000600060006000E000E000E000E000E000E000E000E000E000E00060006000
60006000300030003000180008000C00040002000100008009267D9B0F>I<8000400020
001000180008000C00060006000600030003000300030003800380038003800380038003
8003800380038003000300030003000600060006000C0008001800100020004000800009
267E9B0F>I<000C0000000C0000000C0000000C0000000C0000000C0000000C0000000C
0000000C0000000C0000000C0000000C0000FFFFFF80FFFFFF80000C0000000C0000000C
0000000C0000000C0000000C0000000C0000000C0000000C0000000C0000000C0000000C
0000191A7E951E>43 D<60F0F07010101020204080040B7D830B>I<FFC0FFC00A028088
0D>I<60F0F06004047D830B>I<0004000C00180018001800300030003000600060006000
C000C000C00180018001800300030003000600060006000C000C000C0018001800180030
0030003000600060006000C000C0000E257E9B13>I<078018603030303060186018E01C
E01CE01CE01CE01CE01CE01CE01CE01CE01CE01CE01C6018601870383030186007800E18
7E9713>I<03000700FF0007000700070007000700070007000700070007000700070007
000700070007000700070007000700FFF00C187D9713>I<0F80106020304038803CC01C
E01C401C003C003800380070006000C001800100020004040804100430083FF87FF8FFF8
0E187E9713>I<0F8010E02070607870382038007800700070006000C00F8000E0007000
38003C003CE03CE03CC03C4038407030E00F800E187E9713>I<00300030007000F000F0
01700370027004700C7008701070307020704070C070FFFF007000700070007000700070
07FF10187F9713>I<30183FF03FE03FC02000200020002000200027C038602030003800
18001C001C401CE01CE01C80184038403030E00F800E187E9713>I<01E006100C181838
3038300070006000E000E7C0E860F030F018E018E01CE01CE01C601C601C701830183030
186007C00E187E9713>I<40007FFE7FFC7FFC4008801080108020004000400080018001
800100030003000300030007000700070007000700070002000F197E9813>I<07801860
3030201860186018601870103C303E600F8007C019F030F86038401CC00CC00CC00CC00C
6008201018600FC00E187E9713>I<07801860303070306018E018E018E01CE01CE01C60
1C603C303C185C0F9C001C00180018003870307060604021801F000E187E9713>I<60F0
F060000000000000000060F0F06004107D8F0B>I<60F0F060000000000000000060F0F0
701010102020408004177D8F0B>I<FFFFFF80FFFFFF8000000000000000000000000000
0000000000000000000000FFFFFF80FFFFFF80190A7E8D1E>61 D<000C0000000C000000
0C0000001E0000001E0000003F0000002700000027000000438000004380000043800000
81C0000081C0000081C0000100E0000100E00001FFE00002007000020070000600780004
0038000400380008001C0008001C001C001E00FF00FFC01A1A7F991D>65
D<FFFF000E01C00E00E00E00700E00780E00780E00780E00780E00780E00F00E00E00E03
C00FFF800E01E00E00700E00780E003C0E003C0E003C0E003C0E003C0E00380E00780E00
F00E01E0FFFF80161A7E991B>I<003F0201C0C603002E0E001E1C000E1C000638000678
0002700002700002F00000F00000F00000F00000F00000F0000070000270000278000238
00041C00041C00080E000803003001C0C0003F00171A7E991C>I<FFFFE00E00E00E0060
0E00200E00300E00100E00100E00100E04000E04000E04000E0C000FFC000E0C000E0400
0E04000E04000E00000E00000E00000E00000E00000E00000E00000E0000FFF000141A7E
9919>70 D<FFE7FF0E00700E00700E00700E00700E00700E00700E00700E00700E00700E
00700E00700FFFF00E00700E00700E00700E00700E00700E00700E00700E00700E00700E
00700E00700E0070FFE7FF181A7E991D>72 D<FFE00E000E000E000E000E000E000E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFE00B
1A7F990E>I<FFF0000E00000E00000E00000E00000E00000E00000E00000E00000E0000
0E00000E00000E00000E00000E00000E00000E00000E00200E00200E00200E00600E0040
0E00400E00C00E03C0FFFFC0131A7E9918>76 D<FE01FF0F00380F00100B80100B801009
C01008E01008E010087010087010083810081C10081C10080E10080E1008071008039008
03900801D00801D00800F00800700800700800301C0030FF8010181A7E991D>78
D<007F000001C1C000070070000E0038001C001C003C001E0038000E0078000F00700007
00F0000780F0000780F0000780F0000780F0000780F0000780F0000780F000078078000F
0078000F0038000E003C001E001C001C000E0038000700700001C1C000007F0000191A7E
991E>I<FFFF000E03C00E00E00E00700E00700E00780E00780E00780E00780E00700E00
700E00E00E03C00FFF000E00000E00000E00000E00000E00000E00000E00000E00000E00
000E00000E0000FFE000151A7E991A>I<FFFC00000E0780000E01C0000E00E0000E00F0
000E00F0000E00F0000E00F0000E00F0000E00E0000E01C0000E0780000FFC00000E0600
000E0300000E0180000E01C0000E01C0000E01C0000E01E0000E01E0000E01E0000E01E0
800E00F0800E007100FFE03E00191A7E991C>82 D<0FC21836200E6006C006C002C002C0
02E00070007E003FE01FF807FC003E000E00070003800380038003C002C006E004D81887
E0101A7E9915>I<7FFFFF00701C0700401C0100401C0100C01C0180801C0080801C0080
801C0080001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000
001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000001C0000
03FFE000191A7F991C>I<FFE1FF0E00380E00100E00100E00100E00100E00100E00100E
00100E00100E00100E00100E00100E00100E00100E00100E00100E00100E00100E001006
002007002003004001804000C180003E00181A7E991D>I<FF801FC01E000F001C000600
0E0004000E000400070008000700080007000800038010000380100003C0300001C02000
01C0200000E0400000E0400000E040000070800000708000003900000039000000390000
001E0000001E0000001E0000000C0000000C00001A1A7F991D>I<FF83FF0FF03C007801
C01C007800801C007800800E007801000E007801000E009C010007009C020007009C0200
07010E020007010E020003810E04000382070400038207040001C207080001C403880001
C403880000E403900000E403900000E801D000007801E000007801E000007000E0000070
00E000003000C0000020004000241A7F9927>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07257D9B0B>91
D<1830204040804080810081008100B160F9F078F030600C0B7B9913>I<FEFE06060606
0606060606060606060606060606060606060606060606060606060606FEFE0725809B0B
>I<3F8070C070E020700070007007F01C7030707070E070E071E071E0F171FB1E3C1010
7E8F13>97 D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C0000
1CF8001F0E001E07001C03801C01801C01C01C01C01C01C01C01C01C01C01C01C01C0380
1C03001E07001B0C0010F000121A7F9915>I<07F80C1C381C30087000E000E000E000E0
00E000E0007000300438080C1807E00E107F8F11>I<007E00000E00000E00000E00000E
00000E00000E00000E00000E00000E0003CE000C3E00380E00300E00700E00E00E00E00E
00E00E00E00E00E00E00E00E00600E00700E00381E001C2E0007CFC0121A7F9915>I<07
C01C3030187018600CE00CFFFCE000E000E000E0006000300438080C1807E00E107F8F11
>I<01F0031807380E100E000E000E000E000E000E00FFC00E000E000E000E000E000E00
0E000E000E000E000E000E000E000E007FE00D1A80990C>I<0FCE187330307038703870
387038303018602FC02000600070003FF03FFC1FFE600FC003C003C003C0036006381C07
E010187F8F13>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C
00001CF8001D0C001E0E001E0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C
0E001C0E001C0E001C0E00FF9FC0121A7F9915>I<18003C003C00180000000000000000
0000000000FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C00FF
80091A80990A>I<018003C003C001800000000000000000000000000FC001C001C001C0
01C001C001C001C001C001C001C001C001C001C001C001C001C001C001C041C0E180E300
7E000A2182990C>I<FC00001C00001C00001C00001C00001C00001C00001C00001C0000
1C00001C3F801C1E001C18001C10001C20001C40001DC0001FE0001CE0001C70001C7800
1C38001C1C001C1E001C1F00FF3FC0121A7F9914>I<FC001C001C001C001C001C001C00
1C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00
FF80091A80990A>I<FC7C1F001D8E63801E0781C01E0781C01C0701C01C0701C01C0701
C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C0FF9FE7
F81D107F8F20>I<FCF8001D0C001E0E001E0E001C0E001C0E001C0E001C0E001C0E001C
0E001C0E001C0E001C0E001C0E001C0E00FF9FC012107F8F15>I<07E01C38300C700E60
06E007E007E007E007E007E0076006700E381C1C3807E010107F8F13>I<FCF8001F0E00
1E07001C03801C03801C01C01C01C01C01C01C01C01C01C01C01C01C03801C03001E0700
1F0C001CF0001C00001C00001C00001C00001C00001C0000FF800012177F8F15>I<03C2
000C2600381E00300E00700E00E00E00E00E00E00E00E00E00E00E00E00E00700E00700E
00381E001C2E0007CE00000E00000E00000E00000E00000E00000E00007FC012177F8F14
>I<FCE01D701E701E201C001C001C001C001C001C001C001C001C001C001C00FFC00C10
7F8F0F>I<1F2060E04020C020C020F0007F003FC01FE000F080708030C030C020F0408F
800C107F8F0F>I<0400040004000C000C001C003C00FFC01C001C001C001C001C001C00
1C001C001C201C201C201C201C200E4003800B177F960F>I<FC7E001C0E001C0E001C0E
001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C0E001C1E000C2E0007CF
C012107F8F15>I<FF1F803C06001C04001C04001E0C000E08000E080007100007100007
900003A00003A00001C00001C00001C00000800011107F8F14>I<FF3F9F803C0E070038
0E06001C1604001C1704001E170C000E2308000E2388000F239800074190000741D00003
C1E0000380E0000380E0000180C0000100400019107F8F1C>I<FF3F803C1C001C18000E
100007200007600003C00001C00001E00003E000027000043800083800181C00381E00FC
3FC012107F8F14>I<FF1F803C06001C04001C04001E0C000E08000E0800071000071000
07900003A00003A00001C00001C00001C000008000008000010000010000E10000E20000
E4000078000011177F8F14>I<7FF86070407040E041C041C00380070007000E081C081C
08381070107030FFF00D107F8F11>I<FFFFC01201808913>I E /FE
3 49 df<FFFFC0FFFFC012027D8618>0 D<0C000C008C40EDC07F800C007F80EDC08C40
0C000C000A0B7D8B10>3 D<081C1C3838383070706060C0C0060D7E8D09>48
D E /FF 1 14 df<0003FE0000000FFF8000003C01E00000F000780001C0001C00030000
060006000003000C0000018018000000C018000000C03000000060300000006060000000
3060000000306000000030C000000018C000000018C000000018C000000018C000000018
C000000018C000000018C000000018C00000001860000000306000000030600000003030
00000060300000006018000000C018000000C00C000001800600000300030000060001C0
001C0000F0007800003C01E000000FFF80000003FE000025277E9D2A>13
D E /FG 40 123 df<007E1F0001C1B1800303E3C00703C3C00E03C1800E01C0000E01C0
000E01C0000E01C0000E01C0000E01C000FFFFFC000E01C0000E01C0000E01C0000E01C0
000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0000E01C0
000E01C0000E01C0000E01C0007F87FC001A1D809C18>11 D<007E0001C1800301800703
C00E03C00E01800E00000E00000E00000E00000E0000FFFFC00E01C00E01C00E01C00E01
C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01
C07F87F8151D809C17>I<60F0F0701010101020204080040C7C830C>44
D<FFE0FFE00B0280890E>I<60F0F06004047C830C>I<030007003F00C700070007000700
070007000700070007000700070007000700070007000700070007000700070007000700
07000F80FFF80D1C7C9B15>49 D<03E00C301008200C20066006600660067006780C3E08
3FB01FE007F007F818FC307E601E600FC007C003C003C003C00360026004300C1C1007E0
101D7E9B15>56 D<03C00C301818300C700C600EE006E006E007E007E007E007E0076007
700F300F18170C2707C700060006000E300C780C78187010203030C00F80101D7E9B15>
I<000600000006000000060000000F0000000F0000000F00000017800000178000001780
000023C0000023C0000023C0000041E0000041E0000041E0000080F0000080F0000180F8
000100780001FFF80003007C0002003C0002003C0006003E0004001E0004001E000C001F
001E001F00FF80FFF01C1D7F9C1F>65 D<001F808000E0618001801980070007800E0003
801C0003801C00018038000180780000807800008070000080F0000000F0000000F00000
00F0000000F0000000F0000000F0000000F0000000700000807800008078000080380000
801C0001001C0001000E000200070004000180080000E03000001FC000191E7E9C1E>67
D<FFFFF80F00780F00180F00080F00080F000C0F00040F00040F02040F02000F02000F02
000F06000FFE000F06000F02000F02000F02000F02000F00000F00000F00000F00000F00
000F00000F00000F8000FFF800161C7E9B1B>70 D<001F808000E0618001801980070007
800E0003801C0003801C00018038000180780000807800008070000080F0000000F00000
00F0000000F0000000F0000000F0000000F000FFF0F0000F807000078078000780780007
80380007801C0007801C0007800E00078007000B800180118000E06080001F80001C1E7E
9C21>I<FFF00F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00
0F000F000F000F000F000F000F000F000F000F000F00FFF00C1C7F9B0F>73
D<003F800000E0E0000380380007001C000E000E001C0007003C00078038000380780003
C0780003C0700001C0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001
E0F00001E0700001C0780003C0780003C0380003803C0007801C0007000E000E0007001C
000380380000E0E000003F80001B1E7E9C20>79 D<FFFF800F00E00F00780F003C0F001C
0F001E0F001E0F001E0F001E0F001E0F001C0F003C0F00780F00E00FFF800F00000F0000
0F00000F00000F00000F00000F00000F00000F00000F00000F00000F0000FFF000171C7E
9B1C>I<07E0801C1980300580700380600180E00180E00080E00080E00080F00000F800
007C00007FC0003FF8001FFE0007FF0000FF80000F800007C00003C00001C08001C08001
C08001C0C00180C00180E00300D00200CC0C0083F800121E7E9C17>83
D<1FC000307000783800781C00301C00001C00001C0001FC000F1C00381C00701C00601C
00E01C40E01C40E01C40603C40304E801F870012127E9115>97 D<FC00001C00001C0000
1C00001C00001C00001C00001C00001C00001C00001C00001C7C001D86001E03001C0180
1C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E01C00C01C01C01C01801E0300
19060010F800131D7F9C17>I<07E00C301878307870306000E000E000E000E000E000E0
0060007004300418080C3007C00E127E9112>I<003F0000070000070000070000070000
070000070000070000070000070000070003E7000C1700180F00300700700700600700E0
0700E00700E00700E00700E00700E00700600700700700300700180F000C370007C7E013
1D7E9C17>I<03E00C301818300C700E6006E006FFFEE000E000E000E000600070023002
18040C1803E00F127F9112>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FF
E00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E007FE00F
1D809C0D>I<00038003C4C00C38C01C3880181800381C00381C00381C00381C00181800
1C38000C300013C0001000003000001800001FF8001FFF001FFF803003806001C0C000C0
C000C0C000C06001803003001C0E0007F800121C7F9215>I<FC00001C00001C00001C00
001C00001C00001C00001C00001C00001C00001C00001C7C001C87001D03001E03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03
80FF9FF0141D7F9C17>I<18003C003C0018000000000000000000000000000000FC001C
001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C00FF80091D7F
9C0C>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00
001C3FC01C0F001C0C001C08001C10001C20001C40001CE0001DE0001E70001C78001C38
001C3C001C1C001C0E001C0F001C0F80FF9FE0131D7F9C16>107
D<FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C001C001C001C001C001C001C00FF80091D7F9C0C>I<FC7E07E0001C
838838001D019018001E01E01C001C01C01C001C01C01C001C01C01C001C01C01C001C01
C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C0
1C001C01C01C00FF8FF8FF8021127F9124>I<FC7C001C87001D03001E03801C03801C03
801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380FF9F
F014127F9117>I<03F0000E1C00180600300300700380600180E001C0E001C0E001C0E0
01C0E001C0E001C06001807003803003001806000E1C0003F00012127F9115>I<FC7C00
1D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E01C01C0
1C01C01C01801E03001D06001CF8001C00001C00001C00001C00001C00001C00001C0000
FF8000131A7F9117>I<03C1000C3300180B00300F00700700700700E00700E00700E007
00E00700E00700E00700600700700700300F00180F000C370007C7000007000007000007
00000700000700000700000700003FE0131A7E9116>I<FCE01D301E781E781C301C001C
001C001C001C001C001C001C001C001C001C001C00FFC00D127F9110>I<1F9030704030
C010C010E010F8007F803FE00FF000F880388018C018C018E010D0608FC00D127F9110>
I<04000400040004000C000C001C003C00FFE01C001C001C001C001C001C001C001C001C
001C101C101C101C101C100C100E2003C00C1A7F9910>I<FC1F801C03801C03801C0380
1C03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C07800C0780
0E1B8003E3F014127F9117>I<FF07E03C03801C01001C01000E02000E02000704000704
0007040003880003880003D80001D00001D00000E00000E00000E00000400013127F9116
>I<FF3FCFE03C0F03801C0701801C0701001C0B01000E0B82000E0B82000E1182000711
C4000711C4000720C40003A0E80003A0E80003C0680001C0700001C07000018030000080
20001B127F911E>I<FF07E03C03801C01001C01000E02000E0200070400070400070400
03880003880003D80001D00001D00000E00000E00000E000004000004000008000008000
F08000F10000F300006600003C0000131A7F9116>121 D<7FFC70386038407040F040E0
41C003C0038007000F040E041C043C0C380870087038FFF80E127F9112>I
E /FH 7 117 df<00038000000380000007C0000007C0000007C000000FE000000FE000
001FF000001BF000001BF0000031F8000031F8000061FC000060FC0000E0FE0000C07E00
00C07E0001803F0001FFFF0003FFFF8003001F8003001F8006000FC006000FC00E000FE0
0C0007E0FFC07FFEFFC07FFE1F1C7E9B24>65 D<0FF8001C1E003E0F803E07803E07C01C
07C00007C0007FC007E7C01F07C03C07C07C07C0F807C0F807C0F807C0780BC03E13F80F
E1F815127F9117>97 D<FF0000FF00001F00001F00001F00001F00001F00001F00001F00
001F00001F00001F3F801FE1E01F80701F00781F003C1F003C1F003E1F003E1F003E1F00
3E1F003E1F003E1F003C1F003C1F00781F80701EC1E01C3F00171D7F9C1B>I<03FC000E
0E001C1F003C1F00781F00780E00F80000F80000F80000F80000F80000F8000078000078
01803C01801C03000E0E0003F80011127E9115>I<FE3E00FE47001E8F801E8F801E8F80
1F07001F00001F00001F00001F00001F00001F00001F00001F00001F00001F0000FFF000
FFF00011127F9114>114 D<1FD830786018E018E018F000FF807FE07FF01FF807FC007C
C01CC01CE01CE018F830CFC00E127E9113>I<0300030003000300070007000F000F003F
FCFFFC1F001F001F001F001F001F001F001F001F001F0C1F0C1F0C1F0C0F08079803F00E
1A7F9913>I E /FI 14 123 df<3078FCFC7830060676851A>46
D<003E0001FF8003FFC007C1E00F00E01E0F703C3FF0387FF07070F870E07870E078E1C0
38E1C038E1C038E1C038E1C038E1C038E1C038E1C03870E07070E0707070E0387FE03C3F
C01E0F000F003807C0F803FFF001FFE0003F00151E7E9D1A>64 D<1FF0003FFC007FFE00
780F00300700000380000380007F8007FF801FFF803F8380780380700380E00380E00380
E00380700780780F803FFFFC1FFDFC07F0FC16157D941A>97 D<00FF8003FFC00FFFE01F
01E03C00C0780000700000700000E00000E00000E00000E00000E0000070000070000078
00703C00701F01F00FFFE003FFC000FE0014157D941A>99 D<001FC0001FC0001FC00001
C00001C00001C00001C00001C00001C001F1C007FDC00FFFC01E0FC03C07C07803C07001
C0E001C0E001C0E001C0E001C0E001C0E001C0E001C07003C07003C03807C03E0FC01FFF
FC07FDFC01F1FC161E7E9D1A>I<01F80007FF000FFF801E07C03C01C07800E07000E0E0
0070E00070FFFFF0FFFFF0FFFFF0E000007000007000007800703C00701F01F00FFFE003
FFC000FE0014157D941A>I<00C00001E00001E00000C000000000000000000000000000
0000000000007FE0007FE0007FE00000E00000E00000E00000E00000E00000E00000E000
00E00000E00000E00000E00000E00000E00000E00000E0007FFF80FFFFC07FFF80121F7C
9E1A>105 D<FFE000FFE000FFE00000E00000E00000E00000E00000E00000E00000E000
00E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E000
00E00000E00000E00000E00000E000FFFFE0FFFFE0FFFFE0131E7D9D1A>108
D<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C1C1C001C1C1C001C1C1C
001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C
007F1F1F00FF9F9F807F1F1F00191580941A>I<FE3E00FEFF80FFFFC00FC1C00F80E00F
00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E
00E0FFE3FEFFE7FEFFE3FE17157F941A>I<01F00007FC001FFF003E0F803C07807803C0
7001C0E000E0E000E0E000E0E000E0E000E0E000E0F001E07001C07803C03C07803E0F80
1FFF0007FC0001F00013157D941A>I<07FB801FFF807FFF80780780E00380E00380E003
807800007FC0003FFC0007FE00003F800007806001C0E001C0E001C0F003C0FC0780FFFF
00EFFE00E3F80012157C941A>115 D<FF83FEFFC7FEFF83FE3800383800381C00701C00
701C00701C38701C7C701C7C700E6CE00E6CE00EEEE00EEEE00EEEE00EC6E006C6C007C7
C007C7C003838017157F941A>119 D<7FFFF0FFFFF0FFFFF0E001E0E003C0E00780000F
00001E00003C0000780000F00001E00003C0000780000F00381E00383C0038780038FFFF
F8FFFFF8FFFFF815157E941A>122 D E /FJ 6 116 df<FFFCFFFC078007800780078007
800780078007800780078007800780078007800780078007800780078007800780078007
800780078007800780078007800780FFFCFFFC0E227DA114>73 D<00040000000E000000
0E0000000E0000001F0000001F0000003F800000278000002780000043C0000043C00000
43C0000081E0000081E0000101F0000100F0000100F00003FFF8000200780006007C0004
003C0004003C000C001E000C001E003C003F00FF00FFE01B1A7F991F>97
D<FFFFF80F00380F00180F00080F000C0F00040F00040F00040F02000F02000F02000F06
000FFE000F06000F02000F02000F02000F00020F00020F00020F00060F00040F00040F00
0C0F003CFFFFFC171A7E991C>101 D<FFF0000F80000F00000F00000F00000F00000F00
000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00100F00
100F00100F00300F00200F00600F00600F01E0FFFFE0141A7E991A>108
D<FFFE00000F03C0000F00E0000F00F0000F0078000F0078000F0078000F0078000F0078
000F00F0000F00E0000F03C0000FFE00000F0380000F01E0000F00E0000F00F0000F00F0
000F00F0000F00F0000F00F0000F00F0000F00F0400F0070400F003880FFF01F001A1A7E
991E>114 D<07E100181B00300700600300600300E00100E00100E00100F00000F80000
7F80003FF8001FFC000FFE0000FF00000F00000780000780800380800380800380C00300
C00700E00600DC0C0083F000111A7E9917>I E /FK 35 123 df<70F8FCFC7404040404
080810102040060F7C840E>44 D<70F8F8F87005057C840E>46 D<008003800F80F38003
800380038003800380038003800380038003800380038003800380038003800380038003
800380038003800380038003800380038007C0FFFE0F217CA018>49
D<03F0000C1C001007002007804003C04003C08003E0F003E0F801E0F801E0F801E02003
E00003E00003C00003C0000780000700000E00001C0000180000300000600000C0000180
000100000200200400200800201800603000403FFFC07FFFC0FFFFC013217EA018>I<01
F800060E000803001001802001802000C06000C06000C06000C07000C07801803E01003F
02001FC4000FF80003F80003FC00067F00083F80100F803007C06001C06000E0C000E0C0
0060C00060C00060C000606000406000C03000801803000E0E0003F00013227EA018>56
D<01F000060C000C0600180700380380700380700380F001C0F001C0F001C0F001E0F001
E0F001E0F001E0F001E07001E07003E03803E01805E00C05E00619E003E1E00001C00001
C00001C0000380000380300300780700780600700C002018001030000FC00013227EA018
>I<70F8F8F870000000000000000000000070F8F8F87005157C940E>I<00018000000180
00000180000003C0000003C0000003C0000005E0000005E000000DF0000008F0000008F0
000010F800001078000010780000203C0000203C0000203C0000401E0000401E0000401E
0000800F0000800F0000FFFF000100078001000780030007C0020003C0020003C0040003
E0040001E0040001E00C0000F00C0000F03E0001F8FF800FFF20237EA225>65
D<0007E0100038183000E0063001C00170038000F0070000F00E0000701E0000701C0000
303C0000303C0000307C0000107800001078000010F8000000F8000000F8000000F80000
00F8000000F8000000F8000000F800000078000000780000107C0000103C0000103C0000
101C0000201E0000200E000040070000400380008001C0010000E0020000381C000007E0
001C247DA223>67 D<FFFFF0000F801E0007800700078003C0078001C0078000E0078000
F007800078078000780780007C0780003C0780003C0780003C0780003E0780003E078000
3E0780003E0780003E0780003E0780003E0780003E0780003E0780003C0780003C078000
7C0780007807800078078000F0078000E0078001E0078003C0078007000F801E00FFFFF8
001F227EA125>I<FFFFFFC00F8007C0078001C0078000C0078000400780004007800060
07800020078000200780002007802020078020000780200007802000078060000780E000
07FFE0000780E00007806000078020000780200007802000078020080780000807800008
078000100780001007800010078000300780003007800070078000E00F8003E0FFFFFFE0
1D227EA121>I<FFFC0FC007800780078007800780078007800780078007800780078007
80078007800780078007800780078007800780078007800780078007800780078007800F
C0FFFC0E227EA112>73 D<FFC00003FF0FC00003F007C00003E005E00005E005E00005E0
04F00009E004F00009E004F00009E004780011E004780011E004780011E0043C0021E004
3C0021E0043C0021E0041E0041E0041E0041E0040F0081E0040F0081E0040F0081E00407
8101E004078101E004078101E00403C201E00403C201E00401E401E00401E401E00401E4
01E00400F801E00400F801E00400F801E004007001E00E007001E01F007003F0FFE0203F
FF28227EA12D>77 D<FFFFE000000F803C000007800E00000780078000078007C0000780
03C000078003E000078003E000078003E000078003E000078003E000078003C000078007
C000078007800007800E000007803C000007FFE000000780700000078038000007801C00
0007801E000007800E000007800F000007800F000007800F000007800F000007800F8000
07800F800007800F800007800F808007800FC080078007C0800FC003C100FFFC01E20000
00007C0021237EA124>82 D<03F0200C0C601802603001E07000E0600060E00060E00060
E00020E00020E00020F00000F000007800007F00003FF0001FFE000FFF0003FF80003FC0
0007E00001E00000F00000F0000070800070800070800070800070C00060C00060E000C0
F000C0C80180C6070081FC0014247DA21B>I<FFF03FFC03FE1F8007E000F80F0003C000
700F0003C000200F0003C00020078001E00040078001E00040078001E0004003C002F000
8003C002F0008003C002F0008001E00478010001E00478010001E00478010000F0083C02
0000F0083C020000F0083C020000F8183E06000078101E04000078101E0400007C101E04
00003C200F0800003C200F0800003C200F0800001E40079000001E40079000001E400790
00000F8003E000000F8003E000000F8003E00000070001C00000070001C00000070001C0
000003000180000002000080002F237FA132>87 D<0FE0001838003C0C003C0E00180700
00070000070000070000FF0007C7001E07003C0700780700700700F00708F00708F00708
F00F087817083C23900FC1E015157E9418>97 D<01FE000703000C07801C078038030078
0000700000F00000F00000F00000F00000F00000F00000F000007000007800403800401C
00800C010007060001F80012157E9416>99 D<0000E0000FE00001E00000E00000E00000
E00000E00000E00000E00000E00000E00000E00000E00000E001F8E00704E00C02E01C01
E03800E07800E07000E0F000E0F000E0F000E0F000E0F000E0F000E0F000E07000E07800
E03800E01801E00C02E0070CF001F0FE17237EA21B>I<01FC000707000C03801C01C038
01C07801E07000E0F000E0FFFFE0F00000F00000F00000F00000F0000070000078002038
00201C00400E008007030000FC0013157F9416>I<003C00C6018F038F030F0700070007
00070007000700070007000700FFF8070007000700070007000700070007000700070007
00070007000700070007000700070007807FF8102380A20F>I<0E0000FE00001E00000E
00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E1F800E
60C00E80E00F00700F00700E00700E00700E00700E00700E00700E00700E00700E00700E
00700E00700E00700E00700E00700E00700E0070FFE7FF18237FA21B>104
D<1C001E003E001E001C00000000000000000000000000000000000E00FE001E000E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A227F
A10E>I<0E00FE001E000E000E000E000E000E000E000E000E000E000E000E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00
FFE00B237FA20E>108 D<0E1FC07F00FE60E183801E807201C00F003C00E00F003C00E0
0E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E
003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E00
3800E0FFE3FF8FFE27157F942A>I<0E1F80FE60C01E80E00F00700F00700E00700E0070
0E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070
0E0070FFE7FF18157F941B>I<01FC000707000C01801800C03800E0700070700070F000
78F00078F00078F00078F00078F00078F000787000707800F03800E01C01C00E03800707
0001FC0015157F9418>I<0E1F00FE61C00E80600F00700E00380E003C0E001C0E001E0E
001E0E001E0E001E0E001E0E001E0E001E0E003C0E003C0E00380F00700E80E00E41C00E
3F000E00000E00000E00000E00000E00000E00000E00000E00000E0000FFE000171F7F94
1B>I<0E3CFE461E8F0F0F0F060F000E000E000E000E000E000E000E000E000E000E000E
000E000E000F00FFF010157F9413>114 D<0F8830786018C018C008C008E008F0007F80
3FE00FF001F8003C801C800C800CC00CC008E018D0308FC00E157E9413>I<0200020002
0002000600060006000E001E003E00FFF80E000E000E000E000E000E000E000E000E000E
000E000E040E040E040E040E040E040708030801F00E1F7F9E13>I<0E0070FE07F01E00
F00E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00
700E00700E00F00E00F006017003827800FC7F18157F941B>I<FFC1FE1E00780E00300E
00200E002007004007004003808003808003808001C10001C10000E20000E20000E20000
740000740000380000380000380000100017157F941A>I<FFC1FE1E00780E00300E0020
0E002007004007004003808003808003808001C10001C10000E20000E20000E200007400
007400003800003800003800001000001000002000002000002000004000F04000F08000
F180004300003C0000171F7F941A>121 D<3FFFC0380380300780200700600E00401C00
403C0040380000700000E00001E00001C0000380400700400F00400E00C01C0080380080
780180700780FFFF8012157F9416>I E /FL 19 116 df<0004000800100020004000C0
018003000300060006000E000C001C00180038003800380030007000700070007000F000
F000E000E000E000E000E000E000E000E000E000E000E000F000F0007000700070007000
300038003800380018001C000C000E000600060003000300018000C00040002000100008
00040E3D7BAC17>40 D<800040002000100008000C000600030003000180018001C000C0
00E0006000700070007000300038003800380038003C003C001C001C001C001C001C001C
001C001C001C001C001C003C003C00380038003800380030007000700070006000E000C0
01C0018001800300030006000C00080010002000400080000E3D7DAC17>I<78FCFCFCFC
7806067B8510>46 D<00100000700000F0000FF000FFF000F0F00000F00000F00000F000
00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000
00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000
00F00000F00000F00000F00001F8007FFFE07FFFE013287CA71D>49
D<007E0003FFC00703E00C01F01000F81C00F83E00FC3E007C3E007C1E007C0C00FC0000
F80000F80000F00001F00001E000038000070000FE000003C00000E00000F800007C0000
7C00003E00003E00003F00003F30003F78003FFC003FFC003FFC003EF8003E40007E4000
7C3000F81800F00F03E003FFC000FE0018297EA71D>51 D<0000FF00200007FFC060001F
807060007E0018E000F80005E001F00003E003E00001E007C00001E00F800000E00F8000
00E01F000000603F000000603E000000607E000000207E000000207C000000207C000000
00FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000
FC00000000FC0001FFFE7C0001FFFE7C000007E07E000003E07E000003E03E000003E03F
000003E01F000003E00F800003E00F800003E007C00003E003E00003E001F00005E000F8
0005E0007E0018E0001FC070600007FFC0200000FF0000272B7DA92E>71
D<FFE0003FFEFFF0003FFE03F80003E002F80001C0027C000080027E000080023E000080
021F000080021F000080020F800080020FC000800207C000800203E000800203F0008002
01F000800200F800800200FC008002007C008002003E008002003F008002001F00800200
0F808002000FC080020007C080020003E080020003F080020001F080020000F880020000
F8800200007C800200007E800200003E800200001F800200001F800200000F8002000007
80020000078007000003800F80000180FFF8000180FFF800008027297EA82C>78
D<0001FF0000000F01E000003C0078000078003C0000E0000E0001E0000F0003C0000780
07800003C00F800003E01F000001F01F000001F03E000000F83E000000F87E000000FC7E
000000FC7C0000007C7C0000007CFC0000007EFC0000007EFC0000007EFC0000007EFC00
00007EFC0000007EFC0000007EFC0000007EFC0000007E7C0000007C7E000000FC7E0000
00FC7E000000FC3E000000F83F000001F81F000001F01F000001F00F800003E007800003
C007C00007C003E0000F8000F0001E000078003C00003C007800000F01E0000001FF0000
272B7DA92E>I<FFFE0003FF80FFFE0003FF8007E00000FC0007E00000300003E0000020
0003E00000200001F00000400001F00000400001F00000400000F80000800000F8000080
0000FC00008000007C00010000007C00010000003E00020000003E00020000003F000200
00001F00040000001F00040000001F800C0000000F80080000000F800800000007C01000
000007C01000000007E01000000003E02000000003E02000000003F06000000001F04000
000001F04000000000F88000000000F88000000000FC80000000007D00000000007D0000
0000003E00000000003E00000000003E00000000001C00000000001C00000000001C0000
00000008000000292A7FA82C>86 D<007F0001C0E00700100E00781E00F83C00F83C0070
7C0020780000F80000F80000F80000F80000F80000F80000F80000F800007800007C0000
3C00083C00081E00100E002007006001C180007E00151A7E991A>99
D<00000F000001FF000001FF0000001F0000000F0000000F0000000F0000000F0000000F
0000000F0000000F0000000F0000000F0000000F0000000F0000000F00003F0F0001C0CF
0003802F000F001F001E001F001C000F003C000F007C000F0078000F0078000F00F8000F
00F8000F00F8000F00F8000F00F8000F00F8000F00F8000F0078000F0078000F003C000F
003C000F001E001F000E002F0007004F8001C18FF8007E0FF81D2A7EA921>I<00FE0003
87800701C00E01E01C00E03C00F03C00F0780078780078F80078F80078FFFFF8F80000F8
0000F80000F80000F800007800007800003C00083C00081E00100E002007004001C18000
7E00151A7E991A>I<07800000FF800000FF8000000F8000000780000007800000078000
000780000007800000078000000780000007800000078000000780000007800000078000
000783F800078C1C0007900E0007A0070007A0078007C0078007C0078007800780078007
800780078007800780078007800780078007800780078007800780078007800780078007
80078007800780078007800780078007800780078007800780FFFCFFFCFFFCFFFC1E2A7F
A921>104 D<07000F801F801F800F800700000000000000000000000000000000000000
07807F807F800F8007800780078007800780078007800780078007800780078007800780
078007800780078007800780FFF8FFF80D297FA811>I<0780FF80FF800F800780078007
800780078007800780078007800780078007800780078007800780078007800780078007
80078007800780078007800780078007800780078007800780078007800780FFFCFFFC0E
2A7FA911>108 D<0783F800FF8C1C00FF900E000FA0070007A0078007C0078007C00780
078007800780078007800780078007800780078007800780078007800780078007800780
0780078007800780078007800780078007800780078007800780078007800780FFFCFFFC
FFFCFFFC1E1A7F9921>110 D<007E0003C3C00700E00E00701C00383C003C3C003C7800
1E78001EF8001FF8001FF8001FF8001FF8001FF8001FF8001FF8001F78001E78001E3C00
3C3C003C1C00380E00700700E003C3C0007E00181A7E991D>I<0787C0FF88E0FF91F00F
A1F007C1F007C0E007C00007800007800007800007800007800007800007800007800007
800007800007800007800007800007800007800007800007C000FFFE00FFFE00141A7F99
17>114 D<07F0801C0D80300380600180600180E00080E00080F00080F800007E00007F
E0003FFC001FFE0007FF00003F800007808003C08003C08001C0C001C0C001C0E00180E0
0380F00300CC0E0083F800121A7E9917>I E /FM 1 4 df<00C00000C00000C00000C000
00C000C0C0C0F0C3C038C7000EDC0003F00000C00003F0000EDC0038C700F0C3C0C0C0C0
00C00000C00000C00000C00000C00012157D9619>3 D E /FN 19
122 df<00003FE0010001FFF8030007F01E03001F800307003E000087007800004F00F0
00002F01E000001F03C000000F078000000F0F800000070F000000071F000000031E0000
00033E000000033C000000017C000000017C000000017C000000017800000000F8000000
00F800000000F800000000F800000000F800000000F800000000F800000000F800000000
F800000000F800000000F80000000078000000007C000000007C000000017C000000013C
000000013E000000011E000000011F000000020F000000020F80000006078000000403C0
00000801E000000800F00000100078000020003E0000C0001F8003800007F00F000001FF
FC0000003FE00028337CB130>67 D<FFFFFFFFC0FFFFFFFFC007E0001FC003E00003C003
E00001E003E00000E003E000006003E000006003E000002003E000002003E000002003E0
00002003E000001003E000001003E000001003E000801003E000800003E000800003E000
800003E000800003E001800003E001800003E007800003FFFF800003FFFF800003E00780
0003E001800003E001800003E000800003E000800003E000800003E000800003E0008000
03E000000003E000000003E000000003E000000003E000000003E000000003E000000003
E000000003E000000003E000000003E000000003E000000003E000000007F0000000FFFF
C00000FFFFC0000024317CB02B>70 D<FFF00000007FF8FFF00000007FF807F00000007F
0002F8000000BE0002F8000000BE0002F8000000BE00027C0000013E00027C0000013E00
023E0000023E00023E0000023E00023E0000023E00021F0000043E00021F0000043E0002
1F0000043E00020F8000083E00020F8000083E00020F8000083E000207C000103E000207
C000103E000207C000103E000203E000203E000203E000203E000201F000403E000201F0
00403E000201F000403E000200F800803E000200F800803E000200F800803E0002007C01
003E0002007C01003E0002007C01003E0002003E02003E0002003E02003E0002003E0200
3E0002001F04003E0002001F04003E0002000F88003E0002000F88003E0002000F88003E
00020007D0003E00020007D0003E00020007D0003E00020003E0003E00020003E0003E00
020003E0003E00070001C0003E000F8001C0007F00FFF801C00FFFF8FFF800800FFFF835
317CB03D>77 D<7FFFFFFFFFE07FFFFFFFFFE07E000F8007E078000F8001E070000F8000
E060000F80006040000F80002040000F800020C0000F800030C0000F80003080000F8000
1080000F80001080000F80001080000F80001080000F80001080000F80001000000F8000
0000000F80000000000F80000000000F80000000000F80000000000F80000000000F8000
0000000F80000000000F80000000000F80000000000F80000000000F80000000000F8000
0000000F80000000000F80000000000F80000000000F80000000000F80000000000F8000
0000000F80000000000F80000000000F80000000000F80000000000F80000000000F8000
0000000F80000000000F80000000000F80000000000F80000000000F80000000001FC000
00000FFFFF8000000FFFFF80002C317EB030>84 D<00FE00000303C0000C00E000100070
00100038003C003C003E001C003E001E003E001E0008001E0000001E0000001E0000001E
00000FFE0000FC1E0003E01E000F801E001F001E003E001E003C001E007C001E00F8001E
04F8001E04F8001E04F8003E04F8003E0478003E047C005E043E008F080F0307F003FC03
E01E1F7D9E21>97 D<000001E000003FE000003FE0000003E0000001E0000001E0000001
E0000001E0000001E0000001E0000001E0000001E0000001E0000001E0000001E0000001
E0000001E0000001E0000001E0001F81E000F061E001C019E0078005E00F0003E00E0003
E01E0001E03C0001E03C0001E07C0001E0780001E0F80001E0F80001E0F80001E0F80001
E0F80001E0F80001E0F80001E0F80001E0F80001E0780001E0780001E03C0001E03C0001
E01C0001E01E0003E00E0005E0070009E0038011F000E061FF003F81FF20327DB125>
100 D<003F800000E0E0000380380007003C000E001E001E001E001C000F003C000F007C
000F0078000F8078000780F8000780F8000780FFFFFF80F8000000F8000000F8000000F8
000000F8000000F8000000780000007C0000003C0000003C0000801E0000800E0001000F
0002000780020001C00C0000F03000001FC000191F7E9E1D>I<0007E0001C1000383800
707C00E07C01E07C01C03803C00003C00003C00003C00003C00003C00003C00003C00003
C00003C00003C00003C000FFFFC0FFFFC003C00003C00003C00003C00003C00003C00003
C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003
C00003C00003C00003C00003C00003C00003C00003C00007E0007FFF007FFF0016327FB1
14>I<000000F0007F030801C1C41C0380E81C070070080F0078001E003C001E003C003E
003E003E003E003E003E003E003E003E003E003E003E001E003C001E003C000F00780007
0070000780E00009C1C000087F000018000000180000001800000018000000180000001C
0000000E0000000FFFF80007FFFF0003FFFF800E000FC0180001E0300000F070000070E0
000038E0000038E0000038E0000038E00000387000007070000070380000E01C0001C007
00070001C01C00003FE0001E2F7E9F21>I<0780000000FF80000000FF800000000F8000
000007800000000780000000078000000007800000000780000000078000000007800000
000780000000078000000007800000000780000000078000000007800000000780000000
07800000000780FE00000783078000078C03C000079001E00007A001E00007A000F00007
C000F00007C000F000078000F000078000F000078000F000078000F000078000F0000780
00F000078000F000078000F000078000F000078000F000078000F000078000F000078000
F000078000F000078000F000078000F000078000F000078000F000078000F000078000F0
000FC001F800FFFC1FFF80FFFC1FFF8021327EB125>I<07000F801F801F800F80070000
0000000000000000000000000000000000000000000780FF80FF800F8007800780078007
800780078007800780078007800780078007800780078007800780078007800780078007
80078007800FC0FFF8FFF80D307EAF12>I<0780FE0000FF83078000FF8C03C0000F9001
E00007A001E00007A000F00007C000F00007C000F000078000F000078000F000078000F0
00078000F000078000F000078000F000078000F000078000F000078000F000078000F000
078000F000078000F000078000F000078000F000078000F000078000F000078000F00007
8000F000078000F000078000F0000FC001F800FFFC1FFF80FFFC1FFF80211F7E9E25>
110 D<001FC00000F0780001C01C00070007000F0007801E0003C01C0001C03C0001E03C
0001E0780000F0780000F0780000F0F80000F8F80000F8F80000F8F80000F8F80000F8F8
0000F8F80000F8F80000F8780000F07C0001F03C0001E03C0001E01E0003C01E0003C00F
00078007800F0001C01C0000F07800001FC0001D1F7E9E21>I<0781FC00FF860700FF88
03C00F9001E007A000F007C00078078000780780003C0780003C0780003E0780001E0780
001F0780001F0780001F0780001F0780001F0780001F0780001F0780001F0780001F0780
003E0780003E0780003C0780007C0780007807C000F007A000F007A001E0079803800786
0F000781F800078000000780000007800000078000000780000007800000078000000780
00000780000007800000078000000FC00000FFFC0000FFFC0000202D7E9E25>I<0783E0
FF8C18FF907C0F907C07A07C07C03807C00007C00007C000078000078000078000078000
078000078000078000078000078000078000078000078000078000078000078000078000
0780000780000780000FC000FFFE00FFFE00161F7E9E19>114 D<01FC100E03301800F0
300070600030E00030E00010E00010E00010F00010F800007E00003FF0001FFF000FFFC0
03FFE0003FF00001F80000F880003C80003C80001CC0001CC0001CE0001CE00018F00038
F00030CC0060C301C080FE00161F7E9E1A>I<00400000400000400000400000400000C0
0000C00000C00001C00001C00003C00007C0000FC0001FFFE0FFFFE003C00003C00003C0
0003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C0
0003C00003C01003C01003C01003C01003C01003C01003C01003C01001C02001E02000E0
400078C0001F00142C7FAB19>I<078000F000FF801FF000FF801FF0000F8001F0000780
00F000078000F000078000F000078000F000078000F000078000F000078000F000078000
F000078000F000078000F000078000F000078000F000078000F000078000F000078000F0
00078000F000078000F000078000F000078000F000078001F000078001F000078001F000
038002F00003C004F00001C008F800007030FF80001FC0FF80211F7E9E25>I<FFF801FF
80FFF801FF800FC0007C00078000380007C000300003C000200003C000200001E0004000
01E000400001F000400000F000800000F000800000780100000078010000007C01000000
3C020000003C020000001E040000001E040000001F040000000F080000000F0800000007
90000000079000000007D000000003E000000003E000000001C000000001C000000001C0
000000008000000000800000000100000000010000000001000000000200000000020000
0000040000007004000000F80C000000F808000000F81000000070300000003040000000
1F80000000212D7F9E23>121 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 300dpi
TeXDict begin

%%EndSetup
%%Page: 0 1
0 0 bop 361 224 a FN(The)21 b(F)-6 b(oundations)20 b(of)i(Mo)r(dern)f
(Cryptograph)n(y)1590 198 y FM(\003)759 315 y FL(\(V)-5
b(ersion)19 b(Nr.)g(3.1\))774 441 y(Oded)f(Goldreic)n(h)334
499 y FK(Departmen)o(t)d(of)i(Computer)e(Science)g(and)h(Applied)f
(Mathematics)448 558 y(W)l(eizmann)g(Institute)g(of)i(Science,)d(Reho)o
(v)o(ot,)h FJ(Israel)p FK(.)561 616 y(Email:)20 b FI(oded@wisdo)o(m.w)o
(eiz)o(ma)o(nn.)o(ac.)o(il)844 717 y FK(Ma)o(y)c(2,)g(1998)884
934 y FH(Abstract)176 1010 y FG(In)f(our)h(opinion,)d(the)j(F)m
(oundations)f(of)f(Cryptograph)o(y)h(are)h(the)g(paradigms,)d(approac)o
(hes)j(and)g(tec)o(h-)114 1060 y(niques)g(used)h(to)f(conceptualize,)h
(de\014ne)g(and)f(pro)o(vide)f(solutions)h(to)g(natural)f
(cryptographic)i(problems.)114 1110 y(In)f(this)h(essa)o(y)m(,)f(w)o(e)
h(surv)o(ey)g(some)f(of)g(these)i(paradigms,)c(approac)o(hes)j(and)g
(tec)o(hniques)g(as)g(w)o(ell)f(as)g(some)114 1160 y(of)f(the)h
(fundamen)o(tal)e(results)j(obtained)e(using)h(them.)22
b(Sp)q(ecial)16 b(e\013ort)h(is)e(made)g(in)g(attempt)g(to)h(dissolv)o
(e)114 1209 y(common)11 b(misconceptions)i(regarding)h(these)h
(paradigms)d(and)i(results.)12 2348 y(c)0 2349 y FF(\015)p
FG(Cop)o(yrigh)o(t)e(1998)h(b)o(y)h(Oded)h(Goldreic)o(h.)0
2405 y(P)o(ermission)g(to)h(mak)o(e)f(copies)i(of)e(part)i(or)f(all)f
(of)g(this)i(w)o(ork)e(for)h(p)q(ersonal)h(or)f(classro)q(om)f(use)i
(is)f(gran)o(ted)h(without)e(fee)0 2461 y(pro)o(vided)h(that)h(copies)g
(are)g(not)f(made)g(or)g(distributed)h(for)g(pro\014t)f(or)h
(commercial)d(adv)n(an)o(tage)h(and)i(that)f(new)h(copies)0
2518 y(b)q(ear)e(this)e(notice)i(and)e(the)i(full)e(citation)g(on)g
(the)i(\014rst)g(page.)j(Abstracting)c(with)g(credit)g(is)g(p)q
(ermitted.)p 0 2582 780 2 v 51 2608 a FE(\003)69 2624
y FD(A)i(preliminary)k(v)o(ersion)e(of)e(this)h(essa)o(y)g(has)g(app)q
(eared)h(in)f(the)g(pro)q(ceedings)i(of)d FC(Crypto97)g
FD(\(Springer's)i(Lecture)f(Notes)f(in)0 2670 y(Computer)d(Science,)i
(V)m(ol.)d(1294\).)964 2795 y FB(0)p eop
%%Page: 1 2
1 1 bop 0 42 a FA(Con)n(ten)n(ts)0 143 y Fz(1)42 b(In)o(tro)q(duction)
1569 b(2)0 302 y Fy(I)56 b(Basic)18 b(T)-5 b(o)r(ols)1567
b(6)0 404 y Fz(2)42 b(Cen)o(tral)18 b(P)o(aradigms)1426
b(6)68 461 y FB(2.1)46 b(Computational)15 b(Di\016cult)o(y)f
Fx(:)22 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)
64 b FB(7)68 517 y(2.2)46 b(Computational)15 b(Indistinguishabil)q(i)q
(t)o(y)28 b Fx(:)23 b(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)64
b FB(7)68 573 y(2.3)46 b(The)15 b(Sim)o(ulation)i(P)o(aradigm)31
b Fx(:)23 b(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)64
b FB(8)0 675 y Fz(3)42 b(Pseudorandomness)1421 b(8)68
732 y FB(3.1)46 b(The)15 b(Basics)47 b Fx(:)22 b(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)64
b FB(8)68 788 y(3.2)46 b(Pseudorandom)15 b(F)l(unctions)44
b Fx(:)23 b(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)64
b FB(9)0 890 y Fz(4)42 b(Zero-Kno)o(wledge)1459 b(10)68
947 y FB(4.1)46 b(The)15 b(Basics)47 b Fx(:)22 b(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)42
b FB(10)68 1003 y(4.2)k(Some)15 b(V)l(arian)o(ts)46 b
Fx(:)23 b(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)
g(:)h(:)f(:)g(:)h(:)42 b FB(12)0 1162 y Fy(I)r(I)55 b(Basic)19
b(Utilities)1447 b(14)0 1264 y Fz(5)42 b(Encryption)1576
b(14)68 1320 y FB(5.1)46 b(De\014nitions)14 b Fx(:)23
b(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)42 b FB(14)68 1377 y(5.2)k(Constructions)22
b Fx(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)42 b FB(15)68 1433 y(5.3)k(Bey)o(ond)15
b(ea)o(v)o(esdropping)h(securit)o(y)39 b Fx(:)23 b(:)f(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)42 b FB(17)0 1535 y Fz(6)g(Signatures)1591
b(18)68 1591 y FB(6.1)46 b(De\014nitions)14 b Fx(:)23
b(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)42 b FB(18)68 1648 y(6.2)k(Constructions)22
b Fx(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)42 b FB(19)68 1704 y(6.3)k(Tw)o(o)14
b(v)m(arian)o(ts)h(of)g(signature)g(sc)o(hemes)41 b Fx(:)23
b(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)42 b FB(20)0 1806
y Fz(7)g(Cryptographic)18 b(Proto)q(cols)1266 b(21)68
1863 y FB(7.1)46 b(De\014nitions)14 b Fx(:)23 b(:)f(:)g(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)42
b FB(21)68 1919 y(7.2)k(Constructions)22 b Fx(:)g(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)
g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)42
b FB(22)0 2078 y Fy(I)r(I)r(I)55 b(Concluding)19 b(Commen)n(ts)1213
b(23)0 2180 y Fz(8)42 b(Some)17 b(Notes)1558 b(23)68
2236 y FB(8.1)46 b(General)15 b(notes)25 b Fx(:)d(:)h(:)f(:)g(:)h(:)f
(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)
g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)42
b FB(23)68 2293 y(8.2)k(Sp)q(eci\014c)17 b(notes)29 b
Fx(:)22 b(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)g(:)h(:)f(:)g(:)h(:)42 b FB(26)0 2395 y Fz(9)g(Historical)19
b(P)o(ersp)q(ectiv)o(e)1327 b(28)0 2497 y(10)16 b(Tw)o(o)h(Suggestions)
h(for)f(F)l(uture)g(Researc)o(h)974 b(29)0 2598 y(11)16
b(Some)h(Suggestions)h(for)f(F)l(urther)g(Reading)948
b(29)964 2795 y FB(1)p eop
%%Page: 2 3
2 2 bop 859 42 a Fw(It)15 b(is)h(p)q(ossible)h(to)e(build)i(a)e(cabin)h
(with)f(no)g(foundations,)859 98 y(but)g(not)g(a)g(lasting)h(building.)
