draft-guetschow-taler-protocol.xml (149497B)
1 <?xml version='1.0' encoding='utf-8'?> 2 <!DOCTYPE rfc [ 3 <!ENTITY nbsp " "> 4 <!ENTITY zwsp "​"> 5 <!ENTITY nbhy "‑"> 6 <!ENTITY wj "⁠"> 7 ]> 8 <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> 9 <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.35 (Ruby 3.1.2) --> 10 <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-guetschow-taler-protocol" category="info" submissionType="independent" tocInclude="true" sortRefs="true" symRefs="true" version="3"> 11 <!-- xml2rfc v2v3 conversion 3.32.0 --> 12 <front> 13 <title>The GNU Taler Protocol</title> 14 <seriesInfo name="Internet-Draft" value="draft-guetschow-taler-protocol"/> 15 <author initials="M." surname="Gütschow" fullname="Mikolai Gütschow"> 16 <organization abbrev="TU Dresden">TUD Dresden University of Technology</organization> 17 <address> 18 <postal> 19 <street>Helmholtzstr. 10</street> 20 <city>Dresden</city> 21 <code>D-01069</code> 22 <country>Germany</country> 23 </postal> 24 <email>mikolai.guetschow@tu-dresden.de</email> 25 </address> 26 </author> 27 <date year="2026" month="June" day="18"/> 28 <workgroup>independent</workgroup> 29 <keyword>taler</keyword> 30 <keyword>cryptography</keyword> 31 <keyword>ecash</keyword> 32 <keyword>payments</keyword> 33 <abstract> 34 <?line 46?> 35 36 <t>[ TBW ]</t> 37 </abstract> 38 </front> 39 <middle> 40 <?line 50?> 41 42 <section anchor="introduction"> 43 <name>Introduction</name> 44 <t>[ TBW ]</t> 45 <t>Beware that this document is still work-in-progress and may contain errors. 46 Use at your own risk!</t> 47 </section> 48 <section anchor="notation"> 49 <name>Notation</name> 50 <ul spacing="normal"> 51 <li> 52 <t><tt>"abc"</tt> denotes the literal string <tt>abc</tt> encoded as ASCII <xref target="RFC20"/>, without trailing '\0' character.</t> 53 </li> 54 <li> 55 <t><tt>a | b</tt> denotes the concatenation of a with b</t> 56 </li> 57 <li> 58 <t><tt>len(a)</tt> denotes the length in bytes of the byte string a</t> 59 </li> 60 <li> 61 <t><tt>padZero(y, a)</tt> denotes the byte string a, zero-padded to the length of y bytes</t> 62 </li> 63 <li> 64 <t><tt>bits(x)</tt>/<tt>bytes(x)</tt> denotes the minimal number of bits/bytes necessary to represent the multiple precision integer x</t> 65 </li> 66 <li> 67 <t><tt>uint(y, x)</tt> denotes the <tt>y</tt> least significant bits of the integer <tt>x</tt>, zero-padded and encoded in network byte order (big endian)</t> 68 </li> 69 <li> 70 <t><tt>uintY(x)</tt> where <tt>Y</tt> is a positive integer number is equivalent to <tt>uint(Y, x)</tt></t> 71 </li> 72 <li> 73 <t><tt>random(y)</tt> denotes a randomly generated sequence of y bits</t> 74 </li> 75 <li> 76 <t><tt>a * b (mod N)</tt> / <tt>a ** b (mod N)</tt> denotes the multiplication / exponentiation of multiple precision integers a and b, modulo N</t> 77 </li> 78 <li> 79 <t><tt>for</tt>, <tt>if</tt>, variable assignment <tt>=</tt>, and conditional operators are to be interpreted like their Python/Julia equivalents</t> 80 </li> 81 <li> 82 <t><tt>data.key</tt> denotes the property <tt>key</tt> on the object <tt>data</tt></t> 83 </li> 84 <li> 85 <t><tt>0..n</tt> denotes the exclusive range of integer numbers from <tt>0</tt> to <tt>n</tt>, i.e., <tt>0, 1, 2, ..., n-1</tt></t> 86 </li> 87 <li> 88 <t><tt>⟨dataᵢ⟩</tt> within a context of <tt>i = 0..n</tt> denotes <tt>n</tt> objects <tt>dataᵢ</tt>, represented in memory as a continuous array</t> 89 </li> 90 <li> 91 <t><tt>⟨dataᵢ.key⟩</tt> within a context of <tt>i = 0..n</tt> denotes an array of the <tt>n</tt> properties <tt>key</tt> of all <tt>n</tt> objects <tt>dataᵢ</tt></t> 92 </li> 93 </ul> 94 </section> 95 <section anchor="cryptographic-primitives"> 96 <name>Cryptographic Primitives</name> 97 <t>// todo: maybe change this description to something more similar to protocol functions (Julia-inspired syntax)</t> 98 <section anchor="cryptographic-hash-functions"> 99 <name>Cryptographic Hash Functions</name> 100 <section anchor="sha256"> 101 <name>SHA-256</name> 102 <artwork><![CDATA[ 103 SHA-256(msg) -> hash 104 105 Input: 106 msg input message of length L < 2^61 octets 107 108 Output: 109 hash message digest of fixed length HashLen = 32 octets 110 ]]></artwork> 111 <t><tt>hash</tt> is the output of SHA-256 as per Sections 4.1, 5.1, 6.1, and 6.2 of <xref target="RFC6234"/>.</t> 112 </section> 113 <section anchor="sha512"> 114 <name>SHA-512</name> 115 <artwork><![CDATA[ 116 SHA-512(msg) -> hash 117 118 Input: 119 msg input message of length L < 2^125 octets 120 121 Output: 122 hash message digest of fixed length HashLen = 64 octets 123 ]]></artwork> 124 <t><tt>hash</tt> is the output of SHA-512 as per Sections 4.2, 5.2, 6.3, and 6.4 of <xref target="RFC6234"/>.</t> 125 </section> 126 <section anchor="sha512-trunc"> 127 <name>SHA-512-256 (truncated SHA-512)</name> 128 <artwork><![CDATA[ 129 SHA-512-256(msg) -> hash 130 131 Input: 132 msg input message of length L < 2^125 octets 133 134 Output: 135 hash message digest of fixed length HashLen = 32 octets 136 ]]></artwork> 137 <t>The output <tt>hash</tt> corresponds to the first 32 octets of the output of SHA-512 defined in <xref target="sha512"/>:</t> 138 <artwork><![CDATA[ 139 temp = SHA-512(msg) 140 hash = temp[0:31] 141 ]]></artwork> 142 <t>Note that this operation differs from SHA-512/256 as defined in <xref target="SHS"/> in the initial hash value.</t> 143 </section> 144 </section> 145 <section anchor="message-authentication-codes"> 146 <name>Message Authentication Codes</name> 147 <section anchor="hmac"> 148 <name>HMAC</name> 149 <artwork><![CDATA[ 150 HMAC-Hash(key, text) -> out 151 152 Option: 153 Hash cryptographic hash function with output length HashLen 154 155 Input: 156 key secret key of length at least HashLen 157 text input data of arbitary length 158 159 Output: 160 out output of length HashLen 161 ]]></artwork> 162 <t><tt>out</tt> is calculated as defined in <xref target="RFC2104"/>.</t> 163 </section> 164 </section> 165 <section anchor="key-derivation-functions"> 166 <name>Key Derivation Functions</name> 167 <section anchor="hkdf"> 168 <name>HKDF</name> 169 <t>The Hashed Key Derivation Function (HKDF) used in Taler is an instantiation of <xref target="RFC5869"/> 170 with two different hash functions for the Extract and Expand step as suggested in <xref target="HKDF"/>: 171 <tt>HKDF-Extract</tt> uses <tt>HMAC-SHA512</tt>, while <tt>HKDF-Expand</tt> uses <tt>HMAC-SHA256</tt> (cf. <xref target="hmac"/>).</t> 172 <artwork><![CDATA[ 173 HKDF(salt, IKM, info, L) -> OKM 174 175 Inputs: 176 salt optional salt value (a non-secret random value); 177 if not provided, it is set to a string of 64 zeros. 178 IKM input keying material 179 info optional context and application specific information 180 (can be a zero-length string) 181 L length of output keying material in octets 182 (<= 255*32 = 8160) 183 184 Output: 185 OKM output keying material (of L octets) 186 ]]></artwork> 187 <t>The output OKM is calculated as follows:</t> 188 <artwork><![CDATA[ 189 PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512 (HashLen = 64) 190 OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256 (HashLen = 32) 191 ]]></artwork> 192 </section> 193 <section anchor="hkdf-mod"> 194 <name>HKDF-Mod</name> 195 <t>Based on the HKDF defined in <xref target="hkdf"/>, this function returns an OKM that is smaller than a given multiple precision integer N.</t> 196 <artwork><![CDATA[ 197 HKDF-Mod(N, salt, IKM, info) -> OKM 198 199 Inputs: 200 N multiple precision integer 201 salt optional salt value (a non-secret random value); 202 if not provided, it is set to a string of 64 zeros. 203 IKM input keying material 204 info optional context and application specific information 205 (can be a zero-length string) 206 207 Output: 208 OKM output keying material (smaller than N) 209 ]]></artwork> 210 <t>The final output <tt>OKM</tt> is determined deterministically based on a counter initialized at zero.</t> 211 <artwork><![CDATA[ 212 counter = 0 213 do until OKM < N: 214 x = HKDF(salt, IKM, info | uint16(counter), bytes(N)) 215 OKM = uint(bits(N), x) 216 counter += 1 217 ]]></artwork> 218 </section> 219 </section> 220 <section anchor="non-blind-signatures"> 221 <name>Non-Blind Signatures</name> 222 <section anchor="ed25519"> 223 <name>Ed25519</name> 224 <t>Taler uses EdDSA instantiated with curve25519 as Ed25519, 225 as defined in Section 5.1 of <xref target="RFC8032"/>. 226 In particular, Taler does <em>not</em> make use of Ed25519ph or Ed25519ctx 227 as defined in that document.</t> 228 <section anchor="key-generation"> 229 <name>Key generation</name> 230 <artwork><![CDATA[ 231 Ed25519-GetPub(priv) -> pub 232 233 Input: 234 priv private Ed25519 key 235 236 Output: 237 pub public Ed25519 key 238 ]]></artwork> 239 <t><tt>pub</tt> is calculated as described in Section 5.1.5 of <xref target="RFC8032"/>.</t> 240 <artwork><![CDATA[ 241 Ed25519-Keygen() -> (priv, pub) 242 243 Output: 244 priv private Ed25519 key 245 pub public Ed25519 key 246 ]]></artwork> 247 <t><tt>priv</tt> and <tt>pub</tt> are calculated as described in Section 5.1.5 of <xref target="RFC8032"/>, 248 which is equivalent to the following:</t> 249 <artwork><![CDATA[ 250 priv = random(256) 251 pub = Ed25519-GetPub(priv) 252 ]]></artwork> 253 </section> 254 <section anchor="signing"> 255 <name>Signing</name> 256 <artwork><![CDATA[ 257 Ed25519-Sign(priv, msg) -> sig 258 259 Inputs: 260 priv Ed25519 private key 261 msg message to be signed 262 263 Output: 264 sig signature on the message by the given private key 265 ]]></artwork> 266 <t><tt>sig</tt> is calculated as described in Section 5.1.6 of <xref target="RFC8032"/>.</t> 267 </section> 268 <section anchor="verifying"> 269 <name>Verifying</name> 270 <artwork><![CDATA[ 271 Ed25519-Verify(pub, msg, sig) -> out 272 273 Inputs: 274 pub Ed25519 public key 275 msg signed message 276 sig signature on msg 277 278 Output: 279 out true, if sig is a valid signature for msg 280 ]]></artwork> 281 <t><tt>out</tt> is the outcome of the last check of Section 5.1.7 of <xref target="RFC8032"/>.</t> 282 </section> 283 </section> 284 </section> 285 <section anchor="key-agreement"> 286 <name>Key Agreement</name> 287 <section anchor="x25519"> 288 <name>X25519</name> 289 <t>Taler uses Elliptic Curve Diffie-Hellman (ECDH) on curve25519 as defined in Section 6.1 of <xref target="RFC7748"/>, 290 but reuses Ed25519 keypairs for one side of the agreement instead of random bytes. 291 Depending on whether the private or public part is from Ed25519, two different functions are used.</t> 292 <artwork><![CDATA[ 293 ECDH-Ed25519-Priv(priv, pub) -> shared 294 295 Input: 296 priv private Ed25519 key 297 pub public X25519 key 298 299 Output: 300 shared shared secret based on the given keys 301 ]]></artwork> 302 <t><tt>shared</tt> is calculated as follows, using the function X25519 defined in Section 5 of <xref target="RFC7748"/>:</t> 303 <artwork><![CDATA[ 304 priv' = SHA-512-256(priv) 305 // todo: missing bit clamping from https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_sign/ed25519/ref10/keypair.c#L71 306 shared' = X25519(priv', pub) 307 shared = SHA-512(shared') 308 ]]></artwork> 309 <artwork><![CDATA[ 310 ECDH-Ed25519-Pub(priv, pub) -> shared 311 312 Input: 313 priv private X25519 key 314 pub public Ed25519 key 315 316 Output: 317 shared shared secret based on the given keys 318 ]]></artwork> 319 <t><tt>shared</tt> is calculated as follows, using the function X25519 defined in Section 5 of <xref target="RFC7748"/>, 320 and <tt>Convert-Point-Ed25519-Curve25519(p)</tt> which implements the birational map of Section 4.1 of <xref target="RFC7748"/>:</t> 321 <artwork><![CDATA[ 322 pub' = Convert-Point-Ed25519-Curve25519(pub) 323 shared' = X25519(priv, pub') 324 shared = SHA-512(shared') 325 ]]></artwork> 326 <artwork><![CDATA[ 327 ECDH-GetPub(priv) -> pub 328 329 Input: 330 priv private X25519 key 331 332 Output: 333 pub public X25519 key 334 ]]></artwork> 335 <t><tt>pub</tt> is calculated according to Section 6.1 of <xref target="RFC7748"/>:</t> 336 <artwork><![CDATA[ 337 pub = X25519(priv, 9) 338 ]]></artwork> 339 </section> 340 </section> 341 <section anchor="blind-signatures"> 342 <name>Blind Signatures</name> 343 <section anchor="rsa-fdh"> 344 <name>RSA-FDH</name> 345 <section anchor="supporting-functions"> 346 <name>Supporting Functions</name> 347 <artwork><![CDATA[ 348 RSA-FDH(msg, pubkey) -> fdh 349 350 Inputs: 351 msg message 352 pubkey RSA public key consisting of modulus N and public exponent e 353 354 Output: 355 fdh full-domain hash of msg over pubkey.N 356 ]]></artwork> 357 <t><tt>fdh</tt> is calculated based on HKDF-Mod from <xref target="hkdf-mod"/> as follows:</t> 358 <artwork><![CDATA[ 359 info = "RSA-FDA FTpsW!" 360 salt = uint16(bytes(pubkey.N)) | uint16(bytes(pubkey.e)) 361 | pubkey.N | pubkey.e 362 fdh = HKDF-Mod(pubkey.N, salt, msg, info) 363 ]]></artwork> 364 <t>The resulting <tt>fdh</tt> can be used to test against a malicious RSA pubkey 365 by verifying that the greatest common denominator (gcd) of <tt>fdh</tt> and <tt>pubkey.N</tt> is 1.</t> 366 <artwork><![CDATA[ 367 RSA-FDH-Derive(bks, pubkey) -> out 368 369 Inputs: 370 bks blinding key secret of length L = 32 octets 371 pubkey RSA public key consisting of modulus N and public exponent e 372 373 Output: 374 out full-domain hash of bks over pubkey.N 375 ]]></artwork> 376 <t><tt>out</tt> is calculated based on HKDF-Mod from <xref target="hkdf-mod"/> as follows:</t> 377 <artwork><![CDATA[ 378 info = "Blinding KDF" 379 salt = "Blinding KDF extractor HMAC key" 380 fdh = HKDF-Mod(pubkey.N, salt, bks, info) 381 ]]></artwork> 382 </section> 383 <section anchor="blinding"> 384 <name>Blinding</name> 385 <artwork><![CDATA[ 386 RSA-FDH-Blind(msg, bks, pubkey) -> out 387 388 Inputs: 389 msg message 390 bks blinding key secret of length L = 32 octets 391 pubkey RSA public key consisting of modulus N and public exponent e 392 393 Output: 394 out message blinded for pubkey 395 ]]></artwork> 396 <t><tt>out</tt> is calculated based on RSA-FDH from <xref target="rsa-fdh"/> as follows:</t> 397 <artwork><![CDATA[ 398 data = RSA-FDH(msg, pubkey) 399 r = RSA-FDH-Derive(bks, pubkey) 400 r_e = r ** pubkey.e (mod pubkey.N) 401 out = r_e * data (mod pubkey.N) 402 ]]></artwork> 403 </section> 404 <section anchor="signing-1"> 405 <name>Signing</name> 406 <artwork><![CDATA[ 407 RSA-FDH-Sign(data, privkey) -> sig 408 409 Inputs: 410 data data to be signed, an integer smaller than privkey.N 411 privkey RSA private key consisting of modulus N and private exponent d 412 413 Output: 414 sig signature on data by privkey 415 ]]></artwork> 416 <t><tt>sig</tt> is calculated as follows:</t> 417 <artwork><![CDATA[ 418 sig = data ** privkey.d (mod privkey.N) 419 ]]></artwork> 420 </section> 421 <section anchor="unblinding"> 422 <name>Unblinding</name> 423 <artwork><![CDATA[ 424 RSA-FDH-Unblind(sig, bks, pubkey) -> out 425 426 Inputs: 427 sig blind signature 428 bks blinding key secret of length L = 32 octets 429 pubkey RSA public key consisting of modulus N and public exponent e 430 431 Output: 432 out unblinded signature 433 ]]></artwork> 434 <t><tt>out</tt> is calculated as follows:</t> 435 <artwork><![CDATA[ 436 r = RSA-FDH-Derive(bks, pubkey) 437 r_inv = inverse of r (mod pubkey.N) 438 out = sig * r_inv (mod pubkey.N) 439 ]]></artwork> 440 </section> 441 <section anchor="verifying-1"> 442 <name>Verifying</name> 443 <artwork><![CDATA[ 444 RSA-FDH-Verify(msg, sig, pubkey) -> out 445 446 Inputs: 447 msg message 448 sig signature of pubkey over msg 449 pubkey RSA public key consisting of modulus N and public exponent e 450 451 Output: 452 out true, if sig is a valid signature 453 ]]></artwork> 454 <t><tt>out</tt> is calculated based on RSA-FDH from <xref target="rsa-fdh"/> as follows:</t> 455 <artwork><![CDATA[ 456 data = RSA-FDH(msg, pubkey) 457 exp = sig ** pubkey.e (mod pubkey.N) 458 out = (data == exp) 459 ]]></artwork> 460 </section> 461 </section> 462 <section anchor="cbs"> 463 <name>Clause-Schnorr</name> 464 </section> 465 </section> 466 </section> 467 <section anchor="datatypes-and-notation"> 468 <name>Datatypes and Notation</name> 469 <section anchor="amounts"> 470 <name>Amounts</name> 471 <t>Amounts are represented in Taler as positive fixed-point values 472 consisting of <tt>value</tt> as the non-negative integer part of the base currency, 473 the <tt>fraction</tt> given in units of one hundred millionth (1e-8) of the base currency, 474 and <tt>currency</tt> as the 3-11 ASCII characters identifying the currency.</t> 475 <t>Whenever used in the protocol, the binary representation of an <tt>amount</tt> is 476 <tt>uint64(amount.value) | uint32(amount.fraction) | padZero(12, amount.currency)</tt>.