CISSP Common Body of Knowledge

CISSP Common Body of Knowledge Review: Cryptography Domain Part 1Version: 5.9

CISSP Common Body of Knowledge Review by Alfred Ouyang is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.

1

- 2 -Learning ObjectiveCryptography DomainThe Cryptography domain addresses the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authentication.The candidate is expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; the applications, construction and use of digital signatures to provide authenticity of electronic transactions, and non-repudiation of the parties involved; and the organization and management of the Public Key Infrastructure (PKIs) and digital certification and management.Reference: CISSP CIB, January 2012 (Rev. 2)

2

- 3 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

3

- 4 -TopicsCryptography Domain Part 2Utilization of cryptographyPublic Key Infrastructure (PKI)HTTP, S-HTTP, IPsec, SSH, SETSingle Sign-On (SSO)Secured E-mailTypes of crypto attacksCrypto-analytic AttacksCryptographic AttacksDiscussion on export of crypto technologies

4

- 5 -ConceptSecurity Principles and CryptographyObjectives of Cryptography: Confidentiality unauthorized persons cannot access information.Integrity ensures the message remains unmodified.

Cryptography provides:Confidentiality Encryption.Integrity Hash/Message Digest.Authentication to verify the identity of a subject.Non-repudiation sender cant deny sending.

Stuff To Look Out ForAuthentication Is NOT part of the C.I.A. Triad.

5For CISSP Exam Know the differences between identification, authentication, authorization, and accountability.

- 6 -Terms & DefinitionCryptograph (1/3)Cryptography the science of secret writing.Cryptology the study of cryptography and cryptanalysis.

Cryptosystem hardware and/or software implementation of cryptography.Algorithm a precise rule (or set of rules) specifying how to solve some problem or accomplish a specific task.Cipher cryptographic transformation operating with bits or characters.

6

- 7 -Terms & DefinitionCryptograph (2/3)Plaintext/Cleartext data in unscrambled form.Ciphertext/Cryptogram scrambled data.

Encipher/Encrypt/Encode act of scrambling using key.Decipher/Decrypt/Decode descrambling with key.

Cryptanalysis the practice of breaking cryptosystems or obtaining plaintext from cipher text without a key.Work Factor time, effort, and resources necessary to break a cryptosystem.

7

- 8 -Terms & DefinitionCryptograph (3/3)Key For crypto, a secret value in the form of a sequence of characters used to encrypt and decrypt.Key clustering instance where two keys generate the same ciphertext from same plaintext.

Keyspace All possible values used to construct keys. The larger keyspace the better.Initialization Vector (IV) In crypto, IV is a block of bits used as the initializing input algorithm for the encryption of a plaintext block sequence.IV increases security by introducing additional cryptographic variance and to synchronize cryptographic equipment

8

- 9 -Terms & DefinitionHistory of Cryptograph (1/4)For CISSP Exam Read Secrets and Lies Digital Security in a Networked World by Bruce Schneier, or Codebreaker: The History of Codes and Ciphers, by Stephen Pincock.1500 BC: A Mesopotamian tablet contains an enciphered formula for the making of glazes for pottery.487 BC: The Greek used a device called the scytale/skytale a staff around which a long, thin strip of leather was wrapped and written on.50-60 BC: Julius Caesar used a simple substitution with the normal alphabet (just shifting the letters a fixed amount) in government communications.1790: Thomas Jefferson invented wheel cipher. (The order of the disks is the key).1854: Charles Babbage re-invented the wheel cipher.Reference: Secrets and Lies Digital Security in a Networked World, B. Schneier, Wiley Publishing, 2004

9

- 10 -Terms & DefinitionHistory of Cryptograph (2/4)1919-1922: Patents issued to Gilbert Vernam for Vernam cipher.

1930-1941: German military used Lorenz SZ 40 and SZ 42 cipher machines based on Vernam stream cipher to encrypt teleprinter messages.Stream cipher using pseudorandom bits to be XORed with the plaintext.

1933-1945: German military field units used Enigma cipher machine to encrypt messages.Electro-mechanical rotor cipher machine uses polyalphabetic substitution

Reference: Secrets and Lies Digital Security in a Networked World, B. Schneier, Wiley Publishing, 2004

10

Terms & DefinitionHistory of Cryptograph (3/4)1943-1944: British code breakers designed Colossus Mark 1 and Colossus Mark 2 to decrypt Lorenz cipher machine.Designed by Max Newman & Tommy FlowersUsing frequency analysis.

1938-1944: British code breakers designed Bombe to decrypt Enigma cipher machine.Designed by Alan TuringUsing frequency analysis- 11 -

Reference: Bletchley Park National Codes Center (http://www.bletchleypark.org.uk/)

11

- 12 -Terms & DefinitionHistory of Cryptograph (4/4)1976: NSA chosen IBMs modified Lucifer cipher to be the Data Encryption Standard (DES).1976: Whitfield Diffie & Martin Hellman published New Directions in Cryptography.1978: Ronald L. Rivest, Adi Shamir & Leonard M. Adleman (RSA) published RSA Algorithm for Public Key System.1984: ROT13 cipher introduced on UNIX systems, it encrypts cleartext message by shifts letters 13 places.1991: Phil Zimmermann released first version of PGP (Pretty Good Privacy).2000: Joan Daeman and Vincent Rijmans Rijndael algorithm was selected by NIST as the Advanced Encryption Standard (AES). Reference: Secrets and Lies Digital Security in a Networked World, B. Schneier, Wiley Publishing, 2004

12

- 13 -Terms & DefinitionCryptographic Algorithm & OperationCryptographic algorithm A set of mathematical function and rules that takes plaintext and a key as input, and product ciphertext as output.Cryptographic operation Encryption/DecryptionEncryption An act to convert plaintext into ciphertext in order to preserve confidentiality of data.Decryption An act to convert ciphertext back to plaintext.

13

- 14 -Terms & DefinitionStrength of EncryptionThe goal of the cryptosystem is to make compromising it too expensive or time consuming to justify the effort.

The strength of the encryption method comes from:The algorithmSecrecy of the keyLength of the keyInitialization vectors (IV)And how they all work together (encryption method)

Strength (a.k.a. work factor) refers to how hard it is to figure out the algorithm or a key (whichever is not made public) used in the cryptosystem.Work Factor is an estimate of the effort it would take an attacker to compromise the encryption method.

14

- 15 -Questions:What is the definition of cryptography? What is the definition of keyspace? What is a scytale?

Who first invented wheel cipher? What is the significance of Diffie-Hellman algorithm? What is the significance of RSA algorithm?

15

- 16 -Answers:What is the definition of cryptography?The science of secret writing.What is the definition of keyspace?All possible values used to construct keys.What is a scytale?A staff which a long, thin strip of leather was wrapped and written on.Who first invented wheel cipher?Thomas Jefferson.What is the significance of Diffie-Hellman algorithm?It enables key-exchange.What is the significance of RSA algorithm?Public key cryptography.

16

Questions:Act of converting plaintext into ciphertext is?

Act of converting ciphertext back to plaintext is?

Instance where two different keys generate the same ciphertext from a plaintext is?

The practice of breaking cryptosystems or obtaining plaintext from ciphertext without a key is? - 17 -

17

Answers:Act of converting plaintext into ciphertext is? Encryption

Act of converting ciphertext back to plaintext is? Decryption

Instance where two different keys generate the same ciphertext from a plaintext is? Key clustering

The practice of breaking cryptosystems or obtaining plaintext from ciphertext without a key is? Cryptanalysis- 18 -

18

- 19 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

19

- 20 -ConceptCipher TypesClassic Ciphers:Substitution cipherTransposition cipherPolyalphabetic (or running key) cipherConcealment

Modern Ciphers: Block cipherStream cipherSteganographyCombination: Complexity can be created by use combination above.

20

- 21 -Classic CiphersSubstitution CipherA substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet. (a.k.a. shift alphabet)Two examples are:Caesar cipherROT13 cipher on UNIX ABCDEFGHIJKLMNOPQRSTUVWXYZ and sliding everything up by 3, you get ABCDEFGHIJKLMNOPQRSTUVWXYZABC so D = A, E = B, F = C, and so on.

21

- 22 -Classic CiphersPolyalphabetic (or Running Key) CipherThe running key cipher is a type of substitution cipherInvented by Blaise de Vigenre in 19th centuryThe cryptographic algorithm is polyalphabetic substitution, where the secret key is repeated along the length of plaintext/ciphertext

Plaintext: COMPUTING GIVES INSIGHTKeyword: LUCKYLUCK YLUCK YLUCKYLCiphertext: NIOZSECPQ ETPGC GYMKQFESource: http://astro.ocis.temple.edu/~dhill001/vigenere/vigenere.html ABCDEFGHIJKLMNOPQRSTUVWXYZBCDEFGHIJKLMNOPQRSTUVWXYZACDEFGHIJKLMNOPQRSTUVWXYZABDEFGHIJKLMNOPQRSTUVWXYZABCEFGHIJKLMNOPQRSTUVWXYZABCDFGHIJKLMNOPQRSTUVWXYZABCDEGHIJKLMNOPQRSTUVWXYZABCDEFHIJKLMNOPQRSTUVWXYZABCDEFGIJKLMNOPQRSTUVWXYZABCDEFGHJKLMNOPQRSTUVWXYZABCDEFGHIKLMNOPQRSTUVWXYZABCDEFGHIJLMNOPQRSTUVWXYZABCDEFGHIJKMNOPQRSTUVWXYZABCDEFGHIJKLNOPQRSTUVWXYZABCDEFGHIJKLMOPQRSTUVWXYZABCDEFGHIJKLMNPQRSTUVWXYZABCDEFGHIJKLMNOQRSTUVWXYZABCDEFGHIJKLMNOPRSTUVWXYZABCDEFGHIJKLMNOPQSTUVWXYZABCDEFGHIJKLMNOPQRTUVWXYZABCDEFGHIJKLMNOPQRSUVWXYZABCDEFGHIJKLMNOPQRSTVWXYZABCDEFGHIJKLMNOPQRSTUWXYZABCDEFGHIJKLMNOPQRSTUVXYZABCDEFGHIJKLMNOPQRSTUVWYZABCDEFGHIJKLMNOPQRSTUVWXZABCDEFGHIJKLMNOPQRSTUVWXY

22

- 23 -Classic CiphersTransposition CipherInstead of replacing the characters with other characters, this cipher simply changes the order of the characters. The key determines the positions that the characters are moved toThe key for this cipher is not standard. Instead of a list of alphabetic substitutions, it is a mapping order.Such as (1,2,3,4,5) = (3,4,5,2,1). This means that the third element is put in place of the first, thus followed by the fourth, then the fifth, second, and finally followed by the original first element. Example: "WORLD" -> "RLDOW"

23

- 24 -Classic CiphersTransposition CipherPermutations of this cipher run in blocked matrices. This means that the message is spread out into a matrix.Example: I LOVE CISSP CBK REVIEW CLASS 2012"ILOVECISSPCBKREVIEWCLASS2012ICW2012LBCLASSOKREVIEVECISSP

24

- 25 -Classic CiphersConcealment CipherThe concealment cipher hides a message in a longer message i.e. a message WITHIN a messageA paragraph is sent to you containing an embedded secret message. Example:The agreed upon secret key is to use every sixth word.Selecting every sixth word in the paragraph will decrypt the message I have been trying to buy you a nice gift like gold or an antique but prices now are really high.

25

- 26 -Modern CiphersBlock CipherBlock CipherOperate on fixed size block of plaintext.The encryption algorithm takes a fixed-length block of plaintext and create a block of ciphertext in the same length.Usually 8-byte (64-bit)Usually implemented in software.Generally, Block cipher encryption is slower than Stream cipher encryption.Example: DES, Triple DES, AES, IDEA

26

- 27 -Modern CiphersStream CipherStream CipherOperate on continuous streams of plaintext.Usually implemented in hardware.Well suited for serial communications.Functional complex, with long key that does not repeat.Statistically unpredictable.Keystream should NOT be linearly related to key.Example: RC4, SEAL, VEST

27

- 28 -Modern CiphersSteganographySteganography is a method of hiding data in another media so that the data's very existence is concealed. Microdot, very popular in World War IIComputer files (graphic images, MP3, or video) contain unused or insignificant areas of data Steganography takes advantage of these areas, replacing them with information.The files can then be exchanged without anyone knowing what really lies inside of them. Web Bugs malicious version of Steganography.Can be used to insert concealed digital watermarks.

Note: For CISSP Exam Steganography DOES NOT USE algorithms or keys to encrypt datait hides data within another object.

28

- 29 -Questions:What are the four types of modern cipher?

What are the four types of classic cipher?

29

- 30 -Answers:What are the four types of modern cipher?Block cipherStream cipherSteganographyCombination

What are the four types of classic cipher?SubstitutionTranspositionPolyalphabeticConcealment

30

- 31 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

31

- 32 -Cryptographic AlgorithmsHash Function CryptographyA hash function takes an input of arbitrary length and outputs a fixed size value Hash Value.

The maximum number of input and output bits is determined by the design of the hash function.Pre-image resistance. A good hash function is one-way. Original input (message or file) can not be derived from the hash value.Collision resistance. Two inputs into a hash function should not produce the same hash value.

32

- 33 -Cryptographic AlgorithmsHash Function CryptographyCryptographic hash functions are used to provide integrity, authentication and non-repudiation.Message digest, if the message or file is used as an input into a cryptographic hash function.Message authentication, if a secret key is used along with a message as inputs into a cryptographic hash function.Digital signature, if the private key is used as an input, and the output can be verified with the public key.

Cryptographic hash functions are also used as randomness extractor for pseudo-random number generators (PRNGs)

33

- 34 -Cryptographic Algorithms Hash Function CryptographyThere are two flavors and a hybrid hash functions:Non-keyed digest (for integrity)Message Integrity Code (MIC).Modification Detection Code (MDC).Keyed digest (for authentication)Message Authentication Code (MAC): Secret key + message.Keyed-hash MAC or Hashed MAC (HMAC): MAC + MDC.Digital signature (for non-repudiation)

Popular message digest algorithms: MD5, RIPE-MD, HAVAL, FIPS 186-2: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.Popular digital signature algorithms: ElGamal, FIPS 180-2: DSA, EC-DSA.

34

- 35 -Cryptographic Algorithms Hash Function Cryptography Non-Keyed DigestNon-keyed digest is used to provide integrity function. The output fixed-size hash value is called:Message Digest (MD) in cryptography world.Modification Detection Code (MDC-2) patented by IBM.

35

- 36 -Cryptographic Algorithms Hash Function Cryptography Keyed DigestKeyed digest is used to provide authentication function. The output fixed-size hash value is called:Message Authentication Code (MAC): Secret key (symmetric ephemeral key) + message. (a.k.a. Message Integrity Code (MIC) and Keyed-Hash MAC (HMAC).)

Reference: FIPS 198, The Keyed-Hash Message Authentication Code (HMAC), March 6, 2002.

36

- 37 -Cryptographic Algorithms Hash Function Cryptography Digital SignatureDigital signature (or digital fingerprint) is used to provide non-repudiation function.Digital signature is a hybrid cryptography that uses non-keyed hash function and asymmetric key-pair (public key & private key).

Reference: FIPS 186-2, Digital Signature Standard (DSS), January 27, 2000.

37

Cryptographic Algorithms Hash Function Cryptography Randomness ExtractorTrue random number is hard to find, what computing machines generates is pseudo randomThe most common pseudo-random number generator (PRNG) uses the linear congruential formula:Xn+1 = (aXn +b) mod m

To add randomness, the PRNG output is put through a cryptographic hash function, because a good hash function is:Pre-image resistance andCollision resistance- 38 -

38

- 39 -Questions:What is a hash function?

What are the difference between non-keyed digest and keyed digest?Non-keyed digest is used to provide ? functionKeyed digest is used to provide ? function

What are the two key criteria of a good hash function?

39

- 40 -Answers:What is a hash function?A one-way mathematical function that take an input of arbitrary length and outputs a fixed size value.

What are the difference between non-keyed digest and keyed digest?Non-keyed digest is used to provide integrity function.Keyed digest is used to provide authentication function.

What are the two key criteria of a good hash function?Pre-image resistant, andCollision resistant.

40

- 41 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

41

- 42 -Cryptographic Algorithms Symmetric Key CryptographySymmetric key cryptography involves a single secret (symmetric) key.Both the sender and the recipient must have the same secret key.It is used by the sender to encrypt the message and by the recipient to decrypt it.