1269 154 y FB(Eng.)f(Isidor)h(Goldreic)o(h)g(\(1906{1995\))0
280 y FA(1)67 b(In)n(tro)r(duction)0 381 y FB(Cryptograph)o(y)18
b(is)h(concerned)h(with)f(the)g(construction)g(of)f(sc)o(hemes)h(whic)o
(h)h(are)f(robust)f(against)g(malicious)0 438 y(attempts)c(to)g(mak)o
(e)h(these)g(sc)o(hemes)g(deviate)h(from)e(their)h(prescrib)q(ed)i
(functionalit)o(y)l(.)k(Giv)o(en)15 b(a)g(desired)h(func-)0
494 y(tionalit)o(y)l(,)f(a)f(cryptographer)g(should)h(design)g(a)f(sc)o
(heme)h(whic)o(h)g(not)f(only)g(satis\014es)h(the)f(desired)i
(functionalit)o(y)0 551 y(under)21 b(\\normal)f(op)q(eration",)h(but)g
(also)f(main)o(tains)h(this)g(functionalit)o(y)g(in)g(face)g(of)f(adv)o
(ersarial)g(attempts)0 607 y(whic)o(h)15 b(are)e(devised)j(after)d(the)
h(cryptographer)f(has)h(completed)h(his/her)g(w)o(ork.)j(The)c(fact)g
(that)f(an)h(adv)o(ersary)0 664 y(will)19 b(devise)f(its)g(attac)o(k)e
(after)h(the)g(sc)o(heme)h(has)f(b)q(een)h(sp)q(eci\014ed,)i(mak)o(es)d
(the)g(design)h(of)f(suc)o(h)h(sc)o(hemes)f(v)o(ery)0
720 y(hard.)30 b(In)19 b(particular,)h(the)e(adv)o(ersary)g(will)i(try)
e(to)g(tak)o(e)f(actions)i(other)f(than)h(the)f(ones)h(the)f(designer)i
(had)0 777 y(en)o(visioned.)32 b(Th)o(us,)20 b(our)e(approac)o(h)h(is)g
(that)f(it)h(mak)o(es)f(little)i(sense)g(to)e(mak)o(e)g(assumptions)h
(regarding)g(the)0 833 y(sp)q(eci\014c)e Fv(str)n(ate)n(gy)i
FB(that)14 b(the)h(adv)o(ersary)f(ma)o(y)h(use.)20 b(The)15
b(only)h(assumptions)f(whic)o(h)h(can)g(b)q(e)f(justi\014ed)i(refer)e
(to)0 890 y(the)e(computational)h Fv(abilities)h FB(of)e(the)g(adv)o
(ersary)l(.)19 b(F)l(urthermore,)12 b(it)i(is)f(our)g(opinion)h(that)f
(the)g(design)h(of)f(cryp-)0 946 y(tographic)j(systems)f(has)g(to)g(b)q
(e)h(based)g(on)g Fv(\014rm)g(foundations)p FB(;)g(whereas)f(ad-ho)q(c)
h(approac)o(hes)g(and)f(heuristics)0 1002 y(are)i(a)g(v)o(ery)f
(dangerous)h(w)o(a)o(y)f(to)h(go.)25 b(A)17 b(heuristic)i(ma)o(y)d(mak)
o(e)h(sense)h(when)f(the)g(designer)h(has)f(a)g(v)o(ery)g(go)q(o)q(d)0
1059 y(idea)i(ab)q(out)f(the)h(en)o(vironmen)o(t)f(in)h(whic)o(h)h(a)e
(sc)o(heme)g(is)h(to)f(op)q(erate,)g(y)o(et)g(a)g(cryptographic)h(sc)o
(heme)f(has)h(to)0 1115 y(op)q(erate)c(in)h(a)f(maliciously)i(selected)
g(en)o(vironmen)o(t)e(whic)o(h)h(t)o(ypically)h(transcends)e(the)h
(designer's)f(view.)71 1172 y(Pro)o(viding)e(\014rm)g(foundations)g(to)
g(Cryptograph)o(y)e(has)i(b)q(een)h(a)f(ma)s(jor)e(researc)o(h)i
(direction)i(in)e(the)g(last)g(t)o(w)o(o)0 1228 y(decades.)20
b(Indeed,)c(the)e(pioneering)h(pap)q(er)g(of)e(Di\016e)h(and)g(Hellman)
i([61)o(])d(should)i(b)q(e)g(considered)g(the)f(initiator)0
1285 y(of)h(this)g(direction.)22 b(Tw)o(o)14 b(ma)s(jor)g(\(in)o
(terlea)o(v)o(ed\))h(activities)h(ha)o(v)o(e)f(b)q(een:)56
1379 y(1.)22 b Fu(De\014nitional)c(Activit)o(y:)25 b
FB(The)18 b(iden)o(ti\014cation,)i(conceptualization)f(and)f(rigorous)f
(de\014nition)i(of)e(crypto-)114 1435 y(graphic)e(tasks)g(whic)o(h)h
(capture)f(natural)g(securit)o(y)h(concerns;)f(and)56
1529 y(2.)22 b Fu(Constructive)15 b(Activit)o(y:)k FB(The)14
b(study)g(and)f(design)i(of)e(cryptographic)h(sc)o(hemes)f(satisfying)h
(de\014nitions)h(as)114 1585 y(in)h(\(1\).)0 1705 y Fz(The)i
(de\014nitional)j(activit)o(y)46 b FB(pro)o(vided)17
b(a)e(de\014nition)j(of)d(secure)h(encryption)h([104)o(].)k(The)16
b(reader)f(ma)o(y)g(b)q(e)0 1762 y(surprised:)20 b Fv(what)15
b(is)f(ther)n(e)h(to)g(de\014ne)d FB(\(b)q(ey)o(ond)i(the)f(basic)h
(setting)f(form)o(ulated)g(in)h([61]\)?)19 b(Let)13 b(us)h(answ)o(er)f
(with)0 1818 y(a)k(question)g(\(p)q(osed)h(b)o(y)f(Goldw)o(asser)f(and)
i(Micali)g([104)o(]\):)23 b Fv(should)18 b(an)g(encryption)g(scheme)f
(which)i(le)n(aks)e(the)0 1875 y(\014rst)h(bit)h(of)h(the)f(plaintext)g
(b)n(e)f(c)n(onsider)n(e)n(d)g(se)n(cur)n(e?)29 b FB(Clearly)l(,)19
b(the)g(answ)o(er)e(is)i(negativ)o(e)f(and)h(so)f(some)f(naiv)o(e)0
1931 y(conceptions)i(regarding)e(secure)h(encryption)h(\(e.g.,)d(\\a)h
(sc)o(heme)h(is)g(secure)g(if)g(it)g(is)g(infeasible)i(to)d(obtain)h
(the)0 1988 y(plain)o(text)g(from)e(the)h(ciphertext)h(when)f(not)g
(giv)o(en)g(the)g(decryption)h(k)o(ey"\))e(turn)h(out)g(to)f(b)q(e)i
(unsatisfactory)l(.)0 2044 y(The)f(lesson)h(is)f(that)f(ev)o(en)i(when)
f(a)g(natural)g(concern)g(\(e.g.,)f(\\secure)h(comm)o(unication)h(o)o
(v)o(er)e(insecure)j(c)o(han-)0 2100 y(nels"\))e(has)g(b)q(een)h(iden)o
(ti\014ed,)g(w)o(ork)e(still)i(needs)g(to)e(b)q(e)h(done)g(to)o(w)o
(ards)e(a)i(satisfactory)e(\(rigorous\))h(de\014nition)0
2157 y(of)h(the)h(underlying)i(concept.)28 b(The)18 b(de\014nitional)h
(activit)o(y)f(also)g(underto)q(ok)g(the)g(treatmen)o(t)e(of)h
(unforgeable)0 2213 y(signature)i(sc)o(hemes)g([106)o(]:)27
b(One)19 b(result)g(of)g(the)g(treatmen)o(t)e(w)o(as)h(the)h
(refutation)g(of)f(a)g(\\folklore)i(theorem")0 2270 y(\(attributed)d
(to)g(Ron)h(Riv)o(est)g(\))g(b)o(y)f(whic)o(h)i(\\a)e(signature)g(sc)o
(heme)h(that)f(is)h(robust)f(against)h(c)o(hosen)f(message)0
2326 y(attac)o(k)12 b(cannot)g(ha)o(v)o(e)h(a)g(pro)q(of)f(of)h
(securit)o(y".)19 b(The)13 b(lesson)h(here)f(is)h(that)e
(unclear/unsound)j(form)o(ulations)e(\(i.e.,)0 2383 y(those)i
(underlying)i(the)e(ab)q(o)o(v)o(e)g(folklore)h(parado)o(x\))e(lead)i
(to)e(false)i(conclusions.)71 2439 y(Another)f(existing)i(concept)f
(whic)o(h)g(w)o(as)f(re-examined)i(is)f(the)f(then-fuzzy)i(notion)f(of)
f(a)g(\\pseudorandom)0 2496 y(generator".)k(Although)c(ad-ho)q(c)h
(\\pseudorandom)f(generators")f(whic)o(h)i(pass)f(some)g(ad-ho)q(c)h
(statistical)g(tests)0 2552 y(ma)o(y)c(b)q(e)h(adequate)g(for)f(some)g
(statistical)i(samplings,)f(they)g(are)f(certainly)i(inadequate)g(for)e
(use)h(in)g(Cryptogra-)0 2609 y(ph)o(y:)19 b(F)l(or)11
b(example,)i(sequences)h(generated)e(b)o(y)g(linear)h(congruen)o(tial)g
(generators)f(are)f(easy)h(to)g(predict)h([28)o(,)f(83)o(])964
2795 y(2)p eop
%%Page: 3 4
3 3 bop 0 42 a FB(and)14 b(endanger)g(cryptographic)g(applications)h
(ev)o(en)f(when)h(not)e(giv)o(en)h(in)h(the)e(clear)i([8)o(].)k(The)14
b(alternativ)o(e)g(sug-)0 98 y(gested)19 b(b)o(y)g(Blum,)h(Goldw)o
(asser,)f(Micali)i(and)e(Y)l(ao)f([26)o(,)h(104)o(,)g(168)o(])f(is)i(a)
e(robust)h(notion)g(of)g(pseudorandom)0 154 y(generators)12
b({)h(suc)o(h)g(a)g(generator)g(pro)q(duces)g(sequences)i(whic)o(h)f
(are)f Fv(c)n(omputational)r(ly)i(indistinguishable)g
FB(from)0 211 y(truly)e(random)f(sequences,)i(and)f(th)o(us,)g(can)g
(replace)h(truly)f(random)f(sequences)i(in)g(an)o(y)e(practical)i
(application.)0 267 y(W)l(e)i(men)o(tion)h(that)e(the)i(notion)f(of)g
(computational)h(indistinguishabil)q(it)o(y)i(has)d(pla)o(y)o(ed)h(a)f
(cen)o(tral)g(role)h(in)g(the)0 324 y(form)o(ulation)e(of)g(other)g
(cryptographic)g(concepts)h(\(suc)o(h)f(as)g(secure)g(encryption)i(and)
e(zero-kno)o(wledge\).)71 380 y(The)f(de\014nitional)i(activit)o(y)f
(has)f(iden)o(ti\014ed)i(concepts)f(whic)o(h)g(w)o(ere)f(not)f(kno)o
(wn)h(b)q(efore.)20 b(One)15 b(w)o(ell-kno)o(wn)0 437
y(example)22 b(is)g(the)f(in)o(tro)q(duction)h(of)f(zero-kno)o(wledge)h
(pro)q(ofs)f(b)o(y)g(Goldw)o(asser,)h(Micali)g(and)g(Rac)o(k)o(o\013)e
([105)o(].)0 493 y(A)e(k)o(ey)g(paradigm)h(crystallized)h(in)f(making)f
(the)g(latter)g(de\014nition)i(is)f(the)f Fv(simulation)h(p)n(ar)n
(adigm)p FB(:)27 b(A)18 b(part)o(y)0 550 y(is)j(said)g(to)g(ha)o(v)o(e)
f(gained)h(nothing)h(from)d(some)i(extra)f(information)h(giv)o(en)g(to)
f(it)h(if)g(it)g(can)g(generate)g(\(i.e.,)0 606 y(sim)o(ulate)e(the)g
(receipt)h(of)t(\))e(essen)o(tially)i(the)f(same)g(information)g(b)o(y)
f(itself)i(\(i.e.,)f(without)g(b)q(eing)h(giv)o(en)g(this)0
663 y(information\).)36 b(The)21 b(sim)o(ulation)h(paradigm)e(pla)o(ys)
h(a)g(cen)o(tral)f(role)h(in)h(the)f(related)g(de\014nitions)h(of)e
(secure)0 719 y(m)o(ulti-part)o(y)c(computations)f(\(with)h(resp)q(ect)
g(to)g(v)m(arying)g(settings)f(suc)o(h)i(as)e(in)h([132)o(,)g(2)o(,)g
(103)o(,)f(35]\).)20 b(Ho)o(w)o(ev)o(er,)0 775 y(it)15
b(has)h(b)q(een)g(emplo)o(y)o(ed)g(also)f(in)h(di\013eren)o(t)f
(settings)g(suc)o(h)h(as)f(in)h([13)o(,)f(14)o(,)g(41)o(].)71
832 y(The)21 b(de\014nitional)i(activit)o(y)d(is)i(an)e(on-going)h(pro)
q(cess.)37 b(Its)21 b(more)f(recen)o(t)h(targets)e(ha)o(v)o(e)i
(included)i(mo-)0 888 y(bile)e(adv)o(ersaries)e(\(ak)m(a)g(\\proactiv)o
(e)g(securit)o(y"\))h([145)n(,)f(42,)g(112)o(],)h(Electronic)g(Cash)f
([44)o(,)g(46,)g(82)o(,)g(150,)g(162)o(],)0 945 y(Co)q(ercibilit)o(y)e
([38)o(,)e(37],)f(Threshold)i(Cryptograph)o(y)e([60)o(],)g(and)i(more.)
0 1063 y Fz(The)k(constructiv)o(e)f(activit)o(y.)46 b
FB(As)17 b(new)g(de\014nitions)i(of)d(cryptographic)i(tasks)e(emerged,)
h(the)g(\014rst)f(c)o(hal-)0 1119 y(lenge)d(w)o(as)e(to)h(demonstrate)f
(that)g(they)h(can)h(b)q(e)f(ac)o(hiev)o(ed.)20 b(Th)o(us,)12
b(the)g(\014rst)g(goal)g(of)f(the)h(constructiv)o(e)h(activit)o(y)0
1176 y(is)18 b(to)e Fv(demonstr)n(ate)i(the)g(plausibility)j
FB(of)c(obtaining)h(certain)f(goals.)26 b(Th)o(us,)17
b(standard)g(assumptions)g(suc)o(h)g(as)0 1232 y(that)9
b(the)i(RSA)g(is)f(hard)g(to)g(in)o(v)o(ert)g(w)o(ere)g(used)h(to)e
(construct)h(secure)h(public-k)o(ey)h(encryption)f(sc)o(hemes)g([104)n
(,)f(168)o(])0 1289 y(and)17 b(unforgeable)g(digital)g(sc)o(hemes)g
([106)o(].)23 b(W)l(e)16 b(stress)g(that)f(assuming)i(that)f(RSA)h(is)g
(hard)f(to)g(in)o(v)o(ert)g(is)h(dif-)0 1345 y(feren)o(t)j(from)g
(assuming)h(that)f(RSA)i(is)f(a)f(secure)h(encryption)h(sc)o(heme.)37
b(F)l(urthermore,)21 b(plain)h(RSA)f(\(alik)o(e)0 1402
y(an)o(y)e(deterministic)i(public-k)o(ey)g(encryption)f(sc)o(heme\))f
(is)h(not)f(secure)g(\(as)g(one)g(can)g(easily)i(distinguish)g(the)0
1458 y(encryption)16 b(of)e(one)h Fv(pr)n(e)n(determine)n(d)j
FB(message)d(from)e(the)i(encryption)h(of)e(another\).)19
b(Y)l(et,)14 b(RSA)i(can)f(b)q(e)g(easily)0 1514 y(transformed)h(in)o
(to)g(a)g(secure)h(public-k)o(ey)i(encryption)f(sc)o(heme)e(b)o(y)h
(using)g(a)f(construction)h([1)o(])g(whic)o(h)g(is)g(rem-)0
1571 y(iniscen)o(t)j(of)f(a)f(common)g(practice)i(\(of)e(padding)h(the)
g(message)g(with)g(random)f(noise\).)31 b(W)l(e)19 b(stress)f(that)g
(the)0 1627 y(resulting)i(sc)o(heme)g(is)g(not)f(merely)h(b)q(eliev)o
(ed)i(to)d(b)q(e)h(secure)g(but)f(rather)g(its)g(securit)o(y)h(is)g
(link)o(ed)h(to)e(a)g(m)o(uc)o(h)0 1684 y(simpler)i(assumption)e
(\(i.e.,)h(the)g(assumption)f(that)g(RSA)h(is)g(hard)f(to)g(in)o(v)o
(ert\).)32 b(Lik)o(ewise,)22 b(although)e(plain)0 1740
y(RSA)f(signing)h(is)f(vulnerable)h(to)e(\\existen)o(tial)i(forgery")d
(\(and)h(other)g(attac)o(ks\),)g(RSA)h(can)g(b)q(e)g(transformed)0
1797 y(in)o(to)g(a)g(signature)g(sc)o(heme)h(whic)o(h)g(is)g
(unforgeable)f(\(pro)o(vided)h(RSA)g(is)g(hard)f(to)f(in)o(v)o(ert\))h
([106)o(,)g(11)o(].)31 b(Using)0 1853 y(the)16 b(assumption)f(that)g
(RSA)i(is)f(hard)f(to)g(in)o(v)o(ert,)g(one)h(can)g(construct)f
(pseudorandom)h(generators)e([26)o(,)i(168)o(],)0 1910
y(zero-kno)o(wledge)d(pro)q(ofs)g(for)f(an)o(y)g(NP-statemen)o(t)g([97)
o(],)h(and)g(m)o(ulti-part)o(y)g(proto)q(cols)f(for)g(securely)i
(computing)0 1966 y(an)o(y)h(m)o(ulti-v)m(arian)o(t)h(function)g([169)o
(,)f(98)o(].)71 2023 y(A)d(ma)s(jor)g(misconception)i(regarding)f
(theoretical)g(w)o(ork)f(in)i(Cryptograph)o(y)d(stems)h(from)g(not)h
(distinguish-)0 2079 y(ing)19 b(w)o(ork)f(aimed)h(at)f(demonstrating)g
(the)h(plausibilit)o(y)i(of)d(obtaining)i(certain)f(goals)f(from)g(w)o
(ork)f(aimed)j(at)0 2135 y(suggesting)12 b(paradigms)h(and/or)f
(constructions)g(whic)o(h)h(can)g(b)q(e)g(used)g(in)g(practice.)20
b(F)l(or)12 b(example,)h(the)f(general)0 2192 y(results)h(concerning)h
(zero-kno)o(wledge)f(pro)q(ofs)f([97)o(])g(and)h(m)o(ulti-part)o(y)g
(proto)q(cols)g([169)n(,)g(98)o(],)f(men)o(tioned)i(ab)q(o)o(v)o(e,)0
2248 y(are)j(merely)h Fv(claims)f(of)h(plausibility)p
FB(:)24 b(What)16 b(they)h(sa)o(y)g(is)g(that)g(an)o(y)g(problem)g(of)g
(the)g(ab)q(o)o(v)o(e)g(t)o(yp)q(e)g(\(i.e.,)g(an)o(y)0
2305 y(proto)q(col)c(problem)h(as)f(discussed)i(in)g(Section)f(7\))f
(can)g(b)q(e)h(solv)o(ed)g(in)g(principle.)22 b(This)14
b(is)g(a)f(v)o(ery)g(v)m(aluable)j(piece)0 2361 y(of)g(information.)23
b(Th)o(us,)16 b(if)h(y)o(ou)f(ha)o(v)o(e)g(a)g(sp)q(eci\014c)i(problem)
f(whic)o(h)g(falls)g(in)o(to)f(the)h(ab)q(o)o(v)o(e)e(category)h(then)g
(y)o(ou)0 2418 y(should)k(kno)o(w)e(that)g(the)h(problem)g(is)g(solv)m
(able)h(in)g(principle.)33 b(Ho)o(w)o(ev)o(er,)18 b(if)h(y)o(ou)f(need)
i(to)e(construct)g(a)h(real)0 2474 y(system)g(then)i(y)o(ou)e(should)i
(probably)g(construct)e(a)h(solution)h(from)e(scratc)o(h)g(\(rather)g
(than)h(emplo)o(ying)h(the)0 2531 y(ab)q(o)o(v)o(e)16
b(general)h(results\).)24 b(T)o(ypically)l(,)18 b Fv(some)i
FB(to)q(ols)c(dev)o(elop)q(ed)i(to)o(w)o(ards)d(solving)i(the)g
(general)g(problem)g(ma)o(y)0 2587 y(b)q(e)f(useful)g(in)g(solving)g
(the)g(sp)q(eci\014c)h(problem.)j(Th)o(us,)15 b(w)o(e)g(distinguish)i
(three)e(t)o(yp)q(es)h(of)e(results:)56 2670 y(1.)22
b Fv(Plausibility)c(r)n(esults:)26 b FB(Here)19 b(w)o(e)f(refer)h(to)f
(mere)g(statemen)o(ts)g(of)g(the)g(t)o(yp)q(e)h(\\an)o(y)f(NP-language)
h(has)f(a)964 2795 y(3)p eop
%%Page: 4 5
4 4 bop 114 42 a FB(zero-kno)o(wledge)15 b(pro)q(of)g(system")g(\(cf.,)
f(Goldreic)o(h,)i(Micali,)g(and)f(Wigderson)h([97)o(]\).)56
134 y(2.)22 b Fv(Intr)n(o)n(duction)14 b(of)h(p)n(ar)n(adigms)h(and)f
(te)n(chniques)f(which)i(may)g(b)n(e)e(applic)n(able)h(in)g(pr)n(actic)
n(e:)k FB(T)o(ypical)c(exam-)114 191 y(ples)k(include)i(construction)e
(paradigms)f(as)h(the)f(\\c)o(ho)q(ose)h Fx(n)f FB(out)h(of)f(2)p
Fx(n)g FB(tec)o(hnique")i(of)e(Rabin)i([151)o(],)114
247 y(the)h(\\authen)o(tication)g(tree")g(of)f(Merkle)i([127)o(,)e(129)
o(],)i(the)f(\\randomized)h(encryption")f(paradigm)g(of)114
304 y(Goldw)o(asser)e(and)g(Micali)i([104)o(],)f(pro)q(of)f(tec)o
(hniques)i(as)e(the)g(\\h)o(ybrid)h(argumen)o(t")f(of)g([104)o(])g
(\(cf.,)g([89)o(,)114 360 y(Sec.)c(3.2.3]\),)e(and)i(man)o(y)g(others.)
56 453 y(3.)22 b Fv(Pr)n(esentation)17 b(of)j(schemes)e(which)h(ar)n(e)
g(suitable)g(for)h(pr)n(actic)n(al)e(applic)n(ations:)26
b FB(T)o(ypical)19 b(examples)g(in-)114 509 y(clude)26
b(the)f(public-k)o(ey)h(encryption)g(sc)o(hemes)f(of)f(Blum)i(Goldw)o
(asser)e([25)o(],)i(the)f(digital)h(signature)114 566
y(sc)o(hemes)15 b(of)g([69)o(,)g(66)o(,)g(51)o(],)g(the)g(session-k)o
(ey)h(proto)q(cols)f(of)g([13)o(,)g(14)o(],)g(and)g(man)o(y)g(others.)0
657 y(T)o(ypically)l(,)h(it)g(is)f(quite)h(easy)e(to)g(determine)i(to)f
(whic)o(h)g(of)g(the)g(ab)q(o)o(v)o(e)f(categories)h(a)g(sp)q(eci\014c)
h(tec)o(hnical)h(con)o(tri-)0 714 y(bution)h(b)q(elongs.)27
b(Unfortunately)l(,)18 b(the)f(classi\014cation)i(is)f(not)e(alw)o(a)o
(ys)h(stated)g(in)h(the)f(pap)q(er;)h(ho)o(w)o(ev)o(er,)f(it)g(is)0
770 y(t)o(ypically)d(eviden)o(t)f(from)e(the)i(construction.)19
b(W)l(e)12 b(stress)g(that)f(all)j(results)e(w)o(e)g(are)g(a)o(w)o(are)
f(of)h(\(and)g(in)h(particular)0 827 y(all)20 b(results)f(cited)h(in)g
(this)f(essa)o(y\),)f(come)h(with)g(an)g(explicit)i(construction.)31
b(F)l(urthermore,)19 b(the)g(securit)o(y)g(of)0 883 y(the)g(resulting)h
(construction)g(is)f(explicitly)j(related)e(to)e(the)h(complexit)o(y)h
(of)f(certain)g(in)o(tractable)h(tasks.)30 b(In)0 940
y(con)o(trast)12 b(to)h(some)h(uninformed)h(b)q(eliefs,)g(for)e(eac)o
(h)h(of)f(these)h(results)g(there)g(is)g(an)g(explicit)i(translation)d
(of)h(con-)0 996 y(crete)i(in)o(tractabilit)o(y)h(assumptions)f(\(on)g
(whic)o(h)g(the)h(sc)o(heme)f(is)g(based\))g(in)o(to)g(lo)o(w)o(er)g(b)
q(ounds)h(on)f(the)g(amoun)o(t)0 1053 y(of)h(w)o(ork)g(required)i(to)e
(violate)h(the)g(securit)o(y)g(of)g(the)f(resulting)i(sc)o(heme.)1288
1036 y Ft(1)1335 1053 y FB(W)l(e)f(stress)f(that)g(this)h(translation)0
1109 y(can)h(b)q(e)g(in)o(v)o(ok)o(ed)g(for)f(an)o(y)g(v)m(alue)i(of)e
(the)h(securit)o(y)f(parameter.)30 b(Doing)18 b(so)h(determines)g
(whether)g(a)f(sp)q(eci\014c)0 1165 y(construction)e(is)g(adequate)g
(for)f(a)g(sp)q(eci\014c)i(application)h(under)e(sp)q(eci\014c)h
(reasonable)f(in)o(tractabilit)o(y)h(assump-)0 1222 y(tions.)i(In)13
b(man)o(y)f(cases)h(the)f(answ)o(er)g(is)h(in)h(the)e(a\016rmativ)o(e,)
g(but)h(in)g(general)g(this)g(do)q(es)g(dep)q(end)h(on)e(the)h(sp)q
(eci\014c)0 1278 y(construction)h(as)g(w)o(ell)h(as)e(on)h(the)g(sp)q
(eci\014c)i(v)m(alue)f(of)e(the)h(securit)o(y)h(parameter)e(and)h(on)g
(what)f(is)h(reasonable)h(to)0 1335 y(assume)f(for)f(this)i(v)m(alue.)
21 b(When)14 b(w)o(e)g(sa)o(y)f(that)g(a)h(result)h(is)f(suitable)i
(for)d(practical)i(applications)g(\(i.e.,)f(b)q(elongs)0
1391 y(to)g(T)o(yp)q(e)i(3)f(ab)q(o)o(v)o(e\),)f(w)o(e)g(mean)h(that)g
(it)g(o\013ers)f(reasonable)i(securit)o(y)f(for)g(reasonable)g
(implemen)o(tation)i(v)m(alues)0 1448 y(of)e(the)g(securit)o(y)h
(parameter)e(and)h(reasonable)h(assumptions.)0 1567 y
Fz(Other)g(activities.)47 b FB(This)14 b(essa)o(y)f(is)i(fo)q(cused)f
(on)g(the)f(de\014nitional)j(and)e(constructiv)o(e)g(activities)h(men)o
(tioned)0 1624 y(ab)q(o)o(v)o(e.)27 b(Other)19 b(activities)g(in)f(the)
g(foundations)g(of)g(cryptograph)o(y)f(include)j(the)e(exploration)g
(of)g(new)g(direc-)0 1680 y(tions)i(and)h(the)f(marking)g(of)g
(limitations.)36 b(F)l(or)20 b(example,)i(w)o(e)e(men)o(tion)g(no)o(v)o
(el)h(mo)q(des)f(of)g(op)q(eration)h(suc)o(h)0 1737 y(as)14
b(split-en)o(tities)j([17)o(,)d(60)o(,)g(131)o(],)g(batc)o(hing)h(op)q
(erations)g([78)o(],)f(o\013-line/on-line)j(signing)e([69)o(])f(and)h
(Incremen)o(tal)0 1793 y(Cryptograph)o(y)c([6)o(,)h(7)o(].)19
b(On)12 b(the)g(limitation)i(side,)f(w)o(e)f(men)o(tion)g([115)o(,)f
(95].)18 b(In)13 b(particular,)f([115)o(])f(indicates)j(that)0
1850 y(certain)h(tasks)e(\(e.g.,)h(secret)g(k)o(ey)g(exc)o(hange\))h
(are)f(unlik)o(ely)i(to)e(b)q(e)h(ac)o(hiev)o(ed)h(b)o(y)e(using)h(a)f
(one-w)o(a)o(y)g(function)h(in)0 1906 y(a)g(\\blac)o(k-b)q(o)o(x)g
(manner".)0 2026 y Fz(Organization:)48 b FB(Although)19
b(encryption,)i(signatures)e(and)g(secure)h(proto)q(cols)f(are)g(the)g
(primary)g(tasks)f(of)0 2082 y(Cryptograph)o(y)l(,)h(w)o(e)h(start)e
(our)h(presen)o(tation)h(with)g(basic)g(paradigms)f(and)h(to)q(ols)g
(suc)o(h)f(as)h(computational)0 2139 y(di\016cult)o(y)12
b(\(Section)f(2\),)g(pseudorandomness)g(\(Section)h(3\))e(and)h
(zero-kno)o(wledge)g(\(Section)h(4\).)17 b(Once)12 b(these)f(are)0
2195 y(presen)o(ted,)h(w)o(e)e(turn)h(to)f(encryption)i(\(Section)f
(5\),)g(signatures)g(\(Section)g(6\))g(and)g(secure)g(proto)q(cols)g
(\(Section)g(7\).)0 2251 y(W)l(e)h(conclude)i(with)f(some)f(notes)g
(\(Section)h(8\),)f(a)g(short)f(historical)j(p)q(ersp)q(ectiv)o(e)f
(\(Section)g(9\),)f(t)o(w)o(o)f(suggestions)0 2308 y(for)k(future)g
(researc)o(h)g(\(Section)h(10\))e(and)h(some)g(suggestions)g(for)g
(further)g(reading)h(\(Section)f(11\).)0 2428 y Fz(This)i(V)l(ersion:)
44 b FB(This)15 b(is)f(a)g(revised)h(and)g(expanded)g(v)o(ersion)g(of)e
(an)h(essa)o(y)g(whic)o(h)h(app)q(ears)g(in)g(the)f(pro)q(ceed-)0
2484 y(ings)j(of)g Fu(Crypto97)p FB(,)f(Springer's)h(Lecture)h(Notes)e
(in)i(Computer)e(Science,)j(V)l(ol.)e(1294,)f(pages)g(46{74.)24
b(Sp)q(eci\014c)0 2540 y(additions)15 b(include)h(\(1\))d(actual)h
(de\014nitions)h(of)f(secure)g(encryption)h(and)f(unforgeable)g
(signatures;)g(\(2\))f(a)g(more)p 0 2582 780 2 v 52 2608
a Fs(1)81 2624 y FD(The)f(only)i(exception)g(to)e(the)g(latter)h
(statemen)o(t)f(is)h(Levin's)g(observ)n(ation)h(regarding)g(the)f
(existence)g(of)f(a)g Fr(universal)f(one-way)0 2670 y(function)i
FD(\(cf.,)f([122])h(and)g([89,)g(Sec.)g(2.4.1]\).)964
2795 y FB(4)p eop
%%Page: 5 6
5 5 bop 0 42 a FB(detailed)19 b(description)f(of)f(the)g(Blum{Goldw)o
(asser)g(encryption)h(sc)o(heme)f([25];)g(\(3\))f(a)h(historical)h(p)q
(ersp)q(ectiv)o(e;)0 98 y(and)d(\(4\))g(some)g(sp)q(eci\014c)i(notes)e
(\(added)g(to)g(Section)h(8\).)964 2795 y(5)p eop
%%Page: 6 7
6 6 bop 0 42 a FA(P)n(art)23 b(I)0 145 y Fq(Basic)33
b(T)-8 b(o)s(ols)0 279 y FA(2)67 b(Cen)n(tral)23 b(P)n(aradigms)0
380 y FB(Mo)q(dern)13 b(Cryptograph)o(y)l(,)f(as)g(surv)o(ey)o(ed)h
(here,)g(is)g(concerned)h(with)f(the)g(construction)g(of)f
Fv(e\016cient)17 b FB(sc)o(hemes)c(for)0 437 y(whic)o(h)f(it)g(is)f
Fv(infe)n(asible)i FB(to)e(violate)g(the)h(securit)o(y)f(feature.)18
b(Th)o(us,)12 b(w)o(e)f(need)h(a)f(notion)g(of)g(e\016cien)o(t)h
(computations)0 493 y(as)h(w)o(ell)h(as)f(a)g(notion)g(of)g(infeasible)
i(ones.)k(The)14 b(computations)f(of)g(the)g(legitimate)h(users)f(of)g
(the)g(sc)o(heme)h(ough)o(t)0 550 y(b)q(e)i(e\016cien)o(t;)h(whereas)f
(violating)g(the)g(securit)o(y)g(features)g(\(via)g(an)f(adv)o
(ersary\))g(ough)o(t)g(to)g(b)q(e)i(infeasible.)24 b(Our)0
606 y(notions)12 b(of)g(e\016cien)o(t)h(and)f(infeasible)i
(computations)e(are)g(\\asymptotic":)18 b(They)12 b(refer)g(to)f(the)i
(running)g(time)f(as)0 662 y(a)g(function)h(of)e(the)i(securit)o(y)f
(parameter.)18 b(This)13 b(is)f(done)h(in)g(order)f(to)f(a)o(v)o(oid)h
(cum)o(b)q(ersome)g(form)o(ulations)g(whic)o(h)0 719
y(refer)17 b(to)g(the)g(actual)g(running-time)i(on)e(a)g(sp)q(eci\014c)
i(mo)q(del)f(for)f(sp)q(eci\014c)i(v)m(alues)f(of)f(the)h(securit)o(y)f
(parameter.)0 775 y(As)f(discussed)i(ab)q(o)o(v)o(e)e(one)g(can)g
(easily)h(deriv)o(e)g(suc)o(h)g(sp)q(eci\014c)h(statemen)o(ts)d(from)g
(the)i(asymptotic)f(treatmen)o(t.)0 832 y(Actually)l(,)f(the)g(term)e
(\\asymptotic")g(is)i(misleading)h(since,)f(from)e(the)i(functional)g
(treatmen)o(t)e(of)g(the)i(running-)0 888 y(time)20 b(\(as)g(a)g
(function)g(of)g(the)g(securit)o(y)h(parameter\),)f(one)g(can)g(deriv)o
(e)h(statemen)o(ts)e(for)g Fp(any)h FB(v)m(alue)h(of)f(the)0
945 y(securit)o(y)c(parameter.)71 1001 y Fu(E\016cient)c(computations)f
FB(are)g(commonly)g(mo)q(deled)i(b)o(y)e(computations)g(whic)o(h)h(are)
f(p)q(olynomial-time)j(in)e(the)0 1058 y(securit)o(y)j(parameter.)j
(The)d(p)q(olynomial)h(b)q(ounding)g(the)e(running-time)i(of)e(the)g
(legitimate)h(user's)f(strategy)f(is)0 1114 y(\014xed)h(and)f(t)o
(ypically)h(explicit)h(and)e(small)h(\(still)g(in)f(some)g(cases)g(it)g
(is)g(indeed)i(a)d(v)m(aluable)j(goal)e(to)f(mak)o(e)g(it)i(ev)o(en)0
1171 y(smaller\).)29 b(Here)18 b(\(i.e.,)g(when)g(referring)h(to)e(the)
h(complexit)o(y)h(of)e(the)h(legitimate)h(user\))f(w)o(e)g(are)f(in)i
(the)f(same)0 1227 y(situation)h(as)e(in)i(an)o(y)f(algorithmic)h
(researc)o(h.)28 b(Things)19 b(are)e(di\013eren)o(t)i(when)f(referring)
h(to)e(our)h(assumptions)0 1283 y(regarding)10 b(the)h(computational)f
(resources)h(of)f(the)g(adv)o(ersary)l(.)18 b(A)10 b(common)g(approac)o
(h)g(is)h(to)f(p)q(ostulate)g(that)g(the)0 1340 y(latter)k(are)g(p)q
(olynomial-time)i(to)q(o,)d(where)i(the)f(p)q(olynomial)h(is)g
Fp(not)f FB(a-priori)h(sp)q(eci\014ed.)21 b(In)15 b(other)f(w)o(ords,)f
(the)0 1396 y(adv)o(ersary)g(is)g(restricted)h(to)f(the)g(class)h(of)f
(e\016cien)o(t)h(computations)g(and)f(an)o(ything)h(b)q(ey)o(ond)g
(this)g(is)g(considered)0 1453 y(to)k(b)q(e)h Fu(infeasible)p
FB(.)31 b(Although)19 b(man)o(y)f(de\014nitions)i(explicitly)h(refer)d
(to)g(this)h(con)o(v)o(en)o(tion,)g(this)g(con)o(v)o(en)o(tion)f(is)0
1509 y Fp(inessential)f FB(to)f(an)o(y)h(of)g(the)g(results)g(kno)o(wn)
g(in)h(the)f(area.)25 b(In)18 b(all)g(cases,)f(a)g(more)f(general)i
(\(and)f(y)o(et)f(more)0 1566 y(cum)o(b)q(ersome\))g(statemen)o(t)g
(can)g(b)q(e)h(made)f(b)o(y)h(referring)f(to)g(adv)o(ersaries)g(of)g
(running-time)i(b)q(ounded)g(b)o(y)e(an)o(y)0 1622 y(function)i(\(or)f
(class)h(of)f(functions\).)28 b(F)l(or)16 b(example,)j(for)e(an)o(y)g
(function)i Fx(T)14 b FB(:)9 b Fo(N)h Fn(7!)f Fo(N)19
b FB(\(e.g.,)e Fx(T)6 b FB(\()p Fx(n)p FB(\))16 b(=)h(2)1805
1595 y Fm(3)1800 1585 y Fl(p)p 1827 1585 21 2 v 21 x
Fk(n)1850 1622 y FB(\),)g(w)o(e)0 1679 y(ma)o(y)e(consider)i(adv)o
(ersaries)f(whic)o(h)h(on)f(securit)o(y)h(parameter)e
Fx(n)h FB(run)h(for)e(at)g(most)h Fx(T)6 b FB(\()p Fx(n)p
FB(\))15 b(steps.)22 b(Doing)17 b(so)e(w)o(e)0 1735 y(\(implicitly\))22
b(de\014ne)g(as)d Fu(infeasible)i FB(an)o(y)f(computation)g(whic)o(h)h
(\(on)e(securit)o(y)i(parameter)e Fx(n)p FB(\))h(requires)g(more)0
1792 y(than)15 b Fx(T)6 b FB(\()p Fx(n)p FB(\))15 b(steps.)20
b(A)15 b(t)o(ypical)h(result)f(has)g(the)h(form)926 1775
y Ft(2)114 1868 y Fw(If)21 b(RSA)i(with)f Fx(n)p Fw(-bit)g(mo)q(duli)h
(cannot)f(b)q(e)g(in)o(v)o(erted)g(in)g(time)g Fx(T)6
b FB(\()p Fx(n)p FB(\))21 b Fw(then)h(the)g(follo)o(wing)g(con-)114
1924 y(struction)c(\(using)g(securit)o(y)g(parameter)f
Fx(n)p Fw(\))h(is)g(secure)h(against)e(adv)o(ersaries)h(op)q(erating)g
(in)h(time)114 1981 y Fx(T)147 1964 y Fl(0)158 1981 y
FB(\()p Fx(n)p FB(\))12 b(=)h Fx(T)6 b FB(\()p Fx(g)r
FB(\()p Fx(n)p FB(\)\))p Fx(=f)f FB(\()p Fx(n)p FB(\))p
Fw(,)13 b(where)i Fx(f)21 b Fw(and)15 b Fx(g)862 1964
y Fl(\000)p Ft(1)921 1981 y Fw(are)g(explicitly)j(giv)o(en)e(p)q
(olynomials.)0 2057 y FB(Ho)o(w)o(ev)o(er,)22 b(most)e(pap)q(ers)i
(prefer)f(to)g(presen)o(t)g(a)g(simpli\014ed)j(statemen)o(t)d(of)f(the)
i(form)e(\\if)i(RSA)g(cannot)f(b)q(e)0 2114 y(in)o(v)o(erted)16
b(in)h(p)q(olynomial-time)h(then)e(the)g(follo)o(wing)h(construction)f
(is)h(secure)f(against)g(p)q(olynomial-time)i(ad-)0 2170
y(v)o(ersaries".)34 b(This)20 b(is)g(unfortunate)g(since)h(it)f(is)h
(the)f(sp)q(eci\014c)h(functions)g Fx(f)k FB(and)20 b
Fx(g)r FB(,)g(whic)o(h)h(are)e(\(sometimes)0 2227 y(explicit)k(and\))d
(alw)o(a)o(ys)g(implicit)k(in)d(the)g(pro)q(of,)g(that)f(determine)i
(the)f(practicalit)o(y)g(of)g(the)f(construction.)1931
2210 y Ft(3)p 0 2262 780 2 v 52 2289 a Fs(2)86 2305 y
FD(Actually)m(,)g(the)e(form)f(b)q(elo)o(w)h(is)h(o)o(v)o
(er-simpli\014ed.)33 b(The)18 b(actual)g(statemen)o(t)g(refers)g(also)g
(to)g(the)f(success)i(probabiliti)q(es)h(of)0 2350 y(b)q(oth)h(attac)o
(ks.)39 b(It)20 b(reads:)32 b(If)20 b(RSA)h(with)f Fj(n)p
FD(-bit)h(mo)q(duli)i(cannot)e(b)q(e)g(in)o(v)o(erted)g(in)g(time)g
Fj(T)5 b FD(\()p Fj(n)p FD(\),)23 b(with)d(success)h(probabili)q(t)o(y)
0 2396 y(greater)d(than)g Fj(\017)p FD(\()p Fj(n)p FD(\),)f(then)h(the)
g(follo)o(wing)h(construction)h(\(using)f(securit)o(y)f(parameter)g
Fj(n)p FD(\))g(cannot)g(b)q(e)g(brok)o(en)g(b)o(y)g(adv)o(ersaries)0
2442 y(op)q(erating)g(in)f(time)f Fj(T)340 2426 y FE(0)352
2442 y FD(\()p Fj(n)p FD(\))g(with)g(success)h(probabilit)o(y)i
(greater)d(than)h Fj(\017)1086 2426 y FE(0)1097 2442
y FD(\()p Fj(n)p FD(\),)f(where)g Fj(T)1318 2426 y FE(0)1330
2442 y FD(\()p Fj(n)p FD(\))g(and)g Fj(\017)1492 2426
y FE(0)1503 2442 y FD(\()p Fj(n)p FD(\))g(are)g(related)h(to)f
Fj(T)5 b FD(\()p Fj(g)q FD(\()p Fj(n)p FD(\)\))0 2487
y(and)16 b Fj(\017)p FD(\()p Fj(g)q FD(\()p Fj(n)p FD(\)\))g(via)h
(explicit)h(p)q(olynomial)h(expressions)f(and)e Fj(g)915
2471 y FE(\000)p Fs(1)973 2487 y FD(is)g(an)g(explicitly)j(giv)o(en)e
(p)q(olynomial)q(.)27 b(Sp)q(eci\014call)q(y)m(,)19 b
Fj(T)5 b FD(\()p Fj(g)q FD(\()p Fj(n)p FD(\)\))16 b(=)0
2533 y(p)q(oly)r(\()p Fj(n;)6 b(T)155 2517 y FE(0)167
2533 y FD(\()p Fj(n)p FD(\)\))p Fj(=)p FD(p)q(oly)r(\()p
Fj(\017)358 2517 y FE(0)369 2533 y FD(\()p Fj(n)p FD(\)\))14
b(and)g Fj(\017)p FD(\()p Fj(g)q FD(\()p Fj(n)p FD(\)\))e(=)h(p)q(oly)r
(\()p Fj(\017)803 2517 y FE(0)813 2533 y FD(\()p Fj(n)p
FD(\)\))p Fj(=)p FD(p)q(oly)r(\()p Fj(n;)7 b(T)1056 2517
y FE(0)1068 2533 y FD(\()p Fj(n)p FD(\)\).)19 b(T)o(ypically)m(,)d
Fj(T)5 b FD(\()p Fj(g)q FD(\()p Fj(n)p FD(\)\))14 b(=)e(p)q(oly)r(\()p
Fj(n=\017)1675 2517 y FE(0)1686 2533 y FD(\()p Fj(n)p
FD(\)\))d Fi(\001)g Fj(T)1810 2517 y FE(0)1821 2533 y
FD(\()p Fj(n)p FD(\))14 b(and)0 2579 y Fj(\017)p FD(\()p
Fj(g)q FD(\()p Fj(n)p FD(\)\))d(=)f(p)q(oly)r(\()p Fj(\017)273
2563 y FE(0)284 2579 y FD(\()p Fj(n)p FD(\)\))p Fj(=)p
FD(p)q(oly)r(\()p Fj(T)486 2563 y FE(0)498 2579 y FD(\()p
Fj(n)p FD(\)\).)52 2608 y Fs(3)80 2624 y FD(The)i(imp)q(ortance)h(of)e
Fr(explicitly)d FD(relating)13 b(the)f(securit)o(y)g(of)f(the)h
(resulting)h(sc)o(heme)f(to)f(the)h(quan)o(ti\014ed)h(in)o(tractabili)q
(t)o(y)h(assump-)0 2670 y(tion)g(has)f(b)q(een)h(adv)o(o)q(cated)g
(\(and)g(practiced\))h(in)e(a)g(sequence)h(of)f(recen)o(t)g(w)o(orks)h
(b)o(y)f(Bellare)i(and)e(Roga)o(w)o(a)o(y)h(\(cf.,)e([10,)g(p.)h
(343]\).)964 2795 y FB(6)p eop
%%Page: 7 8
7 7 bop 0 42 a FB(The)19 b(smaller)g Fx(f)k FB(and)18
b Fx(g)417 25 y Fl(\000)p Ft(1)461 42 y FB(,)h(the)f(b)q(etter.)29
b(Our)19 b(rule)g(of)f(th)o(um)o(b)g(is)h(that)e(results)i(with)f
Fx(g)1557 25 y Fl(\000)p Ft(1)1601 42 y FB(\()p Fx(n)p
FB(\))g(=)g Fx(O)q FB(\()p Fx(n)p FB(\))g(\(e.g.,)0 98
y Fx(g)r FB(\()p Fx(n)p FB(\))i(=)i Fx(n=)p FB(2\))e(are)g(practical,)j
(whereas)d(results)h(with,)h(sa)o(y)l(,)f Fx(g)1131 81
y Fl(\000)p Ft(1)1175 98 y FB(\()p Fx(n)p FB(\))g(=)h
Fx(n)1343 81 y Ft(4)1382 98 y FB(\(i.e.,)f Fx(g)r FB(\()p
Fx(n)p FB(\))g(=)1669 83 y Fm(4)1658 65 y Fn(p)p 1696
65 28 2 v 33 x Fx(n)p FB(\))f(are)g(to)g(b)q(e)0 154
y(considered)d(merely)e(plausibili)q(t)o(y)j(results.)71
211 y(Lastly)d(w)o(e)h(consider)g(the)f(notion)h(of)f(a)g
Fu(negligible)h(p)o(robabilit)o(y)p FB(.)21 b(The)15
b(idea)h(b)q(ehind)i(this)e(notion)g(is)g(to)e(ha)o(v)o(e)0
267 y(a)h(robust)g(notion)h(of)f(rareness:)20 b(A)15
b(rare)g(ev)o(en)o(t)g(should)h(o)q(ccur)g(rarely)g(ev)o(en)f(if)h(w)o
(e)f(rep)q(eat)h(the)f(exp)q(erimen)o(t)i(for)0 324 y(a)d(feasible)h(n)
o(um)o(b)q(er)g(of)f(times.)19 b(That)14 b(is,)g(if)h(w)o(e)f(consider)
h(an)o(y)f(p)q(olynomial-time)i(computation)e(to)g(b)q(e)h(feasible)0
380 y(then)20 b(an)o(y)f(function)h Fx(f)e FB(:)12 b
Fo(N)h Fn(7!)g Fo(N)20 b FB(so)f(that)g(\(1)13 b Fn(\000)g
Fx(f)5 b FB(\()p Fx(n)p FB(\)\))979 364 y Fk(p)p Ft(\()p
Fk(n)p Ft(\))1064 380 y Fx(>)20 b FB(0)p Fx(:)p FB(99,)f(for)g(an)o(y)g
(p)q(olynomial)i Fx(p)p FB(,)g(is)f(considered)0 437
y(negligible)c(\(i.e.,)d Fx(f)19 b FB(is)13 b(negligible)j(if)e(for)f
(an)o(y)g(p)q(olynomial)i Fx(p)e FB(the)g(function)h
Fx(f)5 b FB(\()p Fn(\001)p FB(\))13 b(is)h(b)q(ounded)g(ab)q(o)o(v)o(e)
f(b)o(y)g(1)p Fx(=p)p FB(\()p Fn(\001)p FB(\)\).)0 493
y(Ho)o(w)o(ev)o(er,)19 b(if)h(w)o(e)f(consider)h(the)f(function)h
Fx(T)6 b FB(\()p Fx(n)p FB(\))19 b(to)g(pro)o(vide)h(our)f(notion)g(of)
g(infeasible)i(computation)f(then)0 550 y(functions)c(b)q(ounded)h(ab)q
(o)o(v)o(e)d(b)o(y)h(1)p Fx(=T)6 b FB(\()p Fx(n)p FB(\))15
b(are)f(considered)j(negligible)h(\(in)e Fx(n)p FB(\).)71
606 y(In)j(the)g(rest)f(of)g(this)h(essa)o(y)f(w)o(e)g(adopt)h(the)f
(simpler)i(con)o(v)o(en)o(tion)f(of)f(de\014ning)i(infeasible)h
(computations)0 663 y(as)16 b(ones)g(whic)o(h)i(cannot)e(b)q(e)h
(conducted)g(in)g(p)q(olynomial-time.)26 b(\(Ho)o(w)o(ev)o(er,)15
b(w)o(e)h(explicitly)j(state)c(the)i(lev)o(el)g(of)0
719 y(practicalit)o(y)g(of)f(eac)o(h)g(of)g(the)g(results)g(presen)o
(ted.\))23 b(The)16 b(in)o(terested)h(reader)f(is)h(referred)f(to)g
([123)n(])g(for)g(a)f(more)0 775 y(general)h(treatmen)o(t.)0
895 y Fy(2.1)56 b(Computational)17 b(Di\016cult)n(y)0
980 y FB(Mo)q(dern)i(Cryptograph)o(y)g(is)g(concerned)i(with)e(the)h
(construction)g(of)e(sc)o(hemes)i(whic)o(h)g(are)f(easy)g(to)g(op)q
(erate)0 1037 y(\(prop)q(erly\))11 b(but)f(hard)g(to)g(foil.)19
b(Th)o(us,)11 b(a)f(complexit)o(y)h(gap)f(\(i.e.,)h(b)q(et)o(w)o(een)g
(the)f(complexit)o(y)h(of)f(prop)q(er)h(usage)f(and)0
1093 y(the)j(complexit)o(y)i(of)e(defeating)h(the)f(prescrib)q(ed)i
(functionalit)o(y\))f(lies)h(in)f(the)g(heart)f(of)g(Mo)q(dern)g
(Cryptograph)o(y)l(.)0 1150 y(Ho)o(w)o(ev)o(er,)g(gaps)g(as)h(required)
h(for)e(Mo)q(dern)h(Cryptograph)o(y)e(are)i(not)f(kno)o(wn)h(to)f
(exist)h({)g(they)g(are)f(only)h(widely)0 1206 y(b)q(eliev)o(ed)21
b(to)d(exist.)30 b(Indeed,)21 b(almost)d(all)i(of)e(Mo)q(dern)h
(Cryptograph)o(y)e(rises)i(or)f(falls)i(with)e(the)h(question)g(of)0
1263 y(whether)d(one-w)o(a)o(y)e(functions)i(exist)g(\(e.g.,)e(see)h
([109)o(,)g(91,)g(157)o(,)g(134)o(,)g(97)o(])g(for)g(p)q(ositiv)o(e)h
(results)g(and)f([122)o(,)g(157)o(,)0 1319 y(144)o(])h(for)g(negativ)o
(e)g(ones\).)23 b(One-w)o(a)o(y)16 b(functions)h(are)f(functions)h
(whic)o(h)g(are)f(easy)g(to)g(ev)m(aluate)h(but)f(hard)g(\(on)0
1376 y(the)f(a)o(v)o(erage\))f(to)h(in)o(v)o(ert.)0 1463
y Fz(De\014nition)k(1)k FB(\(one-w)o(a)o(y)14 b(functions)i([61)o(]\):)
k Fv(A)c(function)g Fx(f)10 b FB(:)5 b Fn(f)p FB(0)p
Fx(;)j FB(1)p Fn(g)1196 1447 y Fl(\003)1218 1463 y Fn(7!)d(f)p
FB(0)p Fx(;)j FB(1)p Fn(g)1381 1447 y Fl(\003)1415 1463
y Fv(is)16 b(c)n(al)r(le)n(d)f Fu(one-w)o(a)o(y)h Fv(if)68
1544 y Fn(\017)23 b FB(easy)15 b(direction:)22 b Fv(ther)n(e)16
b(is)g(an)g(e\016cient)f(algorithm)i(which)g(on)f(input)g
Fx(x)h Fv(outputs)g Fx(f)5 b FB(\()p Fx(x)p FB(\))p Fv(.)68
1633 y Fn(\017)23 b FB(hard)17 b(direction:)27 b Fv(given)18
b Fx(f)5 b FB(\()p Fx(x)p FB(\))p Fv(,)19 b(wher)n(e)g
Fx(x)f Fv(is)g(uniformly)h(sele)n(cte)n(d,)f(it)h(is)f(infe)n(asible)f
(to)i(\014nd,)f(with)h(non-)114 1689 y(ne)n(gligible)d(pr)n(ob)n
(ability,)k(a)f(pr)n(eimage)g(of)g Fx(f)5 b FB(\()p Fx(x)p
FB(\))p Fv(.)28 b(That)19 b(is,)g(any)g(fe)n(asible)f(algorithm)h
(which)h(tries)e(to)i(do)114 1746 y(invert)d Fx(f)24
b Fv(may)18 b(suc)n(c)n(e)n(e)n(d)f(only)h(with)g(ne)n(gligible)e(pr)n
(ob)n(ability,)i(wher)n(e)h(the)f(pr)n(ob)n(ability)g(is)g(taken)f
(over)i(the)114 1802 y(choic)n(es)c(of)i Fx(x)f Fv(and)g(the)h
(algorithm's)f(c)n(oin)g(tosses.)0 1890 y Fz(W)l(arning:)j
FB(the)c(ab)q(o)o(v)o(e)e(de\014nition,)j(as)d(w)o(ell)i(as)f(all)h
(other)e(de\014nitions)j(in)f(this)f(essa)o(y)l(,)g(a)o(v)o(oids)g
(some)f(tec)o(hnical-)0 1946 y(ities)j(and)g(so)e(is)i(imprecise.)22
b(The)15 b(in)o(terested)h(reader)f(is)h(referred)f(to)g(other)f(texts)
h(\(see)g(Section)h(11\).)0 2066 y Fy(2.2)56 b(Computational)17
b(Indistinguishabilit)n(y)0 2151 y FB(A)f(cen)o(tral)g(notion)g(in)h
(Mo)q(dern)f(Cryptograph)o(y)f(is)h(that)f(of)h(\\e\013ectiv)o(e)g
(similarit)o(y".)23 b(The)16 b(underlying)i(idea)e(is)0
2208 y(that)h(w)o(e)h(do)f(not)h(care)f(if)h(ob)s(jects)g(are)f(equal)h
(or)g(not)f({)g(all)i(w)o(e)f(care)f(is)i(whether)e(a)h(di\013erence)h
(b)q(et)o(w)o(een)f(the)0 2264 y(ob)s(jects)13 b(can)g(b)q(e)h(observ)o
(ed)g(b)o(y)f(a)g(feasible)i(computation.)k(In)14 b(case)g(the)f(answ)o
(er)g(is)h(negativ)o(e,)f(w)o(e)g(ma)o(y)g(sa)o(y)g(that)0
2321 y(the)k(t)o(w)o(o)f(ob)s(jects)h(are)f(equiv)m(alen)o(t)j(as)e
(far)g(as)f(an)o(y)h(practical)h(application)h(is)e(concerned.)27
b(Indeed,)19 b(it)e(will)i(b)q(e)0 2377 y(our)c(common)g(practice)h(to)
e(in)o(terc)o(hange)i(suc)o(h)f(\(computationally)h(indistinguishabl)q
(e\))i(ob)s(jects.)0 2465 y Fz(De\014nition)h(2)k FB(\(computational)12
b(indistinguishabi)q(li)q(t)o(y)j([104)n(,)d(168)o(]\):)19
b Fv(L)n(et)13 b Fx(X)i FB(=)e Fn(f)p Fx(X)1474 2472
y Fk(n)1496 2465 y Fn(g)1519 2473 y Fk(n)p Fl(2)p Fh(N)1603
2465 y Fv(and)g Fx(Y)23 b FB(=)13 b Fn(f)p Fx(Y)1834
2472 y Fk(n)1857 2465 y Fn(g)1880 2473 y Fk(n)p Fl(2)p
Fh(N)0 2521 y Fv(b)n(e)j(pr)n(ob)n(ability)g(ensembles)e(such)i(that)h
(e)n(ach)f Fx(X)822 2528 y Fk(n)861 2521 y Fv(and)g Fx(Y)975
2528 y Fk(n)1014 2521 y Fv(r)n(anges)f(over)h(strings)f(of)i(length)e
Fx(n)p Fv(.)21 b(We)c(say)f(that)h Fx(X)0 2578 y Fv(and)f
Fx(Y)27 b Fv(ar)n(e)16 b Fu(computationally)e(indistinguishable)19
b Fv(if)d(for)h(every)f(fe)n(asible)f(algorithm)i Fx(A)f
Fv(the)h(di\013er)n(enc)n(e)566 2670 y Fx(d)590 2677
y Fk(A)617 2670 y FB(\()p Fx(n)p FB(\))692 2645 y Ft(def)697
2670 y FB(=)h Fn(j)p FB(Pr\()p Fx(A)p FB(\()p Fx(X)920
2677 y Fk(n)941 2670 y FB(\))5 b(=)g(1\))10 b Fn(\000)h
FB(Pr)o(\()p Fx(A)p FB(\()p Fx(Y)1245 2677 y Fk(n)1268
2670 y FB(\))5 b(=)g(1\))p Fn(j)964 2795 y FB(7)p eop
%%Page: 8 9
8 8 bop 0 42 a Fv(is)16 b(a)g(ne)n(gligible)e(function)i(in)g
Fx(n)p Fv(.)0 163 y Fy(2.3)56 b(The)18 b(Sim)n(ulation)f(P)n(aradigm)0
249 y FB(A)e(k)o(ey)f(question)h(regarding)g(the)f(mo)q(deling)i(of)e
(securit)o(y)h(concerns)g(is)g(ho)o(w)f(to)g(express)h(the)f(in)o
(tuitiv)o(e)i(require-)0 305 y(men)o(t)g(that)g(an)h(adv)o(ersary)f
(\\gains)g(nothing)h(substan)o(tial")g(b)o(y)g(deviating)g(from)f(the)h
(prescrib)q(ed)h(b)q(eha)o(vior)f(of)0 362 y(an)c(honest)g(user.)19
b(The)13 b(approac)o(h)g(initiated)h(in)g([104)o(,)e(105)o(])h(is)g
(that)f(the)h(adv)o(ersary)f Fv(gains)i(nothing)i FB(if)e(whatev)o(er)0
418 y(it)f(can)g(obtain)g(b)o(y)f(deviating)i(from)e(the)h(prescrib)q
(ed)h(honest)f(b)q(eha)o(vior)g(can)g(also)g(b)q(e)g(obtained)g(in)h
(an)e(appropri-)0 475 y(ately)j(de\014ned)g(\\ideal)h(mo)q(del".)k(The)
14 b(de\014nition)j(of)c(the)i(\\ideal)g(mo)q(del")g(captures)g(what)e
(w)o(e)h(w)o(an)o(t)g(to)f(ac)o(hiev)o(e)0 531 y(in)19
b(terms)f(of)g(securit)o(y)l(,)h(and)f(so)g(is)h(sp)q(eci\014c)h(to)d
(the)i(securit)o(y)f(concern)h(to)f(b)q(e)h(addressed.)29
b(F)l(or)18 b(example,)h(an)0 588 y(encryption)f(sc)o(heme)g(is)g
(considered)h(secure)f(\(against)e(ea)o(v)o(esdropping\))i(if)g(an)f
(adv)o(ersary)f(whic)o(h)j(ea)o(v)o(esdrops)0 644 y(on)d(a)g(c)o
(hannel)h(on)f(whic)o(h)g(messages)g(are)g(sen)o(t,)f(using)i(this)f
(encryption)h(sc)o(heme,)f(gains)h(nothing)f(o)o(v)o(er)f(a)h(user)0
701 y(whic)o(h)e(do)q(es)g(not)f(tap)g(this)h(c)o(hannel.)21
b(Th)o(us,)13 b(the)h(encryption)g(sc)o(heme)g(\\sim)o(ulates")f(an)h
(ideal)h(priv)m(ate)f(c)o(hannel)0 757 y(b)q(et)o(w)o(een)i(parties.)71
814 y(A)c(notable)h(prop)q(ert)o(y)f(of)g(the)g(ab)q(o)o(v)o(e)g(sim)o
(ulation)i(paradigm,)e(as)g(w)o(ell)i(as)e(of)g(the)g(en)o(tire)h
(approac)o(h)f(surv)o(ey)o(ed)0 870 y(here,)i(is)g(that)e(this)i
(approac)o(h)f(is)h(v)o(ery)f(lib)q(eral)i(with)f(resp)q(ect)g(to)e
(its)i(view)g(of)f(the)g(abilities)j(of)c(the)i(adv)o(ersary)e(as)0
927 y(w)o(ell)k(as)e(to)h(what)f(migh)o(t)h(constitute)g(a)f(gain)i
(for)e(the)h(adv)o(ersary)l(.)k(F)l(or)14 b(example,)i(w)o(e)e
(consider)i(an)f(encryption)0 983 y(sc)o(heme)22 b(to)e(b)q(e)i(secure)
g(only)g(if)f(it)h(can)f(sim)o(ulate)h(a)f(priv)m(ate)h(c)o(hannel.)39
b(Indeed,)24 b(failure)e(to)f(pro)o(vide)h(suc)o(h)0
1039 y(a)f(sim)o(ulation)i(do)q(es)f Fp(not)g FB(necessarily)h(mean)f
(that)f(the)g(encryption)i(sc)o(heme)f(can)g(b)q(e)h(\\brok)o(en")e(in)
h(some)0 1096 y(in)o(tuitiv)o(ely)17 b(harmful)e(sense.)20
b(Th)o(us,)15 b(it)g(seems)g(that)g(our)f(approac)o(h)h(to)f
(de\014ning)j(securit)o(y)e(is)g(o)o(v)o(erly)g(cautious.)0
1152 y(Ho)o(w)o(ev)o(er,)h(it)h(seems)g(imp)q(ossible)i(to)d(come)h(up)
h(with)f(de\014nitions)h(of)f(securit)o(y)g(whic)o(h)h(distinguish)h
(\\breaking)0 1209 y(the)h(sc)o(heme)f(in)i(a)e(harmful)h(sense")f
(from)g(\\breaking)h(it)g(in)g(a)f(non-harmful)h(sense":)29
b(What)19 b(is)h(harmful)f(is)0 1265 y(application-dep)q(end)q(en)o(t,)
g(whereas)e(a)f(go)q(o)q(d)g(de\014nition)j(of)d(securit)o(y)h(ough)o
(t)f(to)g(b)q(e)h(application)i(indep)q(enden)o(t)0 1322
y(\(as)10 b(otherwise)h(using)g(the)g(sc)o(heme)g(in)g(an)o(y)f(new)h
(application)h(will)h(require)e(a)f(full)i(re-ev)m(aluation)g(of)e(its)
h(securit)o(y\).)0 1378 y(F)l(urthermore,)23 b(since)g(w)o(e)f(are)g
(in)o(terested)h(in)g(secure)g(sc)o(hemes,)h(there)e(is)h(no)f(harm)g
(in)h(emplo)o(ying)g(o)o(v)o(erly)0 1435 y(cautious)15
b(de\014nitions,)i(pro)o(vided)e(that)g(this)g(do)q(es)g(not)g(prev)o
(en)o(t)g(us)g(\(or)f(ev)o(en)h(disturb)h(us\))e(from)h(constructing)0
1491 y(\\go)q(o)q(d")c(sc)o(hemes.)19 b(W)l(e)11 b(claim)i(that)d(this)
i(has)f(b)q(een)i(the)e(case)h(in)g(the)g(past.)18 b(In)12
b(most)e(cases)i(it)f(has)h(b)q(een)g(p)q(ossible)0 1548
y(to)17 b(construct)h(sc)o(hemes)g(whic)o(h)h(meet)f(the)g(o)o(v)o
(erly)g(cautious)g(de\014nitions)i(\(of)d(securit)o(y\),)h(and)h(in)f
(other)g(cases)0 1604 y(the)d(di\016cult)o(y)i(to)d(construct)h(suc)o
(h)h(sc)o(hemes)f(has)g(demonstrated)g(an)g(inheren)o(t)h(problem)g
(\(e.g.,)e([115)o(,)g(95]\).)0 1747 y FA(3)67 b(Pseudorandomness)0
1849 y FB(In)16 b(practice)g(\\pseudorandom")f(sequences)h(are)f(used)h
(instead)g(of)f(truly)h(random)f(sequences)h(in)g(man)o(y)f(appli-)0
1905 y(cations.)20 b(The)15 b(underlying)i(b)q(elief)g(is)e(that)f(if)h
(an)g(\(e\016cien)o(t\))g(application)i(p)q(erforms)d(w)o(ell)i(when)g
(using)f(a)g(truly)0 1962 y(random)h(sequence)h(then)g(it)f(will)i(p)q
(erform)e(essen)o(tially)h(as)f(w)o(ell)h(when)g(using)g(a)e
(\\pseudorandom")h(sequence.)0 2018 y(Ho)o(w)o(ev)o(er,)h(this)h(b)q
(elief)i(is)e(not)g(supp)q(orted)g(b)o(y)g(previous)h(c)o
(haracterizations)e(of)h(\\pseudorandomness")g(\(e.g.,)0
2074 y(suc)o(h)h(as)f(passing)h(the)g(statistical)g(tests)f(in)h(Kn)o
(uth's)g(b)q(o)q(ok)g(or)f(ha)o(ving)h(large)f(linear-complexit)o(y\).)