</t> 477 </section> 478 <section anchor="timestamps"> 479 <name>Timestamps</name> 480 <t>Absolute timestamps are represented as <tt>uint64(x)</tt> where <tt>x</tt> corresponds to 481 the microseconds since <tt>1970-01-01 00:00 CEST</tt> (the UNIX epoch). 482 The special value <tt>0xFFFFFFFFFFFFFFFF</tt> represents "never". 483 <!-- 484 // todo: check if needed and correct 485 Relative timestamps are represented as `uint64(x)` where `x` is given in microseconds. 486 The special value `0xFFFFFFFFFFFFFFFF` represents "forever". 487 --> 488 </t> 489 </section> 490 <section anchor="signatures"> 491 <name>Signatures</name> 492 <t>All messages to be signed in Taler start with a header containing their total size 493 (including the header) and a fixed signing context (purpose) as registered by GANA in the 494 <eref target="https://gana.gnunet.org/gnunet-signatures/gnunet_signatures.html">GNUnet Signature Purposes</eref> 495 registry. Taler-specific purposes start at 1000.</t> 496 <artwork><![CDATA[ 497 Gen-Msg(purpose, msg) -> out 498 499 Inputs: 500 purpose signature purpose as registered at GANA 501 msg message content (excl. header) to be signed 502 503 Output: 504 out complete message (incl. header) to be signed 505 ]]></artwork> 506 <t><tt>out</tt> is formed as follows:</t> 507 <artwork><![CDATA[ 508 out = uint32(len(msg) + 8) | uint32(purpose) | msg 509 ]]></artwork> 510 </section> 511 <section anchor="helper-functions"> 512 <name>Helper Functions</name> 513 <t>There are a certain number of single-argument functions which are often needed, 514 and therefore omit the parentheses of the typical function syntax:</t> 515 <ul spacing="normal"> 516 <li> 517 <t><tt>Knows data</tt> specifies <tt>data</tt> that is known a priori at the start of the protocol operation</t> 518 </li> 519 <li> 520 <t><tt>Determine data</tt> specifies <tt>data</tt> that is determined according to the business logic and current state of the protocol entity</t> 521 </li> 522 <li> 523 <t><tt>Check cond</tt> verifies that the boolean condition or variable <tt>cond</tt> is true, 524 or aborts the protocol operation otherwise</t> 525 </li> 526 <li> 527 <t><tt>Persist data</tt> persists the given <tt>data</tt> to the local database</t> 528 </li> 529 <li> 530 <t><tt>data = Lookup by key</tt> retrieves previously persisted <tt>data</tt> by the given <tt>key</tt></t> 531 </li> 532 <li> 533 <t><tt>Sum ⟨dataᵢ⟩</tt> is valid for numerical objects <tt>dataᵢ</tt> including amounts (cf. <xref target="amounts"/>), 534 and denotes the numerical sum of these objects</t> 535 </li> 536 </ul> 537 <t>Some more functions that are commonly used throughout <xref target="protocol"/>:</t> 538 <artwork><![CDATA[ 539 Hash-Denom(denom) = 540 SHA-512(uint32(0) | uint32(1) | denom.pub) 541 542 Hash-Planchet(planchet, denom) = 543 SHA-512( SHA-512( denom.pub ) | uint32(0x1) | planchet ) 544 545 Hash-Contract(contract) = 546 SHA-512( canonicalJSON(contract) | 0x0) 547 548 Check-Subtract(value, subtrahend) = 549 Check value >= subtrahend 550 Persist value -= subtrahend 551 ]]></artwork> 552 <t><tt>canonicalJSON(data)</tt> canonicalizes <tt>data</tt> represented as JSON 553 according to the JSON Canonicalization Scheme (JCS) defined in <xref target="RFC8785"/>. 554 Note that <tt>data</tt> as input to <tt>canonicalJSON</tt> is restricted as follows for Taler:</t> 555 <ul spacing="normal"> 556 <li> 557 <t>For JSON Object member names, only strings matching the regular expression <tt>^[0-9A-Z_a-z]+$</tt> or the literal names <tt>$forgettable</tt> or <tt>$forgotten</tt> are allowed. 558 This makes the sorting of object members easier, as <xref target="RFC8785"/> requires sorting by UTF-16 code points.</t> 559 </li> 560 <li> 561 <t>Floating point numbers are forbidden. Numbers must be integers in the range <tt>-(2**53 - 1)</tt> to <tt>(2**52) - 1</tt>.</t> 562 </li> 563 </ul> 564 </section> 565 </section> 566 <section anchor="protocol"> 567 <name>The Taler Crypto Protocol</name> 568 <t>The Taler payment protocol is a token-based <em>e-cash</em> system 569 which ensures anonymity for payers (much like physical cash), 570 while guaranteing income transparency on the payees' side (much like most digital payment systems). 571 Contrary to what the name might suggest, 572 Taler neither is a separate currency (as cryptocurrencies do) 573 nor is it tied to a specific currency. 574 Instead, the payment system operator offering the Taler payment protocol 575 can freely choose the assets backing the payment system.</t> 576 <t>The basic system consists of three types of entities:</t> 577 <ol spacing="normal" type="1"><li> 578 <t>The Taler <em>exchange</em> is run by the payment system operator. 579 It is the central, trusted entity which hands out e-cash and holds the corresponding value.</t> 580 </li> 581 <li> 582 <t>A Taler <em>wallet</em> manages e-cash in self-custody for end users.</t> 583 </li> 584 <li> 585 <t>A Taler <em>merchant</em> can redeem e-cash at the exchange 586 after the wallet authorized a deposit permission during a payment.</t> 587 </li> 588 </ol> 589 <t>E-cash in Taler is represented as digital tokens called <em>coins</em>. 590 They are public-private keypairs where ownership of the coin 591 is equivalent to the knowledge of the private key <tt>coin.priv</tt>. 592 Every coin has an initial value corresponding to a denomination (<tt>denom</tt>) offered by the exchange. 593 The validity of coins is signaled by the presence of 594 a valid denomination signature <tt>coin.sig</tt> on the (hash of the) public key <tt>coin.pub</tt>. 595 To ensure payer anonymity, the exchange generates <tt>coin.sig</tt> without learning the actual (hash of) <tt>coin.pub</tt> 596 using a <em>blind</em> signature scheme.</t> 597 <t>Wallets obtain coins from the exchange during <em>withdrawal</em> (cf. <xref target="withdraw"/>) 598 and use them during <em>payment</em> at merchants, who in turn <em>deposit</em> them at the exchange (cf. <xref target="payment"/>). 599 Residual value on partly spent coins can be <em>refreshed</em> by the wallet subsequently in order to obtain unlinkable change (cf. <xref target="refresh"/>). 600 Taler also supports receiving e-cash in a wallet without acting as a merchant using <em>wallet-to-wallet payments</em> (W2W, cf. <xref target="w2w"/>), 601 which are always handled via the exchange.</t> 602 <t>Honest operation of the exchange can be optionally supervised by an independant third-party Taler <em>auditor</em>. 603 This supervision is not part of the basic Taler protocol and thus not part of this document.</t> 604 <artwork><![CDATA[ 605 - exchange - 606 / \ 607 Withdrawal / \ Deposit 608 Refresh / W2W \ 609 / \ 610 wallet ----------- merchant 611 Payment 612 ]]></artwork> 613 <t>// todo: capitalize wallet, exchange, merchant everywhere?</t> 614 <t>In the default configuration, Taler uses RSA-FDH (cf. <xref target="rsa-fdh"/>) for (blind) denomination signatures 615 and Ed25519 (cf. <xref target="ed25519"/>) signatures everywhere else. 616 Clause-Schnorr Signatures (cf. <xref target="cbs"/>) provide an alternative blind signature scheme operating on Elliptic Curves. 617 As their usage is still experimental, they are not described as part of this document.</t> 618 <t>Taler has optional support for age-restricted coins, enabling privacy-preserving age restriction. 619 As an optional feature, it is not part of the basic Taler protocol and thus left out of the description in this document.</t> 620 <section anchor="obtaining-e-cash"> 621 <name>Obtaining E-Cash</name> 622 <section anchor="withdraw"> 623 <name>Withdrawal</name> 624 <t>The wallet generates <tt>n > 0</tt> coins <tt>⟨coinᵢ⟩</tt> and requests <tt>n</tt> signatures <tt>⟨blind_sigᵢ⟩</tt> from the exchange, 625 attributing value to the coins according to <tt>n</tt> chosen denominations <tt>⟨denomᵢ⟩</tt>. 626 The total value and withdrawal fee (defined by the exchange per denomination) 627 must be smaller or equal to the amount stored in the single reserve used for withdrawal.</t> 628 <t>// todo: document TALER_MAX_COINS = 64 per operation (due to CS-encoding)</t> 629 <t>// todo: extend with extra roundtrip for CBS</t> 630 <artwork><![CDATA[ 631 wallet exchange 632 Knows ⟨denomᵢ⟩ Knows ⟨denomᵢ.priv⟩ 633 | | 634 +-----------------------------+ | 635 | (W1) reserve key generation | | 636 +-----------------------------+ | 637 | | 638 |----------- (bank transfer) ----------->| 639 | (subject: reserve.pub, amount: value) | 640 | | 641 | +------------------------------+ 642 | | Persist (reserve.pub, value) | 643 | +------------------------------+ 644 | | 645 +-----------------------------------+ | 646 | (W2) coin generation and blinding | | 647 +-----------------------------------+ | 648 | | 649 |-------------- /withdraw -------------->| 650 | (reserve.pub, planchets, sig) | 651 | | 652 | +--------------------------------+ 653 | | (E1) coin issuance and signing | 654 | +--------------------------------+ 655 | | 656 |<---------- (⟨blind_sigᵢ⟩) -------------| 657 | | 658 +----------------------+ | 659 | (W3) coin unblinding | | 660 +----------------------+ | 661 | | 662 ]]></artwork> 663 <t>where (for RSA, without age-restriction)</t> 664 <sourcecode type="pseudocode"><![CDATA[ 665 (W1) reserve key generation (wallet) 666 667 reserve = Ed25519-Keygen() 668 Persist (reserve, value) 669 ]]></sourcecode> 670 <t>The wallet derives coins and blinding secrets using a HKDF from a single seed per withdrawal operation, 671 together with an integer index. 672 This is strictly speaking an implementation detail since the seed is never revealed to any other party, 673 and might be chosen to be implemented differently.</t> 674 <sourcecode type="pseudocode"><![CDATA[ 675 (W2) coin generation and blinding (wallet) 676 677 batch_seed = random(256) 678 Persist batch_seed 679 for i in 0..n: 680 coin_seedᵢ = HKDF(uint32(i), batch_seed, "taler-withdrawal-coin-derivation", 64) 681 blind_secretᵢ = coin_seedᵢ[32:] 682 coinᵢ.priv = coin_seedᵢ[:32] 683 coinᵢ.pub = Ed25519-GetPub(coinᵢ.priv) 684 h_denomᵢ = Hash-Denom(denomᵢ) 685 planchetᵢ = RSA-FDH-Blind(SHA-512(coinᵢ.pub), blind_secretᵢ, denomᵢ.pub) 686 h_planchetᵢ = Hash-Planchet(planchetᵢ, denomᵢ) 687 planchets = (⟨h_denomᵢ⟩, ⟨planchetᵢ⟩) 688 msg = Gen-Msg(WALLET_RESERVE_WITHDRAW, 689 ( Sum ⟨denomᵢ.value⟩ | Sum ⟨denomᵢ.fee_withdraw⟩ 690 | SHA-512( ⟨h_planchetᵢ⟩ ) | uint256(0x0) | uint32(0x0) | uint32(0x0) )) 691 sig = Ed25519-Sign(reserve.priv, msg) 692 693 // todo: exchange.git uses different derivation than wallet-core.git (above): 694 ⟨coin_seedᵢ⟩ = HKDF(uint32(n), batch_seed, "taler-withdraw-secrets", 32*n) 695 for i in 0..n: 696 blind_secretᵢ = HKDF("bks", coin_seedᵢ, "", 32) 697 coinᵢ.priv = HKDF("coin", coin_seedᵢ, "", 32) 698 ]]></sourcecode> 699 <sourcecode type="pseudocode"><![CDATA[ 700 (E1) coin issuance and signing (exchange) 701 702 (⟨h_denomᵢ⟩, ⟨planchetᵢ⟩) = planchets 703 for i in 0..n: 704 denomᵢ = Lookup by h_denomᵢ 705 Check denomᵢ known and not withdraw-expired 706 h_planchetᵢ = Hash-Planchet(planchetᵢ, denomᵢ) 707 msg = Gen-Msg(WALLET_RESERVE_WITHDRAW, 708 ( Sum ⟨denomᵢ.value⟩ | Sum ⟨denomᵢ.fee_withdraw⟩ 709 | SHA-512( ⟨h_planchetᵢ⟩ ) | uint256(0x0) | uint32(0x0) | uint32(0x0) )) 710 Check Ed25519-Verify(reserve.pub, msg, sig) 711 Check reserve KYC status ok or not needed 712 total = Sum ⟨denomᵢ.value⟩ + Sum ⟨denomᵢ.fee_withdraw⟩ 713 Check-Subtract(reserve.balance, total) 714 for i in 0..n: 715 blind_sigᵢ = RSA-FDH-Sign(planchetᵢ, denomᵢ.priv) 716 Persist withdrawal // todo: what exactly? should be checked first for replay? 717 ]]></sourcecode> 718 <sourcecode type="pseudocode"><![CDATA[ 719 (W3) coin unblinding (wallet) 720 721 for i in 0..n: 722 coinᵢ.sig = RSA-FDH-Unblind(blind_sigᵢ, blind_secretᵢ, denomᵢ.pub) 723 Check RSA-FDH-Verify(SHA-512(coinᵢ.pub), coinᵢ.sig, denomᵢ.pub) 724 coinᵢ.value = denomᵢ.value 725 coinᵢ.h_denom = h_denomᵢ 726 coinᵢ.blind_secret = blind_secretᵢ // todo: why save blind_secret, if batch_seed already persisted? 727 Persist ⟨coinᵢ⟩ 728 ]]></sourcecode> 729 </section> 730 <section anchor="withdraw-recoup"> 731 <name>Recoup</name> 732 <t>// todo</t> 733 </section> 734 </section> 735 <section anchor="payment-with-e-cash"> 736 <name>Payment with E-Cash</name> 737 <section anchor="payment"> 738 <name>Payment and Deposit</name> 739 <t>The wallet obtains <tt>contract</tt> information for an <tt>order</tt> from the merchant 740 after claiming it with a <tt>nonce</tt>. 741 Payment of the order is prepared by signing (partial) deposit authorizations <tt>⟨depositᵢ⟩</tt> with coins <tt>⟨coinᵢ⟩</tt> of certain denominations <tt>⟨denomᵢ⟩</tt>, 742 where the sum of all contributions (<tt>contributionᵢ + denomᵢ.fee_deposit <= denomᵢ.value</tt>) 743 must match the <tt>contract.price</tt> plus potential deposit fees <tt>⟨denomᵢ.fee_deposit⟩</tt>. 744 The payment is complete as soon as the merchant successfully redeems the deposit authorizations at the exchange.</t> 745 <t>Deposit could also be used directly by a wallet with its own payto and a minimal contract.</t> 746 <t>// todo: should we integrate payment templates here?</t> 747 <artwork><![CDATA[ 748 wallet merchant exchange 749 Knows ⟨coinᵢ⟩ Knows merchant.priv Knows exchange.priv 750 | Knows exchange, payto Knows ⟨denomᵢ⟩ 751 | | | 752 | +-----------------------+ | 753 | | (M1) order generation | | 754 | +-----------------------+ | 755 | | | 756 |<--- (QR-Code / NFC / URI) ---| | 757 | (order.{id,token?}) | | 758 | | | 759 +-----------------------+ | | 760 | (W1) nonce generation | | | 761 +-----------------------+ | | 762 | | | 763 |-- /orders/{order.id}/claim ->| | 764 | (nonce.pub, order.token?) | | 765 | | | 766 | +--------------------------+ | 767 | | (M2) contract generation | | 768 | +--------------------------+ | 769 | | | 770 |<-- (contract, merchant.pub, -| | 771 | sig) | | 772 | | | 773 +--------------------------+ | | 774 | (W2) payment preparation | | | 775 +--------------------------+ | | 776 | | | 777 |--- /orders/{order.id}/pay -->| | 778 | (⟨depositᵢ⟩) | | 779 | | | 780 | +--------------------------+ | 781 | | (M3) deposit preparation | | 782 | +--------------------------+ | 783 | | | 784 | |-------- /batch-deposit ----->| 785 | | (info, h_contract, ⟨depositᵢ⟩| 786 | | merchant.pub, sig) | 787 | | | 788 | | +--------------------+ 789 | | | (E1) deposit check | 790 | | +--------------------+ 791 | | | 792 | |<------ (time_deposit, -------| 793 | | exchange.pub, sig) | 794 | | | 795 | +---------------------------+ | 796 | | (M4) deposit verification | | 797 | +---------------------------+ | 798 | | | 799 |<----------- (sig) -----------| | 800 | | | 801 +---------------------------+ | | 802 | (W3) payment verification | | | 803 +---------------------------+ | | 804 | | | 805 ]]></artwork> 806 <t>where (without age restriction, policy and wallet data hash)</t> 807 <sourcecode type="pseudocode"><![CDATA[ 808 (M1) order generation (merchant) 809 810 wire_salt = random(128) 811 Determine price, and ASCII strings id, info, token? 812 Persist order = (id, price, info, token?, wire_salt) 813 ]]></sourcecode> 814 <sourcecode type="pseudocode"><![CDATA[ 815 (W1) nonce generation (wallet) 816 817 nonce = Ed25519-Keygen() 818 Persist nonce.priv 819 ]]></sourcecode> 820 <t>Note that the private key of <tt>nonce</tt> is currently not used anywhere in the protocol. 821 However, it could be used in the future to prove ownership of an order transaction, 822 enabling use-cases such as "unclaiming" or transferring an order to another person, 823 or proving the payment without resorting to the individual coins.</t> 824 <sourcecode type="pseudocode"><![CDATA[ 825 (M2) contract generation (merchant) 826 827 Check order.token? == token? 828 h_wire = HKDF(wire_salt, payto, "merchant-wire-signature", 64) 829 timestamp = now() 830 Determine refund_deadline, wire_deadline from timestamp 831 Determine max_fees from price 832 contract = (order.{id,price,info,token?}, exchange, h_wire, timestamp, refund_deadline, wire_deadline, max_fees) 833 contract.nonce = nonce.pub 834 Persist contract 835 h_contract = Hash-Contract(contract) 836 msg = Gen-Msg(MERCHANT_CONTRACT, h_contract) 837 sig = Ed25519-Sign(merchant.priv, msg) 838 ]]></sourcecode> 839 <sourcecode type="pseudocode"><![CDATA[ 840 (W2) payment preparation (wallet) 841 842 h_contract = Hash-Contract(contract) 843 msg = Gen-Msg(MERCHANT_CONTRACT, h_contract) 844 Check Ed25519-Verify(merchant.pub, msg, sig) 845 Check contract.nonce == nonce 846 // TODO: double-check extra hash check? 847 for i in 0..n: 848 Determine coinᵢ, denomᵢ, contribution_netᵢ for contract.{exchange,price,max_fees} 849 contribution_grossᵢ = contribution_netᵢ + denomᵢ.fee_deposit 850 Check-Subtract(coinᵢ.value, contribution_grossᵢ) 851 msgᵢ = Gen-Msg(WALLET_COIN_DEPOSIT, 852 ( h_contract | uint256(0x0) 853 | uint512(0x0) | contract.h_wire | coinᵢ.h_denom 854 | timestamp | contract.refund_deadline 855 | contribution_grossᵢ | denomᵢ.fee_deposit 856 | merchant.pub | uint512(0x0) )) 857 sigᵢ = Ed25519-Sign(coinᵢ.priv, msgᵢ) 858 depositᵢ = (coinᵢ.