42

- 43 -Cryptographic Algorithms Symmetric Key CryptographyThe same secret key has to be possessed by both parties.Requires a secure mechanism to deliver keys.Each pair of users needs a unique key.Key management can be difficult as the number of users grows.n*(n-1)/2: A user group of 100 people 4,950 keys would be needed.Symmetric key cryptography provides confidentiality only. Need to combine with MAC for message integrity and authentication.Popular symmetric key algorithms: DES, 3DES, AES, RC6, Twofish, Blowfish, etc.Reference: Communication Theory of Secrecy Systems, by Claude Shannon, 1949

43

- 44 -Cryptographic Algorithms Symmetric Key Cryptography AlgorithmsThere are two (2) ciphers that uses symmetric key algorithms for encryption:Block ciphersTaking a fixed-length block of plaintext data and create a block of ciphertext data of same length.Stream ciphersGenerating a keystream (sequence of bits), combining the keystream with plaintext data, bit-by-bit using XOR operations and create a stream of ciphertext data.One-time pad (a.k.a. Vernam cipher) is a type of stream cipher. The entire keystream is totally random and is used only once.

44

- 45 -Cryptographic Algorithms: Symmetric Key Cryptography Stream Cipher XOR OperationExclusive-OR (XOR) is an operation that is applied to two bits. It is a function in binary mathematicsif both bits are the same, the result is zero (0)0 + 0 = 01 + 1 = 0If both bits are different, the result is one (1)0 + 1 = 11 + 0 = 1

45

- 46 -Cryptographic Algorithms: Symmetric Key Cryptography Stream Cipher XOR OperationMessage 01011010 => ASCII ZKeystream01100011 => ASCII c

Ciphertext 00111001 => ASCII 9

Ciphertext 00111001 => ASCII 9Keystream01100011 => ASCII c

Message 01011010 => ASCII ZXOR

XOR

46

- 47 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Confusion vs. DiffusionBlock Ciphers use confusion and diffusion in their encryption methods:

Confusion refers to making the relationship between the key and the ciphertext as complex and involved as possible.

Diffusion refers to the property that redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext.Reference: Communication Theory of Secrecy Systems, by Claude Shannon, 1949

47

Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher ConfusionConfusion can be achieved through substitution cipher operations.S-box provides element of confusion to a block cipher in symmetric key cryptosystem.An S-box takes some number of input bits m, and transforms them into some number of output bits n.Implemented as a m n lookup table to provide element of confusion to block cipher.S-box can be implemented as:Lookup table (e.g., DES)Linear transformation through matrix multiplication (e.g., AES), orDynamically from the key (e.g., Blowfish or Twofish).

- 48 -

48

Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher DiffusionDiffusion can be achieved through transformation cipher operations.Feistel network permutation provides element of diffusion to a block cipher of in a symmetric key cryptosystem.Feistel or modified Feistel: DES, TDES, Blowfish, Twofish, RC5, etc.Generalized Feistel: RC2, RC6, Skipjack, etc.Columnar transposition is not a Feistel network permutation, but it also provides element of diffusion to a block cipher.AES ShiftRows and MixColumns operations

- 49 -

49

- 50 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of OperationIn general all block ciphers operates in five (5) modesBlock ModeECB (Electronic Code Book)CBC (Cipher Block Chaining)Stream ModeCFB (Cipher Feed Back)OFB (Output Feed Back)CTR (Counter)

FIPS 81 specified only 4 modes as the Federal standard, counter mode was not considered.NIST withdrew FIPS 81 on May 19th, 2005.Reference: http://www.itl.nist.gov/fipspubs/withdraw.htm

50

- 51 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of Operation ECBElectronic Code Book (ECB) Block Modeci = Ek(pi)64-bit data blocks processed individually, one at a time.Decrypting starts at the beginning of ciphertext file and processes 64-bit block one at a time, until EOF.Advantage: Fast & Simple.Disadvantage: Susceptible to Known-plaintext attacks

51

- 52 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of Operation CBCCipher Block Chaining (CBC) Block Modeci = Ek(pi ci-1) , where: c0 = IV64-bit plaintext blocks loaded sequentially.XORed with 64-bit Initialization Vector (IV).Combination processed into cipher under secret key.First ciphertext XORed with next plaintext block.Most frequently used mode of operation.

52

- 53 -Cryptographic Algorithms Block Cipher Initialization Vector (IV)Initialization Vector (IV) is a block of bits used in the beginning of the encryption process for block or stream cipher.

IV is generated using:Random number generator (RNG) or Pseudo-random number generator (PRNG)

IV eliminates re-keyingIn stream cipher, the IV is loaded into the keyed internal secret state of the cipher, after which a number of cipher rounds is executed prior to releasing the first bit of output.In block cipher, the IV is linearly added to the first block of plaintext prior to encryption.

53

- 54 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of Operation CFBCipher Feed Back (CFB) Stream Modeci = pi Ek(ci-1) , where c0 = IVPrevious ciphertext block is encrypted and the output is combined with plaintext block using XOR to produce current ciphertext block. Initialization Vector (IV) is used as a seed for the process.Plaintext patterns are concealed by the XOR operation.

54

- 55 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of Operation OFBOutput Feed Back (OFB) Stream Modeci = pi oi ,where: oi = Ek(oi-1) and o0 = IVSimilar to CFB mode, except that quantity XORed with each plaintext block is generated independently of both plaintext and ciphertext.Initialization Vector (IV) is used as a seed for the process.

55

- 56 -Cryptographic Algorithms: Symmetric Key Cryptography Block Cipher Modes of Operation CounterCounter (CTR) Stream Mode (Not a FIPS!)ci = pi Ek(ni-1) , where: ni-1 = IV | ti-1Similar to OFB mode the quantity XORed with each plaintext block is generated independently of both plaintext and ciphertext.Encrypted CTR values generate a keystream to be XORed with message stream, much like stream cipher.

56

- 57 -Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem DES (1/2)Data Encryption Standard (DES), a symmetric key cryptosystem based on IBMs Lucifer cipher. DES has been a FIPS 46-1 since 1977.DES is a 64-bit block cipher algorithm (64-bit block = 56-bit secret key + 8-bit parity) that uses a key of 56 bits and 16 rounds of transposition and substitution to encrypt each group of 8 (64-bit) plaintext letters.

Feistel NetworkReference: NIST FIPS 46-3, Data Encryption Standard, October 25, 1999

57

Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem DES (2/2)For an animation of the 64-bit DES encryption process Key schedule, 56-bit key divided into two 28-bit subkeys.For each successive rounds, both halves are rotated left by one or two bits.Initial Permutation (IP)Permutation of a 64-bit input block to a 64-bit IP matrixRoundsExpansionKey mixingSubstitutionPermutation

- 58 -Reference: http://www.cryptool.org/en/

58

- 59 -Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem Triple-DES (TDES) (1/2)TDES is an interim solution from NIST to provide a stronger solution than DESTDES uses 48 rounds of transposition and substitution functions in its computation.TDES is approximately 256 times stronger than DES.TDES operates in four (4) different modesDES-EEE: TDES encryption with 3 different keysDES-EDE: TDES operations (encrypt-decrypt-encrypt) with 3 different keys.DES-EEE2: TDES encryption with 2 different keys and 1st & 3rd operations use the same key.DES-EDE2: TDES operatons (encrypt-decrypt-encrypt) with 2 different keys and 1st & 3rd operations use the same key.

Reference: NIST FIPS 46-3, Data Encryption Standard, October 25, 1999

59

Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem Triple-DES (TDES) (2/2)TDES is used as the underlying block cipher algorithm for the following modes of operations:Electronic Code Book (TECB in ANSI X9.52)Cipher Block Chaining (TCBC, TCBC-I in ANSI X9.52)Cipher Feed Back (TCFB, TCFB-P in ANSI X9.52)Output Feed Back (TOFB, TOFB-I in ANSI X9.52)Counter (CTR, not specified in ANSI X9.52)For example: TECB (TDES-EEE in ECB)

- 60 -Reference: NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation, December 2001.FIPS 46-3, Data Encryption Standard, October 25, 1999.

60

- 61 -Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem Advanced Encryption Standard (AES) (1/4)NIST announced the need for a 3DES replacement in 1997.A request for candidate symmetric block algorithms supporting key sizes of 128, 192, and 256-bit was issued.AES Candidates included:MARS Developed by the IBM Team that developed Lucifer (the algorithm DES was developed from).RC6 Developed by RSA.Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen.TwoFish Developed by Counterpane Systems.Rijndael Developed by Vincent Rijmen and Joan Deamon.CAST Developed by Entrust Technologies.

61

- 62 -Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem Advanced Encryption Standard (AES) (2/4)The Rijndael algorithm developed by Vincent Rijman & Joan Daeman was selected after lengthy testing to become AES (FIPS 197)AES is a symmetric block cipher that canProcess data blocks of 128 bits.Uses cipher keys with lengths of 128, 192, and 256 bits.Variable number of rounds, each round containing 4 steps (Byte Sub, Shift Row, Mix Column, Add Round Key)Rijndael was designed to handle additional block sizes and key lengths, however they are not adopted in the AES standard.

Reference:NIST FIPS 197, Advanced Encryption Standard (AES), November 2001 http://www.quadibloc.com/crypto/co040401.htm

62

Cryptographic Algorithms Symmetric Key Cryptography Symmetric Key Cryptosystem Advanced Encryption Standard (AES) (3/4)Like DES, AES is an block cipher algorithm for symmetric key cryptosystem. Uses confusion and diffusion principlesUses a substitute-permutation network (NOT Feistel network)

For both its cipher and inverse cipher, AES algorithm uses a round function that is composed of four different byte-oriented transformations: SubByte (Confusion)ShiftRow (Diffusion)MixColumn (Diffusion)AddRoundKey (Confusion)

- 63 -Reference: NIST FIPS 197, Advanced Encryption Standard (AES), November 2001

63

Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem Advanced Encryption Standard (AES) (4/4)For an animation of the 128-bit AES encryption process (http://www.formaestudio.com/rijndaelinspector/archivos/rijndaelanimation.html)KeyExpansion using Rijndaels key scheduleInitial RoundAddRoundKeyRoundsSubBytesShiftRowsMixColumnsAddRoundKeyFinal Round (no MixColumns)SubBytesShiftRowsAddRoundKey

- 64 -Reference: http://cryptool.org/en/

64

- 65 -Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem SKIPJACKSKIPJACK is a symmetric key algorithm implemented in electronic devices.SKIPJACK algorithm is no longer classified. Single chip cryptoprocessors: CLIPPER, CAPSTONE, KEYSTONE, REGENT, KRYPTON, and FORTEZZA.SKIPJACK is a 64-bit codebook using an 80-bit cryptovariable (session key).Similar to DES, SKIPJACK has four (4) modes of operation but processes 32 rounds of transposition & substitution per operation:Electronic Code Book (ECB), 64-bitCipher Block Chaining (CBC), 64-bitOutput Feed Back (OFB), 64-bitCipher Feed Back (CFB), 64/32/16/8-bitSkipjack uses DH for key exchange.Reference: http://csrc.nist.gov/groups/ST/toolkit/documents/skipjack/skipjack.pdf

65

- 66 -

Cryptographic Algorithms: Symmetric Key Cryptography Symmetric Key Cryptosystem IDEAInternational Data Encryption Algorithm (IDEA)Uses 64-bit input and output data blocks.Based on 3 mathematical functionsXORADDITION modulo 216 (65536)MULTIPLICATION modulo 216 + 1 (65537)Uses 8 rounds of transposition and substitution.

Reference: http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

66

- 67 -Classes of Cryptography: Symmetric Key Cryptography Symmetric Key Cryptosystem Other Block CiphersRC5Designed by Ron Rivest of RSA SecurityFeatures data dependant rotations, variable block size (32,64, or 128 bits), variable key size (0 2040 bits), variable number of roundsRC6Also designed by Ron Rivest. It was a candidate for AES.Based on RC5, RC6 has a block size of 128 bits, supports key size of 128, 192, and 256 bits.BlowfishHighly efficient block cipher, designed by Bruce SchneierKey size: 32 448 bits (in steps of 8 bits)64-bit block sizeOptimized for 32-bit micro-processors

67

- 68 -

Classes of Cryptography: Symmetric Key Cryptography Symmetric Key Cryptosystem Stream CiphersRC4The most commonly implemented software stream cipher.Used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP).Designed by Ron Rivest of RSA Security.Using pseudo-random generation algorithm.Variable key size.Highly efficient, much faster than any block cipher.Stream ciphers can be difficult to implement correctly.Source: http://en.wikipedia.org/wiki/RC4

68

- 69 -Questions:What is the key attribute of symmetric key cryptography?

What are the two key properties that all block cipher cryptosystems have?

What type of stream cipher cryptosystem is considered unbreakable?

69

- 70 -Answers:What is the key attribute of symmetric key cryptography?A single secret key.

What are the two key properties that all block cipher cryptosystems have?Confusion, andDiffusion.

What type of stream cipher cryptosystem is considered unbreakable?One-time pad.

70

- 71 -Questions:What are the two types of cipher that uses symmetric key algorithm for encryption?

What are the four modes of cryptography operations for DES?

71

- 72 -Answers:What are the two types of cipher that uses symmetric key algorithm for encryption?Block cipher, andStream cipher.

What are the four modes of cryptography operations for DES?Electronic Code Book (ECB) Block Mode,Cipher Block Chaining (CBC) Block Mode,Cipher Feed Back (CFB) Stream Mode, andOutput Feed Back (OFB) Stream Mode.

72

- 73 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

73

- 74 -Cryptography AlgorithmAsymmetric Key CryptographyAsymmetric key cryptography involves two mathematically related but different keys known as a key-pair (a private key & a public key).The public key is derived from the private key.Only the owner has the private key.One-way mathematical link (a.k.a. Trapdoor function).The private key cannot be deduced (theoretically) by analyzing the public key.

74

Cryptography AlgorithmAsymmetric Key CryptographySecure message format:

Open message format:- 75 -

75

- 76 -Classes of CryptographAsymmetric Key Cryptography AlgorithmsAsymmetric key cryptography is mathematically more complex than symmetric key cryptography.Factorization algorithmsDiscrete logarithm algorithmsDiscrete Logarithm with Finite FieldElliptic Curve Discrete Logarithm with Finite FieldThe public-key cryptography process is substantially slower than symmetric key cryptography process. (100 times slower in software, 1,000 to 10,000 times slower in hardware)Key sizes must be relatively large.