32 b(In)20 b(con-)0 2131 y(trast,)d(the)h(ab)q(o)o(v)o(e)f(b)q(elief)j
(is)f(an)e(easy)h(corollary)g(of)g(de\014ning)h(pseudorandom)f
(distributions)i(as)d(ones)h(whic)o(h)0 2187 y(are)d(computationally)h
(indistinguishabl)q(e)i(from)c(uniform)i(distributions.)0
2309 y Fy(3.1)56 b(The)18 b(Basics)0 2395 y FB(W)l(e)h(are)g(in)o
(terested)h(in)g(pseudorandom)f(sequences)h(whic)o(h)g(can)g(b)q(e)g
(generated)f(and)g(determined)i(b)o(y)e(short)0 2451
y(random)c(seeds.)20 b(That)15 b(is,)0 2558 y Fz(De\014nition)k(3)k
FB(\(pseudorandom)d(generator)g([26)o(,)g(168)o(]\):)30
b Fv(L)n(et)20 b Fx(`)14 b FB(:)g Fo(N)h Fn(7!)f Fo(N)22
b Fv(b)n(e)f(so)g(that)h Fx(`)p FB(\()p Fx(n)p FB(\))f
Fx(>)h(n)p Fv(,)g Fn(8)p Fx(n)p Fv(.)36 b(A)0 2614 y
Fu(pseudo)o(random)15 b(generato)o(r)p Fv(,)i(with)h
Fu(stretch)g(function)h Fx(`)p Fv(,)e(is)g(an)g(e\016cient)g
FB(\(deterministic\))h Fv(algorithm)g(which)g(on)964
2795 y FB(8)p eop
%%Page: 9 10
9 9 bop 0 42 a Fv(input)19 b(a)h(r)n(andom)f Fx(n)p Fv(-bit)h
FB(seed)f Fv(outputs)i(a)e Fx(`)p FB(\()p Fx(n)p FB(\))p
Fv(-bit)g(se)n(quenc)n(e)e(which)j(is)f(c)n(omputational)r(ly)g
(indistinguishable)0 98 y(fr)n(om)d(a)h(uniformly)f(chosen)g
Fx(`)p FB(\()p Fx(n)p FB(\))p Fv(-bit)g(se)n(quenc)n(e.)0
186 y FB(W)l(e)d(stress)f(that)g(pseudorandom)h(sequences)h(can)f
(replace)h(truly)f(random)f(sequences)i(not)e(only)i(in)f(\\ordinary")0
242 y(computations)20 b(but)h(also)f(in)i(cryptographic)e(ones.)36
b(That)20 b(is,)i Fp(any)e FB(cryptographic)h(application)h(whic)o(h)f
(is)0 299 y(secure)16 b(when)h(the)f(legitimate)h(parties)f(use)g
(truly)g(random)g(sequences,)h(is)f(also)g(secure)h(when)f(the)g
(legitimate)0 355 y(parties)g(use)h(pseudorandom)f(sequences.)25
b(V)l(arious)16 b(cryptographic)h(applications)g(of)f(pseudorandom)h
(gener-)0 412 y(ators)g(will)j(b)q(e)f(presen)o(ted)g(in)g(the)g
(sequel,)h(but)e(\014rst)g(let)h(us)f(consider)i(the)e(construction)h
(of)f(pseudorandom)0 468 y(generators.)h(A)c(k)o(ey)g(paradigm)g(is)h
(presen)o(ted)f(next.)20 b(It)c(uses)f(the)g(notion)h(of)e(a)h
Fv(har)n(d-c)n(or)n(e)h FB(predicate)g([26)o(])f(of)f(a)0
525 y(\(one-w)o(a)o(y\))e(function:)20 b(The)14 b(predicate)h
Fx(b)e FB(is)i(a)e Fu(ha)o(rd-co)o(re)g FB(of)h(the)g(function)g
Fx(f)19 b FB(if)14 b Fx(b)g FB(is)g(easy)g(to)f(ev)m(aluate)h(but)g
Fx(b)p FB(\()p Fx(x)p FB(\))0 581 y(is)k(hard)g(to)f(predict)i(from)e
Fx(f)5 b FB(\()p Fx(x)p FB(\).)26 b(That)18 b(is,)g(it)g(is)g
(infeasible,)i(giv)o(en)f Fx(f)5 b FB(\()p Fx(x)p FB(\))17
b(when)h Fx(x)f FB(is)i(uniformly)f(c)o(hosen,)h(to)0
637 y(predict)13 b Fx(b)p FB(\()p Fx(x)p FB(\))e(substan)o(tially)i(b)q
(etter)f(than)g(with)g(probabilit)o(y)h(1)p Fx(=)p FB(2.)18
b(In)o(tuitiv)o(ely)l(,)d Fx(b)c FB(\\inherits)i Fv(in)g(a)g(c)n(onc)n
(entr)n(ate)n(d)0 694 y(sense)p FB(")i(the)h(di\016cult)o(y)i(of)e(in)o
(v)o(erting)h Fx(f)5 b FB(.)24 b(\(Note)16 b(that)f(if)i
Fx(b)f FB(is)h(a)f(hard-core)h(of)f(an)g(e\016cien)o(tly)i(computable)f
(1-1)0 750 y(function)f Fx(f)k FB(then)c Fx(f)k FB(m)o(ust)15
b(b)q(e)h(one-w)o(a)o(y)l(.\))0 868 y Fz(The)f(iteration)i(paradigm)e
([26]:)44 b FB(Let)13 b Fx(f)18 b FB(b)q(e)c(a)e(1-1)g(function)i(whic)
o(h)g(is)f(length-preserving)i(and)e(e\016cien)o(tly)0
924 y(computable,)j(and)f Fx(b)g FB(b)q(e)g(a)g(hard-core)h(predicate)g
(of)f Fx(f)5 b FB(.)19 b(Then)611 1011 y Fx(G)p FB(\()p
Fx(s)p FB(\))12 b(=)h Fx(b)p FB(\()p Fx(s)p FB(\))d Fn(\001)f
Fx(b)p FB(\()p Fx(f)c FB(\()p Fx(s)p FB(\)\))j Fn(\001)g(\001)g(\001)t
Fx(b)p FB(\()p Fx(f)1145 992 y Fk(`)p Ft(\()p Fl(j)p
Fk(s)p Fl(j)p Ft(\))p Fl(\000)p Ft(1)1264 1011 y FB(\()p
Fx(s)p FB(\)\))0 1105 y(is)17 b(a)e(pseudorandom)h(generator)g(\(with)g
(stretc)o(h)f(function)i Fx(`)p FB(\),)e(where)i Fx(f)1270
1089 y Fk(i)p Ft(+1)1326 1105 y FB(\()p Fx(x)p FB(\))1401
1080 y Ft(def)1406 1105 y FB(=)j Fx(f)5 b FB(\()p Fx(f)1533
1089 y Fk(i)1546 1105 y FB(\()p Fx(x)p FB(\)\))15 b(and)i
Fx(f)1758 1089 y Ft(0)1776 1105 y FB(\()p Fx(x)p FB(\))1852
1080 y Ft(def)1857 1105 y FB(=)i Fx(x)p FB(.)0 1162 y(As)e(a)g
(concrete)g(example,)h(consider)f(the)g(p)q(erm)o(utation)g
Fx(x)f Fn(7!)g Fx(x)1132 1145 y Ft(2)1163 1162 y FB(mo)q(d)d
Fx(N)t FB(,)k(where)h Fx(N)j FB(is)c(the)g(pro)q(duct)h(of)e(t)o(w)o(o)
0 1218 y(primes)f(eac)o(h)f(congruen)o(t)f(to)h(3)45
b(\(mo)q(d)15 b(4\).)k(W)l(e)14 b(ha)o(v)o(e)f Fx(G)988
1225 y Fk(N)1020 1218 y FB(\()p Fx(s)p FB(\))f(=)h(lsb)q(\()p
Fx(s)p FB(\))7 b Fn(\001)g FB(lsb)q(\()p Fx(s)1372 1202
y Ft(2)1403 1218 y FB(mo)q(d)13 b Fx(N)5 b FB(\))j Fn(\001)g(\001)g
(\001)t FB(lsb)q(\()p Fx(s)1725 1202 y Ft(2)1742 1189
y Fg(`)p Fm(\()p Ff(j)p Fg(s)p Ff(j)p Fm(\))p Ff(\000)p
Fm(1)1863 1218 y FB(mo)q(d)0 1275 y Fx(N)d FB(\),)16
b(where)i(lsb)q(\()p Fx(x)p FB(\))e(is)i(the)f(least)g(signi\014can)o
(t)h(bit)g(of)f Fx(x)g FB(\(whic)o(h)h(b)o(y)f([1)o(,)g(165)o(])g(is)g
(a)g(hard-core)g(of)g(the)g(mo)q(dular)0 1331 y(squaring)g(function\).)
27 b(W)l(e)17 b(note)g(that)g(for)f(an)o(y)h(one-w)o(a)o(y)g(p)q(erm)o
(utation)g Fx(f)1315 1315 y Fl(0)1327 1331 y FB(,)g(the)g(inner-pro)q
(duct)i(mo)q(d)e(2)g(of)g Fx(x)0 1388 y FB(and)j Fx(r)g
FB(is)g(a)f(hard-core)g(of)g Fx(f)5 b FB(\()p Fx(x;)j(r)q
FB(\))18 b(=)i(\()p Fx(f)738 1371 y Fl(0)750 1388 y FB(\()p
Fx(x)p FB(\))p Fx(;)8 b(r)q FB(\))17 b([96)o(].)32 b(Th)o(us,)21
b(using)f(an)o(y)f(one-w)o(a)o(y)g(p)q(erm)o(utation,)h(w)o(e)f(can)0
1444 y(easily)d(construct)f(pseudorandom)h(generators.)71
1501 y(The)f(iteration)h(paradigm)g(is)g(ev)o(en)g(more)g(b)q
(ene\014cial)i(when)e(one)g(has)f(a)h(hard-core)f(function)i(rather)e
(than)0 1557 y(a)21 b(hard-core)g(predicate:)32 b Fx(h)21
b FB(is)h(called)g(a)f Fv(har)n(d-c)n(or)n(e)h(function)i
FB(of)d Fx(f)26 b FB(if)21 b Fx(h)g FB(is)h(easy)f(to)f(ev)m(aluate)i
(but,)g(for)e(a)0 1613 y(random)14 b Fx(x)5 b Fn(2)g(f)p
FB(0)p Fx(;)j FB(1)p Fn(g)345 1597 y Fl(\003)363 1613
y FB(,)14 b(the)h(distribution)i Fx(f)5 b FB(\()p Fx(x)p
FB(\))j Fn(\001)h Fx(h)p FB(\()p Fx(x)p FB(\))14 b(is)i(pseudorandom.)k
(\(Note)14 b(that)g(a)g(hard-core)h(predicate)0 1670
y(is)21 b(a)g(sp)q(ecial)i(case.\))36 b(Using)22 b(a)e(hard-core)h
(function)h Fx(h)f FB(for)f Fx(f)5 b FB(,)22 b(w)o(e)f(obtain)g(the)g
(pseudorandom)g(generator)0 1726 y Fx(G)36 1710 y Fl(0)47
1726 y FB(\()p Fx(s)p FB(\))d(=)g Fx(h)p FB(\()p Fx(s)p
FB(\))12 b Fn(\001)g Fx(h)p FB(\()p Fx(f)5 b FB(\()p
Fx(s)p FB(\)\))12 b Fn(\001)f Fx(h)p FB(\()p Fx(f)548
1710 y Ft(2)567 1726 y FB(\()p Fx(s)p FB(\)\))d Fn(\001)g(\001)g(\001)m
FB(.)29 b(In)19 b(particular,)h(assuming)e(the)h(in)o(tractabilit)o(y)g
(of)f(the)g(subset)h(sum)0 1783 y(problem)c(\(for)f(suitable)i
(densities\))g(or)e(of)g(the)g(deco)q(ding)i(of)e(random)h(linear)g(co)
q(des,)g(this)g(paradigm)g(w)o(as)e(used)0 1839 y(in)j([114)o(,)f(80)o
(])g(to)g(construct)g(v)o(ery)g(e\016cien)o(t)h(pseudorandom)g
(generators.)j(Alternativ)o(ely)l(,)e(encouraged)f(b)o(y)f(the)0
1896 y(results)f(in)g([1)o(,)f(110)o(],)g(w)o(e)f Fu(conjecture)j
FB(that)e(the)g(\014rst)g Fx(n=)p FB(2)g(least)g(signi\014can)o(t)h
(bits)g(of)e(the)i(argumen)o(t)e(constitute)h(a)0 1952
y(hard-core)j(function)h(of)e(the)h(mo)q(dular)h(squaring)f(function)h
(for)e Fx(n)p FB(-bit)i(long)f(mo)q(duli.)24 b(This)16
b(conjecture)g(yields)0 2009 y(an)k(e\016cien)o(t)g(pseudorandom)g
(generator:)29 b Fx(G)814 1992 y Fl(0)814 2020 y Fk(N)845
2009 y FB(\()p Fx(s)p FB(\))20 b(=)h Fp(lsb)1048 2016
y Fk(N)1080 2009 y FB(\()p Fx(s)p FB(\))13 b Fn(\001)f
Fp(lsb)1246 2016 y Fk(N)1277 2009 y FB(\()p Fx(s)1316
1992 y Ft(2)1348 2009 y FB(mo)q(d)g Fx(N)5 b FB(\))13
b Fn(\001)g Fp(lsb)1616 2016 y Fk(N)1648 2009 y FB(\()p
Fx(s)1687 1992 y Ft(4)1718 2009 y FB(mo)q(d)g Fx(N)5
b FB(\))j Fn(\001)g(\001)g(\001)l FB(,)0 2065 y(where)15
b Fp(lsb)202 2072 y Fk(N)233 2065 y FB(\()p Fx(x)p FB(\))g(denotes)g
(the)h(0)p Fx(:)p FB(5)8 b(log)677 2076 y Ft(2)703 2065
y Fx(N)20 b FB(least)15 b(signi\014can)o(t)h(bits)g(of)f
Fx(x)p FB(.)0 2183 y Fz(A)i(plausibility)j(result)e([109)o(]:)45
b FB(Pseudorandom)15 b(generators)g(exist)h(if)g(\(and)g(only)g(if)t
(\))f(one-w)o(a)o(y)g(functions)0 2239 y(exist.)20 b(Unlik)o(e)15
b(the)f(construction)g(of)g(pseudorandom)g(generators)f(from)g(one-w)o
(a)o(y)g(p)q(erm)o(utations,)h(the)g(kno)o(wn)0 2296
y(construction)h(of)f(pseudorandom)g(generators)g(from)f
Fv(arbitr)n(ary)19 b FB(one-w)o(a)o(y)14 b(functions)h(has)f(no)h
(practical)g(signif-)0 2352 y(icance.)23 b(It)16 b(is)g(indeed)i(an)e
(imp)q(ortan)o(t)f(op)q(en)i(problem)f(to)g(pro)o(vide)g(an)g
(alternativ)o(e)g(construction)g(whic)o(h)h(ma)o(y)0
2408 y(b)q(e)f(practical)g(and)f(still)i(utilize)g(an)e
Fv(arbitr)n(ary)20 b FB(one-w)o(a)o(y)15 b(function.)0
2528 y Fy(3.2)56 b(Pseudorandom)18 b(F)-5 b(unctions)0
2614 y FB(Pseudorandom)20 b(generators)e(allo)o(w)i(to)f(e\016cien)o
(tly)i(generate)e(long)h(pseudorandom)g(sequences)h(from)e(short)0
2670 y(random)f(seeds.)29 b(Pseudorandom)18 b(functions)h(\(de\014ned)g
(b)q(elo)o(w\))f(are)g(ev)o(en)g(more)g(p)q(o)o(w)o(erful:)26
b(They)18 b(allo)o(w)h(ef-)964 2795 y(9)p eop
%%Page: 10 11
10 10 bop 0 42 a FB(\014cien)o(t)20 b(direct)f(access)g(to)f(a)g(h)o
(uge)h(pseudorandom)f(sequence)i(\(whic)o(h)f(is)g(not)g(feasible)h(to)
e(scan)g(bit-b)o(y-bit\).)0 98 y(Put)13 b(in)h(other)f(w)o(ords,)g
(pseudorandom)g(functions)h(can)g(replace)g(truly)f(random)g(functions)
h(in)g(an)o(y)f(application)0 154 y(where)k(the)f(function)i(is)f(used)
g(in)g(a)f(blac)o(k-b)q(o)o(x)h(fashion)g(\(i.e.,)f(the)h(adv)o(ersary)
e(ma)o(y)h(obtain)h(the)f(v)m(alue)i(of)e(the)0 211 y(function)f(at)f
(argumen)o(ts)g(of)g(its)g(c)o(hoice,)h(but)g(do)q(es)g(not)f(ha)o(v)o
(e)g(the)g(description)i(of)e(the)h(function)g(and)f(so)g(is)h(not)0
267 y(able)h(to)f(ev)m(aluate)h(the)f(function)h(b)o(y)f(itself)t(\).)
778 251 y Ft(4)0 374 y Fz(De\014nition)k(4)k FB(\(pseudorandom)16
b(functions)i([91)o(]\):)k Fv(A)17 b Fu(pseudo)o(random)e(function)k
Fv(is)e(an)g(e\016cient)g FB(\(determin-)0 430 y(istic\))j
Fv(algorithm)g(which)f(given)f(an)h Fx(n)p Fv(-bit)h
FB(seed)p Fv(,)g Fx(s)p Fv(,)g(and)f(an)g Fx(n)p Fv(-bit)h
FB(argumen)o(t)p Fv(,)f Fx(x)p Fv(,)h(r)n(eturns)e(an)h
Fx(n)p Fv(-bit)h(string,)0 487 y(denote)n(d)e Fx(f)190
494 y Fk(s)208 487 y FB(\()p Fx(x)p FB(\))p Fv(,)f(so)g(that)i(it)e(is)
h(infe)n(asible)d(to)j(distinguish)g(the)f(r)n(esp)n(onses)f(of)i
Fx(f)1391 494 y Fk(s)1409 487 y Fv(,)g(for)g(a)g(uniformly)g(chosen)f
Fx(s)p Fv(,)0 543 y(fr)n(om)f(the)h(r)n(esp)n(onses)d(of)j(a)f(truly)h
(r)n(andom)f(function.)0 649 y FB(That)j(is,)i(the)f(distinguisher)i
(is)e(giv)o(en)g(access)g(to)f(a)h(function)g(and)g(is)g(required)h(to)
e(distinguish)j(a)d(random)0 706 y(function)e Fx(f)11
b FB(:)6 b Fn(f)p FB(0)p Fx(;)i FB(1)p Fn(g)344 689 y
Fk(n)371 706 y Fn(7!)e(f)p FB(0)p Fx(;)i FB(1)p Fn(g)535
689 y Fk(n)572 706 y FB(from)15 b(a)g(function)i(c)o(hosen)f(uniformly)
h(in)g Fn(f)p Fx(f)1350 713 y Fk(s)1381 706 y FB(:)c
Fx(s)6 b Fn(2)g(f)p FB(0)p Fx(;)i FB(1)p Fn(g)1583 689
y Fk(n)1605 706 y Fn(g)p FB(.)21 b(W)l(e)16 b(stress)g(that)0
762 y(in)f(the)f(latter)g(case)g(the)h(distinguisher)h(is)f
Fp(not)f FB(giv)o(en)g(the)h(description)g(of)f(the)g(function)h
Fx(f)1588 769 y Fk(s)1621 762 y FB(\(i.e.,)e(the)i(seed)f
Fx(s)p FB(\),)0 819 y(but)h(rather)g(ma)o(y)f(obtain)i(the)f(v)m(alue)i
(of)d Fx(f)729 826 y Fk(s)762 819 y FB(on)i(an)o(y)e
Fx(n)p FB(-bit)j(string)e(of)g(its)g(c)o(hoice.)1401
802 y Ft(5)71 875 y FB(Pseudorandom)f(functions)i(are)f(a)f(v)o(ery)h
(useful)h(cryptographic)f(to)q(ol)g(\(cf.,)f([92)o(,)g(86])g(and)h
(Section)h(5\):)j(One)0 932 y(ma)o(y)c(\014rst)g(design)i(a)e
(cryptographic)h(sc)o(heme)g(assuming)g(that)e(the)i(legitimate)h
(users)e(ha)o(v)o(e)h(blac)o(k-b)q(o)o(x)g(access)0 988
y(to)f(a)f(random)h(function,)h(and)f(next)h(implemen)o(t)g(the)f
(random)g(function)h(using)g(a)f(pseudorandom)g(function.)0
1108 y Fz(F)l(rom)21 b(pseudorandom)g(generators)h(to)g(pseudorandom)f
(functions)i([91]:)45 b FB(Let)19 b Fx(G)g FB(b)q(e)g(a)g(pseudo-)0
1164 y(random)c(generator)f(with)i(stretc)o(hing)f(function)h
Fx(`)p FB(\()p Fx(n)p FB(\))d(=)g(2)p Fx(n)p FB(,)i(and)g(let)h
Fx(G)1273 1171 y Ft(0)1291 1164 y FB(\()p Fx(s)p FB(\))f(\(resp.,)f
Fx(G)1538 1171 y Ft(1)1557 1164 y FB(\()p Fx(s)p FB(\)\))g(denote)i
(the)f(\014rst)0 1221 y(\(resp.,)k(last\))g Fx(n)h FB(bits)g(in)g
Fx(G)p FB(\()p Fx(s)p FB(\))e(where)i Fx(s)g Fn(2)f(f)p
FB(0)p Fx(;)8 b FB(1)p Fn(g)899 1204 y Fk(n)920 1221
y FB(.)32 b(W)l(e)20 b(de\014ne)g(the)f(function)h(ensem)o(ble)h
Fn(f)p Fx(f)1690 1228 y Fk(s)1720 1221 y FB(:)11 b Fn(f)p
FB(0)p Fx(;)d FB(1)p Fn(g)1857 1204 y Fl(j)p Fk(s)p Fl(j)1905
1221 y Fn(7!)0 1277 y(f)p FB(0)p Fx(;)g FB(1)p Fn(g)113
1261 y Fl(j)p Fk(s)p Fl(j)149 1277 y Fn(g)p FB(,)14 b(where)i
Fx(f)353 1284 y Fk(s)371 1277 y FB(\()p Fx(\033)415 1284
y Fl(j)p Fk(s)p Fl(j)459 1277 y Fn(\001)8 b(\001)g(\001)e
Fx(\033)546 1284 y Ft(2)564 1277 y Fx(\033)590 1284 y
Ft(1)609 1277 y FB(\))12 b(=)h Fx(G)723 1284 y Fk(\033)742
1290 y Ff(j)p Fg(s)p Ff(j)779 1277 y FB(\()p Fn(\001)8
b(\001)g(\001)e Fx(G)894 1284 y Fk(\033)913 1288 y Fm(2)931
1277 y FB(\()p Fx(G)985 1284 y Fk(\033)1004 1288 y Fm(1)1022
1277 y FB(\()p Fx(s)p FB(\)\))i Fn(\001)g(\001)g(\001)m
FB(\).)19 b(This)d(ensem)o(ble)g(is)g(pseudorandom.)0
1359 y(Alternativ)o(e)g(constructions)f(of)g(pseudorandom)g(functions)h
(ha)o(v)o(e)f(b)q(een)h(suggested)f(in)i([137)n(,)e(139)o(].)0
1502 y FA(4)67 b(Zero-Kno)n(wledge)0 1603 y FB(Lo)q(osely)16
b(sp)q(eaking,)g(zero-kno)o(wledge)f(pro)q(ofs)g(are)g(pro)q(ofs)g
(whic)o(h)h(yield)h(nothing)e(b)q(ey)o(ond)h(the)f(v)m(alidit)o(y)i(of)
e(the)0 1660 y(assertion.)32 b(That)19 b(is,)i(a)e(v)o(eri\014er)h
(obtaining)g(suc)o(h)g(a)f(pro)q(of)g(only)h(gains)g(con)o(viction)g
(in)g(the)g(v)m(alidit)o(y)h(of)e(the)0 1716 y(assertion.)k(Using)17
b(the)f(sim)o(ulation)h(paradigm)f(this)h(requiremen)o(t)g(is)g(stated)
e(b)o(y)h(p)q(ostulating)h(that)f(an)o(ything)0 1773
y(that)e(is)h(feasibly)g(computable)h(from)d(a)i(zero-kno)o(wledge)g
(pro)q(of)f(is)h(also)f(feasibly)i(computable)f(from)f(the)g(v)m(alid)0
1829 y(assertion)h(alone.)0 1951 y Fy(4.1)56 b(The)18
b(Basics)0 2037 y FB(The)e(ab)q(o)o(v)o(e)e(imformal)i(paragraph)e
(refers)i(to)e(pro)q(ofs)h(as)g(to)g(in)o(teractiv)o(e)h(and)f
(randomized)h(pro)q(cesses.)1812 2020 y Ft(6)1852 2037
y FB(That)0 2093 y(is,)21 b(here)g(a)e(pro)q(of)h(is)h(a)e(\(m)o
(ulti-round\))i(proto)q(col)f(for)f(t)o(w)o(o)g(parties,)i(called)g(v)o
(eri\014er)g(and)f(pro)o(v)o(er,)g(in)h(whic)o(h)0 2150
y(the)c(pro)o(v)o(er)f(wishes)i(to)e(con)o(vince)i(the)f(v)o(eri\014er)
g(of)g(the)g(v)m(alidit)o(y)h(of)f(a)f(giv)o(en)i(assertion.)24
b(Suc)o(h)18 b(an)f Fv(inter)n(active)0 2206 y(pr)n(o)n(of)24
b FB(should)16 b(allo)o(w)f(the)f(pro)o(v)o(er)g(to)g(con)o(vince)i
(the)f(v)o(eri\014er)g(of)f(the)h(v)m(alidit)o(y)h(of)e(an)o(y)g(true)h
(assertion,)f(whereas)p 0 2246 780 2 v 52 2273 a Fs(4)81
2288 y FD(This)f(is)g(di\013eren)o(t)h(from)e(the)g Fr(R)n(andom)g(Or)n
(acle)g(Mo)n(del)f FD(of)h([12)q(],)f(where)h(the)h(adv)o(ersary)g(has)
g(a)f(direct)h(access)g(to)f(the)h(function.)52 2318
y Fs(5)81 2334 y FD(T)o(ypically)m(,)i(the)d(distinguis)q(her)j(stands)
e(for)f(an)h(adv)o(ersary)h(that)e(attac)o(ks)h(a)f(system)h(whic)o(h)g
(uses)g(a)f(pseudorandom)j(function.)0 2380 y(The)10
b(v)n(alues)i(of)f(the)f(function)i(on)f(argumen)o(ts)h(of)e(the)g(adv)
o(ersary's)i(c)o(hoice)g(are)e(obtained)j(from)d(the)h(legitimate)h
(users)g(of)e(the)g(system)0 2425 y(who,)j Fr(unlike)f(the)h(adversary)
p FD(,)d(kno)o(w)j(the)h(seed)f Fj(s)p FD(.)k(The)c(de\014nition)j
(implies)g(that)d(the)g(adv)o(ersary)i(will)f(not)g(b)q(e)f(more)g
(successful)i(in)0 2471 y(its)f(attac)o(k)g(than)g(it)g(could)h(ha)o(v)
o(e)f(b)q(een)g(if)f(the)h(system)g(w)o(as)f(to)g(use)h(a)g(truly)g
(random)g(function.)20 b(Needless)15 b(to)e(sa)o(y)h(that)g(the)f
(latter)0 2517 y(system)f(is)f(merely)i(a)e Fr(Ge)n(danken)e(Exp)n
(eriment)g FD(\(it)j(cannot)g(b)q(e)f(implemen)o(ted)j(since)e(it)g(is)
f(infeasible)j(to)d(ev)o(en)h(store)f(a)h(truly)g(random)0
2562 y(function\).)52 2592 y Fs(6)87 2608 y FD(The)17
b(form)o(ulation)j(applies)g(also)f(to)f(\\pro)q(ofs")g(in)h(the)f
(ordinary)h(sense)g(of)e(b)q(eing)j(strings)f(\(i.e.,)f(NP-pro)q
(ofs\).)31 b(Ho)o(w)o(ev)o(er,)0 2654 y(zero-kno)o(wledge)15
b(NP-pro)q(ofs)e(exist)h(only)g(in)g(a)f(trivial)i(manner)f(\(i.e.,)e
(for)h(languages)i(in)f Fi(B)q(P)s(P)s FD(\).)952 2795
y FB(10)p eop
%%Page: 11 12
11 11 bop 0 42 a Fp(no)18 b FB(pro)o(v)o(er)f(strategy)g(ma)o(y)g(fo)q
(ol)h(the)g(v)o(eri\014er)h(to)e(accept)i(false)f(assertions.)28
b(Both)18 b(the)g(ab)q(o)o(v)o(e)g Fv(c)n(ompleteness)0
98 y FB(and)j Fv(soundness)j FB(conditions)e(should)g(hold)g(with)f
(high)h(probabilit)o(y)h(\(i.e.,)f(a)e(negligible)k(error)d(probabilit)
o(y)0 154 y(is)f(allo)o(w)o(ed\).)34 b(The)20 b(prescrib)q(ed)i(v)o
(eri\014er)e(strategy)e(is)j(required)f(to)g(b)q(e)g(e\016cien)o(t.)34
b(No)20 b(suc)o(h)g(requiremen)o(t)g(is)0 211 y(made)c(with)h(resp)q
(ect)g(to)f(the)g(pro)o(v)o(er)g(strategy;)f(y)o(et)h(w)o(e)g(will)i(b)
q(e)f(in)o(terested)g(in)g(\\relativ)o(ely)g(e\016cien)o(t")g(pro)o(v)o
(er)0 267 y(strategies)i(\(see)h(b)q(elo)o(w\).)34 b(Zero-kno)o(wledge)
20 b(is)g(a)f(prop)q(ert)o(y)h(of)f(some)h(pro)o(v)o(er-strategies.)32
b(More)19 b(generally)l(,)0 324 y(w)o(e)i(consider)h(in)o(teractiv)o(e)
f(mac)o(hines)h(whic)o(h)g(yield)h(no)e(kno)o(wledge)h(while)g(in)o
(teracting)g(with)g(an)f(arbitrary)0 380 y(feasible)16
b(adv)o(ersary)e(on)h(a)g(common)f(input)i(tak)o(en)f(from)f(a)g
(predetermined)j(set)d(\(in)i(our)e(case)h(the)g(set)g(of)f(v)m(alid)0
437 y(assertions\).)0 543 y Fz(De\014nition)19 b(5)k
FB(\(zero-kno)o(wledge)13 b([105)n(]\):)19 b Fv(A)13
b(str)n(ate)n(gy)g Fx(A)h Fv(is)f Fu(zero-kno)o(wledge)h
Fv(on)f(inputs)g(fr)n(om)h Fx(S)i Fv(if,)e(for)g(every)0
599 y(fe)n(asible)20 b(str)n(ate)n(gy)g Fx(B)370 583
y Fl(\003)390 599 y Fv(,)i(ther)n(e)f(exists)f(a)h(fe)n(asible)f(c)n
(omputation)i Fx(C)1180 583 y Fl(\003)1220 599 y Fv(so)e(that)i(the)f
(fol)r(lowing)g(two)g(pr)n(ob)n(ability)0 656 y(ensembles)14
b(ar)n(e)j(c)n(omputational)r(ly)g(indistinguishable:)54
756 y(1.)23 b Fn(f)p FB(\()p Fx(A;)8 b(B)246 739 y Fl(\003)264
756 y FB(\)\()p Fx(x)p FB(\))p Fn(g)367 763 y Fk(x)p
Fl(2)p Fk(S)447 731 y Ft(def)453 756 y FB(=)21 b Fv(the)c(output)h(of)e
Fx(B)816 739 y Fl(\003)852 756 y Fv(when)g(inter)n(acting)g(with)g
Fx(A)h Fv(on)f(c)n(ommon)g(input)g Fx(x)d Fn(2)g Fx(S)s
Fv(;)j(and)54 858 y(2.)23 b Fn(f)p Fx(C)173 841 y Fl(\003)191
858 y FB(\()p Fx(x)p FB(\))p Fn(g)276 865 y Fk(x)p Fl(2)p
Fk(S)357 833 y Ft(def)362 858 y FB(=)f Fv(the)16 b(output)i(of)e
Fx(C)725 841 y Fl(\003)760 858 y Fv(on)h(input)f Fx(x)d
Fn(2)g Fx(S)s Fv(.)0 1001 y FB(Note)h(that)g(whereas)g
Fx(A)h FB(and)f Fx(B)550 985 y Fl(\003)584 1001 y FB(ab)q(o)o(v)o(e)g
(are)g(in)o(teractiv)o(e)h(strategies,)f Fx(C)1261 985
y Fl(\003)1294 1001 y FB(is)h(a)f(non-in)o(teractiv)o(e)h(computation.)
0 1058 y(The)20 b(ab)q(o)o(v)o(e)g(de\014nition)i(do)q(es)e
Fp(not)g FB(accoun)o(t)g(for)f(auxiliary)j(information)e(whic)o(h)h(an)
f(adv)o(ersary)f(ma)o(y)g(ha)o(v)o(e)0 1114 y(prior)f(to)f(en)o(tering)
h(the)f(in)o(teraction.)27 b(Accoun)o(ting)19 b(for)e(suc)o(h)g
(auxiliary)i(information)f(is)g(essen)o(tial)g(for)f(using)0
1171 y(zero-kno)o(wledge)j(pro)q(ofs)f(as)h(subproto)q(cols)g(inside)h
(larger)e(proto)q(cols)h(\(see)g([95)o(,)f(99)o(]\).)33
b(Another)19 b(concern)h(is)0 1227 y(that)15 b(w)o(e)g(prefer)h(that)e
(the)i(complexit)o(y)g(of)f Fx(C)793 1211 y Fl(\003)828
1227 y FB(b)q(e)h(b)q(ounded)h(as)e(a)g(function)h(of)g(the)f
(complexit)o(y)h(of)g Fx(B)1799 1211 y Fl(\003)1818 1227
y FB(.)21 b(Both)0 1284 y(concerns)16 b(are)f(tak)o(en)f(care)h(of)g(b)
o(y)g(a)g(more)g(strict)g(notion)g(of)g(zero-kno)o(wledge)h(presen)o
(ted)g(next.)0 1390 y Fz(De\014nition)j(6)k FB(\(zero-kno)o(wledge,)15
b(revisited)i([99)o(]\):)j Fv(A)d(str)n(ate)n(gy)f Fx(A)g
Fv(is)g Fu(black-b)q(o)o(x)g(zero-kno)o(wledge)h Fv(on)f(inputs)0
1446 y(fr)n(om)h Fx(S)j Fv(if)c(ther)n(e)h(exists)g(an)f(e\016cient)h
FB(\(univ)o(ersal\))g Fv(subr)n(outine-c)n(al)r(ling)f(algorithm)h
Fx(U)22 b Fv(so)17 b(that)h(for)f(every)g(fe)n(a-)0 1503
y(sible)f(str)n(ate)n(gy)g Fx(B)306 1486 y Fl(\003)326
1503 y Fv(,)h(the)g(pr)n(ob)n(ability)g(ensembles)e Fn(f)p
FB(\()p Fx(A;)8 b(B)997 1486 y Fl(\003)1015 1503 y FB(\)\()p
Fx(x)p FB(\))p Fn(g)1118 1510 y Fk(x)p Fl(2)p Fk(S)1199
1503 y Fv(and)17 b Fn(f)p Fx(U)1347 1486 y Fk(B)1373
1474 y Ff(\003)1392 1503 y FB(\()p Fx(x)p FB(\))p Fn(g)1477
1510 y Fk(x)p Fl(2)p Fk(S)1559 1503 y Fv(ar)n(e)f(c)n(omputational)r
(ly)0 1559 y(indistinguishable,)f(wher)n(e)h Fx(U)522
1543 y Fk(B)548 1530 y Ff(\003)584 1559 y Fv(is)g(algorithm)h
Fx(U)k Fv(using)16 b(str)n(ate)n(gy)g Fx(B)1212 1543
y Fl(\003)1248 1559 y Fv(as)g(a)g(subr)n(outine.)0 1666
y FB(Note)e(that)f(the)i(running)g(time)g(of)e Fx(U)641
1649 y Fk(B)667 1636 y Ff(\003)701 1666 y FB(is)i(at)f(most)f(the)h
(running-time)i(of)e Fx(U)19 b FB(times)c(the)f(running-time)i(of)e
Fx(B)1918 1649 y Fl(\003)1937 1666 y FB(.)0 1722 y(Actually)l(,)21
b(the)e(\014rst)f(term)g(ma)o(y)h(b)q(e)g(replaced)h(b)o(y)f(the)g(n)o
(um)o(b)q(er)g(of)f(times)i Fx(U)j FB(in)o(v)o(ok)o(es)c(the)g
(subroutine.)32 b(All)0 1778 y(kno)o(wn)15 b(zero-kno)o(wledge)h(pro)q
(ofs)e(are)h(in)h(fact)f(blac)o(k-b)q(o)o(x)h(zero-kno)o(wledge.)0
1898 y Fz(A)24 b(general)i(plausibilit)o(y)h(result)d([97]:)45
b FB(Assuming)22 b(the)g(existence)g(of)f(commitmen)o(t)h(sc)o(hemes,)h
(there)0 1955 y(exist)c(\(blac)o(k-b)q(o)o(x\))f(zero-kno)o(wledge)h
(pro)q(ofs)f(for)g(mem)o(b)q(ership)i(in)f(an)o(y)f(NP-language.)1558
1938 y Ft(7)1607 1955 y FB(F)l(urthermore,)g(the)0 2011
y(prescrib)q(ed)k(pro)o(v)o(er)d(strategy)g(is)i(e\016cien)o(t)g(pro)o
(vided)g(it)f(is)h(giv)o(en)g(an)f(NP-witness)h(to)e(the)i(assertion)f
(to)f(b)q(e)0 2068 y(pro)o(v)o(en.)28 b(This)19 b(mak)o(es)f(zero-kno)o
(wledge)g(a)g(v)o(ery)g(p)q(o)o(w)o(erful)g(to)q(ol)g(in)h(the)g
(design)g(of)e(cryptographic)i(sc)o(hemes)0 2124 y(and)c(proto)q(cols.)
0 2244 y Fz(Zero-kno)o(wledge)k(as)h(a)g(to)q(ol:)47
b FB(In)18 b(a)f(t)o(ypical)h(cryptographic)f(setting,)h(a)e(user,)i
(referred)f(to)g(as)g Fx(A)p FB(,)g(has)g(a)0 2301 y(secret)f(and)g(is)
h(supp)q(osed)g(to)e(tak)o(e)g(some)h(steps)g(dep)q(ending)i(on)e(its)g
(secret.)22 b(The)17 b(question)f(is)h(ho)o(w)e(can)h(other)0
2357 y(users)j(v)o(erify)g(that)g Fx(A)g FB(indeed)i(to)q(ok)d(the)h
(correct)g(steps)g(\(as)g(determined)h(b)o(y)f Fx(A)p
FB('s)g(secret)g(and)g(the)g(publicly)0 2414 y(kno)o(wn)h
(information\).)35 b(Indeed,)23 b(if)e Fx(A)f FB(discloses)i(its)e
(secret)h(then)f(an)o(yb)q(o)q(dy)h(can)f(v)o(erify)h(that)f(it)g(to)q
(ok)g(the)0 2470 y(correct)g(steps.)36 b(Ho)o(w)o(ev)o(er,)20
b Fx(A)h FB(do)q(es)g(not)f(w)o(an)o(t)g(to)f(rev)o(eal)i(its)g
(secret.)36 b(Using)21 b(zero-kno)o(wledge)g(pro)q(ofs)f(w)o(e)p
0 2510 780 2 v 52 2537 a Fs(7)81 2553 y FD(NP)11 b(is)i(the)e(class)i
(of)f(languages)i(ha)o(ving)f(e\016cien)o(tly)h(v)o(eri\014able)g
(\(and)e(short\))g(pro)q(ofs)h(of)e(mem)o(b)q(ership.)18
b(That)12 b(is,)g Fj(L)g FD(is)h(in)f(NP)g(if)0 2598
y(there)h(exists)h(a)f(p)q(olynomial-ti)q(me)j(recognizable)f(binary)g
(relation)f Fj(R)1029 2602 y Fe(L)1065 2598 y FD(and)g(a)f(p)q
(olynomial)j Fj(`)c FD(so)h(that)g Fj(x)e Fi(2)f Fj(L)j
FD(if)g(and)g(only)i(if)e(there)0 2644 y(exists)h Fj(y)g
FD(so)f(that)g Fi(j)p Fj(y)q Fi(j)e(\024)f Fj(`)p FD(\()p
Fi(j)p Fj(x)p Fi(j)p FD(\))i(and)h(\()p Fj(x;)6 b(y)q
FD(\))11 b Fi(2)f Fj(R)703 2648 y Fe(L)727 2644 y FD(.)952
2795 y FB(11)p eop
%%Page: 12 13
12 12 bop 158 51 1635 2 v 158 864 2 813 v 187 125 a Fd(univ)o(ersal)14
b(parameter:)25 b FD(A)12 b(comp)q(osite)j Fj(N)t FD(,)d(pro)q(duct)i
(of)f(t)o(w)o(o)f(\(secret\))h(primes.)187 187 y Fd(priv)n(ate-k)o(ey)
23 b FD(\(of)13 b(user)g Fc(u)p FD(\):)k(A)12 b(uniformly)j(c)o(hosen)f
Fj(x)992 191 y Fb(u)1020 187 y Fi(2)c(f)p FD(1)p Fj(;)d(:::;)e(N)t
Fi(g)p FD(.)187 250 y Fd(public-k)o(ey:)20 b FD(\(of)13
b(user)h Fc(u)p FD(\):)i Fj(y)645 254 y Fb(u)673 250
y FD(=)11 b Fj(x)736 234 y Fs(2)736 256 y Fb(u)763 250
y FD(mo)q(d)h Fj(N)s FD(.)187 312 y Fd(proto)q(col)22
b FD(for)13 b(user)g Fc(u)g FD(to)g(inden)o(tify)i(itself.)44
b(\(basic)14 b(v)o(ersion\))348 388 y(1.)23 b(Pro)o(v)o(er)13
b(uniformly)i(select)f Fj(r)e Fi(2)e(f)p FD(1)p Fj(;)d(:::;)e(N)t
Fi(g)p FD(,)12 b(and)i(sends)g Fj(s)1257 366 y Fs(def)1263
388 y FD(=)j Fj(r)1328 372 y Fs(2)1356 388 y FD(mo)q(d)12
b Fj(N)k FD(to)d(the)g(v)o(eri\014er.)348 442 y(2.)23
b(The)13 b(v)o(eri\014er)h(uniformly)h(select)f(a)f(c)o(hallenge)i
Fj(\033)d Fi(2)e(f)p FD(0)p Fj(;)d FD(1)p Fi(g)p FD(,)13
b(and)g(sends)h(it)f(to)g(the)h(pro)o(v)o(er.)348 508
y(3.)23 b(Pro)o(v)o(er)13 b(replies)i(with)e Fj(z)762
486 y Fs(def)768 508 y FD(=)j Fj(r)10 b Fi(\001)e Fj(x)882
492 y Fe(\033)882 515 y Fb(u)914 508 y FD(mo)q(d)j Fj(N)t
FD(.)348 562 y(4.)23 b(The)13 b(v)o(eri\014er)h(accepts)g(if)f(and)g
(only)i(if)e Fj(z)992 546 y Fs(2)1019 562 y Fi(\021)e
Fj(s)d Fi(\001)g Fj(y)1125 546 y Fe(\033)1124 569 y Fb(u)1185
562 y FD(\(mo)q(d)13 b Fj(N)t FD(\).)187 648 y(The)k(ab)q(o)o(v)o(e)h
(proto)q(col)h(is)f(a)f(zero-kno)o(wledge)i(pro)q(of)f(of)f(kno)o
(wledge)i(of)e(a)g(mo)q(dular)i(square)f(ro)q(ot)f(of)g
Fj(y)1750 652 y Fb(u)1767 648 y FD(.)187 693 y(Since)d
Fc(u)e FD(is)i(supp)q(osedly)h(the)e(only)h(part)o(y)f(kno)o(wing)h
(the)f(square)h(ro)q(ot)f(of)f Fj(y)1291 697 y Fb(u)1308
693 y FD(,)h(succeeding)h(in)g(this)f(proto)q(col)187
739 y(is)g(tak)o(en)g(as)g(evidence)h(that)e(the)h(pro)o(v)o(er)g(is)g
Fc(u)p FD(.)j(The)d(zero-kno)o(wledge)h(claus)f(guaran)o(tees)h(that)f
(in)o(teracting)187 785 y(with)i Fc(u)e FD(according)j(to)e(the)h
(proto)q(col,)g(do)q(es)g(not)f(leak)h(kno)o(wledge)h(whic)o(h)f(ma)o
(y)f(b)q(e)g(used)h(to)f(imp)q(ersonate)187 830 y Fc(u)p
FD(.)j(F)m(or)c(more)g(details)i(see)e([105,)f(79)q(,)g(72)q(].)p
1790 864 V 158 866 1635 2 v 283 996 a FB(Figure)j(1:)20
b(The)15 b(Fiat{Shamir)g(Iden)o(ti\014cation)i(Sc)o(heme)f([79)o(])f({)
g(basic)g(v)o(ersion.)0 1132 y(can)20 b(satisfy)g(b)q(oth)h
(con\015icting)g(requiremen)o(ts.)36 b(That)19 b(is,)j
Fx(A)e FB(can)g(pro)o(v)o(e)g(in)h(zero-kno)o(wledge)g(that)e(it)i(to)q
(ok)0 1188 y(the)d(correct)g(steps.)30 b(Note)18 b(that)f
Fx(A)p FB('s)h(claim)h(to)f(ha)o(ving)h(tak)o(en)f(the)g(correct)g
(steps)g(is)h(an)f(NP-assertion)h(and)0 1244 y(that)c
Fx(A)h FB(has)f(an)h(NP-witness)g(to)f(its)g(v)m(alidit)o(y)j(\(i.e.,)d
(its)g(secret!\).)21 b(Th)o(us,)15 b(b)o(y)h(the)f(ab)q(o)o(v)o(e)g
(result,)h(it)g(is)g(p)q(ossible)0 1301 y(for)g Fx(A)g
FB(to)g(e\016cien)o(tly)i(pro)o(v)o(e)e(the)g(correctness)h(of)f(its)g
(actions)h(without)f(yielding)j(an)o(ything)d(ab)q(out)h(its)f(secret.)