{pub,sig,h_denom}, contribution_grossᵢ, sigᵢ) 859 Persist (contract, ⟨sigᵢ⟩, ⟨depositᵢ⟩) 860 ]]></sourcecode> 861 <sourcecode type="pseudocode"><![CDATA[ 862 (M3) deposit preparation (merchant) 863 864 for i in 0..n: 865 denomᵢ = Lookup by depositᵢ.coin.h_denom 866 contribution_netᵢ = depositᵢ.contribution_gross - denomᵢ.fee_deposit 867 Check Sum ⟨contribution_netᵢ⟩ >= contract.price - contract.max_fees 868 info.time = contract.{timestamp, wire_deadline, refund_deadline} 869 info.wire = (payto, wire_salt) 870 h_contract = Hash-Contract(contract) 871 msg = Gen-Msg(MERCHANT_CONTRACT, h_contract) 872 sig = Ed25519-Sign(merchant.priv, msg) 873 ]]></sourcecode> 874 <t>TODO: what about wire_fees, those should be checked for as well, or do we just assume merchant will pay those? 875 see src/backend/taler-merchant-httpd_post-orders-ORDER_ID-pay.c:2760</t> 876 <sourcecode type="pseudocode"><![CDATA[ 877 (E1) deposit check (exchange) 878 879 h_wire = HKDF(info.wire.wire_salt, info.wire.payto, "merchant-wire-signature", 64) 880 for i in 0..n: 881 coinᵢ = depositᵢ.coin 882 denomᵢ = Lookup by coinᵢ.h_denom 883 Check denomᵢ known and not deposit-expired 884 msgᵢ = Gen-Msg(WALLET_COIN_DEPOSIT, 885 ( h_contract | uint256(0x0) 886 | uint512(0x0) | h_wire | coinᵢ.h_denom 887 | info.time.timestamp | info.time.refund_deadline 888 | depositᵢ.contribution_gross | denomᵢ.fee_deposit 889 | merchant.pub | uint512(0x0) )) 890 Check Ed25519-Verify(coinᵢ.pub, msgᵢ, depositᵢ.sig) 891 Check RSA-FDH-Verify(SHA-512(coinᵢ.pub), coinᵢ.sig, denomᵢ.pub) 892 Check-Subtract(coinᵢ.value, depositᵢ.contribution_gross) 893 Persist deposit-record 894 schedule bank transfer to payto 895 time_deposit = now() 896 msg = Gen-Msg(EXCHANGE_CONFIRM_DEPOSIT, 897 ( h_contract | h_wire | uint512(0x0) 898 | time_deposit | info.time.wire_deadline 899 | info.time.refund_deadline 900 | Sum ⟨depositᵢ.contribution_gross⟩ 901 | SHA-512( ⟨depositᵢ.sig⟩ ) | merchant.pub )) 902 sig = Ed25519-Sign(exchange.priv, msg) 903 ]]></sourcecode> 904 <sourcecode type="pseudocode"><![CDATA[ 905 (M2) deposit verification (merchant) 906 907 h_wire = HKDF(wire_salt, payto, "merchant-wire-signature", 64) 908 msg = Gen-Msg(EXCHANGE_CONFIRM_DEPOSIT, 909 ( h_contract | h_wire | uint512(0x0) 910 | time_deposit | contract.wire_deadline 911 | contract.refund_deadline 912 | Sum ⟨depositᵢ.contribution⟩ 913 | SHA-512( ⟨depositᵢ.sig⟩ ) | merchant.pub )) 914 Check Ed25519-Verify(exchange.pub, msg, sig) 915 msg = Gen-Msg(MERCHANT_PAYMENT_OK, h_contract) 916 sig = Ed25519-Sign(merchant.priv, msg) 917 ]]></sourcecode> 918 <sourcecode type="pseudocode"><![CDATA[ 919 (W3) payment verification (wallet) 920 921 msg = Gen-Msg(MERCHANT_PAYMENT_OK, h_contract) 922 Check Ed25519-Verify(merchant.pub, msg, sig) 923 ]]></sourcecode> 924 </section> 925 <section anchor="refund"> 926 <name>Refund</name> 927 <t>A wallet can request a refund for an order from the merchant after it has been completed successfully 928 (cf. <xref target="payment"/>) and before the merchant has been paid out by the exchange (i.e., before <tt>contract.wire_deadline</tt>). 929 The merchant needs to approve the refund via its business logic, 930 and is free to decide the total amount of the refund 931 as well as which coins' deposit operations are (potentially partly) invalidated. 932 After the exchange has accepted the refund request, 933 the coins obtain their (partial) value back. 934 The wallet should proceed to refresh (cf. <xref target="refresh"/>) the coins before spending them again 935 to obtain unlinkability.</t> 936 <t>In case the wallet itself has used deposit to its own payto, 937 it can act as the merchant in the protocol below.</t> 938 <artwork><![CDATA[ 939 wallet merchant exchange 940 Knows order.id Knows merchant.priv Knows deposit_record 941 Knows contract | for coinᵢ.pub 942 | | | 943 +---------------------+ | | 944 | (W1) refund request | | | 945 +---------------------+ | | 946 | | | 947 |- /orders/{order.id}/refund ->| | 948 | (h_contract) | | 949 | | | 950 | +------------------------+ | 951 | | (M1) refund processing | | 952 | +------------------------+ | 953 | | | 954 | |- /coins/{coinᵢ.pub}/refund ->| 955 | | (valueᵢ, h_contract, id, | 956 | | merchant.pub, sigᵢ) | 957 | | | 958 | | +-------------------+ 959 | | | (E1) refund check | 960 | | +-------------------+ 961 | | | 962 | |<--- (exchange.pub, sigᵢ) ----| 963 | | | 964 | +--------------------------+ | 965 | | (M2) refund confirmation | | 966 | +--------------------------+ | 967 | | | 968 |<-----(value, ⟨refundᵢ⟩,------| | 969 | merchant.pub) | | // todo: why merchant.pub if no sig transmitted? 970 | | | 971 +-----------------------+ | | 972 | (W2) refund reception | | | 973 +-----------------------+ | | 974 | | | 975 ]]></artwork> 976 <t>where (for RSA, without age-restriction)</t> 977 <sourcecode type="pseudocode"><![CDATA[ 978 (W1) refund request (wallet) 979 980 h_contract = Hash-Contract(contract) 981 ]]></sourcecode> 982 <sourcecode type="pseudocode"><![CDATA[ 983 (M1) refund processing (merchant) 984 985 Check h_contract known and refund possible 986 time = now() 987 ⟨coinᵢ⟩ = Lookup by h_contract 988 id = uint32(random(32)) 989 for i in 0..n: 990 denomᵢ = Lookup by coinᵢ.h_denom 991 valueᵢ = refund amount // todo: split wisely 992 msgᵢ = Gen-Msg(MERCHANT_REFUND, 993 ( h_contract | coinᵢ.pub | id | valueᵢ | denomᵢ.fee_refund )) 994 sigᵢ = Ed25519-Sign(merchant.priv, msgᵢ) 995 ]]></sourcecode> 996 <sourcecode type="pseudocode"><![CDATA[ 997 (E1) refund check and confirmation (exchange) 998 999 deposit_record = Lookup by h_contract // todo: needs to be persisted before with order.id and used coins! 1000 Check refund possible (prior to wire transfer deadline) 1001 for i in 0..n: 1002 Check coinᵢ.pub part of deposit_record 1003 denomᵢ = Lookup by coinᵢ.pub 1004 msgᵢ = Gen-Msg(MERCHANT_REFUND, 1005 ( h_contract | coinᵢ.pub | id | valueᵢ | denomᵢ.fee_refund )) 1006 Check Ed25519-Verify(merchant.pub, msgᵢ, sigᵢ) 1007 Check valueᵢ >= denomᵢ.fee_refund 1008 remove/update scheduled wire transfer 1009 Persist coinᵢ.value += valueᵢ - denomᵢ.fee_refund 1010 msgᵢ = Gen-Msg(MERCHANT_REFUND_OK, SHA-512(order.id)) 1011 sigᵢ = Ed25519-Sign(exchange.priv, msgᵢ) 1012 ]]></sourcecode> 1013 <sourcecode type="pseudocode"><![CDATA[ 1014 (M2) refund confirmation (merchant) 1015 1016 for i in 0..n: 1017 msgᵢ = Gen-Msg(MERCHANT_REFUND_OK, SHA-512(order.id)) 1018 Check Ed25519-Verify(exchange.pub, msgᵢ, sigᵢ) 1019 update business logic 1020 refundᵢ = (valueᵢ, sigᵢ, id, coinᵢ.pub, time) 1021 value = sum ⟨valueᵢ⟩ 1022 ]]></sourcecode> 1023 <sourcecode type="pseudocode"><![CDATA[ 1024 (W2) refund reception (wallet) 1025 1026 for i in 0..n: 1027 (valueᵢ, sigᵢ, id, coinᵢ.pub, time) = refundᵢ 1028 update persistent transaction information 1029 refresh ⟨coinᵢ⟩ 1030 ]]></sourcecode> 1031 </section> 1032 </section> 1033 <section anchor="obtaining-unlinkable-change"> 1034 <name>Obtaining unlinkable change</name> 1035 <section anchor="refresh"> 1036 <name>Refresh</name> 1037 <t>The wallet obtains <tt>n</tt> new coins <tt>⟨coinᵢ⟩</tt> of denominations <tt>⟨denomᵢ⟩</tt> 1038 in exchange for one old <tt>coin</tt> of denomination <tt>denom</tt> from the exchange. 1039 There are three reasons why a wallet needs to do this:</t> 1040 <ol spacing="normal" type="1"><li> 1041 <t>Obtaining unlinkable change after using only a part of the coin's value during a payment (cf. <xref target="payment"/>), 1042 i.e., where <tt>coin.value < denom.value</tt></t> 1043 </li> 1044 <li> 1045 <t>Obtaining unlinkable change after a successful refund (cf. <xref target="refund"/>)</t> 1046 </li> 1047 <li> 1048 <t>Renewing a coin before it deposit-expires</t> 1049 </li> 1050 </ol> 1051 <t>The sum of the refresh fee of <tt>denom</tt> and the new denominations' values and withdrawal fees (defined by the exchange) 1052 must be smaller or equal to the residual value of the old coin (<tt>coin.value</tt>).</t> 1053 <t>The private key of each new coin candidate <tt>⟨coinₖᵢ.priv⟩</tt> is transitively derived from the old coin's private key <tt>coin.priv</tt> 1054 via a 512-bit secret <tt>⟨sharedₖᵢ⟩</tt> according to <tt>Refresh-Derive</tt>. 1055 The secret is regeneratable with the knowledge of <tt>coin.priv</tt> via the link protocol (cf. <xref target="link"/>). 1056 The derivation ensures that ownership of coins (knowledge of the private key) is correctly transferred, 1057 and thereby that value transfer among untrusted parties can only happen via payment and deposit, not via refresh.</t> 1058 <artwork><![CDATA[ 1059 Refresh-Derive(shared, i, denom) = 1060 planchet_seed = HKDF(uint32(i), shared, "taler-coin-derivation", 32) 1061 blind_secret = HKDF("bks", planchet_seed, "", 32) 1062 coin.priv = HKDF("coin", planchet_seed, "", 32) 1063 coin.pub = Ed25519-GetPub(coin.priv) 1064 planchet = RSA-FDH-Blind(SHA-512(coin.pub), blind_secret, denom.pub) 1065 h_planchet = Hash-Planchet(planchet, denom) 1066 return (coin, blind_secret, planchet, h_planchet) 1067 ]]></artwork> 1068 <t>Taler uses a cut-and-choose protocol with the fixed parameter <tt>κ=3</tt> to enforce correct derivation 1069 of <tt>⟨sharedₖᵢ⟩</tt> from a single seed per batch of planchets <tt>⟨batch_seedₖ⟩</tt> 1070 (in (κ-1)/κ of the cases, making income concealment for tax evasion purposes unpractical).</t> 1071 <t>Refreshing consists of two parts:</t> 1072 <ol spacing="normal" type="1"><li> 1073 <t>Melting of the old coin and commiting to κ batches of blinded planchet candidates</t> 1074 </li> 1075 <li> 1076 <t>Revelation of κ-1 secrets <tt>⟨revealed_seedₖ⟩</tt> to prove the proper construction of the (revealed) batches of blinded planchet candidates.</t> 1077 </li> 1078 </ol> 1079 <artwork><![CDATA[ 1080 wallet exchange 1081 Knows ⟨denomᵢ⟩ Knows ⟨denomᵢ.priv⟩ 1082 Knows coin | 1083 | | 1084 +-------------------+ | 1085 | (W1) coin melting | | 1086 +-------------------+ | 1087 | | 1088 |---------------- /melt ---------------->| 1089 | (coin.{pub,sig,h_denom}, value, | 1090 | refresh_seed, planchets, sig) | 1091 | | 1092 | +---------------------------------------+ 1093 | | (E1) gamma selection and coin signing | 1094 | +---------------------------------------+ 1095 | | 1096 |<------ (ɣ, exchange.pub, sig) ---------| 1097 | | 1098 +------------------------+ | 1099 | (W2) secret revelation | | 1100 +------------------------+ | 1101 | | 1102 |------------ /reveal-melt ------------->| 1103 | (commitment, ⟨revealed_seedₖ⟩) | 1104 | | 1105 | +----------------------------+ 1106 | | (E2) commitment validation | 1107 | +----------------------------+ 1108 | | 1109 |<---------- (⟨blind_sigᵢ⟩) -------------| 1110 | | 1111 +----------------------+ | 1112 | (W3) coin unblinding | | 1113 +----------------------+ | 1114 | | 1115 ]]></artwork> 1116 <t>where (for RSA, without age-restriction)</t> 1117 <sourcecode type="pseudocode"><![CDATA[ 1118 (W1) coin melting (wallet) 1119 1120 refresh_seed = random(512) 1121 ⟨batch_seedₖ⟩ = HKDF("refresh-batch-seeds", refresh_seed, coin.priv, k*64) 1122 for k in 0..κ: 1123 ⟨transferₖᵢ.priv⟩ = HKDF("refresh-transfer-private-keys", batch_seedₖ, "", n*32) 1124 for i in 0..n: 1125 transferₖᵢ.pub = ECDH-GetPub(transferₖᵢ.priv) 1126 sharedₖᵢ = ECDH-Ed25519-Pub(transferₖᵢ.priv, coin.pub) 1127 (coinₖᵢ, blind_secretₖᵢ, planchetₖᵢ, h_planchetₖᵢ) = Refresh-Derive(sharedₖᵢ, denomᵢ) 1128 h_planchetsₖ = SHA-512( ⟨h_planchetₖᵢ⟩ ) 1129 value = coin.denom.fee_refresh + Sum ⟨denomᵢ.value⟩ + Sum ⟨denomᵢ.fee_withdraw⟩ 1130 commitment = SHA-512( refresh_seed | uint256(0x0) | coin.pub 1131 | value | ⟨h_planchetsₖ⟩ ) 1132 for i in 0..n: 1133 h_denomᵢ = Hash-Denom(denomᵢ) 1134 planchets = (⟨h_denomᵢ⟩, ⟨planchetₖᵢ⟩, ⟨transferₖᵢ.pub⟩)) 1135 msg = Gen-Msg(WALLET_COIN_MELT, 1136 ( commitment | coin.h_denom | uint256(0x0) 1137 | value | denom.fee_refresh )) 1138 sig = Ed25519-Sign(coin.priv, msg) 1139 Persist (coin.denom.pub, ...) // todo: double-check 1140 ]]></sourcecode> 1141 <sourcecode type="pseudocode"><![CDATA[ 1142 (E1) gamma selection and coin signing (exchange) 1143 1144 denom = Lookup by coin.h_denom 1145 Check denom known and not deposit-expired 1146 Check RSA-FDH-Verify(SHA-512(coin.pub), coin.sig, denom.pub) 1147 Check coin.pub known and dirty 1148 (⟨h_denomᵢ⟩, ⟨planchetₖᵢ⟩, ⟨transferₖᵢ.pub⟩)) = planchets 1149 for i in 0..n: 1150 denomᵢ = Lookup by h_denomᵢ 1151 Check denomᵢ known and not withdraw-expired 1152 value' = coin.denom.fee_refresh + Sum ⟨denomᵢ.value⟩ + Sum ⟨denomᵢ.fee_withdraw⟩ 1153 Check value' == value 1154 Check-Subtract(coin.value, value) 1155 for k in 0..κ: 1156 for i in 0..n: 1157 h_planchetₖᵢ = Hash-Planchet(planchetₖᵢ, denomᵢ) 1158 h_planchetsₖ = SHA-512( ⟨h_planchetₖᵢ⟩ ) 1159 commitment = SHA-512( refresh_seed | uint256(0x0) | coin.pub 1160 | value | ⟨h_planchetsₖ⟩ ) 1161 msg = Gen-Msg(WALLET_COIN_MELT, 1162 ( commitment | coin.h_denom | uint256(0x0) 1163 | value | denom.fee_refresh )) 1164 Check Ed25519-Verify(coin.pub, msg, sig) 1165 refresh_record = Lookup by commitment 1166 (ɣ, _, _, done, _) = refresh_record 1167 if refresh_record not found: 1168 ɣ = 0..κ at random 1169 for i in 0..n: 1170 blind_sigᵢ = RSA-FDH-Sign(planchetᵧᵢ, denomᵧᵢ.priv) 1171 link_info = (refresh_seed, ⟨transferₖᵢ.pub⟩, ⟨h_denomᵢ⟩, coin_sig) 1172 Persist refresh_record = (commitment, ɣ, ⟨blind_sigᵢ⟩, h_planchetsᵧ, false, link_info) 1173 msg = Gen-Msg(EXCHANGE_CONFIRM_MELT, 1174 ( commitment | uint32(ɣ) )) 1175 sig = Ed25519-Sign(exchange.priv, msg) 1176 ]]></sourcecode> 1177 <sourcecode type="pseudocode"><![CDATA[ 1178 (W2) secret revelation (wallet) 1179 1180 Check exchange.pub known 1181 msg = Gen-Msg(EXCHANGE_CONFIRM_MELT, 1182 ( commitment | uint32(ɣ) )) 1183 Check Ed25519-Verify(exchange.pub, msg, sig) 1184 Persist refresh-challenge // what exactly? 1185 for k in 0..κ and k != ɣ: 1186 revealed_seedₖ = batch_seedₖ 1187 ]]></sourcecode> 1188 <sourcecode type="pseudocode"><![CDATA[ 1189 (E2) commitment validation (exchange) 1190 1191 refresh_record = Lookup by commitment 1192 (ɣ, ⟨blind_sigᵢ⟩, h_planchetsᵧ, done, _) = refresh_record 1193 Check not done // todo: sure? 1194 for k in 0..κ and k != ɣ: 1195 ⟨transferₖᵢ.priv⟩ = HKDF("refresh-transfer-private-keys", batch_seedₖ, "", n*32) 1196 for i in 0..n: 1197 transferₖᵢ.pub = ECDH-GetPub(transferₖᵢ.priv) 1198 sharedₖᵢ = ECDH-Ed25519-Pub(transferₖᵢ.priv, coin.pub) 1199 (_, _, _, h_planchetₖᵢ) = Refresh-Derive(sharedₖᵢ, denomᵢ) 1200 h_planchetsₖ = SHA-512( ⟨h_planchetₖᵢ⟩ ) 1201 value = coin.denom.fee_refresh + Sum ⟨denomᵢ.value⟩ + Sum ⟨denomᵢ.fee_withdraw⟩ 1202 commitment' = SHA-512( refresh_seed | uint256(0x0) | coin.pub 1203 | value | ⟨h_planchetsₖ⟩ ) 1204 Check commitment == commitment' 1205 Persist refresh_record = (_, _, _, true, _) 1206 ]]></sourcecode> 1207 <sourcecode type="pseudocode"><![CDATA[ 1208 (W3) coin unblinding (wallet) 1209 1210 for i in 0..n: 1211 coinᵧᵢ.sig = RSA-FDH-Unblind(blind_sigᵧᵢ, blind_secretᵧᵢ, denomᵢ.pub) 1212 Check RSA-FDH-Verify(SHA-512(coinᵧᵢ.pub), coinᵧᵢ.sig, denomᵢ.pub) 1213 coinᵧᵢ.h_denom = h_denomᵢ 1214 Persist ⟨coinᵧᵢ⟩ 1215 ]]></sourcecode> 1216 </section> 1217 <section anchor="link"> 1218 <name>Link</name> 1219 <t>Coins ⟨coinᵧᵢ⟩ obtained via the refresh protocol (cf. <xref target="refresh"/>) can be regenerated 1220 with the knowledge of the old coin's private key <tt>coin.priv</tt> using the link protocol, 1221 integrated in the coin history endpoint.</t> 1222 <artwork><![CDATA[ 1223 wallet exchange 1224 Knows coin Knows refresh_record for coin.pub 1225 | | 1226 +----------------------+ | 1227 | (W1) history request | | 1228 +----------------------+ | 1229 | | 1230 |------ /coins/{coin.pub}/history ------>| 1231 | (sig) | 1232 | | 1233 | +----------------------------+ 1234 | | (E1) refresh secret lookup | 1235 | +----------------------------+ 1236 | | 1237 |<------------- (melt_info) -------------| 1238 | | 1239 +-----------------------+ | 1240 | (W2) coin acquisition | | 1241 +-----------------------+ | 1242 | | 1243 ]]></artwork> 1244 <t>where (for RSA, without age-restriction)</t> 1245 <sourcecode type="pseudocode"><![CDATA[ 1246 (W1) history request (wallet) 1247 1248 msg = Gen-Msg(COIN_HISTORY_REQUEST, uint64(0x0)) 1249 sig = Ed25519-Sign(coin.priv, msg) 1250 ]]></sourcecode> 1251 <sourcecode type="pseudocode"><![CDATA[ 1252 (E1) refresh secret lookup (exchange) 1253 1254 refresh_record = Lookup by coin.pub 1255 (ɣ, ⟨blind_sigᵢ⟩, _, done, link_info) = refresh_record 1256 if done: 1257 melt_info = (ɣ, link_info, ⟨blind_sigᵢ⟩) 1258 else: 1259 melt_info = (ɣ, link_info) 1260 ]]></sourcecode> 1261 <sourcecode type="pseudocode"><![CDATA[ 1262 (W2) coin acquisition (wallet) 1263 1264 (ɣ, link_info, ⟨blind_sigᵢ⟩?) = melt_info 1265 (refresh_seed, ⟨transferₖᵢ.pub⟩, ⟨h_denomᵢ⟩, coin_sig) = link_info 1266 1267 for i in 0..n: 1268 denomᵢ = Lookup by h_denomᵢ 1269 for k in 0..