76

- 77 -Classes of CryptographAsymmetric Key Cryptography Factorization AlgorithmsFactorization AlgorithmsBased on factoring prime numbers (integers).Larger the number, more computation is needed. 2, 3, , 73, 2521, , 2345347734339, 2756839-1, ...etc.RSA PKCS#1Key generation: RSA public key and RSA private key.Public-key encryption: c = me mod n, where c is ciphertext, m is message, e is RSA public exponent and n is RSA modulus.Public-key decryption: m = cd mod n, where d is RSA private exponent.Digital signature: m = se mod n, where s is signature representative.Reference: http://en.wikipedia.org/wiki/RSA

77

- 78 -Classes of CryptographAsymmetric Key Cryptography Discrete LogarithmsDiscrete logarithm w/ finite fieldBased on the mathematical proof of generalized discrete logarithm problem (GDLP),where computing exponentiation over a finite field is easy (Yx mod P), but computing the discrete logarithm is hard. (find x where Yx Z (mod P))Parameters have to be as large as factoring (512, 1024, 2048-bit).Diffie-Hellman, El Gamal, and DSA.Brute force attacks are infeasible against discrete logarithms. But vulnerable to chosen-ciphertext attacks.Reference: http://en.wikipedia.org/wiki/Diffie_hellman

78

- 79 -Classes of CryptographAsymmetric Key Cryptography Diffie-Hellman (DH)Diffie-Hellman (DH) is a key exchange algorithm for public-key cryptography. NOT for encryption!DH uses finite field discrete logarithm as trapdoor function between private and public keys. YX (mod P)StepAliceExchange MethodologyBob1Select Y & P with BobYX (mod P) Public know to the worldSelect Y & P with Alice2Y = 11P = 1311X (mod 13)Y = 11P = 133Alice chooses a secret number (2)Select a secret numberBob chooses a secret number (5)4112 (mod 13)121 (mod 13) = 4Calculate one-way function using their secret number115 (mod 13)161051 (mod 13) = 75Alice sends the result 4 to BobSend the result of the one-way function to the other personBob sends the result 7 to Alice6Calculate 72 (mod 13)49 (mod 13) = 10Take received calculation and raise it to your secret numberCalculate 45 (mod 13)1024 (mod 13) = 107Symmetric key selected through calculation is 10Both people have the same number without revealing their secretSymmetric key selected through calculation is 10

Reference: http://en.wikipedia.org/wiki/Diffie_hellman

79

- 80 -Classes of CryptographAsymmetric Key Cryptography RSA Encryption AlgorithmMessage: m = 3Choose 2 random, prime numbers: p = 19, q = 13n = pq, n = 247Choose a random # to be e (encryption key): e = 7Compute d (decryption key) (private key)d = e-1 mod (p-1)(q-1)d = ((19-1)(13-1))/7 = 216/7 = 31 (round up)Public key = (n,e) = (247,7)

To encrypt: c = me mod n c = 37 mod 247 c = 211 (ciphertext)To decrypt:m = cd mod n m = 21131 mode 247 m = 3 (plaintext)

Reference: CISSP All-in-One Exam Guide, 4th ed.http://en.wikipedia.org/wiki/RSA

80

- 81 -Classes of CryptographAsymmetric Key Cryptography Elliptic Curve AlgorithmElliptic Curve Cryptography (ECC) uses algebraic system defined on points of elliptic curve to provide public-key cryptography.ECC based on the mathematical problem of factors that are coordinate pairs that fall on an elliptic curve. Advantages:Highest strength/bit in current public-key cryptosystems.Fast encryption and signature speed.Small signatures & certificates. (Ideal for smart card).Examples:ECC, EC-DH, EC-DSA, EC-ElGamalReference: http://en.wikipedia.org/wiki/Elliptic_curve

81

- 82 -Classes of CryptographAsymmetric Key CryptographyWhile asymmetric key cryptography is more complex and slower than symmetric, butKey management is simplified.Only one party needs to know the private key.Knowledge of the public key does not compromise the security of message transmissions. Key distribution is scalable.Each subject has just one key-pair (private & public keys) .instead of n*(n-1)/2 for symmetric key crypto.Number of keys = 2*n (1,000 users, 2,000 keys).Key establishment can be authenticated.The key pair private & public keys are mathematically related, but different.DH algorithm: (YX mod P, find X where YX Z (mod P)).

82

- 83 -Question:In asymmetric key cryptography, how is the public key is related to private key?

What are the two types of algorithms used in asymmetric key cryptography?

What are the three major advantages of asymmetric cryptography over symmetric cryptography?

83

- 84 -Answers:In asymmetric key cryptography, how is the public key is related to private key?Public key is generated through a one-way algorithm using the private key.

What are the two types of algorithms used in asymmetric key cryptography?Factorization algorithm, andDiscrete logarithm.

What are the three major advantages of asymmetric cryptography over symmetric cryptography?Key management (is simplified),Key distribution (is scalable), andKey establishment (keys can be authenticated).

84

- 85 -TopicsCryptography Domain Part 1Terms, Definition, Concept & HistoryCipher TypesClassic CiphersModern CiphersCryptographic AlgorithmsHash Function CryptographySymmetric Key CryptographyAsymmetric Key CryptographyHybrid Cryptography

85

- 86 -Classes of CryptographHybrid Use of Symmetric and Asymmetric CryptographyQuestion: How can one take advantage the speed of symmetric cryptography and keep the secret key secret?

Answer: Make use of asymmetric cryptography to keep the ephemeral secret key secret.Make use of hash functions to ensure integrity and non-repudiation of the ephemeral secret key.Use the transported ephemeral secret key to perform bulk/ link encryption using symmetric cryptography.

86

- 87 -Classes of CryptographHybrid Use of Symmetric and Asymmetric CryptographyExample:PKI enabled e-mail message, where a one-time secret key is generated for DES, TDES or AES to encrypt the content. E-mail recipients public key is used to encrypt the one-time secret key.Secured SSL/TLS HTTPS sessions that uses public key cryptography to transport the session ephemeral secret key and perform symmetric crypto-operations.KG-75, KG-175 are Type-1 cryptosystems that use FIREFLY public key from EKMS, and KSD-64 CIK. Then SKIPJACK-like keys are combined to perform symmetric cryptography operations.

87

- 88 -Symmetric vs. Asymmetric SummaryAttributeSymmetricAsymmetricKeyOne shared secret keyPublic/Private key pairKey exchangeDifficult must be done securelyPublic/Private key relationship allows Public Key to be in the OpenSpeedLess complex & fasterMore complex & much slowerKey Length (Bits)Smaller (80 to 256+)Much Larger (1024 to 2048+)*ECC (160 to 512+)UseBulk encryptionKey encryption, key distributionSecurityConfidentiality/ IntegrityConfidentiality, Integrity, Authentication, Non-repudiation

88

- 89 -Summary of Cryptography AlgorithmsEncryptionDigital SignatureHash FunctionKey DistributionSymmetric Key AlgorithmsDESX3DESXAESXBlowfishXIDEAXRC4XAsymmetric Key AlgorithmsRSAXXXECCXXXElGamal, EC-ElGamalXXXDSA, EC-DSAXDiffie-Hellman (DH), EC-DHXHash FunctionRSA: MD2, MD4, MD5XSHA-1, SHA-224, SHA-256, SHA-384, SHA-512XHAVALX

Reference: CISSP All-in-One Exam Guide, 4th ed.

89

- 90 -Validation Time

Classroom Exercise

Review Answers

90

Exercise #1: Polyalphabetic (/ Running Key) CipherPlease decipher the followingsCiphertext: JWCXOOQIYIZODHKDWBTKeyword: BLOCKCIPHERBLOCKCIP- 91 -ABCDEFGHIJKLMNOPQRSTUVWXYZBCDEFGHIJKLMNOPQRSTUVWXYZACDEFGHIJKLMNOPQRSTUVWXYZABDEFGHIJKLMNOPQRSTUVWXYZABCEFGHIJKLMNOPQRSTUVWXYZABCDFGHIJKLMNOPQRSTUVWXYZABCDEGHIJKLMNOPQRSTUVWXYZABCDEFHIJKLMNOPQRSTUVWXYZABCDEFGIJKLMNOPQRSTUVWXYZABCDEFGHJKLMNOPQRSTUVWXYZABCDEFGHIKLMNOPQRSTUVWXYZABCDEFGHIJLMNOPQRSTUVWXYZABCDEFGHIJKMNOPQRSTUVWXYZABCDEFGHIJKLNOPQRSTUVWXYZABCDEFGHIJKLMOPQRSTUVWXYZABCDEFGHIJKLMNPQRSTUVWXYZABCDEFGHIJKLMNOQRSTUVWXYZABCDEFGHIJKLMNOPRSTUVWXYZABCDEFGHIJKLMNOPQSTUVWXYZABCDEFGHIJKLMNOPQRTUVWXYZABCDEFGHIJKLMNOPQRSUVWXYZABCDEFGHIJKLMNOPQRSTVWXYZABCDEFGHIJKLMNOPQRSTUWXYZABCDEFGHIJKLMNOPQRSTUVXYZABCDEFGHIJKLMNOPQRSTUVWYZABCDEFGHIJKLMNOPQRSTUVWXZABCDEFGHIJKLMNOPQRSTUVWXY

91

Exercise #2: Cipher Operation for Block CipherWhich of the following cipher operation is in stream mode?ci = Ek(pi ci-1) , where: c0 = IV

or

ci = pi Ek(ci-1) , where c0 = IV

How is IV generated?

- 92 -

92

AnswersSuggested- 93 -

93

Exercise #1: Polyalphabetic (/Running Key) Cipher- 94 -Answer:Plaintext: I LOVE MITRE INSTITUTE

UsingCiphertext: JWCXOOQIYIZODHKDWBTKeyword: BLOCKCIPHERBLOCKCIP

94

Exercise #2: Cipher Operation for Block CipherCipher Block Chaining (CBC)ci = Ek(pi ci-1) , where: c0 = IV

Cipher Feed Back (CFB)ci = pi Ek(ci-1) , where c0 = IV

- 95 -

95

Exercise #2: Cipher Operation for Block CipherHow is IV generated?It is usually done using a pseudo-random number generator (PRNG).The most common PRNG is the linear congruential generator:Xn+1 = (aXn +b) mod m

Then the random number is put in to a randomness extractor. Typically it is a cryptographic hash function.

- 96 -

Reference: L. Trevisan, Extractors and Pseudorandom Generators, UC Berkeley, 1999 (http://www.cs.berkeley.edu/~luca/pubs/extractor-full.pdf)

96

- 97 -Public Key Cryptography Standards (PKCS)*PKCS # 1: RSA Cryptography Standard. (Now includes PKCS #2 & #4)PKCS # 3: Diffie-Hellman Key Agreement Standard. PKCS # 5: Password-Based Cryptography Standard. PKCS # 6: Extended-Certificate Syntax Standard. (This is currently being phased out in favor of X509 v3.)PKCS # 7: Cryptographic Message Syntax Standard. PKCS # 8: Private-Key Information Syntax Standard. (Key Information)PKCS # 9: Selected Attribute Types. (This defines selected attribute types for use in other PKCS standards)PKCS # 10: Certification Request Syntax Standard.PKCS # 11: Cryptographic Token Interface Standard. PKCS # 12: Personal Information Exchange Syntax Standard.PKCS # 13: Elliptic Curve Cryptography Standard.PKCS # 15: Cryptographic Token Information Format Standard. *Source: http://www.rsasecurity.com/rsalabs/node.asp?id=2124

97

- 98 -FIPS 140-2Federal Information Process Standard (FIPS) 140-2: Security Requirements for Cryptographic Modules*Specifies security requirements for protecting SBU information. Covers areas related to the secure design and implementation of a cryptographic module. Provides four (4) increasing, qualitative levels of securityCryptographic Module Validation Program (CMVP)**All new products are to be tested under FIPS 140-2.Currently, all FIPS 140-1 validated modules are still valid.Reference:* http://csrc.nist.gov/publications/fips/ ** http://csrc.nist.gov/cryptval/

98

- 99 -FIPS 140-2, Security Requirements for Cryptographic Modules, December 2002Security Level 1Security Level 2Security Level 3Security Level 4Cryptographic Module Specification Specification of cryptographic module, cryptographic boundary, Approved algorithms, and Approved modes of operation. Description of cryptographic module, including all hardware, software, and firmware components. Statement of module security policy. Cryptographic Module Ports and Interfaces Required and optional interfaces. Specification of all interfaces and of all input and output data paths. Data ports for unprotected critical security parameters logically or physically separated from other data ports. Roles, Services, and Authentication Logical separation of required and optional roles and services. Role-based or identity-based operator authentication. Identity-based operator authentication.Finite State Model Specification of finite state model. Required states and optional states. State transition diagram and specification of state transitions.Physical Security Production grade equipment.Locks or tamper evidence.Tamper detection and response for covers and doors.Tamper detection and response envelope. EFP or EFT.Operational Environment Single operator. Executable code. Approved integrity technique. Referenced PPs evaluated at EAL2 with specified discretionary access control mechanisms and auditing. Referenced PPs plus trusted path evaluated at EAL3 plus security policy modeling.Referenced PPs plus trusted path evaluated at EAL4. Cryptographic Key Management Key management mechanisms: random number and key generation, key establishment, key distribution, key entry/output, key storage, and key zeroization. Secret and private keys established using manual methods may be entered or output in plaintext form.Secret and private keys established using manual methods shall be entered or output encrypted or with split knowledge procedures. EMI/EMC 47 CFR FCC Part 15. Subpart B, Class A (Business use). Applicable FCC requirements (for radio). 47 CFR FCC Part 15. Subpart B, Class B (Home use). Self-TestsPower-up tests: cryptographic algorithm tests, software/firmware integrity tests, critical functions tests. Conditional tests. Design Assurance Configuration management (CM). Secure installation and generation. Design and policy correspondence. Guidance documents.CM system. Secure distribution. Functional specification. High-level language implementation. Formal model. Detailed explanations (informal proofs). Preconditions and post-conditions. Mitigation of Other AttacksSpecification of mitigation of attacks for which no testable requirements are currently available.

99

- 100 -Symmetric Asymmetric Key Size ComparisonsSize of Symmetric KeysEffectiveSecurity (Bits)Encryption Algorithm80SKIPJACK1123DES128AES-128192AES-192256AES-256

Size of Public KeysDSA/DHRSAECC102410241602048204822430723072256768076803841536015360512

100

Scytale Cipher

Mesopotamian Tablet

Caesar Cipher

Thomas Jefferson Wheel Cipher

Enigma Cipher Machine

Message Recipient

Message Sender

Confederacys cipher disk

Block Cipher Encryption

Secret Key

Plaintext

Ciphertext

Keystream1101000111010001

Ciphertext0010001000100010

Plaintext1111001111110011

Message Recipient

Message Sender

Message Digest (H2)

Compare

Hash Function

Generation

Message (M1)

Hash Function

Verification

Message (M2)

Message Digest (H1)

Message Recipient

Message Sender

Hash Function

Generation

Message (M1)

Hash Function

Verification

Message (M2)

MAC1

MAC2

Compare

Signature Verification

Signature Generation

Hash Function

Message (M1)

Hash Function

Message (M2)

Message Digest (H1)

Message Digest (H2)

Compare

Signature Algorithm

Signature Algorithm

(* Content-type: application/vnd.wolfram.cdf.text *)

(*** Wolfram CDF File ***)(* http://www.wolfram.com/cdf *)

(* CreatedBy='Mathematica 8.0' *)

(*CacheID: 234*)(* Internal cache information:NotebookFileLineBreakTestNotebookFileLineBreakTestNotebookDataPosition[ 150, 7]NotebookDataLength[ 77800, 1553]NotebookOptionsPosition[ 50567, 966]NotebookOutlinePosition[ 76824, 1527]CellTagsIndexPosition[ 76713, 1521]WindowTitle->Linear Congruential GeneratorsWindowFrame->Normal*)

(* Beginning of Notebook Content *)Notebook[{Cell[BoxData[ ButtonBox[ GraphicsBox[RasterBox[CompressedData["1:eJztvXmUXldxL8pazzeKUCRHkqVWz3O3utWTutWjWq1u9dz9SdbgSZ7AI1OY59EGMxgMGI9AgACBJIwmcBNCwnBvgm2mvPduCATWevfmvgD5864L5P3Neaf2WFW79vlOt2RJtrfXqnW+s3ftGn5Vu2r7bEtuvfXlp2/9P57znOd05fS133vOcy7Ln0/Mdf6vROebOhIlSpToKaaLXecSJUqUKFGiRBeIfmfoYtuRKNHTjX73RNo/iRKVod8V0MW2LVGii0VF+2Ize2Wj8hIleibQed2X//dCZ5bowtP/lehZQRc7zxI9/fZ5efldF92/RIkSJUqUKFGiRIkSJUqUKFGiRIkSJXqq6b+v7k903qm7Oq0kSoSoTM4kelrR/3MOBHXkf5Si7kSJEiVKlChRokSJEiVKlChRokSJEiV6RtP/XO3+X4kSJbr49K+JnjH0PwT67yvFhHn/FT1jdLHzNVGiRIkSJUp0weh3hi62HYkSPd3od/8z7Z9EicrQ7wroYtuWKNHFoqJ9sZm9slF5iRI9E+i87svfXjueFdF/IPot+x3QNYgicsrwRuevidEY4f0Pgar5dj5JxnKsgIpjsPF1fK5Id5HcsQ3q36yeajI2iudm9Z+LndViWH6fPTtpomBcz/1/ZGwSzV0sKlcDfnONp1/ntUoizOPXTlTNjXPNu0JSdTWk/8ht/A+hBv+HIcVn90VERqJEiRIlSpQoUaJEiRIlSpQoUaJEiRKVpYHWjpzas/782Z8/B1o89TNSfNK4mQNZg0pehxvra2nLicvJ+dpynrYOp1/pa7Xy7LgmZVdOg3adWQPvQ+2d+ViXIsXbAtTmqK8Vnq1ZX3O7ov7mDiUf+PoUtetncxv63W5+txs+64eVp2Uqf5oRGd5+w9OH7AC92rZ280Rygb/Vyx4AwnrUnMamr7UD4dkWkpFl3weUnW1Er/W93/nncbDrQf+Ak2vwaDY8bq3FBGxsNfHz9hFb4beKpVnb2k5s7oMYtWI79XPA+dlqCGEPfBZ7I1fpA6ybje5mn1fq6XLMY03tMDa2ej/7Wk0ssZ2t7QH1tbS7ddp3u97khOWzv838AIqL09nSYXJV+9DX0mH2hd9Dfr3XO9DsZeI95eLd6vMa70ntN35Ha9z+bvd7kuWTrR9eVoeJuZGF4tNnawmpJ23GZpQfsMebWrOBnPraOrOe1s6st7lTxb+3tSE70NqYHWhrVtTX1qpjY0jnI8SrRVOrnTO/Wz2PptbsgJrT8/i3loHlm3clB8vW7wdatc4DLV7WAXg2NyvqRc9exaefvW4NsqGFPrUs4NXvfl2r0WlssjqRTLe+hY5rm1udTCv3AFmjZfbmYx3tjVl3S2PO02zmmlWuduXUmcepN6f+Rohbi6kReN+2+jrFahatOW2+VqA89LUF5xSu+TquA1i+zQlbB6E2NHf4mu1qeIep076eBzU+RoQX2d3cLo+3oHesNzZP+OjeJWudng5qW2Ar9xX700HXOV86sgAnQlhnRHegs0OwLyKXjwcyMU7CWoJHh8zX3BHOcz1FPsfsxX4HceC2cX6GO8ZMwGNvTUO2Z29ONY3qCe9qjDwbydhey7e3Uf/eS8f3GJnUFpZzzcymZo4jyl0pD4hfHQw7LkeIvYQjty+Qw/0pkhfLhw5mhxQvwQ++17keHFcxj9uzECtmO9m7PN8ErMUawuqOVK9idROfF4vsD/Kc7SmOO6+7ol1CzvF9zOsQwV94kjM890GIL9/nQV3voHJ5DyL285wR/A4w43VCqkOxePB1PHcku7m9fB9JOdARkcfjjtdJfEKOi/uJ68J5zH7z2sb/PU6SFeSOhDmX0R7KlOqqVIN4TZT6cLDfNX9bQ6uidkNtDW1Ze2OrG7dzbY1tlKcBvxu+RjPeqH97uS2eGvUz2Eu5bdBrXN+yvSjoWw1h30I9jvQy1LdsX9tj+xtei8YUv+mNzp69drzB91Ono5HqqQlpj/HD8e6V5pBfe708i4PGpNHZsRfxUX2Ngc0coz17G0NMCTb03ODisLfR21Qj6OZnjb0hLt4ndgaJ+ELjgnBBeUJ9oHHfw+Rh392Y09+IbGP4CfnH7d5j7OU2ybnUyOQ3hj7ifWDjI9nAYoDPfVYOwVTcT2bNXuqzlZH6Vupbl1LfEvWJ519uD7eR+UrkS7km2VAQW3wW5TnH5/leCGyO5TLXX4JaGF48j/g43//8/B/UByFfuZ+8VgQxY5gH+Aj5EeSjZK+wV2L7XopJrDZwuXw8kMnyRYyBkOvE9o5wnusRbNPnNTjX+bNdW2OrObu1krOdf7axcx2mNrSuLZxvbDXnPgGPFuYnj0U0Vh67y3bty/7Trprssp3wzGlnjXrHBHOXwW87Z3ndGPq9087798uUjBo0ptd73UgfWkPsQLIvszbsZON4jKyp8fZjwrKJbXbOy7xMydhHbcVrEJ+Xvc/PYZt3eUwcNg7/mB/7GIYhTpcFviDZ6Onx20f4Ltu1j2Jgbdm1j+piuHsZNq4UH/4uxoE/XS5S22luorGdnv8yZpfPWR5zn6eXIX8szjRvPQaXobWXReQRP5h/OIccvru8DThXsf7L3HqbU/uIveEe2udyjNgu5pPfV56Hx2yfk+t928cwxXbsYz4weW499R/HCq/1+clyk+cW9oPkiBCHYL/6d4pXJO/RPqF738fX+7BX0669euwPYV6/w7i19zKEz2XCPg32ALZT2ktYRrB/6B4I/EX4XYbyPYZLaAeyPagvFuN9gZ1hHfW/L8OxjeafnBeXYX94rUXj3keWP7ymWV5sC+5/LKeCceuTe/K9wHKO1zIp7iz2l+3ka/aFfgh16j+x/cb1kHq0C8fS+LET1x+cx7xO4ncpHgyvCB+Nj7xnvM1UNjlTsJwn9RHn1S62H3GOobjiHA9qHMklCQ/WD3Av5nUN28kx2kX1pHMf50/nvnTuozHC8tO5L537gnwsfe5Dsney2O30efVsP/elvsXkBTER4pz6FrE39S0qP/Wt1LeCfEx9i9UbtidQPtL6IvctuY763+l7RSznuQ60D8iafaEf6XsF8nFf4OPT6XuF36t2L/HzmYThPqLv93bX5rQv25LT7+3ST/UbxnfVmnHNY3k1fy15wlrFZ9cQuXT9Fml8l7fBrXNraqm+XbWOj89bmW79Ls+DdXn/+Npaxp/L2oXX7SO6uZ1+jMrAGHvckN9Y7i60dpe302PHfHR83qYt2M/dzH7mw+8xmTY2W/Bah7u3i+gnPqKcsDhb25yM2sBuh4eYAzSWzl62lvuJY7GF2LiP+cRyBOnewtZTHjlnCL/dGyjnwvwSfMX5tmufEE8ao2DfRWhLsCcQbrt8HfB7WsrLfSaWsRwI7SV7Ldg7PGZ8r1CMtmB72d73dUXKnXAv/h6zy+0jJH8LqSthPpI6tguvzWss1Fn1jp477TgmxLO7xsveReuFsw35QfOc44VjGub6FsbnxpEOtweEXkDyAuMQ2CDHItxT2A5e5zBvrbC/UV3AvgZ+s3zZ5d+37KJ+hLWI1VZTs7bwMVRbpVzfEmAR2fsk31g8RRJsdBiw34F8oa5hfMjewv0ijFuAM89N3m9jtmA8CB+vP8hW0l94PcByad/Yspva5PYxz9lI/4z1ELx+Czlnof0m5TnKS44b7/NbmE20Ltp+QTFI5z4hD62v6dyH9pS3K537aNzDdXzv4ljy/BJ8Tec+kptBTJ4W5z4pX/gcjwHfd8+2cx/HCu8dinnqWzymvK7g/YvzndqR+paQn6lvpb61O/Wt0B5OtR5zsu+ebX2L4pO+Vwg5I+FbZKPDgP0O5At1LX2vCHM20j9jPQSvf6q/V7h9HmDDc1qIhdH1+1fUadrDnpxgfE8tmq8tXLeVr3XP2nAcj11RhXcP1lGrbULrtlh5AX+trCdCWyV7YtgE/gh47EEyyZy2a4vzRaA98bmtnE9aj/DYavRv5b4QHPn6feypdW3dg36L2NY6PRhP/7veYRPEG9ticm9rgY9b91DbojhI2EXiujUaTxaTPYJM4X0rtyu6dyIxlX7jp+g3wxzp9DmJ1+4TZKBxw7cF+8xjs4fjK8UL8ezheSzsNSZjq2RbmT0u1ZGSe1vjVcvWc33M192GrI3576270XiM7NpqubyH4VyQA1Vr0R5MOg5bRcxqKX8E12o1MpBN+ksJWdVqNHrfSmperVzf8VwkvlvNfLAejcl1no2XwYlhFa9HLE8LbCN1Xqo7ezxWkpxoPZHyAssJ9rMgS/JBWLeV68djG80ZbntOWyLxidpk5zlmEh+uuc5m0yeDHhzBKCI3GqciTNK5L24/zuWidZs+9xm7C7EvYWeJ+JY793GqZU8mA/dDtu78nfuKc3hrQT2rGuPzcu6T82ZrTB6WWbh3In5J/bbA7+rnPh7rSA4Yvi3s3BSeD2oL8SV5IdXLgj4R4lx+Xz/1576Izah2FvXTarkh2iXoKMz7WC3ag+kSOPdxns3glPpW6lupbyGbUt8Kcjv1rbjNqW+FuAf5m75XxHxJ3yvoXPpesTE8ZX5ak7ai9+furc+pwTztb03byHs9eq8X1knvEmFZIXGdso6Y3nDNNvaU14dz2wQ/t4k6/Tuf34awfO7eHOs9+fieugLKdaDf8Nxm6LlsnPLXF8vei3gcHjb2dZREXfVVxuqoHU5uvZcp6XI8BqM91jaE2V4sn/q6LWpXvcHG84W80to6Yvc2h1Odeec4USx47Krp24bW0xjLcYjnAdeD/ce60LvzI4YlliPFmT5l++M4b2P2b6sqp5rvPOdxDsap2p6u/hvnBPaX+r4V0R/dPJnTVNbZ26b+fea5pi9sZTEq2tfb9oSxiOWQGzc5XVzfimu65dnm6ltMBiZprMHsr7j+4tjwca7H+7ktylcvrMF2cayK+pusn2MWzz+qn/sQsyNcXy22/l3uwXTtNlGXbHfxXsM+UJu2BZiFvDQ28XEf7zCuNG9pr+fx3sZkUxnVcrIIg5jtZdeH4+ViIdWvdO7jc+f/3Fdub/AYhjkR5kyxTznV8JwLa0txnlXLGaneV8sVAffg3BfL7XiMqI94X8fqfDyPw3pQjE+8HhTVNSl3yuyZ2N7m/vMaKtsq48PrHK8B1eyP48x74Laqcqr5Xm2NTOd+7ov5G9uTsRrVwKhIBq4L1XNIOsNc2ue+ItxkDOXaFvNr8/mU+pasP/Wt1LfK7ZnY3ub+Y118L0u2xHKFx5k+U9/i/larv7xGFdV62e5nbt8qE5sYng1MRvpeEcYlfa/gfeSZ9b1C0hfuixBrv/YPahqzP9jXmG3fZ57mXVENeq8R3vex3zUNfoyM+7Ht+FnD5OwL+USKrBHnaqjO7ZwH2xDzzWIkyOb4Ub4GTTWM8hhsZ+/w3GYIj29j9AcQwxo0htYHT0Pb9/rndm6L468P1lt7iA1ct+BH/F3r2I70KHs4Tua3tXW7lbWX2SbZEMGU8Fa1k9poaTvi8zjWk/Xb9vqnw6tIlzAX5Ab3xflTvzm5eym/xXcb0sPz0f1mcYjJBtv42m0YJ44LztW9DaL/nuqNDibHxonjofKr3tho96edQ3XNjsdqDOjN57cbCuxEv7W/9SZGvg8D/fm9lewfPnF19q9fuzmbn+3X96xqb9Cnw49jLlKYC9sRERvtfov6yWq0UEur1WPST3idl+qoVI95D4rUdaqzAb03BPzbS9vQIPA2oD7SkHFfRful3mZ8wv2oyC7ek/2zweSjYIegU+zX1eJbE85tr4mMS3qFuWhe1aAYur3LfbZ8DR7rWL5Wyc+orxyzGtnmELOGUDfLOfF3ydyJxjd6bmkI1vFzVzr3FeEnYBPBT+QTbOS1gsdmu5XDaDveCzG7I/m7neslmDVE1/P9FY1bUS21+VEj7KdI3ou5IuTddkZR2aXtDPOe11+y1yM1rGwNkvzhmMg1SupNJeRKODM9Qa0oygVRdlhzgt4r6ZJizPOZYy5hFcw3ONlBDatpLHnuw32/IKdqQv6NxAdjEMv9cB83iPIKzzpVxi7auc/5nPpWYb4V1X2MUayec2yL7JPiXxPGJvWt1LfIvovELPWtCFbBfOpbT5u+xXVGbJTzKH2viOkU87NafIVanb5XyP5fct8rBF8K44D8uLy2OduR0+V1TdmOOnjq9x21Tf43jNfqOftU82Zuh3uCDL9OyaxF8+bdzdeiZx16Wl6sF81r24weN250K3lNRh9da9fYdTuQHZcjvZfXItnIFrxmB5K3o45io/Rz2teUbbfPHHs93pCTjs/lMGZitcPs9e3mucPsgx2OB/2uxb8bjbxQtyP1rvVrfjvu123fp+e07AZ3RgUCW3bYd7u/jF6rYzvx2cxzGwBj8355Pq8xa1Rjl9f68R213jaNm6/L3l+DibE5GDeYKl9qGxxmNg7bjf9Wl8ekyWPiYkfHNZYNzk+rj8TP2qB4mhxZHDBezl8nr9G973Cyfcx3IJ4daA2OzXbsB/EZ+4Zzz2Bl412D9Nl47/M2EvtqG6nPTi4eRzpqqR/OZjfW5Ox3+Dq8cRytfRjbRp1bZv7yfSa/bG7ZXHO8NudYLtR6vssxL4mXtQ+Nob2zw+4f5D/cZX30bSv5eL0er0EY231m+H3+NHrf7b6ytqJ9vB3FGu8954f5fbmt2eapa3QTrZG4/uF6jOqlr8vNpn76+r0Dk+0BtsfU+vp9udFteXa4et3k63fQc1DPqvO1n/cBbreT43Q1o37SlO3g9hv7rL2XIzttPyQ9DNvnMEZrsd2s35C+hnHDvQ7h42TF+hXr434MY0UxwNi7OLE+h3OD9sGmyDg+F7D+XtuE/Pd54GMf+nA5savJYyngu8ONMT0ohtQvli+47+P+j3LeY8bk1DLbhRz2c+gM5faXnBdu/9VRu3A+O78w8VgQ/9K575zOfWzfER9rUT0z8v4Q711UR7F/l+PfOO583wo1jsa8ya9lscIx97WY5jzhqWX+1zKcSFzo/OUBjnSP+3g1IczRXiaxbCKxCveN7UXeHpzjWBfNtch+I/sBx7uJ2ujqA8s7Vh9I/gh9dkcdwwmvZ3WB1DorC+9bYQ2tAz7udj/x+JI4orz1e7spsM/zoDMUqSkoZ2pR7rEa4/FhvvD8cn3Dn238PuD53oRiifZfLfMR41/r9fD6hs8CtFeEMd+B8Q0wQ3aT/OFrmohf+BzG9eNef0me+3BN4fWrFuPmsU99K/Wt1LdwrtG9nvoWzefUt5qJPalvoRijvNpQ33I+NAW+hT2H1qP0vYLFq47iReszxopikL5XsHxB9Yn0rUvxe4WNrdB7SL3j+wDl2K6G1mxnfUu2s8GQ+g1jrfrZgN7tWL0eV2sJtfjfTiZdE/K2UBn1wtqcdrlxQRdZS+d3xfxh63bVMznEFjzWQp9OJuCBMMzpDxU162edPvuppyX+nsclfDayJ+dv8nJq6fxOQ4GuekxN4W8iqwnpaUTvjcxWq0+Q5343UTzM750Yp+DZ4m0KMGuqjklAdq7J2Nzk5CqsnI1NFKc65APzW8I+jHMTfa9FscF6q/nFcahtZvY0UYrFAOeBtZ344OO8k8gssLG2GfFirBkWHI+oPwWYcj3muTPIb5NDdT6ndrqY+vxSezZfu8v+JqTHfT7q/PV5i/CtxXh6O+2dEaa/eO9xRfau7XJ3l4bxbqR5ymrFTikX65pYznp/dxosoC6q2ghjDc2oluPaK9TooI6jsXqhthI+qSdIeqV1Qq+pR73BvbcwedyfiJ31kt5WhkukfwR9r8gv2ycMbz23NdJzne1CX471qsDeiB6MJ7J/F9dN9MbkFOmV47wrtg7Fk/BwjIO4x/IBYyXkQ+CvPUNQ27Atu8jZycxh/np0BonlN8eHxJ37x3nsOaxaPFBOOzvTue/8nfsimPBYBvszkrsF+yWoBWw/7MI5Wl9NpxQ/plfEv4Xpi8WoRZCF95Hku5y38n6JYCLFg9QTHx/ZDp6/vJ7I2MtraZ5G612RX9F48njxGs9jKdgeiW/Y+yI21rf6f/chWDMsomcH7k8BpmKd4zUp1kN4jnj/Y3s4GK+P1Nto/xXeybpIbHieBuMClkQOxWAXeu5CPJfWuS/1rdS3BJ9iMUt9qzgvU98qtjH1rdS3ovFqzcr3LWmdgJ1Zn75XtBbkXUEN5nOsx6bvFS0CDk+H7xUx+SViYnJyd2NbdkVTe07+uRuRfs/HG9vpswmv0zyWH3j0E8kxevRaT1iWW+9ktpGx3U5Pe2ifW298aLR2tBvdns/aJfntdDVS/6xPnqc9uwLZ4/SA7AZYn+dDTrtzvHebXNqtvhdrgm/H9vu4/Vau3t23dERqrCWbW60osvP2W7SXp2sOvGu9+JkTxLvB2qRpF6LdJsd2GxlKR/48de312anrbiB27bL6kU9Wr7arFcmlOjUeZrxR26SwUpi1uXHbu3a7f4dpNhh6m70tdFzb0OyefYPd2cr8way5s8PYjW23NrY6//Fv/8zH670PPJ7qt4tjS65vKOvP9XrbMEbNQRw8LtQ2Xbd0fEEm+EFyxsa8HsehmdhL49xKfTI5stPYNTXZp/S0dBis6hDGxhZnn80B5qO7/6lrQZho2Ydzcrnr1rcw25sZNlTnTqOruasjW1kYyg5P9ZFYuRg1tpjcavP5ZXLN5p6ea/N8Cp82t2Y3WdNCfztc/b8XWf1gF8Sf7pkm/axryj733uOKYGynGm9yOMP7YRMHh1Md3WsWK7C3f2h/ru9g1prnd2yP+/3W5qnR1kpUyxp9Ld3N6yquiayWy7U4/92I17SRmkx7AB3bLc5bG2N1mMm3/qEeckVA3n5iVyNds9uMEd+EniD7IPSQxjbWm7gM60vYn1w/bMSyeGxYvFivt/30Ct7rXA+kMsjT6UXxcHkUkUcwbs84Xhh/3p89fmHvd364fMM9nPqOzyOux9tzSmM71Yl4dpMYeDkeE2oDz0Nqrz2jhOcLGluUbwRvFl/sCzpH7Q7s4rmdzn3n7dzHc4T4Le9Z4k8j9X23ZAvZFyhmjWGdDn0Q7AiwFGoK8Veqc0hGo7UlVgNoX/DxoHVI573Jucb2jMfb5S/pAcLeY7kT4BbNR17vuK7Qd88n1G+EB96nvJ6EexTXNrYHcG40SnZIcW6nPgmxJ/nSSP0g+xTtdVpzhF5H7GNxEuqeZJeVSbHANU/qfaxO4vmgXto6GubQFYHtcl2KzYf9gPJc0cRtYfucxIGu4XVWrqNWjid/1kP74yKf+1LfSn0r9a3Ut8I4p75F62fqW5dS3+J60/eKcK+KNTp9r6Bxe5Z+r8C2455H90hYG/Bzb0tHTp3uWaN+d6KxDjcWzDV3mKeds/wdwVqqB1NsLr6mRpQh8XHdnC+2xuqg62uiOs3vHI89ze05mWeTpbbszNmbsiz7XfaOd9+bx7HFUwNQa3Zs9biaf+CRR+mdT32rWvO/f/2/1TwQ/NZyWo2cVkUw9v/+278pnjNnbzTjbUhvmx5ralXzmu8m9U72T86zJ6cHHn3U6bT0wCMfVs+3G/17jB9//93vKrK2WCJ6VO62Olz+/ruPqzUWI6C97nf+bPTj8P8Skuhz7zuRveq2I1lrV4fDdI/FJMdveqov++6fXEPWwPu1V456PHJaWxxWc+uLBw1GHgvQAWTxtM+1nBfWrKk1Wndrd0f2gdctyvog1vm6PYpa1RzYvqexjdjyqttm1JyN7XX5WtDPff/Y3avG7zYjV6+/4+yk81nbxvxQmOo8wP7Aun/63PUM3+PZXz98Wq9rQDmbP6cP92Vfz+e0HzNOlvXL5UHO/6pbjxDZ8NvztJgYHDQxGA6w9jHQ8YW1PK4g8+4/OmZyrM3l1V7ze68ba89efdtRtWavyzlPe9EaTK82ccGy7dPmS2t3Zx7/pTD+J0bp/Vr+BGyBrmhoVmTnb79uMvtvQRxOKLy1/35/QV5xHD5295qy4woTY7CvbX9X9rG3r2lZ951Q9Qn8tjVrb06u5jV3CvWzQ6iDaK45rIVyLS/qAbjuSjXY66e9qBONS7WZ2oh1eDtDG2qkdc1adwwbuZeGPYu8N3eg/snxlX2xGFBbOtF6jNNm+m3MP459KKtGHKO2aZ9p3ih7Ue4FedaMzyESRliH7FONO7NUO4dIZ4fY2aMoXgU4N/Nc53upWD7HoQZh4/NDym8BF+F8lM59fD/G8kLOHblG8D3fyeKNsS2RQyzu8bwpwr9anZJrsM8zwb8gr4rwYjnJ8Khp8fm8l2PWLNkq5UssH4Wa0SxhUZTLMdx9rH2c8J6X8jK+J0mONku2hzWBxitWG4v2B/rdzPVUo1BWvDbLdUnKzRrBNylW1Gdqm3SGCM4PzdX2npBXwXlCim9EX5RXii19j9Wa8CzRoXpgWLc7L4FzX+pb5fclxST1LQnzEL/Ut+I+S7H2cfI8qW8V5EBBbqa+Fb4/M/pWJ/sd5k76XpG+V0h7qbi2PHu+V8SwcbWsWbATjdW2dXtq78qfXXTMjrd3mznz21I+X+fGhLVt3WitHevK12AZSG6bl+vG27qFp9XNeNu7Qz3q2WX86KI62mW5IS7cNqO7Hels7cz2AbWZZ6uvVffc+151n/PffvzjbG9Tax6DNve9fG9jW3bPu9F8ox6raWx14/e8571ZV/9BRfe85143ButrcrrqBn1P9tCjH8muzn939Q/r79Q5Kd5cP3yr3gffq3O6xvADb435hq33pf6mDbLtOtAJ9i6uHVf2Yd3aj3Zzj/W4eq9paXd0taTH1IS/f/xxRfB7X2tO8MzzUhFgZ/HL+eH7+wffsJRVlkeyytJItp7T2SvHsg++fsndYQwP95pv89qug/k7jMNdy8x0v8L94Eiv+p4P4+093Qo7WLO+OKLkVJaGtZ2K2tTz8/edUITHwHewwd672Hha2XeenVLvwyM92cfN/cHM9KDDCwjG4D5lr8FcU1v26tv1fQm8t+/vVvaDfqsHbADfv/7IaTVn72LgOTM9oLHKcQH7Onu6nD/Wj30tKA7NOk5gm113UOHYqp4fNHcysE7lrc3Z3AaFbW4DYDc8fEDbb/3KfbBxsP7APVD7/i5Fduw1tx0xMWhzMYCn88ngYm2HMfARdL/9pcfUbxgDnO68/rAbtzlWo/YhyiuTY6+5Xd9j1bTq+rrPPN27GXN52YrWAH7NPo/1U2Ps4p/bUpPbBTlp749mDg+4vb3X3ivCnZK5N95j7ixVHHLcYW2NwmVY4az8t/dPCC+I2fDIAaX/7Mlxpf8FoN/YBnv+429fV+NnT41ns0eGXK2qbe3Kn13qvRbXZEN1pi7W4VqI+0S7qa2u/tI6T/pFW+QZ/O4Sekak9uP6G+tfUTm4D1k/8zGhD9WRum94kb0LlZOKxo7OZd0HR53ssZlj2Znrb8q6h0adjIXKlQ4bGAceLAfbA/8dwP6hUacbZIMOi5XiN/Z0Dx1S/73A2NFjxFbQp3Rg+QgvWGN5wJ5aZ+dJZ5te53GDNYrXxAp0gn7ba7Vdmnf/QWvXnMKgrl3Pdx885OzQmGhMQefYzBzBdzx/Vzz2zNHerfSDXJj3+g1GDlMtf7/hHVNyTjL89O8wFlcaXEeR7i5nr8XZ7g14937zeHbnPhzTPiPddfzM1E5/W9keC3amCvZPl5HZRdYH+Z7OfZHawHEJ4xLUnQg+ZJ7UtRhWtL64GoxrsWBHneGpE+Lt6zjHrZvoiNqD4yTOdwW6CmPbztcw2VKeMx/CXOgq8AXbgfGgOsk7t4fnIelTsu66dpR7PJdE6vJ71+0vipuLr8OC4Sj0bbIX2pk/QZ6yXJX2MPO7jmOEc0Baa2uUs0vIoyLsi3I20CXFFGGF9RJ/fF6SPSXVA26j4ed7NbCD7yuSO1hnDAuBGG9dINufY4K9xOJ2Mc59qW+lvsXrSOpbHI/Ut1LfQjypb4n5k75XYL1dLj5hbnvbeezqSOyEekdiwPcty2e+h4OcwrZG5lkcw/3GYyX1SlYHXa/F2KFcae8m79yOOo65w5L2kTpio1SrqN11kr28vwSxEPzE5wi+h4J6xGtxGLun4nsFxZbncFHd8PIaOno0dQLt108yhsbVc3/I2ylQbFxax/VL/NF3PF40x+3b7/V2lNETk+2pPpdZ39Gd1dve7WpmZ/YPjz/u/kxT9+CwukvYZ+6V9jW1Z1/7q7/28wPDbg7+fBXMqfcWT5/58z9Xc/q7fEf2znvfp9bWtnYEBOPvfO/70Fhnds2Nz1Pj8FTfsNV3bPPM5f2DuWOy8rX+tmx8ZlbLu/e9yB59JwVrsA6t52at54abc7lIj8EEqK4VcrYTnWu7POV8MA/f6197x6y3VcnSuuC7PMzf//pl9b6vWdt8/xuW1Lf7zt7uAL/O3v16fYuWcWJF3wnA0+kwWHz+visVWV67zq45vjSi9A2P9Om7mduPOlysLY//yTW5PWBfu5HRbnw6GsQLxmDOvnfltvo4dDjZ158aV3yzM0N+7e10LY6F80PFoEPHweBodTodCC+w3d5/WTuOLxvf8yfwW10w5zHQsh7/5DXqHkWvbXe5D3iAbC5Tx6Cd+KBtP+HGLSbcz3e8bF7FvM70EppL/gm5BLpU7rWZPIOne++iMvAaMm+wzHWPHOoPYmp9AwwgH3EOunvFZl8LHNYkXztUvlpZNv9IPNG+6OrrcXsMbKvLx+3+sf5AjarPe4GuWZrK1rmgLkr1M+ghG6nXTJ7YK6TeFNEt2sH6kCQ36gPV+bFPfjr7xje/pZ6/+c1vs6vzmgpzr3zdm9T4Bx58OHvy+z/IekfGlDz4bWUB7wcefMi9q7mcp3d4LPvJv/ws+8ADeq2SmY9ffYPAnz/vftd7si98+TE1Bzpf+fo3qfHbXvQS9X51Xoe5bqBv/J22G2z85a9+ZWyHdX+k5qwvet1+5YOy60Fr181qHN6tjbJdDxO7QOfyiVNq7cTsQgb/KHzyOeAHsviCDGsnyNBx0TaBXOBx+h2mDzsfsc02Rhw/ha1btx/FYn+2fPyUWofXKJz/zvqzP7fx3dRGkx8Yb23jze7swWMBpDHpUZhADpTK4VheS+c6cY+kc9/G9ZaJRQQPrL9aDKLxKGNTzL4CW7m9GCOFncW7hA0dRTJj+CMbo9hFancR1tzmwt5kfJV4i/RLeR7k+AZiF9Mr5nVRvGP2ST17k/ZxndXqQ7U6EYxttu5E8qSoNpZ532gsNxTnKrxSjGLnl9JYXSLnvtS35PHUt4ptTX3L+yrxpr5VTmfqW+cQ5yq8z+S+9TT6XlGMS0+op9p+6eiR7XLjJXEjOJeoo9H44XrPbdtgPQ34Ir25Wg50FOT1ZkjsrzE9HM8YvpEa1lGUWxGbSu9V3t/L9Ge2h/Pfzd0Hzhs1ieO9m14vy7tQVM1uNt/VmzUp6skaO4FM/OGusL1L3eX857/+unre+ZKXZnWtHZ5aOsz8X7t5+FY9eXRO4O9U9IJ8DOYmjx7L6ts6s3e9V99jwXf1evVNXj+BYBzm69u6FIE91930fDV+3c3PV++atK3AA7b+0z//2MmoN3rrzL2Yktfqddg7Ka3DjoMefV8G+uqJnu6c/4nsH554Ims050zArNHkMoxhgu/wr7tzDtnapeRZnz70hmV1f4Ht/ZtHzqhxi1k9JmQjPK9c0X8OBp5qDMn+wvuvVGTfLV25csisOaRkvOjGafW+v68nf+9AOjqze14+r+4yvE5/N8flvs7cl3AZnG48PaH4jh0dcn74tV3OD4uX9QPH2sbbrutWttN4f+G+KxVh7LjvmFSswK+cd9Tc7dx4asKtt7G44ZS2f3S0X5RZ1ybFAOui+IAv97x8QeVBQ0d3kEOa9Pjr81wCXcBnee1vTHYN/HZrTP5S6spe7OLfi+Jp4v8yE3+UgxZXu7e7D+g8f+ENh8l+l3IWdAAv6Gxg+4rbBU/gff2ds85/2GdNeZ0CajS1ayO1ejP1uSm6rleQWcaW3sjvjcqJ2Siv5fb/9F9+5n5/8bGvZNfmtQ7Wfu8HPxTX4/Frct77H3rEybVz8Pe2vvoNb1a/Dx9byv72m99Sv0H2/Q8+Isqy1D864cZBtrbH8zdFbNe8zzO/Hw7Wxe3qFfUU2YUJZAJuWq7GDfNxfFdPngl0YP3XIkzt+yc+9aciBliGX9cb8aE3u+MlL1N2VsuBajaG8rXOT3zq00o+YAvzgBnMbWyv8bztFfP2fNGz+txXGo9zwbL8uvODXczHMtj0luQN7Y3Zvtlafu6x3oysjft97nZtNGdD/gux58rmaHVb4n3/fGD61OXb+fKlDD+Xe/5i/tSd+1LfOj95tDm/Ut8qH//Ut86HXalvnc9Yp751rvEpG/en9/eKjcdEllUaz65zi125mlO9VmzU12LejdXNc6UyGJTL0/NFof84hzei73zY1tbbn7XnBM9WQ229A+rd0wB7RqinYM6sbQ3G+wK57SXktgvrYjrjtsnrW3skOwYK/WvdD+v68ueBrGV/b9YC8e3qyWl/dv3zblV3OS986cuyf/vFv2Wf/YvPZQ3tnYrgm/RZc6e0euJk9utf/zqf/ws1d9bcAZ01d02Nljq61Jidg/d3v+8+9a6/U1OCcZiH79dNnZquf94tahyeTeabdnMnntfy/+rrX1c6MHl5Xe5+4LtPPJ7TE0pfU2e3ktGcP60ceFrZTV2agB+oubtH5X5rTi15zQPsWmwPAwzzefgO/4YXzOm1Srb9Fq99fPFNRxRPb/8B7Xe7vid64I0r2cnV0ZzGslNro/r3mqbx8QGDSXf+Pqb4T62POfubjPwvvv9KRfbd6rRr4NmI7jkc9u0+BnRO343ou4U5J7PJ2EJ42z0/6LnpzKSafyfc13z++uwbj5whscZrm2AMxfSL7z+pSMegx2EJdGDggJL3N4+eyXVMOYxOroyq+0DwX8Xb5B/Mad9HtR5E/s4E8eW46/WdJm+6EH6j2r9ViifGysYA64FYAy/E/g253xBrWP/OVy6anNL39DafWlzN7clz6Zji1XvUUKehHBf3jub9mv2ELI6QnzCPcyeIi4qn9t/7pHEFjCx2Omdxvo6pp81vyFOfr3RfNTH7gPT+Oeb2msIjr1Wt+/t03VK1K1ZTB8TxsJbjWlutNpehgbwGDwiyq9fwcn0q3tdaC+Rzv7//wx863g89/Gh2Nq/38P7LX/27egf60lf+MnvBS1/O+PsVL8xruQNuzsnpQTp6Bgh/m+MfyGYWl5UOeP+7b307q5y+mspxtv5IybR9Hmz6k09/RvHBWs07EKyDOxUsz2LwfTP+QD5+veXv0fYCz9HFFdEujOVPf/Yz9Vtj9Irsnnvfp2yy+q0ObhfGEY8TjHr8OksQFxtXKRbtFtsf/BDZOhDEBZ8PYrbAeLtgexuKNSfA6bVveovCCrAZGp/K5PNHbK8Kcz1h3qdzH9vXmzj3wZ6kPlGcid9ITqutqZLsoD5Vt704NnL9tvLaC/XhuYGC94I4VqH2AEeEQU/IizFtZe98X+oeIuVBMY54b/AeFORyD4uj9Jv0xD5qJ/c94A9zsb2nP56XPQW9uWzN4LLFvVhCtvO/L863gT0qyu+R4hKrZUUy+P4t8rUIY4Enlh/IPlnegCyjNMX3fXGu2bELfe5LfasoR8QcS32rCqapb4m5nPpWXHbqW/GcYPalvuX1Ph2+V5yTLURufN+ItbFUX5ZrR9jnBwpj19pDZfBcbO/FdczjFMSvKpZCPyzVlzC/lNPl64D9vtDWE+MfEPpLnNrJ+pJnKQmXDX2v6C/sC5iP5roe7+wbzGkI0WBI/UOMR+ItMx6Rb8f77RONkTUxGZyXyTPvHZK8fkkHGwM5lkRbBrKOA7n8A7qO6V59QN1ptXYfyO697wPqLmfg0Fj2Z5/7nLrLajL3DECPfvSj6v6qqaNL3evo+S53B3TDzbeoexu4F7J0g7mHgid8p773vverd8XX1ZO15GOaetQ4zLeo8V71Z8dueP5tev3zb81t7FF3SGCrfvYo3he//BXZ47k99u87xKTl7TcyexQfkH23BPKtHnhvNfdVQI8/+aQifVY4oHDT2PUp/Bzt139f3xtfeIzYqO3sVXLPrOu/Y+/M+pjBSt99FdEbX3DMYeLXjzuZinIdX/zASUV+3OocQ2v2K3nw7v33+IRzPcgGc69g5HLe/sH+7BuPntH/H7DPX69s+eQ9FcUHc1gmX2txAvpSvg6IxFvlqPZp6dghJRd0cKzgvqXZ3HVCvp02eJ3OMWgh+YbuTHJej9GYmnN3RZ371Vo8h3mbWR75GOh3sNXa+cQnr1VzD75pNXvp846qfFHUg+mAf+Y+Qy7BWp1PB1Be9aK9APj0OnrjC+fZGsrrZfa4PRSLC/hn7xUtJhaPIrL5eWZd/1m2M5UJZMuB0HZ4z/3V+2de+Q4YtPf4Xt4BlNeuDqHGdgV1saAO9+M5qX6zmm35cX/p92s7iIxYP5B0cPvQez/WPyT0hCJbZb3/8rOfu/cv/+VXsxtvuU29f/Pb33E8n/zTz5rxIXWXNDJ1RMl80cteoeasjVYW/HnX17/5ber37NKqkgvzIMPydzjdQ9mDj3xYyeJ+w7i1x8vneOrfnteuu93JApu1Xffldr01sMvrH8xGJqcdvx5/ZTR2IEPh1K/xAppdWlO6tZ8hvrDG2WTiAnpuANv7MUY8VkPEF/sb7IU5FYvPfNbJVHr76XrwRftPc8zjOmhsXAtsB5s8RkeI/XbtiauuNTYdUXIs1vKZB59zhLOMeLaR3tO5b1PnvsBerq+objEb+ofo7/6Y3yy+yLYOETNPHWXjR2pdEeZFsY2tYz5H/eTjMRyknC6aL7N2kO3LAv5IDhTajn3ul/iq5E21/VQG//6IbUVY91dby/OozL7R1EX2TlG8ByP6i+rURmrTRvOlTDxwbZD2T1xnl6Crq5+vYTKD3I3EgeBJxy/OuY/Li+mtgnvqW6lvVd2LsdjG1jGfU9+qYvMG9mthLLjdRfUlglfqW5uMB64N0v6J63x29a0YRpIdJfIvyDmv93x8ryiXM2zP9Usyi9aGPsl7ZKP5Xi3Pq/m8kb1SYGeQO2WwpPHscDks2Vsyh/q9zK6gxpXFrWxOsnysinNEXvC9okRekjWhf/sHh3M6qJ8DiAZjdJD+Hjho1hwM10myBiQ5gg6Qh+1y4+iZU7f53T0gyTwY2juI7Cz0M/S1e5DZ4eTkcwNDijTGA1knfBfu1f8d1uNPPpH9809+krV192Zveuvb1L3OzPyi++7/43/+5+yvvv43+e/u7N777nPzx0+dUb9vvOUW/W28qyeX0aPk3HSLvh86cebq/P1A9t7367sy9Z0aqNtQ/hvGYR5+t/f05nQgu/kWfY8Fz/b9fflYn7a3p0/Nu+d+TW37ezXlur28Xqfv8SeeVPdYeq1Zl+u6+VajJ3+2GbkdPfrb+RNPPqmoE+5Tc7wUdgc8fpY6Dui/m+5NL5o3dlnb7LM3u6oyqXiuOj5pbOpV9xtveuExZXOrsR3o8NSw4r3l2mm1ti238+oT+l4Ans7//frew97/WF3t5i7kquPmLiF/wvubzD0H9t/iAbb/+PM3EHycT/stv+f1cnqzh968lv1TvnZlYVT7YWOM1rQpXb3UBuOD9+OU86PD3F9Afno+b0cbirn1X+FnxqzvV1UmHK4275RfcGeS/16ZHyUYaZ5eg5+OGfDgd3g6nHo0js4Gg+sTn7o2+9sPX5UNDg+4nFB5daAvzyeaPy6f1Hi/yqc3G4w1JqeMfP0E26cPj7g90ZE/O3N684sWDLY+h+0TcPRxQ3vH/IY8dPE3GHuf9N3T4amDxv9xt9f0HdoBdT8Hc8rf/H16asTk8BFnY4e1t7fPUL97B17wGXzvVKTPfEDd/UOmfqF6N8Bq78BBP0bm9bN74GDYPwZo3aXyI/0Eyw5qNB8X+gOv0a4PCf0p1qMkGhD6lRn79Gf/LPvWt7+Tffozf5b99re/zW6+7Q6l/yWveFX2re98R89/57/oHpXTD370j9ljX/1a9tCHP5L97Oc/V7+B57G//KqSAT1tdHpGzQEP8N986x1qLciGcc3/NcUP4yevPqv4gP+xr35V8c+vrhtdXzU2DSv7YC3QTfkY8MNvqwd45lcrzkZYB33Pzo1OH6V2Gbn2/aFH9RN8J3Y9+hFkh8+lN771ruzd73u/+w2ybbzU75wX5r/17f+i7IR7LhuvmL3gO8Zo9PCMWg82KN8Bs0EvQ47F1xAfzXuLM8gEm2Fc2ZjHGNaoWBsff4Pw/sGPfqTyhGDE9hLwAcbgwxuUbHTm4ecbt/fCfdId5GrRfiuzD9K5Lzj3Id5uwe5uws98M9QtxpbjwH4jP7qDnED2DeCay9azuAU4YruxHyIf7wsHkQ/IxiAnYnW+SmxITxJ40Hh3LL8BG4I7taWb24X3mvEtwN7xF+T4APsd2ycOOxsf5BOOG48Pk+1zkPVvbkNRn5V84jJ538d7QIp32X0Y2FWAubS/uf1oL3UTX4X1OW8P9y9WQ0itYj5H685BH0t2num2dQfvLzFfsD6p7g3TeZZfsZ5yUc59qW8Jfqa+RdanvpX6VnTvp75leVPfuoB962n2vSKKP6vp4b9XSjFEeznWlyW/GNZ0L8h1uXuQ2hucFQzFxrkvgX+BzTj/CuoF6SUHyXpS/4rswjUS9zqpLsTyS8orvo+lmAzaenuQ1habIzwX2V7ye5/HUN6jcl4hPYX9Vsqf4ezAwUOahg/536VpJPKbyutV76PheqazN6pHWLthu0eE9xEmZwTJG0XPkUI9vUMjinpyPHsstvBtGP4bhL4BdY/z0Y9/XH1nHhmfVO/ve/8Hsvbu3uzowpK7F4I7C3u/9Oa33aW+1//6N7/OPvqxfG3vAf+tOieQB3Od6rv9gex9H/igWqfuhHr7HME3bKUvn1dj8A0753nebXeo8bfcdXfWdWBAU58h87uzz/BbMjK1vPu9rgP6TuoXv/iFHuvrd3rectfbjZ63K1uxnl/88hfZ3/zt3+ZYDSq8fC7nv/sNhooG1Hf4t7x4IV/X7+zVOgaUnmtO6DuQa05MGUz6soffsqbuOjoQHkAvf77+O95mjhzSMnKZ11w5pcZefssc87lf3ZkAeQz0uJWztjiudMIT3m+79ojjsQR2fOpdJ8ydipYNvGCjvsfzBGNw52Hx/fIHTymyvgaE8LZ3LVZWl7nLgSfIeOJT16EYDJKYOxusPIPjl/J1X1L6+9yYx3vSY2JsUHcmL5534+DLva9eDuyGMe9nv4qdisHz55wsKxfwV/j1Ih25r50oH7rVncyAyR1DNqcgv/rNnU3+fMtLFlxOwW94vtkQ6IK5V+S54LHqVzwwfjTPG4Vdv5nr1/rXl/Td3m3Xzfg9ZTB18T9g7mzzp49rn4s16NZY9RG8ISdUDvb2K5kgG2L58FvXvR2c0Ljy9SWLyne1v+CsO3jQ1Sxbw8QaOMxrJ6/HQm3F9RL/HorU92Grp0StH8Z6RwUebo8gh9dzaUzqIQGf1nXmuutzOps98pGPZs+/4wVufmn9uJrDctR7LuP5d9yZTRyd02Nnrw/4gEDWxMycwwl+L+YylypYrrYB5oAfdFqfiD3DWrfls37AmOMx8dHrXhjYHNg1rHs76JyYOab4ltaO+77J7Rqm+WXtgffx/OlsN5hQHM+SeP3wR//o3rG9E0YOxUjbLMaC+DNiYnmDnL/INmxrNNZnz3q8TaxIjA6ycw/ZN1XyuCjPic2jkfEyOV9N77P33Be3aTSCcwQrXiuHuX0xXZavSt0U5URyR9Rv3odwrBA2QzEdVXTZ8WiuIh1FPUjCsQgHm5PDjAqxi+FVsBcIX5X4cBoqEVsJN77/RAp5Azyq5k9krmrNsvwlfCqyg+eew8mQ0KODOEblx2I6QmVLOgqp2rkpgqN0ZoqcQwpjZXEX5y+Rc1/qW3FsU98ScCnSn/pW6lvV8InFKcaf+lbqW0//7xXxOBbUV4xTqf6ife0tm3PVerykcyjUV8iP66jlH7K/BbuGhfwyFNSpol4l4lXC3mrkcr3grLQR2cHeCTF5Sr5XbMZexDMwMqb+vjtF5ne//W3eBw+FPME69z5OKR/vV/PjaN04Wzvux0bQGJY5Iui0tuW8g8SO8bi9WMYhbDN/9/YPYhucLd7e/mHwcTTry/HsM+fN3sER9d9E3HrnC9Q9zstf9Zqsu09/1/7JT36Sff0b31B/xgPukWB+fsl8u+7R90Sf+/wXct6+7I8//nH1fsvtd2T71bf6AfX7N7/5dfbHn/hEtr9fj73/gx9SfPvhW76iAUcw/v4P3q9+7wfqH8pl3KnG4S5pcW096+mH/4ZjKLvrHe/Ifw9l49Mz2ZPf+1525tqz7g4A6P33az10fEjxaj0fcrxjh49kP/npT6meXAfgctc77lHjd93zzuzA4HDWp84/w56GhtWZqDd/9g7qP6fy1j9aNOu9XmvD2ZPTigeeai7387qTh933e8CpJx+vrExmT37quuzL9592du4f8OthbvboqJab4/jKW4+5v9PtrUoOyB7KDo0NZ3/34asVP8bHjjkZ+Risg/V3nD2qdGkacnKdzQNg34S623n0LRWlH2wGv2EMbLf6QTbIBTuUPDXudWHfIJ6A2ZfvP+X8sDieWJnKjudy4fcjb13PXnnbMS9P4WoxXFAY2nyz2MJT55Rfg7EC3e99zYr3s0/bCb/Bp/e9ZtXZTmIwM6r9zMnGAJ427hC/v/vI1dno+IjLqbGJ0extL13WZ2nIn4P62Tdk8knd1+h8Akw9Tvn6vkHiw6fffULZdwjkG/ze+kdLas2fvvvKXO8hNQb677j+qLYh5wObwP652TFlE5DVhflAB8QDyGJicwX0upzICfLGYWp8BTmvvE3/+S+IWc+gvpsCex7LsbExtaT3z1LWm/P0Dtl9ltervPf05f2gP+/tUMOCuulq4zirw+Okbg6idYOSDFvjR2htJXX/EJeb13XSg8apbl7rg77Ce9OYkxddE/QGRiPjmdwv9O9HP/qx7NYXvDDSG6VeymWxnhfwcnvHZbkjuo+/9e53ZFefvYnJGvdYjEiYmnXX3+h41W+xR/KeH+I4iMYHAxlCDsTyguH1o3/8P008x9V/p/GKV78291mwQczlSL+P4R+sk84sFN9i4vKlvKLjgzbOI2x9kT58VnExlnIrnfs2eu6jv1Esgr3G83vcrfU65L3j9mnEl0FnK5Lh5vgaIadHIpiNhPLCGjSeiT5HcWdrwW4xd6vkc0GtCfVxjKVaw9bwnONYCfk2aOptyFd2n1s5Fhcce5x7wtpY3yrAZlDMff97sLQ8KUe4/BBT3BPCmjIe8VUYI3w8twpibP2M9nxWh2K9SsilQVRH+vmaWP0cQfVXlCv5qam/ar+RcrBajvCeIdlxvs99Qh4QG1LfErFKfYv6lvqWjFXqWywWIU/qW6lvbbxvhXF5unyvkPsuzneOcSxmUm9mutH62PcKsfaU+F7BeUX7eG5EavFT9b3C723Pm75XSGNC3Ynllhk/ODZpaII+x+3viXB+fFJYh9/9uiHy7mmYvQ8RPcLvcT82HMxLNCmQ4AvhxbIlf8DO0Mah0XFFg6qOjebY6u/CcKf1wQceUPc1E9NHs94BfS/xsU98Qo3Bnx35/Be/qO549vf16/uAnOBOCMaAd/zwjLsjgjshey/05Pe/l00cOZodGDyovst/4EP6fql3YCh/13SbuUPDBOtgze13vlC9f+FLX1LP733/+9kvf/lL9fvue96ZTc3MqjF4/+m//DRf9311dwbvH/+TT2YHhg6a+4IR9RvkwnpL8A68sObqszdQPb/Ser745S8rnAaARhjZb+vwPHhIfYe/S91RDDud4Iel608fUTw35E89NqyerzLf+p/89HXq+z78huf45KiS0zek79BuOHPEzdknrIHfj76tkl25OqXuF7AceL9ybQphMZy/T7t1X0Ey7nvtmtLTZ+5V4DeMw70HyIEnkB0bnzxkfB3OJibHlCw7Z/VrTJaM/oNk3NINZ2ac3sfM3Y+6a8nt+sqHzjhsYP59r10lWFnb4ffYxCGXa28z9zmYYExjrv/OxrvUu44NYP0Yst/6aePQp+wfVrErioHGQ/OeJDifcTIBy5uuOopy6ZAmm0vD+q4Zcgn4cQ65u6789/ys/rN1r759wdyF+TUffttxpQf0whPGFuYmFYYn1w4XxH/Y00EdDyCXzyanwVeOFcTmAF6vZIxk971uzcUMx1PHfVg9eayAT+MyqmtW3gdU/RrlNZrVwPFYnQ3r8bBYX4vG/NxQVL5Qz8eldVJvKu5T8X4h9SbJLm0L3M9fd+PNVWyojkGR7cOiXNyXY7jx2MSwCW38s7/4nOl9ct8sjnNxT/X44R6r/RzC68apPLDJ/p6ZX8i+81//Psf/nYJu7rOUZ7JNPPbymiLsEN84twHHM5YDm8FZOrOUybvJdO6L5Kh07ovaXE1WgGPR2mo1pFrMi3QVYVMNS0lnlVwMckuWPxToqbY36PuwqKM47+WeE8OqzL4rWROiOeyfcv+pjkMs14tt2RjPEJFdvC84L93P0jOCX1BHq/ldBb9x2fYh0Z7QL7oG8Uhyx6V9EounvM/oXuF5MhH8jtnqeamOi3Xu45T6VgznSUG2nCupb8VskfZKRF7qWxEfYj6Ftan6GsnmWMzK4VnEk/oW9xHxpL4ViYeM5dP5e0Xct1jOFNU12faL8b3C53RRLYmtL5PHExv+XhH3NcztZ+f3iqJ857lL+Q9NHM4OTSLi74qmQh5MeEzx5jQxZd6n3fwI5uG/ka4RQQ/8v9idzAlu5xS1fWJK9oXb7WzE/OHvESYf7BvBtuVyhidMfOFbsLvXGsu+9wN9b9N/0Hx7hjukF+g7JLhLgnueL3zxS+hb+sHsgx/Sd18rlePqe3f/0Eh27fU3Zvc/+EB2/wMPZtfecKO55zmkngMHD+Xjeg38+Yp+oIMj2dTRueyOF77I3RnBb5AzkM9Nz85ld77oRfnzWLZ24srsHe96V/ahBx/Kzt50s7ozHjw0qujsjTdlH3roITUHPOvHT6q7OnVfZ3jg99kbb8zO3nBTNjg8mr3mdW9Q/PCcnjum76pyHlgLMh4weobgHtVg5facxe9QPma/sY/o/8fS3S9b0f6O2LuvEef/a+7Qf+Zl8diUubcY0ZTPLS5MZa+5c1Gtv/mq2dzeQ4rAfv0tfzQ7fHhC3X8cPjyeLeX8b895gf9UZVrrMgQ8MPeim+azqXyNlqUxsFjA8+arZ7O7X76SvTbXu7Q45eeRTrAFbAPdwGflDuY+AY5KNpJ5+vgRxaP5jql1isfYdqpyJPvIXccVDjflsoHAxgFj3+l8HngA05uvnsventv3ulyvlqN1gO/WFu3/EY2xwn1EYQsY3/3SFROT5ezGHJPF+SkXl5vsO/gwPOrwAf3Wfvjt/DRPHYNZFYNFEwPNO61lDB8iuTdgcH77y1ZzX1azm6+ZUzmDa7ir4zA+OqZyDvwE38B+yA/tn94zjoYPkZwD+wAb0AeYq1jkOu/OdS8vHDb/7cG4izHYAna99s4ltc7nh/3vPHQ8nW8joy6WIlZoPRD4oSj3aXnxsIoj2PPim+ezw9MT2p6cD36DzeDLR+46oew6c+Ko2mfDQOP6XD4yntfdvIaNmPo5Molr7xSt2VLtRTTCay+vt7hn4N4wKckXZEk9g8uc9Dp9P/H1fiSQN0VrP/GV67P24nVTbPyw02Expfbl71OYF+E4McX4pyhmga9TAkbM5wlkg/J/iq51/RnHE81JseFy0TyNJ+/PDHcbE9Jz0RjSSezA/Vo6U+DzgHhWYVhL78oGfE6Y8nw8ZpM+5u7cIJ6TQoyD/GV8o/jMEZzPfE77vRee2Uawf+ncx9Zv/NyHYxzuHZQjZD97v0ei+0LAlu8BkiMUuxHuf5DXdM/JtVOohVw/33dIjsMK28niNIL3jK3VrhYJ+1KMFcPHYR7B0e4T7A/by36foDxE+nGNl+rzCMFmiumxPKwmkdyI5DGLndgLJryN1EfMJ+UlzymOG8+DKdrngz3G8Cf7dcrrmaB6Rgr5D6MaNxXV53iwv+IzzF+rn+gQ6iGtxdMeU3E/4xof1oGgvwvnjbD2sdgE+rlMQQ4/D10S577Ut6J2p77l85XnDrFdiDfWL+x7nGupb6W+FcSJYJv6Vpi/3D4ui+P6TOtbUt7EcEnfK+R9xjBP3ysiuR/B3tmA6zHatzxmuN5MXhrfK3D9D9aTOkRzZvzwEU3TR/zvGE0jqsa7GYrJfar0bdQOgcamph1B7EZNXsH/B2t2flHdIX35sceyoUOj6j5Gf6s+5P5sEjxf87rXq+/o+nv+oezOF71YjcOdD6xR9z2WRi2NE3rgoYfUmoOIV3/rHlXjcHfk5KB1w0Bj4/pbtvqebWhMpmFDsfGQxj2NYx2T2SEg9+8nnPQ8fGcfGdP/L6Z3vHyV+W2wyH366N0nFA/HZZj4OE5sq2r/OLOfrY9hoX2cLMSxGLNN4pz7CRgBDoHP49YfGoOYnVgmwdDg+rxr9P8bDJ4B1iyvzhuNC5ggP1TOVMmnESPD4kT3iqfpaZ9zsRwi+2UcxZyTxFsqByaRrkkmYzJCsnzw5Z5XrJF9B7Vq1PScscO6hl20mnteaObcavzF6G3n3Oc24POm+C9Rmr4QvpSQfzHz5ULpSee+RBcY1zH1xPvvwtStsXPOg0usvkb37Tn2ygvtw8XG8YLG/ALmPcf2ksd6A3amvpXoAuOa+tZ5xD71raeYUt962uCfvlc8vSl9rzgvNBYZnzpyVNPMUf8bv894mjzCxsz75IwgQ/o9E9HDx5jeQF/M5jJUzUYsP7YWYzI9k/PPqOdEjueEwhW+CR/O3vDmN6s7pHe95z3um/KI+eb/zW9+0/1df7PH5tV9zDC6D1D3X195LDs0PqG/OxsanchpHJH6Hj2ZPfTwI2qN59ffs+EJ4w8+/HB2aEzPkfWTU4rA3rHJ3G74po1o1D5hfsq/e/JrRtm8/p3LnjBkeMbzJ2A0PmUIcJs22MF+sOOTh41dU+47PNxHjExMGj81XXNS/3mTP347/H+L9J2F8mvCk7MD+8RsFX2cmKJkx6dCjMamGEWwdHiy36PCmgBXrhfZBn6+85XrCgvnt8XAypjycsaRTEm+k8uwBLr1Ov33NcLT5eFkyKtwx3o4NlPIF+6/s2varR1lvCqXwBe4S85zasLUNb8XUT7Z+AJOr9B/Hx++73H3P/nzHjO/vjyD9pnHNMgDwXbym/OxMZd/kwJGQs5ov/0duo3nqMAL9oIvkBtjZh3QhNl3qoZB/copWpuFOmxr5aTtAbHaat4ni+p1rP/E6jHXNYN4S/QYbAvuX5NIDvmteGdFO8R+hO3h+th7ke/iu9SDBYwm+W+hT8d6XTRWPI4zrP/zuVifnRF0R+RW7cdFMSF2zIrrA5wkDHi+SGeBmL0xvGdCOyaZTMknnkuxs1HAH5Er2prOfYWYRLGL1MhYbklzUbxK+hTU4phPji+sa5NMVojNLNEXrTUFuYL5gnoj1PTJQvxnZb+F+HJb4z4WYx7siwjusZoyGfNdwrVMngp6nQyh1kR7V9GYNF4tX2eEnGR28LWu3854H2K9RKq71fYTyQXek6rEMMYr9nWeqzOhPpIHku6If/yMEt1HZfM4ZncEv6fq3Jf6VhW7qsWvAJModtX2SCQXU9+K50fqWxG9VSj1rbh9qW8V+3Yx+1ZhnkfwTd8r5LH0vQKez67vFYWY4T0j7A/4++WOHJ3Tz5ymj5qnGbe/7Tx+V7xH/Rr8e5qtmz5KZRwJZM7mz9lQz1FPWA62geuI2oB8xfZzn6YRL8bkyCzFSs/NZodzms5xPWzzw9xp/elnP6PukE5ddbX5pjwV3Dv9y89+pt7HJibdd3+4C/hZPv6rf/+V/j6d0wTc+6jv9PYbdE5TmmD84UcfVfLGDT++T/nWt7+d/fa3v8ne+Ja3ZM+75VYnB2gSnuYOCe7jpo7M0Oc0fcc0Ze7v7D3eVC7HkpU5YX5PgvzpI2j9EbUe8Dpsnwa/w0fo3SDYCN/hP/aOk9lt1y8ouv3sQvayW5bysSvV3D9/4cbs+Oos8W3C3GtMonsy7gO2f9LYPul8mHb2Wzl2fnKaYTCtf08hzPj85DTVO8XGptC4JYK9fTd2Tbp7CG/j7TcsZe9+dUWPHT4S8E3ma7E+HtcpYrOPH9UznZ1Ym8ve9apKdmJ9juZSTl978OrsTS9ZI3ZNTjMi/mDfTQ5JNkmEcD+M6tthUnMRP2CR75l3vUrf992W5xHQrWfn1fOlKqdOqrkPvemE3k/EP2O/ygW2X6ZDLEVbzfOBN1+pCOedJZ+HLFcRuTw5wvKaxyy39V15TtyR54a16zDC6/CMqWFHZ4N66WviLK27Qm0N1gn1+gir5a5uH2W1t8rT1/nZQL6ty2IfiNR7seeQOi/0i6PCk/lwhM+xHhX4zynmO+qVQe+265DN3H7sg8KQ9TiOBe+vhbGO9Ohqa6WeT+IgnS+OynqDuLGeH66fpeM2r47KeX9EwJLgLGEi4HKE28T3C889fNbiTzbGzzgEE7yW4Z/OfSXOfRJWJBdnqVwhpyXsY3uC7+/AHx4jjlOslkTGOX8srgSjCJY0dqjHHJ0VdeJ8l/Y1xjeUX7w+VquoDbOET6r5vLaQWs/mef3jNuOYHjkqYO/eZwlOQY1me4Xub9rbpX0Sy0Weg5xHysUo7sw+4juzK5rTTM8RPiboxb0Q12nApWgP8vqGa3CwF7g9zK6g5khxiNRwUg+dDVXOZEIeiPtU2l9u/MKd+1LfCvFMfYvhIeEo4JX6lhBjjIGQI3w+9a14Tqa+JdgpYPps6FtBrglPj2f6XkFqB483y/P0vSKyp55B3yvkPkn9F/s7sv/osXmRZo8toPcF9WeG4rzxObu+aN1shDccl+XEZFa3q5ysQj/mjimaAVL4HtPnnJx+/vOfZ//+77/S39WP+DseuEt4/q23q3unRx79sPo+ru4X0Hfsz3z2s2r+qmuvc9+cLU2j3/b90Y98RPG7u5Qj+vs2PM9cc2327e98R83/8Ec/CmToXJl1T0VztH8ov2b5GO6Rs46m2W9MR0z/BZpRdMw8JZlzyk4guFeQ6GsPXa3ubRYXj7q7DOvf9Iyg29pqfFJ6kb3Yfr5Wnx1mA38D2xle4jy3p4iwjKiNpoZh/x3fnJ9nco8I/oexM3XSvrPc4/kIcXnPa47T2M9G4lCVwvwitrM8Vbk0R3NqZm7O+wM2Hj2q7CvKqVfctuLu07xvswhXbtNcAa6Sr3PZf37oGkXTUb/D/cL34QzG4CjPjzkaA7YHHVaGoI65uj9fvsbPxn7Pb6zWzqIa6+Q4GfHaf251fkHsFdSnBWZj9b4m2TQrrPFj1XvbhvpSgKnXIfnKe7Gkw58JJDwEHOeLYhPaLOET2hLDaUGIGT+3LBD/JF83kktFOUPsFXDgvsZ8L5vvxftzI7mVzn0b2V84dvKe4TLLx2Jz+Ub1FK9ZCPMuqNlF9oY+l8G/ONd1neH9gPsU0xGXXS6vY3jpXsZrTBz32LzPB6kPFNtTbd+EazfWV0Rf5uO2lNonG8onqWdFeCNni8Lzx/xm60OYg+X8kfagsOeCmEk+CfkyL+upVu/lvLw0zn3VsIjLSX0r9a3qvsfyI/Wt1LcIpb6V+lbpeCM56XtFCX/T94r0vaLcmuI897+PLSxugJayOfN7rgqvND8n/MbPamu4LdV4NmOjxFPENze/4Gh23u8X/W3YfGuGuw5+94C+/x8hdw7ofsTckeDv8UcJHTM0R/lmqV5JnpVhv2HbfcKJ144YT9F8lAxmsxhDLNfeERpf5O/94X3SDMKmrA+4hpb1KzZfbVyyp8yacN7bOuNywd+ruvcCDMrgQmoMl43vcYXxsH8U699sLuF9OIfyKvDD3TfP0fsisw8VoVyj+yWOqdRryu6huIyF0jGL5g/Lh9j+s1SmD6h6uBjW8DK1s0yNLytXWlckPya3bE87lx6yEXm8T27Gvmp9K2bfxnpwOZ4i+zerb3N+L20Kk7LjsbhtxrdYTKTzUqn4LJ4LvuncV5ZXqk1FMat6vtyAvRvNr3PVu9l9Gqvf5zteG9NRPa82m3dFsS6zJpyP2yrVoHOp6XKdWQp4iuSX8ftcan6ZPAh/L0XXbw6TjedfXIbcpzYTx9gaTmWxfSrPfaKs1Lc2htcG45n6VnlKfWtja8L51Lc2mgfh79S3LrW+VVZuWZylWrsRfRvFdTM8MR9iObZROWXtO5caUW3ufOXy5v1+9n2vKGOvxLOwtIxoST8Xl9h4AS3y9UuRcb4W61pi/Hx9EcVsLfJhyT8DX5fCtYuSPP0+n6+fz2ukfmrS2KLv6vDNeA59P56bJ3dRs8cwoW/z7vs8fy4o+Za0DkzHDM0jmceMvHnFM2vWaBk0J7wvi5oWzPvCEvHT+n0Mjy1gDDAtsLWyLL7W3295P2YJnscoXsc0TsSv+YVQz0KBD8ZvYv+8xYavD30PfVokcrW+xYznTfC+wOdxjvG4LRA7yRj5vYBiwWMtxWEhIpPm4DGWk0X6i+Mv2USxC3GPreF7Eu3LOZo7R9nd56x5+j3I98qC3ytSLsRsxfYgXKmM4rjIeYXlFuPv9zi1Ua6Hkbop1ezC2i3U1cjcfLRfcBlLEdlL7Aky5fFyfcP4ivyal3gXuQ2CrFJ9zds5X7UPlcW+hI+BjDLngCJMy+Ad0nxgB8eTx30zZwCJZ6P80nrJTuRPNP6y7vlCPr5nC2wrPI+lc99Gz31V/ZP8WeR6yuZvgU+LiKJ7xPps8qkqxiw2Ab85+5aKW7WcKjvP86tErIJ6HK6fD3TF4ifldzE+Un+aF+NdZHc1vKrtO6lHFvdKnC9xmWwfR22slsNFNkViUhTfahTkyUawZ/ylem2VfCkVt6K8kmwvKwfHumTdlGp2VTyKYl+lhqa+RfFPfasKTqlvifpS36KyUt+qEp8q+ZL6lntP3yu8nel7hYTnRvtmGfs3wy+tj9XX5YvwvSIWVyk2VO7SympOK9ly/lzOn0vquWrG7e8VRKtkDX73YytofT62zHkpuTXLbG7Z2rQS2LaM1i0TH7A9q8SeZSJnBdlmiftBfcFzywiTxeXlbCnHcymXtbgE7ysoFuYbsflmvGAIf2+GOU9LZo3nXwQSYrioyMwtLInr6R2A1mFlLaL8UT4sr2gf0BPGlR42vmTmPJ8ZXzJrgnksI1wXyAY5DsNF941+nt/H2HsR820ecHD+OZ+WnV6sa2lJto36T+0N55dDuUwv1iGtW0J4Of4lPLdM7JBk23jofND1YonPLy0j+1hMl7xNNGYhHjh3lJ2Lyyg/l9x7aCfFgdq0QjFeCvMwnp907dIyj5+x29qJ9prKm+BezuaS4UP1ktti4yP7gPEs4ENjPt5SLPweW+IYkDjT3FW/F5cJH9ah+IL6v0LqMK7BtlZjfl6Lad3kY2jdcji2JNR6LlPqS76OU5lF/Yn2HCNnWeht4K/1eTnscU7W8krQc1SsmJ1h/+P44R5D55e5XufLCpMj+L7M9UpYc/krTvbySgz7cD3lp/bz2HJfPc7eN7nfr2Q87ssMv2Xmg8+VVeQXi8myPxtI5wieM9L5gOqXcJVwW2H7Ap+FwpzB5yMec+ksRm1O575zOfctYR+5DwxzYuMys4X4gDBc5rhiWTZPZJ+x3TxGUp5IeUj3C9+vzM9laqeEY5ijguzlMJZh7qIab21cpjlL85r6sbwcl8/rH6+1dJ8yuUxvmI90ndinSD1aIXZIsnH9DOuNr3G0JlG8w/oR1nUeV4sjwXx5NWInz11sE6tly2EexvOTrl1e4fHD9QTvt3gf8/tOqvE8DjEf5Loi9W4uT46F32NSrZN7+4pbQ+sH2z9BbvOz0YU893FZ0t7HcUh9K/UtqS6kvpX6VpgrGMfUt1LfOn99K6z1QWyEmPF/b43V7tA3lpvpewWTv5Kl7xU8LuG+5D0nrMNh3KR6RvcFrV3hurBW4LhJNVPCisdiZW09W11dy1bXLK2r54qhVYkM/4p95ms8P12/YviJPPu+aoj95vx4zOrD9qxwu9awfeuUb5X6tcLsx36srFIfVo2N3L7l1dV8fFU9MS0tr5C42ae9p1iy90fmPoDmt+dfMfKtDv17zemB3/xMsLTM9wuWuWrw9raurBhaXTXz+h37huO0GsQEEbKX2rxKY7rG8gjzOVv0/vT3NPbbu38uWvwMH44BxWnV5xjWTfJk3ftgaxiyh+RXsDfWxRzzvOskf/A+WEW48lzENvMcc7SC5lws1wj+y0JcloVxu1ZatwwyV2RenEvLK1SP4llB7/lvWnfoHrV4aN/XI/kSwcvwL1t7kX2knwX3Tcvkjsf9e2NOdn8sE7/RGN4H1v6VEGeC90rxGPaT109avzD+a4ZCW2N2cCy5bFL3V4V4ReKi98N6IBPXUYxZUEtQfwnsWQ3jTmv8OrHZ1y60B9k+DHxbDeW7cd6jVteZzSGOK6sCDkwm/x3G3/aqdXkdwpvXDz4e8KyiWDnM1mlcV2kd8+NhD+XY8pjyOirlOO41q0xekDuojsfOLitMVrCXVhl+OJcwBgiXwF6+X9coHz0v+ZrF7Qzn16n9axIWjC/IDySP5Hs69+EejX2InfuCPYRyhs87vHj/F+qphL8fo5gHPkXk+RixOPN9HGBO4xSdL7Q5xIL2iTDH/G+5rhKbWD2mdZLmfrCP2bnP+Sf0BMkHsnY1nMM5dS7nPqm24nqF5fEaKNkkxmyV4kDjtx6PDcqloMetrdPYsZob1DGLPetlpO7E8CL2rAf2BbWK137s8yolXmukWrCySv2TddO10hi2L7Apmg/+rCXVRdEOhmW0BgkxK4rLZs99qW95eyQ53s7Ut1LfSn1LwjuMX+pbJD9T34rGJX2vkP2hdlKZ/HcY//S9AseK5I5Q86L1RchnXEep7KfX9wrJ/iDfWDxXGc5r65VsfX09p0r+e90RHlt34/a94sbUs4LnsIwKkbcWzGGdFaSvQvR5ezx5mRX39GvM74psC/cz8LFSQXo4PhXCu17Rc7YOakz9GWON1RNfE1cd2fsV9W7WrCFZa072uhvH5901p4vqw3JW14HWkU3reszqqYS4kPhV1on/6xxrEquKw9Fi5GRX4rFYMziuEb9szUI4rVEM+RzF3ttkYxXGlecOHVsPcFlnuWpzphLwrwW+hnnq10m8FWJjFDvk9yrKF2VrxftK92Ql0EX3JtNZobm4ynNzfd3Pofxcr4T+hTr4vse1JoyJj6mfWw9km98m1/HeWUH70ObPqskznFe0rltMWc6z+udyo4L4KhRruj/DWqvrKscH5WOF78Wwvq6T/W5rwBqypYIwxPoqDvd1xCfnsucL4mdxqWAseO55/WR9xfvp9geSsW5rUgXVImR/2Ae8T3wv2v0R7k+af+vCWFj/cD+qOPvDmkn3ttTfwt5G6yiPFY6F3D+5bl4bpHoY1nm7jvTtShyX8PwQ9k9bP3m+4bG1YI7nk5SvtC6E9T/MZx83X2NCv0Ks1tdxLGyc+NoifMI8prFdR3264n7T2kHzD9cTnn/p3Hfu5z5eR2IxlfY53+O8d9A4ytiEe5710oqv675OIjmXyLkvGhOCeYXZEeHjOfsMPvfJfUuq7TxOvOYVn/toT2O5GfRdmzuhfxfy3If7Eo+zVK9iZ6noHtzEuY/yVohuX1c5PigfS577iI8VXAdQzbjEzn2pb8m2SPs99a0Ql9S3whimvoXrUupbfu+EfqS+5etM+l4R9t1YP5B6QpCL6XuFsHelfKV1Iaz/YT77uPkaE/oVYrW+jmNh48TXFuET5jGN7Trq0xX3Wz7vSbka5vea3UdE3npWOV7J6Tih43ascjx8VhAv/23ej6tnJeThvBXQFY7BWpBxPMcn0Kl4C2Rz/TGqFMxXzHwRj5F/nGHj95rPp4r9jQnt1UqF5p/nQU8rl6xn/BW2FuV1pbIu8K1HY3s8hh/hgecJeR7FEuMlxq1C11H/cd1e8/tnjZ6JOB6AeWH8Y/ZK+Ub4KjTmxB9h31RQjhDc8O9KdD7AjdtI9hy3tyLYGMbmeLCuxH5xcVpXczZm9Ldgl1RHYL9HYhOMV4S5wLdQXrinUE9Yw3VZyCeUh3JuC/Epk3tSDhbkXaVSKeApsc8K9txxFOPjZfaFzTspZqQ+V9uHIYZSLhx3NTmSq7Ga4myga48H9S4iI5qzVbAQ9ii24fhxhBP7HbWB5TjBpyjeFTQf1O8qeSLFC9st+cp7p1QzeWyL+gjHuay9Yn5E9lCQwxFZONaVKmclglUFEcKsStzL1U/kV7Q38binc190X23i3BfYFu19nu94UX8+zuTi9dVqUQXXGckXppfUhIt37qN8FWpvLPfEHCxB1fpbwJfOfdzn0B/Pc6mc+/h60mdj+chqUgw/cV2Z3JNysCDvni3nvmqYpL5VFNPUtwr32PHUt1Lf0jJS3xLWlck9KQcL8u7Z0rfS94oCv1COE3yK4l1B80H9rpInUrzS94pL/ntF1Zou7mt/pjl96lR2KqfTiPi7Gzsdjms67flOnxZ5JJmnC2WGfKJdp+NzgY4CXTH/TmHbT0f4sc+n/fjJUyezUycNnTKE3k+eLJg/ecq9x7A6hXRJMk5iWUwXiV2JGFB8ThM/8VxxnnAs5VxxvOCD8eckx6sKxXKP5AnyoShHivJO8uGU5D8ey/Mluseq7Zdqec5z1MYrsAHlbiSPq8WyeL8Vx1aMd1HeFGBq/RTtRe8n2d47eZLvuRjJtgQx2gBWsViD7FNV8SuBrYrraSpfyvEYriT+p5HMTeTDKW8H8a1wn5wO4ivhJa2PxqcoZnYNXxvLJxGH0K+g3rDY0TyQ8S3V24rGeH+K8Qq+nWLxi8mJ90ih1hkcXH4hvSLuRFe8lp0qxF3IE+ZfWYrVqWjOnBLqqmCfs+W0vC6699z6SG5BDIRzWTr3PTXnvlM8N9l79AwSxF+2/5Qgs7Dvi3Iu3XMfxvBUtRhXs13Kw3Tue1ad+3DunYrxi3RatCWd+8rSZs59qW+lvpX6lpiHqW+lvpX6VjSP0veKgnwScUjfK8Iemb5XXOjvFdE6ejrso6dOYRw8TUzPJEqU6FlIk5eADYkSJUqUKFGiRImeekrnvkSJEiVK9HSi1LcSJUqU6JlPG631W3bXXhi6ojb7fUV1m6c9nraKVL9JMnKRrufWNKnnZn0tot8voC3oGaULFDMcL643jCX3MRbH4jwIcRLmCuwoWi/bUeBL1Fe+Pp6zYcyr5XkJnoJcf+5eoAZCW/cyPsKD9gCRXyfsi03k6gXM10SJEiV6ttNztu9+yuhi+5YoUaJEiZ559FT2rUSJEm2eLnZtSJQoUaJEiST6/wFtJUc4 "], {{0, 0}, {1714, 38}}, {0, 255}, ColorFunction->RGBColor], ImageSize->{1714, 38}, PlotRange->{{0, 1714}, {0, 38}}], Alignment->Left, BaseStyle->{"Hyperlink", "DemonstrationHeader"}, ButtonData->{ URL["http://demonstrations.wolfram.com"], None}, ButtonNote->"http://demonstrations.wolfram.com"]], "DemonstrationHeader"],

Cell["Linear Congruential Generators", "DemoTitle", CellID->700863240],

Cell[BoxData[ TagBox[ StyleBox[ DynamicModuleBox[{$CellContext`a$$ = 2, $CellContext`c$$ = 0, $CellContext`i$$ = 5, $CellContext`join$$ = True, $CellContext`m$$ = 199, $CellContext`steps$$ = 100, Typeset`show$$ = True, Typeset`bookmarkList$$ = {}, Typeset`bookmarkMode$$ = "Menu", Typeset`animator$$, Typeset`animvar$$ = 1, Typeset`name$$ = "\"untitled\"", Typeset`specs$$ = {{{ Hold[$CellContext`i$$], 5, "seed"}, 0, 1000, 1}, {{ Hold[$CellContext`m$$], 199, "modulus"}, 2, 1000, 1}, {{ Hold[$CellContext`a$$], 2, "multiplier"}, 0, 40, 1}, {{ Hold[$CellContext`c$$], 0, "increment"}, -200, 200, 1}, {{ Hold[$CellContext`steps$$], 100, "iterations"}, 2, 1000, 1}, {{ Hold[$CellContext`join$$], True, "join points"}, {True, False}}}, Typeset`size$$ = {475., {135., 140.}}, Typeset`update$$ = 0, Typeset`initDone$$, Typeset`skipInitDone$$ = True, $CellContext`i$500452$$ = 0, $CellContext`m$500453$$ = 0, $CellContext`a$500454$$ = 0, $CellContext`c$500455$$ = 0, $CellContext`steps$500456$$ = 0, $CellContext`join$500457$$ = False}, DynamicBox[Manipulate`ManipulateBoxes[ 1, StandardForm, "Variables" :> {$CellContext`a$$ = 2, $CellContext`c$$ = 0, $CellContext`i$$ = 5, $CellContext`join$$ = True, $CellContext`m$$ = 199, $CellContext`steps$$ = 100}, "ControllerVariables" :> { Hold[$CellContext`i$$, $CellContext`i$500452$$, 0], Hold[$CellContext`m$$, $CellContext`m$500453$$, 0], Hold[$CellContext`a$$, $CellContext`a$500454$$, 0], Hold[$CellContext`c$$, $CellContext`c$500455$$, 0], Hold[$CellContext`steps$$, $CellContext`steps$500456$$, 0], Hold[$CellContext`join$$, $CellContext`join$500457$$, False]}, "OtherVariables" :> { Typeset`show$$, Typeset`bookmarkList$$, Typeset`bookmarkMode$$, Typeset`animator$$, Typeset`animvar$$, Typeset`name$$, Typeset`specs$$, Typeset`size$$, Typeset`update$$, Typeset`initDone$$, Typeset`skipInitDone$$}, "Body" :> ListPlot[ NestList[ Mod[$CellContext`a$$ # + $CellContext`c$$, $CellContext`m$$]& , \$CellContext`i$$, $CellContext`steps$$ - 1], Joined -> $CellContext`join$$, Mesh -> If[$CellContext`join$$, All, None], Filling -> If[$CellContext`join$$, Axis, None], DataRange -> {0, $CellContext`steps$$ - 1}, ImageSize -> {475, 275}, ImagePadding -> {{15, 15}, {15, 25}}, PlotLabel -> Style[ Row[{Subscript[$CellContext`x, 0] == $CellContext`i$$, " ", Subscript[$CellContext`x, $CellContext`n + 1] -> Mod[$CellContext`a$$ Subscript[$CellContext`x, $CellContext`n] + $CellContext`c$$, \$CellContext`m$$]}], 14]], "Specifications" :> {{{$CellContext`i$$, 5, "seed"}, 0, 1000, 1, Appearance -> "Labeled"}, {{$CellContext`m$$, 199, "modulus"}, 2, 1000, 1, Appearance -> "Labeled"}, {{$CellContext`a$$, 2, "multiplier"}, 0, 40, 1, Appearance -> "Labeled"}, {{$CellContext`c$$, 0, "increment"}, -200, 200, 1, Appearance -> "Labeled"}, {{$CellContext`steps$$, 100, "iterations"}, 2, 1000, 1, Appearance -> "Labeled"}, {{$CellContext`join$$, True, "join points"}, { True, False}}}, "Options" :> {}, "DefaultOptions" :> {ControllerLinking -> True}], ImageSizeCache->{520., {242., 247.}}, SingleEvaluation->True], Deinitialization:>None, DynamicModuleValues:>{}, SynchronousInitialization->True, UnsavedVariables:>{Typeset`initDone$$}, UntrackedVariables:>{Typeset`size$$}], "Manipulate", Deployed->True, StripOnInput->False], Manipulate`InterpretManipulate[1]]], "Output", CellID->372660164],

Cell[TextData[{ "A linear congruential generator is a method of generating a sequence of \numbers that are not actually random, but share many properties with \completely random numbers. These types of numbers are called ", StyleBox["pseudorandom numbers", FontSlant->"Italic"], "."}], "ManipulateCaption", CellID->1044312921],

Cell["THINGS TO TRY", "ManipulateCaption", CellFrame->{{0, 0}, {1, 0}}, CellFrameColor->RGBColor[0.87, 0.87, 0.87], FontFamily->"Helvetica", FontSize->12, FontWeight->"Bold", FontColor->RGBColor[0.597406, 0, 0.0527047], CellTags->"ControlSuggestions"],

Cell[TextData[{ Cell[BoxData[ TooltipBox[ PaneSelectorBox[{False->Cell[TextData[StyleBox["Resize Images", FontFamily->"Verdana"]]], True->Cell[TextData[StyleBox["Resize Images", FontFamily->"Verdana", FontColor->GrayLevel[0.5]]]]}, Dynamic[ CurrentValue["MouseOver"]]], "\"Click inside an image to reveal its orange resize frame.\\nDrag any of \the orange resize handles to resize the image.\"", TooltipStyle->{ FontFamily -> "Verdana", FontSize -> 10, FontColor -> GrayLevel[0.35], Background -> GrayLevel[0.98]}]]], StyleBox["\[NonBreakingSpace]\[FilledVerySmallSquare]\[NonBreakingSpace]", FontColor->RGBColor[0.928786, 0.43122, 0.104662]], Cell[BoxData[ TooltipBox[ PaneSelectorBox[{False->Cell[TextData[StyleBox["Slider Zoom", FontFa