0 1357 y(\(Ho)o(w)o(ev)o(er,)10 b(in)i(practice)f(one)g(ma)o(y)g(w)o
(an)o(t)e(to)i(design)g(a)g(sp)q(eci\014c)i(zero-kno)o(wledge)e(pro)q
(of,)g(tailored)h(to)e(the)h(sp)q(eci\014c)0 1414 y(application)19
b(and)e(so)g(b)q(eing)h(more)f(e\016cien)o(t,)g(rather)g(than)g(in)o(v)
o(oking)h(the)f(general)g(result)h(ab)q(o)o(v)o(e.)25
b(Th)o(us,)17 b(the)0 1470 y(dev)o(elopmen)o(t)g(of)e(tec)o(hniques)i
(for)f(the)g(construction)g(of)f(e\016cien)o(t)i(zero-kno)o(wledge)g
(pro)q(of)e(systems)h(is)g(still)h(of)0 1527 y(in)o(terest)e({)g(see,)g
(for)g(example,)g([94,)f(33,)h(74)o(,)g(118)o(,)g(57)o(,)g(52)o(,)g
(143)o(,)g(158)o(,)g(101)o(].\))0 1648 y Fy(4.2)56 b(Some)17
b(V)-5 b(arian)n(ts)0 1734 y Fz(P)o(erfect)18 b(zero-kno)o(wledge)g
(argumen)o(ts:)44 b FB(This)16 b(term)g(captures)g(t)o(w)o(o)e
(deviations)j(from)f(the)g(ab)q(o)o(v)o(e)f(de\014-)0
1791 y(nition;)j(the)f(\014rst)f(b)q(eing)i(a)e(strengthening)i(and)e
(the)h(second)g(b)q(eing)h(a)f(w)o(eak)o(ening.)24 b(P)o(erfect)16
b(zero-kno)o(wledge)0 1847 y(strategies)f(are)g(suc)o(h)h(for)f(whic)o
(h)h(the)g(ensem)o(bles)g(in)h(De\014nition)f(5)f(are)h(iden)o(tically)
i(distributed)f(\(rather)d(than)0 1904 y(computationally)20
b(indistinguishabl)q(e\).)35 b(This)20 b(means)f(that)f(the)i(zero-kno)
o(wledge)g(clause)g(holds)g(regardless)0 1960 y(of)e(the)g
(computational)h(abilities)i(of)c(the)i(adv)o(ersary)l(.)29
b(Ho)o(w)o(ev)o(er,)17 b Fv(ar)n(guments)h FB(\(ak)m(a)g
Fv(c)n(omputational)r(ly)i(sound)0 2017 y(pr)n(o)n(ofs)p
FB(\))d(di\013er)h(from)e(in)o(teractiv)o(e)i(pro)q(ofs)f(in)i(ha)o
(ving)e(a)g(w)o(eak)o(er)g(soundness)h(clause:)25 b(it)18
b(is)g(infeasible)i(\(rather)0 2073 y(than)11 b(imp)q(ossible\))i(to)d
(fo)q(ol)i(the)f(v)o(eri\014er)g(to)g(accept)g(false)g(assertion)g
(\(except)g(with)h(negligible)i(probabilit)o(y\))e([31)o(].)0
2129 y(P)o(erfect)j(zero-kno)o(wledge)h(argumen)o(ts)e(for)g(NP)i(w)o
(ere)f(constructed)g(using)h(an)o(y)f(one-w)o(a)o(y)f(p)q(erm)o
(utation)h([135)o(].)0 2250 y Fz(Non-In)o(teractiv)o(e)21
b(zero-kno)o(wledge)g(pro)q(ofs)g([24,)f(73]:)45 b FB(Here)18
b(the)g(in)o(teraction)h(b)q(et)o(w)o(een)f(the)h(pro)o(v)o(er)0
2306 y(and)i(the)h(v)o(eri\014er)f(consists)h(of)f(the)g(pro)o(v)o(er)f
(sending)j(a)d(single)j(message)e(to)f(the)h(v)o(eri\014er)h(\(as)f(in)
h(\\classical)0 2362 y(pro)q(ofs"\).)17 b(In)12 b(addition,)h(b)q(oth)e
(pla)o(y)o(ers)g(ha)o(v)o(e)f(access)i(to)e(a)h(\\random)f(reference)i
(string")f(whic)o(h)g(is)h(p)q(ostulated)g(to)0 2419
y(b)q(e)g(uniformly)g(selected.)20 b(Non-in)o(teractiv)o(e)12
b(zero-kno)o(wledge)g(pro)q(ofs)f(are)g(useful)i(in)f(applications)h
(where)f(one)f(of)0 2475 y(the)g(parties)g(ma)o(y)g(b)q(e)g(trusted)g
(to)f(select)i(the)f(ab)q(o)o(v)o(emen)o(tioned)h(reference)f(string)g
(\(e.g.,)f(see)i(Section)g(5.3\).)17 b(Non-)0 2532 y(in)o(teractiv)o(e)
12 b(zero-kno)o(wledge)h(argumen)o(ts)e(for)g(NP)h(w)o(ere)g
(constructed)g(using)g(an)o(y)g(trap)q(do)q(or)f(p)q(erm)o(utation)h
([73)o(,)0 2588 y(119)o(].)952 2795 y(12)p eop
%%Page: 13 14
13 13 bop 0 42 a Fz(Zero-kno)o(wledge)22 b(pro)q(ofs)g(of)g(kno)o
(wledge)f([105,)h(79,)g(5]:)44 b FB(Lo)q(osely)20 b(sp)q(eaking,)h(a)e
(system)g(for)f(pro)q(ofs)0 98 y(of)e(kno)o(wledge)h(guaran)o(tees)e
(that)h(whenev)o(er)g(the)h(v)o(eri\014er)f(is)h(con)o(vinced)h(that)d
(the)i(pro)o(v)o(er)e(kno)o(ws)h Fx(X)t FB(,)f(this)i
Fx(X)0 154 y FB(can)c(b)q(e)h(e\016cien)o(tly)g(extracted)f(from)f(the)
h(pro)o(v)o(er's)f(strategy)l(.)18 b(One)c(natural)f(application)h(of)f
(\(zero-kno)o(wledge\))0 211 y(pro)q(ofs)18 b(of)g(kno)o(wledge)g(is)h
(for)f Fv(identi\014c)n(ation)f FB([79)o(,)h(72)o(].)29
b(Figure)18 b(1)g(depicts)h(the)g(Fiat-Shamir)f(Iden)o(ti\014cation)0
267 y(Sc)o(heme)j([79)o(])g(\(whic)o(h)g(is)g(based)g(on)g(the)g(Goldw)
o(asser-Micali-Rac)o(k)o(o\013)g(zero-kno)o(wledge)g(pro)q(of)f(system)
h(for)0 324 y(Quadratic)16 b(Residuosit)o(y)g([105)o(]\).)0
444 y Fz(Relaxations)d(of)f(Zero-kno)o(wledge:)45 b FB(Imp)q(ortan)o(t)
9 b(relaxations)i(of)e(zero-kno)o(wledge)i(w)o(ere)f(presen)o(ted)h(in)
g([75)o(].)0 500 y(Sp)q(eci\014cally)l(,)21 b(in)d Fv(witness)f
(indistinguishable)f FB(pro)q(ofs)h(it)g(is)h(infeasible)h(to)e(tell)h
(whic)o(h)g(NP-witness)g(to)f(the)g(as-)0 557 y(sertion)e(the)g(pro)o
(v)o(er)f(is)h(using.)21 b(Unlik)o(e)16 b(zero-kno)o(wledge)g(pro)q
(ofs,)e(this)h(notion)g(is)g(closed)h(under)g(parallel)g(com-)0
613 y(p)q(osition.)29 b(F)l(urthermore,)18 b(this)g(relaxation)h
(su\016ces)f(for)f(some)h(applications)h(in)g(whic)o(h)g(one)f(ma)o(y)f
(originally)0 670 y(think)f(of)f(using)h(zero-kno)o(wledge)f(pro)q
(ofs.)952 2795 y(13)p eop
%%Page: 14 15
14 14 bop 0 42 a FA(P)n(art)23 b(I)r(I)0 145 y Fq(Basic)33
b(Utiliti)q(es)0 279 y FA(5)67 b(Encryption)0 380 y FB(Both)19
b(Priv)m(ate-Key)h(and)g(Public-Key)i(encryption)e(sc)o(hemes)f
(consists)h(of)f(three)g(e\016cien)o(t)h(algorithms:)28
b Fv(key)0 437 y(gener)n(ation)p FB(,)19 b Fv(encryption)g
FB(and)h Fv(de)n(cryption)p FB(.)32 b(The)20 b(di\013erence)h(b)q(et)o
(w)o(een)e(the)h(t)o(w)o(o)e(t)o(yp)q(es)i(is)f(re\015ected)i(in)f(the)
0 493 y(de\014nition)f(of)e(securit)o(y)h({)f(the)h(securit)o(y)f(of)g
(a)g(public-k)o(ey)j(encryption)e(sc)o(heme)g(should)g(hold)h(also)e
(when)h(the)0 550 y(adv)o(ersary)10 b(is)h(giv)o(en)g(the)f(encryption)
h(k)o(ey)l(,)h(whereas)e(this)h(is)g(not)f(required)h(for)f(priv)m
(ate-k)o(ey)i(encryption)f(sc)o(heme.)0 606 y(Th)o(us,)17
b(public-k)o(ey)j(encryption)e(sc)o(hemes)f(allo)o(w)h(eac)o(h)f(user)g
(to)g(broadcast)f(its)i(encryption)g(k)o(ey)f(so)g(that)f(an)o(y)0
662 y(user)i(ma)o(y)f(send)h(it)g(encrypted)g(messages)f(\(without)g
(needing)i(to)e(\014rst)h(agree)f(on)g(a)h(priv)m(ate)g(encryption-k)o
(ey)0 719 y(with)13 b(the)f(receiv)o(er\).)19 b(Belo)o(w)13
b(w)o(e)e(presen)o(t)i(de\014nitions)h(of)d(securit)o(y)i(for)e(priv)m
(ate-k)o(ey)i(encryption)h(sc)o(hemes.)19 b(The)0 775
y(public-k)o(ey)e(analogies)f(can)f(b)q(e)g(easily)h(deriv)o(ed)g(b)o
(y)f(considering)h(adv)o(ersaries)f(whic)o(h)h(get)e(the)h(encryption)h
(k)o(ey)0 832 y(as)c(additional)h(input.)20 b(\(F)l(or)11
b(priv)m(ate-k)o(ey)i(encryption)g(sc)o(hemes)f(w)o(e)g(ma)o(y)f
(assume,)h(without)g(loss)g(of)g(generalit)o(y)l(,)0
888 y(that)i(the)i(encryption)g(k)o(ey)f(is)h(iden)o(tical)h(to)d(the)i
(decryption)g(k)o(ey)l(.\))0 1010 y Fy(5.1)56 b(De\014nitions)0
1096 y FB(F)l(or)16 b(simplicit)o(y)j(w)o(e)e(consider)h(only)f(the)g
(encryption)h(of)f(a)f(single)i(message;)f(ho)o(w)o(ev)o(er)f(this)i
(message)e(ma)o(y)g(b)q(e)0 1152 y(longer)c(than)f(the)g(k)o(ey)g
(\(whic)o(h)h(rules)g(out)f(information-theoretic)g(secrecy)h([160)o
(]\).)18 b(W)l(e)11 b(presen)o(t)g(t)o(w)o(o)f(equiv)m(alen)o(t)0
1209 y(de\014nitions)k(of)e(securit)o(y)l(.)20 b(The)12
b(\014rst,)g(called)i Fv(semantic)f(se)n(curity)p FB(,)g(is)g(a)f
(computational)g(analogue)h(of)f(Shannon's)0 1265 y(de\014nition)i(of)e
Fv(p)n(erfe)n(ct)h(se)n(cr)n(e)n(cy)d FB([160)o(].)19
b(The)12 b(second)h(de\014nition)h(views)e(secure)h(encryption)g(sc)o
(hemes)g(as)e(ones)i(for)0 1322 y(whic)o(h)i(it)g(is)g(infeasible)i(to)
d(distinguish)j(encryptions)f(of)e(an)o(y)g(\(kno)o(wn\))g(pair)h(of)f
(messages)g(\(e.g.,)f(the)i(all-zeros)0 1378 y(message)f(and)g(the)g
(all-ones)h(message\).)k(The)14 b(latter)g(de\014nition)i(is)f(tec)o
(hnical)g(in)g(nature)f(and)g(is)h(referred)f(to)f(as)0
1435 y Fv(indistinguishability)i(of)h(encryptions)p FB(.)71
1491 y(W)l(e)j(stress)h(that)f(the)h(de\014nitions)h(presen)o(ted)f(b)q
(elo)o(w)h(go)e(w)o(a)o(y)g(b)q(ey)o(ond)h(sa)o(ying)g(that)f(it)h(is)h
(infeasible)h(to)0 1547 y(reco)o(v)o(er)17 b(the)g(plain)o(text)i(from)
d(the)i(ciphertext.)28 b(The)17 b(latter)g(statemen)o(t)g(is)h(indeed)h
(a)e(minimal)i(requiremen)o(t)0 1604 y(from)10 b(a)h(secure)h
(encryption)g(sc)o(heme,)g(but)f(w)o(e)g(claim)h(that)e(it)i(is)f(w)o
(a)o(y)f(to)q(o)h(w)o(eak)f(a)h(requiremen)o(t:)19 b(An)11
b(encryption)0 1660 y(sc)o(heme)h(is)g(t)o(ypically)h(used)f(in)g
(applications)h(where)e(obtaining)i(sp)q(eci\014c)g(partial)f
(information)f(on)h(the)f(plain)o(text)0 1717 y(endangers)16
b(the)g(securit)o(y)g(of)g(the)g(application.)23 b(When)17
b(designing)g(an)f(application-indep)r(ende)q(n)o(t)i(encryption)0
1773 y(sc)o(heme,)24 b(w)o(e)f(do)f(not)g(kno)o(w)g(whic)o(h)i(partial)
f(information)g(endangers)g(the)f(application)i(and)f(whic)o(h)h(do)q
(es)0 1830 y(not.)c(F)l(urthermore,)15 b(ev)o(en)h(if)g(one)f(w)o(an)o
(ts)f(to)h(design)i(an)e(encryption)h(sc)o(heme)g(tailored)g(to)f
(one's)g(o)o(wn)g(sp)q(eci\014c)0 1886 y(applications,)f(it)e(is)h
(rare)e(\(to)g(sa)o(y)g(the)h(least\))g(that)f(one)i(has)e(a)h(precise)
h(c)o(haracterization)f(of)g(all)h(p)q(ossible)h(partial)0
1943 y(information)20 b(whic)o(h)h(endanger)g(these)f(applications.)36
b(Th)o(us,)21 b(w)o(e)f(require)h(that)e(it)h(is)h(infeasible)h(to)e
(obtain)0 1999 y(an)o(y)e(information)g(ab)q(out)g(the)g(plain)o(text)h
(from)e(the)i(ciphertext.)29 b(F)l(urthermore,)18 b(in)h(most)e
(applications)j(the)0 2056 y(plain)o(text)c(ma)o(y)f(not)g(b)q(e)h
(uniformly)g(distributed)h(and)e(some)g(a-priori)h(information)g
(regarding)f(it)g(is)h(a)o(v)m(ailable)0 2112 y(to)h(the)h(adv)o
(ersary)l(.)26 b(W)l(e)18 b(require)h(that)e(the)g(secrecy)i(of)e(all)h
(partial)g(information)g(is)g(preserv)o(ed)g(also)g(in)h(suc)o(h)0
2168 y(a)c(case.)22 b(That)15 b(is,)h(ev)o(en)g(in)h(presence)f(of)g
(a-priori)g(information)g(on)f(the)h(plain)o(text,)g(it)g(is)h
(infeasible)h(to)d(obtain)0 2225 y(an)o(y)h(\(new\))f(information)h(ab)
q(out)g(the)g(plain)o(text)g(from)g(the)g(ciphertext)g(\(b)q(ey)o(ond)g
(what)g(is)g(feasible)h(to)f(obtain)0 2281 y(from)g(the)g(a-priori)h
(information)g(on)f(the)g(plain)o(text\).)24 b(The)17
b(de\014nition)h(of)e(seman)o(tic)h(securit)o(y)f(p)q(ostulates)h(all)0
2338 y(of)f(this.)26 b(The)17 b(equiv)m(alen)o(t)i(de\014nition)f(of)f
(indistinguishabil)q(i)q(t)o(y)i(of)d(encryptions)i(is)g(useful)g(in)f
(demonstrating)0 2394 y(the)h(securit)o(y)g(of)g(candidate)h
(constructions)f(as)g(w)o(ell)h(as)e(for)g(arguing)i(ab)q(out)e(their)i
(usage)f(as)f(part)h(of)f(larger)0 2451 y(proto)q(cols.)0
2571 y Fz(The)i(actual)i(de\014nitions:)46 b FB(In)17
b(b)q(oth)f(de\014nitions)i(w)o(e)e(consider)h(\(feasible\))g(adv)o
(ersaries)g(whic)o(h)g(obtain,)f(in)0 2627 y(addition)e(to)e(the)g
(ciphertext,)i(also)f(auxiliary)g(information)g(whic)o(h)h(ma)o(y)e
(dep)q(end)i(on)e(the)h(p)q(oten)o(tial)g(plain)o(texts)952
2795 y(14)p eop
%%Page: 15 16
15 15 bop 0 42 a FB(\(but)19 b(not)f(on)h(the)g(k)o(ey\).)31
b(By)19 b Fx(E)s FB(\()p Fx(x)p FB(\))e(w)o(e)i(denote)g(the)g
(distribution)h(of)f(encryptions)g(of)g Fx(x)p FB(,)g(when)h(the)f(k)o
(ey)f(is)0 98 y(selected)d(at)e(random.)19 b(T)l(o)13
b(simplify)i(the)f(exp)q(osition,)h(let)f(us)g(assume)f(that)g(on)h
(securit)o(y)g(parameter)f Fx(n)g FB(the)h(k)o(ey)0 154
y(generation)j(pro)q(duces)h(a)e(k)o(ey)h(of)f(length)i
Fx(n)p FB(,)f(whereas)f(the)h(sc)o(heme)h(is)f(used)g(to)f(encrypt)i
(messages)e(of)g(length)0 211 y Fx(n)27 194 y Ft(2)46
211 y FB(.)0 307 y Fz(De\014nition)j(7)k FB(\(seman)o(tic)14
b(securit)o(y)h(\(follo)o(wing)h([104)n(]\)\):)k Fv(A)o(n)15
b(encryption)g(scheme)g(is)h Fu(semantically)c(secure)17
b Fv(if)0 364 y(for)h(every)f(fe)n(asible)f(algorithm,)i
Fx(A)p Fv(,)f(ther)n(e)g(exists)g(a)g(fe)n(asible)f(algorithm)i
Fx(B)i Fv(so)d(that)g(for)h(every)f(two)h(functions)0
420 y Fx(f)r(;)8 b(h)22 b FB(:)f Fn(f)p FB(0)p Fx(;)8
b FB(1)p Fn(g)240 403 y Fl(\003)272 420 y Fn(7!)14 b(f)p
FB(0)p Fx(;)8 b FB(1)p Fn(g)444 403 y Fl(\003)483 420
y Fv(and)21 b(al)r(l)g(se)n(quenc)n(es)f(of)h(p)n(airs,)i
FB(\()p Fx(X)1102 427 y Fk(n)1124 420 y Fx(;)8 b(z)1166
427 y Fk(n)1188 420 y FB(\))1206 428 y Fk(n)p Fl(2)p
Fh(N)1275 420 y Fv(,)23 b(wher)n(e)e Fx(X)1483 427 y
Fk(n)1527 420 y Fv(is)g(a)g(r)n(andom)h(variable)0 476
y(r)n(anging)15 b(over)i Fn(f)p FB(0)p Fx(;)8 b FB(1)p
Fn(g)377 460 y Fk(n)398 447 y Fm(2)430 476 y Fv(and)16
b Fn(j)p Fx(z)552 483 y Fk(n)574 476 y Fn(j)g Fv(is)g(of)h(fe)n(asible)
e FB(\(in)g Fx(n)p FB(\))i Fv(length,)287 570 y FB(Pr\()p
Fx(A)p FB(\()p Fx(E)s FB(\()p Fx(X)499 577 y Fk(n)519
570 y FB(\))p Fx(;)8 b(h)p FB(\()p Fx(X)640 577 y Fk(n)661
570 y FB(\))p Fx(;)g(z)721 577 y Fk(n)743 570 y FB(\))d(=)g
Fx(f)g FB(\()p Fx(X)889 577 y Fk(n)911 570 y FB(\)\))12
b Fx(<)h FB(Pr\()p Fx(B)r FB(\()p Fx(h)p FB(\()p Fx(X)1210
577 y Fk(n)1232 570 y FB(\))p Fx(;)8 b(z)1292 577 y Fk(n)1314
570 y FB(\))d(=)g Fx(f)g FB(\()p Fx(X)1460 577 y Fk(n)1482
570 y FB(\)\))k(+)i Fx(\026)p FB(\()p Fx(n)p FB(\))0
663 y Fv(wher)n(e)16 b Fx(\026)h Fv(is)f(a)g(ne)n(gligible)e(function.)
21 b(F)m(urthermor)n(e,)16 b(the)h(c)n(omplexity)f(of)h
Fx(B)i Fv(should)d(b)n(e)g(r)n(elate)n(d)g(to)g(that)h(of)g
Fx(A)p Fv(.)0 760 y FB(What)i(this)h(de\014nition)i(sa)o(ys)d(is)i
(that)e(a)g(feasible)i(adv)o(ersary)e(do)q(es)i(not)e(gain)h(an)o
(ything)g(b)o(y)g(lo)q(oking)h(at)e(the)0 816 y(ciphertext.)28
b(That)17 b(is,)h(whatev)o(er)f(information)g(\(captured)h(b)o(y)f(the)
h(function)g Fx(f)5 b FB(\))18 b(it)f(tries)h(to)f(compute)h(from)0
873 y(the)h(ciphertext,)h(can)f(b)q(e)h(essen)o(tially)g(computed)f(as)
g(e\016cien)o(tly)h(from)e(the)h(a)o(v)m(ailable)h(a-priori)g
(information)0 929 y(\(captured)d(b)o(y)g(the)g(function)h
Fx(h)p FB(\).)25 b(In)17 b(particular,)h(the)f(ciphertext)h(do)q(es)f
(not)g(help)h(in)g(\(feasibly\))f(computing)0 985 y(the)j(least)f
(signi\014can)o(t)i(bit)f(of)f(the)h(plain)o(text)h(or)e(an)o(y)g
(other)g(information)h(regarding)g(the)f(plain)o(text.)34
b(This)0 1042 y(holds)16 b(for)f(an)o(y)f(distribution)j(of)e(plain)o
(texts)h(\(captured)f(b)o(y)g(the)g(random)g(v)m(ariable)i
Fx(X)1508 1049 y Fk(n)1530 1042 y FB(\).)0 1138 y Fz(De\014nition)i(8)k
FB(\(indistinguishabil)q(i)q(t)o(y)16 b(of)d(encryptions)h(\(follo)o
(wing)h([104)n(]\)\):)k Fv(A)o(n)14 b(encryption)h(scheme)g(has)g
Fu(in-)0 1195 y(distinguishable)e(encryptions)g Fv(if)f(for)g(every)f
(fe)n(asible)g(algorithm,)i Fx(A)p Fv(,)f(and)g(al)r(l)f(se)n(quenc)n
(es)f(of)i(triples,)g FB(\()p Fx(x)1749 1202 y Fk(n)1771
1195 y Fx(;)c(y)1814 1202 y Fk(n)1836 1195 y Fx(;)g(z)1878
1202 y Fk(n)1900 1195 y FB(\))1918 1203 y Fk(n)p Fl(2)p
Fh(N)1988 1195 y Fv(,)0 1251 y(wher)n(e)16 b Fn(j)p Fx(x)167
1258 y Fk(n)190 1251 y Fn(j)c FB(=)h Fn(j)p Fx(y)298
1258 y Fk(n)320 1251 y Fn(j)g FB(=)g Fx(n)421 1235 y
Ft(2)456 1251 y Fv(and)j Fn(j)p Fx(z)578 1258 y Fk(n)600
1251 y Fn(j)g Fv(is)g(of)g(fe)n(asible)f FB(\(in)h Fx(n)p
FB(\))g Fv(length,)g(the)g(di\013er)n(enc)n(e)439 1353
y Fx(d)463 1360 y Fk(A)489 1353 y FB(\()p Fx(n)p FB(\))565
1328 y Ft(def)570 1353 y FB(=)i Fn(j)p FB(Pr)o(\()p Fx(A)p
FB(\()p Fx(E)s FB(\()p Fx(x)835 1360 y Fk(n)856 1353
y FB(\))p Fx(;)8 b(z)916 1360 y Fk(n)938 1353 y FB(\))d(=)g(1\))k
Fn(\000)i FB(Pr\()p Fx(A)p FB(\()p Fx(E)s FB(\()p Fx(y)1293
1360 y Fk(n)1314 1353 y FB(\))p Fx(;)d(z)1374 1360 y
Fk(n)1395 1353 y FB(\))d(=)g(1\))p Fn(j)0 1446 y Fv(is)16
b(a)g(ne)n(gligible)e(function)i(in)g Fx(n)p Fv(.)0 1543
y FB(In)e(particular,)h Fx(z)298 1550 y Fk(n)334 1543
y FB(ma)o(y)e(equal)h(\()p Fx(x)593 1550 y Fk(n)616 1543
y Fx(;)8 b(y)659 1550 y Fk(n)681 1543 y FB(\).)19 b(Th)o(us,)13
b(it)h(is)g(infeasible)i(to)e(distinguish)h(the)f(encryptions)h(of)e
(an)o(y)g(t)o(w)o(o)0 1599 y(\014x)i(messages)g(suc)o(h)h(as)e(the)i
(all-zero)g(message)f(and)g(the)g(all-ones)i(message.)0
1718 y Fz(Probabilistic)24 b(Encryption:)45 b FB(It)19
b(is)g(easy)g(to)f(see)h(that)f(a)g(secure)h Fv(public-key)g
FB(encryption)h(sc)o(heme)f(m)o(ust)0 1774 y(emplo)o(y)g(a)f
(probabilistic)j(\(i.e.,)e(randomized\))g(encryption)g(algorithm.)30
b(Otherwise,)20 b(giv)o(en)f(the)g(encryption)0 1831
y(k)o(ey)d(as)f(\(additional\))i(input,)g(it)f(is)h(easy)e(to)h
(distinguish)i(the)e(encryption)h(of)e(the)h(all-zero)h(message)f(from)
f(the)0 1887 y(encryption)i(of)e(the)h(all-ones)h(message.)k(The)16
b(same)f(holds)h(for)g Fv(private-key)g FB(encryption)g(sc)o(hemes)g
(when)h(con-)0 1944 y(sidering)f(the)e(securit)o(y)g(of)g(encrypting)h
(sev)o(eral)g(messages)e(\(rather)h(than)g(a)g(single)h(message)f(as)g
(done)g(ab)q(o)o(v)o(e\).)1932 1927 y Ft(8)0 2000 y FB(This)22
b(explains)h(the)f(link)m(age)h(b)q(et)o(w)o(een)f(the)f(ab)q(o)o(v)o
(e)h(robust)f(securit)o(y)h(de\014nitions)h(and)f(the)f
Fv(r)n(andomization)0 2056 y(p)n(ar)n(adigm)16 b FB(\(discussed)g(b)q
(elo)o(w\).)0 2177 y Fy(5.2)56 b(Constructions)0 2263
y FB(It)14 b(is)h(common)f(practice)h(to)f(use)g(\\pseudorandom)g
(generators")f(as)h(a)g(basis)h(for)f(priv)m(ate-k)o(ey)h(stream)e
(ciphers.)0 2319 y(W)l(e)19 b(stress)f(that)g(this)i(is)f(a)g(v)o(ery)f
(dangerous)h(practice)h(when)f(the)g(\\pseudorandom)g(generator")e(is)j
(easy)f(to)0 2376 y(predict)24 b(\(suc)o(h)f(as)f(the)h(linear)h
(congruen)o(tial)f(generator)f(or)g(some)h(mo)q(di\014cations)h(of)e
(it)h(whic)o(h)h(output)e(a)0 2432 y(constan)o(t)f(fraction)h(of)f(the)
h(bits)h(of)e(eac)o(h)h(resulting)h(n)o(um)o(b)q(er)g({)e(see)h([28)o
(,)g(83)o(]\).)40 b(Ho)o(w)o(ev)o(er,)22 b(this)g(common)0
2488 y(practice)16 b(b)q(ecomes)g(sound)f(pro)o(vided)h(one)g(uses)f
(pseudorandom)h(generators)e(\(as)g(de\014ned)j(in)f(Section)g(3\).)k
(An)0 2545 y(alternativ)o(e,)15 b(more)g(\015exible)i(construction)f
(follo)o(ws.)p 0 2582 780 2 v 52 2608 a Fs(8)79 2624
y FD(Here,)10 b(for)g(example,)h(using)h(a)e(deterministic)i
(encryption)g(algorithm)g(allo)o(ws)f(the)g(adv)o(ersary)g(to)f
(distinguish)j(t)o(w)o(o)d(encryptions)0 2670 y(of)j(the)g(same)g
(message)h(from)e(the)i(encryptions)h(of)e(a)g(pair)h(of)e(di\013eren)o
(t)j(messages.)952 2795 y FB(15)p eop
%%Page: 16 17
16 16 bop 0 42 a Fz(Priv)m(ate-Key)12 b(Encryption)h(Sc)o(heme)e(based)
h(on)g(Pseudorandom)f(F)l(unctions:)46 b FB(The)10 b(k)o(ey)h
(generation)0 98 y(algorithm)19 b(consists)g(of)f(selecting)j(a)d
(seed,)i(denoted)f Fx(s)p FB(,)h(for)e(suc)o(h)i(a)e(function,)i
(denoted)g Fx(f)1626 105 y Fk(s)1644 98 y FB(.)31 b(T)l(o)18
b(encrypt)h(a)0 154 y(message)d Fx(x)e Fn(2)h(f)p FB(0)p
Fx(;)8 b FB(1)p Fn(g)374 138 y Fk(n)411 154 y FB(\(using)17
b(k)o(ey)f Fx(s)p FB(\),)g(the)g(encryption)i(algorithm)e(uniformly)h
(selects)g(a)f(string)g Fx(r)g Fn(2)e(f)p FB(0)p Fx(;)8
b FB(1)p Fn(g)1929 138 y Fk(n)0 211 y FB(and)21 b(pro)q(duces)i(the)e
(ciphertext)h(\()p Fx(r)o(;)8 b(x)k Fn(\010)j Fx(f)767
218 y Fk(s)785 211 y FB(\()p Fx(r)q FB(\)\).)37 b(T)l(o)21
b(decrypt)g(the)h(ciphertext)g(\()p Fx(r)o(;)8 b(y)r
FB(\))19 b(\(using)i(k)o(ey)h Fx(s)p FB(\),)g(the)0 267
y(decryption)f(algorithm)f(just)g(computes)g Fx(y)15
b Fn(\010)f Fx(f)853 274 y Fk(s)871 267 y FB(\()p Fx(r)q
FB(\).)33 b(The)21 b(pro)q(of)e(of)h(securit)o(y)g(of)g(this)h
(encryption)g(sc)o(heme)0 324 y(consists)15 b(of)g(t)o(w)o(o)f(steps)h
(\(suggested)g(as)g(a)g(general)g(metho)q(dology)h(in)g(Section)g(3\):)
56 418 y(1.)22 b(Pro)o(v)o(e)12 b(that)g(an)h(idealized)i(v)o(ersion)f
(of)e(the)h(sc)o(heme,)g(in)h(whic)o(h)g(one)f(uses)g(a)g(uniformly)h
(selected)g(function)114 474 y Fx(f)c FB(:)5 b Fn(f)p
FB(0)p Fx(;)j FB(1)p Fn(g)277 458 y Fk(n)302 474 y Fn(7!)d(f)p
FB(0)p Fx(;)j FB(1)p Fn(g)465 458 y Fk(n)486 474 y FB(,)15
b(rather)g(than)g(the)g(pseudorandom)h(function)g Fx(f)1339
481 y Fk(s)1357 474 y FB(,)e(is)i(secure.)56 568 y(2.)22
b(Conclude)h(that)e(the)h(real)h(sc)o(heme)f(\(as)g(presen)o(ted)g(ab)q
(o)o(v)o(e\))f(is)i(secure)g(\(since)f(otherwise)h(one)f(could)114
624 y(distinguish)17 b(a)e(pseudorandom)g(function)h(from)f(a)g(truly)g
(random)g(one\).)0 718 y(Note)d(that)f(w)o(e)h(could)h(ha)o(v)o(e)f
(gotten)f(rid)i(of)f(the)g(randomization)g(if)h(w)o(e)f(had)g(allo)o(w)
o(ed)h(the)f(encryption)h(algorithm)0 775 y(to)f(b)q(e)h(history)g(dep)
q(enden)o(t)h(\(e.g.,)e(use)h(a)f(coun)o(ter)h(in)g(the)g(role)g(of)f
Fx(r)q FB(\).)19 b(F)l(urthermore,)12 b(if)h(the)g(encryption)h(sc)o
(heme)0 831 y(is)h(used)g(for)f Fp(fif)o(o)g FB(comm)o(unication)i(b)q
(et)o(w)o(een)e(the)h(parties)g(and)f(b)q(oth)h(can)f(main)o(tain)h
(the)g(coun)o(ter)f(v)m(alue)i(then)0 888 y(there)f(is)h(no)f(need)h
(for)f(the)g(sender)h(to)e(send)i(the)f(coun)o(ter)g(v)m(alue.)0
1008 y Fz(The)24 b(randomization)i(paradigm)e([104]:)45
b FB(W)l(e)21 b(demonstrate)f(this)h(paradigm)g(b)o(y)f(presen)o(ting)i
(sev)o(eral)0 1064 y(constructions)c(of)f(public-k)o(ey)j(encryption)f
(sc)o(hemes.)27 b(First,)18 b(supp)q(ose)g(w)o(e)g(ha)o(v)o(e)f(a)g
(trap)q(do)q(or)g(one-w)o(a)o(y)g(p)q(er-)0 1120 y(m)o(utation,)h
Fn(f)p Fx(p)258 1127 y Fk(\013)281 1120 y Fn(g)304 1127
y Fk(\013)328 1120 y FB(,)g(and)h(a)f(hard-core)g(predicate,)i
Fx(b)p FB(,)e(for)g(it.)1078 1104 y Ft(9)1126 1120 y
FB(The)g(k)o(ey)g(generation)h(algorithm)f(consists)g(of)0
1177 y(selecting)e(at)e(random)g(a)h(p)q(erm)o(utation)f
Fx(p)725 1184 y Fk(\013)763 1177 y FB(together)g(with)h(a)f(trap)q(do)q
(or)g(for)g(it:)20 b(The)15 b(p)q(erm)o(utation)g(\(or)f(rather)0
1233 y(its)f(description\))h(serv)o(es)f(as)g(the)g(public-k)o(ey)l(,)i
(whereas)e(the)g(trap)q(do)q(or)f(serv)o(es)h(as)g(the)g(priv)m(ate-k)o
(ey)l(.)20 b(T)l(o)13 b(encrypt)0 1290 y(a)k(single)h(bit)g
Fx(\033)h FB(\(using)e(public)j(k)o(ey)d Fx(p)670 1297
y Fk(\013)693 1290 y FB(\),)g(the)h(encryption)g(algorithm)f(uniformly)
h(selects)g(an)f(elemen)o(t,)h Fx(r)q FB(,)f(in)0 1346
y(the)h(domain)g(of)f Fx(p)322 1353 y Fk(\013)363 1346
y FB(and)h(pro)q(duces)g(the)g(ciphertext)h(\()p Fx(p)988
1353 y Fk(\013)1011 1346 y FB(\()p Fx(r)q FB(\))p Fx(;)8
b(\033)j Fn(\010)i Fx(b)p FB(\()p Fx(r)q FB(\)\).)25
b(T)l(o)17 b(decrypt)h(the)g(ciphertext)h(\()p Fx(y)r(;)8
b(\034)d FB(\))0 1403 y(\(using)18 b(the)f(priv)m(ate)h(k)o(ey\),)e
(the)h(decryption)h(algorithm)g(just)e(computes)i Fx(\034)e
Fn(\010)c Fx(b)p FB(\()p Fx(p)1446 1386 y Fl(\000)p Ft(1)1446
1414 y Fk(\013)1489 1403 y FB(\()p Fx(y)r FB(\)\))k(\(where)h(the)h(in)
o(v)o(erse)0 1459 y(is)g(computed)g(using)g(the)f(trap)q(do)q(or)g
(\(i.e.,)g(priv)m(ate-k)o(ey\)\).)26 b(The)18 b(ab)q(o)o(v)o(e)f(sc)o
(heme)g(is)h(quite)g(w)o(asteful)f(in)h(band-)0 1516
y(width;)c(ho)o(w)o(ev)o(er,)e(the)h(paradigm)g(underlying)i(its)e
(construction)h(is)f(v)m(aluable)i(in)f(practice.)20
b(F)l(ollo)o(wing)14 b(are)e(t)o(w)o(o)0 1572 y(imp)q(ortan)o(t)j
(examples.)71 1629 y(First,)i(w)o(e)g(note)g(that)g(it)h(is)g(b)q
(etter)f(to)g(randomly)h(pad)g(messages)f(\(sa)o(y)f(using)i(padding)h
(equal)f(in)g(length)0 1685 y(to)g(the)h(message\))f(b)q(efore)h
(encrypting)g(them)g(using)g(RSA,)g(than)g(to)f(emplo)o(y)h(RSA)g(on)g
(the)g(plain)h(message.)0 1741 y(Suc)o(h)e(a)g(heuristic)h(could)g(b)q
(e)f(placed)h(on)e(\014rm)h(grounds)g(if)g(a)f Fu(conjecture)i
FB(analogous)f(to)f(the)g(one)h(men)o(tioned)0 1798 y(in)e(Section)h(3)
e(is)h(supp)q(orted.)21 b(That)15 b(is,)h(assume)f(that)g(the)h
(\014rst)f Fx(n=)p FB(2)g(least)h(signi\014can)o(t)g(bits)g(of)f(the)h
(argumen)o(t)0 1854 y(constitute)e(a)f(hard-core)h(function)g(of)f(RSA)
i(with)f Fx(n)p FB(-bit)g(long)g(mo)q(duli.)21 b(Then,)14
b(encrypting)g Fx(n=)p FB(2-bit)g(messages)0 1911 y(b)o(y)j(padding)i
(the)f(message)f(with)g Fx(n=)p FB(2)h(random)f(bits)h(and)f(applying)i
(RSA)f(\(with)g(an)f Fx(n)p FB(-bit)i(mo)q(duli\))f(on)g(the)0
1967 y(result)d(constitutes)g(a)g(secure)g(public-k)o(ey)i(encryption)f
(system,)e(hereafter)h(referred)g(to)f(as)g Fu(Randomized)f(RSA)p
FB(.)71 2024 y(Secondly)l(,)23 b(follo)o(wing)e([25)o(],)g(w)o(e)f
(presen)o(t)h(an)g(alternativ)o(e)f(public-k)o(ey)j(encryption)f(sc)o
(heme,)f(whic)o(h)h(can)0 2080 y(b)q(e)d(based)g(on)g(an)o(y)f(trap)q
(do)q(or)g(p)q(erm)o(utation.)31 b(In)19 b(con)o(trast)f(to)g(the)g(sc)
o(heme)h(presen)o(ted)h(ab)q(o)o(v)o(e,)e(the)h(curren)o(t)0
2137 y(sc)o(heme)j(is)h(not)e(w)o(asteful)h(in)h(bandwidth.)41
b(The)22 b(encryption)h(sc)o(heme)f(augmen)o(ts)g(the)g(construction)g
(of)f(a)0 2193 y(pseudorandom)c(generator,)e(giv)o(en)i(in)g(Section)h
(3,)e(as)g(follo)o(ws.)24 b(The)17 b(k)o(ey-generation)f(algorithm)h
(consists)f(of)0 2250 y(selecting)21 b(at)e(random)g(a)h(p)q(erm)o
(utation)f Fx(p)750 2257 y Fk(\013)794 2250 y FB(together)f(with)i(a)g
(trap)q(do)q(or.)33 b(T)l(o)19 b(encrypt)h(the)g Fx(n)p
FB(-bit)g(string)g Fx(x)0 2306 y FB(\(using)d(public)i(k)o(ey)d
Fx(p)382 2313 y Fk(\013)405 2306 y FB(\),)g(the)h(encryption)g
(algorithm)g(uniformly)g(selects)g(an)g(elemen)o(t,)g
Fx(s)p FB(,)g(in)g(the)g(domain)f(of)0 2362 y Fx(p)23
2369 y Fk(\013)60 2362 y FB(and)e(pro)q(duces)g(the)g(ciphertext)g(\()p
Fx(p)668 2346 y Fk(n)668 2374 y(\013)691 2362 y FB(\()p
Fx(s)p FB(\))p Fx(;)8 b(x)f Fn(\010)g Fx(G)880 2369 y
Fk(\013)902 2362 y FB(\()p Fx(s)p FB(\)\),)13 b(where)g
Fx(G)1168 2369 y Fk(\013)1192 2362 y FB(\()p Fx(s)p FB(\))f(=)h
Fx(b)p FB(\()p Fx(s)p FB(\))7 b Fn(\001)g Fx(b)p FB(\()p
Fx(p)1474 2369 y Fk(\013)1495 2362 y FB(\()p Fx(s)p FB(\)\))h
Fn(\001)g(\001)g(\001)t Fx(b)p FB(\()p Fx(p)1698 2346
y Fk(n)p Fl(\000)p Ft(1)1698 2374 y Fk(\013)1763 2362
y FB(\()p Fx(s)p FB(\)\).)18 b(\(W)l(e)0 2419 y(use)i(the)f(notation)h
Fx(p)375 2402 y Fk(i)p Ft(+1)375 2430 y Fk(\013)430 2419
y FB(\()p Fx(x)p FB(\))f(=)i Fx(p)590 2426 y Fk(\013)613
2419 y FB(\()p Fx(p)654 2402 y Fk(i)654 2430 y(\013)677
2419 y FB(\()p Fx(x)p FB(\)\))e(and)g Fx(p)891 2402 y
Fl(\000)p Ft(\()p Fk(i)p Ft(+1\))891 2430 y Fk(\013)999
2419 y FB(\()p Fx(x)p FB(\))g(=)h Fx(p)1158 2402 y Fl(\000)p
Ft(1)1158 2430 y Fk(\013)1203 2419 y FB(\()p Fx(p)1244
2402 y Fl(\000)p Fk(i)1244 2430 y(\013)1283 2419 y FB(\()p
Fx(x)p FB(\)\).\))31 b(T)l(o)20 b(decrypt)g(the)f(ciphertext)0
2475 y(\()p Fx(y)r(;)8 b(z)r FB(\))14 b(\(using)i(the)f(priv)m(ate)h(k)
o(ey\),)e(the)i(decryption)g(algorithm)f(\014rst)g(reco)o(v)o(ers)g
Fx(s)e FB(=)g Fx(p)1483 2459 y Fl(\000)p Fk(n)1483 2487
y(\013)1532 2475 y FB(\()p Fx(y)r FB(\))h(and)i(then)f(outputs)0
2532 y Fx(z)d Fn(\010)f Fx(G)115 2539 y Fk(\013)138 2532
y FB(\()p Fx(s)p FB(\).)p 0 2574 780 2 v 52 2601 a Fs(9)82
2617 y FD(Hard-core)i(predicates)i(are)e(de\014ned)i(in)f(Section)g(3.)
j(Recall)e(that)f(b)o(y)f([96],)f(ev)o(ery)i(trap)q(do)q(or)g(p)q(erm)o
(utation)h(can)f(b)q(e)f(mo)q(di\014ed)0 2662 y(in)o(to)h(one)f(ha)o
(ving)i(a)e(hard-core)h(predicate.)952 2795 y FB(16)p
eop
%%Page: 17 18
17 17 bop 271 51 1408 2 v 271 891 2 840 v 301 125 a Fd(priv)n(ate-k)o
(ey:)23 b FD(Tw)o(o)13 b(primes)h Fj(p;)6 b(q)q FD(,)13
b(eac)o(h)g(congruen)o(t)i(to)d(3)39 b(\(mo)q(d)13 b(4\).)301
199 y Fd(public-)o(k)o(ey:)21 b FD(Their)14 b(pro)q(duct)g
Fj(N)828 177 y Fs(def)834 199 y FD(=)j Fj(pq)q FD(.)301
261 y Fd(encryption)k FD(of)13 b(message)h Fj(x)c Fi(2)g(f)p
FD(0)p Fj(;)d FD(1)p Fi(g)884 245 y Fe(n)905 261 y FD(:)462
326 y(1.)22 b(Uniformly)15 b(select)f Fj(s)820 330 y
Fs(0)847 326 y Fi(2)d(f)p FD(1)p Fj(;)6 b(:::;)f(N)t
Fi(g)p FD(.)462 380 y(2.)22 b(F)m(or)13 b Fj(i)e FD(=)g(1)p
Fj(;)6 b(::;)f(n)k FD(+)f(1,)13 b(compute)h Fj(s)1009
384 y Fe(i)1032 380 y Fi( )e Fj(s)1100 364 y Fs(2)1100
387 y Fe(i)p FE(\000)p Fs(1)1162 380 y FD(mo)q(d)g Fj(N)k
FD(and)e Fj(\033)1391 384 y Fe(i)1415 380 y FD(=)c(lsb)q(\()p
Fj(s)1535 384 y Fe(i)1548 380 y FD(\).)414 445 y(The)j(ciphertext)i(is)
e(\()p Fj(s)747 449 y Fe(n)p Fs(+1)807 445 y Fj(;)6 b(y)q
FD(\),)13 b(where)g Fj(y)f FD(=)e Fj(x)f Fi(\010)f Fj(\033)1156
449 y Fs(1)1173 445 y Fj(\033)1195 449 y Fs(2)1219 445
y Fi(\001)e(\001)g(\001)g Fj(\033)1292 449 y Fe(n)1313
445 y FD(.)301 507 y Fd(decryption)21 b FD(of)13 b(the)g(ciphertext)i
(\()p Fj(r)o(;)6 b(y)q FD(\).)17 b(Let)c Fj(d)d FD(=)h(2)1093
491 y FE(\000)p Fe(n)1149 507 y FD(mo)q(d)g Fj(\036)p
FD(\()p Fj(N)t FD(\))38 b([precomputed].)462 571 y(1.)22
b(Let)13 b Fj(s)601 575 y Fs(1)629 571 y Fi( )e Fj(r)696
556 y Fe(d)725 571 y FD(mo)q(d)h Fj(N)s FD(.)462 626
y(2.)22 b(F)m(or)13 b Fj(i)e FD(=)g(1)p Fj(;)6 b(:::;)f(n)p
FD(,)13 b(compute)g Fj(\033)957 630 y Fe(i)981 626 y
FD(=)e(lsb)q(\()p Fj(s)1102 630 y Fe(i)1115 626 y FD(\))h(and)i
Fj(s)1235 630 y Fe(i)p Fs(+1)1297 626 y Fi( )d Fj(s)1364
610 y Fs(2)1364 633 y Fe(i)1392 626 y FD(mo)q(d)h Fj(N)s
FD(.)414 690 y(The)h(plain)o(text)i(is)f Fj(y)c Fi(\010)e
Fj(\033)783 694 y Fs(1)801 690 y Fj(\033)823 694 y Fs(2)846
690 y Fi(\001)e(\001)g(\001)g Fj(\033)919 694 y Fe(n)941
690 y FD(.)301 765 y(\(One)14 b(ma)o(y)h(think)h(of)e
Fj(n)h FD(as)f(b)q(eing)i(equal)g(the)f(length)h(of)e
Fj(N)t FD(,)g(but)h(this)h(is)f(not)g(essen)o(tial)h(to)301
811 y(the)11 b(sc)o(heme.)16 b(The)11 b(larger)g Fj(n)p
FD(,)g(the)g(more)f(e\016cien)o(t)i(the)f(sc)o(heme)g(b)q(ecomes.)17
b(Recall,)12 b(ho)o(w)o(ev)o(er,)301 856 y(that)h(the)g(securit)o(y)h
(of)f(the)g(sc)o(heme)h(dep)q(ends)g(on)f(the)h(length)g(of)f
Fj(N)j FD(\(and)e(not)f(on)g Fj(n)p FD(\).\))p 1677 891
V 271 893 1408 2 v 280 1022 a FB(Figure)i(2:)20 b(The)15
b(Blum{Goldw)o(asser)h(Public{Key)h(Encryption)f(Sc)o(heme)g([25)o(].)