κ: 1270 for i in 0..n: 1271 sharedₖᵢ = ECDH-Ed25519-Priv(coin.priv, transferₖᵢ.pub) 1272 (coinₖᵢ, blind_secretₖᵢ _, h_planchetₖᵢ) = Refresh-Derive(sharedₖᵢ, denomᵢ) 1273 h_planchetsₖ = SHA-512( ⟨h_planchetₖᵢ⟩ ) 1274 value = coin.denom.fee_refresh + Sum ⟨denomᵢ.value⟩ + Sum ⟨denomᵢ.fee_withdraw⟩ 1275 commitment = SHA-512( refresh_seed | uint256(0x0) | coin.pub 1276 | value | ⟨h_planchetsₖ⟩ ) 1277 msg = Gen-Msg(WALLET_COIN_MELT, 1278 ( commitment | coin.h_denom | uint256(0x0) 1279 | value | denom.fee_refresh )) 1280 Check Ed25519-Verify(coin.pub, msg, sig) 1281 1282 if ⟨blind_sigᵢ⟩ returned: 1283 for i in 0..n: 1284 coinᵧᵢ.sig = RSA-FDH-Unblind(blind_sigᵧᵢ, blind_secretᵧᵢ, denomᵢ.pub) 1285 Check RSA-FDH-Verify(SHA-512(coinᵧᵢ.pub), coinᵧᵢ.sig, denomᵢ.pub) 1286 coinᵧᵢ.h_denom = h_denomᵢ 1287 Persist ⟨coinᵧᵢ⟩ 1288 ]]></sourcecode> 1289 </section> 1290 <section anchor="refresh-recoup"> 1291 <name>Recoup</name> 1292 <t>// todo</t> 1293 </section> 1294 </section> 1295 <section anchor="w2w"> 1296 <name>Transfer of E-Cash</name> 1297 <t>// todo: introductory text</t> 1298 <t>Transactions in E-Cash between wallets. 1299 Commonly referred to as peer-to-peer transactions. 1300 In Taler, interaction with exchange, therefore called wallet-to-wallet transactions.</t> 1301 <section anchor="w2w-account"> 1302 <name>Account Creation</name> 1303 </section> 1304 <section anchor="w2w-push"> 1305 <name>Push Payment</name> 1306 <t>// todo</t> 1307 </section> 1308 <section anchor="w2w-pull"> 1309 <name>Pull Payment</name> 1310 <t>// todo</t> 1311 </section> 1312 </section> 1313 </section> 1314 <section anchor="security-considerations"> 1315 <name>Security Considerations</name> 1316 <t>[ TBD ]</t> 1317 </section> 1318 <section anchor="iana-considerations"> 1319 <name>IANA Considerations</name> 1320 <t>None.</t> 1321 </section> 1322 </middle> 1323 <back> 1324 <references anchor="sec-normative-references"> 1325 <name>Normative References</name> 1326 <reference anchor="RFC20"> 1327 <front> 1328 <title>ASCII format for network interchange</title> 1329 <author fullname="V.G. Cerf" initials="V.G." surname="Cerf"/> 1330 <date month="October" year="1969"/> 1331 </front> 1332 <seriesInfo name="STD" value="80"/> 1333 <seriesInfo name="RFC" value="20"/> 1334 <seriesInfo name="DOI" value="10.17487/RFC0020"/> 1335 </reference> 1336 <reference anchor="RFC2104"> 1337 <front> 1338 <title>HMAC: Keyed-Hashing for Message Authentication</title> 1339 <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/> 1340 <author fullname="M. Bellare" initials="M." surname="Bellare"/> 1341 <author fullname="R. Canetti" initials="R." surname="Canetti"/> 1342 <date month="February" year="1997"/> 1343 <abstract> 1344 <t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t> 1345 </abstract> 1346 </front> 1347 <seriesInfo name="RFC" value="2104"/> 1348 <seriesInfo name="DOI" value="10.17487/RFC2104"/> 1349 </reference> 1350 <reference anchor="RFC5869"> 1351 <front> 1352 <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> 1353 <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/> 1354 <author fullname="P. Eronen" initials="P." surname="Eronen"/> 1355 <date month="May" year="2010"/> 1356 <abstract> 1357 <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> 1358 </abstract> 1359 </front> 1360 <seriesInfo name="RFC" value="5869"/> 1361 <seriesInfo name="DOI" value="10.17487/RFC5869"/> 1362 </reference> 1363 <reference anchor="RFC6234"> 1364 <front> 1365 <title>US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)</title> 1366 <author fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"/> 1367 <author fullname="T. Hansen" initials="T." surname="Hansen"/> 1368 <date month="May" year="2011"/> 1369 <abstract> 1370 <t>Federal Information Processing Standard, FIPS</t> 1371 </abstract> 1372 </front> 1373 <seriesInfo name="RFC" value="6234"/> 1374 <seriesInfo name="DOI" value="10.17487/RFC6234"/> 1375 </reference> 1376 <reference anchor="RFC7748"> 1377 <front> 1378 <title>Elliptic Curves for Security</title> 1379 <author fullname="A. Langley" initials="A." surname="Langley"/> 1380 <author fullname="M. Hamburg" initials="M." surname="Hamburg"/> 1381 <author fullname="S. Turner" initials="S." surname="Turner"/> 1382 <date month="January" year="2016"/> 1383 <abstract> 1384 <t>This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.</t> 1385 </abstract> 1386 </front> 1387 <seriesInfo name="RFC" value="7748"/> 1388 <seriesInfo name="DOI" value="10.17487/RFC7748"/> 1389 </reference> 1390 <reference anchor="RFC8032"> 1391 <front> 1392 <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title> 1393 <author fullname="S. Josefsson" initials="S." surname="Josefsson"/> 1394 <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"/> 1395 <date month="January" year="2017"/> 1396 <abstract> 1397 <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.</t> 1398 </abstract> 1399 </front> 1400 <seriesInfo name="RFC" value="8032"/> 1401 <seriesInfo name="DOI" value="10.17487/RFC8032"/> 1402 </reference> 1403 <reference anchor="RFC8785"> 1404 <front> 1405 <title>JSON Canonicalization Scheme (JCS)</title> 1406 <author fullname="A. Rundgren" initials="A." surname="Rundgren"/> 1407 <author fullname="B. Jordan" initials="B." surname="Jordan"/> 1408 <author fullname="S. Erdtman" initials="S." surname="Erdtman"/> 1409 <date month="June" year="2020"/> 1410 <abstract> 1411 <t>Cryptographic operations like hashing and signing need the data to be expressed in an invariant format so that the operations are reliably repeatable. One way to address this is to create a canonical representation of the data. Canonicalization also permits data to be exchanged in its original form on the "wire" while cryptographic operations performed on the canonicalized counterpart of the data in the producer and consumer endpoints generate consistent results.</t> 1412 <t>This document describes the JSON Canonicalization Scheme (JCS). This specification defines how to create a canonical representation of JSON data by building on the strict serialization methods for JSON primitives defined by ECMAScript, constraining JSON data to the Internet JSON (I-JSON) subset, and by using deterministic property sorting.</t> 1413 </abstract> 1414 </front> 1415 <seriesInfo name="RFC" value="8785"/> 1416 <seriesInfo name="DOI" value="10.17487/RFC8785"/> 1417 </reference> 1418 <reference anchor="HKDF"> 1419 <front> 1420 <title>Cryptographic Extraction and Key Derivation: The HKDF Scheme</title> 1421 <author fullname="Hugo Krawczyk" initials="H." surname="Krawczyk"> 1422 <organization/> 1423 </author> 1424 <date year="2010"/> 1425 </front> 1426 <seriesInfo name="Lecture Notes in Computer Science" value="pp. 631-648"/> 1427 <seriesInfo name="DOI" value="10.1007/978-3-642-14623-7_34"/> 1428 <seriesInfo name="ISBN" value="["9783642146220", "9783642146237"]"/> 1429 <refcontent>Springer Berlin Heidelberg</refcontent> 1430 </reference> 1431 <reference anchor="SHS"> 1432 <front> 1433 <title>Secure hash standard</title> 1434 <author> 1435 <organization/> 1436 </author> 1437 <date year="2015"/> 1438 </front> 1439 <seriesInfo name="DOI" value="10.6028/nist.fips.180-4"/> 1440 <refcontent>National Institute of Standards and Technology (U.S.)</refcontent> 1441 </reference> 1442 </references> 1443 <?line 1460?> 1444 1445 <section anchor="test-vectors"> 1446 <name>Test Vectors</name> 1447 <t>This appendix provides two sets of test vectors for testing Taler Protocol implementations. 1448 They are generated by going through the protocol operations in the following order:</t> 1449 <ol spacing="normal" type="1"><li> 1450 <t>Withdraw two coins <tt>coin₀</tt> and <tt>coin₁</tt> from a single <tt>reserve</tt> (cf. <xref target="withdraw"/>).</t> 1451 </li> 1452 <li> 1453 <t>Pay for one <tt>order</tt> with the full value of <tt>coin₀</tt> and a partial value of <tt>coin₁</tt> (cf. <xref target="payment"/>).</t> 1454 </li> 1455 <li> 1456 <t>Obtain a partial refund on <tt>coin₀</tt> used to pay for the <tt>order</tt> (cf. <xref target="refund"/>).</t> 1457 </li> 1458 <li> 1459 <t>Refresh the now-dirty <tt>coin₁</tt> to two new coins <tt>coin₂</tt> and <tt>coin₃</tt> (cf. <xref target="refresh"/>).</t> 1460 </li> 1461 <li> 1462 <t>Regenerate <tt>coin₂</tt> and <tt>coin₃</tt> with the knowledge of <tt>coin₁</tt> (cf. <xref target="link"/>).</t> 1463 </li> 1464 <li> 1465 <t>Create an <tt>account</tt> for w2w transfers (cf. <xref target="w2w-account"/>).</t> 1466 </li> 1467 <li> 1468 <t>Send a payment to <tt>account</tt> with the full value of <tt>coin₂</tt>, obtaining <tt>coin₄</tt> (cf. <xref target="w2w-push"/>).</t> 1469 </li> 1470 <li> 1471 <t>Request a payment to <tt>account</tt>, which is paid with the full value of <tt>coin₄</tt>, obtaining <tt>coin₅</tt> (cf. <xref target="w2w-pull"/>).</t> 1472 </li> 1473 <li> 1474 <t>Recoup the value of <tt>coin₅</tt> obtained via withdrawal from <tt>account</tt> (cf. <xref target="withdraw-recoup"/>).</t> 1475 </li> 1476 <li> 1477 <t>Recoup the value of <tt>coin₃</tt> obtained via refresh from <tt>coin₁</tt> (cf. <xref target="refresh-recoup"/>).</t> 1478 </li> 1479 </ol> 1480 <t>// todo: p2p sending full coins only works without fees, should we set fees to zero?</t> 1481 <t>// todo: refund would be slightly more interesting with 2 coins being (partially) refunded, 1482 should we change to full refund coin0 + partial refund coin1 (coin1 value after fee_deposit + fee_refund should then match denom2 + denom3)</t> 1483 <t>The test vectors in this document have been generated by the GNU Taler reference implementation written in C. 1484 All binary data is provided in hexadecimal notation. 1485 Big numbers for RSA are represented in big-endian byte order (most significant byte first).</t> 1486 <section anchor="test-case-1"> 1487 <name>Test Case 1</name> 1488 <sourcecode type="pseudocode"><![CDATA[ 1489 exchange.master_pub = 3cb5e9823db2b335fdb3f284ae960e56be8b081c6819b8 1490 b0217f38b095b4313b 1491 exchange.priv = 1bf4149fa644b3c7f2bf02da4703ff2de3fa160dce0c75 1492 0eabfa0f7ac70a2442 1493 exchange.pub = 4c130aae3246831808a162e2d4330de394e5f0d7dff75a 1494 80f3fa045b1a43eabb 1495 exchange.url = https://exchange.taler.example.org/ 1496 denom₀.pub.n = ba42b9e75e48847bab175ed4797384d68a430fd849a914 1497 aa68438349743b2728d9ca97709c15d5c81c7d9d11c84e 1498 c9c60cec03aed4b36ad153768eb30cf9845474e97ee9d7 1499 475ebc926d87135d56926b7df1cea3ec38897a74bc3e24 1500 5e59ffa76e5aff2c2f2eb84e7133a879f4229221f91c7b 1501 ddf96088e4020e16444d94acc30708069f4a1bde3dcbea 1502 d32e3916a9f6722adb3d63bb9075dde49258fbd28a9a09 1503 251fa08b64faee53a506b9f637136c72af7382b9243fa8 1504 996ad4d72cc1b05cfb45271cb3187b4eeec0b5f9e847cd 1505 cc0c3ddef9787164a1aee7e4e1ee6de1b95282c1ff646a 1506 a70aabd1df0003f75d3585e9e740916cee4f7bca0cd82f 1507 72104d 1508 denom₀.pub.e = 010001 1509 denom₀.priv.d = 07bc432fbc6eeb0f9ec2a4f5d2886d65228f57ee5ddac7 1510 88af355493bd9fc247d449b161e41d95080f44d93bd693 1511 8d162c4db5f6720f7479768ba73000f330df780e856e8d 1512 3a01d1778c546e85b3157820de24bc9290238782271a36 1513 94f38c6645f3420331ff70f8930377f4fea25beaccc775 1514 ce796f9ca7c97d0fc82ce7a6880dd437e6b30695ca51a5 1515 8f0239aef7481932550ce61b5b085313cb888c893cc1bb 1516 ef6b47c607e1189f8cccb04eeb9f87b9e53f414850f8b9 1517 23ce83e2859c0434a3d14d861e864fd5ce701af1161139 1518 8a73515b7056b2828e564cdec6052bdbb43ff435178577 1519 198de0676e5d378ade9b31844e81e2218ba3b3aec5bff9 1520 a26621 1521 denom₀.value = KUDOS:5.12 1522 denom₀.fee_withdraw = KUDOS:0.01 1523 denom₀.fee_deposit = KUDOS:0.01 1524 denom₀.fee_refresh = KUDOS:0.01 1525 denom₀.fee_refund = KUDOS:0.01 1526 denom₁.pub.n = d5455fb79449df7bf548e384d5201d75f4f7697ef9b805 1527 1eb8536f66783e70ca2d524fefa6840c1f87d9d8814868 1528 15d5ace866a32269b05bdba7ff6024811c19456026b0a5 1529 9da4db96f58729d286c90be8cd9cbf575d346202b43282 1530 d601b5751ff77a88a0742a692349a0e3fa8ed5518fc537 1531 8fcf434929b541c942573abef310b87776e976e81cf650 1532 a04399fabddbde677163918250c4d45f5e90ee7539de50 1533 0a8e915be1d5f17d79cb9585ccdf5dba42ef53c24eae7d 1534 7c93c4e0a432788245b7c76a587f0ac6889d3038953136 1535 2d51c2ad65cb1e28b4ad4cc97fcd2a4aedd6612ae8888e 1536 b2dbc4de0cf30f46a43b76cc8c3245eefe013195a237f0 1537 2d13b5 1538 denom₁.pub.e = 010001 1539 denom₁.priv.d = 5a520e0e663bbeecf55d5015d258ce8145247ec62aa5d7 1540 6d422cfbb1cedccad1a4ce06527d17d1368d47221ce678 1541 463eff02516d6746914ce5c2c9318364366d31675e1b53 1542 9866d8249f89059a4640e0cd503ec0fe13d7fa6620c07f 1543 8e789ccba4a51f7cbb4f5722bdb211f45b09a0a7f11659 1544 c88ac37939b3accfba4bccf24ea260e21aaec0dfbf8571 1545 78438986e963e9e356277c3badc34fc91b705d9956b4be 1546 dc0947d65924d7dd31e564de798eb06837380caed6813d 1547 3761d119901c5540eb74c3cb674fdfd64b67d78ebd40de 1548 0cafd53c038a0a8e87890b953b8b94a9771a6efb3142ca 1549 02db873053f8d1de2082db4366fc072aafc723c036a2fb 1550 999605 1551 denom₁.value = KUDOS:2.56 1552 denom₁.fee_withdraw = KUDOS:0.01 1553 denom₁.fee_deposit = KUDOS:0.01 1554 denom₁.fee_refresh = KUDOS:0.01 1555 denom₁.fee_refund = KUDOS:0.01 1556 denom₂.pub.n = d1320993658042f995f09ed66ad2283e457a1f44cad96f 1557 1cf5a6299ac93d61724a7448d70e56a38666ec66352a58 1558 10ca3e544d957dedb5789e135589fcb8b139c65a2f70d7 1559 c421dfd4e27cf38d463074d286730be23d446fc0781151 1560 9b068346b28b86b94acff35524eb62436852714c92f03b 1561 0bac21bb6bf727734be7871b702f928c3ced4bad9ba2d4 1562 9cec6a86d1019181c65c16abf7b391f103c90c3eaaaa9d 1563 5298a4a60c71bdaf0f08246327a62399bf4c424c1ed771 1564 8cb5df178daa9710ec9d098e99ed0456de2fbaf7865ba4 1565 7931c52d1cac78cacc1bc451782587487a6189addfe5dc 1566 df6f190f28816707e3d1e104b5a1f7a570b75c1951588f 1567 3289ef 1568 denom₂.pub.e = 010001 1569 denom₂.priv.d = 311849a8066faa083218b4e6444e8af44650e94ab7427d 1570 31b232eb5bb0b3cf8d478cefd54cbfa783f0deb503f02a 1571 97d226fb98f3a708a508a82c886c285bddf7dda5a7b197 1572 69a7bb84961cd5f9c749b2f8ff65bb99be6033cbdb41d1 1573 418d2f3ce5c519fa9d649d4a53ae4c32dea64e81b6905b 1574 831b44155cbab5cef8b6defde09295662cdf2189f2763e 1575 de05bea0acb707b9b6b087dcebb9ca81f1c2785d6560f9 1576 3bf1a1860676cccceb079c22b48b9fdef68e1d286164f1 1577 32ffddeab29fa7a704e1bc3f9f5e28c39675f17136aed8 1578 542aa4470a14a7380a4016b21d43ef5b9e2b241ced017c 1579 54247c12fd6beccb7bd356820b0246553c751b3e071468 1580 c2efdd 1581 denom₂.value = KUDOS:0.16 1582 denom₂.fee_withdraw = KUDOS:0.01 1583 denom₂.fee_deposit = KUDOS:0.01 1584 denom₂.fee_refresh = KUDOS:0.01 1585 denom₂.fee_refund = KUDOS:0.01 1586 denom₃.pub.n = bddb1806b7b7663d94bedbeccbb515987fcae457b5920d 1587 85b8485edac6ab0e73e6991780e9f1fa6f88e500e0ccd9 1588 eeb80d8e3b66289a7cf1b25bd56d05081d583864ad225a 1589 36f8d38391782a85bfe320d439443e8ea19f555edb36fc 1590 b58af81ca5168ca7c42dda68f191bd1587b4da27703384 1591 f2aad300a043549c67fc6defd98bd1074b3bab1bc0d89b 1592 87d81f8a1f555a3b4ce2b4ca7b0b1d8f446fa93258db51 1593 1cc3bc2ff62871cb4c746f6806d0b839db8cc560da06eb 1594 5619d9d42309a77161373708db18e453ff0a1d6f63281c 1595 54ffacada7c8bf5ca7281ffe7e2e5be03fc006c064d820 1596 f719e672429628837399a565dd9d70f6e9ed91e1eb0567 1597 978015 1598 denom₃.pub.e = 010001 1599 denom₃.priv.d = 1e3370867d0a0d1705b18e0d848d73f7d422f920e4aec2 1600 3cea7184b9463a26c1e9704d4cacaa5952b8683eb403e7 1601 8a5c628cfa1b9da0e44d9462f1b7f66c1c883b419f484e 1602 d3de257e113c1828e4e5e3592f1a3bddf78d7f88927ee9 1603 9892c3362ca2c226dbd90971d68a54404d069d5f5704b3 1604 04e131fb3058959338781a203993804f64def2980210dc 1605 3f4e77c1207400e922032952cb154bb1b776d164cce69e 1606 418844f2f4b20850c0a23d30059362edadfe00fbfa04b6 1607 833fc4606deda441eb345c49b52d91063da7c55ecea7b3 1608 2e99a49a823264955803ce3ee220a2cc64cd4321e18ae2 1609 8bb1071c7746e8a3d69adef5113e21a01cab6809668793 1610 c2a94f 1611 denom₃.value = KUDOS:0.08 1612 denom₃.fee_withdraw = KUDOS:0.01 1613 denom₃.fee_deposit = KUDOS:0.01 1614 denom₃.fee_refresh = KUDOS:0.01 1615 denom₃.fee_refund = KUDOS:0.01 1616 merchant.priv = 7607240acc4563ebe2e38e76eaf61d74160d71c9a6670a 1617 e2e5147ce848767037 1618 merchant.pub = f54d646619723f7fa2ce79267953fdd8654cfcd0f2cfc0 1619 c5e880e3e0d0ab19f0 1620 merchant.url = https://merchant.taler.example.org/ 1621 merchant.payto = payto://x-taler-bank/bank.taler.example.org/merchant 1622 ]]></sourcecode> 1623 <section anchor="tc1-withdraw"> 1624 <name>Withdrawal</name> 1625 <sourcecode type="pseudocode"><![CDATA[ 1626 (W1) reserve key generation (wallet) 1627 1628 reserve.priv = d9641dab5c7f2474573871c25cae2f6c8924ace4157a56 1629 d128b1432e55a6c6ba 1630 reserve.pub = ec8ad5e4c6abcf4d0d597f0066a0e3ea0370d221973e06 1631 e73f4287148cb93c38 1632 ]]></sourcecode> 1633 <sourcecode type="pseudocode"><![CDATA[ 1634 (W2) coin generation and blinding (wallet) 1635 1636 batch_seed = 466431296486ed9cd71fc207254820a2c4a85aeb0b2041 1637 494f8bf1f8cd30f113 1638 coin_seed₀ = 88899daa409b8c4c4a91c8e39030d247d00b292eff952e 1639 36067fbe33f2d7ce48 1640 coin_seed₁ = f5be0b8790719072c7043c257f2c114cd8cb45ea5d98c4 1641 aa25d9025f45f1caeb 1642 blind_secret₀ = a3cbe2b0babf5bdfb98f45804acf63225c16e09be1677f 1643 705393df3f5de98ebf 1644 blind_secret₁ = 8ea6335ed3ff8a41f9fae95e9fd87382be402d6c26ef97 1645 2381dee6b3c1e9d775 1646 coin₀.priv = a5a38bb23a9f36564f9d4e566cdd7e3521b04f8ea4175d 1647 a726ac4e3ac540b485 1648 coin₁.priv = ae98c5207fe31e20a7b7a8677b780c6735ce69df32d308 1649 5d504010f23c59064a 1650 coin₀.pub = afbdf99f1a794add25bad59c9a3f442714e166adc99c57 1651 db991947669a36b185 1652 coin₁.pub = aa7118596b1adf89543e9afcf2925e516a782eed9d75c8 1653 abc4a470e7efdd7fe4 1654 h_denom₀ = 8653090e3f3f5efac9770a5dd0c97813940c191c9fa171 1655 3367f8bb1279b1e3d27f32d16ea7699501e5fc4d176725 1656 d76ab0307f9bdf9d0d263c2256a7f1c63143 1657 h_denom₁ = 1de6052bce12feaa2d26e3bba1789b0c2295028279f3ea 1658 ff8e1345448ba05390cff49656ed72a1f7ef6ee2c4a80f 1659 80eefa0d0f906e74305b0215c4194ab1c7b8 1660 planchet₀ = 64ede0cf40a952b95af4b09b22c6fd27a1ff6d0ae3920e 1661 a03fe14a8b547f1e14a2eea98443e7aa092075f6585103 1662 fb06c1d68fb4616bf33ae30a207e51840f1ae655a73418 1663 4a73d804df42650ce296954c9b61e249486468f7fda8a7 1664 4f85ec6ccdb34a66819fbeaf846b10087ffaf8e734428a 1665 907b96c6a112f8f943b3a8d55455c01b0daf55456acf07 1666 15874ff90fba45b265e2021a70997100fb18bfbef822c8 1667 475820b4855f141730751bcfad2e7eb46dd6c6a400a8a6 1668 a98486c4a2bce4d3407a0d0ba612faebb49428ba3a1986 1669 eddadb04b6790fbb7bd27cc0bd98341c60ec5b98027520 1670 2aedd4b0cf3b7ee1732c67c84db4b30b60b551cbf84922 1671 2c60e1 1672 planchet₁ = 41f8a6622c99b6a9c30d52d19fc2c20a39a481219de4b0 1673 f3e7f604efed5d962554ea13255785d10a037e14abd75d 1674 80a0aa9861df9d80a051c418ff197e68bd0eee61e6fd5d 1675 3214633734659e8bbd7dd2fe566bd41c537a5759bad9bb 1676 ca6b2eb7e3217e7d3cbefff192d83bd0527dbe0eff56df 1677 0b2e2062670d2873ca7766a7c1255e6fcf2c37e95de19f 1678 cad244f3986bab45c0a3aca726fc682455ea1166a23891 1679 52d7a67d181f035de6bdb97633888f0594c2f63dd39651 1680 34372507faf84f753759abd662d4c7e8df7e01149ff44d 1681 a3499ed49406d9398e86c4abf12a1f57f38002115ef728 1682 3e4d5422b41c752a0cce8c2c1a9b84e109b4554fc1150e 1683 f578b9 1684 h_planchet₀ = 888da42dbf4897a5d6d9420b827e340c74c0b0e973e140 1685 ad1c7b9abfc400a9ec5a86b3185e4c656dbe8e01125604 1686 616de83fa28910fae513d016f56c3ca94eb4 1687 h_planchet₁ = f20015bbe0147313e59f9e64ee9e836c192b5d504dbd33 1688 28fcfce41fbe9310d6aa96d91fdd77599c122cc5390ad7 1689 cb86d2c6d4261bd5950e7ec0f86959613841 1690 sig = 2ae0027dd4a196c4741d60e3e7ff933d7374fa5534d15f 1691 1cc2e96e9ab3392894c65ab6a0af31ccdb395db5c52677 1692 0077642502e27d4619d385a91dd13854e706 1693 ]]></sourcecode> 1694 <sourcecode type="pseudocode"><![CDATA[ 1695 (E1) coin issuance and signing (exchange) 1696 1697 total = KUDOS:7.7 1698 blind_sig₀ = 139af4e7e7f6e9e0391e22f78cb0b2c334e6d6667633a1 1699 92f56fde38ac9feec7841be59b2aa993084c50f70dfd96 1700 73dc723eec9d84c28ebd5f8104d1b0b29cf118cd64cbe3 1701 3925524a3363a1a6f24f59d47a404cf74680eee97cdeb8 1702 cc44a0b84f3db4496d9bed1224c0fbda64d40f84ef5447 1703 d764fb714ca8e72a23a882e749e47a519310f6d87b3e8d 1704 dc3e4ac4e541cdbfe7550c92f41c511b544d9fbdc2a729 1705 6b958e9df0b1394210aef4f1a780a129883d4bcb45425e 1706 ef96204a7eaa9daa7d21827ecbf4571cefe6dbe65314e6 1707 1c688175c1e81e01d4f0377c9c2312b6cc3487f2dd2cf8 1708 d85efde346f4d1a12de70bec4038b0bea0c505087c0e67 1709 ce4694 1710 blind_sig₁ = 89649cf83e2ba2cd75c7a1d01809c33d5d02fec8164925 1711 6215f13a8965ad37d8d47c264668ec187e46d75210ce60 1712 1362fbb15f61a24ec1d337dd2589b5a4ee0e77a8d9734a 1713 ca6a149b9f9b3a78c158b1f8cb243b8cbe9c2212290e8b 1714 c731d02382463f3e1cf0fc86c5472b8c96c5eaeac9c906 1715 4fdf7411f97935f27fd0bf88200440c7cc3e6960c5c515 1716 6aedb5a820077be08f1ac4b00780258d7b843b21d7baf2 1717 d969d1b3c77a08b4fe14b216fe78c7e4c0ae964fc06bf3 1718 dfe7ff20ec85fa4d5e5aec24d89848645ffadb0de3da80 1719 c6e41b96571ef28e3d132b7c3fd16a289e32389cffb653 1720 b4744fabf882342f0db9aef110351d8ffd7a3b86701f0f 1721 5034c8 1722 ]]></sourcecode> 1723 <sourcecode type="pseudocode"><![CDATA[ 1724 (W3) coin unblinding (wallet) 1725 1726 coin₀.sig = 9303650b8896b6619ca061f4bf44c1b02fb60784a2659d 1727 e7512b599e7e6524ad5a283c81d289d3ec75fc81e7f336 1728 bd41dd67a41b72a98d9171f0461c188535b555019079a1 1729 8b4491903797f62a034e5f277ce8f7f3f56fbe47e44113 1730 561fd414c841c2da97da1ae92df0e2cfbe3c26ad37f8ba 1731 b9bd71365ac536204cda7c21dc39891b5cbb4e213f75d4 1732 e09c248a7a59f6322fd011619b29ec25ad621dfa2d6fae 1733 9f8b91935caf54d0d30f4a03bf6beed6637a4054efbad7 1734 a41f9da434f07cfd2f7619e8a3c82b30e079ff9fe13fc0 1735 23fba7d627f4fb21e14467ce1db27767831eb1c3ad5c39 1736 f61437a0a70c300fd84cd9280474bb507768a868ea92fa 1737 905428 1738 coin₁.sig = 355aa5b6bf10591375f22a014640cd242f470834759fab 1739 4421b4d237a149bc3e5fbc8f073e1348da770983cd36df 1740 9cf72a30bfe55776744b2d787acb06ba25ccdef36e5269 1741 771fe4a38a1109e8b96437a3cc625003f7fdf4d0cc8793 1742 35584c5b13f2b29be1ea4d8a2da7826d608179d98b5edb 1743 11261e2048fbbba217a52ae862d1e78e30c0787ee40908 1744 f1bca708c434d5412a262eca6bcd0ac5890bfbbe7df6d6 1745 9a5544d0054716dfda47791546c177223606c0645858a1 1746 5b36887619a9d70a515f42897758bbe181765d7184cc92 1747 b5e2d743df1db9b30394b697117ad24811812febe0a3c5 1748 7cbb5cf7f6857378f57cd1149f745ed95fd1d342e9860f 1749 516469 1750 ]]></sourcecode> 1751 </section> 1752 <section anchor="tc1-payment"> 1753 <name>Payment and Deposit</name> 1754 <sourcecode type="pseudocode"><![CDATA[ 1755 (M1) order generation (merchant) 1756 1757 wire_salt = 4c5249caea865380e0e519fc38177686 1758 order.id = ORDER-40 1759 order.price = KUDOS:7.42 1760 order.max_fees = KUDOS:0.01 1761 ]]></sourcecode> 1762 <sourcecode type="pseudocode"><![CDATA[ 1763 (W1) nonce generation (wallet) 1764 1765 nonce.pub = 6729d69abd7d8218e02c953317b46bba2522efc2c19a7d 1766 a63194e9ef40fcbd0d 1767 ]]></sourcecode> 1768 <sourcecode type="pseudocode"><![CDATA[ 1769 (M2) contract generation (merchant) 1770 1771 h_wire = ec4e7258747a4de49628a27907b74f0aad097cfafaa595 1772 320f81786375430b67ae1ada754299bbc0472f5a1e8bae 1773 6fe8e5dc52683dd09490ff06fb2fa4f20ec2 1774 timestamp = Sat Feb 14 13:37:42 2026 1775 pay_deadline = Sat Feb 14 14:07:42 2026 1776 refund_deadline = Sun Feb 15 13:37:42 2026 1777 wire_deadline = Mon Feb 16 13:37:42 2026 1778 contract = { 1779 "version": 0, 1780 "summary": "Free Software Support", 1781 "order_id": "ORDER-40", 1782 "products": [], 1783 "timestamp": { 1784 "t_s": 1771076262 1785 }, 1786 "refund_deadline": { 1787 "t_s": 1771162662 1788 }, 1789 "pay_deadline": { 1790 "t_s": 1771078062 1791 }, 1792 "wire_transfer_deadline": { 1793 "t_s": 1771249062 1794 }, 1795 "merchant_pub": "YN6P8SGSE8ZQZ8PEF4K7JMZXV1JMSZ6GYB7W1HF8G3HY1M5B37R0", 1796 "merchant_base_url": "https://merchant.taler.example.org/", 1797 "merchant": { 1798 "name": "Taler Merchant" 1799 }, 1800 "h_wire": "XH774P3MF96Y95H8M9WGFDTF1APGJZ7TZAJSACGFG5W66XA31DKTW6PTEN19KEY08WQNM7MBNSQYHSEWA9M3VM4MJ3ZGDYSFMKS0XGG", 1801 "wire_method": "XXXX", 1802 "exchanges": [ 1803 { 1804 "url": "https://exchange.taler.example.org/", 1805 "priority": 1024, 1806 "master_pub": "7JTYK0HXPASKBZDKYA2AX5GEATZ8P20WD0CVHC11FWWB15DM64XG" 1807 } 1808 ], 1809 "nonce": "CWMXD6NXFP11HR1CJMSHFD3BQ8JJ5VY2R6D7V9HHJKMYYG7WQM6G", 1810 "amount": "KUDOS:7.42", 1811 "max_fee": "KUDOS:0.01" 1812 } 1813 h_contract = cc934a29efa612754edba0453d1b0ba175d6830d3ec2b2 1814 839a9a539d845a5da4622498e3819cb49206810688a93d 1815 e1989c6542d2cf1d71f64dc998193e76d535 1816 sig = c249ee766b4dd256560d48b367d05a41cf7169306247ec 1817 56c51c39412b34c11015e365c2b2836761ba020b7175e6 1818 0870572a6c7f780eeabb6f0777783064d602 1819 ]]></sourcecode> 1820 <sourcecode type="pseudocode"><![CDATA[ 1821 (W2) payment preparation (wallet) 1822 1823 contribution_net₀ = KUDOS:5.11 1824 contribution_net₁ = KUDOS:2.3 1825 sig₀ = 8876dce4ca504df355f17c783e8327ea29b2cbcd7dde60 1826 8b473644af3580621d3eb429022f6d1c4937328db478c6 1827 ed9784f6788e2e18dc16927efd4bc9c10908 1828 sig₁ = ee97e05b9bcd4b49b4518b8d6fdd90b5003178ec6bb4ac 1829 b5e9b14f189050c2320489042299b563e8ce0ba889d88c 1830 30d4b438b6d9a1609be3326ea9e12ee46a0b 1831 ]]></sourcecode> 1832 <sourcecode type="pseudocode"><![CDATA[ 1833 (M3) deposit preparation (merchant) 1834 1835 ]]></sourcecode> 1836 <sourcecode type="pseudocode"><![CDATA[ 1837 (E1) deposit check (exchange) 1838 1839 time_deposit = Sat Feb 14 13:37:44 2026 1840 sig = dffeeb7b3ee0094a2356a3bfed370ae0f082af00ab09a8 1841 35de67db0a8720488419c4da975e9b548e7e554767f1d1 1842 b380afc2ea72a93f83885ca3fbc138e4f80d 1843 ]]></sourcecode> 1844 <sourcecode type="pseudocode"><![CDATA[ 1845 (M2) deposit verification (merchant) 1846 1847 sig = e66d503c843d72da4b6eb95f872396449de25cbf80b9c2 1848 43d8c9ed2bde533d2460542c685bfdbf2eabc755510a60 1849 b97ed289711fd3f353cd80aa791e2e2f1e0d 1850 ]]></sourcecode> 1851 </section> 1852 <section anchor="tc1-refund"> 1853 <name>Refund</name> 1854 <sourcecode type="pseudocode"><![CDATA[ 1855 (W1) refund request (wallet) 1856 1857 ]]></sourcecode> 1858 <sourcecode type="pseudocode"><![CDATA[ 1859 (M1) refund processing (merchant) 1860 1861 id = 14365434601518496594 1862 value₀ = KUDOS:2.1 1863 sig₀ = a626cc04101e3abe295c217de5636be135be8935dfaf0b 1864 3589a8c7de22c3e6c7a581a031c0691476e82ee0e9798c 1865 3c8c8be6bc1066bd955acf4d1ce59eb7e10d 1866 ]]></sourcecode> 1867 <sourcecode type="pseudocode"><![CDATA[ 1868 (E1) refund check and confirmation (exchange) 1869 1870 sig₀ = be9dd11dec0e2fb2a2dfbc778b2d9bb21c665ecfa4d1b6 1871 c9d42747902f071631f84a946881bc787f8627a6871226 1872 4b06410b445f37e569edb7dbf77193b5990b 1873 ]]></sourcecode> 1874 <sourcecode type="pseudocode"><![CDATA[ 1875 (M2) refund confirmation (merchant) 1876 1877 value = KUDOS:2.1 1878 ]]></sourcecode> 1879 </section> 1880 <section anchor="tc1-refresh"> 1881 <name>Refresh</name> 1882 <sourcecode type="pseudocode"><![CDATA[ 1883 (W1) coin melting (wallet) 1884 1885 refresh_seed = 466431296486ed9cd71fc207254820a2c4a85aeb0b2041 1886 494f8bf1f8cd30f11394223cf8a82995804957876e9fa7 1887 1163506b4e5b8c8fa4db1b95d3e8c5c5fb5a 1888 for k = 0: 1889 batch_seedₖ = 415e62ec89f6397c834087efe396b127c6d5bdfe360145 1890 a6abbfc7a88c6504eee6e3f59db026cc5742c4065fd917 1891 bbf2b7f52e82e88409263130300279e52617 1892 transferₖ₀.priv = 5a08ea181dddd480b2e1e2294e1d886efe45070858adb3 1893 26e2d562dc330c8ca4 1894 transferₖ₁.priv = dccf4e1880b343687c7f39df603386a27510bd356ae1bc 1895 86f45ef9b7a8927613 1896 transferₖ₀.pub = ab4a35f7fc78a3d07e5828f0fae0295ebbe93e9ecc63c1 1897 09703f15816af8d000 1898 transferₖ₁.pub = 09893d5ef58fe696207e93cbd0cceb311265aa89745705 1899 9c40f366d59b028a29 1900 sharedₖ₀ = a7a9524dfc565b8006470ab90cba091a809f1de14eeda0 1901 dc98408f880d5cf587c2aa338ea1e3153ed8c624044f15 1902 19f3d8e8d6c731d7af6d0383b136a48a8e7f 1903 sharedₖ₁ = dd7051d4c4b03d78f0c5365ea0a2947f48604beee2e792 1904 0349d7a4371dbff00d9986202459277250461ab936d5f7 1905 45bb6c6c28e8badd7936002f25d9b97a65b2 1906 coinₖ₀.priv = c4fe7e3e64453e477e736ebabe2e5a7c4919eb2fa4bf02 1907 9e536d56a7eec59c9a 1908 coinₖ₁.priv = 409db2ea007fff35506607da6c67e52204097be8a114b7 1909 a654f53da392886e48 1910 coinₖ₀.pub = 65a93d56a84e8110fc2ae9c6ace89ddd9c625bd632501b 1911 663fefd047ee31feed 1912 coinₖ₁.pub = 7c61cf322d34ead1de43869690c70e22d9bae8f2354e0d 1913 d07e71c5736b506f41 1914 blind_secretₖ₀ = 0f53bafa492d5d90dd3ad13ba7b37b3c4a8b167dffc63f 1915 7940dcb340275be90b 1916 blind_secretₖ₁ = 799169aeddfec48aaab23a88df8d74318870c7b6cb3922 1917 5a3c43d4576db61f88 1918 planchetₖ₀ = 90997841cb9d3b4bef237213b1ee1da9286e775c1cc10d 1919 c78e32f836d7897500a587babeefed3f310a5b509c29d1 1920 91804b89d2aee75073f4d49d7ff5f60be991e0ae1a148e 1921 134b92c5c9537a59bc30516e0244e714ec2b6067337ffd 1922 970fd3987799d2ac7b3e3430068c923974751864ed8f4d 1923 087b0cd62e0edb807d9ac4bf70e68c9d774a0f26947413 1924 0f4fa5a8f4e0a5ac67ef6c73a1cb486792605f447384ea 1925 9deb040f851953db240a5f23401e0d75f93f810132ed9e 1926 782ba05b4f78ce7cafc501925ce0bde12e58ef48861969 1927 038a95802a1d943b2ce31a3278a1cb4f14cc12ff2ffee1 1928 3aba0ee151145a3b7abdd1a00e0684a57a1b2a0fd97348 1929 81243b 1930 planchetₖ₁ = 0562f874175e223f087e7950f2082e869bca1ded7087be 1931 27a98f1f9be30a38f33e9a98ca5efb6f15536df774ce32 1932 1efd36909d67869e704db3ff352c76298c0d33014a32ff 1933 636c22866b5e5d6dbc5e6c50f630d95112e8916fd23ec4 1934 88eb457f55ad3a29d50c3c7387b4ee1045cbe4d37241e9 1935 b958d1642b34f4a15a259b344163dbf73bc55e5b99e0d4 1936 6ba59b7dca0a1fbe859f6f7d5756d6afff58571fdac617 1937 48a81e5e94e784c2d5de60a192d86c0529e35f2efa29d4 1938 2e0ce8526db5fd3258a470a43d55c184287fe0c639ff8a 1939 eea1ee64a61d6466d15e20c8203a73ce1b2fc7b2949947 1940 f9804b0710e41351af67cc30b86108dca7ea0208062ae6 1941 0be2e5 1942 h_planchetₖ₀ = ba016fdedb6c5033f1f870edd9ab10d0dd116c0e3a8483 1943 0ddd44c9aed5a2844aea96146cf7c72153a910ca3d3de1 1944 faab7fca5e1c4079e2e0c680410cf68ee27b 1945 h_planchetₖ₁ = c4f4451f85f02c950fba164ccc52fd2123576ddad6ab87 1946 c25b175a33aed8afff5c5866b2fbcec6ef67a1367f91e5 1947 da56041371bc9e8cefd2a93ad386504568a3 1948 h_planchetsₖ = 7e420d01a6413fb6cc300257031f37ab2d456583d3189c 1949 3e5f7049c1c61f49c7918289b7cd169cebd0bb81ca0a83 1950 2f2c4c6c7529e861a88d65c6d3ef5fd540ff 1951 for k = 1: 1952 batch_seedₖ = 0311a9766673b9df343498afcd6f6926b9bd6352201351 1953 5c072a0b5a3af98aeb8158869f3ece08532473980a652d 1954 d6479f296a28504b850791f9775e3b0f8436 1955 transferₖ₀.priv = 4a3d33228a7c1d6330fb2ec827256aad75f7ea56712072 1956 f8ff69238b47e98895 1957 transferₖ₁.priv = ad0b2c176a9564ea7aee7c55ddd92af22d777ea4a8605b 1958 d486d8ccc31bb1402f 1959 transferₖ₀.pub = 1839010739d0450e9a0702167d5106dbcb0a81641e0080 1960 716785850e60bc541d 1961 transferₖ₁.pub = 16a20ed27a63c204d94ef3d0c2b554343567d319afc70d 1962 856cc6a61c3bdaa142 1963 sharedₖ₀ = 32751bb2cf2a3106593aac0fb38172943c54a96992b22a 1964 7927ce37fcf0b9b4aa4671033c93ece3c70f2033e4c52a 1965 953bf46254db7f6d7feb926d78b28bb60901 1966 sharedₖ₁ = 2c4118e0d52fe1851410fb70b60cc5b3fa6bbb53df8acc 1967 5a379c65d9f89c2ba37ea732e76d081e03d845dd2f3ef8 1968 a53b682941d4e598a17823ea06cd28058e8d 1969 coinₖ₀.priv = 16977a220b0bfcb2a0ef82faa3afea901d0cf3e6829905 1970 85b63d9c855be5d5aa 1971 coinₖ₁.priv = 1b5bab529c09f313f2a18e3d2712c1a7e0548f15651b40 1972 af12b22c17ca861273 1973 coinₖ₀.pub = 4b53ebc94ca1a96ca4795a0ce1254f70ba2fdd72528d57 1974 4f4bb47d26fe845239 1975 coinₖ₁.pub = 6de1ac4370a5336349ed50cfd4d6298b193504c1325614 1976 9cb0fa85c1f9a178c7 1977 blind_secretₖ₀ = 30e3a32819cdc5a2e9b28d7953bba0038eaf701ceaf691 1978 a6bf44833ae6f305a9 1979 blind_secretₖ₁ = 62ac62d9df0b5f71f0b43329baa15c5e79f46b09fe432f 1980 cdeb3a9100b31a0fa2 1981 planchetₖ₀ = 73cbbfab1a58b12c55b4eecf705c9db8fb953f52bfb4fa 1982 9922f39641efb85802659d266f979c819294af91cb395c 1983 f93f67a0a6b561e445b0a138f04e6428222ccb5ef92a21 1984 1da2218953e8aa108f339bbce666a71640f555570d6fec 1985 a446b67be82edfa3f90697d5558d7b7707bb87bf790d35 1986 35e429d705367f0ceb3fea30f7666ed428679bed440540 1987 3f2a9cf5cf75a43f16fc5b63276e9a18bea0c0864587c0 1988 a884d1a474f3a248e36183a067e59496d8968427c55e63 1989 ac3f0052fc20fea5b9f01b19ee776e7c1bdfa576be42d2 1990 1e7214606bea3277878cb7beb7015a242bd9bfaee620dc 1991 ccdfda8f34b7174ed28766000d22dd552cd487fdaf9cd0 1992 cc1f5f 1993 planchetₖ₁ = 922bf6290e8f5e8746f68cda30cee9d368f3988b93d26d 1994 c753e082fe56db8191430ce8ef78f1175d651b491e6cc6 1995 7e0cf34253abcf3c3bbae44b4620ca0879171710caac83 1996 89704d99d5d49da5de04b44f03d03b30df9d872611d779 1997 6c6903fdee77a68a29aabac5c332588aaecf2a5e8cbfe4 1998 446d33f423040e7eda99268f2ca558615b541cd912ef30 1999 2a9f079705b9d1785839a593d07d8b79756f0077cb5169 2000 a3a88f08ee7371419c940f35250d2aa52bcfc6beab73b9 2001 72f31d3b5de16e55c590788cb4443dc0de7d2cb6993555 2002 0b04b8bcc2c33669f97ed1d36f29c594c6f0f84a72bd73 2003 f76c7617e748356f7989a98deca97f360fcf2d087f9bcc 2004 d61732 2005 h_planchetₖ₀ = 6523f04c8eacea9af24c08905eb009c8e15a6c62adfae2 2006 fcee6813bba22ba014c3c831cae6fb63a2a889af0e99ea 2007 d40a39b57d42043dd67fe4e446c7691558c3 2008 h_planchetₖ₁ = f86bf5d2bf56d182ff70b0ecf635401bce1dab4bd52f40 2009 023adef27ca2a4165d19b0de911a6a6e41e5811ea1d9cd 2010 9bb17dbf9ee518b1f3bfec644e8a36f7fb2e 2011 h_planchetsₖ = f63471c1555835b7032ffa41db189f013d1f26dd5bf1fd 2012 c79bf18ea8c3f24ec7f31f0b4c1688d7a6a729c7b2c2ee 2013 f42a5ce3524ca23a566d74e708eac487b1dc 2014 for k = 2: 2015 batch_seedₖ = 35e8f7b41e25d3ca2c8e70d02be85843b53703f199809f 2016 98527e316bda6a457a2fab9d327f96242c4e0afbd6214f 2017 aee6a5172aca2b49ad37a12590dc3bbc3f58 2018 transferₖ₀.priv = 1ca613b8fbe4a341b2fc617687553e778de9b8d40c462a 2019 88bc1ac169d2984da7 2020 transferₖ₁.priv = bb8196a4a5b9a646c5424664b8505eb8781ded006c74e7 2021 cc719e7a2cc730ae88 2022 transferₖ₀.pub = e21056df9fdf4cd94a4175f94a48fce623db6f2bc4097d 2023 818f839ec421fe974f 2024 transferₖ₁.pub = 0409b44ddfed03111d7dab5af1b71d8b2597ee50772a9f 2025 272e799133718fd571 2026 sharedₖ₀ = 01a355feafd4daafcd6341597b73eee6ca7ad5dfb78758 2027 88a373434043d17087ab882cca24e580985068eb1b39b8 2028 c0e7f81f03ccca337961cd1d6a528abd3cd1 2029 sharedₖ₁ = 39cdc5377c7295d1e997a43fdc2aac0f5005e64211f7f0 2030 9da36db035ddad5bc32c2dcc4bd5fe1e0d3e471ae8fcfa 2031 9cac0fefa8078570b894164194829e54dabf 2032 coinₖ₀.priv = 343d0b591fc0c495d2e7cb68f2cb0c24d9b274e3ae8504 2033 1dd94454d2856059f6 2034 coinₖ₁.priv = 57c9447a9a34e4b7ed5f4bc71122d76dee9583cb578eb8 2035 eff2e837bc9a0591e6 2036 coinₖ₀.pub = 3b9fb220f7679b3488f8e2710f41d5e6cfee1b6c23bef3 2037 04d9dbfc404341fccd 2038 coinₖ₁.pub = 6ee277e7bcd2584c5ee8f46cc24b531515a33388e6035d 2039 00b33df8ce6a7edaee 2040 blind_secretₖ₀ = f5d25d0124dce3b3529325b6512fd34293448b710217fa 2041 885ba5d80705d16a64 2042 blind_secretₖ₁ = 974dc1b68e4a7613346375372ead838842bab6335d1696 2043 af3b6a2ad249fee4ee 2044 planchetₖ₀ = 55e3f72dfd4c53ba21f6f9e108c34f8f6bf0b69dd8daab 2045 bf4386a7e3a31c7e33ecda1dc54a31a1d5f97b810806f9 2046 d845af20716f4aad733026ff0f6ad0219a1f92d937ade7 2047 6b268f8d436fdf6ca63d9051008efa3af022c9846fdecc 2048 79ce27c8e59042795f2f8a4bc0a792b44bc64c8e6e7c27 2049 3a107d96081142b1d06718e28b32bc733ff36e7b95538f 2050 b2ec30d1242965f9ab40debe4ed845227b7a4a4d795286 2051 6b798253cf1eb664a1d832c2397d044122d24982fb88bd 2052 68f81efa45f80bdbe918680004bdea5dc2e4e76dfed297 2053 af200350793f820aa094e1b26c79e2c2faff866410e741 2054 1bb662c94be10a841ec9db1432d198a4a01c2911326cec 2055 da502a 2056 planchetₖ₁ = 978fca7d513afac1d6ec6561fd967218bf0d84e388a23f 2057 b085f1c37493d765090b90c0c23ba20647114c0f34d8db 2058 1041809a66dfeab96c36477be8342ff4f2660cfd8f0011 2059 14f2aab3d12d983d82b92fcfb38e97fa83142980a9f919 2060 7e794859f439b18491600ea92bcdc1af7ebe4784eb0229 2061 bd287b9c71cdde177d4576d7907f9d643a363e09685293 2062 b7474c990d5d8cdc119d7448d768412e40e8461ea88109 2063 461e37f3a76178df074c942e99062ce717eba48903c7a0 2064 cd27889429ac5a657ca50efd441363c18f9968b33962e4 2065 960bf2005fc0fb2b8050024bf34e8f608f4dade5554aab 2066 1d28478f5bc1c5939c939ff5b9b11f225e7eb275887d3a 2067 475a34 2068 h_planchetₖ₀ = 5c9603dc7240248f0a93107bce217562d60943c9976770 2069 d11c1fd4c9f73fe7f2f3696696b37fb0fa73331c301e8d 2070 d7adceafb23456bfcb6d44063d61f5db239e 2071 h_planchetₖ₁ = d905de829b86b21eb19c036320d3e11571e6ca8390e81f 2072 86e4569e3cc12189ea10cd752c738972a809fa292818a1 2073 f13367c389a3f505f084c5001615de3b647e 2074 h_planchetsₖ = 802838537720786bbe61a0752397056c3a7f7bc332a54d 2075 c5a649452a9a74fef79c2c59deaf1e03cf73f85f241f28 2076 61a50f2f859d95c3c660ab5e57b448526036 2077 value = KUDOS:0.27 2078 commitment = 2bce7a8fc6d5ad50b648c15ff1e5967c2491bfde09c7f0 2079 465026f6603bb42e4723e8e601a0004989d8676f205f6e 2080 3f8da392830cdfa77c47a342db4eaed2ec2a 2081 sig = 43b9734d2547872fcad7c40d151f5a4557be026b5058c3 2082 74a434be7b7e0be110cd7ad27f01ed33ab0c335f3d135e 2083 c9b3abb47a761e0640ac272b6ce8b032ff0b 2084 ]]></sourcecode> 2085 <sourcecode type="pseudocode"><![CDATA[ 2086 (E1) gamma selection and coin signing (exchange) 2087 2088 ɣ = 1 2089 blind_sig₀ = 1885a01f26936f28dfd201a7dd615dacd68a287e17aa8d 2090 d1e4f3a1925047049a491c1b76ca687431faf6fd290deb 2091 4dc80601ba79d7754c84a8d8550a0b166104b6ec7e611f 2092 bc577aff339033d421035578029068a84bd4fe5e212670 2093 fd2ce7091ef9950ee48778aae2855a99555308ae90b72a 2094 b1fb53fea714841c94e256705aae8efeebc877efd376a8 2095 78c6e2cb4e811a267484e4da8e13206c1dde7ef3646528 2096 c1d8bf48096eabcc454ed5ee180e3fe7229785a51a3b8b 2097 d3fba176c05baf0eb82e99d225cfa5f9359d07d2510013 2098 301a7bdf815a7db36d400bc00ca861dbe1402ec6dacbba 2099 901e8c8e4e8f1912e63e2a440e667cea243d46e08026d3 2100 738fab 2101 blind_sig₁ = 9c10e5b88fe3563bdaba5934447baad4d05e66a9075102 2102 7a5cbdd2cf0cd9bcaaec68935d3c85509894247ab569d9 2103 7fd4825a7972d48dbab1c9cbf791776c96a8dcf48caf2e 2104 542f5e50f86d794066b7bc82e975c55995b40cf10d00e6 2105 4904530dad5c396543fadf88b79f81b00c8ebbaf2f6731 2106 f434c5c3d72b451586d0412b0272a6c6ac5ba5ef59af57 2107 969d4f985ea513187c8020a318d4a9c9711ccfdb5aa8b9 2108 ebd93b20e129c3447771a1dfb1b1bbdccaef56323005c5 2109 6116b1df97ace4ae6f6865e5467a96d2fad9cb4c9cf0c0 2110 3cf774ad1dd8f5b0a0fe218ac78b37c4435e4f5616c2fd 2111 96dba36f3c7c1973835fe53c95839ed11c792ad011c9fb 2112 1ce55c 2113 sig = 4ac44b89d7e2b0d117c9ffbbfa883db10b551f10b47123 2114 bf69af42fe8544fbd90efb7d52b649f47d69e0f89ee9ef 2115 10f3b7a3c35eddaecb58243171dbcafc4801 2116 ]]></sourcecode> 2117 <sourcecode type="pseudocode"><![CDATA[ 2118 (W2) secret revelation (wallet) 2119 2120 revealed_seed₀ = 415e62ec89f6397c834087efe396b127c6d5bdfe360145 2121 a6abbfc7a88c6504eee6e3f59db026cc5742c4065fd917 2122 bbf2b7f52e82e88409263130300279e52617 2123 revealed_seed₂ = 35e8f7b41e25d3ca2c8e70d02be85843b53703f199809f 2124 98527e316bda6a457a2fab9d327f96242c4e0afbd6214f 2125 aee6a5172aca2b49ad37a12590dc3bbc3f58 2126 ]]></sourcecode> 2127 <sourcecode type="pseudocode"><![CDATA[ 2128 (E2) commitment validation (exchange) 2129 2130 ]]></sourcecode> 2131 <sourcecode type="pseudocode"><![CDATA[ 2132 (W3) coin unblinding (wallet) 2133 2134 coinᵧ₀.sig = 68773443fe6cf88ddea6f6614213f12ec7ded4fbb39fa0 2135 a4ffc1a68bbfc363be0b33bd03a41d31c8ffe331614ee4 2136 b986679ac8e51aaa0903eee492d0ff81327589c842ac80 2137 a6b47e0833840935e9cd543fbbb91c5b80a591e01eb34d 2138 7bb5aa3fe837b22f8dcfcaf0ee9d71d93c866f00a8f787 2139 def0b79eaa4e6e96c420990b05c2b82c378757ce220e96 2140 734e547a6962148848d2ebb66e9c67a40115a958d21c05 2141 c7e0a0db72e505076e35ddca7b09b603b55dad394c1d12 2142 ff4b6b219feafc3ca24c43c36ad2da9fa632ec1bcfc057 2143 2db80d0afcc9875182def7983385f872005033d7ea7080 2144 bce0df982a134f5ae2dccb2cdc304278c809979252ac28 2145 2a76e1 2146 coinᵧ₁.sig = 1551b2dcf6daa264d4c96452f46c88e7b4ca3955642da4 2147 5e375cb319602897ceb75eda64060afd17002b63fdd39c 2148 c0f86c473a530813c23958573431e2fcd2277cc853f5ab 2149 6a20a9e7499154420f0cd8d13990d45423e61a6651a614 2150 7e8a146a10fd5d63e085c2c4c133d4db0827df1d4fed10 2151 d1e6eadc566e167a17fd36ee884900db9a8cc4b82a02b7 2152 ca0cfacb7d391f535da3011ca469146f239d621fcdfc10 2153 563bfe6ac4c962109e2fc39aa236151f15a9c85b8e0e4e 2154 2ee4f6b6b5f54337c184936e2fe4029e2d39ffe6953f7d 2155 cf208ba062334e8595dbb9784857df770377a59dee2a8b 2156 ee4e9c10e662f15dedd0379849ebc4a7a02a31f1ebd8a8 2157 e55432 2158 coin₂ = coinᵧ₀ 2159 coin₃ = coinᵧ₁ 2160 ]]></sourcecode> 2161 </section> 2162 <section anchor="tc1-link"> 2163 <name>Link</name> 2164 <sourcecode type="pseudocode"><![CDATA[ 2165 (W1) history request (wallet) 2166 2167 sig = ceb8dc24e263252b479376b15ae141e4da28dd712c37c4 2168 81a163d549b44afdd018d04fe709462a56739b3cc0671c 2169 2cc0333b7e5da25210b8bda54d83d25f5407 2170 ]]></sourcecode> 2171 <sourcecode type="pseudocode"><![CDATA[ 2172 (E1) refresh secret lookup (exchange) 2173 2174 ]]></sourcecode> 2175 <sourcecode type="pseudocode"><![CDATA[ 2176 (W2) coin acquisition (wallet) 2177 2178 ]]></sourcecode> 2179 </section> 2180 <section anchor="tc1-w2w-account"> 2181 <name>Account Creation</name> 2182 </section> 2183 <section anchor="tc1-w2w-push"> 2184 <name>Push Payment</name> 2185 </section> 2186 <section anchor="tc1-w2w-pull"> 2187 <name>Pull Payment</name> 2188 </section> 2189 <section anchor="tc1-withdraw-recoup"> 2190 <name>Recoup Withdrawal</name> 2191 </section> 2192 <section anchor="tc1-refresh-recoup"> 2193 <name>Recoup Refresh</name> 2194 </section> 2195 </section> 2196 <section anchor="test-case-2"> 2197 <name>Test Case 2</name> 2198 </section> 2199 </section> 2200 <section anchor="change-log"> 2201 <name>Change log</name> 2202 </section> 2203 <section numbered="false" anchor="acknowledgments"> 2204 <name>Acknowledgments</name> 2205 <t>[ TBD ]</t> 2206 <t>This work was supported in part by the German Federal Ministry of 2207 Education and Research (BMBF) within the project Concrete Contracts.</t> 2208 </section> 2209 </back> 2210 <!-- ##markdown-source: 2211 H4sIAAAAAAAAA+y9W3ccx5Uu+F6/Ik2dtQRYqEJG3pNj2IfiXRIpmqRMybIO 2212 ELcEqlmoQteFJCyxV8s+8xfm9aw1/eCZH3Bees3bPPVL/4fuXzLfjkteqioL 2213 oETJ7p6DZYtAVWRcduzLt3fsHTkcDgevbgbxYLAcLyf6ZnDj+ZkO7j/+InjO 2214 J3oePJnPljM5m9wYqJmc8nO0UHNeLYenK71cyLPZ6+GSGg4vXMOB5Et9Optf 2215 3gzG02o2GIwv5jeD5Xy1WEZhWIbR4PVs/vJ0PltdUAulLzT+M10OFsu55ufd 2216 z17qS7RWNwdBMAzMOOY3Ob+8WM5O5/zi7NJ8oCVfnJnfLvjlOZ5cDAYfvNLT 2217 lb45+CAI5vpidjM4Wy4vFjcPD0/Hy9HpdDXVy9Fsfno4WagQExvh40NqPMH8 2218 F8umOb7f0vxwMOCr5dlsjrkNMXIQWOI8Gr+cTfg4uP///j+WPOY7PHgzeP7F 2219 neDOXC+wsuCL6fiVni/Gy8tgVgXPtTybziaz00vTmgsx16/oAd/efEwE0pjY 2220 Az05P5tNln/EB6OAheZLia5udprLmcJ87gxDFmal+2Q1XdLG3Nfzcz61g+lz 2221 Pp7cDM7tvEf1tv7X5WqobHcjpQeD6QzPLDFr2oyn925Hof+FhYn7NS2y0v2a 2222 RbH/NM+Twv1ahHHkf82LlH598Omde5jm5w9HLMT/wvywzIthPMySaMgSdDPM 2223 j+MEDZ89eFa3y8KoOHz88Nnz0b2HT56NWBEOE3Aa+K2e5GAwHA5BShCJy+Vg 2224 8Ievg+cfvwj+8I394nys1ATL+iB4CJrM1Eoux7Npp9nH+jWf62B5xpf4z3gR 2225 QAJWxFwBfl8sx5NJQKw8HE+J+U9Bq0XApyo455cg9XTJx9NAz+ez+WI0+GKh 2226 A3RzOVvNg9nraTAfL17+gkZ/PFtyO/IwOLnBhbxxEoDkM/AgBtXBZLzUcz6h 2227 zR9PT4MTtDgJ9JQ2VwV8Edx6dvvhw+BrsyHfHASvx+DJFeY7x67SAx/+Ifww 2228 kGeciKDnIxqFB98FojsKpktiOzVTIY7kpqdAUPuJnu7x/bVp6ekpvscKxSV9 2229 hkfoY/rDT5XTsxdc/V7PZ3uXB8F6F522B8Ef0WyI5rSu5aw9CPq+tMNQj2K8 2230 XOy92T85PDEf0a+dbs/H0/E5CDZdnQvoLzxMTxzaaU61xC7x+SUNAa2APaP9 2231 NM+tJsvxxUQH+FCOF0SH8RSaDH28oXFX+IuWsT7eyeUJJsoXy2AxPp2Oq7Hk 2232 6JHG9ETx3Zy8Oekuk5jFbyUoCQ1D/GQJA62HR/bE+BRN1JhP9/0kvjJLfn2m 2233 wZsnX50QM/LgYgZdAr6vB3PLx5f671fjV1CdtM6ZW8dXZh3U4xyTmJ3vXbZW 2234 xQP74eQyONVTcN8S81ugG8xVu93A8iwr/TIQwd75TAWP0cOh+aTzUWdrLIlB 2235 IcNmh4F+czGbYmLjmu/6d4HmRQQTBwH6Xk1mwWOaASQeVD0ZV/jvKz4fc4GH 2236 +YL2wojqyRG+oOfA4mpMw4A3Zhe0qhn1SQI+C4Ql3Byj0mIn45ck93oM+3cJ 2237 gZoefrKajHmLlGb1ii/5CCaqu0roAnQPxX5ivsIK6NOZ+Dstl/YZQ/hwNJp2 2238 H9Rv5GS1oE0E/U8Npbu7uQiq+ewcj56YnZxiZeORHmH54UHADoLoIBiN8Od0 2239 yMwQ//4//i8a7t/+5//57//j/z4xEg0240Y56TdLGuBkHBwF3amgXzfbhZ0u 2240 nsdItbRYZj3X57DxpIFsf+PparYies75ZXdsotC7jM+nthcvPjQfR9MxTc9S 2241 FSoK+nfrXEmt3m4QwlgCxIzPjXgAFhwegngKcABqGtsO1Ui0tvpdL+R8fGF4 2242 EQRezM41zfgUDAc2WaCPCZ/TNx7rBNVqauzGItgzHAJbsLgYz0leLmEA3uxj 2243 LuuTeQCoEtzzD1KDD2Dbbg2jNAu+/WBxxvHL28HgH/7hHwbu473zxel+MPx1 2244 cEYoZ/BwerFa3jTGG1/QP9gQfIQ9gW6zjONU52fBr4Lov2UsmEH7Eyj6fLWs 2245 H6beTCfuMTU+BfChp6vxG5IC2wfN9zNAlqMgjnw/NLnBCXVg9I9hcNMzPe0X 2246 A97ApgXPtCNRMgKPpvSfjP5DQpmNInriawcYvhk15EhZZMmBX1rkwF8/lhws 2247 St8PPbLk2vSg1WzSIyJ6RESP2NMj2UEPQ9U9QGljrJX/eL+m09B816XW+2Cg 2248 90axNQ563tDJEU/O5tAysApq4VFANZ6jz/pJrxY26at0NZ5a7fTtt45x3t60 2249 xFjq8wuM3+aggZn9UUBffR3ejNk3dlJAZG3QZ20FqQQ1rqpaCbueDh2jt8b+ 2250 GkD1G/rF2n7oHVgcMxZMx0pjS0knPHIkuwUngiygs4m3AQacTnjw6NZt7OzZ 2251 Ofc7Sp8MiZh70IEHAelQs6sgBfbF6C27Lw/cvsiO4jFz8BrL4jtHxO4+dRgE 2252 IxkGWWgJ22j+bLiDLx308U9SS6Paa5YipWy09RyYgYCXfbTLR4RY3b9uT9dm 2253 ZOULXxvxknwiVxMjAmukd+7IN47In2K2d/QcNtsseU3pkudBBH6pqreWF2k4 2254 9NTzWLBHT+wHq4UdzTrIY2OxoPeXvA1kvnbu0DcDQ2ggO8c/BEo6OwGGms0N 2255 s9x9Y3wVownuvrmgfxZLfUGLXKxOSbTcMmke39wcnNC/Q/fUCc0LVtAwCbgT 2256 zAmr/fpsDDzkG1KX6+3AwCfBnqxGEBrDa2/3R47d8NDegk+WB8HDTx8dGHf+ 2257 IPjMsNznnz5ybLKwW0jtzBZeOIxlPjAcH+zxYDqbDh0LWXBpv9r/38zDzc+4 2258 QtMlGdhXY8BiDGq9LW3AK/f+AggM5UtYGr4VPYcJtvQYuNSYbbAIEOFkYL+p 2259 Zp0JehRCZOYXDSxdXAB5AsYHtTs5m67Ncg8YnzAjt3DeMaud275p+5lr2bgw 2260 jrfXpkbb6TTi2hC/OgqiNP0l9N5RULAs3O+KzOduwX397mHIz1zX+xvalp7e 2261 EKRqNpnMXi+cxnzy9FOM3Oawhhf2rfZ4YBWo1797bcu4P6Ax6g6I8/bQZYuL 2262 1rswxq1tKty0vagOH80UnHJO0udAtZHgjto3wvz2wKruWteB7VbzqRFUmpVR 2263 7sRV8BNJhPE3wdJTAMTpLj/wcUswaDZ7jw+CNfnYLhyP/a72d94Ror+2FF1D 2264 jH4GOXo3fu9s5uMWy4M7yOVzMAP9GBui4OjNzw3j+F/HCzLDE7i9wjMZtzEz 2265 UvPWkI//SLKyNPN13OBbwI8ZqFmAP8YTM91fBY/t3N84OVhXpsF3AXnjLNtz 2266 fewf2DjH3uP9/XrVR6bRnol7PN4nx70J5mHYj44C5gUleAwG+Xgyxk48gwPM 2267 wfUeTdxV0CashL3T9jcyecaAGXNwV915dqtlxbBKI59yNX+l7ZN84Ts5GHTN 2268 rkO0hO296aNAH6zww2lwweG3kZaZHziLqWYY8BgMeoztg6ONCdBjrvMLaMu5 2269 /0Mu36yNZWTXB+IsPLZ23oUqTCiNyOF6GN7XyycrsXcBc26E82IlOgCHvvD/ 2270 Yt01ocBgXQ7Eg4H7FzzeaWfhCb7YCk/IqRQblBqla7TqzBorwoL2zIzN3A9o 2271 3DWZ2DX1680YD54YwbWTp2jID5r9wQBAQ55thpsMgDd2BdLqLIuZ9pHTYHtQ 2272 +/sDmulRsG3LahvwgWFp9NIlFH3oCOSdnMX4tKt+PZ08ATy9PJ28E+TdGBsQ 2273 ohCSVl2K47PA/Wuly1si/6i4NH9aU9IexxIcz70Li2TrLGLo8DtovOpygxL2 2274 4z2Q0pDigCbZuAcdeji+qOlh+WOdHJYAfmn960f77XAe3qg+IGNEj5kwJRhj 2275 rFpPE/Klx7v43rl3cnauvbc3IS9Dnmn50nh8LRrlmzQy+uDW6VxrUhJW/31p 2276 ltrVeZMJBXtkcJuUXHAH8Hyshw/0ZHIOE7J39/adB/u0vq4O3KL3skbv0VkH 2277 pEGAAnPtNGstdRd8PLdofzYl/lL18rifrFHBmiv6wpl4YxFGgzvmUMyY7SlF 2278 f/HY3MUbLZehW7eRpHKJjsZR9Tp7zQVpvA8SenJpQLpvb94E0WkebwcLrZsj 2279 sLFYzNR4dU6HZGI2ezkazw6hhA+5esWnUqvDBTiaz4+7Ed537MMZpmFDb0zo 2280 0Pm+tBtDz+pPsOSWVjRCf4Z1qGtr9i3q8csevW97rv91+Eu0cagVdzzpI0G2 2281 7RZRdxj7ABSnrTTq0aNUN4FthrXDXi01+mEDv02cx6rMJsQ5XphhgB0COeHn 2282 F/SH4YrWWejZSoyw64d/p9V4IZes2alDMZmJw3OInp4fLuay9Y2NLByTJPt9 2283 O5zrioWHjs9H8oPPcjawhKBp2tWZGX7ojJmjaBOWca2d0l/nxvuPv3h89/nx 2284 7adfPXn++bFWasGPtVRnvVzibMg7McmX1zahf9tMAoxGZv32bPpKz5fDJzNg 2285 yJoyt2sJ27swZ0nGdp/DMTFn5/Z4bmzRFLDzOb9oa91kTd15flwJ2uerR2y2 2286 fo0vzEZ9+JPxxbsiwT6F0K83+nGglLO5Ud7AFn1mo6HjOlnK660ca9bHmMfx 2287 qV4e29k5GsAAbncLnj67Nbx35wHcgvmCDyt19taDrdXFxQzIHVNuhc1oFu6R 2288 PYMxMAoGNOTEw12YsQarPO1MRBGdtGAH+ZALcr+sU2rO91YLuM3Ew66ZPysM 2289 dHc3MKwZpVpNJkPYSzp1N/E16ggzmIEb3bCjx26H8Mz6DtWi6p17qydtRGGI 2290 Gb19uxkjMU7cUXDDkuRWcO/5xeLFL24MjNd+5J0769L5KezvN25f5xvtfD58 2291 7ds2v+oBrfOonl3dnY9AmN0wEYjG88Uukz2mtAGzYudtm/glYXOK1fNTTpAD 2292 2Az+81iO6RDPbQ5xNPDsKw83fVAcqmyuTZJMQNxIkXE9ncGBpiPVYO9Uqn1z 2293 tGfG9M6FmawhOht1+GhoIq16T7xcdNhpA7WigSGPIEam6RDjOEXbPrBonzL8 2294 NCzn8e02lqNZbmO5LbHrH8VyH3sq4Nma4TqfYvombIc9MUcJmM2Nq7jIbEKL 2295 i4wq8J12t818apXAlVu3TRP87W1n7cPRjLAz1czv4jX20CtSt4Vem27ZQXMi 2296 chRsU6ODefPFNrkYzI81ec6UY+EVg021qLXLgFaDJmj4S3v4svZ9jz/tRzX+ 2297 ND13YOyg39INn9p07f9tO8wH9jjERkw7QTnXH0TCW1naOLOPjaO8eyNdu3on 2298 r+OemxlCj7kBd3ri3Z2i7o7s80RwN33lKOpX0ybpF1OxVVjc53vo8Rri4pdh 2299 nmkW8zcqNqupF5hmprvO67o0vprjx1OKFo0JVdpA4Xw7yxPVfhnY9r08vxY7 2300 8SO72IkPm7y7NtvCeZWnuTEHFOX4affhymjLz6bFMFO/H1fpqT3bzxGtrnXe 2301 c3vCgVKGzygtdj4HOpViQcg0uIPmy8sLbTMtm+RJPHPrnCLiCzTm9jc84D+j 2302 GMdaApMNBFFOhk+dMzkLwwvyW+y5ymLQ3ZYT8+kJPUQoiE5jpvqUd/LuTOzF 2303 Z0OCrBQ9muupvDwYmGSmikwypnzi/EHMZDV1yYIUFTpbTRU5P+fjyQTNIMt7 2304 TA+L/Z4+Dbzyf9Yzi4eMuczQOvVzEYwppbqGck0vwGMvzvRUv7KBMeVzF3yW 2305 04HzB6d0fF9TsUkVnQYnluLEVgOTYJgle/ajkT2gcpA3jvzHngz0jc8RZRFs 2306 h/3aT23/xAb0no8hbEt+fgEf5JZYzCYrytGoP9zYX9DBz6OVLPlmPb9kYBNG 2307 5XwGDWo+g8Mt0ZKVeTgMGf4XhOHNMAxu3332/CTYo/ZfPH74ZaAvZvJsf2Rg 2308 tjnogptsj+lOwjf31n5OmrktghuG0DdGg1/9YjhsQjU2tkkHd1r73FAzWbkc 2309 PNUTy2Q/ZMWQ9JrT2kv9QXMHJHKzHw5/bXam7VDemky8Ulx0MEEjb5g95MMc 2310 LfHgTHNKcnW50o4tx5Rht6Sjz/Ef9WAP+zFZKc+y9ol9e9bokowWFsbU55AA 2311 tXPINJgONJnr0zGFr0jJXQb3bz2+5bh78DWc5ymMZr2A4Il9bvHNXh0d41Pe 2312 zv23vw5rjbpwnxw3n4zOlucTmC0z7vxyZNc9rA9D3eQWjhJwqFgYhs4luq+n 2313 w0eLU7+C5khjSwjftGjZG/9Jd9Honxa99ZjDEAy6bo8ST0c1bftPP7ylgdd3 2314 MdHL5tTD7FJPD12jQyfB22CAtQZOR1DCuVn5R0HRUh31vn7XnBlQboCeUFpd 2315 K0rx3DA/SQgPpJ6bRPwmHZxiahM95PNTm8zfRMJtHIwb4w3KOFG0SpbC7ZrY 2316 P4Cna71gqHo8f6YXTf47TBMdITfhOpsGetNk9386xXoNnDzxh+Papa2e1DkJ 2317 L6dUHsAJXs7m48A53JZZ3CB19mmdmka93/EH2leN0Dr57oSljJKniCPVMUxm 2318 p2BWo4SMKl7SFJZ6YwpkUZYm4fe2UWCkWk5syGBs0prdAsRsNtGwFHUWNh1X 2319 1PnaJ/YxOvohEDOggpmAi9l8uehZcTCjDXk9Xmga+wmV0iyWbuUX9q9FK+rq 2320 SeDqCma0R/QRWVOfyQ3++2w2e7m6IE1hkoyBqedj6LsFpWu8otDI5NL3Duq5 2321 TjtHfiY7mXp8tjoP1vKvsTyLyMixBD+CSDSPjfzloNF5Dsn4/CwPbN7uE41o 2322 d9r5402XCwxud2rhM88hFs/oPM2kMjcsbzbIHPuaSA7WZ6NDZ/PZ6tRUknz7 2323 rad+nUxJSToA69PZ+Z6J/OwHR6Y+xwZrnbSGLcll9LtpOrKn2KaHJxM+hdlb 2324 7l24Xw6CLd01v9QdBK2uwzemc99F4Du/DeVmkpak+2WtV8kB34hYnzz7/HGr 2325 0XdB+IZyrQw7D5+thO3F2Ef4BuZvgCVlu7NMb43nr49aX+M7z5T222HnW6sU 2326 u3Og7d8/aSYG81fL7pqlp/aDDeGlT4PbzeNWUIChNfZ975Pbz/bXcyWpBuub 2327 USvj1Q2HIWwGEJUZdGZpuBhTgWDIrj9nuNoYO6Pt7uEvM6HPbeHDuTb6l4rk 2328 4N0ZTrN5PgvK4ZFn3sLDdlGuCPkDVFBFKzj5b1+Hw/LW8PfHfPjHbz76LyeB 2329 y5f0tVGm0+Dkv2AGp3q5JJVi2thPZkvocpvbwGmmdNL5nNLDKPnESs7CRboJ 2330 g7enuwg0X4z1/IDWWRMMc/z71XhONtw9BxXwxfN7Q5aZorvAuBALqrW6N5lx 2331 08J6Fb6Mg9ujbzFWVF0XPHYfn6/ALqL2JRYeiNtykJPhXvTLX6ZxMAzYvq0A 2332 MR9E+/SJAcoBQToLtGzNQV2+Ca+oFmMbHLbNXLlko2GN47icvQQSsV7hsR5S 2333 ceUxTBm03rlL9NDTBaGdgHjj8pzKGE20jF/StPfOV2hiimguzi4XRiVRH/sm 2334 TQT6/nQFpwSLJMpA2ZFegmRMF8aiykt/Ykbd6cWH9qS81en5jHT9+HRMMNGv 2335 wE5vAUxuRd/WeL32Boh4BPj39Gzpc2kPXC7AVI/NWbpZ+UJjDmTovAcS7GHr 2336 7Wmn+4jsmprtU0EkPUNgYGwD6rzJeWt8q4f2QP/Ar6g12boOCYxX6bkXge07 2337 M6DofTXXGpIjz2YE9UzmwGJBSfGCy5f++e4gI7vd2ExMy43r3FoHW9BnYH1q 2338 /GkMOpYIIWajFj8dAySaUpljowFWU2/3epaEhS99LofUtCHkR1IVsFYONTi8 2339 hV7heJGpsZxm7NrZbKJ8aaL32Gh9LoU+GgW3/MReU4jR5JJNjePheoHsLPSk 2340 GkoMOVOWP6F6yb5RQWbc6gFmk9aGPojGgM0aC/GTWfraLLP6Aa+WLu/CjhvY 2341 KmCbFwj9aqIJBBLM2TuFH1e2wtETCvtxt55hnUK+puA9cxtBNKGaCYmihBZZ 2342 HBvP7dIoERsaGrbipzbHxLp/QJJY69n4wsM2en6wNUeLYCeGOG0hvCYke0LP 2343 jUyy2GhwF+Du0vREZx422GtrHKyh6+6XkYr6eMgk0Z+YP0/2LdNbx6xNYuuY 2344 GqTkyqPNsk0CK3k7k+YRSzNTlDjw4a7OYI17ZNdgor5Ou+z5Ixv8sd+Oxbnl 2345 rgRW+3zmVJ3VbY2+O+jMuS6UXLQH8sW4QL5z794Ccy9XlK/qRt9vDTew5/08 2346 ODYR1ePW9BfGilOkxnAd5EUYt8aSxoTrOvNxXHdMU1BzDl499iDSfwQUaTyb 2347 ldUk5/UzjlGPife9aCyolGBmDNJqPg2OHaMf2yfXhMSP5DoyFQVPNbT4quaS 2348 mU0MJRRwQWxo1+EOKI/haWFnzzRI4HbaCRsglC1EpScpdd5UyYLJHDlWUxDu 2349 pfEpulNxPZqpuMjfZDFDf+aUm+RP6vErWn6jPrgf1e8jhaxof8hQeMK4HA2n 2350 hYbL2dA95C8iAN1fRC8OAkf86LVB742rySev+eXCaEHi7FdjviYNgwezqamq 2351 anyfqktuRzafkU1EXaHxq/HCioqRUXupAjfVzuO5GhL5L70G5HA3oLSPHTLy 2352 j5v89IXNJe/GNSEqzkx54GCd5NV661bZvAtyBOs/w2Ylw41vD9t//IG+flGz 2353 9Nq3+D4I7ljGtP08tbtu2mET1nvqGWWzhdvSYfNT7//mcoD87dZblN9E+PgF 2354 6XRYCtffQb3ug4adKLx2adT3byjiY+gN1M5XExKSaTU+XVku8NnUJsnQx+09 2355 t/u4/b4xe3tGnez3qMaF0QI+s8n14JPE0UPTsDW5QE8W4M21OH0TDPT9UNwe 2356 fbhKBFPbO4EBndp45toBl9NyntNtqmM3SxOW+9bChQlXJvZU38UAjwEYigjP 2357 bcjamkhixybBluL9PbxpyUk2ram+sOrBEBFjDVuOj1FY2MEpF+aeBWMv5eXQ 2358 mKS50SQ0O/8E+jMzBwHq3ittVu2rM95Nyia6WhrQ5Fq3a5eN29Bd3AcfwBHz 2359 Uda7w9umDpROWlrS9O0HtWmwmNGxfcu2TYNfB+GJ09ZU402/+fgGzY1cI03I 2360 kiqzW5xDba1Rw4f+gQ2zdTDgS5BLrJY11vMAxQ7Z8XlpCCBhIIAOZ9vBzCdu 2361 IIsobFTZdkpTbUwjdgKGwvvGa3DE1Oy2+98feD/Nn24Tsvz7lYFr1sSbMA3Y 2362 cjZvTlNs2DGw7OGScIivmmmMWsqivmrk+a3P7j49fnTry+Pbnz98/MxWHdOU 2363 GnOwpyyZbj8bmtskbPFM3ZV+s9RuuTYlJJhjegp0vjATuP3xs03F7Lb+yp8a 2364 F9vgZpfw/Y9ttDboEo+sq9Pvrp6Cazj4aLjr56MdT34HE83266152akm2TGF 2365 HzPmD1/n+gdtq7Qn+PSl9aUrisS3vvv1ljH3gKco3HHTr31kqgcs/950xWXv 2366 d7bb2+2m4/Cja3bzXR102+ssyB9C/ryz2TK/Kximn20sk0b71vFqcae5EsXn 2367 gmybyI8Z84evc/2D7mjBodd6QfeLbUyKn+5u+ljvwpW4vP/Zbm93JR2vz6Z7 2368 d5nbyvFisaLyB7OR/ijzZ5/RljluPPmr1v7tbZrz/e5W/pjt6FlWvzqtnyQh 2369 iR1lV9OdcvHexlz/4KonmieNf2Dh9B5ZYqD45gavNt40qIOaBxcLvQI2mCk9 2370 2GWz9qz9xkO+QVNd50sLB+u60uvJJoHYoQBl8rIWHoO1NY7NPFsEPnJhKrIN 2371 ruMe8Sw0kA4hlhbgqsHLwWA5O7W1TDYpoMkdJJf1jXNIDcgnStiAATexTmrr 2372 axbcDR0aEHfikjgM6KKxCVub5BbKXTDhI4pKTS/tGaLB3C6TxsaHza1ABla6 2373 m6H8IFQr7AuoJpejLTtylYJu9kXQocexmV+3FNLvStNgQLwxJhxJFyXRUTyN 2374 Yb6C6PnaYnceNqYa4vrRg+CGvZ2xof2QHh6q+nqLGwemWt9lFB7bDbX9tof5 2375 Oo5ufuOG9nhtvcnNOOo02VbU2X6eRj079hCQFrJ2sIhPqY1X+LZRNwHZH+i1 2376 BiUKdNfiDhb992bYbqfbDyQ7j+4PasNDiWvQgM3cof8OCM62HiSVOKCUi6PA 2377 p3W8uPXZZ3efHz+9++zu09/dPX7x8PmDO09vvTgwKmQv8EfGfqpGGglGf7fx 2378 FRyWOrTnUfN3zeGmmVt3LvWZKZWJ0RFn+wh146/9fZf82imzra1wXW7bcTNc 2379 wOp0vLRBiabYsOE2mwnsgmXw5WzzPS5mr/T+zYHzKD1H0by77D3dzd7udoQF 2380 mDqOfgmluSE6m1xuur8hXtJD7cHRuelmf5Pr7SP0Ye8zRoeu64fdVn/PkxBk 2381 vRZ7YSY1S26utCVXTV5D02d9el23c6knmBGFImqS6jfmRrMfKjT/gUXA0met 2382 vroDRes6a9fWW9tPv7ptEmZWi2D2kuIDRFGbTjSwcYij/rV+dOVa15IT/JQE 2383 p/XCjpsh+pnfQLaWJrU19Nu2z6lpb5NaFryWe3PCqt9wss2/CRbALhNlTSjm 2384 SDEOc30XTWWuMcblb7aLxjbY1ljLrRaQ5me11HqafXud1zAGdu/WcsG3G5bW 2385 uJv9+C9tjOko6G5tq4GTQjTpyKP/uj1htFlXWW3aAw5xH0h1TUwOeAte8Mlc 2386 c9VKXPpNvZ+dAF6Tff1UyxnURRMPBBClT97W6t4EFF2Y2wK3dkzRf0GqxMXj 2387 Kf/AnQZ1oKU9tzGnZlN3jVXruhgbeJ0GJ+acpxUwrKPv9jhWTvj43CQT1Lml 2388 J9MZROFkNPCT8dfGmROjsUnpuuDu+LHWwOayEohOfZDrT3c7kUXzVftWzZ6A 2389 KB1duvTD3QHKA+cFGMhqc7fodktDExMNNTdMnrT/Jkb4KOhoCD/nX61z3okL 2390 WZpEG3unpic3CTjIBDuyokz4pbmMdVIvH912Z9seqAmt+hwAqirwuaF0admM 2391 8O+is2NYn6Q7eKl27tKdtS9cBHsrydfOFoG6PUtJo2rMOZ6valRjSpimG3wu 2392 u8d3gUmxf02njpcG/dNpvb8quCZGC844RfbaZeOYnBC/TLox0NwSHrhzmiZ6 2393 ujtuWhNh+89mMLXhps3WtpHvcuSrl1vf1TSj72o/tcdB7T5y4AjV/q7LtFf1 2394 d92vd/TTF97YHaza7Oe7YO8RkJcV/Ssiuz/HfNYmt/vrpp9fmcjLb58O6ZLI 2395 4DB4fO82/vvF04cm9PKudN4z5Bh9O1YHJsvkN2/333E+VzS8qp9rUvPKflz0 2396 3uj7Hbv7s83nug2v3Q/FS81mLQ6/tZs2Vm8Pjc0Lhr9+l/nsGSJZ6Gp7slu/ 2397 /07zuaLhD+9nRzhzQ8SukncTibFqfafI/xzzWZvc7q878h7UmckHLU1P2/fO 2398 8m5/WgHzd57PFQ2v6uea1LyWvGN3m/xIm7K5vrs/23yu2/Da/Qy3CzwWHAzf 2399 Td7dz946am1Y4D+Z1McNcu/ji59tPmuT2/31tfvxUwkOjYs39Ms1H/76Heaz 2400 Zy9iPTtuNMw6m7z76ro6yiubn59Kmx9t3dWPfkSH7hDP09/Wb/5NzbDz9bX7 2401 ccd8wR4Vm3pX78Af7r3rAhsXpM0Qf3XFsiHJVymWpNlpW9wmt2uWn2M+a5Pb 2402 /XXXfai1x569HLL5+VuAAW0qXAsGxA0M6NuVn20+1214VT/tQ+HWWXA7kxDO 2403 +Wwylpc2jc2d0VIFI+WUbzko3ur87nldjQdej+f62N0h5M4iWVTsD5qaUhMm 2404 su+osPcK+OKtsfJXeltXoo4t2gGPYGfUgX+83ZBOut2oPaclW726JiZsv9px 2405 ru2cHYp9bLzYoVvgQHc72HihCWHZitfJpYnam7gSn7q017WrEUaDB7PXdLZs 2406 kjilj323b1GoVia11b415tVaUQavU9gpZcteiXAwqJNKKbdWclMtTsVPfBHc 2407 WE19sPOGKYNzqV5zdyBeJ8TzqTvdxmDU52xuk3DXaoQ8h4G7XC2by2GkEPwr 2408 m7FvgptbTrv7fKw2Z9nQetvXpMs+HKucHRML+PO0mh1c7OkguOE7GtJ3Tdm9 2409 O7Kub0NAD9PZ6702v851tZoqmC+uQEntmM3/6QLJ/vnWc+f8zbEJepoWhm0H 2410 9RqP2kETy9KGo138pJ3PbZd20IxxcMWUDuqh9+sBR57Fa7e95m3fZNDgN38g 2411 t1n5unYG9+ju09sPbj1+fnz788fPn966/byNArce/HaCjO7kd7vI9jhmjdS+ 2412 //luPaXrAtH1Y7p1AjsKU/T3+ed3Pqf025WYQPZMa5s0a+p1zAe/2TyOahjI 2413 RWybw6GDThj/eGrPcKiHehbf1nxjmcpzwltzJtR6+HQ+Wyx8bsZmp9vPA/wB 2414 V3Ne2DmnOtg+BJ1ngWx2sLXTW8pEPr5z98nnzx4+P3CGb6+1J2vHrANv+ehD 2415 OlJzp631+p0e+G79fKx+sJH01lNr8lQ33k6x7/poYx9q88v6TM29jPWhaUcw 2416 2nkBB45e++bs3btRpDR8q2+JGenk0K3vbQ/tD9xorRStjpNW59xtumw9ctnn 2417 GLdV9fUSCJrRRqZurdmqbRx51G2/vtZguH1XrJS6U/At/dJ5yK+Pgu4hFr0X 2418 1n/gJchclzgi9glazb9taeU1JbzGVG9tB85M7Tm71AIuf131a5WVOYHngsy4 2419 mRktnApgzP0wm+fxM3Pr1Ws9mVAQGKqODrn+js4H+WKxOm8d1b2mshoKO5m+ 2420 fmOunKVroKnYWE/Voc29qY003ZqjjrGDy6GNXg0/f3rn7tPjh3eG6GQkb0Z5 2421 Fm5Piul60e1EmC5GqHdj1EILzYfXww19yQTr3Dqe9gnBpp7amUrjem1l0vzE 2422 mvVKhVqLxaitWptP+3Trbmn+sTp2qyVv5V94DXvQnocx6+8vh2O3qdy5/kZd 2423 +w2ntIm5GlBZm1pNqKSrVZ1hXAJi2EE70lJj2a7SuPsl6Yz7d0lp3Hv49FGX 2424 SdZYpN7+NokHjSmtx2pveUcRDtbZZBtDtHKydlBle25WdwN9claHQ7bnIHbO 2425 tHdBUfJOtoZs2jbvR3ogP88e1XZr2xbthENX7dCP2ZutwtoN9zWwu8cCPrn1 2426 1aO7+PfzT3+oDezJJNsaFWqckHeczjt5GK0sKtoQulnd/EK3Ufpgjb1mwlRK 2427 0tuWbUOX62Q9+I1Mp8BmOo3NywNhz/W0TrVRnZyawUbxvU1Bt5eXdbqse7rg 2428 Y2WKSddrH/fs+4XdwyfbOfHE3YNY90uJjuYCQH5hYx72Yh+zSqpvp1yc7k1j 2429 Nv3evLJEm1iJ0pLqhZd13aarqXRZXLazgcMxBs+YgnoTqviwlvu6zMBeubNX 2430 JzjRPV7m+oF9uliW7o2ge1BHg1v17R41CcwlFyDvxdLci1UvxO2fvdbT5n+5 2431 SwhsdXKTS2bTAQk0jdqpbw6agUJS25oEd0nB5p0FrQpYtxUL/zIYe/8CXeI+ 2432 2LwGYTwZL6lO4eGU7t/R7ZsUsAd6UpnV2cwpRzJ00kmVOhiMLb+aF1Ou5XKt 2433 RcMwucns9einyofyR6Eb7a7OhPLXVTiDbD+stXHfT3+s1rrvNaj4iYPjm8eO 2434 V/VTV7S2WXXLMejPNZ/rNrx2P1tPyN1yf9AZebDX0vjvPp8rGv7wfnqPJ7Yk 2435 nV0jB86RyCgd+26gbUebP8N81ia3++vrn44Hh0ZNHn7bks42Y7zLjOylf8bf 2436 aJ+S03nGu69t42Sc4jvvuLorvn7PZ8/v4XDc0f2nORv/6xyNB3sbR9pmJ2lG 2437 /9GyZaJmh+hmGZ90/x8pW8YeavvrOeG82AW58Kidx7tTuy2s18+V6tZldPwl 2438 80JecyO+8f7Px0tTh3Htnq9YwPtMpY1asIFQ73+GVNp3LLRuv2aLShL/7X/+ 2439 5d//9H+4tPf6pWJbarE7aOsdz7w2XvB1zZG3W/XNM9jWJJropH9whqfERA9c 2440 pNxGoLr1B90qwvr8cayae7td6kAc7W8Jsl4zkOptLmUi2Mk5z6+pzLiYmDIf 2441 +C+X20KptTv/9O69Lx7f8WHU9QBMu0r5Oxh1/Kceey2Q6Say4xxoMzphjm9+ 2442 6J5u2E6+rqPbIfKuc9OzUQ39au9c6NZl1s6vNLUytaPlrgd0t139oi5y7DCN 2443 eT/xzIQzTUirjm/6+MAWZvDHsM0W+Juv1jy1K/jG+l7XZYH3wwHXiwZ1jvE6 2444 F0VT978+2tY/2s31+eyVPlxdUEAi8IFj1aXsoLlculty+NFRM8SwZ4SriGWi 2445 Xz4c6DlhB+tvBmR/FOv3gZKdJ5U/fE3Xi2KubabbnW4Iy2yewx50Vtg4D74O 2446 lRyHzmkGadv9ga8WXdhQrX+ursj8IdZomxHfUU177cnWWpkKVh0ZvA6hwrgm 2447 i6ldxjnwga2t9aati+k2ru+sI6nmcRNKNSGx7TWk0xMot9f9xZi7izAHIEgd 2448 9fMvaZ5NlL2gdaODwN1ju3mL3aj1Agp7u/Jc84V9wUSrLLHWw2pmruuzNy7v 2449 IIYLAdurVswN6rxzYSBN88OFCzeuXzu8eSfrwcAGd92rYsxpvn32V+6qfVs8 2450 SpctXz0r3gpCe95r4pgU/367T5cuP9XYIjszU+7t7M54/ZTUvsaj9SaDOjpK 2451 l/VRwp4jv3s5h9n5zgZ/6F7itOWyv0XvbX9XX+43X7vI1pUVT6yRNFW6npAU 2452 GLf1sd1cQ83lWc2pFFxVJv5cs6wVb38lnnsvBiTLvKZqcunu41EN5/nRP1z0 2453 3ds8oLg7D+g90fQyaFdbTgPad+vWGuVk7Y5FJ3vu3Wyu3tc9bu6tdol/hiMM 2454 eti4Tro1jfp6W2KiJm7sGIU+tDf0mnLg+s4Qf9m8yd3s5E9aUd/bdXv1vq1K 2455 nrvC4DphsvNiF8MF3L+roUYwgJ6G5f295Sakr+09xUYAz/jFhZ6aVV20it7r 2456 rHk6/acvHe/6N592aOrebgyV23n/hb+Pwd8RtH7Jj3/K3YCyeauPvblk7S6B 2457 9mUnnRHWbzvZetXJFU/03fdTX/ZTv6Vj1y0+W67wOWi/PKR9D0nvJSSelMYq 2458 myurTd/r3TbNmz59bk1zuy5U1Wo5xMYO3cX7NePWDG9fRUV5VeeUChic/Os/ 2459 H8XmJQ2a7KDUngVbfD0g2dgmgT33Z5mCH/NewfoeInOtan3VA7owhmyP9NC/ 2460 /vOQ7R/+6z/X1oHyiCnL9GXrrQuS0h75xL4HiTA8fxPoV9xc/Fy/qWo1vTBv 2461 a5N8QgrNca975VbzHoHXMyMfzo490hP/So2OfrSezPn52CcbY4ZmBfb1A/5V 2462 kvUG19pxQXboqX5l3oVmL8GmJdY3kJ2Y4I+94KtNjSbz2h1VXdhXjsHhX8n2 2463 ddp7/un9a05oy33Wf7VrU/2JFij8Tj/v+5q+K+/LC1rHU2a6545RrjPwjxlz 2464 /YNrPNTz5Pr4wSGtIVj/uOcuS6uItuWCuiDmjtk6M+LU77Z7MP8GbsH0u3LN 2465 /txRwSk/P6fXr0y0rK/NM/zx3u/EfMf5bZnxxpN1zdy//NPBtpK3etCf4FbM 2466 K/m/Dus6EDBvdOgPL466csz1D65cYO+T7WGDQ6ukh5sSt0PcyNqQiXMHBBs2 2467 4m9CdN5FXkzhjV9V4PJXzIb+nDPZMrc+yTB7978ujW2eXP/gqieaJ3/EWcbh 2468 IYFJd6V8na14CjxP4nRMJYSDLYAy6DznbRDcdD61UnS8nB2/hCfEj5tHF9ST 2469 d6S6Du3O/poeqFffgZ1bg9Fth92OzD2M+tUxFeq0mi7QttvQvTDKIbu64bG9 2470 PXZhO2jJ19bpEtWaNu9yTNRBPe2Lehvb3pRhwina37on3jNzjw3tbQCG8jcO 2471 1oBC7YMdBC9/6TPgX7oA4L/+M0UA+zdrfSDfzL90aggfm4bszND6htNfWu9w 2472 I94YBOuDWdfxNhxC5zdumY1Nj217S/4Z73P2PHhQ+6e2i70myNJ1CP1nXTZr 2473 O4f2E4qDbnXi/QPt22vXWPGo547KmnWCJiRspm1dXxfDNxGwzQsi3+HuyBZj 2474 t6bS4b6NWzI9+dbVltNddrrfddezcIy65fTn6jt/r3/Tbk22g208vBJkZHou 2475 ITXFFo/uflYnaLdI49bsL2rcUnbRLHtzg7anrrfE0KQvt4q76m02mHE0Gu0H 2476 rVeBNLWIW04EjGq6++DYvkBqblT5u5wzXgm8u0eN9trK7klcfXzbqoK5ogTm 2477 ynKNVq1Gq1DDynBzemgURzOSGs+Xl1fcnXsthvl5b9Y1jPThTyTvrZPHD6nS 2478 1d5FuqXMxde4uEvgN23EFjW+YZH74nHvSTH+/Mrr59ccvVVQ65UGftlbzv1b 2479 yMT4pMfmf2pGJY7H7hSv9exgXK19Yhi1ovcE0Ub/yz/hEcMHdB2nhSbbGeJ6 2480 Nwz/pc0Lf2nbdzoCOKajQ1L8XRTTJ60Hwaa82zu5bWWYV7Mb5Op4hkSlTf+k 2481 bfoXmOpBUPHJAkSs53llEVAvm7hY/r/8U991672lTh3979Ap1WVOxuKwfk0r 2482 vxjbWkwyCCN5071h0EL9ajwd0/sVr3665W9TJxd6Tse6x/Vbad/hRHoz/tCg 2483 39uu0r4JnVil+Z6o+07FSmsMA8tLs6SjTlCrc931mpI0Gv5l8IsjcNNNc/LQ 2484 DTXQXc5tlNy/m22Dbnt5N7veGyBoG/N30B/XkYx+7WKpb2AAnak3mVwruj13 2485 Nw3//+WYHHtV/Z/T4/jwPVntq822h4gNXDhq/fXhuoy3jEK9Bcv5yvDzD9G5 2486 a1qzJcLHs5fX1pk/5Er8v/zbdW7F/8uG67tmlN/lbvy/rJdW+zn03ZD/l1bK 2487 5/od+BtX0/+lmy30QfAZpQ58+4FJFoDhMBkA661dTlDrfbqek9dzDlpFdu41 2488 unVKA8zj9oSG66VcuESdjWyHg0F9o3h9SZTZ5rMxvTHykt5SfoG/t70v9wee 2489 L159LmjbrUmDr3LbJoc/W2QWLqonTG8d2/scc/2Dq57of9KFvdsVSbYcya/H 2490 Nug7uGj/7G3e2/u+Z7u93Xs7srAZzUYEHQ6cWLTxt3xkQdu3Z7S2gfo/+WHF 2491 lfzZfQ0kl3+/GlNW2NVHeT9qzPUPrnig9eQ7Hlb80MqLdQXRV+lv/PYHD589 2492 //zpV8dP7/72i7vPnh8Y5JElBnhcK273I7P6t8jAtVG508W9mLx28hv/dKuz 2493 T41M4rTnbUI+1Gn93Lb+9wf01u/dz/1w8mxl62Ynr57eb2it9cwG7yN8gA7r 2494 Ia97Q1YLzlwrhrbTbwDXtflvcwXXOtH4z+tR/K8w4IDkeVMYXNqjVj1c99N4 2495 C+/bX3g/HkP9PisfKtj6OqvnPusXCN++zYregBW9ftt6KxD2cD5TK2mszVK/ 2496 WQ4Gz5uahwWR2D0q9PI1Xa1i9ddiBEfl/NzkDGMSJv3YXJAC70Hr+XA5G9K/ 2497 7QIKPPJwGpgs1APzDqK5K6xwL3L3N42a/GWTQy9pKH8hMHXpvIVup4Yit6Q0 2498 RXW359rGhcxKh9x+/Na9xmuFdfjXZ9kGFytTfNEiGzWbTDaaTSadZsEzLVfz 2499 8fIyuE0po8pfyzIY/OHr4PnHd4I/fEOtHt56fGujxWPYKkybsBjdoULtnpOR 2500 /52mbTB1AuNFYBKx1fiNveVWUbb46xnMrEtOpQde2Qdsois+IO/MZvk+8U5h 2501 932yC5OJfmkKOWqfkFT86cx6dvPZ6vSsewVK68oZfwHwbDKZmZIHU3lk02Nf 2502 +Pdf0yxdwYrV4f9oSxrcX9+vZwOfuJf9nXgH1utFkzgfjWgn6uoV/960Jk2Z 2503 9qouXOiOaItJxnyzwfcnm9UjIyrmsGUhrSdd4QdVx9R9mwJCe9eZJf1ZM7H1 2504 CpHRIBnV5T6mqmP2emhO9VpzoUIMUK1V6mO/+lOHcn8+2XTxR4OUuvd72fvg 2505 jjqGNjXqeoVsZCVJm5fVOSk6MauFONRWe1HvWUvW6Pl8BAFxW+BeMTZr9bN7 2506 +/50cuDCHcRj7sP/ftIey4gtDVTQ8v29U9vGOnAXKdEL8uhSqN1D//dtQ//v 2507 a0NDFdDQ5cjrYepuvSc81AnZtOt1iP8bYqyxvdflNAQLd47x57Ux6oIiM8D6 2508 5q7ZCuq/sQMX0QV0iw3JGcq4C6BIv7+ezV8uaifHXsbZvE0OGslWIIHqf9Tz 2509 2W9avTrpee2v7FxM6H3U6PLclEiRDXBqy2xLVF8J1X53Id1pZTuiCpdmYFet 2510 hWHNhOsay/E0BOJaE2D6mFlUyRwdbZlX+z2DHwWt0lg3EOg+de8ZNCY68pcS 2511 x/u2FKqjiY2GBKvBBVgZVjwzL7Mku9nRt7Sb9x9/4bS1MaCaLm5ee/336znd 2512 q0Clh8Ht0eAWVinGUw5LbS7HN+98NLbBhN3O9BtOt4zRCwCnM9vDaPAxsNB0 2513 dS60sxMAMkb9z/UFKd6pi9mJ8emQtp8ihpdL/1bJvfMZFmfyJujSuenSfmne 2514 gLo/siCDln+b7uJiGx5QfR51zheg9TGdPQDsxFKkuiyiWIlIxHFaKRFXUZFw 2515 XWahTjOhCxEWTGYFK0WxPV4eBCKMWF7FaFqmIolZLAad80Xf7ihgokpYUlY8 2516 SxIRy7yKRBVGiid5GFdVpHRccZaFSupQ5mnfeKHmouJhlXOZhzxKkmjQOd1r 2517 xkski0POdRwlWRGzIizQfaQjlcRxiNHKRKdVqHJVVXnK+8YrwgrzCpNUMJ7E 2518 GLy1vtV80hqPrqld3Dyso/YjU0A1AjsQN41m89NDm+cC60VTHU1bDwueRKLU 2519 eaqTokhywQXD7yrJyzwuEpUVGDysVJGUvGRJ32Q5z4okLuKkzJNYRHlUqFLy 2520 Ms/DUrJUpRLbmatSMSaLRPf1IkuZhVLLMOaYgYgzrlga51mhRRzKqiySNMkT 2521 XeZalyrv6yXB/IUso0wVOYsxeIbfBajNpOaxlnFRlDnPEyFjHfWuKNVpWVU8 2522 z3TKwSQyqiItMHd0GfMiL6skisooYlWJlfUc6sCfVhV4uih0EkahZmDARJUJ 2523 VH8c5mERZuiGMwGeUFLoXlZQcQSuYRkvqyyPIg55UVksRBnmqVI6KaO0qISK 2524 Cl7ysOzrJUoZ+KkQWVJxrdOYp2Em0GOMJWUyj3iFHQcvRAn4rlfsyhK7kqg8 2525 kpKJMJWVSNIoZ1KA0XORaI3tE2lVajCTVL07LUMZY+pVmWOTMhABU8p1opnW 2526 mdJMlGlURJJVVZZkvXThEEQuFFNVGEKUQYw4LaBadJ6EIJfUOqlyIXkoVRFV 2527 fb3kEQsT1ZUQXX97FIQMvbPW91AuI9X6HkMkcVQJmWktQixdRjypUuxHkaks 2528 jaKiSsGy2Cqojl5xL3gVp2lSxkKVlYySXCVJKVjGdMJUmYJbKmIefJ2VcW8v 2529 CppGJgo7AE6BsiI5zgrB8xiLqEj/VHkR6iLNdNG7OzEPmWJ5Xsg0QbsUe5vm 2530 RQTdFSUkWWUYxQU+wL7zOOvllATaWWZZklZxEoVxjN3Mw6oo4zDO8yqpNI9S 2531 cL2UMu9Xu1LnZVZBmeSyzFVYSbCFzqFuilBBoeY6g27IylTylPHeXgoo/Ljk 2532 GgSBUYmjNIWeyZhIYWhS2A4piqKQmBpxda806yoT4OoszDVjRVkVmLoIwfMQ 2533 IzB/CaEiS1OkWKXol8NY6gKqp0hLGSZxwmPFElVgowuIJnSlzkPGK4atZ3Fv 2534 LwW2NGWpyEMYTMhKAcOZSNj/LEwjoQRMYlUlaJIXad7LdawslA4z0nIqzgvg 2535 h5IEOUl0wTS0GzgnFtDGMhVV1TsXHmVZ1JIQi6/8z1Hw6Rd3Pn92Mx2xqGnT 2536 joA1bcJRW9La2GxXG497r2hDqK6nzfcbdlGlSZpWIi8hhZAZUaVJockiphGE 2537 I0/Bv3kGS1QBooS9fMdgM9I4q7Isx5bnoeQROgDrV2QwQyi4gsxiUYBrsl6d 2538 SxaUg2myjMdRlJXQu9hhnkM7hhEYmklWJil+z0TYLwMlEI8SEKa0yKMS2imT 2539 ZQisJWGqsTzSnkkWhRE4B/zUa4uyEGKTpyTMOYfWCvMk4jCxsP08JChVaJWm 2540 rKgkTHe/PEowJwxXKdKEyTKJ0jzmQlcxC0WR52BI6C0woayyNOzlO4hPCVwn 2541 lIINzXJYEpjJIoJwJwpqB6YghFlJ41Lp/l5CzLiEJGmm0orlKgc5StgRKRWU 2542 OOEjXaUxNLLmOu/VmVBPsUx0CLgU5UURAbflMs84iF2FHFi2KBUUX1GSuunV 2543 meAOBusBqyEFBLAQCYythOarpIJRASxSWcYirqGuil4cJSIFkwTBlhWwGwwo 2544 MFmeSVlIQNJUw9sIWczKlEcxJtc/F2DqtCsh/Xbx+w27mHKIig51RlAFsKBK 2545 wcYheBloBczMgBuSHPoq4jztR3OZAtACyhBAb0pKIEKeAKjDrOYwUZhiVgCs 2546 QlVBn+e9EpRksa5gA1IGi5wnGaCs1KmMsGmsiLMkzjIVswzIEczda11LSCCQ 2547 BFyJogzTkidZggVKrAqwMqw0i1UOwYYQyTDvxRuFzosShgPbCSnKJVQ1pC8i 2548 pR0xVoFxQkgSpBsWIO3VuRKiJ+O8jKGwYUIrdCfwD3FpBC8qYnBAJKy9qKD/ 2549 WS/XEmrHsuB5xcBNcZpFeS5jwZWMk0qWjOyLKkvYmET08puSYQm8gtlGQIYK 2550 lCRjpGC5gdxD+EAAllB9Gt4ESNSLOvIMqIOVZcgkgFCoRZ5IWGbsV6UqlSX4 2551 TeXoUSVAIr3SLDlsaAwfAqoJkg2cAi0HqRMwyQm5JIxnuoKVSyLZiyzhHkIN 2552 xSEMOiAVcE9Y4BNikwpbC46tAJhpkIwD+PVjZYD/lgRtt4vRKM2aNlfbxe+v 2553 YRe/v4Zd/P4advFPm3aRxVFYlnGWFmESVWCNKiyxs/AKAHRjnaQ5BxMnkFSY 2554 ml6LBm3As6gsOSRQZSyPEnhkSaFyCgDwGIKWQTVkcRpBg/b2gs2OdUqwOM2V 2555 BurFZkMK0xTgDJBOAD/JDGoOuLNfw8gkggehEh3l0JfQJhmcs4TsIxhA6CgG 2556 EDfbDkOb9kpSaRg9ISwmioxYTVYE6CGQIoNLlRXkJiVAz1UY93JMKLiMgEAz 2557 UeWQxBhCRw4SpBCkjqC/JTnGIK0AkOj1XUv40BmH88FCBnvIQAMJ7xF9CtjH 2558 ioUxLD+8X46fslce06iE88/hkWMCildhBSEAcSKgb4DpUlQJSJdIplXer2EK 2559 KVK43nmhMFbOQi1LFUIvlGCaEKAFsgXdBackS6HCevUU9LRMYZEkXKgC/wFM 2560 lwmBWxgTYHpMCYCcw90GkJW9eqrKKlaGFRwz6HqgeCBvDedPpGDZnKd5KHJQ 2561 qgSuLope3gU6KnXVlZB+u/inDbsYw3cAVoL3n1UcDnlMMDvRFBvQcALBbGmo 2562 wT9Qf1E/3oiZiOJIw4MRoYhlRVYQZhW6LwGa44CbFbSkgGmC2evVc3CpACgr 2563 URZVDG+64PAzOTwseK4SDgqAVQV9zlOeC1b22+gS3wssKmMwhnDWcniuUVUA 2564 n2J64BSdwf2TMHBwZXs5JWGFiqqY7HLKgOpKqPxSwUjC/4AhiJTmGfklIoPx 2565 7ZWgAoRJEpYCQHEBXwqeGHisAhgC2Exhm4HqInLeohwmr5dTdEiuKYAbRA+e 2566 HQQyBFKXGsuRvIAMSaC8FCYvC/v9olhUjLMiIwcLriKeDgEuYekT2CJMqcoK 2567 gE4oGgbHr5cucVRVCosXEYiSY5cSgBQZVyXwLamEErAFAgYkBAvbqytToHSe 2568 JHnIGVQt7DFPQgZtxeBEA9/CeY1ElBDIClneK0HoBQ4wi2COhQaGyYUCZiii 2569 UMARyVLYXXgGItYhVF2/PyOBqJVqJGS7XQxHLGvaXG0X/3QNu/ina9jFP13D 2570 Lv55M44KH4RBpkGSHHZLlVDdytBIQJ2U8AIAgGAcBUBS2CvVELkiKVKt4DFw 2571 Eeo81llZMgrZlBUDtqwA+9OQUCfctt44BbzOUMFdFeB3qEXYNWgLSDPUbQgJ 2572 h6NTwMQmZLL7A9BwWwsVFzENH3HMrNIw/WAXuMSxLjSHkKYp5irQspdjRAqd 2573 BhMErJsVFMVJIiiUrIAihlWBos1FojhsHTRE0av/KzAv3KeQPL40gVEHOY1Y 2574 lwU6gbkWMUWuBRBvUfbrhlxBdAsoe8ybxwI+AGQRk4IKZaog1Qu1E8OkAEr0 2575 yiOTAMgSQgnaUuAzgbqDh4+9V/Bd4WuKQkroBcXDTPfOJc1YCc8/iWKgffJc 2576 GVAyNDBxEfgkhrfCmUK/MDdshzxWFQfUAl0L+PBYClpXlc51pKHAoPxlGGYy 2577 BBqHkPZSN2clvKcoiUqsieA6gFmapQoTzMMK3oFWJSwl9Fea9VqBElzK0q6E 2578 9NvFP2/YRaZjIgBAPrYZvh00MEiBDSVYGMMOwREECAo13GDZG5+A/eA5DCwQ 2579 WBbDFQI8KaEy4UWDTjwt0wjwDDhVJHDa+uMTPIVjWsiKM1FiI7WJ22cR5Civ 2580 MnQKCwn+gQQkO84zVAx0k1KwMJaMQnSJTuFjAQIycB/ZVqwMEl1GdKLR73WW 2581 kYxjWC4ewXhkSqgyBJSisxlgX6wtzEqYXcAXiEEvsoTViBn8nhDgOC1jCuAy 2582 HoXYahiDpCJ/rQLiCyMW9iOouEp0TgYAIgctVEboAGY1koKlCXx0kedAnVkC 2583 W5eVvXSBpS+SpIqqRMCxSuEtc6BsiDfmlUVQfoBxYVjRcRucvn5LD+5OYFyB 2584 /GHZwJ1xkkogD+DEkoXQwZAK6CdiiH66RECinOAY0BTwBlwHoGMda42lgd6S 2585 gqoJIJpmBde9XFdg7bB5Ms8pYM7h0gCMwqxi58kVh0fLBTREmWVF3h+9lxEv 2586 k6qRkD67GBZNm6vt4p+vYRf/fA27+OdddnHru4qOgjyDt5wARgGsA27Bm9Jx 2587 ofNM8wrOfp7QsSvIVvIMeLzXEpEyY8AdGqogR8M4H3ReRtCMV6UJUGMG3Qr3 2588 vMorTocFZZTlJTSqUnAyEllJBRcA//TqQ5nqAhYXMAaqCMC3Cpvxth+91l9v 2589 OXptpkqvn6ofNX/h0TdDe98lvUrxkP6zpQ/fRZMB+KJJJ/n2g6Vkwzprqucm 2590 f5NjZSp6tr573jXovmoK3n6ZAbITkM4rID/gl5hsXgRLA78tk1BNcHQ18Dbc 2591 p15JVQxOMYMUaZjdTGaCN+O1tg/jaVlwlQLuA/3ICppNpWVewYRlFFsGIIeF 2592 AGjB9mJzescDbKoSMs4JvM8ylnFhCNebn92iiHmz3GZtWlNyGbSnC05LYgar 2593 mRQZTKQEL1cSujFKk8KojwS4icNsQs8l/Y4PhB7WG8hEQglW0BkDm69tKjz/ 2594 sTNiAWsBgwTwXgJmwAHnJWyRjsswBmES2E6MVQJfV9DKvQo4JpekEjC4VaQg 2595 V0nRHvH7zogV4QgBtQX9hv9HEmYmBgeAISRj0I6gcZJqngKLyR0JAhEahFFa 2596 JXBWwD1i0M3q/sdmRA5XEcAsBKLD4Mp4pwmFm7gkOBRRMAPunNBw4vvDrMAP 2597 cRmrKq5SpSkQWa2N+H0zIsBsFseAsoBdBU8YfCuuyxSYWxXmUJzO7xVc4oxO 2598 rPsP9oCsNR1IEuhQdKjpcga7YmXWCPwJoxHFvKxieJFJBSyo4Z9KpXJghIgJ 2599 GGXMK2F52usuAO5lXCY65jJNQriVfsTvt4wIIsgUzAkYzzS4E44KB9rCP0UI 2600 QB2nZLNBrwhM2O9GqjSE4wgFGsu0BK7kzRrbomxGrLB5JfwWnpfwNRQ8EAh3 2601 CW0P8UwoGoYdzLiSZSnTXqoqAQeoTOBU4bkMkLC1xo0RAf3QoEQzYAjgHDgq 2602 Ja8kgE2UwoZkHK4MeBybk8reNUL1JJQcBBQNmwF6JQOXn92VRsM5WQoAT+de 2603 4DMNLE45L5AFFeK3gsFXCiU8HQmGYv1BMqA74EBgiCgvBXCwinLaB7A5z+H/ 2604 pSHTKbAOQDFQeu8Bn8rJZ4yxwyURHsozyiCpUZrRYYLMYqjgZiXfd54F/Fba 2605 HB1LDfdeQ17xNDxIgXnDpQrRD+YRFZhhFfenqkB+gDMT4NJCcJLAUFZVUoLD 2606 tcojCrNp+BPaaMaw/4gk1KAlrG8FFtN5AtBK6V5Ad4wCY5RxUwyaGo3OphwF 2607 WaLN2RdwB8H9MuUAmtAXUSSzCqTllFYCyw6tCW+i/3AxrjTDNEWagHz0K1iH 2608 lwV5vznnIR7O0ypLi5SFvZCuEnC/CKpXIslYJqo4xrgwDWEOfiwSqHuuM5jF 2609 PAYq7rUQ+FpBASqYtYxSF2BywNyyFBlEGfYDzjyGyCvFC96fGFUVQMOZlPDY 2610 EyCuAshGAIkVCeQlDIscviS2DzOB8ewPGVI8DEacM0YhvjKhBIFCpXReLkOo 2611 LcUr+gOKqQr7Ew8obAsjFdLBVSqwKqgkIOU8LClKjI8ZTKLQVYFd66dLnlLs 2612 CXoPRgWaEryfMgAHriIILyiuFM0Urgro0gsXaE+LDBxJzJ+oOAlz4j3BM6wQ 2613 lkqAwBFlQnBWFv2gQ8FvEeSw5LQqCo1FuZQhvLUCeyuzkLIoyMHK035XPKIj 2614 XnCrrGIBpxBLAtPCuU+UgHMXiiwUacqkwKbB+erthUZjLQnpCDtwC0VBsgyk 2615 LcFCvJQADxRdp8Qj4BcewyUqGGCW0phLL29DDqoMjmWlFYx7FmHbNWeUXUOx 2616 URYSXCO5EWqHDSvQjGML4A9AZ9FfWB9koaqA8nRWCAVloMHnkN3+XuChwd+P 2617 wbtZWmqoUjqHhB6DRRUK1E9jiu+npTk76Q3KSJ6JSIPw6C7XuSIgUtFEIgV3 2618 X4V06Aw0hM/STPVqLyAwMHMGrwMaGPhBcnjF0MFwm+GOZmSOJAhTApeA4v1z 2619 AZ5LqhiUARCCZ4tt4RTgQQcZ5RcAczGyn4AdZa9lwa7mPMsVK1gVxhgR5BBl 2620 DlIBSVZwuBMJHB8rFUNH99unJIbdgWEhZVHlIGZaYlfBQSqRuS4U1HrIKMeW 2621 ctR65SxO6NQH0gSfvcTCtJE6IF8yDCkl84bQAQx2NI96ZT6GiKYJBdFhBtKI 2622 hxJ+IdiW8ZLyMxkUPWiTVACnab92x3CUotWu9PvH5luDsxVPIiWqhLJFU4UZ 2623 J1A1sH8aCkLmCSQ71OSHsKQ/QUWRqQKpYLyhg0poAEAuyrAyPg6YSOiCKAcb 2624 HfZiZ9gNpYsYziw2OoRGSlmsQpaBCSWYq0yg6ToraUk78HsUhiwVYFu40DGL 2625 Ka+11LCRGnISwziVkTCoTgkV94dJKGOHHD3o5DJmocogs6AJI4QEbijB3JGU 2626 ZPD5jqNWUWQKyknBjDEBLJgSyJJhVcCclRmLC3hJVL238XNEmhHcAalOoIbB 2627 Nzkc04ycQpitMo5VHsOg8DSNAZPSHQfPMtJlBlQoYpj/oqRt4NCBIa9iZkwj 2628 5BL+bgrx7V1HGEKiE0gEBD1XCYVyYzh6JVMKa4AWzOGcbnM57/rrUseLxYpT 2629 xj85nNsuJrQvCd+ggg255KN8UJczrruIAJ2cwnSknLHHYVxSKl+Vw0+DZpJx 2630 nOgMopuREuD959kR2KtSOi6AaSutZY69EWAeEWHnS7gIiUxDOlivoPp7nbBY 2631 UaKEplNfPBBR9kZaFZRwy2g2pYS7C7c3S6Bpe5kPG0UH6RwwGTPmWRUlVQp/ 2632 KYdlT2SVA/uQjShzqXR/wYCUScIhwdCpMKYJca/QCmwLUYanwrNEAY5BhVRA 2633 r/3uCDa+EnSSzwGVImhfXsCnyJNSYz4pI+GoKPVcxDsybJWEGiPPjbLfoGR0 2634 ThmpoDmZKsaEyWnApGQEhd8bGc4oTw2eZhVSpkMSweLqKiF/C2aURWVRxMAS 2635 5J6DV3tVIVzaLIJznWvKBoALpSJGag4gI0lzJmHeSU/B0YHD1rvTVK5RMDo+ 2636 p9TRkKmkojRfWcooZpEA6owTIMwIVllWvXukoBiJ6ZKsAodgDQqiJDS0JxV6 2637 0IksmC4FVJWh7j+JgJ7KyqQtId2QRlFmCTiPknAFjyQ5g3AKoFKLEFAoBswI 2638 AR1kwTJKre+lPhySimH7YTm5inNFR/AyovBjoSUrcswCXWNX4Fj3mggWZxFl 2639 t8GTYDxK8CC0MGGXFF5XyqGmoSLhqCuYmqQXlAO4cJhfAdUONA5RB74WFFAS 2640 EfA5/tF07gxeh6ta9MMf2AdFud2U5gF0x4DgKwkjDQ8oQi9QuwAdGgpBlv3R 2641 N8rWgnJmVZmXcVrBlQWWriAkYZiQ5QQn6KzMsJNg9X7qcsrn4fRUnsN4FWBr 2642 CTAagrfpgA4eIFWaMPzCq/5sVfhJ0DSxBAnDQiTk0eGhDAJXALhA8qnoCGAh 2643 JNesP2+EjAx8RVmkFQf80CkdQSWqMJ5DksJxAvSnMg54tb3UzWA+4TpBpnQF 2644 TRhTKpXIZVzB0SfbDtQJKAd/WWT9OYgChg92zhA0TqIqBJyD1DP4oCmdYVbA 2645 e9hxYE8Avl4zmIZxInuiojsv6fLBnjUjfRRQVj9cU1FAHAQF4CUPMwbHm3LB 2646 oOvB5Bn2Dk4WAHqvXoQehLIAnID5ykjlqxSUiSGKQNIwsjBDKTiSYT/i/ixa 2647 Qvzw/GAemICKLiE8LAc5YKghl0Uap3Ci0pDCmWW/BSzISKBNnJewpACaMdVt 2648 UX6kJlc7JvsooPR1klDIto/SIAKmA2pDtUeKl7miYhd4FFWoKbFVx9AZpD8q 2649 uJi9Kyrh0EBVpBwQi7S1pMMtcL8EjC5hLyiLVEfMFMH0AkkN9RYlBYedKk0k 2650 FZJJZQaw6VS0Ai2WUSocj1QGlNmLDKi4AXYulZyOW0KKWcOwxqLKhKZMwJjs 2651 MkAQXPt+KGiirIDYMexELiv4ajkmQmdnsojg6WrsDYAdJdXuOKmJYgySY9pU 2652 TyLolC5J4C5rpgQ2ipLumRZMxuAj2V9LAdULB4dybkN4wqbaTSqAwxCyJkRK 2653 YK8Abi80h4XeERiBmS3q4OSGhMRpynlKqX0MfheDD1VF4CpGWcQSvh6Mfx4W 2654 cQI0Dfnu1a4w8yJREeZLCh+6NK2EhCtHnghMLPgiD0uIjIp3uKjQMhCMGHpZ 2655 w1kHoRKoRZUXOQdIhL8ZUfa7ruJMAwf30i2HUAHGACJC/ZDXDVWKecVSZsDG 2656 VJEFUwAOkXLXqSelawJLAsJUERhRaKahYwtwIUVrAVVD4IqSMj0o16TXjrKI 2657 YmFhUsCaYgEMTE558nBRoS2gbSknGzZZJ2HZH96umJCUByfBl/Ay4ZhGWaQp 2658 LCBVCNmjXGL0r3MFjNdf+QQ3BAAuBEPk8N0qKjXNS5Ym8LbyPIro+IVyMtIi 2659 Lfr1TypiQCqSCk5pGMCWKZ1qlXC3CkwBHn2epYpyHSSQY3/+jcbGJrGqIBMA 2660 B3AHEpGVOQOBlCkeKSjeCwuLfeu1xpSlnoJnqqxI4WhRQZtUxuHPE+xKmcKG 2661 KZgjXRbZDqsDQAVuqg8xn7TeMHjHnU/b00x/LcPWl4Pb2uT2MWbrVbr0XuHj 2662 BZ907hSkmlxYE9gkzSliX1BdAiUZyhhUhHRng/oV0d3nPn965+7TITx8+/3F 2663 fCx1+3vvjyWRa3HO3xybcvhuC3NIvtXcYkFTemnd9nNZ89XmQUdGFTwZxWAA 2664 OyNKk4lkmcYxy0WSEfunUaQpmAfm6c8h5VnMygQ+YgXHRwqo8q1TfGTOSd1b 2665 pnvIfnZsXujc/aHzXDiiJkUXNoEqVbMIgk1niQLeesi5CuG1VbwyqTn9wT34 2666 ZSwvYFnShIKgOdeMkp6gcMtSCAlFDXeVw/UQ/XYLoK+g7GBoNPhFGDgpw6oK 2667 YcSh1BMD7yLzvvjFkp9fdNfxjC+De1oELAFgvxnnN5MoiMIoG4BRj/1rwXva 2668 JzfDpr1Nn1h7BO1XU9s+XevfsPP6AEfBo5lrn621r/epO/9vQZQbr+heodn0 2669 xs0gpPudbixW5+d8fom/b9yjl/o+m1XL13Q3wLPVxcVsvrxhWhm2Ph4raual 2670 wX5zYW8OWuCbr78xn9TUw0ffmn24sTym7yFkLMwzKFN8+ta0XaPEtidYRoWF 2671 9RNtWm8foAhbzQ3pmvft7HgQmqH9oGdruq+AVv3V4+xJ8ez+s7vF73/7++LJ 2672 3XvJp/knj37/5e/YJ4+e/T67/9XH+Qv24F5xP37wFXuUfhznTx2F6p4EX+jj 2673 1XxC3V0jZ6T7dDPlKT+nBdyw10Y88t/XM7dSSC2+fJDnyZP40b0y+6pMHxSP 2674 yhf37915fo/denL/k9/nz39/65Nnt27fv3c/fZFlX96K2Z1Pn7/Injy/+5iV 2675 n979Kixe/Pbxo/zRx4+f/farB8/uvrhVPop/9yh59En8+/t3vnp279Gnz8Iv 2676 79+/0VD6XC/PZoZLvsSP/cLHswyLmCV866TzxhoxdtxdcMO/7R4MN57RnUu0 2677 bWGU1J8310tQl/knz7/6NHzw5ZNbzz79+Pd3Pv3qVnTry/T+3VvPsXlR+OJO 2678 ePt3D24zdu/Fi49ZeudRlnx5/4bp6i3+axnZqF3q7PaLR1/eyR5/ee8JYw+e 2679 stvY8Qf37sQf/7b45JP0d19FT7M7+e/KBw8++fTRV1/dz1/89lHmiMLP6XoX 2680 6qOxEW5frYloviLjcGPwFkp0i/geBTDvcP0B0Ss6kYLSAwyiiyFiE0PjlCAA 2681 jRaSdwQA1evOxMARnGohiyTlKTBJFoHxqagVzppIyijMCob/F7zsL9LSDP6G 2682 zKB4KY7DKOElS+gEn8qqdZ4pOFd9EVz4HqVGmwz4VUUp5c6rpADKyVWYwh8A 2683 vmAZ/MjM1AX2O1QyBaIvAc4EnFggT5ZqeEa09gJ9ZQzEiUKR0z0WvRAtLPIw 2684 BQTOZG4K4ul+jQwgGj8gJZaUhVFv0pC/Z+hirukFuWsm2+zhWKzo4+NpfbLQ 2685 KoNmW9p8324TjeLBRmTXk5EwoZI6kZyC9lRjVLFcUn1xEUe5BqOISAKv5krt 2686 iDvBu83jLEno1gFSm4BvWiRU2h8B2jKZlHEeR4USVFay49CzhE9fwdEqdARI 2687 qiR2MKK8CbooQDKDtTcicH4lFLKlQgu4MWif0MENK0QB71MpAG1yIWD1tQSi 2688 SfiODHNdCpZUjIoyQxnF5ASUId3PUQrKOiykhphQAW5R9Ge2hjSFmKpFSroN 2689 pqTsqCiDy6dZBK8h46HYjo7iff8yoC5DtNBR31GAf868Cqkb/oclbeVseopt 2690 4pDE2v0ekVMVFI2gWLQOAXh4FFN1Hbw+FcOj0Kaki1dhyKnmtP/Ijc4NcyVC 2691 XuRE3CKBxkgolkGkp8L4HG5kAjey2lHfI6joBJhUc4rJxFURF0UqOTx4yeJC 2692 J1WxA396Uryi+xfHcpPEPQTQWUblubKAB5TTnT8i0wLuChYSw1tNSsrQpuP0 2693 UJT9SeV4uJClVpFQGigbflNGzr7MqCpCiQprEjJP05SFvF/kBLidwlgANpWK 2694 IXdw0kESntMBjY4qph0B3B2PJtHW+kPuPrme3E7TcPOq4K20bB4AfJN6Ya50 2695 bxNyzQXyhGQJdCy84gzqlurXsrRM7JWom1qqUWOsX41xgDsJ5A79ran0Pyqh 2696 wlkOAmdxJqiKU+iiBOvBOwh73X4oLzCuxGNRRHFlCbe/YByKAw52yRK6RCCi 2697 GHqZlzuEXxayEBpePgxgJuDPppzST5nUaUn5AKyHNe825LQybF82Nq3G8/PN 2698 95P00kLoUsGdVlqGVA4Z8UhBKmCKRETpChGTWZZqSbFn1p8QL6mchG58CSNY 2699 MgbnrioSXiZ0MIPeirwqMireLIB4o/7wvYD5Y6FI6N4WyHUGvhcQ/gpAuYwp 2700 NtunCKOGFh0KtJirm9Fer79hlzb7m1z0mv/NjYc/+P2TzVg/Vc5uCYNDdZi8 2701 gN2hbNUyBckzTUV7/UGrLKZbmBKdCnAg7a+gu48UGa1UppVIubtz+SgIbw66 2702 r35pLwoYiAJVBcV14VEXcQKEoysdUy5klEtoQaHwJ8Q36fWzeQYUVEm61gMQ 2703 jy620ZmO6ahVhCSsaQ6dl4RZWlFAvVfNQR+KvEojkjzYirCMwIpxGNPxfUkB 2704 RXq2dfFzJ0GW7o0IqbisYAo/SUHZNHSAXSaawYBnWFSS0u1ZaUEXYfVGhjMd 2705 qTSLlIzjEOJNtcWdMb9vj6kkxB34BaPFVKsNPFUBKVdUt1pkHKAbEkGljpxq 2706 L3sxVVYlKd0IAwoCBWV0KrC+Th/JgQIEqInTKgfBqWKEEgKLqKgowSOEMtSC 2707 Mi10qaXMYtnLiGFJt9gxKL2MV4UKw3Bznc2YIdB7rDDHtKjoEI7SEEuqzKUs 2708 GhFTEDXlmDxl+vffagPjH1Z0ZUZagjEKTifU9VXbG+mYPKc0TCBVCcgvihDq 2709 BdhDlKEEUC8ZL8ISsEEzsJvivcYTPgZYqajo3qdU0h02MuIcuwNW0TFLYw0T 2710 Dc8hTIAE++/jKSuYcg2Iac46c06JoHERC6qeTQo60q86a1lLnFMKZGEqoZNI 2711 AArsFp3HpFQpDAbNK+iUMBGQm4jKTnr3LAbuyHkS5wx6FfBLwX+iq3eSFGxD 2712 mVZJxkChGBSu+tM5U7gskuq0KeyFmaE9RKyiRHtADQ5iYwbuHvWNJHS4YwnV 2713 CcZUeA7qJXmu4RBoQaZYp1SoWTLYPoqN0XWJvbwAQIRpZjzXWprk7taY36+P 2714 CWWgIM88DPPKXI8AcxvmiopCwP4RNC74GXafM5aI/rMjIJEK7i+nDB5ohKTo 2715 rrNbUwKOJp7PeEHV4yyEtucaPizdqASzCxOQUW1sFoPurBdoZFlcwa0J4ZqC 2716 3YCqVXed3TGhcOHOxlGk4kRzukEErgXkDUyfw8STVee6qADHE91fDUw6IWdQ 2717 uwBEoFRF5mjtLvxa2iDbIIng2K4yonTMUKmY0xU+VP2G/5FdEyyjWyehUPrL 2718 JsokVBJakPJUoYEIem2M+X29zrKEw0c5q5WWkB/OhUmIUVBFOcwsfFWsGGwq 2719 4h3pqinH7GIFnZMpkcGmYj9bN/CvpeaVlCJMp6miVDFdSwMy5hEWyjQsBAdL 2720 ZDqnRBQpWT9tJZ0JRXBCMogxHBn4QFSLDO6ndNaYLqLiKagOr6Ds92lKBkMv 2721 wEYR3V8IsxQDNZJwV1UK4wH6AduHFK1mSf99TSxORBnB4JcmTZVO9aBlMpiB 2722 hC6cTCiuQxU7cYx+e1cEQwC3oixybArmI8nrgzGDvoXvAm8HyBDInZLji6o/ 2723 SROwQYRSAUyEwH0FhLOkvIsKbEv9qDxPeFhFWUkJeP3VphXl4nEMhNUDS2eU 2724 9g+Vy6leusioJC9MqyShO0b7iwngnImQcrJSBspAcSToDLudhOQq5WlFXiT8 2725 hzgCkOulbl5EVIogEkqB07mED0pn/3D7NGw6efdpoaG5i4yV/WeddJ8QwbqI 2726 M0U575GEGuB015dZU8USSfciVBF53P2JtBxTwfcp9BtVoOd0dxnclVBjlxJO 2727 d+cA/WMfKdun1x8vGGX1rMlIJ+kzBPKBj0vFQ9A2cUVgMC9TbFxIoCwDi2Ed 2728 GtYM291LOTgLZQGMS7GQkMdFFVM5DfwoDgQhMthZ0v1wDBIQo1e6GdRmDM1X 2729 qizHyJqqsUVM2j+SeRahu1ABozGgIRCvV//GsHQQbWhCTdm4QgLxUgZiFsN8 2730 gp5YFnRRpaJY95ehFYUWUDNVShlbMNkqDWUsqaiRri5lYZJKQSUAeZSw/ops 2731 SrujKmcKQNIFrimPILRxkgDOk6MUC6o7TkVZgk3703oFiXquJMADpdUWlJRR 2732 5SrN00wBzEGF0NVdFd0F0Y+2CbQwnWrA45wyLBXFatAhpaxnMkwjutWrinRF 2733 q+2dC6Qd1jCl4nKAe7oBgQqggFBUCkVaUDFlhSbwLahArjcaSFgMeIJnzFTh 2734 KkZVHRJuVczzWAI6RwC7AkipLPszLKuSdGpIdwVBw6QMGI1yxkIBAQ0LkCvX 2735 FOCloCXfEeA1MGbQfUtMp8wQkkj8Ai1HfBTH5MxBywEQcAHDEZJHDgpq2LOk 2736 6Nd05KQkkmwgpSolCde8zFiSyQpORARgyktzTxVdBtCrFyoYTrohJNUM2Bpe 2737 Em1IVlB0RNItMTqiO4bX1tIqYASWA4rDAtLKnARTWY0pw5dpBJFgABqwrYqD 2738 r0TRnzcJHASNwalGSRWGA2VKIkeX22oJ1yuDgqJaNVi1/jI0TsnsDOBWyFKb 2739 O4ko3geBK8ipTDN4O4P1F/DUK8l1EoH4jGfoojJ5owC18EYAumAcRQSYkKUF 2740 yMmKsj+gowGc4YIDBFASWilzuheygLhJCG4JX0eFQtC1JCHv31tgaZkAYeck 2741 ReA+AjZZCl+absyhm5ZC6CvvnrMd7jkmz3iZU9J1LKjGku6+BIElXfBBt1OX 2742 hD8J/xLD98Ikc/VcKLBBHELCNRaQwmxRQR5sWZHGEQwqpAf4OOoHlXC/yioq 2743 KeUwJfAC1FJSsiZMRSwoAZoS6/rdc7qvNgayLaigBbOOwWsUeYhyKjTkZJYh 2744 oGmW0yURvUbBXA4FVELHELosCjr873fPuaLMdZZnMMEAMPAogbagYwm9R7wC 2745 ns7hvnAg3GzH1VAKyEPRnb0xE4IB4Fa73HNWxGXIgOhKuqcshOEL8zAiAJ2y 2746 kOwPhcMhY4AiYX/SZ44HCuhxoKcQViFhapd7Tnmg0EAUpIslnCEgDQ2HNQT+ 2747 Syn4GoOsYHwqac13XSIEqcmghGUsFAfyjHa55zEFNwTIW0UcoDdLIaqcMuIp 2748 NQaqOsasodHKMhJR/0ViQHQ5QAB0WBWCmxPOE3AA3fpVEnPCxhL2AH6gRJx+ 2749 wAcPpkrgjgEh5HDNYXQEXeROgdAC3m6IHdnlnkNcmbkzBlpPM8BG6M9K5FQ2 2750 B00I0MEzIQSgJIyY7D9h5HFOZ5yK7vkE6fEnWA4gEyo0pOT2mI5QqbwMeqC/ 2751 ihhryQoQkFFhN8SVrlGiKwwyqaIiTAtTHtDvnkNN5TmP6GotUf1/1Z1Jzl3X 2752 dYX7GsWDW3HDxqkLA2pYStGJO4F6cRqnlBixyk/RghG4EWcoaXgEGUSGkZn4 2753 W5eUZFE8N0B6lgSQ1P/43n2n2HutXaw9hArVDImj4PLjYoydahJc+oh6DtWU 2754 2CVGNUqEzElG+JaeSxC7dazdMBgVFeQ1W652ZKsGKyXrAoAQA2z7TdfTtjor 2755 3NfBhbQu+zt6HtgP6fUHECnnbAA8amxGbciwfPauOfUYuejKPHeJ4/86pmQ6 2756 VfmE6FTseabnkpiH1SgHFtVUEuoSEtwzTAHSrupWozEOmLTz0IOKCditAJB2 2757 1e5K3P1Mz72QhMSc6pgDqLAqZ3pKmKSDRIwCWXxbzSjAMB59AAcYT1/kodOG 2758 JbZ6R89BSCO5eXWIYJYtvwRsd+1YBVz70hiD1NnrJQH7IyyAhl0oxnQoD1/Z 2759 3dFzgF7vGwjV1IIAq42C1qAhA7+FUW6Jse7o+oY1nS1BdVwvqY/ANIp4l8rG 2760 XUrqKhgsIherafaC+rWON1kEMamwF9YgIX1p6wJgyjbSW3TFqWetK2TrmjsL 2761 fs0mKXQeexUWzogHqepsJXV14gKM9MSAKHjzc91CCyx1UnALtrqbV2t7xZnE 2762 q5khS2YQaAZ7qNChcylcBB+pHDQKhhkFbbEG+GCBizWDVEvV1hRUgX28obrY 2763 dWxVdEZA/gYHDxkKp3wFV/5qtDHqbFCnzfEblaImnZDDhktJHj3hNDFwGXun 2764 /qpSIbXuEmFKR5DVBvQUnqIkDF8F1rSN5Qbi4XkaMEZntUCv8DI3b0hmVgew 2765 4WUi5bmo3Y3FxviLnkHVZu2ae5HcjbyVJL9nY3+DykeCsrWsqzHSnJlslRtT 2766 TUyTkzfmudEDg6AOxDM953D3na5mnB1XeacfNyb7ODTaxKeivt/SK6Y33YSw 2767 OJHweXU5c7FstUFvUNbOGOmrLEh2GqwuPHD03JdMeHAQlc5vhswRN6VLCx54 2768 XLJ6J7IoTBtnqFwukbUKoVb4q0FCgZZBPWDT+K6xE3WW7JK1QLVzQ9tI1Xg4 2769 mVqekhIL8KI24vCipEWS1pxcVmx0qXIc3oWLBkLdktYL6i+dDWvCkjr4FXTG 2770 xktzflYLK/Y3nfgcxFwlQ1enpiiogApwNE2epfODmLZ6k7Af9hw2aoqGbgOD 2771 yxAi1U1U5U6ii5yp1qS3sYcObRczOO4RttBO39UxnhaUPFaTi4R3AhR9mLnw 2772 fKMD0jz25EyJBff7GJecHLRB9Qi8bYINDHWC84WUMc5clnxWtMgQoqT2eNwQ 2773 a5BrUUxoLs372T4Z9bdPqUnUfsZY0nxWyOhMz+EwGIYw8Iv4RCCv+jRV4rO6 2774 MbiAZS8tKdcwD2dhts2Fkuq4aqIVBrSSFC9eCkQJdondUmFQ20aCxOcBPEGa 2775 CD1Kg9Cw4jNJFYZboqWollM1/B093wW3HSeXnpsKEdUglG6W5Iyw0laaK7P1 2776 0IVbz1bbOC9ROQwqTx0sANVWdZ1VyCVwf+ErY7F2KUJ5Hr2D57JK52NgVW0F 2777 q+YujXSJD3MUstjcmZ7zxCHbYeW2vKaPKGbHw0i2UobbT7sxWTMqN35juTDG 2778 IMvGukmyXtnWC5wMm+DY3H21vSpUNNw69/AHbMGQWBLYkbWJCaag3msdGex0 2779 t1j67+i5u6HnONWyc2f9XJxeMouFd5nGKSinNsPoryRrrcpVHhdWCt/L26Re 2780 4iYddNC6chQuq8NWqfNlpImU8FTHd5GLahHm1XgOjLc6wxpQGFQg08x6SQ/9 2781 TM852YnjXtSa1ny4Qm7ctVRyxFvgGDXipXCgBwb+PHwMMwFCxrBN8HCY7cOM 2782 /Y/ouSIpNWmeQa8tBfWLOpVZKLbAdZXS5FxTQqTanrPblAxpluhi9kYjLu7o 2783 +XLWSISjqsVoaKiWgt1bvxYufdJ0OQxbH8oonqmyLRu7vqQBv1fN4cOQwI+z 2784 51JdC0HJrqmQDr5M2nhNqqAWp8Auac4TTkHO4xxVV3K4Wo9DKHte0xnO9NzY 2785 pgpPWAHkpF0hI3aVD8JhqD5jtNxwurBcdvicMeBuZ0WdZL2sov6tl8JKq+UY 2786 dM3ZNRqzZoHTNx30eNN9CYkM/ibPfwl+28mBdaV1rs68pef+oj7qCud2Y72w 2787 ucqCb7W5K+QQwYHC5dbum7kkwAsP3pGayeSrcyWwEnMMmU9Y/1IhNDZK+dVx 2788 QzCGPnHB34wmJJleYOpJ+lIQ6hVZ677v6DmLOSFV1e7BVeLbsKl4YKEMiWWB 2789 hbrLUmZbirKdqQUnN0RNG4jJKAFwR89jBj2EjDP0OJ+O947QXq6NVQQMUrsq 2790 VnloDMKNDsLa263iM5y7qRFxpTt6DirBI2iUmIiFD6CZshx4cGP0lYJRuqun 2791 4bym9xxdF+sxLxUUziBLNm6z5xIIUzlCH2qDDxBV9hKzwrJiim20ClH7UiQr 2792 f5YEEl1VpAdj0AQC5UjO9FzuOU5j2TlcSsepSAi6g6DdVmdb9ZI043tr6uSN 2793 3Ywd8MuZMlFd3Snc0XPszYTfcPEAXVhtH9Th5LEPbao6FtbSuoQJFbM+y1fh 2794 wROIYGowzQKWrDt6DhfzOzsNvBiqF8DuwakXrFYTX8oGqBiA5Jwa2HAMpfat 2795 egaW1TewFL/4BX3B30acjm2apISFKlZZmrM+/tWJsJ1qFXdQ6Nh7eP4GhaaG 2796 97VQUZj5rHjAefYbqQvc49JAL3NjEBXwMlGKZlxvD7aTzlUJyvWcAWmuQwNA 2797 CtTVwFlr3E5SkH2YliuOmN8lgVFRUnd8Ft+sMuZqWbXsnp2QYXCOK93jivh+ 2798 Wz21uVec8XnChOLpUCZ7CXKzkkBDzXJYSt2H6JyUG/FzCh65syBZgqQUaN3Y 2799 dvWkGYscKkyl1xy9EGQz1P/hNp6gH2+RltayjiGqRnp20GZJBUqMuZXoJwAt 2800 KDCKS3RnaUztMncVPuW3qiybUTkfGzeU6xoApQ1GVt0ptOIciOkStB+S1rem 2801 FfCaIkoSlgUJa1aJscOBhj3vew7EwE6viRg39Bz+jF+d0XJ6mrIcS2JNVko3 2802 WdM6tlTJFzcU2HneRVMkdepzgDTmFI3mEJmhDgWunargJJ8KGQzctXNfswmS 2803 JWlJS9ykvOf5mwojSf1hB9B2UuQSkmnseeWCFPQ7vt9Jjm5ecz5xj90XUA9O 2804 UOOQlDmCFNozDQW3BKWpAyhBReA2GaOmeAw1cHFnndHMynSu3Dl7rqhKB92D 2805 HeCzOb8r/FFT6NbMD0xK8stUTcw5d433HHIYFViMudXH2zrfTRBKHAwOpVlc 2806 echQwQodn0Wv8FmzT5JG1ED4g4bRAUxMknQ0NLc3dZP4kc+1ibgp2Dh/r7YB 2807 KcVNc8TUAxOsV+1m2ZVvI8Gp5M5hC6xG1zWJW9kXp7GCxuDxOCC4P0zKBpRM 2808 2D829myZJZQR1KANgIfUA7mqkvZqsgFWORcljOiAiiVPf/RjQVngcEfP4+B5 2809 L3WnoBmEm6PjrUahAsyz6m6TUe4IhJdyPld1anahXFHd2UtlxWEfa+K/zrYo 2810 vI7NxMN4Y+/UlPAPipt350NMypYkBUCTJktphB8mb93Rc7mLucB9mtzkpBhR 2811 NdpL0y78slaCLbgV5QMX6Pdc/buCquU1Q1ThYni4kbaQU31JhRKIPDZXHaTj 2812 3PW/rcRgB3+jQfU4DO+EtoxNlmfE04d8Q8+LcQAHQWy8Kl+mr2SbycqHaFDo 2813 4KBrIq73MOdzDZgOcah4GpBm1rBKTa3hMGHw1aSCR2GzMG4OKHcW6uOTVXDE 2814 C+uscfiBoWqq3oFpB9WasMT3DQHml3ja8erFi2ffXP12f/kKaXXmVjQGJMIC 2815 wCxBqkebB4xYafUa2n6N/Rk3XEKzlpzGcxq4Nfc+SKxMuFI1WQbvWGdJGR7J 2816 RqSznDbo46pF9Ww4RzYPQLqXeqBmRsIM4DenBqUAwIaZAT65tRmbDAwCJk9Q 2817 7o543SjxI6f6z3dBpo//k4OUVDrIIi+Dd7xOXpOMMBdnet/gJJq0Ls2hsxLY 2818 kHiU0mgyhwsPZRpYR+JdmsiuSM+h9UNtMF+2Fy/a4816vsb3SupXZ8bH1O3+ 2819 578+9vmfPuyNrB3YGgev0kNFLDHW07FNeU7djDY0DgPHgkNp7cZU2KVshcr/ 2820 TFCFSOOcgMGzcGNRySpQRFVkVYjreGzmANga28GGkj+Uug8fWmI0zXSbkoaK 2821 ARoy1+9sMPqIOQN8vNTb/ZR+m5d0quHDJTgDwuLyRQyqpESPBmPKURl4nIbx 2822 GQhAyVmhcihlbPwvoKYpTZW8+Rzw6XZDrbZmp4RyTWRdLvKpkTcCRq/VB2+r 2823 Sr6czo2CahUFzvWr0Lrx1JqOgteSJrS7hJCnRLVBMCmeDcdQLGUHjctQX90I 2824 6niGA1rNZMBJgC2g7Jr3rKGOx52WNJDNqoHriu/2IreuiUdjN5WOYpbA6k5E 2825 4VzI6nXEOiwSzpk16WgGeOUw5kptA4dVRwI65AD2s3xTlfsamv9yzT1yC4Dj 2826 Gi5qJakVNafq57SM0pzzfMmhDK2fZe3Ub6tGorI1yFO1H6owhLeG3JuGtiu6 2827 kpqmxttzQX9ucfRLpQ8bojrRxte7GvG8qgjUQaIhYFhyWOIZKuLUIR/cD7gm 2828 qEzTmYbmDCudxKZUTtEcbPKAGhwNUgTi4jCkDzpVmJ40XmtoI3McMXK4YUbw 2829 GzPBoeeOtqpmeTPfiUCpi3FLHV5JHPa1s5dldanI7ZT92TFjYJWJmhjEoAmB 2830 CRZlHVD3aiNPQL+uuthY2z7XKUiPLuxaNDDBeltgnEaCyxb+2sBqcIIBmu/q 2831 wjnng1bXIHhnlnUV2g4fyCLdu1v+7RqTy3OAXzRS5yzqg21KXarLWSM8lBBJ 2832 JbHcIWVpu0LKNBkabKajcM4lDxUAq8dhCnViADcWq2hOIxhuhKCUNU9jEzTv 2833 nJVIHBHsOjh7aLpHwVktuKsCWnUJJsLCm+TKgIpn8DuUHDu62sbTqFg/a7oE 2834 75l5r61iBQlldntJa2+1PmbrzsRjJ+mrur1KDGFrGNPaHbKInwxQozzBgBpz 2835 L4Hdsw6tkcB380NTJyZXrMeCFbDqCFKFOtbvoBfkfv54F0t6PK3frec/HeTy 2836 u9Wer/nB9JC/whbBD77JH7//Jn916ZqPQqZLVOl7aAsOfjZ/2jH8/xNo/N// 2837 /tNPNRo/fYBvpO2PC00D86eZkoK+MH/LanE0NEOXE90hjGey28LekH34LOcA 2838 kqTpMF7i6F5pQLha2Rwi1lUNfUey2zVLO8OXy8KPKx5klM5Q75LZWGVVJZYK 2839 rGJhz9WVLal81BSNDjS4qFXHlHnvvYPq1GzYFOA212yw8+j2LnPLsigo7iAs 2840 OKYhyKAhLhZLO3hWiSRw6s7F03OBjjm8rYWledojaE6y6UbKJEWK7yVHnL3D 2841 bN8JJksTODf1ZlopLRTog8Je6liTriJ0VH0o09lxrvoDeGqGHoBvSS43c0Xj 2842 nNegw9rFdSKIefoagFr2nDvfgFj4cFX2SUrjLgwovdeo59k4I3iYpUG8m0c5 2843 T8VRF9GU8sOoRR1IbopQas8uGQZclNCvSixv6mhhe6ohKa5ZjzcB3eLluhvc 2844 MoVrAVfqCgPVc17OyNJBbJb94Y58qNIIy8AFdN57g+gAsJobWFNQWj6NgpnR 2845 uEgPpk5BYhJH3LI8AKV7W5OR4MNYPWuoJ4wKDryVgcNaJY0k8+ci9ksXHSrp 2846 mxC89QrdqiXEBw3w2QMsC9UElGFkzgEhlRS3KoFqKRByKIXrCjxQsTMpQ3vF 2847 CFLiGt7UOmb1ZIbU8FszTsXnCud6qEYS6IrxLy5LYhDCMu1NuIer0eaInGer 2848 XoKs1qAlF1DNpWRblMdjl1mec6K4gfk0mXdqmnXkaDcvYNCCFB/ghr7KaLNA 2849 GKrjswghYwnBBEN3zVQtqa/suk8i37pnQ/NYl1nnEY+ShtmJaxI3hge8o7Ao 2850 Xwl4ADHgPaeibyup5vGchh7qy+rNJCd19hIlQd/V5Mhuq79KStpN8RdYw5nx 2851 KPdzcYCkQZURYz4lXssDLU00yiwqQFPZgFnOHE5KLt69lzH944c//fTxg4N5 2852 /5r/vHnNf/wg6PCPz15+/V7NAa/19celHL569uabV0+//4iYyUlTCl43h4Ot 2853 qn8XD5wrDLWzeTAzK+7pcHQqXxYWPZcBNLVuRUkQBe6npMBB91u8WmUSMGFf 2854 ux9D6ZzjfXX83HvNbeFEOgl/Q0+nAm3AS6cDYvKdisild/Ee2z1/9errt6// 2855 byzw3Qi7Nv7t7bM3zz4Ag98v/q/HkBrZ4/On9Q5kvB8a6L79RXv3oz+8l+R8 2856 yzN8p8v5w4tev5X4xvtXPH/+0Vc8f/6H76Q7eMfX5xGFv3i6XvDjV39U7+Mv 2857 X/n4Qgfi8/ZmPRx/fnx+rQsL9aX+9Ovx9ctX34IWv9Rzvfnk33/18u2Lvp7W 2858 /PRnuz1/s37Gm/z2nx9ffPa3j9/+yyeffMFJe3z76unrx7ftzePNO8HDNR8s 2859 5ev29M2j//7xzVfr8Q/r6UWT1OJcT3yP3zx7yQHlfL7an/zdfDt+mBn4T+vN 2860 ak/jq8fffPabz/7+5w99V95L7/H66dW/rsGjv3qprV36zSXy9uaXn/wZx0zv 2861 G61eAQA= 2862 2863 --> 2864 2865 </rfc>