71 1158 y(Assuming)24 b(that)g(factoring)f(Blum)i(In)o(tegers)f
(\(i.e.,)i(pro)q(ducts)f(of)e(t)o(w)o(o)g(primes)i(eac)o(h)f(congruen)o
(t)g(to)f(3)0 1214 y(\(mo)q(d)15 b(4\)\))k(is)h(hard,)g(one)g(ma)o(y)f
(use)h(the)g(mo)q(dular)g(squaring)g(function)g(in)h(role)f(of)f(the)h
(trap)q(do)q(or)f(p)q(erm)o(uta-)0 1271 y(tion)f(ab)q(o)o(v)o(e)g
(\(see)h([25)o(,)e(1,)h(165)o(,)g(81]\).)28 b(This)19
b(yields)h(a)d(secure)i(public-k)o(ey)i(encryption)e(sc)o(heme)g
(\(depicted)g(in)0 1327 y(Figure)g(2\))f(with)i(e\016ciency)g
(comparable)f(to)f(that)g(of)h(RSA.)g(Recall)i(that)d(RSA)i(itself)f
(is)h(not)e(secure)i(\(as)e(it)0 1384 y(emplo)o(ys)g(a)f(deterministic)
j(encryption)f(algorithm\),)e(whereas)h(Randomized)h(RSA)f(\(de\014ned)
h(ab)q(o)o(v)o(e\))e(is)h(not)0 1440 y(kno)o(wn)e(to)g(b)q(e)h(secure)g
(under)g(standard)f(assumption)h(suc)o(h)f(as)g(in)o(tractabilit)o(y)i
(of)e(factoring)g(\(or)f(of)h(in)o(v)o(erting)0 1496
y(the)f(RSA)h(function\).)379 1480 y Ft(10)0 1618 y Fy(5.3)56
b(Bey)n(ond)18 b(ea)n(v)n(esdropping)h(securit)n(y)0
1704 y FB(The)g(ab)q(o)o(v)o(e)e(de\014nitions)k(refer)d(only)h(to)e(a)
h(\\passiv)o(e")g(attac)o(k)f(in)j(whic)o(h)f(the)f(adv)o(ersary)g
(merely)h(ea)o(v)o(esdrops)0 1760 y(on)14 b(the)h(line)h(o)o(v)o(er)d
(whic)o(h)i(ciphertexts)h(are)e(b)q(eing)h(sen)o(t.)20
b(Stronger)13 b(t)o(yp)q(es)i(of)f(attac)o(ks,)e(culminating)17
b(in)e(the)f(so-)0 1817 y(called)i(Chosen)e(Ciphertext)h(A)o(ttac)o(k,)
662 1800 y Ft(11)710 1817 y FB(ma)o(y)f(b)q(e)h(p)q(ossible)h(in)f(v)m
(arious)g(applications.)21 b(In)15 b(suc)o(h)g(an)f(attac)o(k,)f(the)0
1873 y(adv)o(ersary)g(ma)o(y)g(obtain)h(the)g(plain)o(texts)g(of)f
(ciphertexts)i(of)e(its)h(c)o(hoice)h(\(as)e(w)o(ell)h(as)g
(ciphertexts)g(of)f(plain)o(texts)0 1930 y(of)i(its)g(c)o(hoice\))h
(and)f(its)h(task)e(is)i(to)f(obtain)g(information)g(ab)q(out)g(the)h
(plain)o(text)g(of)f(a)f(di\013eren)o(t)i(ciphertext)g(\(to)0
1986 y(b)q(e)j(presen)o(ted)g(in)g(the)f(future\).)29
b(Clearly)l(,)19 b(the)f(priv)m(ate-k)o(ey)h(encryption)h(sc)o(heme)e
(based)h(on)f(pseudorandom)0 2043 y(functions)k(\(describ)q(ed)g(ab)q
(o)o(v)o(e\))e(is)h(secure)h(also)e(against)h(suc)o(h)g(attac)o(ks.)35
b(Public-k)o(ey)23 b(encryption)f(sc)o(hemes)0 2099 y(secure)16
b(against)f(Chosen)h(Ciphertext)g(A)o(ttac)o(ks)e(can)h(b)q(e)h
(constructed,)g(assuming)f(the)h(existence)h(of)e(trap)q(do)q(or)0
2156 y(p)q(erm)o(utations)h(and)h(utilizing)h(non-in)o(teractiv)o(e)f
(zero-kno)o(wledge)g(pro)q(ofs)f([142)o(])g(\(whic)o(h)h(can)f(b)q(e)h
(constructed)0 2212 y(under)f(this)g(assumption)f([73)o(]\).)71
2269 y(Another)k(issue)g(is)h(the)f Fv(non-mal)r(le)n(ability)f
FB(of)g(the)i(encryption)f(sc)o(heme,)h(considered)h(in)f([62)o(].)31
b(Here)19 b(one)0 2325 y(requires)h(that)f(it)h(should)h(b)q(e)f
(infeasible)i(for)d(an)h(adv)o(ersary)l(,)f(giv)o(en)h(a)g(ciphertext,)
h(to)e(pro)q(duce)h(a)g(v)m(alid)h(ci-)0 2381 y(phertext)e(for)g(a)g
(related)g(plain)o(text.)33 b(F)l(or)18 b(example,)j(giv)o(en)f(a)f
(ciphertext)h(of)e(a)h(plain)o(text)h(of)f(the)g(form)g(1)p
Fx(x)p FB(,)p 0 2421 780 2 v 37 2448 a Fs(10)79 2464
y FD(Recall)11 b(that)f(Randomized)i(RSA)e(is)h(secure)f(assuming)i
(that)e(the)g Fj(n=)p FD(2)g(least)h(signi\014can)o(t)h(bits)f
(constitute)g(a)f(hard-core)g(function)0 2509 y(for)i
Fj(n)p FD(-bit)h(RSA)f(mo)q(duli.)19 b(W)m(e)12 b(only)i(kno)o(w)e
(that)h(the)f Fj(O)q FD(\(log)c Fj(n)p FD(\))13 b(least)g(signi\014can)
o(t)h(bits)g(constitute)f(a)f(hard-core)i(function)f(for)f
Fj(n)p FD(-bit)0 2555 y(mo)q(duli)j([1].)37 2585 y Fs(11)81
2601 y FD(An)e(ev)o(en)g(stronger)g(notion)h(of)e(Chosen)h(Ciphertext)h
(A)o(ttac)o(k)e(is)h(in)o(v)o(estiagted)i(in)e([155)q(].)j(This)d
(stronger)g(notion)h(is)f(related)h(to)0 2646 y(non-malleabil)q(i)q(t)o
(y)i(discussed)f(b)q(elo)o(w.)952 2795 y FB(17)p eop
%%Page: 18 19
18 18 bop 0 42 a FB(it)19 b(should)g(b)q(e)h(infeasible)h(to)c(pro)q
(duce)j(a)e(ciphertext)i(to)e(the)g(plain)o(text)i(0)p
Fx(x)p FB(.)29 b(It)19 b(is)g(easy)f(to)g(turn)h(a)f(priv)m(ate-)0
98 y(k)o(ey)i(encryption)i(sc)o(heme)f(in)o(to)f(a)g(non-malleable)j
(one,)e(b)o(y)g(using)g(a)f(message)g(authen)o(tication)h(sc)o(heme)g
(on)0 154 y(top.)29 b(Non-malleable)21 b(public-k)o(ey)f(encryption)g
(sc)o(hemes)f(are)f(kno)o(wn)g(to)g(exist)g(assuming)h(the)g(existence)
g(of)0 211 y(trap)q(do)q(or)c(p)q(erm)o(utation)g([62)o(].)0
353 y FA(6)67 b(Signatures)0 455 y FB(Again,)17 b(there)h(are)e(priv)m
(ate-k)o(ey)i(and)f(public-k)o(ey)j(v)o(ersions)d(b)q(oth)g(consisting)
h(of)f(three)g(e\016cien)o(t)g(algorithms:)0 511 y Fv(key)g(gener)n
(ation)p FB(,)d Fv(signing)h FB(and)h Fv(veri\014c)n(ation)p
FB(.)k(\(Priv)m(ate-k)o(ey)c(signature)g(sc)o(hemes)g(are)g(commonly)g
(referred)g(to)0 568 y(as)e Fv(message)h(authentic)n(ation)h(schemes)d
FB(or)h Fv(c)n(o)n(des)g FB(\()p Fp(ma)o(c)p FB(\).\))k(The)d
(di\013erence)g(b)q(et)o(w)o(een)g(the)g(t)o(w)o(o)e(t)o(yp)q(es)h(is)h
(again)0 624 y(re\015ected)c(in)h(the)f(de\014nition)h(of)e(securit)o
(y)l(.)19 b(This)12 b(di\013erence)g(yields)g(di\013eren)o(t)f
(functionalit)o(y)h(\(ev)o(en)e(more)h(than)f(in)0 680
y(the)16 b(case)f(of)h(encryption\):)21 b(Public-k)o(ey)c(signature)f
(sc)o(hemes)g(\(hereafter)f(referred)h(to)f(as)g(signature)h(sc)o
(hemes\))0 737 y(ma)o(y)k(b)q(e)h(used)g(to)e(pro)q(duce)j(signatures)e
(whic)o(h)h(are)g Fv(universal)r(ly)f(veri\014able)f
FB(\(giv)o(en)i(access)f(to)g(the)h(public-)0 793 y(k)o(ey)16
b(of)f(the)h(signer\).)22 b(Priv)m(ate-k)o(ey)17 b(signature)f(sc)o
(hemes)g(\(hereafter)f(referred)h(to)f(as)h(message)f(authen)o
(tication)0 850 y(sc)o(hemes\))d(are)g(only)h(used)g(to)f(authen)o
(ticate)h(messages)f(sen)o(t)g(among)g(a)g(small)h(set)f(of)g
Fv(mutual)r(ly)j(trusting)d FB(parties)0 906 y(\(since)19
b(abilit)o(y)h(to)e(v)o(erify)g(signatures)h(is)g(link)o(ed)h(to)e(the)
g(abilit)o(y)i(to)e(pro)q(duce)h(them\).)29 b(Put)19
b(in)g(other)f(w)o(ords,)0 963 y(message)c(authen)o(tication)i(sc)o
(hemes)f(are)f(used)h(to)f(authen)o(ticate)h(information)g(sen)o(t)g(b)
q(et)o(w)o(een)g(\(t)o(ypically)h(t)o(w)o(o\))0 1019
y(parties,)j(and)f(the)g(purp)q(ose)h(is)g(to)f(con)o(vince)h
Fv(the)g(r)n(e)n(c)n(eiver)e FB(that)h(the)g(information)g(w)o(as)g
(indeed)i(sen)o(t)e(b)o(y)g(the)0 1076 y(legitimate)13
b(sender.)20 b(In)13 b(particular,)g(message)f(authen)o(tication)h(sc)o
(hemes)f(cannot)h(con)o(vince)g Fv(a)h(thir)n(d)g(p)n(arty)f
FB(that)0 1132 y(the)i(sender)g(has)f(indeed)i(sen)o(t)e(the)h
(information)f(\(rather)g(than)g(the)h(receiv)o(er)g(ha)o(ving)g
(generated)f(it)h(b)o(y)f(itself)t(\).)0 1189 y(In)f(con)o(trast,)f
(public-k)o(ey)j(signatures)e(can)g(b)q(e)h(used)f(to)f(con)o(vince)i
(third)g(parties:)19 b(A)13 b(signature)g(to)f(a)h(do)q(cumen)o(t)0
1245 y(is)k(t)o(ypically)h(sen)o(t)e(to)g(a)g(second)h(part)o(y)e(so)h
(that)g(in)h(the)g(future)f(this)h(part)o(y)f(ma)o(y)g(\(b)o(y)g
(merely)h(presen)o(ting)g(the)0 1301 y(signed)h(do)q(cumen)o(t\))g(con)
o(vince)g(third)g(parties)f(that)g(the)g(do)q(cumen)o(t)h(w)o(as)e
(indeed)j(generated/sen)o(t/appro)o(v)o(ed)0 1358 y(b)o(y)c(the)g
(signer.)0 1479 y Fy(6.1)56 b(De\014nitions)0 1564 y
FB(W)l(e)21 b(consider)i(v)o(ery)e(p)q(o)o(w)o(erful)h(attac)o(ks)e(on)
h(the)g(signature)h(sc)o(heme)g(as)f(w)o(ell)h(as)f(a)g(v)o(ery)g(lib)q
(eral)j(notion)d(of)0 1621 y(breaking)c(it.)23 b(Sp)q(eci\014cally)l(,)
c(the)e(attac)o(k)o(er)d(is)j(allo)o(w)o(ed)g(to)e(obtain)i(signatures)
f(to)g(an)o(y)f(message)h(of)g(its)g(c)o(hoice.)0 1677
y(One)g(ma)o(y)f(argue)g(that)f(in)i(man)o(y)f(applications)i(suc)o(h)f
(a)f(general)g(attac)o(k)f(is)i(not)f(p)q(ossible)i(\(as)e(messages)g
(to)f(b)q(e)0 1734 y(signed)i(m)o(ust)f(ha)o(v)o(e)g(a)h(sp)q(eci\014c)
h(format\).)i(Y)l(et,)c(our)h(view)g(is)g(that)e(it)i(is)g(imp)q
(ossible)i(to)d(de\014ne)h(a)g(general)g(\(i.e.,)0 1790
y(application-indep)r(ende)q(n)o(t\))g(notion)e(of)g(admissible)i
(messages,)d(and)h(th)o(us)g(a)g(general/robust)g(de\014nition)h(of)f
(an)0 1847 y(attac)o(k)c(seems)i(to)e(ha)o(v)o(e)h(to)g(b)q(e)h(form)o
(ulated)f(as)g(suggested)h(here.)19 b(\(Note)10 b(that)h(at)g(w)o
(orst,)f(our)h(approac)o(h)g(is)h(o)o(v)o(erly)0 1903
y(cautious.\))19 b(Lik)o(ewise,)c(the)e(adv)o(ersary)f(is)h(said)h(to)e
(b)q(e)i(successful)g(if)f(it)h(can)f(pro)q(duce)h(a)e(v)m(alid)j
(signature)e(to)f Fp(any)0 1960 y FB(message)i(for)g(whic)o(h)h(it)g
(has)f(not)g(ask)o(ed)g(for)g(a)g(signature)h(during)g(its)g(attac)o
(k.)j(Again,)d(this)g(de\014nes)g(the)g(abilit)o(y)0
2016 y(to)g(form)f(signatures)h(to)g(p)q(ossibly)i(\\nonsensical")f
(messages)f(as)g(a)g(breaking)h(of)e(the)i(sc)o(heme.)k(Y)l(et,)15
b(again,)g(w)o(e)0 2073 y(see)j(no)f(w)o(a)o(y)f(to)h(ha)o(v)o(e)g(a)g
(general)h(\(i.e.,)g(application-indep)q(en)q(den)o(t\))i(notion)e(of)f
(\\meaningful")h(messages)f(\(so)0 2129 y(that)d(only)i(forging)f
(signatures)g(to)g(them)g(will)i(b)q(e)f(consider)g(a)f(breaking)h(of)e
(the)i(sc)o(heme\).)0 2228 y Fz(De\014nition)j(9)k FB(\(unforgeable)15
b(signatures)h([106)o(]\):)68 2317 y Fn(\017)23 b Fv(A)16
b Fu(chosen)i(message)13 b(attack)18 b Fv(is)e(a)h(pr)n(o)n(c)n(ess)f
(which)h(on)g(input)g(a)g(veri\014c)n(ation-key)f(c)n(an)g(obtain)h
(signatur)n(es)114 2373 y FB(\(relativ)o(e)e(to)g(the)g(corresp)q
(onding)h(signing-k)o(ey\))h Fv(to)g(messages)e(of)h(its)g(choic)n(e.)
68 2465 y Fn(\017)23 b Fv(Such)17 b(an)g(attack)g(is)g(said)g(to)h
Fu(succeeds)i FB(\(in)c(existen)o(tial)i(forgery\))e
Fv(if)h(it)g(outputs)h(a)g(valid)f(signatur)n(e)f(to)i(a)114
2522 y(message)d(for)i(which)g(it)f(has)g Fp(not)g Fv(r)n(e)n(queste)n
(d)f(a)i(signatur)n(e)f(during)g(the)h(attack.)68 2614
y Fn(\017)23 b Fv(A)13 b(signatur)n(e)h(scheme)f(is)h
Fu(secure)h FB(\(or)d(unforgeable\))i Fv(if)g(every)g
FB(feasible)h Fv(chosen)e(message)g(attack)i(suc)n(c)n(e)n(e)n(ds)114
2670 y(with)h(at)h(most)f(ne)n(gligible)e(pr)n(ob)n(ability.)952
2795 y FB(18)p eop
%%Page: 19 20
19 19 bop 0 42 a FB(W)l(e)14 b(stress)e(that)h Fv(plain)k
FB(RSA)d(\(alik)o(e)g(plain)h(v)o(ersions)e(of)h(Rabin's)g(sc)o(heme)g
([152)n(])f(and)h(DSS)g([133)o(]\))e(is)i(not)f(secure)0
98 y(under)j(the)f(ab)q(o)o(v)o(e)f(de\014nition.)22
b(Ho)o(w)o(ev)o(er,)13 b(it)i(ma)o(y)g(b)q(e)g(secure)h(if)f(the)g
(message)f(is)i(\\randomized")f(b)q(efore)g(RSA)0 154
y(\(or)k(the)g(other)h(sc)o(hemes\))f(is)h(applied)i(\(cf.,)c([15)o
(]\).)32 b(Th)o(us,)21 b(the)e(randomization)h(paradigm)g(\(see)f
(Section)i(5\))0 211 y(seems)15 b(piv)o(otal)h(here)f(to)q(o.)0
333 y Fy(6.2)56 b(Constructions)0 418 y Fv(Message)21
b(authentic)n(ation)h(schemes)i FB(can)e(b)q(e)g(constructed)f(using)h
(pseudorandom)g(functions)g(\(see)f([92])f(or)0 475 y(the)h(more)g
(e\016cien)o(t)h(constructions)g(in)g([10)o(,)f(9,)f(3]\).)38
b(Ho)o(w)o(ev)o(er,)21 b(as)g(noted)g(in)i([4)o(],)f(an)f
Fv(extensive)f FB(usage)h(of)0 531 y(pseudorandom)16
b(functions)g(seem)g(an)f(o)o(v)o(erkill)i(for)e(ac)o(hieving)i
(message)e(authen)o(tication,)g(and)h(more)f(e\016cien)o(t)0
588 y(sc)o(hemes)j(ma)o(y)e(b)q(e)i(obtained)g(based)g(on)f(other)g
(cryptographic)h(primitiv)o(es.)27 b(W)l(e)18 b(men)o(tion)g(t)o(w)o(o)
e(approac)o(hes,)0 644 y(eac)o(h)f(consisting)h(of)f(a)g(t)o(w)o
(o-stage)e(pro)q(cess:)56 738 y(1.)22 b Fv(Fingerprinting)15
b FB(the)h(message)g(using)h(a)f(sc)o(heme)h(whic)o(h)g(is)g
Fv(se)n(cur)n(e)g(against)g(for)n(gery)f(pr)n(ovide)n(d)i(that)g(the)
114 794 y(adversary)f(do)n(es)f(not)g(have)g(ac)n(c)n(ess)f(to)i(the)g
(scheme's)e(outc)n(ome)h FB(\(e.g.,)e(using)i(Univ)o(ersal)g(Hashing)g
([43)o(]\),)114 851 y(and)k(\\)p Fv(hiding)p FB(")g(the)h(result)g
(using)g(a)f Fv(non-mal)r(le)n(able)g FB(sc)o(heme)h(\(e.g.,)f(a)g
(priv)m(ate-k)o(ey)i(encryption)f(or)f(a)114 907 y(pseudorandom)15
b(function\).)20 b(\(Non-malleabilit)o(y)e(is)e(not)e(required)j(in)f
(certain)f(cases;)g(see)h([166)n(].\))56 1001 y(2.)22
b Fv(Hashing)12 b FB(the)h(message)g Fv(using)h(a)g(c)n(ol)r(lision-fr)
n(e)n(e)f(scheme)f FB(\(cf.,)h([55)o(,)f(56]\),)g(and)h
Fv(authentic)n(ating)g FB(the)h(result)114 1058 y(using)i(a)e
Fp(ma)o(c)h FB(whic)o(h)h(op)q(erates)f(on)g(\(short\))f
(\014xed-length)j(strings)e([4)o(].)0 1151 y(Three)i(cen)o(tral)g
(paradigms)f(in)h(the)g(construction)g(of)f Fv(signatur)n(e)h(schemes)j
FB(are)c(the)h(\\refreshing")f(of)g(the)h(\\ef-)0 1208
y(fectiv)o(e")e(signing-k)o(ey)l(,)i(the)e(usage)g(of)g(an)g(\\authen)o
(tication)g(tree")g(and)g(the)h(\\hashing)f(paradigm".)0
1328 y Fz(The)j(refreshing)g(paradigm)g([106]:)45 b FB(T)l(o)15
b(demonstrate)g(this)i(paradigm,)e(supp)q(ose)i(w)o(e)e(ha)o(v)o(e)g(a)
h(signature)0 1384 y(sc)o(heme)f(whic)o(h)h(is)g(robust)f(against)f(a)h
(\\random)f(message)h(attac)o(k")f(\(i.e.,)g(an)h(attac)o(k)f(in)i
(whic)o(h)g(the)f(adv)o(ersary)0 1441 y(only)i(obtains)g(signatures)g
(to)f(uniformly)h(distributed)i(messages\).)k(F)l(urther)17
b(supp)q(ose)g(that)f(w)o(e)g(ha)o(v)o(e)h(a)f Fv(one-)0
1497 y(time)24 b FB(signature)c(sc)o(heme)h(\(i.e.,)g(a)f(signature)h
(sc)o(heme)g(whic)o(h)g(is)g(secure)g(against)f(an)g(attac)o(k)f(in)j
(whic)o(h)f(the)0 1554 y(adv)o(ersary)e(obtains)h(a)g(signature)g(to)f
(a)h(single)h(message)e(of)h(its)g(c)o(hoice\).)35 b(Then,)21
b(w)o(e)f(can)g(obtain)g(a)f(secure)0 1610 y(signature)i(sc)o(heme)f
(as)g(follo)o(ws:)30 b(When)21 b(a)f(new)h(message)f(is)h(to)e(b)q(e)i
(signed,)i(w)o(e)d(generate)g(a)g(new)g(random)0 1667
y(signing-k)o(ey)12 b(for)e(the)h(one-time)h(signature)f(sc)o(heme,)h
(use)f(it)g(to)f(sign)i(the)f(message,)g(and)g(sign)g(the)g(corresp)q
(onding)0 1723 y(\(one-time\))20 b(v)o(eri\014cation-k)o(ey)h(using)g
(the)f(\014xed)g(signing-k)o(ey)h(of)f(the)g(main)g(signature)g(sc)o
(heme)1711 1707 y Ft(12)1767 1723 y FB(\(whic)o(h)g(is)0
1780 y(robust)g(against)f(a)h(\\random)f(message)h(attac)o(k"\))e([69)o
(].)34 b(W)l(e)20 b(note)g(that)f(one-time)i(signature)f(sc)o(hemes)h
(\(as)0 1836 y(utilized)d(here\))d(are)g(easy)g(to)f(construct)h
(\(see,)g(for)g(example)h([128)n(]\).)0 1956 y Fz(The)21
b(tree)g(paradigm)h([127,)e(106)q(]:)44 b FB(T)l(o)18
b(demonstrate)g(this)g(paradigm,)h(w)o(e)f(sho)o(w)g(ho)o(w)g(to)f
(construct)h(a)0 2013 y(general)e(signature)g(sc)o(heme)g(using)h(only)
f(a)f(one-time)i(signature)f(sc)o(heme)g(\(alas)f(one)h(where)g(an)g(2)
p Fx(n)p FB(-bit)g(string)0 2069 y(can)h(b)q(e)g(signed)h(w.r.t)d(an)h
Fx(n)p FB(-bit)i(long)f(v)o(eri\014cation-k)o(ey\).)25
b(The)17 b(idea)g(is)g(to)f(use)h(the)g(initial)i(singing-k)o(ey)f
(\(i.e.,)0 2126 y(the)12 b(one)g(corresp)q(onding)h(to)f(the)g(public)i
(v)o(eri\014cation-k)o(ey\))f(in)g(order)f(to)f(sign/authen)o(ticate)i
(t)o(w)o(o)d(new/random)0 2182 y(v)o(eri\014cation)17
b(k)o(eys.)22 b(The)17 b(corresp)q(onding)g(signing)g(k)o(eys)f(are)g
(used)h(to)e(sign/authen)o(ticate)i(four)e(new/random)0
2238 y(v)o(eri\014cation)22 b(k)o(eys)e(\(t)o(w)o(o)f(p)q(er)i(a)g
(signing)h(k)o(ey\),)f(and)g(so)f(on.)37 b(Stopping)21
b(after)f Fx(d)h FB(suc)o(h)g(steps,)g(this)h(pro)q(cess)0
2295 y(forms)e(a)h(binary)h(tree)f(with)h(2)554 2278
y Fk(d)594 2295 y FB(lea)o(v)o(es)f(where)h(eac)o(h)f(leaf)h(corresp)q
(onds)f(to)g(an)g(instance)h(of)f(the)g(one-time)0 2351
y(signature)15 b(sc)o(heme.)20 b(The)c(signing-k)o(eys)g(at)e(the)h
(lea)o(v)o(es)h(can)f(b)q(e)g(used)h(to)f(sign)g(the)g(actual)g
(messages,)g(and)g(the)0 2408 y(corresp)q(onding)f(v)o(eri\014cation-k)
o(eys)g(ma)o(y)e(b)q(e)i(authen)o(ticated)f(using)h(the)f(path)g(from)g
(the)g(ro)q(ot.)18 b(Pseudorandom)0 2464 y(functions)23
b(ma)o(y)e(b)q(e)i(used)g(to)e(eliminate)j(the)e(need)h(to)f(store)f
(the)h(v)m(alues)h(of)f(in)o(termediate)h(v)o(ertices)f(used)p
0 2504 780 2 v 37 2531 a Fs(12)84 2547 y FD(Alternativ)o(ely)m(,)c(one)
d(ma)o(y)g(generate)h(the)f(one-time)h(k)o(ey-pair)g(and)g(the)f
(signature)i(to)e(its)g(v)o(eri\014cation-k)o(ey)j(ahead)e(of)f(time,)0
2592 y(leading)g(to)e(an)g(\\o\013-line/on-li)q(ne")j(signature)f(sc)o
(heme)e([69].)j(An)d(alternativ)o(e)i(and)e(more)g(e\016cien)o(t)g
(transformation,)i(of)d(signature)0 2638 y(sc)o(hemes)i(whic)o(h)f(are)
h(robust)f(under)h(a)f(\\random)h(message)g(attac)o(k")f(in)o(to)h
(general)h(ones,)e(has)g(b)q(een)h(suggested)g(in)g([53].)952
2795 y FB(19)p eop
%%Page: 20 21
20 20 bop 0 42 a FB(in)23 b(previous)f(signatures)g([86)o(].)40
b(Emplo)o(ying)22 b(this)g(paradigm)g(and)g(assuming)g(that)f(the)h
(RSA)h(function)f(is)0 98 y(infeasible)16 b(to)d(in)o(v)o(ert,)g(one)h
(obtains)f(a)g(secure)h(signature)g(sc)o(heme)g([106)o(,)f(86)o(])g(in)
h(whic)o(h)h(the)e Fx(i)1602 81 y Ft(th)1649 98 y FB(message)g(can)g(b)
q(e)0 154 y(signed/v)o(eri\014ed)h(in)e(time)g(2)c(log)541
165 y Ft(2)567 154 y Fx(i)k FB(slo)o(w)o(er)f(than)h(plain)h(RSA.)f
(Using)h(a)e(tree)h(of)f(large)h(fan-in)h(and)f(assuming)g(that)0
211 y(RSA)j(is)f(infeasible)j(to)c(in)o(v)o(ert,)h(one)g(ma)o(y)g
(obtain)g(a)g(secure)h(signature)f(sc)o(heme)g([66)o(,)g(51)o(])g(whic)
o(h)h(for)f(reasonable)0 267 y(parameters)20 b(is)i(only)f(5)g(times)g
(slo)o(w)o(er)g(than)f(plain)j(RSA)f(\(alas)e(uses)i(a)e(m)o(uc)o(h)h
(bigger)g(k)o(ey\).)1684 251 y Ft(13)1756 267 y FB(W)l(e)h(stress)0
324 y(that)17 b(plain)j(RSA)f(is)f(not)g(a)g(secure)g(signature)h(sc)o
(heme,)f(whereas)g(the)g(securit)o(y)h(of)f(its)g(randomized)h(v)o
(ersion)0 380 y(\(men)o(tioned)d(ab)q(o)o(v)o(e\))e(is)i(not)f(kno)o
(wn)g(to)f(b)q(e)i(reducible)i(to)c(the)h(assumption)h(that)e(RSA)i(is)
g(hard)f(to)g(in)o(v)o(ert.)0 497 y Fz(The)i(hashing)h(paradigm:)45
b FB(A)15 b(common)g(practice)g(is)g(to)f(sign)h(real)g(do)q(cumen)o
(ts)g(via)g(a)g(t)o(w)o(o)e(stage)h(pro)q(cess:)0 553
y(First)d(the)h(do)q(cumen)o(t)f(is)h(hashed)g(in)o(to)g(a)f(\(relativ)
o(ely\))h(short)f(bit)h(string,)f(and)h(next)f(the)h(basic)g(signature)
g(sc)o(heme)0 610 y(is)j(applied)i(to)e(the)g(resulting)h(string.)k(W)l
(e)15 b(note)f(that)h(this)g(heuristic)h(b)q(ecomes)g(sound)f(pro)o
(vided)h(the)f(hashing)0 666 y(function)i(is)g Fv(c)n(ol)r(lision-fr)n
(e)n(e)d FB(\(as)i(de\014ned)h(in)g([55)o(]\).)23 b(Collision-free)18
b(functions)f(can)f(b)q(e)h(constructed)g(assuming)0
723 y(the)c(in)o(tractabilit)o(y)h(of)e(factoring)g([55)o(].)19
b(One)13 b(ma)o(y)f(indeed)j(p)q(ostulate)e(that)f(certain)h
(o\013-the-shelf)h(pro)q(ducts)f(\(as)0 779 y(MD5)g(or)h(SHA\))h(are)f
(collision-free,)i(but)f(suc)o(h)g(assumptions)f(need)h(to)f(b)q(e)h
(tested)f(\(and)g(indeed)i(ma)o(y)e(turn)g(out)0 836
y(false\).)27 b(W)l(e)18 b(stress)f(that)g(using)h(a)f(hashing)h(sc)o
(heme)g(in)h(the)e(ab)q(o)o(v)o(e)h(t)o(w)o(o-stage)d(pro)q(cess)j
(without)g(ev)m(aluating)0 892 y(whether)d(it)h(is)g(collision-free)h
(is)f(a)f(v)o(ery)g(dangerous)g(practice.)71 949 y(A)i(useful)h(v)m
(arian)o(t)f(on)g(the)g(ab)q(o)o(v)o(e)g(paradigm)g(is)h(the)f(use)g
(of)g Fv(Universal)g(One-Way)h(Hash)g(F)m(unctions)e
FB(\(as)0 1005 y(de\014ned)21 b(in)g([141)o(]\),)f(rather)f(than)h(the)
g(collision-free)i(hashing)f(used)f(ab)q(o)o(v)o(e.)34
b(In)20 b(suc)o(h)h(a)e(case)h(a)g(new)g(hash)0 1062
y(function)d(is)g(selected)h(p)q(er)f(eac)o(h)f(application)i(of)e(the)
h(sc)o(heme,)g(and)f(the)h(basic)g(signature)f(sc)o(heme)h(is)g
(applied)0 1118 y(to)g(b)q(oth)i(the)f(\(succinct\))h(description)g(of)
f(the)g(hash)g(function)h(and)f(to)g(the)g(resulting)h(\(hashed\))f
(string.)29 b(\(In)0 1174 y(con)o(trast,)12 b(when)j(using)f(a)g
(collision-free)i(hashing)f(function,)f(the)g(same)f(function)i({)f
(the)f(description)j(of)d(whic)o(h)0 1231 y(is)18 b(part)f(of)g(the)g
(signer's)g(public-k)o(ey)j({)d(is)h(used)g(in)g(all)g(applications.\))
28 b(The)17 b(adv)m(an)o(tage)g(of)g(using)h(Univ)o(ersal)0
1287 y(One-W)l(a)o(y)h(Hash)g(F)l(unctions)g(is)g(that)f(their)h
(securit)o(y)g(requiremen)o(t)h(seems)e(w)o(eak)o(er)g(than)h(the)f
(collision-free)0 1344 y(condition)h(\(e.g.,)e(the)h(former)f(ma)o(y)g
(b)q(e)h(constructed)g(using)g(an)o(y)g(one-w)o(a)o(y)f(function)h
([157)o(],)g(whereas)f(this)h(is)0 1400 y(not)d(kno)o(wn)g(for)f(the)i
(latter\).)0 1517 y Fz(A)21 b(plausibilit)o(y)j(result)e([141)o(,)g
(157]:)45 b FB(Signature)19 b(sc)o(hemes)g(exist)g(if)g(\(and)g(only)h
(if)t(\))e(one-w)o(a)o(y)g(functions)0 1573 y(exist.)29
b(Unlik)o(e)19 b(the)g(constructions)f(of)f(signature)i(sc)o(hemes)f
(describ)q(ed)i(ab)q(o)o(v)o(e,)e(the)g(kno)o(wn)g(construction)g(of)0
1630 y(signature)c(sc)o(hemes)h(from)e Fv(arbitr)n(ary)19
b FB(one-w)o(a)o(y)13 b(functions)i(has)f(no)g(practical)h
(signi\014cance)h([157)n(].)k(It)14 b(is)g(indeed)0 1686
y(an)g(imp)q(ortan)o(t)f(op)q(en)h(problem)g(to)f(pro)o(vide)h(an)g
(alternativ)o(e)g(construction)g(whic)o(h)g(ma)o(y)f(b)q(e)h(practical)
h(and)f(still)0 1743 y(utilize)j(an)e Fv(arbitr)n(ary)20
b FB(one-w)o(a)o(y)15 b(function.)0 1861 y Fy(6.3)56
b(Tw)n(o)19 b(v)m(arian)n(ts)g(of)g(signature)f(sc)n(hemes)0
1947 y FB(Lo)q(osely)12 b(sp)q(eaking,)h Fu(F)o(ail-stop)e(signatures)i
FB(\(cf.,)d([147)o(]\))h(are)g(signature)g(sc)o(hemes)h(augmen)o(ted)f
(b)o(y)g(a)g(pro)q(of)g(system)0 2004 y(whic)o(h)16 b(allo)o(ws)e(the)h
(signer)g(to)f(pro)o(v)o(e)h(that)f(a)g(particular)h(\(do)q(cumen)o
(t,signature\)-pair)g(w)o(as)f(not)g(generated)h(b)o(y)0
2060 y(him/her.)20 b(In)13 b(particular,)g(eac)o(h)f(do)q(cumen)o(t)h
(has)f(man)o(y)g(p)q(ossible)i(v)m(alid)g(signatures)e(\(with)g(resp)q
(ect)h(to)f(the)g(pub-)0 2116 y(lic)i(v)o(eri\014cation)f(k)o(ey\),)f
(but)h(only)f(a)h(negligible)i(fraction)d(of)g(these)h(can)f(b)q(e)h
(generated)f(b)o(y)h(the)f(unkno)o(wn)h(signing)0 2173
y(k)o(ey)l(.)19 b(F)l(urthermore,)12 b(an)o(y)g(strategy)f(\(ev)o(en)h
(a)g(non-computable)h(one\),)g(is)g(unlik)o(ely)h(to)e(generate)g
(signatures)g(cor-)0 2229 y(resp)q(onding)j(to)d(the)i(signing-k)o(ey)l
(,)h(and)e(it)h(is)g(infeasible)i(giv)o(en)e(one)f(signing-k)o(ey)i(to)
e(generate)g(v)m(alid)i(signatures)0 2286 y(\(i.e.,)i(w.r.t)e(the)i(v)o
(eri\014cation)h(k)o(ey\))e(whic)o(h)i(do)f(not)f(corresp)q(ond)i(to)e
(the)h(giv)o(en)g(signing-k)o(ey)l(.)26 b(Th)o(us,)17
b(fail-stop)0 2342 y(signature)g(sc)o(hemes)g(allo)o(w)g(to)f(pro)o(v)o
(e)g(that)g(forgery)g(has)h(o)q(ccurred,)g(and)g(so)g(o\013er)f(an)g
(information-theoretic)0 2399 y(securit)o(y)j(guaran)o(tee)e(to)h(the)g
(p)q(oten)o(tial)h(signers)g(\(y)o(et)f(the)g(guaran)o(tee)g(to)f(p)q
(oten)o(tial)i(signature-recipien)o(ts)h(is)0 2455 y(only)e(a)g
(computational)g(one\).)545 2439 y Ft(14)607 2455 y FB(F)l(urthermore,)
g(in)g(case)g(a)g(pro)q(of)f(of)g(forgery)g(is)i(ev)o(er)e(presen)o
(ted,)i(one)f(ma)o(y)p 0 2490 780 2 v 37 2517 a Fs(13)81
2533 y FD(This)c(\014gure)f(refers)f(to)h(signing)h(up-to)f
(1,000,000,000)g(messages.)18 b(The)12 b(sc)o(heme)h(in)h([66])e
(requires)h(a)g(univ)o(ersal)i(set)d(of)g(system)0 2579
y(parameters)g(consisting)i(of)d(1000{2000)i(in)o(tegers)f(of)f(the)h
(size)g(of)f(the)g(mo)q(duli.)18 b(In)12 b(the)f([51])g(sc)o(heme)h
(this)g(requiremen)o(t)h(is)e(remo)o(v)o(ed.)37 2608
y Fs(14)80 2624 y FD(The)h(ab)q(o)o(v)o(e)g(refers)f(to)g(the)h
(natural)g(con)o(v)o(en)o(tion)i(b)o(y)d(whic)o(h)i(a)e(pro)q(of)h(of)f
(forgery)g(frees)h(the)f(signer)i(of)e(an)o(y)h(obligations)i(implied)0
2670 y(b)o(y)i(the)g(do)q(cumen)o(t.)25 b(Th)o(us,)16
b(when)g(accepting)h(a)f(v)n(alid)h(signature)g(the)f(recipien)o(t)h
(is)f(only)h(guaran)o(teed)g(that)f(it)g(is)g(infeasible)i(for)952
2795 y FB(20)p eop
%%Page: 21 22
21 21 bop 0 42 a FB(\\discertify")20 b(the)g(particular)g(v)o
(eri\014cation)h(k)o(ey)l(,)f(or)f(ev)o(en)i(the)e(en)o(tire)h
(signature)g(sc)o(heme)g(\(hence)h(the)e(term)0 98 y(\\fail-stop"\).)71
154 y(Lo)q(osely)d(sp)q(eaking,)g Fu(Blind)h(signatures)g
FB(\(cf.,)e([44)o(,)g(82)o(,)g(149,)g(117)o(]\))g(are)g(a)h(v)m(arian)o
(t)f(of)g(signature)h(sc)o(hemes)g(in)0 211 y(whic)o(h)h(the)g(signer)f
Fv(gains)h(no)g(know)r(le)n(dge)g(ab)n(out)h(the)f(do)n(cument)g(it)h
(has)f(signe)n(d)p FB(,)e(but)i(rather)e(only)i(kno)o(ws)f(the)0
267 y(total)f(n)o(um)o(b)q(er)i(of)f(do)q(cumen)o(ts)g(signed.)24
b(The)16 b(unforgeabilit)o(y)h(condition)h(th)o(us)d(requires)i(that)f
(it)g(is)h(infeasible)0 324 y(to)i(pro)q(duce)i(more)f(signatures)g
(than)f(the)h(coun)o(t)g(held)h(b)o(y)f(the)g(signer)h(\(and)e(that)h
(this)g(coun)o(t)g(re\015ects)g(the)0 380 y(n)o(um)o(b)q(er)h(of)g
(successfully-completed)j(in)o(v)o(o)q(cations)e(of)f(the)g(signing)h
(proto)q(col\).)38 b(Blind)23 b(signatures)e(pla)o(y)g(a)0
437 y(cen)o(tral)g(role)f(in)h(the)g(design)g(of)f(electronic)i(cash)e
(systems)g(\(cf.,)g([44)o(,)g(46)o(]\):)30 b(They)20
b(are)g(used)h(to)f(mak)o(e)g(the)0 493 y(monetary-certi\014cates,)15
b(signed)h(b)o(y)f(a)g(\014nancial)i(institute,)e(un)o(traceable.)0
636 y FA(7)67 b(Cryptographic)24 b(Proto)r(cols)0 738
y FB(A)13 b(general)h(framew)o(ork)e(for)h(casting)h(cryptographic)f
(\(proto)q(col\))g(problems)h(consists)g(of)f(sp)q(ecifying)i(a)e
(random)0 794 y(pro)q(cess)i(whic)o(h)g(maps)g Fx(n)g
FB(inputs)g(to)f Fx(n)h FB(outputs.)20 b(The)15 b(inputs)g(to)f(the)h
(pro)q(cess)g(are)f(to)g(b)q(e)h(though)o(t)f(of)h(as)f(lo)q(cal)0
851 y(inputs)j(of)e Fx(n)g FB(parties,)h(and)g(the)f
Fx(n)h FB(outputs)f(are)h(their)g(corresp)q(onding)g(lo)q(cal)h
(outputs.)k(The)16 b(random)f(pro)q(cess)0 907 y(describ)q(es)h(the)e
(desired)h(functionalit)o(y)l(.)21 b(That)14 b(is,)g(if)h(the)f
Fx(n)h FB(parties)f(w)o(ere)g(to)f(trust)h(eac)o(h)g(other)g(\(or)f
(trust)g(some)0 964 y(outside)g(part)o(y\),)e(then)h(they)h(could)g
(eac)o(h)f(send)h(their)g(lo)q(cal)g(input)g(to)e(the)i(trusted)f(part)
o(y)l(,)f(who)h(w)o(ould)h(compute)0 1020 y(the)h(outcome)f(of)h(the)g
(pro)q(cess)g(and)g(send)g(eac)o(h)g(part)o(y)f(the)h(corresp)q(onding)
h(output.)k(The)14 b(question)g(addressed)0 1077 y(in)i(this)g(section)
g(is)g(to)e(what)h(exten)o(t)g(can)h(this)f(trusted)g(part)o(y)g(b)q(e)
h(\\sim)o(ulated")f(b)o(y)h(the)f(m)o(utually)h(distrustful)0
1133 y(parties)f(themselv)o(es.)0 1255 y Fy(7.1)56 b(De\014nitions)0
1341 y FB(F)l(or)17 b(simplicit)o(y)i(w)o(e)e(consider)h(the)f(sp)q
(ecial)i(case)f(where)f(the)g(sp)q(eci\014ed)j(pro)q(cess)d(is)h
(deterministic)h(and)e(the)h Fx(n)0 1397 y FB(outputs)c(are)f(iden)o
(tical.)21 b(That)14 b(is,)g(w)o(e)f(consider)i(an)f(arbitrary)f
Fx(n)p FB(-ary)h(function)g(and)g Fx(n)h FB(parties)f(whic)o(h)g(wish)h
(to)0 1453 y(obtain)h(the)f(v)m(alue)i(of)e(the)h(function)g(on)f
(their)h Fx(n)g FB(corresp)q(onding)h(inputs.)k(Eac)o(h)15
b(part)o(y)g(wishes)h(to)f(obtain)h(the)0 1510 y(correct)d(v)m(alue)i
(of)e(the)h(function)g(and)g(prev)o(en)o(t)f(an)o(y)g(other)g(part)o(y)
g(from)g(gaining)h(an)o(ything)g(else)h(\(i.e.,)e(an)o(ything)0
1566 y(b)q(ey)o(ond)j(the)f(v)m(alue)i(of)d(the)i(function)g(and)f
(what)g(is)g(implied)j(b)o(y)d(it\).)71 1623 y(W)l(e)g(\014rst)h
(observ)o(e)g(that)f(\(one)g(thing)i(whic)o(h)f(is)h(una)o(v)o(oidable)
g(is)f(that\))f(eac)o(h)h(part)o(y)f(ma)o(y)g(c)o(hange)h(its)g(lo)q
(cal)0 1679 y(input)23 b(b)q(efore)f(en)o(tering)g(the)g(proto)q(col.)
40 b(Ho)o(w)o(ev)o(er,)23 b(this)f(is)g(una)o(v)o(oidable)h(also)f
(when)h(the)f(parties)g(utilize)0 1736 y(a)d(trusted)h(part)o(y)l(.)32
b(In)21 b(general,)g(the)e(basic)i(paradigm)e(underlying)j(the)e
(de\014nitions)h(of)e Fv(se)n(cur)n(e)h(multi-p)n(arty)0
1792 y(c)n(omputations)26 b FB(amoun)o(ts)21 b(to)g(sa)o(ying)h(that)f
(situations)h(whic)o(h)g(ma)o(y)g(o)q(ccur)g(in)g(the)g(real)g(proto)q
(col,)h(can)f(b)q(e)0 1849 y(sim)o(ulated)16 b(in)g(the)f(ideal)h(mo)q
(del)g(\(where)f(the)g(parties)g(ma)o(y)f(emplo)o(y)h(a)g(trusted)g
(part)o(y\).)j(Th)o(us,)d(the)g(\\e\013ectiv)o(e)0 1905
y(malfunctioning")d(of)e(parties)g(in)i(secure)f(proto)q(cols)f(is)h
(restricted)g(to)e(what)h(is)h(p)q(ostulated)g(in)g(the)g(corresp)q
(onding)0 1962 y(ideal)j(mo)q(del.)19 b(The)13 b(sp)q(eci\014c)h
(de\014nitions)g(di\013er)e(in)h(the)g(sp)q(eci\014c)h(restrictions)e
(and/or)g(requiremen)o(ts)h(placed)g(on)0 2018 y(the)g(parties)f(in)i
(the)e(real)h(computation.)19 b(This)13 b(is)g(t)o(ypically)h
(re\015ected)g(in)f(the)g(de\014nition)h(of)e(the)h(corresp)q(onding)0
2074 y(ideal)k(mo)q(del)f({)f(see)g(examples)h(b)q(elo)o(w.)0
2195 y Fz(An)22 b(example)g({)g(computations)h(with)g(honest)f(ma)s
(jorit)o(y:)45 b FB(Here)19 b(w)o(e)g(consider)h(an)f(ideal)i(mo)q(del)
f(in)0 2251 y(whic)o(h)e(an)o(y)e(minorit)o(y)h(group)f(\(of)g(the)h
(parties\))f(ma)o(y)g(collude)j(as)d(follo)o(ws.)24 b(Firstly)17
b(this)g(minorit)o(y)g(shares)g(its)0 2307 y(original)c(inputs)f(and)g
(decided)h(together)e(on)h(replaced)h(inputs)1076 2291
y Ft(15)1123 2307 y FB(to)e(b)q(e)i(sen)o(t)e(to)g(the)g(trusted)h
(part)o(y)l(.)18 b(\(The)11 b(other)p 0 2350 780 2 v
0 2392 a FD(the)i(signer)i(to)e(repudiate)i(the)e(signature.)20
b(In)13 b(con)o(trast,)g(when)h(follo)o(wing)h(the)f(standard)g
(paradigms)h(of)e(signature)i(sc)o(hemes,)f(the)0 2438
y(signature)19 b(recipien)o(ts)g(ha)o(v)o(e)e(an)g(absolute)i(guaran)o
(tee;)g(whenev)o(er)f(the)f(v)o(eri\014cation)i(algorithm)g(accepts)f
(a)e(signature,)k(it)d(is)g(b)o(y)0 2484 y(de\014nition)f(an)d
(unrepudiated)j(one.)37 2513 y Fs(15)80 2529 y FD(Suc)o(h)d(replacemen)
o(t)g(ma)o(y)f(b)q(e)g(a)o(v)o(oided)h(if)f(the)f(lo)q(cal)j(inputs)f
(of)e(parties)i(are)e(v)o(eri\014able)j(b)o(y)e(the)g(other)g(parties.)
18 b(In)11 b(suc)o(h)h(a)g(case,)0 2575 y(a)h(part)o(y)g(\(in)g(the)g
(ideal)h(mo)q(del\))g(has)f(the)g(c)o(hoice)h(of)e(either)i(joining)g
(the)f(execution)i(of)d(the)h(proto)q(col)h(with)f(its)g(correct)g(lo)q
(cal)h(input)0 2621 y(or)e(not)g(join)g(the)g(execution)h(at)f(all)h
(\(but)f(it)g(cannot)g(join)g(with)h(a)e(replaced)i(lo)q(cal)h
(input\).)j(Secure)c(proto)q(cols)g(sim)o(ulating)i(this)d(ideal)0
2666 y(mo)q(del)i(can)g(b)q(e)f(constructed)h(as)f(w)o(ell.)952
2795 y FB(21)p eop
%%Page: 22 23
22 22 bop 0 42 a FB(parties)15 b(send)h(their)g(resp)q(ectiv)o(e)g
(original)g(inputs)g(to)e(the)i(trusted)e(part)o(y)l(.\))19
b(When)d(the)f(trusted)g(part)o(y)f(returns)0 98 y(the)j(output,)g(eac)
o(h)g(ma)s(jorit)o(y)f(pla)o(y)o(er)h(outputs)g(it)g(lo)q(cally)l(,)i
(whereas)e(the)g(colluding)i(minorit)o(y)e(ma)o(y)g(compute)0
154 y(outputs)d(based)g(on)g(all)h(they)f(kno)o(w)g(\(i.e.,)f(the)h
(output)g(and)g(all)h(the)f(lo)q(cal)i(inputs)f(of)e(these)h
(parties\).)20 b(A)14 b Fv(se)n(cur)n(e)0 211 y(multi-p)n(arty)21
b(c)n(omputation)g(with)f(honest)g(majority)k FB(is)c(required)g(to)f
(sim)o(ulate)h(this)f(ideal)i(mo)q(del.)33 b(That)19
b(is,)0 267 y(the)c(e\013ect)g(of)g(an)o(y)f(feasible)j(adv)o(ersary)d
(whic)o(h)i(con)o(trols)e(a)h(minorit)o(y)g(of)g(the)g(pla)o(y)o(ers)g
(in)h(the)f(actual)g(proto)q(col,)0 324 y(can)k(b)q(e)g(essen)o(tially)
h(sim)o(ulated)g(b)o(y)f(a)f(\(di\013eren)o(t\))g(feasible)i(adv)o
(ersary)e(whic)o(h)i(con)o(trols)e(the)h(corresp)q(onding)0
380 y(pla)o(y)o(ers)c(in)i(the)e(ideal)i(mo)q(del.)22
b(This)16 b(means)g(that)f(in)h(a)f(secure)h(proto)q(col)g(the)f
(e\013ect)h(of)f(eac)o(h)g(minorit)o(y)h(group)0 437
y(is)k(\\essen)o(tially)h(restricted")e(to)g(replacing)i(its)e(o)o(wn)g
(lo)q(cal)i(inputs)f(\(indep)q(enden)o(tly)i(of)d(the)g(lo)q(cal)i
(inputs)f(of)0 493 y(the)f(ma)s(jorit)o(y)e(pla)o(y)o(ers\))h(b)q
(efore)h(the)g(proto)q(col)g(starts,)f(and)h(replacing)h(its)f(o)o(wn)f
(lo)q(cal)i(outputs)e(\(dep)q(ending)0 550 y(only)i(on)f(its)h(lo)q
(cal)g(inputs)g(and)g(outputs\))e(after)h(the)g(proto)q(col)h
(terminates.)32 b(\(W)l(e)19 b(stress)g(that)f(in)i(the)g(real)0
606 y(execution)c(the)g(minorit)o(y)g(pla)o(y)o(ers)f(do)g(obtain)h
(additional)h(pieces)g(of)e(information;)g(y)o(et)g(in)h(a)f(secure)h
(proto)q(col)0 663 y(they)d(gain)h(nothing)g(from)f(these)g(additional)
i(pieces)g(of)e(information,)g(as)g(they)h(can)f(actually)h(repro)q
(duce)h(these)0 719 y(b)o(y)g(themselv)o(es.\))71 775
y(Secure)c(proto)q(cols)f(according)h(to)f(the)h(ab)q(o)o(v)o(e)f
(de\014nition)j(ma)o(y)c(ev)o(en)i(tolerate)f(a)h(situation)g(where)f
(a)h(minorit)o(y)0 832 y(of)i(the)h(parties)g(ab)q(orts)f(the)g
(execution.)21 b(An)14 b(ab)q(orted)f(part)o(y)g(\(in)h(the)g(real)g
(proto)q(col\))f(is)h(sim)o(ulated)h(b)o(y)e(a)h(part)o(y)0
888 y(\(in)19 b(the)g(ideal)i(mo)q(del\))e(whic)o(h)h(ab)q(orts)e(the)h
(execution)h(either)g(b)q(efore)f(supplying)i(its)e(input)h(to)e(the)h
(trusted)0 945 y(part)o(y)i(\(in)h(whic)o(h)g(case)g(a)f(default)h
(input)h(is)f(used\))g(or)f(after)g(supplying)j(its)d(input.)40
b(In)23 b(either)f(case,)h(the)0 1001 y(ma)s(jorit)o(y)12
b(pla)o(y)o(ers)h(\(in)h(the)g(real)g(proto)q(col\))f(are)g(able)h(to)f
(compute)h(the)f(output)h(although)f(a)g(minorit)o(y)h(ab)q(orted)0
1058 y(the)19 b(execution.)32 b(This)20 b(cannot)e(b)q(e)i(exp)q(ected)
g(to)e(happ)q(en)i(when)g(there)f(is)g(no)g(honest)g(ma)s(jorit)o(y)e
(\(e.g.,)i(in)g(a)0 1114 y(t)o(w)o(o-part)o(y)13 b(computation\))i([50)
o(].)0 1234 y Fz(Another)22 b(example)g({)h(t)o(w)o(o-part)o(y)e
(computations:)46 b FB(In)20 b(ligh)o(t)g(of)f(the)h(ab)q(o)o(v)o(e,)g
(w)o(e)f(consider)h(an)g(ideal)0 1291 y(mo)q(del)12 b(where)g(eac)o(h)f
(of)g(the)g(t)o(w)o(o)f(parties)h(ma)o(y)g(\\sh)o(ut-do)o(wn")f(the)h
(trusted)g(\(third\))g(part)o(y)g(at)f(an)o(y)h(p)q(oin)o(t)h(in)g
(time.)0 1347 y(In)h(particular,)g(this)g(ma)o(y)f(happ)q(en)h(after)f
(the)g(trusted)h(part)o(y)e(has)h(supplied)j(the)e(outcome)f(of)g(the)g
(computation)0 1404 y(to)h(one)h(part)o(y)f(but)h(b)q(efore)g(it)g(has)
f(supplied)j(it)e(to)f(the)h(second.)20 b(A)14 b Fv(se)n(cur)n(e)g
(multi-p)n(arty)i(c)n(omputation)f(al)r(lowing)0 1460
y(ab)n(ort)g FB(is)g(required)g(to)f(sim)o(ulate)h(this)g(ideal)h(mo)q
(del.)21 b(That)14 b(is,)h(eac)o(h)f(part)o(y's)f(\\e\013ectiv)o(e)i
(malfunctioning")h(in)f(a)0 1516 y(secure)e(proto)q(col)f(is)h
(restricted)g(to)f(supplying)j(an)d(initial)j(input)e(of)f(its)h(c)o
(hoice)g(and)g(ab)q(orting)f(the)h(computation)0 1573
y(at)k(an)o(y)g(p)q(oin)o(t)h(in)g(time.)28 b(W)l(e)17
b(stress)g(that,)g(as)g(ab)q(o)o(v)o(e,)h(the)f(c)o(hoice)i(of)e(the)g
(initial)j(input)e(of)f(eac)o(h)h(part)o(y)f(ma)o(y)0
1629 y Fp(not)e FB(dep)q(end)i(on)e(the)g(input)h(of)f(the)g(other)g
(part)o(y)l(.)0 1751 y Fy(7.2)56 b(Constructions)0 1837
y Fz(General)18 b(plausibilit)o(y)h(results:)45 b FB(Assuming)15
b(the)g(existence)h(of)f(trap)q(do)q(or)f(p)q(erm)o(utations,)h(one)g
(ma)o(y)f(pro-)0 1893 y(vide)22 b(secure)f(proto)q(cols)g(for)f
Fp(any)g FB(t)o(w)o(o-part)o(y)f(computation)i(\(allo)o(wing)g(ab)q
(ort\))f([169)n(])h(as)f(w)o(ell)i(as)e(for)g Fp(any)0
1950 y FB(m)o(ulti-part)o(y)d(computations)g(with)h(honest)f(ma)s
(jorit)o(y)e([98].)25 b(Th)o(us,)17 b(a)g(host)f(of)h(cryptographic)h
(problems)f(are)0 2006 y(solv)m(able)e(assuming)g(the)f(existence)h(of)
e(trap)q(do)q(or)h(p)q(erm)o(utations.)19 b(Sp)q(eci\014cally)m(,)d(an)
o(y)e(desired)h(\(input{output\))0 2063 y(functionalit)o(y)j(can)f(b)q
(e)g(enforced,)h(pro)o(vided)f(w)o(e)g(are)f(either)h(willing)i(to)e
(tolerate)f(\\early)h(ab)q(ort")f(\(as)g(de\014ned)0
2119 y(ab)q(o)o(v)o(e\))c(or)g(can)h(rely)g(on)g(a)f(ma)s(jorit)o(y)g
(of)g(the)h(parties)g(to)f(follo)o(w)g(the)h(proto)q(col.)19
b(Analogous)13 b(plausibili)q(t)o(y)i(results)0 2176
y(w)o(ere)g(subsequen)o(tly)h(obtained)g(in)g(a)f(v)m(ariet)o(y)g(of)f
(mo)q(dels.)21 b(In)16 b(particular,)f(w)o(e)g(men)o(tion)g(secure)h
(computations)0 2232 y(in)g(the)f(priv)m(ate)h(c)o(hannels)h(mo)q(del)f
([18)o(,)f(45)o(])g(and)g(in)h(the)f(presence)i(of)d(mobile)j(adv)o
(ersaries)e([145)o(].)71 2289 y(As)i(stressed)h(in)g(the)g(case)f(of)g
(zero-kno)o(wledge)h(pro)q(ofs,)g(w)o(e)f(view)h(these)g(results)g(as)f
(asserting)g(that)g(v)o(ery)0 2345 y(wide)g(classes)f(of)f(problems)h
(are)g(solv)m(able)h(in)f(principle.)24 b(Ho)o(w)o(ev)o(er,)15
b(w)o(e)g(do)h(not)f(recommend)h(using)h(the)e(solu-)0
2401 y(tions)h(deriv)o(ed)g(b)o(y)f(these)h(general)g(results)g(in)g
(practice.)21 b(F)l(or)15 b(example,)g(although)h(Threshold)g
(Cryptograph)o(y)0 2458 y(\(cf.,)d([60)o(,)h(84)o(]\))f(is)i(merely)f
(a)g(sp)q(ecial)i(case)d(of)h(m)o(ulti-part)o(y)g(computation,)g(it)g
(is)g(indeed)i(b)q(ene\014cial)h(to)c(fo)q(cus)h(on)0
2514 y(its)h(sp)q(eci\014cs.)952 2795 y(22)p eop
%%Page: 23 24
23 23 bop 0 42 a FA(P)n(art)23 b(I)r(I)r(I)0 145 y Fq(Concluding)34
b(Commen)m(ts)0 279 y FA(8)67 b(Some)22 b(Notes)0 380
y FB(W)l(e)d(partition)g(the)g(notes)g(in)o(to)g(t)o(w)o(o)e
(categories:)27 b Fv(Gener)n(al)19 b(notes)j FB(whic)o(h)e(refer)e(to)g
(general)i(themes)f(in)h(this)0 437 y(essa)o(y)l(,)15
b(and)g Fv(sp)n(e)n(ci\014c)g(notes)j FB(whic)o(h)e(refer)f(to)f(sp)q
(eci\014c)k(co)o(v)o(ered)d(or)f(unco)o(v)o(ered)i(issues.)0
558 y Fy(8.1)56 b(General)17 b(notes)0 644 y Fz(On)i(information)g
(theoretic)g(secrecy)l(.)44 b FB(Most)15 b(of)h(Mo)q(dern)g
(Cryptograph)o(y)e(aims)j(at)e(ac)o(hieving)i Fv(c)n(ompu-)0
701 y(tational)h FB(securit)o(y;)h(that)e(is,)h(making)g(it)g
(infeasible)i(\(rather)c(than)i(imp)q(ossible\))i(for)d(an)g(adv)o
(ersary)g(to)g(break)0 757 y(the)h(system.)29 b(The)19
b(departure)g(from)e Fv(information)i(the)n(or)n(etic)g
FB(secrecy)g(w)o(as)e(suggested)h(b)o(y)h(Shannon)g(in)g(the)0
814 y(v)o(ery)12 b(pap)q(er)g(whic)o(h)h(in)o(tro)q(duced)g(the)f
(notion)g([160)o(]:)18 b(In)13 b(an)f(information)g(theoretic)g(secure)
h(encryption)g(sc)o(heme)0 870 y(the)k(priv)m(ate-k)o(ey)h(m)o(ust)e(b)
q(e)i(longer)g(than)e(the)i(total)e(en)o(trop)o(y)g(of)h(the)g(plain)o
(texts)h(to)e(b)q(e)i(sen)o(t)f(using)h(this)f(k)o(ey)l(.)0
926 y(This)f(drastically)h(restricts)f(the)g(applicabili)q(t)o(y)i(of)d
(\(information-theoretic)h(secure\))g(priv)m(ate-k)o(ey)h(encryption)0
983 y(sc)o(hemes.)33 b(F)l(urthermore,)19 b(notions)h(suc)o(h)f(as)g
(public-k)o(ey)j(cryptograph)o(y)l(,)d(pseudorandom)h(generators,)f
(and)0 1039 y(most)14 b(kno)o(wn)h(cryptographic)h(proto)q(cols)726
1023 y Ft(16)776 1039 y FB(cannot)f(exist)h(in)g(an)f(information)g
(theoretic)h(sense.)0 1159 y Fz(On)i(the)f(need)h(for)f(and)h(c)o
(hoice)g(of)f(assumptions.)45 b FB(As)15 b(stated)g(in)h(Section)g(2,)f
(most)f(of)h(Mo)q(dern)g(Cryp-)0 1216 y(tograph)o(y)f(is)h(based)h(on)f
(computational)g(di\016cult)o(y)l(.)21 b(In)o(tuitiv)o(ely)l(,)c(this)e
(is)h(an)f(immediate)h(consequence)g(of)f(the)0 1272
y(fact)i(that)f(Mo)q(dern)i(Cryptograph)o(y)e(wish)i(to)f(capitalize)i
(on)e(the)h(di\013erence)g(b)q(et)o(w)o(een)g(feasible)h(attac)o(ks)d
(and)0 1329 y(p)q(ossible-but-infeasi)q(ble)j(attac)o(ks.)f(F)l
(ormally)l(,)d(the)h(existence)g(of)f(one-w)o(a)o(y)f(functions)i(has)f
(b)q(een)h(sho)o(wn)f(to)f(b)q(e)0 1385 y(a)i(necessary)g(condition)i
(for)d(the)i(existence)g(of)f(secure)h(priv)m(ate-k)o(ey)g(encryption)g
([113)o(],)e(pseudorandom)i(gen-)0 1442 y(erators)e([122)o(],)h
(digital)h(signatures)g([157)o(],)e(\\non-trivial")j(zero-kno)o(wledge)
e(pro)q(ofs)g([144)o(],)g(and)g(v)m(arious)h(basic)0
1498 y(proto)q(cols)e([113)o(].)71 1555 y(As)g(w)o(e)h(need)g
(assumptions)g(an)o(yho)o(w,)f(wh)o(y)g(not)g(assume)h(what)f(w)o(e)g
(w)o(an)o(t?)21 b(W)l(ell,)c(\014rst)e(w)o(e)h(need)g(to)f(kno)o(w)0
1611 y(what)g(w)o(e)h(w)o(an)o(t.)21 b(This)c(calls)g(for)f(a)f(clear)i
(de\014nition)h(of)d(complex)i(securit)o(y)f(concerns)h({)f(an)g
(non-trivial)h(issue)0 1668 y(whic)o(h)e(is)g(discussed)h(at)e(length)h
(in)g(previous)g(sections.)20 b(Ho)o(w)o(ev)o(er,)13
b(once)i(a)f(de\014nition)i(is)f(deriv)o(ed)g(ho)o(w)f(can)g(w)o(e)0
1724 y(kno)o(w)e(that)g(it)h(can)g(at)f(all)i(b)q(e)f(met?)20
b(The)13 b(w)o(a)o(y)f(to)g(demonstrate)g(that)g(a)g(de\014nition)j(is)
e(viable)h(\(and)f(so)f(the)h(in)o(tu-)0 1780 y(itiv)o(e)i(securit)o(y)
f(concern)h(can)f(b)q(e)h(satis\014ed)f(at)g(all\))g(is)h(to)e
(construct)h(a)f(solution)i(based)f(on)g(a)g Fv(b)n(etter)h(understo)n
(o)n(d)0 1837 y FB(assumption.)20 b(F)l(or)13 b(example,)h(lo)q(oking)h
(at)e(the)h(de\014nition)h(of)e(zero-kno)o(wledge)i(pro)q(ofs)e([105)o
(],)g(it)h(is)g(not)f(a-priori)0 1893 y(clear)19 b(that)f(suc)o(h)g
(pro)q(ofs)g(exists)h(in)g(a)f(non-trivial)i(sense.)30
b(The)18 b(non-trivialit)o(y)i(of)e(the)g(notion)h(w)o(as)f(demon-)0
1950 y(strated)e(in)h([105)o(])f(b)o(y)g(presen)o(ting)h(a)g(zero-kno)o
(wledge)g(pro)q(of)f(system)g(for)g(statemen)o(ts,)f(regarding)h
(Quadratic)0 2006 y(Residuosit)o(y)l(,)h(whic)o(h)g(are)f(b)q(eliev)o
(ed)i(to)d(b)q(e)h(hard)g(to)g(v)o(erify)g(\(without)f(extra)g
(information\).)22 b(F)l(urthermore,)15 b(in)0 2063 y(con)o(trary)f(to)
h(prior)h(b)q(eliefs,)h(it)f(w)o(as)f(sho)o(wn)g(in)i([97)o(])e(that)g
(the)h(existence)g(of)g(commitmen)o(t)f(sc)o(hemes)1760
2046 y Ft(17)1811 2063 y FB(implies)0 2119 y(that)e(an)o(y)g
(NP-statemen)o(t)g(can)h(b)q(e)g(pro)o(v)o(en)f(in)h(zero-kno)o
(wledge.)20 b(Th)o(us,)14 b(statemen)o(ts,)e(whic)o(h)j(w)o(ere)e(not)g
(kno)o(wn)0 2176 y(at)h(all)i(to)d(hold)j(\(and)e(ev)o(en)h(b)q(eliev)o
(ed)i(to)d(b)q(e)i(false\),)e(where)h(sho)o(wn)f(to)g(hold)h(b)o(y)g
(reduction)h(to)e(widely)i(b)q(eliev)o(ed)0 2232 y(assumptions)i
(\(without)g(whic)o(h)g(most)f(of)h(Mo)q(dern)g(Cryptograph)o(y)e
(collapses)j(an)o(yho)o(w\).)27 b(F)l(urthermore,)18
b(re-)0 2289 y(ducing)c(the)e(solution)i(of)e(a)g(new)h(task)e(to)h
(the)h(assumed)g(securit)o(y)f(of)h(a)f(w)o(ell-kno)o(wn)h(primitiv)o
(e)h(t)o(ypically)g(means)0 2345 y(pro)o(viding)g(a)f(construction)h
(whic)o(h)g(using)h(the)e(kno)o(wn)g(primitiv)o(e)i(solv)o(es)e(the)h
(new)g(task.)k(This)c(means)g(that)e(w)o(e)0 2401 y(do)k(not)f(only)h
(kno)o(w)f(\(or)g(assume\))g(that)g(the)h(new)g(task)f(is)h(solv)m
(able)h(but)f(rather)f(ha)o(v)o(e)g(a)g(solution)i(based)f(on)f(a)p
0 2444 780 2 v 37 2470 a Fs(16)84 2486 y FD(Here)g(w)o(e)g(refer)h(to)f
(cryptographic)j(proto)q(cols)f(in)f(the)f(\\standard)i(mo)q(del")g
(where)e(the)h(adv)o(ersary)h(can)e(read)h(all)h(messages)0
2532 y(sen)o(t)d(b)q(et)o(w)o(een)g(honest)g(parties.)20
b(In)14 b(con)o(trast,)g(information-theoretical)q(l)q(y)i(secure)e(m)o
(ulti-part)o(y)i(computation)f(is)f(p)q(ossible)j(when)0
2578 y(assuming)e(the)e(existence)h(of)f(p)q(erfect)g(priv)n(ate)h(c)o
(hannels)h(b)q(et)o(w)o(een)f(eac)o(h)f(pair)h(of)f(honest)h(users)f
([18,)g(45].)37 2607 y Fs(17)81 2623 y FD(Consequen)o(tly)m(,)g(it)f(w)
o(as)f(sho)o(wn)h(ho)o(w)g(to)f(construct)i(commitmen)o(t)f(sc)o(hemes)
h(based)f(on)g(an)o(y)g(pseudorandom)i(generator)e([134)q(],)0
2669 y(and)i(that)f(the)g(latter)h(exists)g(if)f(one-w)o(a)o(y)g
(functions)i(exist)f([109].)952 2795 y FB(23)p eop
%%Page: 24 25
24 24 bop 0 42 a FB(primitiv)o(e)17 b(whic)o(h,)f(b)q(eing)h(w)o
(ell-kno)o(wn,)f(t)o(ypically)h(has)e(sev)o(eral)h(candidate)g
(implemen)o(tations.)22 b(More)15 b(on)h(this)0 98 y(sub)s(ject)f(b)q
(elo)o(w.)0 218 y Fz(On)k(the)g(meaning)g(of)f(asymptotic)i(results.)44
b FB(Asymptotic)16 b(analysis)h(is)g(a)f(ma)s(jor)e(simplifying)19
b(con)o(v)o(en-)0 274 y(tion.)h(It)13 b(allo)o(ws)h(to)f(disregard)h
(sp)q(eci\014cs)h(lik)o(e)g(the)f(mo)q(del)g(of)g(computation)f(and)h
(to)f(fo)q(cus)h(on)f(the)h(essen)o(tials)g(of)0 331
y(the)i(problem)g(at)f(hand.)21 b(F)l(urther)16 b(simpli\014cation)i
(is)e(ac)o(hiev)o(ed)g(b)o(y)g(iden)o(tifying)h(e\016cien)o(t)f
(computations)g(with)0 387 y(p)q(olynomial-time)i(computations,)d(and)h
(more)f(imp)q(ortan)o(tly)g(b)o(y)h(iden)o(tifying)h(infeasible)h
(computations)e(with)0 444 y(ones)d(whic)o(h)h(are)f(not)g(implemen)o
(table)i(in)f(p)q(olynomial-time.)21 b(Ho)o(w)o(ev)o(er,)13
b(none)g(of)g(these)g(con)o(v)o(en)o(tions)g(is)h(really)0
500 y(essen)o(tial)i(for)f(the)g(theory)g(discussed)h(in)g(this)g(essa)
o(y)l(.)922 484 y Ft(18)71 557 y FB(As)g(stated)f(in)i(Section)g(2,)f
(all)h(kno)o(w)f(results)g(\(referring)g(to)g(computational)g
(complexit)o(y\))h(consists)f(of)g(an)0 613 y(explicit)d(construction)e
(in)g(whic)o(h)g(a)g(complex)g(primitiv)o(e)h(is)f(implemen)o(ted)h
(based)f(on)g(a)f(simpler)i(one.)18 b(The)11 b(claim)0
670 y(of)17 b(securit)o(y)h(in)h(man)o(y)e(pap)q(ers)h(merely)g(states)
f(that)g(if)h(the)g(resulting)g(\(complex\))g(primitiv)o(e)h(can)f(b)q
(e)g(brok)o(en)0 726 y(in)h(p)q(olynomial-time)i(then)e(so)f(can)h(the)
g(original)h(\(simpler\))f(primitiv)o(e.)31 b(Ho)o(w)o(ev)o(er,)18
b(all)i(pap)q(ers)f(pro)o(vide)g(an)0 783 y(explicit)c(construction)d
(sho)o(wing)h(ho)o(w)f(to)g(use)h(an)o(y)f(breaking)h(algorithm)f(for)g
(the)h(resulting)g(primitiv)o(e)h(in)f(order)0 839 y(to)h(obtain)h(a)g
(breaking)g(algorithm)g(for)f(the)h(original)h(primitiv)o(e.)21
b(This)15 b(transformation)f(do)q(es)h(not)g(dep)q(end)h(on)0
895 y(the)11 b(running-time)i(of)e(the)g(\014rst)g(algorithm;)h(it)f(t)
o(ypically)i(uses)e(the)h(\014rst)e(algorithm)i(as)e(a)h(blac)o(k-b)q
(o)o(x.)19 b(Th)o(us,)12 b(the)0 952 y(running-time)18
b(of)e(the)h(resulting)h(breaking)f(algorithm)f(\(for)g(the)h(simpler)g
(primitiv)o(e\))h(is)f(explicitly)j(b)q(ounded)0 1008
y(in)g(terms)f(of)f(the)i(running-time)g(of)f(the)g(giv)o(en)h
(breaking)g(algorithm)f(\(for)f(the)h(complex)i(primitiv)o(e\).)32
b(This)0 1065 y(means)18 b(that)g(for)g(eac)o(h)g(of)g(these)g
(results,)h(one)g(can)f(instan)o(tiate)h(the)f(resulting)h(\(complex\))
g(sc)o(heme)g(for)e(an)o(y)0 1121 y(desired)23 b(v)m(alue)g(of)e(the)h
(securit)o(y)g(parameter,)g(mak)o(e)f(a)g(concrete)h(assumption)g
(regarding)g(the)f(securit)o(y)h(of)0 1178 y(the)16 b(underlying)i
(\(simpler\))f(primitiv)o(e,)h(and)e(deriv)o(e)h(a)f(concrete)g
(estimate)g(of)g(the)g(securit)o(y)h(of)e(the)i(prop)q(osed)0
1234 y(implemen)o(tation)f(of)f(the)h(complex)g(primitiv)o(e.)71
1291 y(The)f(applicabili)q(t)o(y)j(of)d(a)g(sp)q(eci\014c)i
(theoretical)f(result)g(dep)q(ends)h(on)e(the)h(complexit)o(y)g(of)f
(the)h(construction)0 1347 y(and)g(the)g(relation)h(b)q(et)o(w)o(een)f
(the)g(securit)o(y)h(of)e(the)i(resulting)g(sc)o(heme)f(and)g(the)g
(quan)o(ti\014ed)h(in)o(tractabilit)o(y)g(as-)0 1404
y(sumption.)i(Some)10 b(of)g(these)g(results)h(seem)f(applicable)i(in)f
(practice,)h(some)e(only)g(o\013er)g(useful)h(paradigm/tec)o(hniques,)0
1460 y(and)i(other)f(only)h(state)f(the)h(plausibili)q(t)o(y)i(of)d
(certain)h(results.)19 b(In)14 b(the)e(latter)h(cases)f(it)h(is)g
(indeed)i(the)e(task)f(of)g(the)0 1516 y(theory)i(comm)o(unit)o(y)h(to)
f(w)o(ork)g(to)o(w)o(ards)f(the)i(impro)o(v)o(emen)o(t)f(of)h(these)g
(results.)20 b(In)15 b(fact,)f(man)o(y)g(impro)o(v)o(emen)o(ts)0
1573 y(of)g(this)h(t)o(yp)q(e)g(ha)o(v)o(e)f(b)q(een)i(ac)o(hiev)o(ed)g
(in)f(the)g(past)f(\(and)g(w)o(e)h(hop)q(e)g(to)f(see)h(more)f(in)i
(the)f(future\).)k(F)l(ollo)o(wing)c(are)0 1629 y(some)g(examples:)68
1723 y Fn(\017)23 b FB(A)e(plausibilit)o(y)i(result)f(of)e(Y)l(ao)h
(\(commonly)f(attributed)h(to)g([168)n(]\))g(on)f(the)h(existence)h(of)
f(hard-core)114 1780 y(predicates,)j(assuming)f(the)f(existence)i(of)e
(one-w)o(a)o(y)f(p)q(erm)o(utations,)j(w)o(as)d(replaced)j(b)o(y)e(a)g
(practical)114 1836 y(construction)15 b(of)g(hard-core)g(predicates)h
(for)f(an)o(y)g(one-w)o(a)o(y)f(functions)i([96)o(].)68
1930 y Fn(\017)23 b FB(A)f(plausibili)q(t)o(y)j(result)d(of)g(Y)l(ao)h
(\(commonly)f(attributed)h(to)e([168)o(]\))h(b)o(y)g(whic)o(h)i(an)o(y)
e(w)o(eak)g(one-w)o(a)o(y)114 1986 y(p)q(erm)o(utation)17
b(can)g(b)q(e)h(transformed)e(in)o(to)i(an)f(ordinary)g(one-w)o(a)o(y)g
(p)q(erm)o(utation)g(w)o(as)f(replaced)j(b)o(y)e(an)114
2043 y(e\016cien)o(t)12 b(transformation)e(of)h(w)o(eak)g(one-w)o(a)o
(y)g(p)q(erm)o(utation)g(in)o(to)h(ordinary)f(one-w)o(a)o(y)g(p)q(erm)o
(utation)h([93)o(].)68 2137 y Fn(\017)23 b FB(A)c(plausibilit)o(y)j
(result)d(of)f([97])g(b)o(y)h(whic)o(h)h(one)f(ma)o(y)f(construct)h(V)l
(eri\014able)i(Secret)e(Sharing)h(sc)o(hemes)114 2193
y(\(cf.,)14 b([49)o(]\),)g(using)j(an)o(y)e(one-w)o(a)o(y)f(function,)i
(w)o(as)f(replaced)i(b)o(y)e(an)g(e\016cien)o(t)h(construction)g(the)g
(securit)o(y)114 2250 y(of)i(whic)o(h)i(is)g(based)f(on)g(DLP)h([76)o
(].)31 b(In)20 b(general,)g(man)o(y)f(concrete)g(problems)h(whic)o(h)g
(are)e(solv)m(able)j(in)114 2306 y(principle)d(\(b)o(y)c(the)i
(plausibilit)o(y)i(results)d(of)g([97)o(,)g(169)o(,)g(98)o(]\))g(w)o
(ere)g(giv)o(en)h(e\016cien)o(t)f(solutions.)0 2426 y
Fz(F)l(orget)22 b(the)g(result,)h(use)f(its)h(ideas.)46
b FB(As)19 b(stated)g(ab)q(o)o(v)o(e,)h(some)f(theoretical)h(results)g
(are)f(not)g(directly)0 2483 y(applicable)j(in)f(practice.)34
b(Still,)23 b(in)d(man)o(y)g(cases)g(these)g(results)g(utilize)i(ideas)
e(whic)o(h)h(ma)o(y)e(b)q(e)i(of)e(v)m(alue)i(in)0 2539
y(practice.)f(Th)o(us,)13 b(if)h(y)o(ou)f(kno)o(w)g(\(b)o(y)g(a)g
(theoretical)h(result\))f(that)g(a)g(problem)h(is)f(solv)m(able)i(in)f
(principle,)i(but)e(the)p 0 2581 780 2 v 37 2608 a Fs(18)83
2624 y FD(As)f(long)i(as)f(the)g(notions)h(of)f(e\016cien)o(t)g(and)h
(feasible)g(computation)h(are)e(su\016cien)o(tly)i(robust)e(and)h(ric)o
(h.)20 b(F)m(or)13 b(example,)i(they)0 2669 y(should)g(b)q(e)e(closed)h
(under)g(v)n(arious)h(functional)g(comp)q(ositions)h(and)d(should)i
(allo)o(w)f(computations)i(suc)o(h)d(as)g(RSA.)952 2795
y FB(24)p eop
%%Page: 25 26
25 25 bop 0 42 a FB(kno)o(wn)11 b(construction)h(is)g(not)e(applicable)
k(for)d(y)o(our)g(purp)q(oses,)h(y)o(ou)f(ma)o(y)g(try)f(to)h(utilize)j
(some)d(of)f(its)i(underlying)0 98 y(ideas)i(when)g(trying)f(to)g
(come-up)h(with)g(an)f(alternativ)o(e)g(solution)i(tailored)f(for)e(y)o
(our)h(o)o(wn)g(purp)q(oses.)20 b(W)l(e)13 b(note)0 154
y(that)e(the)h(underling)h(ideas)g(are)e(at)g(least)h(as)g(lik)o(ely)h
(to)e(app)q(ear)h(in)g(the)g(pro)q(of)g(of)f(securit)o(y)h(as)f(in)i
(the)f(construction)0 211 y(itself.)0 331 y Fz(The)j(c)o(hoice)g(of)f
(assumptions,)g(revisited.)45 b FB(When)13 b(constructing)g(a)f
(solution)h(to)f(a)g(cryptographic)h(prob-)0 387 y(lem)f(one)g(ma)o(y)f
(ha)o(v)o(e)h(a)f(c)o(hoice)i(of)e(whic)o(h)h(building)j(blo)q(c)o(ks)d
(to)f(use)h(\(e.g.,)f(one-w)o(a)o(y)g(functions)i(or)e(pseudorandom)0
444 y(functions\).)19 b(In)14 b(a)e(coarse)g(sense)h(these)g(to)q(ols)f
(ma)o(y)g(lo)q(ok)h(equiv)m(alen)o(t)h(\(e.g.,)e(one)h(exists)g(if)g
(and)f(only)i(if)f(the)f(other)0 500 y(exists\),)j(but)g(when)g
(deciding)i(whic)o(h)f(to)e(use)h(in)h(practice)f(one)g(should)h
(consider)g(the)f(actual)g(lev)o(el)h(of)f(securit)o(y)0
557 y(attributed)f(to)g(eac)o(h)h(of)f(them)g(and)g(the)h(\\cost")e(of)
h(using)h(eac)o(h)g(of)f(them)g(as)g(a)g(building)j(blo)q(c)o(k)e(in)g
(a)f(particular)0 613 y(construction.)24 b(In)18 b(the)e(latter)h(term)
f(\(\\cost"\))f(w)o(e)h(mean)h(the)f(relationship)j(of)d(the)h(securit)
o(y)f(of)h(the)f(building)0 670 y(blo)q(c)o(k)i(to)f(the)g(securit)o(y)
h(of)e(the)i(resulting)g(solution.)27 b(F)l(or)17 b(further)g
(discussion)i(the)e(reader)g(is)h(referred)f(to)g([3)o(,)0
726 y(Sec.)c(1.5].)k Fv(T)m(urning)c(the)g(table)h(ar)n(ound)p
FB(,)f(if)g(w)o(e)f(note)g(that)g(a)g(sp)q(eci\014c)i(primitiv)o(e)g
(pro)o(vides)f(go)q(o)q(d)f(securit)o(y)l(,)h(when)0
783 y(used)i(as)f(a)g(building)i(blo)q(c)o(k)f(in)g(man)o(y)f
(constructions,)g(then)h(this)f(ma)o(y)g(serv)o(e)g(as)g(incen)o(tiv)o
(e)h(to)f(fo)q(cus)g(atten)o(tion)0 839 y(on)j(the)g(implemen)o(tation)
h(of)f(this)g(primitiv)o(e.)27 b(The)17 b(last)g(statemen)o(t)f(should)
i(b)q(e)g(understo)q(o)q(d)f(b)q(oth)g(as)g(refer-)0
895 y(ring)g(to)f(the)h(theory)f(and)h(practice)g(of)f(cryptograph)o(y)
l(.)24 b(F)l(or)16 b(example,)h(it)g(is)g(our)g(opinion)h(that)e(the)g
(industry)0 952 y(should)f(fo)q(cus)e(on)h(constructing)g
(\014xed-length-k)o(ey)h(pseudorandom)f(functions)h(rather)e(than)g(on)
h(constructing)0 1008 y(\014xed-length-k)o(ey)j(pseudorandom)e(p)q(erm)
o(utations)g(\(or,)f(equiv)m(alen)o(tly)l(,)k(priv)m(ate-k)o(ey)e(blo)q
(c)o(k)g(ciphers\).)1784 992 y Ft(19)0 1128 y Fz(Securit)o(y)k(as)h(a)g
(quan)o(tit)o(y)f(rather)g(than)i(a)f(qualit)o(y)l(.)45
b FB(F)l(rom)17 b(the)h(ab)q(o)o(v)o(e)f(it)h(should)h(b)q(e)g(clear)f
(that)f(our)0 1185 y(notions)d(of)f(securit)o(y)i(are)e(quan)o(titativ)
o(e)h(in)h(nature.)k(They)14 b(refers)g(to)f(the)h(minimal)h(amoun)o(t)
f(of)f(w)o(ork)g(required)0 1241 y(to)j(break)h(the)f(system)g(\(as)g
(a)h(function)g(of)f(the)h(securit)o(y)g(parameter\).)23
b(Th)o(us)17 b(alternativ)o(e)g(constructions)g(for)0
1298 y(the)h(same)g(task)f(ma)o(y)h(\(and)g(need)g(to\))g(b)q(e)g
(compared)g(based)h(on)f(the)g(securit)o(y)g(they)g(pro)o(vide.)29
b(This)19 b(can)f(b)q(e)0 1354 y(done)e(whenev)o(er)f(the)g(underlying)
j(assumption)d(are)g(compareable.)0 1474 y Fz(\\T)l(o)q(o)i(cautious")g
(de\014nitions.)46 b FB(As)14 b(stated)e(in)j(Sections)f(5)f(and)h(6,)f
(our)g(de\014nitions)j(seem)d(\\to)q(o)g(cautious")0
1531 y(in)21 b(the)e(sense)i(that)e(they)h(also)f(imply)i(things)g
(whic)o(h)f(ma)o(y)f(not)h(matter)e(in)j(practice.)34
b(This)21 b(is)f(an)g(artifact)0 1587 y(of)e(our)h(approac)o(h)f(to)g
(securit)o(y)h(whic)o(h)h(requires)f(that)f(the)h(adv)o(ersary)f(gains)
h Fv(nothing)f FB(\(rather)f(than)i(\\gains)0 1644 y(nothing)c(w)o(e)f
(care)g(ab)q(out"\))g(b)o(y)g(its)h(malicious)g(actions.)20
b(W)l(e)15 b(stress)e(t)o(w)o(o)g(adv)m(an)o(tages)h(of)g(our)g
(approac)o(h.)19 b(First)0 1700 y(it)c(yields)i(application-indep)r
(ende)q(n)o(t)g(notions)e(of)g(securit)o(y)g(\(since)h(the)f(notion)h
(of)e(a)h(\\gain)g(w)o(e)g(care)g(ab)q(out")f(is)0 1757
y(application-dep)q(end)q(en)o(t\).)29 b(Secondly)l(,)20
b(ev)o(en)e(when)g(ha)o(ving)g(a)g(sp)q(eci\014c)h(application)h(in)e
(mind,)h(it)f(is)g(close)h(to)0 1813 y(imp)q(ossible)g(to)e(come-up)g
(with)g(a)g(precise)h(c)o(haracterization)f(of)g(the)g(set)g(of)f
(\\gains)h(w)o(e)g(care)g(ab)q(out".)24 b(Th)o(us,)0
1870 y(ev)o(en)14 b(in)g(the)g(latter)f(case,)g(our)g(approac)o(h)h(of)
f(depriving)i(the)e(adv)o(ersary)g(from)g Fv(any)g FB(gain)h(seems)f
(to)g(b)q(e)h(the)g(b)q(est)0 1926 y(w)o(a)o(y)g(to)h(go.)0
2046 y Fz(On)21 b(\\Pro)o(v)m(able)f(Securit)o(y".)46
b FB(Some)18 b(of)f(the)h(pap)q(ers)h(discussed)g(in)g(this)f(essa)o(y)
g(use)g(the)g(term)f(\\pro)o(v)m(able)0 2102 y(securit)o(y".)h(The)11
b(term)f(is)h(supp)q(osed)h(to)e(re\015ect)g(the)h(fact)f(that)g(these)
g(pap)q(ers)h(only)g(mak)o(e)f(w)o(ell-de\014ned)j(tec)o(hnical)0
2159 y(claims)j(and)g(that)e(pro)q(ofs)h(of)g(these)g(claims)i(are)d
(giv)o(en)i(or)f(kno)o(wn)g(to)g(the)g(authors.)k(Sp)q(eci\014call)q(y)
l(,)f(whenev)o(er)d(a)0 2215 y(term)c(suc)o(h)g(as)g(\\securit)o(y")g
(is)g(used,)h(the)g(pap)q(er)f(o\013ers)f(or)h(refers)g(to)f(a)h
(rigorous)g(de\014nition)h(of)f(the)g(term)g(\(and)g(the)0
2272 y(authors)h(wish)i(to)e(stress)h(this)g(fact)g(in)h(con)o(trast)e
(to)g(prior)h(pap)q(ers)h(where)f(the)g(term)g(w)o(as)f(used)h(as)g(an)
g(unde\014ned)0 2328 y(in)o(tuitiv)o(e)20 b(phrase\).)29
b(W)l(e)19 b(p)q(ersonally)g(ob)s(ject)f(to)g(this)h(terminology)g
(since)g(it)g(suggests)f(the)g(p)q(ossibilit)o(y)j(that)0
2385 y(there)d(can)h(b)q(e)g(tec)o(hnical)g(claims)587
2368 y Ft(20)642 2385 y FB(whic)o(h)g(are)f(w)o(ell-de\014ned)i(and)f
(others)f(whic)o(h)h(are)f(not,)g(and)g(among)g(the)0
2441 y(former)f(some)g(can)g(b)q(e)h(stated)f(ev)o(en)h(when)f(no)h
(pro)q(of)f(is)h(kno)o(wn.)26 b(This)17 b(view)h(is)g(wrong:)24
b(A)17 b(tec)o(hnical)i(claim)0 2498 y(m)o(ust)c(alw)o(a)o(ys)g(b)q(e)h
(w)o(ell-de\014ned,)i(and)d(it)h(m)o(ust)f(alw)o(a)o(ys)g(ha)o(v)o(e)g
(a)g(pro)q(of)h(\(otherwise)f(it)h(is)g(a)f(conjecture)h({)f(not)g(a)p
0 2540 780 2 v 37 2567 a Fs(19)82 2583 y FD(Not)e(to)g(men)o(tion)h
(that)f(the)g(latter)h(can)f(b)q(e)g(e\016cien)o(tly)i(constructed)g
(from)d(the)h(former)g([124)q(,)f(138)q(].)37 2612 y
Fs(20)82 2628 y FD(W)m(e)h(refer)g(to)g(theorems,)g(lemmas,)h(prop)q
(ositions)i(and)d(suc)o(h.)952 2795 y FB(25)p eop
%%Page: 26 27
26 26 bop 0 42 a FB(claim\).)22 b(There)16 b(is)g(ro)q(om)f(for)g
(non-tec)o(hnical)j(claims,)e(but)g(these)g(claims)g(should)h(b)q(e)f
(stated)f(as)h(opinions)h(and)0 98 y(suc)o(h.)j(In)14
b(particular,)g(a)f(tec)o(hnical)h(claim)h(referring)e(to)g(securit)o
(y)h(m)o(ust)f(alw)o(a)o(ys)f(refer)h(to)g(a)g(rigorous)g(de\014nition)
0 154 y(of)18 b(securit)o(y)g(and)g(the)g(p)q(erson)g(making)h(this)f
(claim)h(m)o(ust)e(alw)o(a)o(ys)h(kno)o(w)f(a)h(pro)q(of)f(\(or)g
(state)h(the)g(claim)h(as)e(a)0 211 y(conjecture\).)0
331 y Fz(Still,)j(do)f(consider)g(sp)q(eci\014c)h(attac)o(k)g
FB(\(but)c(as)g(a)g(last)g(resort\))p Fz(.)44 b FB(W)l(e)16
b(do)g(realize)i(that)e(sometimes)g(one)g(is)0 387 y(faced)i(with)f(a)g
(situation)h(where)f(all)i(the)e(paradigms)g(describ)q(ed)j(ab)q(o)o(v)
o(e)c(o\013er)h(no)g(help.)28 b(A)17 b(t)o(ypical)h(example)0
444 y(o)q(ccurs)g(when)g(designing)i(an)d(\\atomic")h(cryptographic)g
(primitiv)o(e)h(\(e.g.,)e(a)g(one-w)o(a)o(y)g(function\).)28
b(The)18 b(\014rst)0 500 y(thing)i(w)o(e)f(suggest)f(in)i(suc)o(h)g(a)e
(case)i(is)f(to)g(form)o(ulate)f(precise)j(sp)q
(eci\014cations/assumptions)g(regarding)e(the)0 557 y(securit)o(y)e(of)
g(this)g(primitiv)o(e.)27 b(Once)18 b(this)g(is)f(done,)h(one)f(ma)o(y)
f(need)i(to)e(turn)h(to)g(ad-ho)q(c)g(metho)q(ds)h(for)e(trying)0
613 y(to)i(test)g(these)h(assumptions)g(\(i.e.,)g(if)g(the)f(kno)o(wn)h
(attac)o(k)e(sc)o(hemes)i(fail)h(then)e(one)h(gains)g(some)f
(con\014dence)0 670 y(in)g(the)f(v)m(alidit)o(y)h(of)e(the)h
(assumptions\).)25 b(F)l(or)16 b(example,)i(if)f(w)o(e)g(w)o(ere)f(to)g
(in)o(v)o(en)o(t)h(RSA)h(to)q(da)o(y)e(then)h(w)o(e)g(w)o(ould)0
726 y(ha)o(v)o(e)f(p)q(ostulated)h(that)f(it)h(is)g(a)g(trap)q(do)q(or)
f(p)q(erm)o(utation.)24 b(T)l(o)16 b(ev)m(aluate)i(the)e(v)m(alidit)o
(y)j(of)d(our)g(conjecture,)h(w)o(e)0 783 y(w)o(ould)h(ha)o(v)o(e)g
(noted)f(\(as)h(Riv)o(est,)g(Shamir)h(and)f(Adleman)g(did)h(in)g([156)o
(,)f(Sec.)g(IX]\))f(that)g(kno)o(wn)h(algorithms)0 839
y(for)c(factoring)f(are)h(infeasible)j(for)c(reasonable)i(v)m(alues)g
(of)f(the)g(securit)o(y)h(parameter,)e(and)i(that)e(there)h(seems)h(to)
0 895 y(b)q(e)h(no)f(other)g(w)o(a)o(y)f(to)h(in)o(v)o(ert)g(the)g
(function.)0 1017 y Fy(8.2)56 b(Sp)r(eci\014c)17 b(notes)0
1103 y FB(This)g(essa)o(y)f(can)g(not)g(p)q(ossibly)i(co)o(v)o(er)d
(all)j(go)q(o)q(d)e(w)o(ork)f(done)i(in)g(Cryptograph)o(y)l(,)e(not)h
(ev)o(en)h(all)g(go)q(o)q(d)f(w)o(ork)f(of)0 1159 y(theoretical)f
(\015a)o(v)o(or,)e(and)h(not)f(ev)o(en)i(all)g(theoretical)f(w)o(ork)f
(whic)o(h)i(in)o(terests)f(the)g(author.)19 b(W)l(e)13
b(ha)o(v)o(e)f(fo)q(cused)i(on)0 1216 y(one)g(fundamen)o(tal)g(researc)
o(h)f(direction)i({)e(the)h(attempt)f(to)g(turn)g(Cryptograph)o(y)g
(from)g(an)g(art)g(in)o(to)g(a)h(science.)0 1272 y(F)l(urthermore,)20
b(within)h(this)f(direction)i(w)o(e)d(ha)o(v)o(e)g(preferred)i(to)e
(concen)o(trate)g(on)h(the)g(basics,)h(and)f(ga)o(v)o(e-up)0
1329 y(on)d(man)o(y)g(imp)q(ortan)o(t)g(dev)o(elopmen)o(ts)i(whic)o(h)f
(go)f(b)q(ey)o(ond)h(the)f(basics.)28 b(Whenev)o(er)17
b(suc)o(h)h(dev)o(elopmen)o(ts)g(are)0 1385 y(men)o(tioned)d(it)g(is)g
(t)o(ypically)h(in)f(order)g(to)f(demonstrate)f(a)i(basic)g(paradigm.)k
(Th)o(us,)c(the)f(c)o(hoice)i(of)e(material)g(is)0 1442
y(go)o(v)o(erned)i(b)o(y)g(its)g(relev)m(ance)i(to)d(the)h(curren)o(t)g
(essa)o(y)l(.)22 b(Arguably)17 b(and)f(hop)q(efully)i(this)f(is)f
(correlated)g(with)h(the)0 1498 y(imp)q(ortance)g(of)f(the)h(w)o(ork,)e
(but)i(no)f(tigh)o(t)g(relation)h(w)o(as)f(sough)o(t)g(or)g(is)h
(claimed.)25 b(In)17 b(an)f(attempt)g(to)f(redeem)0 1555
y(some)g(of)g(the)g(omissions)h(done)f(ab)q(o)o(v)o(e,)g(w)o(e)g
(shortly)g(discuss)h(some)f(topics)h(whic)o(h)g(w)o(ere)e(ignored)i(ab)
q(o)o(v)o(e.)0 1675 y Fz(Information)22 b(theoretic)h(secrecy)l(,)e
(revisited.)46 b FB(As)19 b(stated)f(ab)q(o)o(v)o(e,)h(most)f(of)h(Mo)q
(dern)g(Cryptograph)o(y)0 1731 y(only)j(aim)h(at)e(ac)o(hieving)i
(computational)f(secrecy)h({)e(and)i(do)q(es)f(so)f(for)h(a)f(go)q(o)q
(d)h(reason)g(\(as)f(information)0 1788 y(theoretic)16
b(secrecy)g(is)f(unac)o(hiev)m(able)j(in)f(man)o(y)e(settings\).)20
b(Ho)o(w)o(ev)o(er,)14 b(these)h(imp)q(ossibili)q(t)o(y)i(results)f
(hold)g(only)0 1844 y(in)g(case)f(the)g(adv)o(ersary)f(has)h(full)h
(information)f(\(apart)f(from)g(the)h(honest)g(parties)g(secret)g
(inputs)h(and)f(priv)m(ate)0 1901 y(coin)22 b(tosses\).)36
b(F)l(or)20 b(example,)j(information-theoretically)f(secure)g(m)o
(ulti-part)o(y)f(computation)g(is)g(p)q(ossible)0 1957
y(\(and)13 b(in)h(fact)e(feasible\))i(if)g(there)f(are)g(p)q(erfect)g
(priv)m(ate)h(c)o(hannels)g(b)q(et)o(w)o(een)f(eac)o(h)g(pair)h(of)e
(honest)i(users)f([18)o(,)f(45].)0 2013 y(On)18 b(the)f(other)h(hand,)g
(information-theoretically)h(secure)f(priv)m(ate)g(c)o(hannels)g(can)g
(b)q(e)g(implemen)o(ted)h(on)e(top)0 2070 y(of)e(c)o(hannels)h(to)f
(whic)o(h)h(the)f(adv)o(ersary)f(has)h(limited)i(access.)j(Channels)d
(of)d(the)i(latter)f(t)o(yp)q(e)g(include)56 2164 y(1.)22
b Fv(Quantum)c(Channels)h FB(where)e(an)f(adv)o(ersary)g(is)i(prev)o
(en)o(ted)f(from)f(obtaining)h(full)h(information)f(b)o(y)g(the)114
2220 y(la)o(ws)e(of)f(quan)o(tum)h(mec)o(hanics)h(\(cf.,)f([30)o(])g
(and)g(the)g(references)h(therein\).)56 2314 y(2.)22
b(The)e Fv(noisy)g(channel)g(mo)n(del)25 b FB(\(whic)o(h)20
b(generalizes)i(the)e Fv(wir)n(etap)h(channel)e FB(of)h([167)o(]\))f
(where)i(b)q(oth)f(the)114 2370 y(comm)o(unication)c(b)q(et)o(w)o(een)g
(the)g(legitimate)h(parties)f(and)g(the)g(tapping)h(c)o(hannel)g(of)e
(the)h(adv)o(ersary)f(are)114 2427 y(sub)s(jected)g(to)g(noise)h
(\(cf.,)e([125)o(,)g(54])h(and)g(the)g(references)h(therein\).)56
2521 y(3.)22 b(A)16 b(mo)q(del)i(where)e(the)h(adv)o(ersary)e(can)i
(freely)g(tap)f(the)h(comm)o(unication)g(c)o(hannel)h(but)e(is)h
(restricted)g(in)114 2577 y(the)e(amoun)o(t)f(of)h(data)g(it)g(can)g
(store)g(\(cf.,)f([34)o(]\).)952 2795 y(26)p eop
%%Page: 27 28
27 27 bop 0 42 a FB(In)11 b(addition,)h(with)e(resp)q(ect)h(to)e(priv)m
(ate-k)o(ey)i(cryptograph)o(y)e(\(i.e.,)i(b)q(oth)f(encryption)h(and)g
(message-authen)o(tication\),)0 98 y(the)16 b(ab)q(o)o(v)o(emen)o
(tioned)h(imp)q(ossibili)q(t)o(y)h(results)f(ma)o(y)f(b)q(e)h(irrelev)m
(an)o(t)g(in)g(some)f(applications.)25 b(What)16 b(these)g(im-)0
154 y(p)q(ossibilit)o(y)h(results)e(actually)g(establish)h(is)f(that)f
(the)h(priv)m(ate-k)o(eys)h(need)f(to)f(b)q(e)h(at)g(least)f(as)h(long)
g(as)f(the)h(data)0 211 y(to)f(whic)o(h)i(they)e(are)h(applied.)21
b(In)16 b(certain)f(cases,)f(esp)q(ecially)j(giv)o(en)f(curren)o(t)e
(storage)g(tec)o(hnology)l(,)g(using)i(suc)o(h)0 267
y(long)f(priv)m(ate-k)o(eys)h(ma)o(y)f(b)q(e)h(feasible.)0
386 y Fz(Byznatine)25 b(Agreemen)o(t.)44 b FB(The)21
b(general)g(results)g(regarding)g(m)o(ulti-part)o(y)g(computations)f
(surv)o(ey)o(ed)h(in)0 443 y(Section)f(7)e(assume)h(the)g(existence)h
(of)f(a)f Fv(br)n(o)n(adc)n(ast)i(channel)i FB(\(i.e.,)d(a)g(c)o
(hannel)h(on)f(whic)o(h)h(eac)o(h)f(part)o(y)f(ma)o(y)0
499 y(place)23 b(messages)e(whic)o(h)i(ma)o(y)e(b)q(e)h(read)g(b)o(y)g
(all)h(parties)f(and)g(y)o(et)f(cannot)h(b)q(e)g(corrupted)g(b)o(y)g
(an)o(y)g(part)o(y\).)0 556 y(Suc)o(h)g(a)e(c)o(hannel)j(can)e(b)q(e)h
(implemen)o(ted)g(o)o(v)o(er)f(a)f(standard)h(p)q(oin)o(t-to-p)q(oin)o
(t)h(net)o(w)o(ork)e(using)h(a)g(Byzan)o(tine)0 612 y(Agreemen)o(t)h
(proto)q(col)g([146)o(].)41 b(E\016cien)o(t)23 b(Byzan)o(tine)g
(Agreemen)o(t)f(proto)q(cols)g(are)g(kno)o(wn)g(in)h(a)f(v)m(ariet)o(y)
g(of)0 669 y(mo)q(dels.)32 b(In)19 b(the)g(information-theoretic)h(mo)q
(del,)g(w)o(e)f(men)o(tion)g(the)g(deterministic)h(proto)q(cols)f(of)g
([63)o(,)f(164)o(])0 725 y(whic)o(h)j(tolerate)e(malicious)i(b)q(eha)o
(viour)g(of)e Fx(t)i(<)g(m=)p FB(3)e(parties,)h(where)g
Fx(n)g FB(is)h(the)f(total)f(n)o(um)o(b)q(er)h(of)f(parties.)0
782 y(These)e(proto)q(cols)f(op)q(erate)g(in)g Fx(O)q
FB(\()p Fx(t)p FB(\))g(rounds,)g(whic)o(h)h(is)g(optimal)g(\(for)e
(deterministic)j(proto)q(cols\).)k(Assuming)0 838 y(the)c(existence)g
(of)f(priv)m(ate)h(c)o(hannels,)h(a)e(faster)g(\(i.e.,)g(exp)q(ected)i
(constan)o(t)d(n)o(um)o(b)q(er)i(of)f(rounds\))g Fv(r)n(andomize)n(d)0
895 y FB(algorithm)e(tolerating)g(\012\()p Fx(n)p FB(\))g(malicious)i
(parties)e(is)h(kno)o(wn)f([77)o(].)0 1014 y Fz(Threshold)i
(Cryptograph)o(y)l(.)43 b FB(Cryptograph)o(y)13 b(relies)j(on)f(the)f
(user's)g(abilit)o(y)i(to)e(main)o(tain)h(the)f(secrecy)h(of)0
1070 y(its)d(priv)m(ate-k)o(eys.)20 b(Ho)o(w)o(ev)o(er,)11
b(guaran)o(teeing)h(the)g(secrecy)h(of)e(priv)m(ate-k)o(eys)i(in)g
(practice)g(is)f(not)g(easy)l(,)g(esp)q(ecially)0 1127
y(when)j(these)f(k)o(eys)h(b)q(elong)g(to)f(large)g(organizations.)20
b(It)14 b(is)h(th)o(us)f(desirable)i(to)e(replace)h(the)f(single)i
(priv)m(ate-k)o(ey)0 1183 y(b)o(y)d(a)f(set)g(of)g(\\shares")g(so)g
(that)g(the)h(disclosure)h(of)e(a)g Fv(smal)r(l)17 b
FB(subset)c(of)f(shares)g Fv(do)n(es)i(not)g(endanger)j
FB(the)12 b Fv(se)n(curity)0 1239 y FB(of)18 b(the)g(system,)g(whereas)
h(a)f Fv(lar)n(ger)k FB(subset)d(of)f(shares)g Fv(enables)i
FB(the)f Fv(op)n(er)n(ation)i FB(of)d(the)h(system.)28
b(Assuming)0 1296 y(these)12 b(shares)f(are)h(stored)f(at)g(di\013eren)
o(t)h(sites)g(\(and)f(that)g(after)g(set-up)h(time)g(the)g(priv)m
(ate-k)o(ey)g(is)g(nev)o(er)g(a)o(v)m(ailable)0 1352
y(again)17 b(in)i(an)o(y)e(single)h(site\),)g(suc)o(h)f(a)h(sc)o(heme)f
(ma)o(y)g(enhance)h(securit)o(y)g(as)f(it)h(seems)f(harder)g(to)g(p)q
(enetrate)h(to)0 1409 y(sev)o(eral)f(sites)h(than)f(to)f(one.)26
b(The)18 b(securit)o(y)f(and)h(op)q(eration)f(of)g(suc)o(h)g(a)g
(distributed)i(cryptographic)e(system)0 1465 y(falls)h(within)h(the)e
(domain)h(of)f(general)h(m)o(ulti-part)o(y)f(computation,)h(and)f(th)o
(us)g(is)h(solv)m(able)h(in)f(principle)i([98)o(,)0 1522
y(18)o(,)f(45)o(].)148 1505 y Ft(21)214 1522 y FB(Ho)o(w)o(ev)o(er,)g
(what)f(one)h(desires)h(is)f(e\016cien)o(t)h(solutions,)g(and)f(in)h
(particular)g(ones)f(comparable)g(in)0 1578 y(e\016ciency)e(to)e
(standard)g(\\single)h(priv)m(ate-k)o(ey")g(cryptosystems.)k(Suc)o(h)c
(e\016cien)o(t)g(solutions,)g(called)h Fv(thr)n(eshold)0
1635 y(cryptosystems)p FB(,)d(w)o(ere)h(en)o(visioned)h(in)g([59)o(,)f
(60)o(])g(and)g(pro)o(vided)g(in)h([60)o(,)f(58)o(,)f(85])g(\(and)h
(man)o(y)f(other)h(w)o(orks\).)j(In)0 1691 y(addition)h(to)e(the)i
(conditions)g(informally)g(describ)q(ed)h(ab)q(o)o(v)o(e,)e(it)g(is)g
(desired)i(that)d(the)h(threshold)h(system)e(b)q(e)0
1748 y Fv(r)n(obust)h FB([85)o(])g(and)g Fv(pr)n(o)n(active)g
FB([145)o(,)g(42)o(,)g(111)o(].)28 b(By)19 b Fu(robust)g
FB(w)o(e)f(mean)g(that)f(prop)q(er)h(op)q(eration)h(is)f(guaran)o(teed)
0 1804 y(ev)o(en)h(if)h(some)e(of)h(the)g(sites)g(holding)i(shares)d
(of)h(the)g(priv)m(ate-k)o(ey)h(misb)q(eha)o(v)o(e)f(\(as)g(ma)o(y)f(b)
q(e)h(the)g(case)g(when)0 1860 y(con)o(trolled)g(b)o(y)g(an)f(adv)o
(ersary\).)28 b(By)19 b Fu(p)o(roactive)f FB(w)o(e)h(mean)f(that)g(b)q
(oth)g(securit)o(y)h(and)g(prop)q(er)g(op)q(eration)f(are)0
1917 y(main)o(tained)f(ev)o(en)f(if)g(the)f(adv)o(ersary)g(can,)h
(during)g(the)g(lifetime)h(of)f(the)f(system,)g Fv(gain)i(temp)n(or)n
(ary)g(c)n(ontr)n(ol)f(of)0 1973 y(e)n(ach)g(site)i FB(pro)o(vided)e
(it)g Fv(never)f(c)n(ontr)n(ols)g(simultane)n(ously)h(a)g(lar)n(ge)g
(numb)n(er)g(of)h(sites)p FB(.)0 2092 y Fz(On)d(the)g(Random)g(Oracle)h
(Mo)q(del.)46 b FB(A)12 b(p)q(opular)h(metho)q(dology)f(for)f
(designing)j(cryptographic)e(proto)q(cols)0 2149 y(consists)i(of)f(the)
h(follo)o(wing)g(t)o(w)o(o)f(steps.)19 b(One)14 b(\014rst)g(designs)g
(an)g Fv(ide)n(al)k FB(system)13 b(in)i(whic)o(h)f(all)h(parties)f
(\(including)0 2205 y(the)h(adv)o(ersary\))g(ha)o(v)o(e)g(oracle)g
(access)h(to)f(a)g(truly)g(random)g(function,)h(and)g(pro)o(v)o(es)f
(the)g(securit)o(y)h(of)f(this)h(ideal)0 2262 y(system.)j(Next,)13
b(one)g(replaces)h(the)f(random)g(oracle)h(b)o(y)f(a)f(\\go)q(o)q(d)h
(cryptographic)h(hashing)f(function")h(\(suc)o(h)f(as)0
2318 y(MD5)h(or)g(SHA\),)h(pro)o(viding)h(all)f(parties)g(\(including)j
(the)d(adv)o(ersary\))e(with)j(the)f(succinct)h(description)g(of)f
(this)0 2375 y(function.)20 b(Th)o(us,)12 b(one)g(obtains)h(an)f
Fv(implementation)j FB(of)d(the)g(ideal)i(system)e(in)h(a)e(w)o(orld)i
(where)f(random)g(oracles)0 2431 y(do)h(not)f(exist.)19
b(This)14 b(metho)q(dology)l(,)f(explicitly)i(form)o(ulated)e(in)g([12)
o(],)g(has)f(b)q(een)i(used)f(in)h(man)o(y)e(w)o(orks)g(\(see,)h(for)0
2488 y(example,)k([79)o(,)g(159)o(,)f(15)o(]\).)24 b(Although)17
b(the)f(random)g(oracle)h(metho)q(dology)g(seems)f(to)g(b)q(e)i(useful)
f(in)h(practice,)0 2544 y(it)f(is)g(unclear)h(ho)o(w)e(to)g(put)g(it)h
(on)g(\014rm)f(grounds.)24 b(One)18 b(can)e(indeed)j(mak)o(e)d(clear)h
(statemen)o(ts)e(regarding)i(the)p 0 2582 780 2 v 37
2608 a Fs(21)81 2624 y FD(Suc)o(h)c(a)f(solution)i(w)o(ould)f(use)g(a)f
(standard)h(secret-sharing)h(sc)o(heme,)e(and)h(consists)g(of)f(\\em)o
(ulating")j(the)d(reconstruction)i(and)0 2670 y(usage)g(of)e(the)i
(priv)n(ate-k)o(ey)g(in)g(an)f(ideal)i(trusted)f(part)o(y)m(,)f
(without)g(ha)o(ving)i(the)e(k)o(ey)h(actually)h(reconstructed)f(in)g
(an)o(y)f(site.)952 2795 y FB(27)p eop
%%Page: 28 29
28 28 bop 0 42 a FB(op)q(eration)13 b(of)f(the)g(ideal)i(system,)e(but)
h(it)f(is)h(not)f(clear)h(what)f(happ)q(ens)h(when)g(one)g(replaces)g
(the)g(random)f(oracle)0 98 y(b)o(y)g(a)g(function)i(whic)o(h)f(has)f
(a)g(succinct)i(description)g(a)o(v)m(ailable)g(to)e(all)h(parties.)19
b(What)12 b(one)h(w)o(ould)g(ha)o(v)o(e)f(lik)o(ed)h(is)0
154 y(at)e(least)h(a)g(de\014nition)i(of)e(a)f(class)i(of)e(functions)i
(whic)o(h,)g(when)f(used)h(to)e(replace)i(the)f(random)g(oracle,)h
(main)o(tains)0 211 y(the)k(securit)o(y)f(of)g(the)h(ideal)h(sc)o
(heme.)24 b(Ho)o(w)o(ev)o(er,)15 b(suc)o(h)i(a)f Fv(gener)n(al-purp)n
(ose)j FB(approac)o(h)d(will)i(not)e(w)o(ork:)22 b(There)0
267 y(exist)14 b(secure)h(ideal)g(encryption)g(and)f(signature)g(sc)o
(hemes,)g(whic)o(h)h(do)f(not)g(ha)o(v)o(e)f Fv(any)18
b FB(secure)d(implemen)o(tation)0 324 y(\(cf.,)20 b([39)o(]\).)37
b(Instead,)23 b(w)o(e)e(suggest)f(that)g(one)i(should)g(pro)q(ceed)g(b)
o(y)f(iden)o(tifying)i(useful)f(\(sp)q(ecial-purp)q(ose\))0
380 y(prop)q(erties)15 b(of)e(a)h(random)f(oracle,)h(whic)o(h)h(can)f
(b)q(e)h(also)f(pro)o(vided)g(b)o(y)g(a)g(fully)h(sp)q(eci\014ed)h
(function)f(\(or)e(function)0 437 y(ensem)o(ble\),)j(and)g(so)f(yield)j
(implemen)o(tations)e(of)g(certain)g(useful)g(ideal)i(systems.)i(In)c
(fact,)f(\014rst)g(steps)h(in)h(this)0 493 y(alternativ)o(e)e
(direction)i(ha)o(v)o(e)e(b)q(een)h(takin)f(in)h([36,)e(40].)0
636 y FA(9)67 b(Historical)23 b(P)n(ersp)r(ectiv)n(e)0
738 y FB(W)l(ork)d(done)i(during)f(the)g(1980's)f(pla)o(ys)h(a)g
(dominan)o(t)g(role)g(in)h(our)e(exp)q(osition.)39 b(This)21
b(w)o(ork)f(w)o(as)g(in)i(turn)0 794 y(tremendously)d(in\015uenced)h(b)
o(y)e(previous)g(w)o(ork,)g(but)g(these)g(in\015uences)i(w)o(ere)d(not)
h(stated)f(explicitly)k(ab)q(o)o(v)o(e.)0 851 y(The)c(in\015uence)j(to)
q(ok)c(the)h(form)f(of)h(setting)g(in)o(tuitiv)o(e)i(goals,)d(pro)o
(viding)i(basic)g(tec)o(hniques,)h(and)e(suggesting)0
907 y(p)q(oten)o(tial)c(solutions)g(whic)o(h)g(serv)o(ed)g(as)f(a)g
(basis)h(for)e(constructiv)o(e)i(criticism)h(\(leading)f(to)f(robust)g
(approac)o(hes\).)0 964 y(In)k(this)f(section,)h(w)o(e)f(try)f(to)h
(trace)g(some)g(of)f(these)i(in\015uences.)0 1084 y Fz(Classic)d
(Cryptograph)o(y)l(.)43 b FB(Answ)o(ering)11 b(the)f(fundamen)o(tal)h
(question)g(of)g(classic)g(cryptograph)o(y)f(in)h(a)f(glo)q(om)o(y)0
1140 y(w)o(a)o(y)21 b(\(i.e.,)i(it)f(is)h Fv(imp)n(ossible)h
FB(to)e(design)h(a)e(co)q(de)i(that)e(cannot)h(b)q(e)h(brok)o(en\),)g
(Shannon)f(also)g(suggested)g(a)0 1197 y(mo)q(di\014cation)e(to)e(the)h
(question)g([160)o(]:)26 b(Rather)19 b(than)f(asking)h(whether)g(it)g
(is)g Fv(p)n(ossible)h FB(to)e(break)h(the)g(co)q(de,)0
1253 y(one)f(should)h(ask)f(whether)g(it)h(is)f Fv(fe)n(asible)j
FB(to)c(break)h(it.)29 b(A)18 b(co)q(de)h(should)g(b)q(e)g(considered)g
(go)q(o)q(d)f(if)h(it)f(cannot)0 1310 y(b)q(e)e(brok)o(en)f(when)g(in)o
(v)o(esting)h(w)o(ork)e(whic)o(h)h(is)h(in)g(reasonable)f(prop)q
(ortion)g(to)f(the)h(w)o(ork)f(required)j(of)d(the)h(legal)0
1366 y(parties)g(using)h(the)g(co)q(de.)k(Indeed,)c(this)g(is)g(the)f
(approac)o(h)g(follo)o(w)o(ed)g(b)o(y)h(Mo)q(dern)f(Cryptograph)o(y)l
(.)0 1486 y Fz(New)20 b(Directions)h(in)f(Cryptograph)o(y)l(.)44
b FB(Prosp)q(ects)17 b(of)g(commercial)i(application)g(w)o(ere)e(the)h
(trigger)f(for)0 1543 y(the)d(b)q(eginning)h(of)e(civil)j(in)o(v)o
(estigations)e(of)f(encryption)h(sc)o(hemes.)20 b(The)14
b(DES)f(designed)i(in)f(the)g(early)g(70's)e(has)0 1599
y(adopted)h(the)g(new)f(paradigm:)19 b(It)13 b(is)g(clearly)h
Fv(p)n(ossible)p FB(,)d(but)i(supp)q(osely)h Fv(infe)n(asible)g
FB(to)f(break)f(it.)19 b(F)l(ollo)o(wing)14 b(the)0 1655
y(c)o(hallenge)h(of)e(constructing)h(and)f(analyzing)i(new)f(\(priv)m
(ate-k)o(ey\))f(encryption)i(sc)o(hemes,)e(came)h(new)f(questions)0
1712 y(lik)o(e)21 b(ho)o(w)f(to)f(exc)o(hange)h(k)o(eys)g(o)o(v)o(er)f
(an)h(insecure)i(c)o(hannel)f([126)o(].)34 b(New)20 b(concepts)g(w)o
(ere)g(in)o(v)o(en)o(ted:)30 b Fv(digital)0 1768 y(signatur)n(es)11
b FB(\(cf.,)g(Di\016e)h(and)g(Hellman)h([61])e(and)h(Rabin)h([151)o
(]\),)e Fv(public-key)i(cryptosystems)f FB([61)o(],)g(and)g
Fv(one-way)0 1825 y(functions)e FB([61)o(].)18 b(First)10
b(implemen)o(tations)i(of)e(these)h(concepts)g(w)o(ere)g(suggested)f(b)
o(y)h(Merkle)g(and)g(Hellman)h([130)o(],)0 1881 y(Riv)o(est,)j(Shamir)h
(and)f(Adleman)i([156)n(],)e(and)g(Rabin)i([152)o(].)71
1938 y(Cryptograph)o(y)f(w)o(as)h(explicitly)k(related)d(to)f
(complexit)o(y)i(theory)e(in)i([29)o(,)f(71)o(,)g(121)o(]:)24
b(It)18 b(w)o(as)f(understo)q(o)q(d)0 1994 y(that)c(problems)h(related)
g(to)e(breaking)i(a)f(1-1)g(cryptographic)h(mapping)g(cannot)f(b)q(e)h
Fn(N)7 b(P)t FB(-complete,)14 b(and)f(more)0 2051 y(imp)q(ortan)o(tly)j
(that)f Fn(N)7 b(P)t FB(-hardness)16 b(of)g(the)g(breaking)g(task)f(is)
i(a)e(p)q(o)q(or)h(evidence)i(for)e(cryptographic)g(securit)o(y)l(.)0
2107 y(T)l(ec)o(hniques)i(suc)o(h)g(as)e(\\)p Fx(n)p
FB(-out-of-2)p Fx(n)h FB(v)o(eri\014cation")g([151)o(])f(and)h(secret)g
(sharing)g([161)o(])f(w)o(ere)h(in)o(tro)q(duced)h(\(and)0
2164 y(indeed)f(w)o(ere)e(used)h(extensiv)o(ely)g(in)g(subsequen)o(t)g
(researc)o(h\).)0 2284 y Fz(A)o(t)25 b(the)g(Da)o(wn)g(of)g(a)h(New)e
(Era.)46 b FB(Early)22 b(in)o(v)o(estigations)g(of)f(cryptographic)h
(proto)q(cols)g(rev)o(ealed)h(the)0 2340 y(inadequacy)17
b(of)e(imprecise)j(notions)d(of)h(securit)o(y)g(and)g(the)f(subtleties)
i(in)o(v)o(olv)o(ed)g(in)g(designing)g(cryptographic)0
2396 y(proto)q(cols.)36 b(In)22 b(particular,)g(problems)f(as)g
Fv(c)n(oin)f(tossing)h(over)g(telephone)g FB([21)o(],)g
Fv(exchange)g(of)g(se)n(cr)n(ets)f FB([20)o(],)0 2453
y(and)15 b Fv(Oblivious)h(T)m(r)n(ansfer)d FB(w)o(ere)h(form)o(ulated)h
([153)o(])g(\(cf.,)e([68]\).)19 b(Doubts)14 b(\(raised)h(b)o(y)g
(Lipton\))h(concerning)g(the)0 2509 y(securit)o(y)f(of)f(the)g(\\men)o
(tal)g(p)q(ok)o(er")g(proto)q(col)g(of)g([163)o(])g(led)i(to)d(the)i
(curren)o(t)f(notion)g(of)g(secure)h(encryption,)g(due)0
2566 y(to)i(Goldw)o(asser)f(and)i(Micali)h([104)o(],)e(and)g(to)g
(concepts)h(as)f(computational)g(indistinguishabi)q(li)q(t)o(y)j([104)o
(,)d(168)o(].)0 2622 y(Doubts)f(\(raised)h(b)o(y)f(Fisc)o(her\))g
(concerning)i(the)f(Oblivious)h(T)l(ransfer)e(proto)q(col)h(of)f([153)o
(])g(led)h(to)f(the)g(concept)952 2795 y(28)p eop
%%Page: 29 30
29 29 bop 0 42 a FB(of)14 b(zero-kno)o(wledge)h(\(suggested)f(b)o(y)h
(Goldw)o(asser,)f(Micali,)h(and)g(Rac)o(k)o(o\013)f([105)o(],)g(with)h
(early)f(v)o(ersions)h(date)g(to)0 98 y(Marc)o(h)g(1982\).)71
154 y(A)22 b(formal)h(approac)o(h)f(to)g(the)h(securit)o(y)g(of)f
(cryptographic)h(proto)q(cols)g(w)o(as)f(suggested)h(in)g([64)o(].)42
b(This)0 211 y(approac)o(h)15 b(actually)i(iden)o(ti\014es)h(a)d(sub)q
(class)i(of)e(insecure)j(proto)q(cols)d(\(i.e.,)h(those)f(whic)o(h)i
(can)f(b)q(e)g(brok)o(en)g(via)g(a)0 267 y(syn)o(tactically-restricted)
h(t)o(yp)q(e)f(of)f(attac)o(k\).)20 b(F)l(urthermore,)15
b(it)h(turned)g(out)f(that)g(it)h(is)h(m)o(uc)o(h)e(to)q(o)g
(di\016cult)j(to)0 324 y(test)13 b(whether)h(a)f(proto)q(col)g(is)h
(secure)g([67)o(].)19 b(Recall)c(that,)e(in)i(con)o(trast,)d(our)h
(curren)o(t)g(approac)o(h)g(is)h(to)f(construct)0 380
y(secure)h(proto)q(cols)g(\(alongside)h(with)f(their)g(pro)q(of)f(of)h
(securit)o(y\),)g(and)g(that)f(this)h(approac)o(h)f(is)i
Fv(c)n(omplete)i FB(\(in)d(the)0 437 y(sense)i(that)e(it)i(allo)o(ws)f
(to)g(solv)o(e)g(an)o(y)g(solv)m(able)h(problem\).)0
580 y FA(10)66 b(Tw)n(o)22 b(Suggestions)g(for)g(F)-6
b(uture)24 b(Researc)n(h)0 681 y FB(A)13 b(v)o(ery)g(imp)q(ortan)o(t)g
(direction)i(for)d(future)i(researc)o(h)f(consists)g(of)g(trying)g(to)g
(\\upgrade")g(the)g(utilit)o(y)i(of)d(some)h(of)0 738
y(the)h(constructions)h(men)o(tioned)g(ab)q(o)o(v)o(e.)k(In)c
(particular,)g(w)o(e)f(ha)o(v)o(e)g(men)o(tioned)h(four)f(plausibili)q
(t)o(y)i(results:)k(t)o(w)o(o)0 794 y(referring)11 b(to)f(the)g
(construction)h(of)f(pseudorandom)h(generators)f(and)g(signature)h(sc)o
(hemes)g(and)g(t)o(w)o(o)e(referring)i(to)0 851 y(the)h(construction)h
(of)e(zero-kno)o(wledge)i(pro)q(ofs)f(and)g(m)o(ulti-part)o(y)h(proto)q
(cols.)18 b(F)l(or)12 b(the)g(former)g(t)o(w)o(o)e(results,)j(w)o(e)0
907 y(see)i(no)f(fundamen)o(tal)h(reason)e(wh)o(y)h(the)h(corresp)q
(onding)g(constructions)g(can)f(not)g(b)q(e)h(replaced)g(b)o(y)g
(reasonable)0 964 y(ones)e(\(i.e.,)g(pro)o(viding)h(v)o(ery)f
(e\016cien)o(t)h(constructions)f(of)g(pseudorandom)g(generators)f(and)h
(signature)h(sc)o(hemes)0 1020 y(based)e(on)g Fv(arbitr)n(ary)k
FB(one-w)o(a)o(y)c(functions\).)19 b(F)l(urthermore,)11
b(w)o(e)h(b)q(eliev)o(e)i(that)d(w)o(orking)h(to)o(w)o(ards)e(this)i
(goal)g(ma)o(y)0 1077 y(yield)18 b(new)f(and)g(useful)h(paradigms)f
(\(whic)o(h)g(ma)o(y)f(b)q(e)i(applicable)h(in)f(practice)f(regardless)
g(of)f(these)h(results\).)0 1133 y(As)i(for)g(the)g(latter)g(general)h
(plausibili)q(t)o(y)i(results)d(\(i.e.,)h(the)f(construction)h(of)f
(zero-kno)o(wledge)h(pro)q(ofs)f(and)0 1189 y(m)o(ulti-part)o(y)c
(proto)q(cols\),)f(here)i(there)f(seem)g(to)f(b)q(e)i(little)g(hop)q(e)
g(for)e(a)h(result)g(whic)o(h)h(ma)o(y)e(b)q(oth)h(main)o(tain)h(the)0
1246 y(generalit)o(y)d(of)f(the)g(results)h(in)g([97)o(,)f(169)o(,)g
(98])g(and)g(yield)i(practical)g(solutions)f(for)e(eac)o(h)i(sp)q
(eci\014c)h(task.)k(Ho)o(w)o(ev)o(er,)0 1302 y(w)o(e)h(b)q(eliev)o(e)j
(that)c(there)i(is)g(w)o(ork)e(to)h(b)q(e)h(done)g(to)o(w)o(ards)e(the)
h(dev)o(elopmen)o(t)i(of)e(additional)h(paradigms)g(and)0
1359 y(tec)o(hniques)c(whic)o(h)h(ma)o(y)d(b)q(e)i(useful)g(in)g(the)f
(construction)h(of)f(sc)o(hemes)g(for)g(sp)q(eci\014c)i(tasks.)71
1415 y(Another)g(imp)q(ortan)o(t)h(direction)h(is)f(to)f(pro)o(vide)h
(results)g(and/or)f(dev)o(elop)i(tec)o(hniques)g(for)e(guaran)o(teeing)
0 1472 y(that)c(individuall)q(y-secure)k(proto)q(cols)c(remain)h
(secure)g(when)g(man)o(y)f(copies)h(of)f(them)h(are)f(run)h(in)g
(parallel)h(and,)0 1528 y(furthermore,)f(obliviously)j(of)d(one)h
(another.)20 b(Although)15 b(some)f(negativ)o(e)h(results)g(are)g(kno)o
(wn)f([95)o(],)h(they)f(only)0 1585 y(rule)22 b(out)e(sp)q(eci\014c)j
(approac)o(hes)e(\(suc)o(h)g(as)g(the)g(naiv)o(e)g(false)h(conjecture)f
(that)f Fp(any)h FB(zero-kno)o(wledge)g(pro)q(of)0 1641
y(main)o(tains)16 b(its)f(securit)o(y)h(when)f(executed)h(t)o(wice)g
(in)g(parallel\).)0 1784 y FA(11)66 b(Some)23 b(Suggestions)f(for)g(F)
-6 b(urther)24 b(Reading)0 1886 y FB(The)c(in)o(ten)o(tion)g(of)f
(these)h(suggestions)g(is)g Fp(not)f FB(to)g(pro)o(vide)h(a)f(sc)o
(holarly)h(accoun)o(t)g(of)f(the)g(due)i(credits)f(but)0
1942 y(rather)14 b(to)h(pro)o(vide)g(sources)g(for)g(further)f
(reading.)21 b(Th)o(us,)14 b(our)h(main)g(criteria)h(is)g(the)f
(readabilit)o(y)h(of)e(the)h(text)0 1999 y(\(not)f(its)i(no)o(v)o(elt)o
(y\).)j(The)c(recommendations)h(are)f(arranged)g(b)o(y)g(sub)s(jects.)0
2119 y Fz(One-W)l(a)o(y)22 b(F)l(unctions,)h(Pseudorandom)e(Generators)
h(and)h(Zero-Kno)o(wledge:)45 b FB(F)l(or)18 b(these,)i(our)0
2175 y(fa)o(v)o(orite)14 b(source)i(is)f(our)g(o)o(wn)g(text)g([89)o
(].)0 2295 y Fz(Encryption)21 b(Sc)o(hemes:)44 b FB(A)18
b(go)q(o)q(d)g(motiv)m(ating)h(discussion)h(app)q(ears)e(in)h([104)n
(].)28 b(The)19 b(de\014nitional)h(treat-)0 2352 y(men)o(t)g(in)i([87)o
(,)f(88)o(])f(is)i(the)e(one)h(w)o(e)g(prefer,)h(although)f(it)g(can)g
(b)q(e)g(substan)o(tially)h(simpli\014ed)h(if)f(one)e(adopts)0
2408 y(non-uniform)c(complexit)o(y)g(measures)f(\(as)g(done)h(ab)q(o)o
(v)o(e\).)j(F)l(urther)c(details)i(on)e(the)g(constructions)h(of)f
(public-)0 2465 y(k)o(ey)j(encryption)h(sc)o(hemes)f(\(sk)o(etc)o(hed)g
(ab)q(o)o(v)o(e\))f(can)h(b)q(e)h(found)f(in)h([104)o(,)e(87])g(and)h
([25)o(,)g(1],)g(resp)q(ectiv)o(ely)l(.)30 b(F)l(or)0
2521 y(discussion)21 b(of)d(Non-Malleable)j(Cryptograph)o(y)l(,)d(whic)
o(h)i(actually)g(transcends)f(the)g(domain)g(of)f(encryption,)0
2578 y(see)d([62].)952 2795 y(29)p eop
%%Page: 30 31
30 30 bop 0 42 a Fz(Signature)24 b(Sc)o(hemes:)44 b FB(F)l(or)19
b(a)g(de\014nitional)j(treatmen)o(t)d(of)g Fv(signatur)n(e)h(schemes)j
FB(the)d(reader)g(is)g(referred)0 98 y(to)d([106)o(])h(and)g([148)o(].)
27 b(Easy)18 b(to)f(understand)i(constructions)f(app)q(ear)g(in)h([11)o
(,)e(69,)g(66,)g(51].)27 b(V)l(arian)o(ts)18 b(on)g(the)0
154 y(basic)13 b(mo)q(del)g(are)e(discussed)j(in)f([148)o(])e(and)h(in)
h([44)o(,)f(82,)f(149)o(,)h(117)o(].)19 b(F)l(or)11 b(discussion)j(of)d
Fv(message)i(authentic)n(ation)0 211 y(schemes)h FB(\()p
Fp(ma)o(c)p FB(s\))h(the)g(reader)g(in)h(referred)f(to)g([4)o(].)0
331 y Fz(General)h(Cryptographic)g(Proto)q(cols:)46 b
FB(This)14 b(area)g(is)g(b)q(oth)g(most)f(complex)h(and)g(most)f(lac)o
(king)i(of)e(go)q(o)q(d)0 387 y(exp)q(ositions.)22 b(Our)16
b(o)o(wn)e(preference)j(is)f(to)f(refer)g(to)g([35)o(])g(for)g(the)g
(de\014nitions,)i(and)f(to)e([87)o(])h(for)g(the)h(construc-)0
444 y(tions.)25 b(The)17 b(situation)g(will)h(hop)q(efully)h(b)q(e)e
(redeemed)h(in)f([90)o(].)24 b(F)l(or)17 b(a)f(nice)i(but)f(brief)g
(surv)o(ey)l(,)g(the)g(reader)f(is)0 500 y(referred)f(to)g([102)o(].)0
620 y Fz(New)h(Directions:)46 b FB(These)15 b(include)i(Incremen)o(tal)
e(Cryptograph)o(y)e([6,)h(7)o(],)g(Realizing)j(the)d(Random)h(Oracle)0
677 y(Mo)q(del)23 b([36)o(,)f(39)o(,)g(40)o(],)i(Co)q(ercibilit)o(y)g
([38)o(,)e(37)o(],)i(sharing)e(of)g(cryptographic)g(ob)s(jects)g([60)o
(,)g(58)o(,)g(84)o(],)i(Priv)m(ate)0 733 y(Information)15
b(Retriev)m(al)i([48)o(,)e(47)o(,)g(120)o(],)g(Cryptanalysis)g(b)o(y)g
(induced)j(faults)d([27)o(],)f(and)i(man)o(y)e(others.)0
876 y FA(Ac)n(kno)n(wledgmen)n(ts)0 978 y FB(I)i(am)e(most)h(grateful)g
(to)f(Hugo)h(Kra)o(w)o(czyk)g(for)g(carefully)h(reading)g(and)f(commen)
o(ting)g(on)h(an)f(early)g(draft.)71 1034 y(Thanks)f(also)g(to)g(Mihir)
i(Bellare,)f(Gilles)h(Brassard,)e(Christian)h(Cac)o(hin,)g(Ran)g
(Canetti,)f(Ronald)h(Cramer,)0 1091 y(Cyn)o(thia)g(Dw)o(ork,)e(Sha\014)
i(Goldw)o(asser,)f(Moni)h(Naor)f(and)h(Birgit)h(P\014tzmann)f(for)f
(commen)o(ts)g(and)h(corrections)0 1147 y(regarding)g(previous)h(v)o
(ersions.)952 2795 y(30)p eop
%%Page: 31 32
31 31 bop 0 42 a FA(References)45 143 y FB([1])22 b(W.)13
b(Alexi,)i(B.)e(Chor,)g(O.)g(Goldreic)o(h)h(and)g(C.P)l(.)e(Sc)o
(hnorr.)17 b(RSA/Rabin)e(F)l(unctions:)20 b(Certain)13
b(P)o(arts)f(are)116 199 y(As)j(Hard)g(As)h(the)f(Whole.)20
b Fv(SIAM)15 b(Journal)h(on)g(Computing)p FB(,)f(V)l(ol.)h(17,)e(April)
i(1988,)e(pages)h(194{209.)45 293 y([2])22 b(D.)g(Bea)o(v)o(er.)40
b(F)l(oundations)22 b(of)g(Secure)h(In)o(teractiv)o(e)g(Computing.)40
b(In)23 b Fv(Crypto91)p FB(,)i(Springer-V)l(erlag)116
350 y(Lecture)16 b(Notes)f(in)h(Computer)f(Science)i(\(V)l(ol.)e
(576\),)e(pages)i(377{391.)45 444 y([3])22 b(M.)f(Bellare,)j(R.)e
(Canetti)f(and)h(H.)g(Kra)o(w)o(czyk.)38 b(Pseudorandom)22
b(functions)g(Revisited:)35 b(The)21 b(Cas-)116 500 y(cade)e
(Construction)e(and)i(its)f(Concrete)g(Securit)o(y)l(.)29
b(In)19 b Fv(37th)g(IEEE)f(Symp)n(osium)h(on)g(F)m(oundations)f(of)116
556 y(Computer)f(Scienc)n(e)p FB(,)c(pages)i(514{523,)e(1996.)45
650 y([4])22 b(M.)11 b(Bellare,)j(R.)e(Canetti)f(and)h(H.)g(Kra)o(w)o
(czyk.)i(Keying)f(Hash)e(F)l(unctions)i(for)e(Message)g(Authen)o
(tication.)116 707 y(In)16 b Fv(Crypto96)p FB(,)g(Springer)g(Lecture)g
(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e(1109\),)f(pages)h(1{15.)
45 801 y([5])22 b(M.)12 b(Bellare)h(and)g(O.)f(Goldreic)o(h.)k(On)c
(De\014ning)i(Pro)q(ofs)d(of)h(Kno)o(wledge.)k(In)c Fv(Crypto92)p
FB(,)i(Springer-V)l(erlag)116 857 y(Lecture)i(Notes)f(in)h(Computer)f
(Science)i(\(V)l(ol.)e(740\),)e(pages)i(390{420.)45 951
y([6])22 b(M.)12 b(Bellare,)i(O.)f(Goldreic)o(h)h(and)f(S.)f(Goldw)o
(asser.)k(Incremen)o(tal)d(Cryptograph)o(y:)18 b(the)13
b(Case)f(of)g(Hashing)116 1007 y(and)19 b(Signing.)32
b(In)19 b Fv(Crypto94)p FB(,)h(Springer-V)l(erlag)g(Lecture)g(Notes)e
(in)i(Computer)e(Science)j(\(V)l(ol.)e(839\),)116 1064
y(pages)c(216{233,)e(1994.)45 1158 y([7])22 b(M.)16 b(Bellare,)h(O.)f
(Goldreic)o(h)h(and)g(S.)f(Goldw)o(asser.)22 b(Incremen)o(tal)17
b(Cryptograph)o(y)e(and)h(Application)j(to)116 1214 y(Virus)c
(Protection.)j(In)d Fv(27th)i(A)o(CM)d(Symp)n(osium)i(on)f(the)g(The)n
(ory)h(of)f(Computing)p FB(,)g(pages)f(45{56,)e(1995.)45
1308 y([8])22 b(M.)15 b(Bellare,)i(S.)e(Goldw)o(asser)g(and)h(D.)e
(Micciancio.)23 b(\\Pseudo-random")15 b(Num)o(b)q(er)h(Generation)g
(within)116 1364 y(Cryptographic)d(Algorithms:)19 b(the)14
b(DSS)f(Case.)j(In)e Fv(Crypto97)p FB(,)g(Springer)h(Lecture)e(Notes)g
(in)h(Computer)116 1421 y(Science)j(\(V)l(ol.)e(1294\),)f(pages)h
(277{291.)45 1515 y([9])22 b(M.)17 b(Bellare,)h(R.)f(Guerin)h(and)f(P)l
(.)g(Roga)o(w)o(a)o(y)l(.)24 b(X)o(OR)18 b(MA)o(Cs:)23
b(New)17 b(Metho)q(ds)g(for)g(Message)f(Authen)o(ti-)116
1571 y(cation)f(using)g(Finite)g(Pseudorandom)f(F)l(unctions.)19
b(In)c Fv(Crypto95)p FB(,)g(Springer-V)l(erlag)g(Lecture)g(Notes)f(in)
116 1627 y(Computer)h(Science)i(\(V)l(ol.)e(963\),)f(pages)h(15{28.)23
1721 y([10])21 b(M.)15 b(Bellare,)h(J.)f(Kilian)i(and)f(P)l(.)e(Roga)o
(w)o(a)o(y)l(.)19 b(The)c(Securit)o(y)h(of)f(Cipher)h(Blo)q(c)o(k)g
(Chaining.)21 b(In)16 b Fv(Crypto94)p FB(,)116 1778 y(Springer-V)l
(erlag)h(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e
(839\),)f(pages)h(341{358.)23 1871 y([11])21 b(M.)15
b(Bellare)h(and)g(S.)f(Micali.)21 b(Ho)o(w)15 b(to)g(Sign)h(Giv)o(en)g
(An)o(y)f(T)l(rap)q(do)q(or)g(F)l(unction.)21 b Fv(Journal)16
b(of)h(the)f(A)o(CM)p FB(,)116 1928 y(V)l(ol.)g(39,)e(pages)h(214{233,)
e(1992.)23 2022 y([12])21 b(M.)10 b(Bellare)j(and)e(P)l(.)f(Roga)o(w)o
(a)o(y)l(.)i(Random)f(Oracles)h(are)e(Practical:)18 b(a)11
b(P)o(aradigm)f(for)h(Designing)g(E\016cien)o(t)116 2078
y(Proto)q(cols.)i(In)f Fv(1st)h(Conf.)e(on)i(Computer)g(and)g(Communic)
n(ations)f(Se)n(curity)p FB(,)f(A)o(CM,)f(pages)h(62{73,)f(1993.)23
2172 y([13])21 b(M.)g(Bellare)i(and)f(P)l(.)g(Roga)o(w)o(a)o(y)l(.)38
b(En)o(tit)o(y)21 b(Authen)o(tication)i(and)f(Key)g(Distribution.)40
b(In)23 b Fv(Crypto93)p FB(,)116 2228 y(Springer-V)l(erlag)17
b(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e(773\),)f
(pages)h(232{249,)e(1994.)23 2322 y([14])21 b(M.)e(Bellare)i(and)e(P)l
(.)g(Roga)o(w)o(a)o(y)l(.)31 b(Pro)o(v)m(ably)20 b(Secure)g(Session)h
(Key)f(Distribution:)29 b(The)20 b(Three)f(P)o(art)o(y)116
2379 y(Case.)h(In)15 b Fv(27th)j(A)o(CM)d(Symp)n(osium)h(on)g(the)h
(The)n(ory)f(of)g(Computing)p FB(,)f(pages)g(57{66,)e(1995.)23
2473 y([15])21 b(M.)12 b(Bellare)i(and)f(P)l(.)f(Roga)o(w)o(a)o(y)l(.)i
(The)f(Exact)f(Securit)o(y)h(of)g(Digital)g(Signatures:)19
b(Ho)o(w)12 b(to)g(Sign)h(with)g(RSA)116 2529 y(and)i(Rabin.)21
b(In)16 b Fv(Eur)n(oCrypt96)p FB(,)f(Springer)h(Lecture)f(Notes)g(in)h
(Computer)e(Science)j(\(V)l(ol.)e(1070\),)e(pages)116
2585 y(399{416.)952 2795 y(31)p eop
%%Page: 32 33
32 32 bop 23 42 a FB([16])21 b(M.)e(Ben-Or,)i(O.)e(Goldreic)o(h,)i(S.)e
(Goldw)o(asser,)h(J.)f(H)-6 b(\027)-28 b(astad,)20 b(J.)f(Kilian,)j(S.)
d(Micali)i(and)f(P)l(.)f(Roga)o(w)o(a)o(y)l(.)116 98
y(Ev)o(erything)f(Pro)o(v)m(able)g(is)g(Probable)h(in)f(Zero-Kno)o
(wledge.)28 b(In)18 b Fv(Crypto88)p FB(,)h(Springer-V)l(erlag)g
(Lecture)116 154 y(Notes)c(in)h(Computer)f(Science)i(\(V)l(ol.)e
(403\),)f(pages)h(37{56,)e(1990)23 248 y([17])21 b(M.)e(Ben-Or,)j(S.)e
(Goldw)o(asser,)g(J.)g(Kilian)j(and)d(A.)f(Wigderson.)35
b(Multi-Pro)o(v)o(er)20 b(In)o(teractiv)o(e)g(Pro)q(ofs:)116
305 y(Ho)o(w)14 b(to)g(Remo)o(v)o(e)g(In)o(tractabilit)o(y)l(.)20
b(In)15 b Fv(20th)h(A)o(CM)f(Symp)n(osium)g(on)h(the)g(The)n(ory)f(of)h
(Computing)p FB(,)e(pages)116 361 y(113{131,)f(1988.)23
455 y([18])21 b(M.)10 b(Ben-Or,)i(S.)f(Goldw)o(asser)f(and)h(A.)g
(Wigderson.)i(Completeness)e(Theorems)g(for)f(Non-Cryptographic)116
511 y(F)l(ault-T)l(oleran)o(t)17 b(Distributed)g(Computation.)24
b(In)17 b Fv(20th)i(A)o(CM)d(Symp)n(osium)i(on)f(the)h(The)n(ory)f(of)h
(Com-)116 568 y(puting)p FB(,)d(pages)g(1{10,)f(1988.)23
662 y([19])21 b(G.R.)h(Blakley)l(.)41 b(Safeguarding)23
b(Cryptographic)f(Keys.)40 b(In)23 b Fv(Pr)n(o)n(c.)f(of)h(National)f
(Computer)h(Conf.)p FB(,)116 718 y(V)l(ol.)16 b(48,)e(AFIPS)h(Press,)g
(pages)g(313{317,)e(1979.)23 812 y([20])21 b(M.)14 b(Blum.)20
b(Ho)o(w)14 b(to)g(Exc)o(hange)h(Secret)g(Keys.)20 b
Fv(A)o(CM)14 b(T)m(r)n(ans.)h(Comput.)h(Sys.)p FB(,)e(V)l(ol.)h(1,)f
(pages)g(175{193,)116 868 y(1983.)23 962 y([21])21 b(M.)11
b(Blum.)16 b(Coin)c(Flipping)j(b)o(y)d(Phone.)j Fv(IEEE)d(Spring)h
(COMPCOM)p FB(,)c(pages)j(133{137,)f(F)l(ebruary)g(1982.)116
1019 y(See)16 b(also)f Fv(SIGA)o(CT)f(News)p FB(,)h(V)l(ol.)g(15,)f
(No.)h(1,)f(1983.)23 1112 y([22])21 b(L.)c(Blum,)h(M.)e(Blum)h(and)g
(M.)f(Sh)o(ub.)25 b(A)17 b(Simple)i(Secure)e(Unpredictable)i
(Pseudo-Random)f(Num)o(b)q(er)116 1169 y(Generator.)h
Fv(SIAM)c(Journal)h(on)g(Computing)p FB(,)f(V)l(ol.)h(15,)e(1986,)f
(pages)i(364{383.)23 1263 y([23])21 b(M.)16 b(Blum,)i(A.)e(De)h(San)o
(tis,)g(S.)g(Micali,)h(and)f(G.)f(P)o(ersiano.)24 b(Non-In)o(teractiv)o
(e)17 b(Zero-Kno)o(wledge)h(Pro)q(of)116 1319 y(Systems.)k
Fv(SIAM)15 b(Journal)i(on)g(Computing)p FB(,)e(V)l(ol.)h(20,)f(No.)h
(6,)f(pages)h(1084{1118,)d(1991.)20 b(\(Considered)116
1376 y(the)15 b(journal)h(v)o(ersion)f(of)g([24)o(].\))23
1469 y([24])21 b(M.)16 b(Blum,)i(P)l(.)e(F)l(eldman)h(and)g(S.)g
(Micali.)25 b(Non-In)o(teractiv)o(e)18 b(Zero-Kno)o(wledge)f(and)g(its)
f(Applications.)116 1526 y(In)g Fv(20th)h(A)o(CM)e(Symp)n(osium)i(on)f
(the)g(The)n(ory)g(of)h(Computing)p FB(,)d(pages)h(103{112,)e(1988.)19
b(See)d([23)o(].)23 1620 y([25])21 b(M.)12 b(Blum)i(and)f(S.)f(Goldw)o
(asser.)k(An)d(E\016cien)o(t)g(Probabilistic)i(Public-Key)g(Encryption)
f(Sc)o(heme)f(whic)o(h)116 1676 y(hides)21 b(all)f(partial)g
(information.)33 b(In)20 b Fv(Crypto84)p FB(,)h(Lecture)f(Notes)f(in)h
(Computer)f(Science)j(\(V)l(ol.)d(196\))116 1733 y(Springer-V)l(erlag,)
d(pages)f(289{302.)23 1826 y([26])21 b(M.)d(Blum)h(and)g(S.)g(Micali.)
31 b(Ho)o(w)18 b(to)g(Generate)g(Cryptographically)h(Strong)f
(Sequences)i(of)f(Pseudo-)116 1883 y(Random)j(Bits.)38
b Fv(SIAM)20 b(Journal)i(on)f(Computing)p FB(,)i(V)l(ol.)e(13,)h(pages)
f(850{864,)f(1984.)37 b(Preliminary)116 1939 y(v)o(ersion)16
b(in)g Fv(23r)n(d)g(IEEE)g(Symp)n(osium)g(on)g(F)m(oundations)g(of)g
(Computer)h(Scienc)n(e)p FB(,)c(1982.)23 2033 y([27])21
b(D.)10 b(Boneh,)h(R.)g(DeMillo)h(and)e(R.)h(Lipton.)i(On)e(the)f(Imp)q
(ortance)h(of)f(Chec)o(king)h(Cryptographic)f(Proto)q(cols)116
2090 y(for)16 b(F)l(aults.)22 b(In)17 b Fv(Eur)n(oCrypt97)p
FB(,)g(Springer)g(Lecture)f(Notes)g(in)h(Computer)f(Science)i(\(V)l
(ol.)e(1233\),)e(pages)116 2146 y(37{51,)g(1997.)23 2240
y([28])21 b(J.B.)15 b(Bo)o(y)o(ar.)20 b(Inferring)c(Sequences)h(Pro)q
(duced)f(b)o(y)g(Pseudo-Random)g(Num)o(b)q(er)g(Generators.)j
Fv(Journal)116 2296 y(of)e(the)f(A)o(CM)p FB(,)e(V)l(ol.)h(36,)f(pages)
h(129{141,)e(1989.)23 2390 y([29])21 b(G.)e(Brassard.)33
b(A)20 b(Note)g(on)g(the)f(Complexit)o(y)i(of)e(Cryptograph)o(y)l(.)33
b Fv(IEEE)20 b(T)m(r)n(ans.)e(on)j(Inform.)f(Th.)p FB(,)116
2447 y(V)l(ol.)c(25,)e(pages)h(232{233,)e(1979.)23 2540
y([30])21 b(G.)h(Brassard.)42 b(Quan)o(tum)24 b(Information)e(Pro)q
(cessing:)36 b(The)23 b(Go)q(o)q(d,)i(the)e(Bad)g(and)g(the)g(Ugly)l(.)
43 b(In)116 2597 y Fv(Crypto97)p FB(,)16 b(Springer)g(Lecture)g(Notes)e
(in)j(Computer)d(Science)j(\(V)l(ol.)e(1294\),)f(pages)h(337{341.)952
2795 y(32)p eop
%%Page: 33 34
33 33 bop 23 42 a FB([31])21 b(G.)13 b(Brassard,)g(D.)g(Chaum)h(and)g
(C.)f(Cr)o(\023)-21 b(ep)q(eau.)17 b(Minim)o(um)e(Disclosure)f(Pro)q
(ofs)f(of)h(Kno)o(wledge.)k Fv(Journal)116 98 y(of)g(Computer)h(and)e
(System)g(Scienc)n(e)p FB(,)f(V)l(ol.)h(37,)f(No.)g(2,)h(pages)f
(156{189,)f(1988.)24 b(Preliminary)18 b(v)o(ersion)116
154 y(b)o(y)h(Brassard)g(and)g(Cr)o(\023)-21 b(ep)q(eau)18
b(in)i Fv(27th)h(IEEE)e(Symp)n(osium)h(on)f(F)m(oundations)g(of)h
(Computer)h(Scienc)n(e)p FB(,)116 211 y(1986.)23 305
y([32])g(G.)15 b(Brassard)f(and)i(C.)f(Cr)o(\023)-21
b(ep)q(eau.)20 b(Zero-Kno)o(wledge)c(Sim)o(ulation)g(of)f(Bo)q(olean)h
(Circuits.)22 b(In)16 b Fv(Crypto86)p FB(,)116 361 y(Springer-V)l
(erlag)h(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e
(263\),)f(pages)h(223{233,)e(1987.)23 455 y([33])21 b(G.)15
b(Brassard,)f(C.)h(Cr)o(\023)-21 b(ep)q(eau)14 b(and)i(M.)e(Y)l(ung.)21
b(Constan)o(t-Round)15 b(P)o(erfect)g(Zero-Kno)o(wledge)h(Computa-)116
511 y(tionally)h(Con)o(vincing)f(Proto)q(cols.)j Fv(The)n(or)n(etic)n
(al)c(Computer)i(Scienc)n(e)p FB(,)d(V)l(ol.)h(84,)f(pages)h(23{52,)f
(1991.)23 605 y([34])21 b(C.)16 b(Cac)o(hin)h(and)g(U.)f(Maurer.)23
b(Unconditional)18 b(securit)o(y)f(against)f(memory-b)q(ounded)i(adv)o
(ersaries.)23 b(In)116 662 y Fv(Crypto97)p FB(,)16 b(Springer)g
(Lecture)g(Notes)e(in)j(Computer)d(Science)j(\(V)l(ol.)e(1294\),)f
(pages)h(292{306.)23 756 y([35])21 b(R.)g(Canetti.)37
b Fv(Studies)21 b(in)g(Se)n(cur)n(e)f(Multi-Party)i(Computation)h(and)e
(Applic)n(ations)p FB(.)36 b(Ph.D.)20 b(Thesis,)116 812
y(Departmen)o(t)14 b(of)g(Computer)h(Science)h(and)f(Applied)i
(Mathematics,)d(W)l(eizmann)i(Institute)f(of)f(Science,)116
868 y(Reho)o(v)o(ot,)g(Israel,)i(June)g(1995.)116 925
y(Av)m(ailable)i(from)c(from)h Fa(http)d FB(:)g Fx(==)p
Fa(theory)p Fx(:)p Fa(lcs)p Fx(:)p Fa(mit)p Fx(:)p Fa(e)o(du)p
Fx(=)e Fn(\030)j Fa(tcryptol)n Fx(=)p Fa(BOOKS)p Fx(=)p
Fa(ran)c Fn(\000)h Fa(phd)p Fx(:)p Fa(html)o FB(.)23
1019 y([36])21 b(R.)d(Canetti.)28 b(T)l(o)o(w)o(ards)16
b(Realizing)k(Random)e(Oracles:)26 b(Hash)18 b(F)l(unctions)g(that)g
(Hide)g(All)i(P)o(artial)d(In-)116 1075 y(formation.)38
b(In)22 b Fv(Crypto97)p FB(,)h(Springer)f(Lecture)g(Notes)f(in)i
(Computer)d(Science)k(\(V)l(ol.)d(1294\),)g(pages)116
1132 y(455{469.)23 1225 y([37])g(R.)11 b(Canetti,)g(C.)f(Dw)o(ork,)g
(M.)g(Naor)g(and)h(R.)g(Ostro)o(vsky)l(.)h(Deniable)g(Encryption.)i(In)
d Fv(Crypto97)p FB(,)h(Springer)116 1282 y(Lecture)k(Notes)f(in)h
(Computer)f(Science)i(\(V)l(ol.)e(1294\),)e(pages)i(90{104.)23
1376 y([38])21 b(R.)15 b(Canetti)f(and)h(R.)g(Gennaro.)j(Inco)q
(ercible)g(Multipart)o(y)c(Computation.)19 b(In)c Fv(37th)h(IEEE)f
(Symp)n(osium)116 1432 y(on)h(F)m(oundations)g(of)g(Computer)h(Scienc)n
(e)p FB(,)c(pages)i(504{513,)e(1996.)23 1526 y([39])21
b(R.)14 b(Canetti,)g(O.)g(Goldreic)o(h)h(and)f(S.)g(Halevi.)19
b(The)c(Random)f(Oracle)h(Mo)q(del,)f(Revisited.)20 b(T)l(o)14
b(app)q(ear)g(in)116 1582 y Fv(30th)j(A)o(CM)e(Symp)n(osium)i(on)f(the)
g(The)n(ory)g(of)h(Computing)p FB(,)e(1998.)23 1676 y([40])21
b(R.)d(Canetti)g(and)h(D.)e(Micciancio.)30 b(T)l(en)o(tativ)o(e)18
b(title:)27 b(Using)18 b(one-w)o(a)o(y)g(functions)h(to)e(construct)h
(Hash)116 1733 y(F)l(unctions)j(that)e(Hide)i(All)g(P)o(artial)f
(Information.)34 b(T)l(o)20 b(app)q(ear)g(in)h Fv(30th)g(A)o(CM)f(Symp)
n(osium)g(on)h(the)116 1789 y(The)n(ory)16 b(of)h(Computing)p
FB(,)e(1998.)23 1883 y([41])21 b(R.)c(Canetti,)f(S.)h(Halevi)h(and)e
(A.)h(Herzb)q(erg.)24 b(Ho)o(w)16 b(to)g(Main)o(tain)h(Authen)o
(ticated)g(Comm)o(unication)g(in)116 1939 y(the)c(Presence)h(of)f
(Break-Ins.)18 b(In)13 b Fv(16th)j(A)o(CM)d(Symp)n(osium)i(on)f
(Principles)f(of)i(Distribute)n(d)f(Computing)p FB(,)116
1996 y(1997.)23 2090 y([42])21 b(R.)d(Canetti)g(and)g(A.)f(Herzb)q
(erg.)28 b(Main)o(taining)19 b(Securit)o(y)f(in)h(the)f(Presence)g(of)g
(T)l(ransien)o(t)g(F)l(aults.)27 b(In)116 2146 y Fv(Crypto94)p
FB(,)16 b(Springer-V)l(erlag)g(Lecture)g(Notes)f(in)h(Computer)f
(Science)i(\(V)l(ol.)e(839\),)f(pages)h(425{439.)23 2240
y([43])21 b(L.)f(Carter)e(and)i(M.)f(W)l(egman.)33 b(Univ)o(ersal)20
b(Hash)g(F)l(unctions.)33 b Fv(Journal)21 b(of)f(Computer)h(and)g
(System)116 2296 y(Scienc)n(e)p FB(,)13 b(V)l(ol.)j(18,)e(1979,)g
(pages)h(143{154.)23 2390 y([44])21 b(D.)16 b(Chaum.)25
b(Blind)19 b(Signatures)f(for)e(Un)o(traceable)h(P)o(a)o(ymen)o(ts.)24
b(In)18 b Fv(Crypto82)p FB(,)g(Plen)o(um)f(Press,)g(pages)116
2447 y(199{203,)c(1983.)23 2540 y([45])21 b(D.)c(Chaum,)h(C.)f(Cr)o
(\023)-21 b(ep)q(eau)17 b(and)g(I.)h(Damg)-6 b(\027)-28
b(ard.)26 b(Multi-part)o(y)17 b(unconditionally)k(Secure)d(Proto)q
(cols.)26 b(In)116 2597 y Fv(20th)17 b(A)o(CM)e(Symp)n(osium)i(on)f
(the)g(The)n(ory)g(of)h(Computing)p FB(,)e(pages)g(11{19,)e(1988.)952
2795 y(33)p eop
%%Page: 34 35
34 34 bop 23 42 a FB([46])21 b(D.)13 b(Chaum,)g(A.)g(Fiat)g(and)h(M.)f
(Naor.)j(Un)o(traceable)e(Electronic)h(Cash.)h(In)e Fv(Crypto88)p
FB(,)h(Springer-V)l(erlag)116 98 y(Lecture)h(Notes)f(in)h(Computer)f
(Science)i(\(V)l(ol.)e(403\),)e(pages)i(319{327.)23 192
y([47])21 b(B.)i(Chor)f(and)h(N.)f(Gilb)q(oa.)43 b(Computationally)23
b(Priv)m(ate)g(Information)f(Retriev)m(al.)44 b(In)23
b Fv(29th)h(A)o(CM)116 248 y(Symp)n(osium)16 b(on)h(the)f(The)n(ory)g
(of)h(Computing)p FB(,)d(pages)h(304{313,)e(1997.)23
342 y([48])21 b(B.)15 b(Chor,)e(O.)i(Goldreic)o(h,)g(E.)f(Kushilevitz)k
(and)c(M.)g(Sudan,)20 b(Priv)m(ate)15 b(Information)f(Retriev)m(al.)21
b(In)15 b Fv(36th)116 399 y(IEEE)g(Symp)n(osium)i(on)f(F)m(oundations)f
(of)i(Computer)g(Scienc)n(e)p FB(,)c(pages)i(41{50,)e(1995.)23
492 y([49])21 b(B.)14 b(Chor,)f(S.)h(Goldw)o(asser,)f(S.)h(Micali)h
(and)f(B.)g(Aw)o(erbuc)o(h.)k(V)l(eri\014able)e(Secret)e(Sharing)g(and)
g(Ac)o(hieving)116 549 y(Sim)o(ultaneit)o(y)e(in)g(the)f(Presence)h(of)
f(F)l(aults.)i(In)f Fv(26th)h(IEEE)e(Symp)n(osium)i(on)f(F)m
(oundations)g(of)g(Computer)116 605 y(Scienc)n(e)p FB(,)h(pages)i
(383{395,)e(1985.)23 699 y([50])21 b(R.)16 b(Clev)o(e.)21
b(Limits)16 b(on)g(the)f(Securit)o(y)i(of)e(Coin)h(Flips)g(when)g(Half)
g(the)f(Pro)q(cessors)g(are)g(F)l(ault)o(y)l(.)21 b(In)16
b Fv(18th)116 756 y(A)o(CM)f(Symp)n(osium)i(on)f(the)g(The)n(ory)g(of)h
(Computing)p FB(,)e(pages)g(364{369,)d(1986.)23 849 y([51])21
b(R.)15 b(Cramer)e(and)i(I.)f(Damg)-6 b(\027)-28 b(ard.)18
b(New)c(Generation)h(of)e(Secure)j(and)e(Practical)h(RSA-based)h
(Signatures.)116 906 y(In)g Fv(Crypto96)p FB(,)g(Springer)g(Lecture)g
(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e(1109\),)f(pages)h
(173{185.)23 1000 y([52])21 b(R.)c(Cramer)f(and)h(I.)g(Damg)-6
b(\027)-28 b(ard.)24 b(Linear)18 b(Zero-Kno)o(wledge)f({)g(A)g(Note)f
(on)h(E\016cien)o(t)g(Zero-Kno)o(wledge)116 1056 y(Pro)q(ofs)10
b(and)h(Argumen)o(ts.)i(In)e Fv(29th)i(A)o(CM)f(Symp)n(osium)g(on)g
(the)h(The)n(ory)f(of)g(Computing)p FB(,)g(pages)e(436{445,)116
1112 y(1997.)23 1206 y([53])21 b(R.)16 b(Cramer,)f(I.)h(Damg)-6
b(\027)-28 b(ard,)15 b(and)h(T.)f(P)o(edersen.)23 b(E\016cien)o(t)16
b(and)h(pro)o(v)m(able)f(securit)o(y)h(ampli\014cations.)23
b(In)116 1263 y Fv(Pr)n(o)n(c.)17 b(of)h(4th)h(Cambridge)f(Se)n(curity)
f(Pr)n(oto)n(c)n(ols)g(Workshop)p FB(,)h(Springer,)g(Lecture)f(Notes)g
(in)g(Computer)116 1319 y(Science)g(\(V)l(ol.)e(1189\),)f(pages)h
(101{109.)23 1413 y([54])21 b(C.)c(Cr)o(\023)-21 b(ep)q(eau.)26
b(E\016cien)o(t)18 b(Cryptographic)f(Proto)q(cols)g(Based)h(on)f(Noisy)
h(Channels.)27 b(In)19 b Fv(Eur)n(oCrypt97)p FB(,)116
1469 y(Springer,)d(Lecture)g(Notes)f(in)h(Computer)e(Science)j(\(V)l
(ol.)f(1233\),)d(pages)i(306{317.)23 1563 y([55])21 b(I.)f(Damg)-6
b(\027)-28 b(ard.)31 b(Collision)21 b(F)l(ree)e(Hash)h(F)l(unctions)g
(and)f(Public)j(Key)e(Signature)f(Sc)o(hemes.)33 b(In)20
b Fv(Eur)n(o-)116 1620 y(Crypt87)p FB(,)15 b(Springer-V)l(erlag,)i
(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e(304\),)f
(pages)h(203{216.)23 1714 y([56])21 b(I.)c(Damg)-6 b(\027)-28
b(ard.)25 b(A)18 b(Design)g(Principle)h(for)e(Hash)g(F)l(unctions.)27
b(In)18 b Fv(Crypto89)p FB(,)h(Springer-V)l(erlag)f(Lecture)116
1770 y(Notes)d(in)h(Computer)f(Science)i(\(V)l(ol.)e(435\),)f(pages)h
(416{427.)23 1864 y([57])21 b(I.)g(Damg)-6 b(\027)-28
b(ard,)21 b(O.)f(Goldreic)o(h,)j(T.)e(Ok)m(amoto)f(and)h(A.)f
(Wigderson.)37 b(Honest)21 b(V)l(eri\014er)h(vs)f(Dishonest)116
1920 y(V)l(eri\014er)c(in)g(Public)h(Coin)e(Zero-Kno)o(wledge)g(Pro)q
(ofs.)22 b(In)16 b Fv(Crypto95)p FB(,)g(Springer-V)l(erlag)i(Lecture)e
(Notes)116 1977 y(in)g(Computer)f(Science)i(\(V)l(ol.)e(963\),)f(pages)
h(325{338,)e(1995.)23 2071 y([58])21 b(A.)16 b(De-San)o(tis,)h(Y.)f
(Desmedt,)g(Y.)g(F)l(rank)o(el)g(and)h(M.)e(Y)l(ung.)24
b(Ho)o(w)16 b(to)g(Share)g(a)g(F)l(unction)h(Securely)l(.)25
b(In)116 2127 y Fv(26th)17 b(A)o(CM)e(Symp)n(osium)i(on)f(the)g(The)n
(ory)g(of)h(Computing)p FB(,)e(pages)g(522{533,)d(1994.)23
2221 y([59])21 b(Y.)10 b(Desmedt.)j(So)q(ciet)o(y)e(and)g(group)f
(orien)o(ted)h(cryptograph)o(y:)17 b(A)10 b(new)h(concept.)i(In)e
Fv(Crypto87)p FB(,)h(Springer-)116 2277 y(V)l(erlag,)j(Lecture)h(Notes)
f(in)h(Computer)f(Science)i(\(V)l(ol.)e(293\),)f(pages)h(120{127.)23
2371 y([60])21 b(Y.)12 b(Desmedt)h(and)g(Y.)f(F)l(rank)o(el.)k
(Threshold)d(Cryptosystems.)i(In)e Fv(Crypto89)p FB(,)g(Springer-V)l
(erlag)h(Lecture)116 2428 y(Notes)h(in)h(Computer)f(Science)i(\(V)l
(ol.)e(435\),)f(pages)h(307{315.)23 2521 y([61])21 b(W.)11
b(Di\016e,)i(and)e(M.E.)g(Hellman.)k(New)d(Directions)h(in)f
(Cryptograph)o(y)l(.)h Fv(IEEE)f(T)m(r)n(ans.)f(on)i(Info.)g(The)n(ory)
p FB(,)116 2578 y(IT-22)i(\(No)o(v.)f(1976\),)g(pages)h(644{654.)952
2795 y(34)p eop
%%Page: 35 36
35 35 bop 23 42 a FB([62])21 b(D.)15 b(Dolev,)h(C.)f(Dw)o(ork,)f(and)i
(M.)f(Naor.)21 b(Non-Malleable)c(Cryptograph)o(y)l(.)k(In)16
b Fv(23r)n(d)h(A)o(CM)f(Symp)n(osium)116 98 y(on)g(the)h(The)n(ory)f
(of)g(Computing)p FB(,)f(pages)g(542{552,)e(1991.)19
b(F)l(ull)d(v)o(ersion)g(a)o(v)m(ailable)g(from)f(authors.)23
192 y([63])21 b(D.)16 b(Dolev,)h(M.J.)f(Fisc)o(her,)h(R.)f(F)l(o)o
(wler,)h(N.A.)f(Lync)o(h)h(and)g(H.R.)f(Strong.)24 b(An)17
b(e\016cien)o(t)g(algorithm)g(for)116 248 y(Byzan)o(tine)k(Agreemen)o
(t)e(without)g(authen)o(tication.)34 b Fv(Information)20
b(and)g(Contr)n(ol)p FB(,)g(V)l(ol.)f(52\(3\),)g(pages)116
305 y(257{274,)13 b(Marc)o(h)i(1982.)23 399 y([64])21
b(D.)15 b(Dolev)i(and)f(A.C.)f(Y)l(ao.)22 b(On)16 b(the)g(Securit)o(y)h
(of)e(Public-Key)k(Proto)q(cols.)j Fv(IEEE)16 b(T)m(r)n(ans.)f(on)h
(Inform.)116 455 y(The)n(ory)p FB(,)f(V)l(ol.)g(30,)f(No.)h(2,)g(pages)
g(198{208,)d(1983.)23 549 y([65])21 b(C.)e(Dw)o(ork,)g(and)h(M.)f
(Naor.)32 b(Pricing)21 b(via)f(Pro)q(cessing)g(or)f(Com)o(batting)g
(Junk)i(Mail.)33 b(In)21 b Fv(Crypto92)p FB(,)116 605
y(Springer-V)l(erlag)c(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)
l(ol.)e(740\),)f(pages)h(139{147.)23 699 y([66])21 b(C.)d(Dw)o(ork,)h
(and)g(M.)f(Naor.)30 b(An)19 b(E\016cien)o(t)g(Existen)o(tially)i
(Unforgeable)e(Signature)g(Sc)o(heme)h(and)f(its)116
756 y(Application.)j(T)l(o)15 b(app)q(ear)g(in)h Fv(Journal)h(of)f
(Cryptolo)n(gy)p FB(.)k(Preliminary)c(v)o(ersion)g(in)g
Fv(Crypto94)p FB(.)23 849 y([67])21 b(S.)16 b(Ev)o(en)g(and)g(O.)f
(Goldreic)o(h.)23 b(On)16 b(the)g(Securit)o(y)g(of)g(Multi-part)o(y)g
(Ping-P)o(ong)f(Proto)q(cols.)21 b Fv(24th)d(IEEE)116
906 y(Symp)n(osium)e(on)h(F)m(oundations)e(of)h(Computer)h(Scienc)n(e)p
FB(,)d(pages)h(34{39,)e(1983.)23 1000 y([68])21 b(S.)11
b(Ev)o(en,)g(O.)g(Goldreic)o(h,)i(and)e(A.)f(Lemp)q(el.)15
b(A)c(Randomized)h(Proto)q(col)f(for)f(Signing)j(Con)o(tracts.)e
Fv(CA)o(CM)p FB(,)116 1056 y(V)l(ol.)16 b(28,)e(No.)g(6,)h(1985,)f
(pages)h(637{647.)23 1150 y([69])21 b(S.)14 b(Ev)o(en,)g(O.)h(Goldreic)
o(h)g(and)f(S.)h(Micali.)k(On-line/O\013-li)q(ne)e(Digital)e
(signatures.)k Fv(Journal)c(of)h(Cryptol-)116 1206 y(o)n(gy)p
FB(,)f(V)l(ol.)g(9,)g(1996,)e(pages)i(35{67.)23 1300
y([70])21 b(S.)11 b(Ev)o(en,)h(A.L.)e(Selman,)j(and)e(Y.)g(Y)l(acobi.)j
(The)d(Complexit)o(y)h(of)e(Promise)h(Problems)h(with)f(Applications)
116 1357 y(to)k(Public-Key)i(Cryptograph)o(y)l(.)i Fv(Inform.)d(and)g
(Contr)n(ol)p FB(,)e(V)l(ol.)i(61,)e(pages)h(159{173,)e(1984.)23
1450 y([71])21 b(S.)15 b(Ev)o(en)g(and)g(Y.)g(Y)l(acobi.)20
b(Cryptograph)o(y)14 b(and)h(NP-Completeness.)20 b(In)c(pro)q(ceedings)
g(of)f Fv(7th)h(ICALP)p FB(,)116 1507 y(Springer-V)l(erlag)g(Lecture)g
(Notes)e(in)i(Computer)e(Science)j(\(V)l(ol.)d(85\),)g(pages)h
(195{207,)d(1980.)h(See)j([70)o(].)23 1601 y([72])21
b(U.)15 b(F)l(eige,)g(A.)g(Fiat)g(and)g(A.)g(Shamir.)21
b(Zero-Kno)o(wledge)15 b(Pro)q(ofs)g(of)f(Iden)o(tit)o(y)l(.)21
b Fv(Journal)16 b(of)h(Cryptolo)n(gy)p FB(,)116 1657
y(V)l(ol.)f(1,)e(1988,)g(pages)h(77{94.)23 1751 y([73])21
b(U.)12 b(F)l(eige,)i(D.)d(Lapidot,)j(and)e(A.)h(Shamir.)j(Multiple)e
(Non-In)o(teractiv)o(e)f(Zero-Kno)o(wledge)g(Pro)q(ofs)f(Based)116
1807 y(on)j(a)f(Single)i(Random)f(String.)k(In)c Fv(31th)h(IEEE)f(Symp)
n(osium)h(on)f(F)m(oundations)g(of)h(Computer)g(Scienc)n(e)p
FB(,)116 1864 y(pages)f(308{317,)e(1990.)19 b(T)l(o)c(app)q(ear)g(in)h
Fv(SIAM)f(Journal)h(on)g(Computing)p FB(.)23 1958 y([74])21
b(U.)14 b(F)l(eige)g(and)g(A.)g(Shamir.)k(Zero-Kno)o(wledge)c(Pro)q
(ofs)g(of)f(Kno)o(wledge)i(in)g(Tw)o(o)e(Rounds.)18 b(In)d
Fv(Crypto89)p FB(,)116 2014 y(Springer-V)l(erlag)i(Lecture)f(Notes)e
(in)i(Computer)f(Science)i(\(V)l(ol.)e(435\),)f(pages)h(526{544.)23
2108 y([75])21 b(U.)13 b(F)l(eige)h(and)g(A.)f(Shamir.)18
b(Witness)c(Indistinguishabil)q(it)o(y)i(and)e(Witness)g(Hiding)h
(Proto)q(cols.)i(In)d Fv(22nd)116 2164 y(A)o(CM)h(Symp)n(osium)i(on)f
(the)g(The)n(ory)g(of)h(Computing)p FB(,)e(pages)g(416{426,)d(1990.)23
2258 y([76])21 b(P)l(.)14 b(F)l(eldman.)20 b(A)14 b(Practical)h(Sc)o
(heme)g(for)f(Non-in)o(teractiv)o(e)h(V)l(eri\014able)i(Secret)d
(Sharing.)20 b(In)15 b Fv(28th)h(IEEE)116 2315 y(Symp)n(osium)g(on)h(F)
m(oundations)e(of)h(Computer)h(Scienc)n(e)p FB(,)d(pages)h(427{437,)d
(1987.)23 2408 y([77])21 b(P)l(.)h(F)l(eldman)h(and)f(S.)g(Micali.)43
b(An)22 b(optimal)h(probabilistic)h(proto)q(col)e(for)g(sync)o(hronous)
g(Byzan)o(tine)116 2465 y(Agreemen)o(t.)e Fv(SICOMP)p
FB(,)13 b(V)l(ol.)i(26,)f(pages)h(873{933,)e(1997.)23
2559 y([78])21 b(A.)15 b(Fiat.)20 b(Batc)o(h)14 b(RSA.)21
b Fv(Journal)16 b(of)h(Cryptolo)n(gy)p FB(,)d(V)l(ol.)i(10,)e(1997,)g
(pages)h(75{88.)952 2795 y(35)p eop
%%Page: 36 37
36 36 bop 23 42 a FB([79])21 b(A.)12 b(Fiat)f(and)h(A.)f(Shamir.)k(Ho)o
(w)c(to)g(Pro)o(v)o(e)g(Y)l(ourself:)19 b(Practical)12
b(Solution)h(to)e(Iden)o(ti\014cation)i(and)f(Signa-)116
98 y(ture)j(Problems.)21 b(In)15 b Fv(Crypto86)p FB(,)h(Springer-V)l
(erlag)h(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)f
(263\),)116 154 y(pages)f(186{189,)e(1987.)23 247 y([80])21
b(J.B.)14 b(Fisc)o(her)h(and)f(J.)h(Stern.)j(An)d(E\016cien)o(t)f
(Pseudorandom)h(Generator)e(Pro)o(v)m(ably)h(as)g(Secure)h(as)f(Syn-)
116 303 y(drome)i(Deco)q(ding.)21 b(In)16 b Fv(Eur)n(oCrypt96)p
FB(,)h(Springer)f(Lecture)g(Notes)f(in)i(Computer)e(Science)i(\(V)l
(ol.)f(1070\),)116 360 y(pages)f(245{255.)23 452 y([81])21
b(R.)d(Fisc)o(hlin)h(and)f(C.P)l(.)f(Sc)o(hnorr.)26 b(Stronger)17
b(Securit)o(y)i(Pro)q(ofs)d(for)h(RSA)i(and)e(Rabin)i(Bits.)27
b(In)18 b Fv(Eur)n(o-)116 509 y(Crypt97)p FB(,)d(Springer)i(Lecture)e
(Notes)g(in)h(Computer)f(Science)i(\(V)l(ol.)e(1233\),)f(pages)h
(267{279,)d(1997.)23 601 y([82])21 b(M.)e(F)l(ranklin)h(and)g(M.)f(Y)l
(ung.)33 b(Secure)20 b(and)g(E\016cien)o(t)g(O\013-Line)h(Digital)f
(Money)l(.)32 b(In)20 b Fv(20th)h(ICALP)p FB(,)116 658
y(Springer-V)l(erlag)c(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)
l(ol.)e(700\),)f(pages)h(265{276.)23 750 y([83])21 b(A.M.)12
b(F)l(rieze,)i(J.)f(H)-6 b(\027)-28 b(astad,)12 b(R.)h(Kannan,)h(J.C.)e
(Lagarias,)h(and)g(A.)g(Shamir.)k(Reconstructing)d(T)l(runcated)116
806 y(In)o(teger)e(V)l(ariables)h(Satisfying)f(Linear)h(Congruences.)h
Fv(SIAM)e(Journal)h(on)g(Computing)p FB(,)f(V)l(ol.)g(17,)f(pages)116
863 y(262{280,)i(1988.)23 955 y([84])21 b(P)l(.S.)f(Gemmell.)38
b(An)21 b(In)o(tro)q(duction)g(to)f(Threshold)i(Cryptograph)o(y)l(.)35
b(In)21 b Fv(CryptoBytes)p FB(,)h(RSA)f(Lab.,)116 1012
y(V)l(ol.)16 b(2,)e(No.)h(3,)f(1997.)23 1104 y([85])21
b(R.)16 b(Gennaro,)g(S.)g(Jarec)o(ki,)g(H.)g(Kra)o(w)o(czyk,)f(and)h
(T.)g(Rabin.)23 b(Robust)17 b(Threshold)f(DSS)h(Signatures.)22
b(In)116 1161 y Fv(Eur)n(oCrypt96)p FB(,)e(Springer-V)l(erlag,)g
(Lecture)f(Notes)f(in)h(Computer)f(Science)i(\(V)l(ol.)f(1070\),)e
(pages)h(354{)116 1217 y(371.)23 1310 y([86])j(O.)13
b(Goldreic)o(h.)18 b(Tw)o(o)13 b(Remarks)g(Concerning)h(the)g(GMR)f
(Signature)g(Sc)o(heme.)18 b(In)c Fv(Crypto86)p FB(,)g(Springer-)116
1366 y(V)l(erlag)i(Lecture)g(Notes)e(in)i(Computer)f(Science)i(\(V)l
(ol.)e(263\),)f(pages)h(104{110,)e(1987.)23 1458 y([87])21
b(O.)c(Goldreic)o(h.)26 b Fv(L)n(e)n(ctur)n(e)16 b(Notes)i(on)f
(Encryption,)h(Signatur)n(es)e(and)i(Crypto)n(gr)n(aphic)g(Pr)n(oto)n
(c)n(ol)p FB(.)24 b(Spring)116 1515 y(1989.)19 b(Av)m(ailable)e(from)e
Fa(http)d FB(:)g Fx(==)p Fa(theory)p Fx(:)p Fa(lcs)p
Fx(:)p Fa(mit)p Fx(:)p Fa(edu)o Fx(=)e Fn(\030)j Fa(oded)o
Fx(=)p Fa(ln89)p Fx(:)p Fa(html)n FB(.)23 1607 y([88])21
b(O.)13 b(Goldreic)o(h.)k(A)12 b(Uniform)h(Complexit)o(y)g(T)l(reatmen)
o(t)f(of)g(Encryption)i(and)f(Zero-Kno)o(wledge.)j Fv(Journal)116
1664 y(of)h(Cryptolo)n(gy)p FB(,)d(V)l(ol.)i(6,)e(No.)h(1,)f(pages)h
(21{53,)f(1993.)23 1756 y([89])21 b(O.)15 b(Goldreic)o(h.)k
Fv(F)m(oundation)c(of)h(Crypto)n(gr)n(aphy)g({)g(F)m(r)n(agments)e(of)i
(a)f(Bo)n(ok)p FB(.)k(F)l(ebruary)14 b(1995.)k(Av)m(ailable)116
1813 y(from)d Fa(http)d FB(:)g Fx(==)p Fa(theory)p Fx(:)p
Fa(lcs)p Fx(:)p Fa(mit)p Fx(:)p Fa(ed)o(u)p Fx(=)e Fn(\030)j
Fa(oded)o Fx(=)p Fa(frag)p Fx(:)p Fa(html)n FB(.)23 1905
y([90])21 b(O.)15 b(Goldreic)o(h.)21 b Fv(Se)n(cur)n(e)16
b(Multi-Party)g(Computation)p FB(.)21 b(In)16 b(preparation.)23
1998 y([91])21 b(O.)16 b(Goldreic)o(h,)i(S.)e(Goldw)o(asser,)g(and)g
(S.)g(Micali.)25 b(Ho)o(w)16 b(to)g(Construct)f(Random)i(F)l(unctions.)
24 b Fv(Journal)116 2054 y(of)17 b(the)f(A)o(CM)p FB(,)e(V)l(ol.)h(33,)
f(No.)h(4,)g(pages)g(792{807,)d(1986.)23 2146 y([92])21
b(O.)16 b(Goldreic)o(h,)h(S.)f(Goldw)o(asser,)f(and)h(S.)g(Micali.)23
b(On)17 b(the)f(Cryptographic)f(Applications)j(of)e(Random)116
2203 y(F)l(unctions.)g(In)c Fv(Crypto84)p FB(,)h(Springer-V)l(erlag)h
(Lecture)f(Notes)e(in)i(Computer)f(Science)i(\(V)l(ol.)e(263\),)f
(pages)116 2259 y(276{288,)i(1985.)23 2352 y([93])21
b(O.)16 b(Goldreic)o(h,)h(R.)e(Impagliazzo,)i(L.A.)f(Levin,)h(R.)f(V)l
(enk)m(atesan,)g(and)g(D.)f(Zuc)o(k)o(erman.)21 b(Securit)o(y)c(Pre-)
116 2408 y(serving)i(Ampli\014cation)h(of)e(Hardness.)28
b(In)19 b Fv(31st)g(IEEE)f(Symp)n(osium)h(on)g(F)m(oundations)f(of)h
(Computer)116 2465 y(Scienc)n(e)p FB(,)13 b(pages)i(318{326,)e(1990.)23
2557 y([94])21 b(O.)15 b(Goldreic)o(h)g(and)g(A.)g(Kahan.)k(Ho)o(w)14
b(to)g(Construct)g(Constan)o(t-Round)h(Zero-Kno)o(wledge)g(Pro)q(of)f
(Sys-)116 2614 y(tems)g(for)f(NP)l(.)18 b Fv(Journal)d(of)g(Cryptolo)n
(gy)p FB(,)f(V)l(ol.)g(9,)g(No.)f(2,)g(pages)h(167{189,)e(1996.)k
(Preliminary)g(v)o(ersions)116 2670 y(date)f(to)g(1988.)952
2795 y(36)p eop
%%Page: 37 38
37 37 bop 23 42 a FB([95])21 b(O.)h(Goldreic)o(h)g(and)g(H.)f(Kra)o(w)o
(czyk.)38 b(On)22 b(the)g(Comp)q(osition)g(of)f(Zero-Kno)o(wledge)h
(Pro)q(of)f(Systems.)116 98 y Fv(SIAM)15 b(Journal)h(on)g(Computing)p
FB(,)f(V)l(ol.)h(25,)e(No.)h(1,)f(F)l(ebruary)h(1996,)f(pages)h
(169{192.)23 192 y([96])21 b(O.)14 b(Goldreic)o(h)g(and)g(L.A.)f
(Levin.)19 b(Hard-core)13 b(Predicates)h(for)f(an)o(y)g(One-W)l(a)o(y)h
(F)l(unction.)k(In)c Fv(21st)h(A)o(CM)116 248 y(Symp)n(osium)h(on)h
(the)f(The)n(ory)g(of)h(Computing)p FB(,)d(pages)h(25{32,)f(1989.)23
342 y([97])21 b(O.)c(Goldreic)o(h,)h(S.)e(Micali)j(and)e(A.)f
(Wigderson.)25 b(Pro)q(ofs)16 b(that)g(Yield)j(Nothing)e(but)g(their)g
(V)l(alidit)o(y)h(or)116 399 y(All)i(Languages)f(in)h(NP)f(Ha)o(v)o(e)f
(Zero-Kno)o(wledge)i(Pro)q(of)e(Systems.)31 b Fv(Journal)20
b(of)f(the)h(A)o(CM)p FB(,)e(V)l(ol.)h(38,)116 455 y(No.)13
b(1,)g(pages)h(691{729,)d(1991.)17 b(Preliminary)e(v)o(ersion)e(in)i
Fv(27th)h(IEEE)d(Symp)n(osium)i(on)g(F)m(oundations)f(of)116
511 y(Computer)j(Scienc)n(e)p FB(,)c(1986.)23 605 y([98])21
b(O.)14 b(Goldreic)o(h,)g(S.)g(Micali)g(and)g(A.)f(Wigderson.)18
b(Ho)o(w)13 b(to)f(Pla)o(y)i(an)o(y)f(Men)o(tal)h(Game)f({)g(A)g
(Completeness)116 662 y(Theorem)19 b(for)g(Proto)q(cols)g(with)g
(Honest)g(Ma)s(jorit)o(y)l(.)31 b(In)19 b Fv(19th)i(A)o(CM)e(Symp)n
(osium)h(on)g(the)g(The)n(ory)g(of)116 718 y(Computing,)15
b FB(pages)g(218{229,)e(1987.)23 812 y([99])21 b(O.)f(Goldreic)o(h)h
(and)f(Y.)g(Oren.)34 b(De\014nitions)21 b(and)f(Prop)q(erties)g(of)g
(Zero-Kno)o(wledge)g(Pro)q(of)g(Systems.)116 868 y Fv(Journal)c(of)h
(Cryptolo)n(gy)p FB(,)e(V)l(ol.)g(7,)f(No.)h(1,)g(pages)g(1{32,)e
(1994.)0 962 y([100])21 b(O.)e(Goldreic)o(h)i(and)e(R.)h(Ostro)o(vsky)l
(.)31 b(Soft)o(w)o(are)18 b(Protection)h(and)h(Sim)o(ulation)g(on)g
(Oblivious)h(RAMs.)116 1019 y Fv(Journal)16 b(of)h(the)f(A)o(CM)p
FB(,)e(V)l(ol.)i(43,)e(1996,)f(pages)i(431{473.)0 1112
y([101])21 b(O.)e(Goldreic)o(h,)h(A.)e(Sahai,)i(and)f(S.)f(V)l(adhan.)
31 b(Honest-V)l(eri\014er)20 b(Statistical)f(Zero-Kno)o(wledge)g
(equals)116 1169 y(general)d(Statistical)g(Zero-Kno)o(wledge.)k(Man)o
(uscript,)15 b(1997.)0 1263 y([102])21 b(S.)j(Goldw)o(asser.)46
b(F)l(ault)25 b(T)l(oleran)o(t)e(Multi)i(P)o(art)o(y)e(Computations:)38
b(P)o(ast)23 b(and)h(Presen)o(t.)46 b(In)25 b Fv(16th)116
1319 y(A)o(CM)j(Symp)n(osium)g(on)g(Principles)g(of)g(Distribute)n(d)h
(Computing)p FB(,)i(1997.)59 b(Also)29 b(a)o(v)m(ailable)h(from)116
1376 y Fa(http)12 b FB(:)g Fx(==)p Fa(www)p Fx(:)p Fa(cs)p
Fx(:)p Fa(cornell)p Fx(:)p Fa(edu)p Fx(=)p Fa(I)o(nfo)p
Fx(=)p Fa(Pe)o(ople)p Fx(=)p Fa(c)o(handra)p Fx(=)o Fa(podc97)p
Fx(=)o Fa(newPro)o(gram)p Fx(:)p Fa(h)o(tml)m FB(.)0
1469 y([103])21 b(S.)11 b(Goldw)o(asser)g(and)g(L.A.)g(Levin.)j(F)l
(air)e(Computation)e(of)h(General)h(F)l(unctions)f(in)h(Presence)g(of)f
(Immoral)116 1526 y(Ma)s(jorit)o(y)l(.)17 b(In)d Fv(Crypto90)p
FB(,)h(Springer-V)l(erlag)h(Lecture)e(Notes)g(in)h(Computer)e(Science)j
(\(V)l(ol.)e(537\),)f(pages)116 1582 y(77{93.)0 1676
y([104])21 b(S.)f(Goldw)o(asser)e(and)i(S.)g(Micali.)34
b(Probabilistic)21 b(Encryption.)34 b Fv(Journal)20 b(of)g(Computer)h
(and)g(System)116 1733 y(Scienc)n(e)p FB(,)15 b(V)l(ol.)i(28,)e(No.)h
(2,)g(pages)h(270{299,)d(1984.)23 b(Preliminary)17 b(v)o(ersion)g(in)g
Fv(14th)i(A)o(CM)d(Symp)n(osium)116 1789 y(on)g(the)h(The)n(ory)f(of)g
(Computing)p FB(,)f(1982.)0 1883 y([105])21 b(S.)e(Goldw)o(asser,)g(S.)
f(Micali)j(and)e(C.)f(Rac)o(k)o(o\013.)30 b(The)19 b(Kno)o(wledge)h
(Complexit)o(y)f(of)g(In)o(teractiv)o(e)g(Pro)q(of)116
1939 y(Systems.)f Fv(SIAM)c(Journal)h(on)g(Computing)p
FB(,)f(V)l(ol.)h(18,)e(pages)h(186{208,)e(1989.)17 b(Preliminary)f(v)o
(ersion)e(in)116 1996 y Fv(17th)j(A)o(CM)e(Symp)n(osium)i(on)f(the)g
(The)n(ory)g(of)h(Computing)p FB(,)e(1985.)0 2090 y([106])21
b(S.)13 b(Goldw)o(asser,)g(S.)g(Micali,)i(and)e(R.L.)h(Riv)o(est.)j(A)c
(Digital)h(Signature)g(Sc)o(heme)g(Secure)g(Against)g(Adap-)116
2146 y(tiv)o(e)i(Chosen-Message)e(A)o(ttac)o(ks.)19 b
Fv(SIAM)c(Journal)h(on)g(Computing)p FB(,)f(April)i(1988,)c(pages)i
(281{308.)0 2240 y([107])21 b(S.)h(Goldw)o(asser,)g(S.)f(Micali)i(and)f
(P)l(.)f(T)l(ong.)39 b(Wh)o(y)21 b(and)h(Ho)o(w)f(to)g(Establish)i(a)e
(Priv)m(ate)h(Co)q(de)g(in)g(a)116 2296 y(Public)15 b(Net)o(w)o(ork.)g
(In)f Fv(23r)n(d)h(IEEE)f(Symp)n(osium)g(on)g(F)m(oundations)g(of)g
(Computer)i(Scienc)n(e)p FB(,)11 b(1982,)h(pages)116
2353 y(134{144.)0 2447 y([108])21 b(S.)14 b(Goldw)o(asser,)f(S.)h
(Micali)h(and)f(A.C.)f(Y)l(ao.)k(Strong)c(Signature)i(Sc)o(hemes.)j(In)
c Fv(15th)i(A)o(CM)e(Symp)n(osium)116 2503 y(on)i(the)h(The)n(ory)f(of)
g(Computing)p FB(,)f(pages)g(431{439,)e(1983.)952 2795
y(37)p eop
%%Page: 38 39
38 38 bop 0 42 a FB([109])21 b(J.)10 b(H)-6 b(\027)-28
b(astad,)10 b(R.)h(Impagliazzo,)g(L.A.)f(Levin)i(and)e(M.)g(Lub)o(y)l
(.)i(Construction)e(of)g(Pseudorandom)g(Generator)116
98 y(from)g(an)o(y)g(One-W)l(a)o(y)h(F)l(unction.)j(T)l(o)c(app)q(ear)h
(in)g Fv(SIAM)g(Journal)h(on)g(Computing)p FB(.)h(Preliminary)f(v)o
(ersions)116 154 y(b)o(y)e(Impagliazzo)i(et.)e(al.)g(in)h
Fv(21st)h(A)o(CM)e(Symp)n(osium)i(on)g(the)g(The)n(ory)f(of)h
(Computing)f FB(\(1989\))d(and)j(H)-6 b(\027)-28 b(astad)116
211 y(in)16 b Fv(22nd)h(A)o(CM)e(Symp)n(osium)h(on)g(the)h(The)n(ory)f
(of)g(Computing)f FB(\(1990\).)0 305 y([110])21 b(J.)d(H)-6
b(\027)-28 b(astad,)19 b(A.)f(Sc)o(hrift)g(and)h(A.)f(Shamir.)29
b(The)19 b(Discrete)g(Logarithm)f(Mo)q(dulo)g(a)h(Comp)q(osite)f(Hides)
116 361 y Fx(O)q FB(\()p Fx(n)p FB(\))d(Bits.)20 b Fv(Journal)c(of)h
(Computer)g(and)f(System)g(Scienc)n(e)p FB(,)d(V)l(ol.)i(47,)g(pages)g
(376{404,)d(1993.)0 455 y([111])21 b(A.)14 b(Herzb)q(erg,)h(M.)e(Jak)o
(obsson,)h(S.)g(Jarec)o(ki,)g(H.)g(Kra)o(w)o(czyk)g(and)g(M.)g(Y)l
(ung.)19 b(Proactiv)o(e)13 b(public)k(k)o(ey)d(and)116
511 y(signature)19 b(systems.)30 b(In)19 b Fv(1997)i(A)o(CM)d(Confer)n
(enc)n(e)g(on)h(Computers)h(and)f(Communic)n(ation)h(Se)n(curity)p
FB(,)116 568 y(pages)15 b(100{110,)e(1997.)0 662 y([112])21
b(A.)14 b(Herzb)q(erg,)h(S.)g(Jarec)o(ki,)g(H.)f(Kra)o(w)o(czyk)g(and)h
(M.)f(Y)l(u.)19 b(Proactiv)o(e)14 b(Secret)h(Sharing,)g(or)f(Ho)o(w)g
(to)g(Cop)q(e)116 718 y(with)19 b(P)o(erp)q(etual)g(Leak)m(age.)29
b(In)19 b Fv(Crypto95)p FB(,)g(Springer-V)l(erlag)h(Lecture)e(Notes)g
(in)h(Computer)f(Science)116 775 y(\(V)l(ol.)d(963\),)f(pages)h
(339{352.)0 868 y([113])21 b(R.)15 b(Impagliazzo)h(and)f(M.)f(Lub)o(y)l
(.)20 b(One-W)l(a)o(y)c(F)l(unctions)f(are)g(Essen)o(tial)g(for)f
(Complexit)o(y)i(Based)f(Cryp-)116 925 y(tograph)o(y)l(.)32
b(In)20 b Fv(30th)h(IEEE)e(Symp)n(osium)h(on)g(F)m(oundations)f(of)h
(Computer)h(Scienc)n(e)p FB(,)e(pages)g(230-235,)116
981 y(1989.)0 1075 y([114])i(R.)15 b(Impagliazzo)h(and)f(M.)g(Naor.)j
(E\016cien)o(t)e(Cryptographic)e(Sc)o(hemes)i(Pro)o(v)m(able)f(as)g
(Secure)h(as)e(Subset)116 1132 y(Sum.)20 b Fv(Journal)d(of)f(Cryptolo)n
(gy)p FB(,)f(V)l(ol.)g(9,)g(1996,)e(pages)i(199{216.)0
1225 y([115])21 b(R.)16 b(Impagliazzo)h(and)g(S.)e(Rudic)o(h.)24
b(Limits)18 b(on)d(the)i(Pro)o(v)m(able)f(Consequences)h(of)f(One-W)l
(a)o(y)g(P)o(erm)o(uta-)116 1282 y(tions.)k(In)c Fv(21st)g(A)o(CM)g
(Symp)n(osium)g(on)g(the)g(The)n(ory)g(of)h(Computing)p
FB(,)e(pages)g(44{61,)e(1989.)0 1376 y([116])21 b(R.)15
b(Impagliazzo)g(and)g(M.)f(Y)l(ung.)19 b(Direct)c(Zero-Kno)o(wledge)g
(Computations.)j(In)d Fv(Crypto87)p FB(,)g(Springer-)116
1432 y(V)l(erlag)h(Lecture)g(Notes)e(in)i(Computer)f(Science)i(\(V)l
(ol.)e(293\),)f(pages)h(40{51,)e(1987.)0 1526 y([117])21
b(A.)f(Juels,)i(M.)e(Lub)o(y)h(and)f(R.)g(Ostro)o(vsky)l(.)34
b(Securit)o(y)21 b(of)f(Blind)i(Digital)f(Signatures.)35
b(In)21 b Fv(Crypto97)p FB(,)116 1582 y(Springer)16 b(Lecture)g(Notes)f
(in)h(Computer)f(Science)i(\(V)l(ol.)e(1294\),)e(pages)i(150{164.)0
1676 y([118])21 b(J.)14 b(Kilian.)21 b(A)14 b(Note)g(on)g(E\016cien)o
(t)h(Zero-Kno)o(wledge)g(Pro)q(ofs)e(and)i(Argumen)o(ts.)i(In)e
Fv(24th)h(A)o(CM)f(Symp)n(o-)116 1733 y(sium)i(on)f(the)g(The)n(ory)g
(of)h(Computing)p FB(,)d(pages)h(723{732,)e(1992.)0 1826
y([119])21 b(J.)14 b(Kilian)h(and)f(E.)f(P)o(etrank.)k(An)d(E\016cien)o
(t)g(Non-In)o(teractiv)o(e)g(Zero-Kno)o(wledge)g(Pro)q(of)f(System)g
(for)g(NP)116 1883 y(with)j(General)f(Assumptions.)21
b(T)l(o)15 b(app)q(ear)g(in)h Fv(Journal)g(of)h(Cryptolo)n(gy)p
FB(.)0 1977 y([120])k(E.)16 b(Kushilevitz)j(and)e(R.)f(Ostro)o(vsky)l
(.)23 b(Replication)c(is)d(not)g(Needed:)24 b(A)16 b(Single)i
(Database,)e(Computa-)116 2033 y(tional)g(PIR.)22 b(TR)16
b(CS0906,)e(Departmen)o(t)h(of)g(Computer)g(Science,)i(T)l(ec)o(hnion,)
g(Ma)o(y)e(1997.)k(T)l(o)d(app)q(ear)116 2090 y(in)g
Fv(38th)h(IEEE)f(Symp)n(osium)g(on)g(F)m(oundations)f(of)i(Computer)g
(Scienc)n(e)p FB(,)c(1997.)0 2183 y([121])21 b(A.)15
b(Lemp)q(el.)22 b(Cryptograph)o(y)14 b(in)i(T)l(ransition.)k
Fv(Computing)c(Surveys)p FB(,)f(Dec.)g(1979.)0 2277 y([122])21
b(L.A.)13 b(Levin.)18 b(One-W)l(a)o(y)c(F)l(unction)g(and)g
(Pseudorandom)f(Generators.)j Fv(Combinatoric)n(a)p FB(,)d(V)l(ol.)g
(7,)g(pages)116 2334 y(357{363,)g(1987.)0 2428 y([123])21
b(M.)d(Lub)o(y)l(.)32 b Fv(Pseudor)n(andomness)18 b(and)i(Crypto)n(gr)n
(aphic)g(Applic)n(ations)p FB(.)30 b(Princeton)19 b(Univ)o(ersit)o(y)h
(Press,)116 2484 y(1996.)0 2578 y([124])h(M.)11 b(Lub)o(y)h(and)f(C.)g
(Rac)o(k)o(o\013.)i(Ho)o(w)d(to)h(Construct)g(Pseudorandom)g(P)o(erm)o
(utations)f(from)h(Pseudorandom)116 2634 y(F)l(unctions.)21
b Fv(SIAM)15 b(Journal)h(on)g(Computing)p FB(,)f(V)l(ol.)g(17,)g(1988,)
e(pages)i(373{386.)952 2795 y(38)p eop
%%Page: 39 40
39 39 bop 0 42 a FB([125])21 b(U.)f(Maurer.)36 b(Secret)21
b(k)o(ey)f(agreemen)o(t)g(b)o(y)h(public)h(discussion)h(from)d(common)g
(information.)36 b Fv(IEEE)116 98 y(T)m(r)n(ans.)15 b(on)h(Inform.)f
(Th.)h FB(,)f(V)l(ol.)h(39)e(\(No.)h(3\),)f(pages)h(733{742,)e(Ma)o(y)h
(1993.)0 192 y([126])21 b(R.C.)16 b(Merkle.)23 b(Secure)17
b(Comm)o(unication)g(o)o(v)o(er)e(Insecure)j(Channels.)24
b Fv(CA)o(CM)p FB(,)14 b(V)l(ol.)i(21,)g(No.)f(4,)h(pages)116
248 y(294{299,)d(1978.)0 342 y([127])21 b(R.C.)d(Merkle.)29
b(Proto)q(cols)18 b(for)g(public)i(k)o(ey)f(cryptosystems.)28
b(In)19 b Fv(Pr)n(o)n(c.)f(of)i(the)f(1980)h(Symp)n(osium)f(on)116
399 y(Se)n(curity)d(and)g(Privacy.)0 492 y FB([128])21
b(R.C.)11 b(Merkle.)j(A)d(Digital)h(Signature)g(Based)f(on)g(a)g(Con)o
(v)o(en)o(tional)h(Encryption)g(F)l(unction.)i(In)e Fv(Crypto87)p
FB(,)116 549 y(Springer-V)l(erlag)17 b(Lecture)f(Notes)e(in)i(Computer)
f(Science)i(\(V)l(ol.)e(293\),)f(1987,)g(pages)h(369-378.)0
643 y([129])21 b(R.C.)d(Merkle.)30 b(A)18 b(Certi\014ed)i(Digital)f
(Signature)g(Sc)o(heme.)30 b(In)19 b Fv(Crypto89)p FB(,)g(Springer-V)l
(erlag)h(Lecture)116 699 y(Notes)15 b(in)h(Computer)f(Science)i(\(V)l
(ol.)e(435\),)f(pages)h(218{238.)0 793 y([130])21 b(R.C.)14
b(Merkle)h(and)f(M.E.)g(Hellman.)19 b(Hiding)d(Information)f(and)f
(Signatures)h(in)g(T)l(rap)q(do)q(or)f(Knapsac)o(ks.)116
849 y Fv(IEEE)h(T)m(r)n(ans.)g(Inform.)h(The)n(ory)p
FB(,)e(V)l(ol.)i(24,)e(pages)h(525{530,)e(1978.)0 943
y([131])21 b(S.)e(Micali.)31 b(F)l(air)18 b(Public-Key)j
(Cryptosystems.)29 b(In)19 b Fv(Crypto92)p FB(,)h(Springer-V)l(erlag)g
(Lecture)f(Notes)f(in)116 1000 y(Computer)d(Science)i(\(V)l(ol.)e
(740\),)f(pages)h(113{138.)0 1093 y([132])21 b(S.)14
b(Micali)i(and)e(P)l(.)g(Roga)o(w)o(a)o(y)l(.)i(Secure)f(Computation.)j
(In)c Fv(Crypto91)p FB(,)h(Springer-V)l(erlag)h(Lecture)e(Notes)116
1150 y(in)i(Computer)f(Science)i(\(V)l(ol.)e(576\),)f(pages)h(392{404.)
0 1244 y([133])21 b(National)d(Institute)h(for)e(Standards)g(and)h(T)l
(ec)o(hnology)l(.)29 b Fu(Digital)17 b(Signature)h(Standa)o(rd)h
FB(\()p Fp(dss)p FB(\),)27 b Fv(F)m(e)n(der)n(al)116
1300 y(R)n(e)n(gister)p FB(,)14 b(V)l(ol.)h(56,)g(No.)f(169,)g(August)h
(1991.)0 1394 y([134])21 b(M.)15 b(Naor.)22 b(Bit)17
b(Commitmen)o(t)e(using)i(Pseudorandom)f(Generators.)21
b Fv(Journal)c(of)h(Cryptolo)n(gy)p FB(,)d(V)l(ol.)i(4,)116
1450 y(pages)e(151{158,)e(1991.)0 1544 y([135])21 b(M.)13
b(Naor,)f(R.)i(Ostro)o(vsky)l(,)e(R.)h(V)l(enk)m(atesan)h(and)g(M.)e(Y)
l(ung.)17 b(Zero-Kno)o(wledge)d(Argumen)o(ts)f(for)g(NP)g(can)116
1601 y(b)q(e)i(Based)f(on)f(General)h(Assumptions.)k(In)d
Fv(Crypto92)p FB(,)f(Springer-V)l(erlag)h(Lecture)g(Notes)e(in)h
(Computer)116 1657 y(Science)j(\(V)l(ol.)e(740\),)f(pages)h(196{214.)0
1751 y([136])21 b(M.)e(Naor)g(and)h(B.)g(Pink)m(as.)34
b(Visual)21 b(Authen)o(tication)g(and)e(Iden)o(ti\014cation.)35
b(In)21 b Fv(Crypto97)p FB(,)g(Springer)116 1807 y(Lecture)16
b(Notes)f(in)h(Computer)f(Science)i(\(V)l(ol.)e(1294\),)e(pages)i
(322{336.)0 1901 y([137])21 b(M.)13 b(Naor)g(and)h(O.)g(Reingold.)20
b(Syn)o(thesizers)14 b(and)h(their)f(Application)i(to)d(the)h(P)o
(arallel)h(Construction)e(of)116 1958 y(Pseudo-Random)j(F)l(unctions.)k
(In)15 b Fv(36th)i(IEEE)e(Symp)n(osium)h(on)g(F)m(oundations)f(of)h
(Computer)h(Scienc)n(e)p FB(,)116 2014 y(pages)e(170{181,)e(1995.)0
2108 y([138])21 b(M.)e(Naor)f(and)i(O.)f(Reingold.)34
b(On)20 b(the)g(Construction)f(of)g(Pseudo-Random)h(P)o(erm)o
(utations:)27 b(Lub)o(y-)116 2164 y(Rac)o(k)o(o\013)18
b(Revisited.)32 b(In)19 b Fv(29th)h(A)o(CM)f(Symp)n(osium)g(on)g(the)h
(The)n(ory)f(of)h(Computing)p FB(,)f(pages)f(189{199,)116
2221 y(1997.)0 2315 y([139])j(M.)16 b(Naor)f(and)h(O.)g(Reingold.)25
b(Num)o(b)q(er-theoretic)17 b(constructions)f(of)g(e\016cien)o(t)h
(pseudo-random)f(func-)116 2371 y(tions)c(and)f(other)g(cryptographic)g
(primitiv)o(es.)k(T)l(o)c(app)q(ear)g(in)i Fv(38th)g(IEEE)f(Symp)n
(osium)g(on)h(F)m(oundations)116 2428 y(of)k(Computer)g(Scienc)n(e)p
FB(,)c(1997.)0 2521 y([140])21 b(M.)e(Naor)h(and)g(A.)g(Shamir.)35
b(Visual)21 b(Cryptograph)o(y)l(.)33 b(In)21 b Fv(Eur)n(oCrypt94)p
FB(,)h(Springer-V)l(erlag)f(Lecture)116 2578 y(Notes)15
b(in)h(Computer)f(Science)i(\(V)l(ol.)e(950\),)f(1995,)f(pages)i(1{12.)
952 2795 y(39)p eop
%%Page: 40 41
40 40 bop 0 42 a FB([141])21 b(M.)16 b(Naor)g(and)g(M.)g(Y)l(ung.)g
(Univ)o(ersal)i(One-W)l(a)o(y)f(Hash)f(F)l(unctions)h(and)g(their)g
(Cryptographic)f(Appli-)116 98 y(cation.)f Fv(21st)i(A)o(CM)e(Symp)n
(osium)h(on)g(the)h(The)n(ory)f(of)g(Computing)p FB(,)f(1989,)f(pages)h
(33{43.)0 192 y([142])21 b(M.)15 b(Naor)f(and)h(M.)g(Y)l(ung.)20
b(Public-Key)e(Cryptosystems)c(Pro)o(v)m(ably)h(Secure)h(Against)g
(Chosen)f(Cipher-)116 248 y(text)g(A)o(ttac)o(ks.)j(In)e
Fv(22nd)h(A)o(CM)e(Symp)n(osium)h(on)g(the)h(The)n(ory)f(of)g
(Computing)p FB(,)f(pages)g(427-437,)e(1990.)0 342 y([143])21
b(T.)h(Ok)m(amoto.)41 b(On)23 b(relationships)h(b)q(et)o(w)o(een)f
(statistical)g(zero-kno)o(wledge)g(pro)q(ofs.)41 b(In)23
b Fv(28th)h(A)o(CM)116 399 y(Symp)n(osium)16 b(on)h(the)f(The)n(ory)g
(of)h(Computing)p FB(,)d(pages)h(649{658,)e(1996.)0 492
y([144])21 b(R.)h(Ostro)o(vsky)e(and)i(A.)f(Wigderson.)39
b(One-W)l(a)o(y)22 b(F)l(unctions)g(are)f(essen)o(tial)h(for)f(Non-T)l
(rivial)i(Zero-)116 549 y(Kno)o(wledge.)33 b(In)20 b
Fv(2nd)h(Isr)n(ael)d(Symp.)i(on)g(The)n(ory)g(of)h(Computing)f(and)g
(Systems)e FB(\()p Fv(ISTCS93)p FB(\),)g(IEEE)116 605
y(Computer)d(So)q(ciet)o(y)h(Press,)e(pages)h(3{17,)f(1993.)0
699 y([145])21 b(R.)15 b(Ostro)o(vsky)f(and)h(M.)f(Y)l(ung.)20
b(Ho)o(w)14 b(to)g(Withstand)h(Mobile)h(Virus)g(A)o(ttac)o(ks.)i(In)d
Fv(10th)i(A)o(CM)e(Symp)n(o-)116 756 y(sium)i(on)f(Principles)f(of)h
(Distribute)n(d)g(Computing)p FB(,)f(pages)g(51{59,)f(1991.)0
849 y([146])21 b(M.)13 b(P)o(ease,)f(R.)i(Shostak)e(and)h(L.)h(Lamp)q
(ort.)i(Reac)o(hing)e(agreemen)o(t)e(in)i(the)g(presence)g(of)e
(faults.)17 b Fv(Journal)116 906 y(of)g(the)f(A)o(CM)p
FB(,)e(V)l(ol.)h(27\(2\),)f(pages)h(228{234,)d(1980.)0
1000 y([147])21 b(T.P)l(.)j(P)o(edersen)g(and)h(B.)f(P\014tzmann.)47
b(F)l(ail-Stop)25 b(Signatures.)48 b Fv(SIAM)23 b(Journal)i(on)f
(Computing)p FB(,)116 1056 y(V)l(ol.)e(26/2,)g(pages)g(291{330,)f
(1997.)39 b(Based)22 b(on)g(sev)o(eral)g(earlier)h(w)o(ork)e(\(see)h
(\014rst)f(fo)q(otnote)g(in)i(the)116 1112 y(pap)q(er\).)0
1206 y([148])e(B.)g(P\014tzmann.)37 b Fv(Digital)22 b(Signatur)n(e)f
(Schemes)f FB(\()p Fv(Gener)n(al)h(F)m(r)n(amework)g(and)h(F)m
(ail-Stop)f(Signatur)n(es)p FB(\).)116 1263 y(Springer)16
b(Lecture)g(Notes)f(in)h(Computer)f(Science)i(\(V)l(ol.)e(1100\),)e
(1996.)0 1357 y([149])21 b(B.)e(P\014tzmann)g(and)g(M.)g(W)l(aidner.)32
b(Ho)o(w)18 b(to)g(break)h(and)h(repair)f(a)g(\\pro)o(v)m(ably)g
(secure\\)g(un)o(traceable)116 1413 y(pa)o(ymen)o(t)11
b(system.)j(In)e Fv(Crypto91)p FB(,)h(Springer-V)l(erlag)g(Lecture)g
(Notes)e(in)i(Computer)e(Science)j(\(V)l(ol.)e(576\),)116
1469 y(pages)j(338{350.)0 1563 y([150])21 b(B.)c(P\014tzmann)h(and)f
(M.)g(W)l(aidner.)27 b(Prop)q(erties)18 b(of)e(P)o(a)o(ymen)o(t)h
(Systems:)24 b(General)17 b(De\014nition)i(Sk)o(etc)o(h)116
1620 y(and)c(Classi\014cation.)k(IBM)14 b(Researc)o(h)h(Rep)q(ort)f
(RZ2823)f(\(#90126\),)f(IBM)j(Researc)o(h)f(Division,)i(Zuric)o(h,)116
1676 y(Ma)o(y)e(1996.)0 1770 y([151])21 b(M.O.)c(Rabin.)27
b(Digitalized)19 b(Signatures.)26 b(In)18 b Fv(F)m(oundations)g(of)g
(Se)n(cur)n(e)f(Computation)h FB(\(R.A.)f(DeMillo)116
1826 y(et.)e(al.)g(eds.\),)f(Academic)j(Press,)d(1977.)0
1920 y([152])21 b(M.O.)c(Rabin.)29 b(Digitalized)20 b(Signatures)f(and)
f(Public)h(Key)g(F)l(unctions)g(as)e(In)o(tractable)h(as)g(F)l
(actoring.)116 1977 y(MIT/LCS/TR-212,)c(1979.)0 2071
y([153])21 b(M.O.)d(Rabin.)31 b(Ho)o(w)18 b(to)f(Exc)o(hange)i(Secrets)
g(b)o(y)f(Oblivious)j(T)l(ransfer.)29 b(T)l(ec)o(h.)18
b(Memo)g(TR-81,)h(Aik)o(en)116 2127 y(Computation)c(Lab)q(oratory)l(,)f
(Harv)m(ard)h(U.,)g(1981.)0 2221 y([154])21 b(T.)16 b(Rabin)i(and)f(M.)
e(Ben-Or.)25 b(V)l(eri\014able)19 b(Secret)e(Sharing)g(and)f
(Multi-part)o(y)h(Proto)q(cols)f(with)h(Honest)116 2277
y(Ma)s(jorit)o(y)l(.)i(In)c Fv(21st)i(A)o(CM)e(Symp)n(osium)h(on)g(the)
h(The)n(ory)f(of)g(Computing)p FB(,)f(pages)g(73{85,)f(1989.)0
2371 y([155])21 b(C.)15 b(Rac)o(k)o(o\013)g(and)h(D.R.)f(Simon.)22
b(Non-In)o(teractiv)o(e)16 b(Zero-Kno)o(wledge)g(Pro)q(of)f(of)h(Kno)o
(wledge)g(and)g(Cho-)116 2428 y(sen)21 b(Ciphertext)g(A)o(ttac)o(k.)35
b(In)21 b Fv(Crypto91)p FB(,)h(Springer-V)l(erlag)g(Lecture)f(Notes)g
(in)g(Computer)f(Science)116 2484 y(\(V)l(ol.)15 b(576\),)f(pages)h
(433{444.)0 2578 y([156])21 b(R.)12 b(Riv)o(est,)h(A.)f(Shamir)g(and)h
(L.)f(Adleman.)j(A)e(Metho)q(d)f(for)f(Obtaining)j(Digital)e
(Signatures)h(and)f(Public)116 2634 y(Key)k(Cryptosystems.)i
Fv(CA)o(CM)p FB(,)c(V)l(ol.)h(21,)f(F)l(eb.)h(1978,)f(pages)h(120{126.)
952 2795 y(40)p eop
%%Page: 41 42
41 41 bop 0 42 a FB([157])21 b(J.)c(Romp)q(el.)25 b(One-w)o(a)o(y)16
b(F)l(unctions)i(are)e(Necessary)h(and)f(Su\016cien)o(t)i(for)e(Secure)
h(Signatures.)25 b(In)17 b Fv(22nd)116 98 y(A)o(CM)e(Symp)n(osium)i(on)
f(the)g(The)n(ory)g(of)h(Computing)p FB(,)e(1990,)e(pages)i(387{394.)0
192 y([158])21 b(A.)c(Sahai)h(and)f(S.)g(V)l(adhan.)27
b(A)17 b(Complete)h(Promise)f(Problem)g(for)g(Statistical)h(Zero-Kno)o
(wledge.)26 b(In)116 248 y Fv(38th)17 b(IEEE)f(Symp)n(osium)g(on)g(F)m
(oundations)f(of)i(Computer)g(Scienc)n(e)p FB(,)c(pages)i(448{457,)e
(1997.)0 342 y([159])21 b(C.P)l(.)14 b(Sc)o(hnorr.)19
b(E\016cien)o(t)c(Signature)g(Generation)f(b)o(y)h(Smart)f(Cards.)k
Fv(Journal)e(of)g(Cryptolo)n(gy)p FB(,)e(V)l(ol.)h(4,)116
399 y(pages)g(161{174,)e(1991.)0 492 y([160])21 b(C.E.)12
b(Shannon.)18 b(Comm)o(unication)c(Theory)f(of)g(Secrecy)h(Systems.)j
Fv(Bel)r(l)d(Sys.)f(T)m(e)n(ch.)h(J.)p FB(,)f(V)l(ol.)g(28,)g(pages)116
549 y(656{715,)g(1949.)0 643 y([161])21 b(A.)15 b(Shamir.)20
b(Ho)o(w)15 b(to)f(Share)i(a)f(Secret.)20 b Fv(CA)o(CM)p
FB(,)13 b(V)l(ol.)i(22,)g(No)o(v.)f(1979,)g(pages)h(612{613.)0
736 y([162])21 b(D.)12 b(Simon.)k(Anon)o(ymous)c(Comm)o(unication)h
(and)f(Anon)o(ymous)h(Cash.)i(In)e Fv(Crypto96)p FB(,)g(Springer)g
(Lecture)116 793 y(Notes)i(in)h(Computer)f(Science)i(\(V)l(ol.)e
(1109\),)e(pages)i(61{73.)0 887 y([163])21 b(A.)15 b(Shamir,)g(R.L.)h
(Riv)o(est,)f(and)g(L.)h(Adleman.)k(Men)o(tal)15 b(P)o(ok)o(er.)k
(MIT/LCS)d(Rep)q(ort)f(TM-125,)f(1979.)0 980 y([164])21
b(S.)g(T)l(oueg,)h(K.J.)f(P)o(erry)g(and)g(T.K.)f(Srik)m(an)o(th.)39
b(F)l(ast)20 b(distributed)i(agreemen)o(t.)37 b Fv(SIAM)20
b(Journal)i(on)116 1037 y(Computing)p FB(,)15 b(V)l(ol.)g(16\(3\),)f
(pages)h(445{457,)e(1987.)0 1131 y([165])21 b(U.V.)14
b(V)l(azirani)i(and)e(V.V.)g(V)l(azirani.)20 b(E\016cien)o(t)15
b(and)g(Secure)g(Pseudo-Random)g(Num)o(b)q(er)g(Generation.)116
1187 y Fv(25th)i(IEEE)f(Symp)n(osium)g(on)g(F)m(oundations)f(of)i
(Computer)g(Scienc)n(e)p FB(,)c(pages)i(458{463,)e(1984.)0
1281 y([166])21 b(M.)c(W)l(egman)h(and)g(L.)g(Carter.)27
b(New)18 b(Hash)g(F)l(unctions)g(and)h(their)f(Use)g(in)h(Authen)o
(tication)g(and)f(Set)116 1337 y(Equalit)o(y)l(.)j Fv(Journal)16
b(of)g(Computer)h(and)g(System)e(Scienc)n(e)p FB(,)f(V)l(ol.)h(22,)f
(1981,)g(pages)h(265{279.)0 1431 y([167])21 b(A.)16 b(D.)g(Wyner.)24
b(The)16 b(wire-tap)h(c)o(hannel.)25 b Fv(Bel)r(l)17
b(System)g(T)m(e)n(chnic)n(al)e(Journal)p FB(,)h(V)l(ol.)h(54)f(\(No.)f
(8\),)h(pages)116 1488 y(1355{1387,)c(Oct.)j(1975.)0
1582 y([168])21 b(A.C.)e(Y)l(ao.)34 b(Theory)19 b(and)h(Application)i
(of)d(T)l(rap)q(do)q(or)h(F)l(unctions.)35 b(In)20 b
Fv(23r)n(d)h(IEEE)f(Symp)n(osium)g(on)116 1638 y(F)m(oundations)c(of)g
(Computer)h(Scienc)n(e)p FB(,)c(pages)i(80{91,)f(1982.)0
1732 y([169])21 b(A.C.)12 b(Y)l(ao.)k(Ho)o(w)c(to)g(Generate)h(and)g
(Exc)o(hange)g(Secrets.)j(In)e Fv(27th)h(IEEE)e(Symp)n(osium)h(on)g(F)m
(oundations)116 1788 y(of)j(Computer)g(Scienc)n(e)p FB(,)c(pages)i
(162{167,)e(1986.)952 2795 y(41)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF