From 99665d58037591754f6912b2dbe2460af2890dfe Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Tue, 16 Dec 2025 16:30:04 -0700 Subject: [PATCH 01/18] Start with NotMike contributions from #31 --- bip-0360.mediawiki | 818 +++++++++++++--------------------------- bip-0360/bip360.org | 485 ------------------------ bip-0360/merkletree.png | Bin 75700 -> 103756 bytes bip-0360/merkletree.svg | 712 +++++++++++++++++----------------- 4 files changed, 615 insertions(+), 1400 deletions(-) delete mode 100644 bip-0360/bip360.org diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index ff700e567b..7d89225433 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -11,696 +11,386 @@ Type: Standards Track Created: 2024-12-18 License: BSD-3-Clause + Requires: 340, 341 (partial), 342 -== Introduction == +==Introduction== -=== Abstract === +===Abstract=== -This document proposes the introduction of a new output type, Pay to Quantum Resistant Hash (P2QRH), via a soft fork. -P2QRH provides the same tapscript functionality as Pay to Taproot (P2TR) but removes the quantum-vulnerable -key path spend in P2TR. By itself, P2QRH provides protection against long-exposure quantum attacks, -but requires PQ signatures to provide full security against Cryptographically Relevant Quantum Computers (CRQCs). -P2QRH is designed to provide the foundation necessary for a future soft fork activating PQ signature verification -in tapscript. +This document proposes a new output script type, Pay-to-Tapscript-Hash (P2TSH), via a soft fork. P2TSH outputs are Tapscript-native, hash-based outputs that disable the key-path spend functionality of a Pay-to-Taproot (P2TR) output by omitting the internal keys and the taproot 'tweak' step. The script-path spend functionality of P2TR is retained, and thus all spends of P2TSH outputs are Taproot-style script-path spends. -=== Copyright === +Through this modification, P2TSH outputs provide a Tapscript-native, hashed output type that is: + +# resistant to known attacks by cryptographically-relevant quantum computers (CRQCs), and +# resistant to cryptanalytic techniques that could compromise the elliptic curve cryptography (ECC) used by Bitcoin. + +It is worth noting that the proposed P2TSH outputs are only resistant to what we term “long-exposure attacks”; that is, attacks on public keys exposed on the blockchain for time periods longer than the average time needed to confirm a bitcoin transaction. + +Protection against more sophisticated quantum attacks - including protection against the recovery of secret keys from public keys that are exposed in mempools while a transaction is waiting to be confirmed (what we term “short-exposure attacks”) - may require the introduction of post-quantum signature schemes in Tapscript. + +This document defines long- and short-exposure attacks as specific quantum attack-vectors. + +===Copyright=== This document is licensed under the 3-clause BSD license. -=== Motivation === - -The primary threat to Bitcoin from Cryptographically Relevant Quantum Computers (CRQCs) -A Cryptographically Relevant Quantum Computer is an ''object'' which is only loosely defined by ''characteristics'' in quantum physics as of today. It could be understood in the context of this BIP and in Bitcoin that it's a ''hardware-agnostic'' computer supposed to have the architecture to keep ''coherent'' a sufficient number of logical qubits to be able to run the Shor algorithm in an efficient fashion. -is their potential to break the cryptographic assumptions of Elliptic Curve Cryptography (ECC), which secures Bitcoin's signatures and Taproot -commitments. Specifically, [https://arxiv.org/pdf/quant-ph/0301141 Shor's algorithm] enables a CRQC to solve the -Discrete Logarithm Problem (DLP) exponentially faster than classical methodsShor's algorithm is -believed to need 10^8 operations to break a 256-bit elliptic curve public key., allowing the derivation of -private keys from public keys - a process referred to here as quantum key decryption. -Meaning, deriving private keys from public keys via Shor's algorithm -Importantly, simply doubling the public -key length (e.g., using a hypothetical secp512k1 curve) would only make deriving the private key twice as hard, -offering insufficient protection. The computational complexity of this attack is further explored in -[https://pubs.aip.org/avs/aqs/article/4/1/013801/2835275/The-impact-of-hardware-specifications-on-reaching ''The impact of hardware specifications on reaching quantum advantage in the fault-tolerant regime'']. - -This proposal aims to mitigate these risks by introducing a Pay to Quantum Resistant Hash (P2QRH) output type that -makes tapscript quantum resistant and enables the use of PQ signature algorithms. By adopting PQC, Bitcoin can enhance its quantum -resistance without requiring a hard fork or block size increase. - -The vulnerability of existing Bitcoin addressesA vulnerable Bitcoin address is any -''scriptPubKey'' type that exposes an elliptic curve public key as ''raw bytes'' in a ''block'', making it susceptible -to private key derivation through Shor's algorithm. This includes P2PK outputs and any script that contains an -unprotected or reused public key. is detailed in -[https://web.archive.org/web/20240715101040/https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/quantum-computers-and-the-bitcoin-blockchain.html this Deloitte report]. -The report estimates that in 2020 approximately 25% of the Bitcoin supply is held within addresses vulnerable to -quantum attack. As of the time of writing, that number is now closer to 20%. Independently, Bitcoin developer Pieter -Wuille [https://web.archive.org/web/20220531184542/https://twitter.com/pwuille/status/1108085284862713856 reasons] even -more addresses might be vulnerable, representing 5M to 10M bitcoins. - -Ordinarily, when a transaction is signed, the public key is explicitly stated in the input script. This means that the -public key is exposed on the blockchain when the transaction is spent, making it vulnerable to quantum attack until -it's mined. One way to mitigate this is to submit the transaction directly to a mining pool, bypassing the mempool. -This process is known as an out-of-band transaction or a private mempool. In this case, the mining pool must be trusted -not to reveal the transaction public key to attackers. The problem with this approach is that it requires a trusted -third party, which the P2QRH proposal aims to avoid. It also doesn't account for block reorg attacks, which would -reveal public keys in blocks that were once mined but are now orphaned and must be mined again. Additionally, -it depends on the mining pool whether they reveal their block template to either the public or to miners. - -Not having public keys exposed on-chain is an important step for quantum security. Otherwise, funds would need to be -spent to new addresses on a regular basis in order to prevent the possibility of a "long-exposure CRQC attack" recovering -the key behind high-value addresses. A long-exposure quantum attack can be considered one performed with chain data, such -as that from a used address or one encoded in a spend script. This is likely to be more common early on, as early -quantum computers must be run for longer in order to overcome errors caused by noise. A "short-exposure quantum attack" -would be one performed on keys in the mempool, which is seen as much more difficult given the block time, and so it -requires more sophisticated CRQCs. -In the paper -[https://arxiv.org/pdf/2306.08585 How to compute a 256-bit elliptic curve private key with only 50 million Toffoli gates] -the authors estimate that a CRQC with 28 million superconducting physical qubits would take 8.3 seconds to calculate a -256-bit key, while a CRQC with 6.9 million physical qubits would take 58 seconds. This implies that a CRQC with 4x as -many qubits would be roughly 7 times faster. - - -As the value being sent increases, so too should the fee in order to commit the transaction to the chain as soon as -possible. Once the transaction is mined, it makes useless the public key revealed by spending a UTXO, so long as it is -never reused. - -As the first step to address these issues we propose Pay to Quantum Resistant Hash (P2QRH), an output type that allows -tapscript to be used in a quantum resistant manner. -This new output type protects transactions submitted to the mempool and helps preserve the fee market by -preventing the need for private, out-of-band mempool transactions. - -The following table is intended to inform the average Bitcoin user whether their Bitcoin is vulnerable to a long-exposure -quantum attack: +===Motivation=== + +The primary threat to Bitcoin from Cryptographically-Relevant Quantum Computers (CRQCs)A Cryptographically-Relevant Quantum Computer is an ''object'' which is only loosely defined by ''characteristics'' in quantum physics as of today. It could be understood in the context of this BIP and in Bitcoin that it is a ''hardware-agnostic'' computer supposed to have the architecture to keep ''coherent'' a sufficient number of logical qubits to be able to run Shor's algorithm in an efficient fashion. is their potential to break the key cryptographic assumption which secures the digital signatures used in Bitcoin. Specifically, [https://arxiv.org/pdf/quant-ph/0301141 Shor’s algorithm] enables a CRQC to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP) exponentially faster than by brute-forceShor’s algorithm is believed to need 10^8 operations to break a 256-bit elliptic curve public key., allowing the recovery of private keys from public keys - a process referred to herein as "quantum key recovery".Meaning, deriving private keys from public keys via Shor’s algorithm This problem that is "hard" for traditional computers is made "easy" for a CRQC by Shor's algorithm. + +Grover’s algorithm -- which speeds up random search and poses its own unique risks to Bitcoin by potentially weakening hash-based security -- offers only a quadratic speedup rather than an exponential one. In broad terms, it allows a quantum computer to search an unsorted space of N possibilities in roughly sqrt(N) steps (instead of N), making brute-force attacks on Bitcoin’s hash functions somewhat faster but not "easy". As a result, and despite this advantage, breaking Bitcoin’s cryptographic assumptions via Grover’s algorithm is still believed to be a "hard" problem, even for a quantum computer. + +Some may balk at the threat of quantum computers to Bitcoin given their limited functionality to date. Others – including governments, corporations, and existing and potential Bitcoin users – are concerned about the potential for their advancement and future use in cryptanalysis. + +The Commercial National Security Algorithm Suite (CNSA) 2.0, for instance, has mandated software and networking equipment to be upgraded to post-quantum schemes by 2030, with browsers and operating systems fully upgraded by 2033. Additionally, according to NIST IR 8547, Elliptic Curve Cryptography is planned to be disallowed within the US federal government after 2035 (with an exception made for hybrid cryptography, or the use of ECC and post-quantum algorithms together). These kinds of mandates have triggered concern by some ECC users – including risk-averse Bitcoin users who prefer to be prepared out of an abundance of caution. While it is unclear when or if CRQCs will become viable, we propose the addition of a Tapscript-native, hashed output type for those interested in enhanced resistance to this threat. + +Even in the most optimistic case – wherein quantum computers never pose a significant risk to ECC – we believe that public fear of their advancement alone may be influencing adoption and broad confidence in the Bitcoin network. In other words, we believe users’ fear of quantum computers may be worth addressing regardless of CRQC viability, which is difficult to assess. Given these concerns, we think it’s worth considering changes that offer quantum-resistance, are minimal in complexity and risk – and that create new options for using Bitcoin (and Tapscript). + +As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH) – a Tapscript-native, quantum-resistant output type. + +===Long-Exposure vs Short-Exposure Attacks=== + +This proposal specifically mitigates the risk of long-exposure attacks on Taproot outputs. While other (hashed) Bitcoin output script types already mitigate against this risk, Taproot outputs expose their public keys and so are currently vulnerable to long-exposure quantum attacks. + +A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because they give quantum attackers ample time – as much time as vulnerable keys are exposed – to carry out quantum key recovery. + +Short-exposure attacks will require significantly more advanced, error-tolerant quantum computers – because these attacks must occur within the relatively short time that the public key(s) of a transaction are exposed in the mempool while a transaction is awaiting confirmation in Bitcoin's blockchain. + +All Bitcoin outputs are currently vulnerable to short-exposure attacks – as all Bitcoin transactions require revelation of the redeem scripts and/or associated public keys to unlock and spend unspent outputs.A vulnerable Bitcoin output is any scriptPubKey type that exposes an elliptic curve public key as raw bytes in a block, making it susceptible to quantum key recovery via Shor’s algorithm. This includes P2PK outputs and any script that contains an unprotected or reused public key. Comprehensive quantum-resistance of outputs from short-exposure attacks may require the use of post-quantum signature schemes. + +Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a Tapscript-native, hashed output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers or non-quantum cryptanalytic breaks in Elliptic Curve Cryptography. + +The following list of output types describes their long-exposure attack vulnerability: {| class="wikitable" -|+ Output types vulnerable to long-exposure attacks on unspent addresses |- -! Type !! Vulnerable !! Prefix !! Example +! Type +! Vulnerable +! Prefix +! Example |- -| P2PK || Yes || Varies || 2103203b768951584fe9af6d9d9e6ff26a5f76e453212f19ba163774182ab8057f3eac +| P2PK +| Yes +| Varies +| 2103203b768951584fe9af6d9d9e6ff26a5f76e453212f19ba163774182ab8057f3eac |- -| P2PKH || No¹ || 1 || 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa +| P2PKH +| No¹ +| 1 +| 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |- -| P2MS || Yes || Varies || 52410496ec45f878b62c46c4be8e336dff7cc58df9b502178cc240e... +| P2MS +| Yes +| Varies +| 52410496ec45f878b62c46c4be8e336dff7cc58df9b502178cc240e… |- -| P2SH || No¹ || 3 || 3FkhZo7sGNue153xhgqPBcUaBsYvJW6tTx +| P2SH +| No¹ +| 3 +| 3FkhZo7sGNue153xhgqPBcUaBsYvJW6tTx |- -| P2WPKH || No¹ || bc1q || bc1qsnh5ktku9ztqeqfr89yrqjd05eh58nah884mku +| P2WPKH +| No¹ +| bc1q +| bc1qsnh5ktku9ztqeqfr89yrqjd05eh58nah884mku |- -| P2WSH || No¹ || bc1q || bc1qvhu3557twysq2ldn6dut6rmaj3qk04p60h9l79wk4lzgy0ca8mfsnffz65 +| P2WSH +| No¹ +| bc1q +| bc1qvhu3557twysq2ldn6dut6rmaj3qk04p60h9l79wk4lzgy0ca8mfsnffz65 |- -| P2TR || Yes || bc1p || bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqmmj4z82xdq4q3rr58u +| P2TR +| Yes +| bc1p +| bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqm mj4z82xdq4q3rr58u |- -| P2QRH || No || bc1z || bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve +| P2TSH +| No¹ +| bc1z +| bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve |} +¹ funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs become vulnerable to long-exposure quantum attacks anytime their redeem script is revealed. -¹ Funds in P2PKH, P2SH, P2WPKH, and P2WSH outputs become vulnerable to long-exposure quantum attacks when their input script is revealed. An address is no longer safe against long-exposure quantum attacks after funds from it have been spent. - -It should be noted that Taproot outputs are vulnerable in that they encode a 32-byte x-only public key, from which a -full public key can be reconstructed. - -If a CRQC recovers an extended public key (xpub), including its chain code, it can derive all non-hardened child public -keys by guessing or iterating through child indexes, as allowed by BIP 32's non-hardened derivation. With Shor's -algorithm, the CRQC could then compute the corresponding non-hardened child private keys directly from those public keys, -without needing the extended private key (xprv) or an exposed child private key. Hardened child keys remain secure since -they cannot be derived from the xpub alone. However, if the xprv is exposed, then all child private keys--both hardened -and non-hardened--become vulnerable. Thus, in a quantum context, the xpub alone is sufficient to expose all non-hardened -child private keys. +A complete list of outputs that are vulnerable to long-exposure attacks: -==== Long Exposure and Short Exposure Quantum Attacks ==== +* Legacy (i.e. P2PK) outputs (Satoshi’s coins, CPU miners) +* Reused outputs of any type +* Taproot outputs (mainnet start with bc1p) -A Long Exposure Quantum Attack is an attack in which the public key has been exposed on the blockchain for an extended -period of time, giving an attacker ample opportunity to break the cryptography. This affects: +For further clarification on quantum attack vectors, please refer to our [[#Glossary|Glossary of Terms]]. -* P2PK outputs (Satoshi's coins, CPU miners, starts with 04) -* Reused addresses (any type, except P2QRH) -* Taproot addresses (starts with bc1p) -* Extended public keys, commonly known as "xpubs" -* Wallet descriptors +==Design== -A Short Exposure Quantum Attack is an attack that must be executed quickly while a transaction is still in the mempool, -before it is mined into a block. This affects: +Pay-to-Tapscript-Hash (P2TSH) is a Tapscript-native, hashed output type that commits solely to the root of a Tapscript tree. Functionally, it is a modified Pay-to-Taproot (P2TR) output with the quantum-vulnerable key-path spend disabled by omission of the internal keys and of the Taproot 'tweak' step. -* Any transaction in the mempool (except for P2QRH) +In other words, P2TSH outputs commit to the Merkle root of a Tapscript tree without committing to any internal public key. The script(s) being committed to, however, may contain keys or key-hashes. -Short-exposure attacks require much larger, more expensive CRQCs since they must be executed within the short window -before a transaction is mined. Long-exposure attacks can be executed over a longer timeframe since the public key remains -exposed on the blockchain indefinitely. +This output type is designed to offer Taproot users immediate protection against long-exposure quantum attacks – as well as to provide a practical output type with which new, post-quantum signatures may evolve for additional security. -Coinbase outputs to P2PK keys go as far as block 200,000, so there are, at the time of writing, 1,723,848 coins that -are vulnerable from the first epoch in P2PK outputs alone. The majority of these have a block reward of 50 coins each, -and there are roughly 34,000 distinct P2PK scripts that are vulnerable. These coins can be considered -"Satoshi's Shield." Any addresses with a balance of less than the original block subsidy of 50 coins can be considered -cryptoeconomically incentive incompatible to capture until all of these are mined, and these addresses serve to provide -time to transition Bitcoin to implement post-quantum security. +[[File:bip-0360/merkletree.png|thumb|Construction of P2TSH Taptree root, scriptPubkey, and Witness]] -It's for the above reason that, for those who wish to be prepared for quantum emergency, it is recommended that no more -than 50 bitcoin are kept under a single, distinct, unused Native SegWit (P2WPKH, "bc1q") address at a time. This is -assuming that the attacker is financially motivated instead of, for example, a nation state looking to break confidence -in Bitcoin. Independently, this assumes that other vulnerable targets such as central banks have upgraded their -cryptography by this time. - -The Commercial National Security Algorithm Suite (CNSA) 2.0 has a timeline for software and networking equipment to be -upgraded by 2030, with browsers and operating systems fully upgraded by 2033. According to NIST IR 8547, Elliptic Curve -Cryptography is planned to be disallowed within the US federal government after 2035. An exception is made for hybrid -cryptography, which is the use of ECC and post-quantum algorithms together. - -Although the main threat posed by CRQCs is to the signatures used in Bitcoin, a smaller threat is to Bitcoin's hash -algorithms. In particular, while a CRQC could use [https://en.wikipedia.org/wiki/Grover's_algorithm Grover's algorithm] -to gain a quadratic speedup on brute-force attacks on the hash functions used in Bitcoin, a significantly more powerful -CRQC is needed for these attacks to meaningfully impact Bitcoin. For instance, a preimage attack on -HASH160 Used by P2PKH, P2SH, and P2WPKH addresses, though not P2WSH because it uses 256-bit hashes. -using Grover's algorithm would require at least 10^24 quantum operations. As for Grover's application to mining, see -[https://quantumcomputing.stackexchange.com/a/12847 Sam Jaques' post on this]. - -=== Design === - -This BIP proposes a new output type called P2QRH (Pay to Quantum Resistant Hash). This output type is designed to -support post-quantum signature algorithms but those algorithms will be specified in future BIPs. - -P2QRH (Pay to Quantum Resistant Hash) is a new output type that commits to the root of a tapleaf Merkle tree. It is functionally -the same as a P2TR (Pay to Taproot) output with the quantum vulnerable key path spend removed. Since P2QRH has no key path spend, P2QRH omits the -Taproot internal key, as it is not needed. Instead, a P2QRH output is just the 32-byte root of the tapleaf Merkle tree as defined -in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] and hashed with the tag "QuantumRoot" as shown below. - -[[File:bip-0360/merkletree.png|center|550px|thumb|]] - -To construct a P2QRH output we follow the same process as [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] -to compute the tapscript Merkle root. However, instead of the root of the Merkle tree being hashed together with the internal -key in P2QRH the root is hashed by itself using the tag "QuantumRoot". +To construct a P2TSH output, we first follow the process outlined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] to compute the Merkle root of a given taptree. Then, instead of computing a taproot from the sum of the internal public key and another point generated from the hash of the internal public key and the derived taptree root (i.e. H("TapTweak", internal_pubkey + merkle_root) * G) as is done in P2TR outputs, P2TSH outputs commit only to the Merkle root of the taptree. -D = tagged_hash("TapLeaf", bytes([leaf_version]) + ser_script(script)) -CD = tagged_hash("TapBranch", C + D) -CDE = tagged_hash("TapBranch", E + CD) -ABCDE = tagged_hash("TapBranch", AB + CDE) -Root = tagged_hash("QuantumRoot", ABCDE) +D = tagged_hash(“TapLeaf”, bytes([leaf_version]) + ser_script(script)) +CD = tagged_hash(“TapBranch”, C + D) +CDE = tagged_hash(“TapBranch”, CD + E) +ABCDE = tagged_hash(“TapBranch”, AB + CDE) -A P2QRH input witness provides the following: +A P2TSH input witness provides the following: initial stack element 0, -..., +…, initial stack element N, tapleaf script, -control block = [control byte, 32 * m byte Merkle path] # m is the depth of the Merkle tree +control block = [control byte, 32*m byte Merkle path] # m is the depth of the script in the Merkle tree -The initial stack elements provide the same functionality as they do in P2TR. That is, they place elements on the stack to -be evaluated by the script, a.k.a. the redeem script. - -The control block is a 1 + 32 * m byte array, where the first byte is the control byte and the next 32*m bytes are the -Merkle path to the script. The control byte is the same as the control byte in a P2TR control block, -including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1 -since P2QRH does not have a key path spend. We omit the public key from the control block as it is not needed in P2QRH. -We maintain support for the optional annex in the witness (see specification for more details). - -=== Rationale === - -Our design to augment Bitcoin with quantum resistance is guided by the following principles: - -'''Minimize changes.''' We should reuse existing Bitcoin code and preserve -existing software behavior, workflows, user expectations and compatibility whenever possible. - -'''Gradual upgrade path.''' We should provide an upgrade path for wallets and exchanges which can be -carried out gradually and iteratively rather than all at once. This is critical as the earlier the ecosystem -begins upgrading to quantum resistance, the lower the number of coins at risk when quantum attacks become practical. - -'''Use standardized post-quantum signature algorithms.''' Standardized algorithms have undergone the most scrutiny and -are likely to be most well supported and well studied going forward. The entire Bitcoin ecosystem will benefit -from using the most popular post-quantum signature algorithms, including leveraging hardware acceleration -instructions, commodity trusted hardware, software libraries and cryptography research. - -'''Provide security against unexpected cryptanalytic breakthroughs.''' Consider the risk -if Bitcoin only supported one PQ signature algorithm, and then following the widespread rollout of CRQCs, a critical -weakness is unexpectedly discovered in this signature algorithm. There would be no safe algorithm available. We believe that -prudence dictates we take such risks seriously and ensure that Bitcoin always has at least two secure signature algorithms built -on orthogonal cryptographic assumptions. In the event one algorithm is broken, an alternative will be available. An added benefit -is that parties seeking to securely store Bitcoin over decades can lock their coins under multiple algorithms, -ensuring their coins will not be stolen even in the face of a catastrophic break in one of those signature algorithms. - -Based on these principles, we propose two independent changes that together provide Bitcoin with -full quantum resistance. In this BIP, we introduce a new output type called P2QRH (Pay to Quantum Resistant Hash) so that tapscript -can be used in a quantum resistant manner. In a future BIP, we enable tapscript programs to verify two Post-Quantum (PQ) signature -algorithms, ML-DSA (CRYSTALS-Dilithium) and SLH-DSA (SPHINCS+). It is important to consider these two changes together because P2QRH must -be designed to support the addition of these PQ signature algorithms. The full description of these signatures will be provided in a future BIP. - -==== P2QRH ==== - -P2QRH is simply P2TR with the quantum vulnerable key path spend removed so that it commits to the root of -the tapleaf Merkle tree in the output. This allows P2QRH to reuse the mature and battle tested P2TR, tapleaf -and tapscript code already in Bitcoin. This reduces the implementation burden on wallets, exchanges, and -libraries since they can reuse code they already have. - -Both P2WSH (Pay 2 Witness Script Hash) and P2QRH protect against long-exposure quantum attacks and both provide -the same 256-bit security level. One may ask why not use the existing output type P2WSH instead of add a new one? -The problem with P2WSH is that it only works with pre-tapscript Script and cannot work with tapscript Script. -New protocols and programs in the Bitcoin ecosystem have largely moved to tapscript. Using P2WSH would require turning -back the clock and forcing projects to move from tapscript to pre-tapscript. More importantly, tapscript provides a far -easier and safer upgrade path for adding PQ signatures. Changes to pre-tapscript to enable it to support PQ signatures would likely -require adding tapscript features to pre-tapscript. Even if this was possible, it would represent far more work and -risk than adding a new output type like P2QRH. Tapscript, and thereby a tapscript compatible output such as P2QRH, -is the most plausible and convenient upgrade path to full quantum resistance. - -==== PQ signatures ==== - -By separating P2QRH from the introduction of PQ signatures, relying parties can move from P2TR to P2QRH -without simultaneously having to change from Schnorr signatures to PQ signatures. Simply moving coins from -P2TR to P2QRH protects those coins from long-exposure quantum attacks. Then to gain full quantum resistance, -verification of PQ signatures can be added as an additional leaf alongside Schnorr signaturesMatt Corallo, [https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path], (2024). -When quantum attacks become practical, users would then be fully protected as the P2QRH output would allow -them to switch to sending their coins using the PQ signature algorithms. This allows the upgrade to quantum -resistance to be largely invisible to users. - -Consider the P2QRH output with three tapscripts: - -* Spend requires a Schnorr signature -* Spend requires a ML-DSA signature -* Spend requires a SLH-DSA signature - -In the event that Schnorr signatures are broken, users can spend their coins using ML-DSA. -If both Schnorr and ML-DSA are broken, the user can still rely on SLH-DSA. -While this pattern allows users to spend their coins securely without revealing the public -keys associated with vulnerable algorithms, the user can compromise their own security if -they leak these public keys in other contexts, e.g. key reuse. - -One intent in supporting Schnorr, ML-DSA, and SLH-DSA in tapscript, is to allow parties to construct outputs such that funds -are still secure even if two of the three signature algorithms are completely broken. This is motivated by the use case -of securely storing Bitcoin in a cold wallet for very long periods of time (50 to 100 years). - -For PQ signatures we considered the NIST approved SLH-DSA (SPHINCS+), ML-DSA (CRYSTALS-Dilithium), -FN-DSA (FALCON). Of these three algorithms, SLH-DSA has the largest signature size, but is the most conservative -choice from a security perspective because SLH-DSA is based on well studied and time-tested hash-based cryptography. -Both FN-DSA and ML-DSA signatures are significantly smaller than SLH-DSA signatures but are based on newer lattice-based -cryptography. Since ML-DSA and FN-DSA are both similar lattice-based designs, we choose to only support one of them as the -additional value in diversity of cryptographic assumptions would be marginal. It should be noted that ML-DSA and FN-DSA do -rely on different lattice assumptions and it may be that case that a break in one algorithm's assumptions would not necessarily -break the assumptions used by the other algorithm. - -We also considered SQIsign. While it outperforms the three other PQ signature algorithms by having the smallest signatures, -it has the worst verification performance and requires a much more complex implementation. We may revisit SQIsign separately in the -future as recent research shows massive performance improvements to SQIsign in version 2.0. "[SQIsign] signing is now nearly 20× faster, at 103.0 Mcycles, and verification is more than 6× faster, at 5.1 Mcycles" [https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/sqisign-spec-round2-web.pdf SQIsign: Algorithm specifications and supporting documentation Version 2.0 (February 5 2025)]. - -ML-DSA is intended as the main PQ signature algorithm in Bitcoin. It provides a good balance of security, performance -and signature size and is likely to be the most widely supported PQ signature algorithm on the internet. SLH-DSA has a radically -different design and set of cryptographic assumptions than ML-DSA. As such SLH-DSA provides an effective -hedge against an unexpected cryptanalytic breakthrough. - -P2QRH, ML-DSA, and SLH-DSA could be activated simultaneously in a single soft fork or P2QRH could be activated first and then -ML-DSA and SLH-DSA could be independently activated. If at some future point another signature -algorithm was desired it could follow this pattern. - -We consider two different paths for activating PQ signatures in Bitcoin. The first approach is to redefine OP_SUCCESSx opcodes for each -signature algorithm. For ML-DSA this would give us OP_CHECKMLSIG, OP_CHECKMLSIGVERIFY and OP_CHECKMLSIGADD. The second approach is to use a new tapleaf version that changes the OP_CHECKSIG opcodes to support the -new PQ signature algorithms. In both cases, we would need to include as part of the soft fork an increase in the tapscript stack element -size to accommodate the larger signatures and public keys sizes of the PQ signature algorithms. - -The OP_SUCCESSx approach has the advantage of providing a straightforward path to add new signature algorithms in the future. Simply redefine -a set of five OP_SUCCESSx opcodes for the new signature algorithm. This would allow us to activate a single PQ signature at a time, adding -new ones as needed. Additionally this approach allows developers to be very explicit in the signature algorithm type that they wish to verify. -The main disadvantage is that it uses five OP_SUCCESSx opcodes per signature algorithm. Supporting ML-DSA and SLH-DSA would require ten new opcodes. - -Adding PQ signatures via a tapleaf version increase does not introduce any new opcodes and allows previously written tapscript programs to be used with PQ signatures -by simply using the new tapleaf version. Instead of developers explicitly specifying the intended signature algorithm through an opcode, the algorithm -to use must be indicated within the public key or public key hash'''Why not have CHECKSIG infer the algorithm based on signature size?''' Each of the three signature algorithms, Schnorr, ML-DSA, and SLH-DSA, have unique signature sizes. The problem with using signature size to infer algorithm is that spender specifies the signature. This would allow a public key which was intended to be verified by Schnorr to be verified using ML-DSA as the spender specified a ML-DSA signature. Signature algorithms are often not secure if you can mix and match public key and signature across algorithms.. -The disadvantage of this approach is that it requires a new tapleaf version each time we want to add a new signature algorithm. - -Both approaches must raise the stack element size limit. In the OP_SUCCESSx case, the increased size limit would only be effect for transaction outputs -that use of the new opcodes. Otherwise this stack element size limit increase would be a soft fork. If the tapleaf version is used, then the stack -element size limit increase would apply to any tapscript program with the new tapleaf version. - -To improve the viability of the activation client and adoption by wallets and libraries, a library akin to -libsecp256k1 will be developed. This library, [https://github.com/cryptoquick/libbitcoinpqc libbitcoinpqc], will support the new PQ signature algorithms -and can be used as a reference for other language-native implementations. - -==== PQ signature size ==== - -Post-quantum public keys are generally larger than those used by ECC, depending on the security level. Originally, BIP 360 -proposed NIST Level V, 256-bit security, but this was changed to NIST Level I, 128-bit security due to concerns over the -size of the public keys, the time it would take to verify signatures, and being generally deemed "overkill". - -We recognize that the size of ML-DSA (CRYSTALS-Dilithium) and SLH-DSA (SPHINCS+) signatures + public key pairs is a significant concern. -By way of comparison with Schnorr public key + signature pairs, SLH-DSA is roughly 80x larger and ML-DSA is roughly 40x larger. This means to -maintain present transaction throughput, an increase in the witness discount may be desired. - -An increase in the witness discount must not be taken lightly. Parties may take advantage of this discount for purposes other than -authorizing transactions (e.g., storage of arbitrary data as seen with "inscriptions"). - -There was some hope of designing P2QRH such that discounted public keys and signatures could not be repurposed for the storage of -arbitrary data by requiring that they successfully be verified before being written to Bitcoin's blockchain, a.k.a. "JPEG resistance". -Later research Bas Westerbaan (2025), [https://groups.google.com/g/bitcoindev/c/5Ff0jdQPofo jpeg resistance of various post-quantum signature schemes] -provided strong evidence that this was not a feasible approach for the NIST approved Post-Quantum signature algorithms. -It is an open question if Post-Quantum signature algorithms can be designed to provide JPEG resistance. - -==== Raising tapscript's stack element size ==== - -A problem faced by any attempt to add PQ signatures to tapscript is that the stack elements in tapscript cannot be larger than 520 bytes -because the MAX_SCRIPT_ELEMENT_SIZE=520. This is problematic because PQ signature algorithms often have signatures and -public keys in excess of 520 bytes. For instance: - -* ML-DSA public keys are 1,312 bytes and signatures are 2,420 bytes -* SLH-DSA public keys are 32 bytes and signatures are 7,856 bytes - -We will first look at our approach to the problem of PQ signatures and then give our solution for public keys larger than 520 bytes. +The initial stack elements provide the same functionality as they do in a P2TR script-path spend. That is, they place elements on the stack to be evaluated by the redeem script. -To keep P2QRH small and simple, we have opted not to raise the stack element size limit as part of P2QRH, but instead make this change when -adding PQ signatures. That said, we are not strongly opposed to putting this increase in P2QRH. - -We propose a stack element size limit of 8,000 bytes. We arrive at 8,000 by rounding up from the needed 7,856 bytes. +The control block is a ''1 + 32*m'' byte array, where the first byte is the control byte and the next ''32*m'' bytes are the Merkle path to the leaf script, where m is the depth of the leaf script in the Merkle tree. The control byte is the same as the control byte in a P2TR control block, including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1, since P2TSH does not have a key-path spend. Unlike P2TR, we omit the public key from the control block as it is not needed in P2TSH. We maintain support for the optional annex in the witness (see Specification section below for more details). -OP_DUP will duplicate any stack element. Thus, if we allowed OP_DUP to duplicate stack elements of size 8,000 bytes, it would be possible -to write a tapscript which will duplicate stack elements until it reaches the maximum number of elements on stack, i.e. 1000 elements. -An increase from 520 bytes to 8,000 bytes would increase the memory footprint from 520 KB to 8 MB. +==Rationale== -To prevent OP_DUP from creating an 8 MB stack by duplicating stack elements larger than 520 bytes we define OP_DUP to fail on stack -elements larger than 520 bytes. Note this change to OP_DUP is not consensus critical and does not require any sort of fork. This is -because currently there is no way to get a stack element larger than 520 bytes onto the stack so triggering this rule is currently -impossible and would only matter if the stack element size limit was raised. +In this proposal, we adopt a “prepared not scared” approach to the possible advancement of quantum computing – and offer Bitcoin users an option for increased protection if they so choose. +This BIP does not take a position on any specific quantum computing timeline, but rather proposes a flexible and unobtrusive option for users who wish to mitigate this risk according to their own estimate of the timeline. -==== Public keys larger than 520 bytes ==== +Design of the P2TSH output type is guided by the following intentions: -Turning our attention to public keys larger than 520 bytes. This is not needed for SLH-DSA as its public key is only 32 bytes. -This is a different problem than signatures as public keys are typically pushed onto -the stack by the script (redeem script) to commit to public keys in the output. The OP_PUSHDATA opcode in tapscript fails if asked to push -more than 520 bytes onto the stack. +# Minimize changes to the network – we should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. +#: +#: P2TSH leverages Taproot code already in Bitcoin for tapscript and taptree construction – reducing the implementation burden on wallets, exchanges, and libraries, which can reuse code they already have. This approach reduces complexity and minimizes implementation risks. +# Create the safest possible path for the addition of post-quantum signatures - in the event they are used in the future. +#: +#: Importantly, we are proposing a Tapscript-native, hashed output type that is resistant to long-exposure attacks. While existing hashed output types (i.e. P2PKH, P2SH, P2WPKH, and P2WSH) are already resistant to long-exposure attacks, these output types do not support Tapscript – which may be required for practical extension with post-quantum signature opcodes. Unlike Tapscript, Bitcoin script as provided by P2SH and P2WSH does not support OP_SUCCESSx opcode upgrades. +#: +# Facilitate gradual integration of quantum-resistant features - that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. +#: +#: We designed P2TSH with an eye towards integrating post-quantum signatures in the future, without proposing more complex changes while CRQCs are still in their infancy. -To solve this issue, for signature schemes with public keys greater than 520 bytes, we use the hash of the public key in the script. -We then package the public key and signature together as the same stack element on the input stack. Since the hash of the public key is -only 32 bytes, the script can push it on the stack as it does today. Consider the following example with a -OP_CHECKMLSIG opcode for ML-DSA: +===P2TSH Trade-Offs=== - -stack = [pubkey||signature] -tapscript = [OP_PUSHDATA HASH256(expected_pubkey), OP_CHECKMLSIG] - +While P2TR outputs (and ECC-based key-path spends) will remain an option for folks wishing to use them – we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key-path spend for the benefit of quantum protection. -1. OP_PUSHDATA HASH256(expected_pubkey) updates the stack to [HASH256(expected_pubkey), pubkey||signature] -2. OP_CHECKMLSIG pops HASH256(expected_pubkey) and pubkey||signature, checks HASH256(expected_pubkey) == pubkey and verifies signature against pubkey. +A P2TSH witness will be larger than a P2TR key-path spend witness. That said, a P2TSH witness will be slightly smaller than the witness to an equivalent P2TR script-path spend, because with P2TSH there is no need to reveal any internal public key. For a more complete comparison of input witness sizes, the “Transaction Size and Fees” section may be reviewed later in this proposal. -==== Future considerations ==== +Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR. That is, since P2TSH outputs can only be spent via the script-path spend, users functionally reveal the existence of a Tapscript tree whenever they are using a P2TSH output. Of course, a chosen leaf script is also revealed at spend-time. In P2TR, when you spend an output by the key-path spend you don’t reveal any script or if you had any scripts at all. -Additional follow-on BIPs will be needed to implement PQ signature algorithms, signature aggregation, and full BIP 32 compatibility -(if possible) BIP 32 relies on elliptic curve operations to derive keys from xpubs to support -watch-only wallets, which PQC schemes may not support.. However, until specialized quantum cryptography hardware -is widespread and signature aggregation schemes are thoroughly vetted, P2QRH addresses are an intermediate solution -to quantum threats. +'''Note:''' P2TSH and P2TR both provide greater optionality and privacy regarding script policy compared to P2SH [https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki (BIP 16 - Pay to Script Hash)]. -== Specification == +==Specification== -We define the Pay to Quantum Resistant Hash (P2QRH) output structure as follows. +We define the Pay-to-Tapscript-Hash (P2TSH) output structure as follows: -=== Pay to Quantum Resistant Hash (P2QRH) === +A P2TSH output is a modified P2TR output that commits to the root of a taptree (as defined in [https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki BIP 342]). Unlike P2TR outputs, we disable the key-path spend for the benefit of quantum resistance by omitting the internal keys and the Taproot "tweak" step. The root of the taptree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. -A P2QRH output is simply the root of the tapleaf Merkle tree defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] -and used as an internal value in P2TR. +===ScriptPubKey=== -To construct a P2QRH output we follow the same process as [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] -to compute the tapscript Merkle root. However, instead of the root of the Merkle tree being hashed together with the internal -key in P2QRH the root is hashed by itself using the tag "QuantumRoot" and then set as the witness program. +The scriptPubKey for a P2TSH output is: -=== Address Format === - -P2QRH uses SegWit version 2 outputs, resulting in addresses that start with bc1z, following -[https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#bech32 BIP 173]. Bech32 encoding maps version 2 to the -prefix z. - -Example P2QRH address: + +OP_2 OP_PUSHBYTES_32 + -bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve (32-byte Bech32m-encoded tapleaf Merkle root) +Where: +* OP_2 indicates SegWit version 2. +* is the 32-byte Merkle root of the taptree. -=== ScriptPubKey === +===Address Format=== -The scriptPubKey for a P2QRH output is: +P2TSH outputs use SegWit version 2, resulting in mainnet addresses that start with 'bc1z', following [https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#bech32 BIP 173]. Bech32m encoding maps version 2 to the prefix z. - OP_2 OP_PUSHBYTES_32 +Example P2TSH address: -Where: + +bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve + -* OP_2 (0x52) indicates SegWit version 2. -* is the 32-byte tapleaf Merkle root. +This is a Bech32m-encoded P2TSH scriptPubKey. -==== Script Validation ==== +===Script Validation=== -A P2QRH output is a native SegWit output (see [[bip-0141.mediawiki|BIP141]]) with version number 2, and a 32-byte witness program. -Unlike Taproot this witness program is the tapleaf Merkle root. For the sake of comparison we have, as much as possible, copied the -language verbatim from the [[bip-0341.mediawiki|BIP341]] script validation section. +A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki | BIP341]]. -* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents root of tapleaf Merkle tree. +* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the Tapscript tree. * Fail if the witness stack does not have two or more elements. -* If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex'' ''a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during Taproot validation. +* If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex'' ''a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. * There must be at least two witness elements left. -** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki|BIP 341]]) -** The last stack element is called the control block ''c'', and must have length ''1 + 32 * m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. -** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki|BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1 '''Why set the last bit of c[0] to one?''' Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2QRH. If they test against P2QRH outputs and require that last bit is 1, this deserialization bug will cause an immediate error.. +** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki | BIP 341]]) +** The last stack element is called the control block ''c'', and must have length ''1 + 32*m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. +** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki | BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1.Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2TSH. If they test against P2TSH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. ** Let ''k0 = hashTapLeaf(v || compact_size(size of s) || s)''; also call it the ''tapleaf hash''. -** For ''j'' in ''[0,1,...,m-1]'': +** For ''j'' in ''[0,1,…,m-1]'': *** Let ''ej = c[33+32j:65+32j]''. -*** Let ''kj+1 depend on whether ''kj < ej'' (lexicographically): -**** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. -**** If ''kj ≥ ej'': ''kj+1 = hashTapBranch(ej || kj)''. -** Let ''r = hashQuantumRoot(km)''. -** If ''q ≠ r'', fail. +*** Let ''kj+1 depend on whether'' kj < ej ''(lexicographically):'' +**** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. +**** If ''kj ≥ ej'': ''kj+1 = hashTapBranch(ej || kj)''. +** Let ''r = km''. +** If ''q ≠ r'', fail. ** Execute the script, according to the applicable script rules, using the witness stack elements excluding the script ''s'', the control block ''c'', and the annex ''a'' if present, as initial stack. This implies that for the future leaf versions (non-''0xC0'') the execution must succeed. +* Otherwise, fail. -The steps above follow the script path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: -* The witness program is the tapleaf Merkle root and not a public key. This means that we skip directly to the BIP 341 spend path tapleaf Merkle tree validation. -* We compute the tagged tapleaf Merkle root r and compare it directly to the witness program q. -* The control block is 1 + 32*m bytes, instead of 33 + 32*m bytes. - -==== Sighash Calculation ==== +The steps above follow the script-path spend logic from [[bip-0341.mediawiki | BIP 341]] with the following changes: -The sighash for P2QRH outputs follows the same procedure as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] for Taproot transactions: +* The witness program is the Merkle root of a taptree and not a "tweaked" public key. This means that we skip directly to the BIP 341 spend path tapleaf Merkle tree validation. +* We compute the taptree Merkle root r and compare it directly to the witness program q. +* The control block is ''1 + 32*m'' bytes, instead of ''33 + 32*m'' bytes. -* '''Signature Message:''' A single-SHA256 of a tagged hash with the tag "TapSighash", containing transaction data. -* '''Tagged Hash:''' Computed as H(tag || tag || data) where H is SHA256 and tag is the SHA256 of the tag name. -* '''Key Data:''' In addition to transaction data, the sighash includes the spent output's scriptPubKey. -* '''Extension Fields:''' Specific data is included or excluded from the sighash based on the sighash flag. +===Common Signature Message Construction=== -This signature hash construction ensures transaction malleability is prevented while providing flexibility through -different sighash types (DEFAULT, ALL, NONE, SINGLE, and ANYONECANPAY variants). The exact computation follows the -procedure specified in BIP 341 to maintain compatibility with Taproot signatures. - -If a sighash flag other than DEFAULT is needed, it can be placed in the transaction witness. In this case, it will be -the only field in the witness. +The [https://learnmeabitcoin.com/technical/upgrades/taproot/#common-signature-message common signature message] construction for P2TSH outputs is exactly the same procedure as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] for Taproot transactions. === Compatibility with BIP 141 === -By adhering to the SegWit transaction structure and versioning, P2QRH outputs are compatible with existing transaction -processing rules. Nodes that do not recognize SegWit version 2 will treat these outputs as anyone-can-spend but, per -[https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki BIP 141], will not relay or mine such transactions. +By adhering to the SegWit transaction structure and versioning, P2TSH outputs are compatible with existing transaction processing rules. Nodes that do not recognize SegWit version 2 will treat these outputs as anyone-can-spend but, per [https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki BIP 141], will not relay or mine such transactions. + +===Transaction Size and Fees=== +P2TSH and P2TR scriptPubKeys are always the same size, 34 bytes. A witness to a P2TSH output can be slightly larger or smaller than the equivalent P2TR witness – depending on the use of key- vs script-path spend in the case of P2TR. Let’s consider the cases. -=== Transaction Size and Fees === +===Comparison with P2TR key-path spend=== -Equivalent P2QRH and P2TR outputs are always the same size. P2QRH inputs can be slightly larger or smaller than -their equivalent P2TR inputs. Let's consider the cases: +A P2TSH witness will always be larger than a P2TR witness when the P2TR output is spent via a key-path spend. P2TSH quantum-resistance comes from removing the P2TR key-path spend functionality. Consequently, every P2TSH output is spent using a script-path spend, and so P2TSH witnesses must all contain the inputs to the leaf script, the leaf script itself, and a control block. All P2TSH control blocks require a merkle path except when there is exactly one leaf script, and so the tree has depth ''m = 0''. In that special case, a merkle path may be omitted from the P2TSH control block. -'''P2TR key path spend''' P2QRH inputs will be larger than P2TR inputs when the P2TR output would have been spent via the key path spend. -P2QRH quantum resistance comes from removing the P2TR key path spend. Consequently, it cannot make use of Taproot's optimization -where P2TR key path spends do not require including a Merkle path in the P2TR input. If the Merkle tree only has a single leaf script, -no Merkle path is needed in the control block, giving us a 1-byte control block. +P2TR key-path spend witness (66 bytes): -P2QRH witness (103 bytes): [count] (1 byte), # Number of elements in the witness -[size] signature (1 + 64 bytes = 65 bytes), -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), -control block = [size] [control byte] (1 + 1 = 2 bytes) +[size] signature (1 + 64 bytes = 65 bytes) -P2TR key path spend witness (66 bytes): +P2TSH witness for depth-0 tree (103 bytes): + [count] (1 byte), # Number of elements in the witness -[size] signature (1 + 64 bytes = 65 bytes) +[size] signature (1 + 64 bytes = 65 bytes), +tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), +control block = [size] [control byte] [merkle path (empty)] (1 + 1 + 0 bytes = 2 bytes) -Thus, the P2QRH input would be 103 - 66 = 37 bytes larger than a P2TR key path spend input. +Thus, this P2TSH witness would be 103 - 66 = 37 bytes larger than a P2TR key-path spend witness. -If the Merkle tree has more than a single leaf, then the Merkle path must be included in -the control block. -P2QRH witness (103+32*m bytes) +If the Tapscript tree has more than a single leaf, then the Merkle path will increase the size by ''32*m'' bytes, where dIf ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte is the depth of the leaf script in the Tapscript tree. (Note: Huffman encoding of leaf scripts offers advantages here.) + +P2TSH witness for depth-d tree ''(103 + 32*m bytes)'': [count] (1 byte), # Number of elements in the witness -[size] signature (64 + 1 bytes = 65 bytes), -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (34 + 1 bytes = 35 bytes), -control block = [size] [control byte, 32 * m byte Merkle path] (1 + 1 + 32 * m = 2 + 32 * m bytes) +[size] signature (64 + 1 bytes = 65 bytes), +tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (34 + 1 bytes = 35 bytes), +control block = [size] [control byte] [Merkle path] (1 + 1 + 32*m = 2 + 32*m bytes) -For a Merkle path of length m, it would add an additional ~32 * m bytes to the P2QRH input. This would -make it 37 + 32 * m bytes larger than a P2TR key path spend inputIf m >= 8, then the compact size will use 3 bytes rather than 1 byte. - -Considering a P2QRH output that has a PQ signature leaf and a Schnorr leaf. The P2QRH witness to spend the Schnorr path -would be 103 + 32 * 1 = 135 bytes. It is unfortunate that we can not use the key path spend optimization for P2QRH inputs, but the key path spend optimization is -exactly what makes P2TR vulnerable to quantum attacks. If key path spend was quantum resistant we wouldn't need P2QRH at all. +===Comparison with P2TR script-path spend=== -'''P2TR script path spend''' P2QRH inputs will be smaller than equivalent script path spend P2TR inputs. This is because P2QRH inputs -do not require that the input includes a public key in the control block to open the commitment to the Merkle root. -An equivalent P2QRH input will be 32 bytes smaller than a P2TR script path spend input. +A P2TSH witness will be smaller than an equivalent P2TR script-path spend witness. This is because P2TSH inputs do not require inclusion of any internal public key in the control block. For that reason, a P2TSH witness will be 32 bytes smaller than an equivalent P2TR script-path spend witness. -=== Performance Impact === +===Performance Impact=== -P2QRH is slightly more computationally performant than P2TR, as the operations to spending a P2QRH output is a strict -subset of the operations needed to spend a P2TR output. +P2TSH is slightly more computationally performant than P2TR script-path spends, as the operations to spend a P2TSH output are a strict subset of the operations needed to perform a script-path spend on a P2TR output. -=== Backward Compatibility === +===Backward Compatibility=== -Older wallets and nodes that have not been made compatible with SegWit version 2 and P2QRH will not recognize these -outputs. Users should ensure they are using updated wallets and nodes to use P2QRH addresses and validate transactions -using P2QRH outputs. +Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH outputs and validate transactions using these outputs. P2TSH is fully compatible with Tapscript and existing tapscripts can be used in P2TSH outputs without modification. -P2QRH is fully compatible with tapscript and existing tapscript programs can be used in P2QRH outputs without modification. +===Security=== -== Security == +P2TSH outputs provide the same Tapscript functionality as P2TR outputs, but without the quantum-vulnerable key-path spend. This enables users, exchanges and others to easily move their coins from Taproot outputs to P2TSH outputs, and thereby to protect their coins from long-exposure quantum attacks. -P2QRH outputs provide the same tapscript functionality as P2TR outputs, but without the quantum-vulnerable key path spend. -This enables users, exchanges and other hodlers to easily move their coins from Taproot outputs to P2QRH outputs -and thereby protect their coins from long-exposure quantum attacks. The protection from long-exposure quantum attacks -does not depend on the activation of post-quantum signatures in Bitcoin but does require that users do not expose their -quantum vulnerable public keys to attackers via address reuse or other unsafe practices. +Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but does require that users do not expose their quantum-vulnerable public keys to attackers and avoid address reuse or other unsafe practices. -P2QRH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. -This is the same level of security as P2WSH, which also uses a 256-bit hash output. +P2TSH uses the same 256-bit hash function as P2WSH, and so both provide 128-bits of collision resistance and 256-bits of preimage resistance. -P2QRH does not, by itself, protect against short-exposure quantum attacks, but such attacks can be mitigated by the future -activation of post-quantum signatures in Bitcoin. With P2QRH, these would provide full quantum resistance to P2QRH outputs in Bitcoin. -That said, the protection offered by resistance to long-exposure quantum attacks should not be underestimated. It is likely -that the first CRQCs (Cryptographically Relevant Quantum Computers) will not be able to perform short-exposure quantum -attacks. +P2TSH does not, by itself, protect against short-exposure quantum attacks, but such attacks might be mitigated by the future activation of post-quantum signature schemes in P2TSH outputs. +That said, the protection offered by resistance to long-exposure attack alone should not be underestimated. It is likely that the first CRQCs will not be able to perform short-exposure attacks - as such, defense against long-exposure attacks is more time-sensitive than is defense against short-exposure attacks. -{| class="wikitable" -|+ Candidate quantum-resistant signature algorithms ordered by largest to smallest NIST Level V signature size -|- -! Signature Algorithm !! Year First Introduced !! Signature Size !! Public Key Size !! Cryptographic Assumptions -|- -| [https://en.wikipedia.org/wiki/Lamport_signature Lamport signature] || 1977 || 8,192 bytes || 16,384 bytes || -Hash-based cryptography -|- -| [https://eprint.iacr.org/2011/191.pdf Winternitz signature] || 1982 || 2,368 bytesWinternitz -signatures are much smaller than Lamport signatures due to efficient chunking, but computation is much higher, -especially with high values for w. Winternitz values are for w of 4. It's worth noting that Winternitz signatures can -only safely be used one time per public key. If addresses are reused, private key information might be leaked, allowing -attackers to spend future outputs assigned to the same address. || 2,368 bytes || Hash-based cryptography -|- -| [https://sphincs.org/data/sphincs+-r3.1-specification.pdf SPHINCS+ Rd. 3.1 (FIPS 205 - SLH-DSA)] || 2015 || 29,792 -bytes || 64 bytes || Hash-based cryptography -|- -| [https://eprint.iacr.org/2011/484.pdf XMSS]XMSS, which is based on Winternitz, uses a value of 108 -for its most compact signature size, with only a 4.6x (2.34/0.51) increase in verification time. Signing and key -generation are not considered a significant factor because they are not distributed throughout the entire Bitcoin -network, which take place only inside of wallets one time. || 2011 || 15,384 bytes || 13,568 bytes || -Hash-based cryptography (Winternitz OTS) -|- -| [https://pq-crystals.org/dilithium/ CRYSTALS-Dilithium (FIPS 204 - ML-DSA)] || 2017 || 4,595 bytes || 2,592 bytes || -Lattice cryptography -|- -| [https://eprint.iacr.org/2014/457.pdf pqNTRUsign] || 2016 || 1,814 bytes || 1,927 bytes || Lattice cryptography (NTRU) -|- -| [https://falcon-sign.info FALCON (FIPS 206 - FN-DSA)] || 2017 || 1,280 bytes || 1,793 bytes || Lattice cryptography -(NTRU) -|- -| [https://eprint.iacr.org/2022/1155.pdf HAWK] || 2022 || 1,261 bytes || 2,329 bytes || Lattice cryptography -|- -| [https://sqisign.org SQIsign] || 2023 || 335 bytes || 128 bytes || Supersingular Elliptic Curve Isogeny -|- -| [https://eprint.iacr.org/2024/760.pdf SQIsign2D-West] || 2024 || 294 bytes || 130 bytes || Supersingular Elliptic -Curve Isogeny -|- -| [https://eprint.iacr.org/2023/436.pdf SQIsignHD] || 2023 || 109 bytes (NIST Level I) || Not provided || -Supersingular Elliptic Curve Isogeny -|} +== Security Considerations for Post-Quantum Signature Schemes == -As shown, supersingular elliptic curve quaternion isogeny signature algorithms represent the state of the art in -post-quantum cryptography, beyond lattice cryptography alone, especially when key and signature length are major -constraints. This makes inclusion of SQIsign attractive, however its performance is roughly 100,000 times slower than ECC, -which is prohibitive in the context of Bitcoin. Meanwhile, SPHINCS+ and CRYSTALS-Dilithium signatures are already approved -and have achieved broader community consensus. FALCON signatures are also NIST approved. +While this proposal does not include the introduction of post-quantum signature schemes, we think it’s worth commenting on security considerations related to this possibility. -In comparison, the size of currently used signature algorithms are: +Quantum-resistant signature algorithms (e.g. ML-DSA or SLH-DSA) offer different theorized levels of protection (e.g. NIST I - V), and each should be scrutinized before use. We are currently researching options for the potential proposal of post-quantum signatures into Bitcoin – and encourage others to engage in this research as well. -* ECDSA: 70-72 bytes -* Schnorr: 64 bytes +We also imagine the possibility of introducing multiple post-quantum signatures into Bitcoin for redundancy. Balancing the risks of additional complexity with the benefits of signature-type redundancy will be the challenge here. -In comparison to inception date, secp256k1 [https://www.secg.org/SEC1-Ver-1.0.pdf was originally specified in 2000]. +==Test Vectors and Reference Code== -One consideration for choosing an algorithm is its maturity. secp256k1 was already 8 years old by the time it was -chosen as Bitcoin's curve. Isogeny cryptography when it was first introduced was broken over a weekend. +Test vector data for creation of P2TSH UTXOs can be found [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/common/tests/data/p2tsh_construction.json here]. -Signature verification speed as it compares to Schnorr or ECDSA isn't seen as high a consideration as signature size -due to block space being the primary fee constraint. As a P2QRH implementation materializes, a benchmark will be added -for performance comparison. +These test vectors build off of the test vectors for BIP341 (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. -An additional consideration is security level. Longer signature sizes provide more security. NIST has standardized five -security levels for post-quantum cryptography. NIST security level I provides security equivalent to 128-bit keys, and -security level V provides 256-bit security. +Also included are test vectors in [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/rust rust] and [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/python python]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature learnmeabitcoin]. Similar to BIP341 test vectors, all signatures are created with an all-zero (0x0000...0000) BIP340 auxiliary randomness array. -== Test Vectors and Reference Code == +==Related Work== -TBD +Below we attempt to summarize some of the ideas related to P2TSH that have been discussed on the bitcoin-dev mailing list, bitcointalk.org, and elsewhere. -== Related Work == +Quantum-vulnerability in Bitcoin is an issue that has been discussed with some regularity on [https://bitcointalk.org/index.php?topic=133425.0 bitcointalk.org] since at least 2013 – and there is clearly user demand for increased quantum protection. -It is worth noting by way of comparison that -[https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 Vitalik Buterin's -proposed solution] in an Ethereum quantum emergency is quite different from the approach in this BIP. His plan involves -a hard fork of the chain, reverting all blocks after a sufficient amount of theft, and using STARKs based on BIP 32 -seeds to act as the authoritative secret when signing. These measures are deemed far too heavy-handed for Bitcoin. +The idea of Taproot with key-path spend removed has been discussed a number of times in the Bitcoin community. -P2QRH and MAST (Merkelized Abstract Syntax Tree) [https://github.com/bitcoin/bips/blob/master/bip-0114.mediawiki BIP 114], -and related BIPs [https://github.com/bitcoin/bips/blob/master/bip-0116.mediawiki BIP 116], [https://github.com/bitcoin/bips/blob/master/bip-0117.mediawiki BIP 117], -share the idea of committing to a Merkle tree of scripts. While MAST was never activated, Taproot -[https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] incorporated this idea of a Merkle tree of -scripts into its design. P2QRH inherits this capability from Taproot because P2QRH is simply Taproot with the key path -spend removed. As a result, P2QRH does not have the Taproot internal key or tweak key, instead P2QRH commits directly to the -Merkle tree of scripts. +For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key-path spend in Taproot and activated OP_CAT [https://github.com/bitcoin/bips/blob/master/bip-0347.mediawiki BIP 347], we could achieve quantum resistance by using Lamport signatures with OP_CAT. -Below we attempt to summarize some of the ideas discussed on the Bitcoin Development Mailing List that relate to P2QRH. +Lamport and Winternitz One-Time Signatures (WOTS) built from OP_CAT are quantum-resistant, but are one-time signatures – meaning, when you sign a message you reveal all or part of your private key. And so, you should never reuse the same public key to sign another message. This is a significant practical vulnerability for everyday users. -The idea of Taproot but with the key path spend removed has been discussed a number of times in the Bitcoin community. -[https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] -notes that if we disable the key path spend in Taproot and activated CAT [https://github.com/bitcoin/bips/blob/master/bip-0347.mediawik BIP 347], -we could achieve quantum resistance by using Lamport signatures with CAT. Lamport and WOTS (Winternitz One-Time Signatures) built from CAT -are quantum resistant but are one-time signatures. This means that if you sign twice for the same public key, you leak your secret key. This would require major changes to wallet behavior and would represent a significant security downgrade. -[https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path] and -[https://groups.google.com/g/bitcoindev/c/oQKezDOc4us/m/T1vSMkZNAAAJ Re: P2QRH / BIP 360 Update] discusses the idea of -Taproot but with the future ability to disable the key path spend. -The design of P2QRH is partly inspired by these discussions as P2QRH can be understood as P2TR without the key path spend. -Commit-reveal schemes such as -[https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/ Re: Transition to post-quantum (2018)] -and [https://groups.google.com/g/bitcoindev/c/LpWOcXMcvk8/m/YEiH-kTHAwAJ Post-Quantum commit / reveal Fawkescoin variant as a soft fork (2025)] -have been proposed as a way to safely spend Bitcoin if CRQCs become practical prior to Bitcoin adopting achieving quantum resistance. -The essential idea is to leverage the fact that a CRQC can only learn your private key after a user has revealed their public key. -Thus, Bitcoin could fork in an alternative way to spend an output that would leverage this property. -Spending via commit-reveal would require two steps, first the user's commits on-chain to their public key along with a set of outputs the user wishes -to spend to. Then, in reveal, the user sign and reveals their public key. While CRQC might be able to generate competing signatures it can not produce -a commitment to the user's public key earlier than the user's commitment as it does not learn it until the reveal step. +[https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path] and [https://groups.google.com/g/bitcoindev/c/oQKezDOc4us/m/T1vSMkZNAAAJ Re: P2QRH / BIP 360 Update] also discuss the possibility of Taproot with key-path spend removed. The design of P2TSH was partly inspired by these discussions. + +Commit-reveal schemes such as [https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/ Re: Transition to post-quantum (2018)] and [https://groups.google.com/g/bitcoindev/c/LpWOcXMcvk8/m/YEiH-kTHAwAJ Post-Quantum commit / reveal Fawkescoin variant as a soft fork (2025)] have been proposed as a way to create cryptocurrencies without public key cryptography. The ideas in this paper were more recently expanded upon by Tadge Dryja in his “[https://www.youtube.com/watch?v=4bzOwYPf1yo Lifeboat]” proposal, which effectively quantum-proofs Bitcoin transactions through a similar pre-commitment scheme designed for Bitcoin. + +==Other Methods of Addressing Quantum Vulnerabilities for Cryptocurrencies== + +It is worth noting, by way of comparison, that [https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 Vitalik Buterin’s proposed solution] to Ethereum’s quantum vulnerability is quite different from the approach in this BIP. +His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin – and would be practically impossible to implement. + +That said, we believe the use of STARKs (which are quantum-resistant) may prove useful as a method of proving access to external private keys, in the event that the community chooses to burn vulnerable coins – as proposed by Jameson Lopp and others in [https://qbip.org/ QBIP]. + +Discussions related to the burning of coins, and other attempts to slow a potential supply shock caused by quantum-retrieval of vulnerable coins, are out of scope for this proposal. That said, we have separately proposed [https://github.com/cryptoquick/bips/blob/hourglass/bip-hourglass.mediawiki Hourglass] to address this concern and are continuing research on this subject. + +==Glossary== + +'''Quantum Key Recovery''' + +The derivation of private keys from public keys in elliptic curve cryptography (ECC) – made possible by solving the elliptic curve discrete logarithm problem (ECDLP). -Commit-reveal schemes can only be spent from and to outputs that are not vulnerable to long-exposure quantum attacks, such as -P2PKH, P2SK, P2WPKH, etc... To use tapscript outputs with this system either a soft fork could disable the key path spend of P2TR outputs -or P2QRH could be used here as it does not have a key path spend and thus is not vulnerable to long-exposure quantum attacks. +Shor’s algorithm, developed by Peter Shor in 1994, is a quantum algorithm that allows a cryptographically-relevant quantum computer to efficiently solve the elliptic curve discrete logarithm problem and an attacker to perform quantum key recovery. -== References == +'''Long-Exposure Attacks''' -* [https://groups.google.com/g/bitcoindev/c/Aee8xKuIC2s/m/cu6xej1mBQAJ Mailing list discussion] -* [https://delvingbitcoin.org/t/proposing-a-p2qrh-bip-towards-a-quantum-resistant-soft-fork/956?u=cryptoquick Delving Bitcoin discussion] -* [https://bitcoinops.org/en/newsletters/2024/06/14/ Bitcoin Optech newsletter] -* [https://bitcoinops.org/en/podcast/2024/06/18/#draft-bip-for-quantum-safe-address-format Bitcoin Optech discussion transcript] +Attempts to derive private keys from public keys that are exposed on the blockchain for an extended period of time – that is, longer than the average time '''~10 minute''' window that a public key is generally exposed in mempools, while waiting for a transaction to be confirmed. -== Footnotes == +Long-exposure attacks give attackers an ample amount of time to perform quantum key recovery, as long as funds remain in the output and the public key remains exposed. Poor wallet hygiene (e.g. from re-using addresses) or use of outputs with exposed public keys (e.g. Taproot addresses) increases vulnerability to long-exposure attacks. - +'''Short-Exposure Attacks''' -== Changelog == +Attempts to derive private keys from public keys during the brief period when funds are unconfirmed in mempools. These attacks cannot be prevented through wallet hygiene, as revealing the redeem script and/or a public key is necessary for spending. -To help implementors understand updates to this BIP, we keep a list of substantial changes. +Protection against short-exposure attacks may require post-quantum signature schemes. That said, executing these attacks will require more advanced CRQCs than those capable of executing long-exposure attacks -- and are therefore viewed as lower-risk than long-exposure attacks in the near-term. +'''Tapscript-Native Output Type''' + +Tapscript-native output types are the category of output types that support Tapscript (including Schnorr signatures) and [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki Tapscript trees]. + +'''Pay-to-Tapscript-Hash (P2TSH)''' + +A Tapscript-native output type with nearly identical formatting to Pay-to-Taproot (P2TR) – with the quantum-vulnerable key-path spend removed. + +==Footnotes== + + + +==Changelog== + +To help implementers understand updates to this BIP, we keep a list of substantial changes. + +* 2025-09-17 - Rewrote BIP for clarity and renamed from P2QRH to P2TSH * 2025-07-20 - Changed the Witness Version from 3 to 2. -* 2025-07-07 - P2QRH is now a P2TR with the vulnerable key path spend disabled. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. +* 2025-07-07 - P2QRH is now a P2TR with the vulnerable key-path spend removed. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. * 2025-03-18 - Correct inconsistencies in commitment and attestation structure. Switch from Merkle tree commitment to sorted vector hash commitment. Update descriptor format. -* 2025-03-12 - Add verification times for each algorithm. 256 -> 128 (NIST V -> NIST I). Add key type bitmask. Clarify multisig semantics. +* 2025-03-12 - Add verification times for each algorithm. 256 ->; 128 (NIST V ->; NIST I). Add key type bitmask. Clarify multisig semantics. * 2025-02-23 - More points of clarification from review. Update dead link. * 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long-exposure so as to not be confused with the language around block re-org attacks. * 2024-12-18 - Assigned BIP number. @@ -712,14 +402,10 @@ To help implementors understand updates to this BIP, we keep a list of substanti * 2024-09-28 - Add Winternitz, XMSS signatures, and security assumption types to PQC table. Omit NIST Level I table. Add spend script specification. Add revealed public key scenario table. * 2024-09-27 - Initial draft proposal -== Acknowledgements == +==Acknowledgements== + +This document is inspired by [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341], which introduced the design of the P2TR (Taproot) output type using Schnorr signatures. -This document is inspired by [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341], which introduced -the design of the P2TR (Taproot) output type using Schnorr signatures. +I am grateful to Ethan Heilman for joining as co-author and transforming this BIP into something far more congruent with existing Bitcoin design. I am likewise indebted to those who took the time to contribute including Jeff Bride, Michael Casey, and notmike. Additionally, much gratitude to Isabel Foxen Duke for her contributions as editor of this proposal. -Much gratitude to my co-founder, Kyle Crews for proofreading and editing, to David Croisant, who suggested the name -"QuBit", and Guy Swann for pointing out the earlier name for the attestation, "quitness", was imperfect. The -attestation was later discarded when Ethan Heilman joined as co-author, whom I'm incredibly grateful to for -transforming this BIP into something far more congruent with existing Bitcoin design. Thank you as -well to those who took the time to review and contribute, including Jeff Bride, Adam Borcany, Antoine Riard, Pierre-Luc -Dallaire-Demers, D++ (dplusplus1024), Mark Erhardt, Joey Yandle, Jon Atack, Armin Sabouri, Jameson Lopp, and Vojtěch Strnad. +Thank you, of course, to the many others who reviewed this work including Jon Atack, Adam Borcany, Ava Chow, Kyle Crews, David Croisant, Pierre-Luc Dallaire-Demers, D++, Mark Erhardt, Jameson Lopp, Antoine Riard, Armin Sabouri, Vojtěch Strnad, Guy Swann, and Joey Yandle. Whatever errors and inaccuracies may remain are attributable solely to the authors. diff --git a/bip-0360/bip360.org b/bip-0360/bip360.org deleted file mode 100644 index 4f5fd99bed..0000000000 --- a/bip-0360/bip360.org +++ /dev/null @@ -1,485 +0,0 @@ -* Abstract - -This document proposes the introduction of a new output type: Pay-to-Tapscript-Hash (P2TSH), via a soft fork. - -Proposed P2TSH addresses are nearly identical to Pay-to-Taproot (P2TR) addresses --- with the quantum-vulnerable key path spend removed. - -Through this modification, P2TSH addresses create the option of using -Taproot in a manner that is: - - - resistant to potential attacks by cryptographically relevant - quantum computers (CRQCs) in the event that such technology - becomes viable - - - resistant to any pending technology --- for that matter --- that - could potentially threaten ECDSA cryptography over time - -It is worth noting that proposed P2TSH addresses are only resistant to so-called “long exposure attacks” on ECDSA cryptography; that is, attacks on keys exposed for time periods longer than needed to confirm a spending transaction (~10 minutes). - -This is currently the highest degree of quantum protection offered by any existing Bitcoin output type (e.g. P2PKH or other output types with hashed public keys). - -Higher levels of quantum protection, including protection against retrieval of keys exposed in the mempool while a transaction is waiting to be confirmed (a.k.a. “short exposure attacks”), will require the introduction of post-quantum signature schemes in Bitcoin addresses. - -Since the risk of short exposure attacks is lesser than long-exposure attacks in the nearer term—and protecting against short exposure attacks requires more complex changes to the network—we are not recommending the introduction of post-quantum signatures into Bitcoin at this time. - -That said, for maximum protection of funds against potential quantum attacks, we believe it’s worth considering this path in the future and intend to offer a separate proposal for this purpose upon further research. - -Additionally, we believe proposed P2TSH addresses will be the strongest base address type with which to use post-quantum signatures in the future. - -If or when the community chooses to implement them, we believe post-quantum signatures will be most safely added to Bitcoin as Tapscript opcodes—which carry less risk of triggering a hard fork when compared to adding opcodes to Bitcoin script. - -For emphasis, this proposal does not address the full scope of Bitcoin’s broader quantum vulnerabilities. We believe these issues should be addressed individually by separate proposals—to ensure community consensus around each of the varying challenges quantum advancements could pose to Bitcoin over time. - -Lastly, this document defines the specific quantum attack-vectors and -new terms that we are concerned with in this proposal. - -* Motivation - -The primary threat to Bitcoin from Cryptographically Relevant Quantum Computers (CRQCs)[1] is their potential to break the cryptographic assumptions of Elliptic Curve Cryptography (ECC), which secures Bitcoin's signatures (ECDSA) and Taproot commitments (Schnorr). - -More specifically, Shor's algorithm enables a CRQC to solve the Discrete Logarithm Problem (DLP) exponentially faster than classical methods[2], allowing the derivation of private keys from public keys --- a process referred to here as quantum key recovery. [3] - -While it is unclear when or if this technology will become viable in the future, we propose the addition of a quantum-resistant, tapscript-supportive output type—for optional use by taproot-users wanting quantum-grade protection. - -While some may balk at the potential threat of quantum computers to Bitcoin given their limited functionality to date, some others are concerned about their potential for advancement—including governments, corporations and some existing and potential Bitcoin users. - -The Commercial National Security Algorithm Suite (CNSA) 2.0, for instance, has mandated software and networking equipment to be upgraded to post-quantum schemes by 2030, with browsers and operating systems fully upgraded by 2033. - -Additionally, according to NIST IR 8547, Elliptic Curve Cryptography is planned to be disallowed within the US federal government after 2035 (with an exception made for hybrid cryptography, or the use of ECC and post-quantum algorithms together). - -These kinds of mandates have triggered concern by some ECC users --- including some Bitcoin users who prefer to be prepared out of an abundance of caution. - -In the most optimistic case --- wherein quantum computers never pose a significant risk to ECC --- we understand that the possibility of advancement alone may be influencing adoption and broad confidence in the network. - -In other words, we believe users’ fear of quantum computers may be worth addressing regardless of CRQC viability, which is difficult to assess. - -Given these concerns, we think it’s worth considering changes that are -minimal in complexity and risk, and which create new options for using Bitcoin in a quantum-resistant way. - -As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH) --- a tapscript-supportive output type that can be used in a quantum resistant manner. - -* Long Exposure vs Short Exposure Quantum Vulnerability - -For clarity, this proposal specifically mitigates against the risk of long exposure attacks on taproot addresses. While other Bitcoin output types already mitigate against this risk, Taproot addresses (P2TR output types) are currently vulnerable to long-exposure quantum attacks. - -A long-exposure attack may be considered one performed with chain data, such as that from a used address or one encoded in a spend script, or any other attack on keys that are made vulnerable through knowledge transfer that is not inherently time-sensitive. - -These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time—as much time as vulnerable keys are exposed—to carry out quantum key recovery. - -Short exposure attacks, on the other hand, require faster quantum computers—because they must occur within the relatively short time that a transaction is being confirmed in the mempool (~10 minutes). - -At present, Taproot addresses are fundamentally vulnerable to long-exposure attacks, because they encode a 32-byte x-only public key, from which a full public key can be reconstructed. - -All Bitcoin addresses are currently vulnerable to short exposure attacks—and will likely remain so unless or until Bitcoin integrates post-quantum signatures. These types of attacks, however, are less likely in the nearer term. - -Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a tapscript-supportive output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers. - -Many will point out accurately that most non-Taproot addresses already protect against long-exposure attacks; however, we believe that the development of a tapscript-supportive output type that is resistant to long exposure attacks is a critical first step in addressing a potential quantum threat. - -The following list of output types describes their long-exposure attack vulnerability: - -Note: funds in P2PKH, P2SH, P2WPKH, and P2WSH outputs become vulnerable to long-exposure quantum attacks anytime their input script is revealed. For instance, an address is no longer safe against long-exposure attacks after funds from that address have been spent. - -A complete list of addresses that are vulnerable to long-exposure attacks includes: - - - P2PK outputs (Satoshi's coins, CPU miners, starts with 04) - - - Reused addresses (any type, except P2QRH) - - - Taproot addresses (starts with bc1p) - - - Extended public keys, commonly known as "xpubs" - - - Wallet descriptors - -By comparison, short exposure attacks may affect any Bitcoin address with unconfirmed transactions currently in the mempool—as all Bitcoin transactions require revealing the associated public key. - -The only way to fully protect addresses from short-exposure attacks is through the use of post-quantum signature schemes (or the use of private mempools, which is not ideal). - -For further clarification on quantum attack vectors, please refer to the Glossary of Terms. - -* Design - -P2TSH (Pay-to-Tapscript-Hash) is a proposed new output type that commits to the root of a tapleaf Merkle tree. It operates with nearly the same functionality as P2TR (Pay-to-Taproot) addresses—but with the quantum vulnerable key path spend removed. - -In other words, P2TSH addresses commit to the root of a tapleaf merkle tree without commitment to an internal key. The script(s) being committed to, however, may contain a key or key-hash. - -This output type is designed to offer taproot users a quantum-resistant method of operation—as well as a practical output type with which post-quantum signatures may be useable in the future. - -Since P2TSH has no key path spend, P2TSH omits the Taproot internal key. Instead, a P2TSH output includes only the 32-byte root of the tapleaf Merkle tree as defined in BIP 341 hashed with the tag "MerkleRoot" as shown below. - -To construct a P2TSH output, we follow the process outlined in BIP 341 to compute the tapscript Merkle root; however, instead of hashing the root of the Merkle tree with an internal key (as is the case with P2TR addresses), P2TSH addresses commit only to a hash of the Merkle root, combined with the tag "MerkleRoot". - -A P2TSH input witness provides the following: - -The initial stack elements provide the same functionality as they do in P2TR. That is, they place elements on the stack to be evaluated by the script, a.k.a. the redeem script. - -The control block is a 1 + 32 * m byte array, where the first byte is the control byte and the next 32*m bytes are the Merkle path to the script. The control byte is the same as the control byte in a P2TR control block, including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1, since P2TSH does not have a key path spend. - -Additionally, we omit the public key from the control block as it is not needed in P2TSH. Lastly, we maintain support for the optional annex in the witness (see specification for more details). - -** Architecture Rationale - -Design of the P2TSH output type is guided by the following intentions: - - 1) Minimize changes to the network—we should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. - -P2TSH leverages the mature and battle tested P2TR, tapleaf and tapscript code already in Bitcoin --- reducing the implementation burden on wallets, exchanges, and libraries, which can reuse code they already have. This approach reduces complexity and minimizes implementation risks. - - - 2) Create the safest possible path for the addition of post-quantum signature integrations --- in the event they are used in the future. - - -Importantly, we are proposing a tapscript-functional output type that is resistant to long-exposure attacks. While some existing output types are already resistant to long-exposure attacks (e.g. P2WSH), no such output type supports tapscript --- which may be required for practical implementation of post-quantum signature opcodes. - - -More specifically, Bitcoin script does not support OP_SUCCESSx opcode upgrades, which may prove critical for the integration of post-quantum signatures into Bitcoin addresses. - - 3) Facilitate gradual integration of quantum resistant features that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. - -We designed P2TSH with an eye towards integrating post-quantum signatures in the future, without proposing more complex changes while CRQCs are still in their infancy. - -** P2TSH Benefits for Long-Term Wallet Safety - -Because tapscript-supportive outputs enable commitments to a MAST, it is possible to create P2TSH wallets with post-quantum signature scripts—before activating post-quantum signatures within consensus rules. - -Wallets, for instance, may create addresses with scripts including post-quantum signatures—that only become useable after a soft-fork activation. - -This approach enables us to prepare for a potential threat without activating a post-quantum soft fork until “Q Day” arises. - -Consider, for instance, a P2TSH output with three possible tapscripts: - - - Spend requires a Schnorr signature - - - Spend requires a ML-DSA signature - - - Spend requires a SLH-DSA signature - -In the event that Schnorr signatures are broken by quantum computers, we can activate ML-DSA or SLH-DSA signatures on the network—allowing users to spend their coins with these quantum-resistant signatures when needed. - -In other words, P2TSH enables signature-type redundancies that may prove critical on a long enough time horizon. Through this architecture, one could safe-guard their Bitcoin in a single wallet for 20, 50, or 100 years and beyond—without worrying about potential risks to ECDSA security. - -** P2TSH Trade-Offs for Consideration - -While P2TR addresses (and the use of key path spend) will remain an option for folks wishing to use them—we aim to be clear about the tradeoffs of using P2TSH addresses, which disable the key path spend for the benefit of quantum protection. - -First off, P2TSH script path spends are slightly larger than P2TR key path spends. We estimate this to be [??]. That said, script path spends from P2TSH addresses will be slightly smaller than script path spends from P2TR addresses. - -Additionally, users will functionally reveal they are spending to a script tree whenever they are using P2TSH addresses—since P2TSH addresses can only spend via script path spend. - -* Specification - -We define the Pay-to-Tapscript-Hash (P2TSH) output structure as follows: - -A P2TSH output is equivalent to a P2TR output that uses the root of a tapleaf Merkle tree [as defined in BIP 341] in conjunction with the tag “MerkleTree” for its internal value. For benefit of quantum resistance, no internal key is referenced in this value. - -To construct a P2TSH output, we follow the same process as outlined in BIP341 to compute a tapscript Merkle root; however, instead of using the root of a Merkle tree hashed with an internal key—the root is hashed without any key data and includes the tag "MerkleRoot." This hash is then set as the witness program. - -* Address Format - -P2TSH uses SegWit version 2 outputs, resulting in addresses that start with bc1z, following BIP 173. Bech32 encoding maps version 2 to the prefix z. - -Sample P2TSH address: - -bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve - -This is 32-byte Bech32m-encoded tapleaf Merkle root. - -* ScriptPubKey - - -The scriptPubKey for a P2TSH output is: - - OP_2 OP_PUSHBYTES_32 - -Where: - - OP_2 (0x52) indicates SegWit version 2. - - is the 32-byte tapleaf Merkle root. - -* Script Validation - -A P2TSH output is a native SegWit output (see BIP141) with version 2 and a 32-byte witness program. Unlike Taproot, this witness program is the tapleaf Merkle root. For the sake of comparison, we have - as much as possible - copied the language verbatim from script validation section of BIP341. - - Let q be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents root of tapleaf Merkle tree. - - Fail if the witness stack does not have two or more elements. - - If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called annex a and is removed from the witness stack. - The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during Taproot validation. - - There must be at least two witness elements left. - - Call the second-to-last stack element s, the script (as defined in BIP 341) - - The last stack element is called the control block c, and must have length 1 + 32 * m, for a value of m that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. - - Let v = c[0] & 0xfe be the leaf version (as defined in BIP 341). To maintain leaf version encoding compatibility the last bit of c[0] is unused and must be 1 [12]. - - Let k0 = hashTapLeaf(v || compact_size(size of s) || s); also call it the tapleaf hash. - - For j in [0,1,...,m-1]: - - Let ej = c[33+32j:65+32j]. - - Let kj+1 depend on whether kj < ej (lexicographically): - - If kj < ej: kj+1 = hashTapBranch(kj || ej). - - If kj ≥ ej: kj+1 = hashTapBranch(ej || kj). - - Let r = hashQuantumRoot(km). - - If q ≠ r, fail. - - Execute the script, according to the applicable script rules, using the witness stack elements excluding the script s, the control block c, and the annex a if present, as initial stack. This implies that for the future leaf versions (non-0xC0) the execution must succeed. - -The steps above follow the script path spend logic from BIP 341 with the following changes: - - The witness program is the tapleaf Merkle root and not a public key. This means that we skip directly to the BIP 341 spend path tapleaf Merkle tree validation. - - We compute the tagged tapleaf Merkle root r and compare it directly to the witness program q. - - The control block is 1 + 32*m bytes, instead of 33 + 32*m bytes. - -* Sighash Calculation - -The sighash for P2TSH outputs follows the same procedure as defined in BIP 341 for - -Taproot transactions: - - Signature Message: A single-SHA256 of a tagged hash with the tag "TapSighash", containing transaction data. - - Tagged Hash: Computed as H(tag || tag || data) where H is SHA256 and tag is the SHA256 of the tag name. - - Key Data: In addition to transaction data, the sighash includes the spent output's scriptPubKey. - - Extension Fields: Specific data is included or excluded from the sighash based on the sighash flag. - -This signature hash construction ensures transaction malleability is prevented while providing flexibility through different sighash types (DEFAULT, ALL, NONE, SINGLE, and ANYONECANPAY variants). The exact computation follows the procedure specified in BIP 341 to maintain compatibility with Taproot signatures. - -If a sighash flag other than DEFAULT is needed, it can be placed in the transaction witness. In this case, it will be the only field in the witness. - -* Compatibility with BIP 141 - -By adhering to the SegWit transaction structure and versioning, P2TSH outputs are compatible with existing transaction processing rules. Nodes that do not recognize SegWit version 2 will treat these outputs as anyone-can-spend but, per BIP 141, will not relay or mine such transactions. - -** Transaction Size and Fees - - Equivalent P2TSH and P2TR outputs are always the same size. P2TSH - inputs can be slightly larger or smaller than their equivalent P2TR - inputs --- depending on the use of key-path or script-path spend in - the case of P2TR. - -Let's consider the cases. - -** Comparison with P2TR key path spend: - -P2TSH inputs will be larger than P2TR inputs when the P2TR output -would have been spent via the key path spend. P2TSH quantum resistance -comes from removing the P2TR key path spend. Consequently, it cannot -make use of Taproot's optimization where P2TR key path spends do not -require inclusion of a Merkle path in the P2TR input. If the Merkle -tree only has a single leaf script, no Merkle path is needed in the -control block, giving us a 1-byte control block. - -** P2TSH witness (103 bytes): - -[count] (1 byte), # Number of elements in the witness - -[size] signature (1 + 64 bytes = 65 bytes), tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), control block = [size] [control byte] (1 + 1 = 2 bytes) - -** P2TR key path spend witness (66 bytes): - -[count] (1 byte), # Number of elements in the witness [size] signature (1 + 64 bytes = 65 bytes) - -Thus, the P2TSH input would be 103 - 66 = 37 bytes larger than a P2TR key path spend input. - -If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block. P2TSH witness (103+32*m bytes) - -[count] (1 byte), # Number of elements in the witness [size] signature (64 + 1 bytes = 65 bytes), - -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (34 + 1 bytes = 35 bytes), - -control block = [size] [control byte, 32 * m byte Merkle path] (1 + 1 + 32 * m = 2 + 32 * m bytes) - -For a Merkle path of length m, an additional ~32 * m bytes would be added to the P2TSH input. This would make such input 37 + 32 * m bytes larger than a P2TR key path spend input[13]. - -** Comparison with P2TR script path spend: - -A P2TSH input will be smaller than an equivalent script path spend for P2TR inputs. This is because P2TSH inputs do not require inclusion of a public key in the control block to open the commitment to the Merkle root. A P2TSH input will be 32 bytes smaller than an equivalent P2TR script path spend input. - -** Consider a P2TSH output with a post-quantum signature leaf and a Schnorr leaf: - -The P2TSH witness to spend the Schnorr path would be 103 + 32 * 1 = 135 bytes. While it is unfortunate that we cannot use the key path spend optimization for P2TSH inputs—the key path spend optimization is exactly what makes P2TR vulnerable to quantum attacks. If the key path spend was quantum resistant, we wouldn't need P2TSH in the first place. - -** Performance Impact - -P2TSH is slightly more computationally performant than P2TR, as the operations to spending a P2TSH output is a strict subset of the operations needed to spend a P2TR output. - -** Backward Compatibility - -Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH addresses and validate transactions using P2TSH outputs. P2TSH is fully compatible with tapscript and existing tapscript programs can be used in P2TSH outputs without modification. - -** Security - -P2TSH outputs provide the same tapscript functionality as P2TR outputs, but without the quantum-vulnerable key path spend. This enables users, exchanges and other users to easily move their coins from Taproot outputs to P2TSH outputs and thereby protect their coins from long-exposure quantum attacks. - -Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but does require that users do not expose their quantum vulnerable public keys to attackers via address reuse or other unsafe practices. - -P2TSH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. This is the same level of security as P2WSH, which also uses a 256-bit hash output. - -P2TSH does not, by itself, protect against short-exposure quantum attacks, but such attacks can be mitigated by the future activation of post-quantum signatures in Bitcoin. - -Combined with P2TSH, the introduction of post-quantum signature schemes would provide more comprehensive quantum resistance to P2TSH outputs—including protection from short exposure attacks. - -That said, the protection offered by resistance to long-exposure attacks alone should not be underestimated. It is likely that the first CRQCs (Cryptographically Relevant Quantum Computers) will not be able to perform short-exposure attacks - as such, defense against long-exposure attacks is more time sensitive than prevention against short-exposure attacks. - -** Security Considerations for Post-Quantum Signature Schemes - -While this proposal does not include the introduction of post-quantum signature schemes, we think it’s worth commenting on security considerations related to this possibility. - -Quantum-resistant signature algorithms (e.g. ML-DSA or SLH-DSA) offer different theorized levels of protection—and should be scrutinized as such before use. We are currently researching options for the potential proposal of post-quantum signatures into Bitcoin—and encourage others to engage in this research as well. - -We also imagine the possibility of introducing multiple post-quantum signatures into Bitcoin for redundancy. Balancing the risks of additional complexity with the benefits of signature-type redundancy will be the challenge here. - -* Test Vectors and Reference Code - -TBD - -* Related Work - -Below we attempt to summarize some of the ideas discussed on the Bitcoin Development Mailing List that relate to P2TSH. - -The idea of Taproot with key path spend removed has been discussed a number of times in the Bitcoin community. - -For instance, OP_CAT Makes Bitcoin Quantum Secure notes that if we disable the key path spend in Taproot and activated CAT BIP 347, we could achieve quantum resistance by using Lamport signatures with CAT. - -Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures—meaning, if you sign twice for the same public key, you leak your secret key, which is a significant practical vulnerability for everyday users. - -This would require major changes to wallet behavior and would represent a significant security downgrade. - -Trivial QC signatures with clean upgrade path and Re: P2QRH / BIP 360 Update also discuss the possibility of Taproot with key path spend removed. The design of P2TSH was partly inspired by these discussions. - -Commit-reveal schemes such as Re: Transition to post-quantum (2018) and Post-Quantum commit / reveal Fawkescoin variant as a soft fork (2025) have been proposed as a way to safely spend Bitcoin if CRQCs become practical prior to Bitcoin adopting achieving quantum resistance. - -* Other Methods of Addressing Quantum Vulnerabilities for Cryptocurrencies - -It is worth noting, by way of comparison, that Vitalik Buterin's proposed solution to Ethereum’s quantum vulnerability is quite different from the approach in this BIP. - -His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin—and would be practically impossible to implement. - -That said, we believe the use of STARKs (which are quantum-resistant) may prove useful as a method of proving access to external private keys, in the event that the community chooses to burn vulnerable coins—as proposed by Jameson Lopp and others in QBIP. - -Discussions related to the burning of coins, and other attempts to slow a potential supply shock caused by quantum-retrieval of vulnerable coins, are out of scope for this proposal. That said, we have separetly proposed Hourglass to address this concern and are continuing research on this subject. - -Commit-reveal schemes? Other? - -* Conclusion - -coming soon - -* Glossary - -- Quantum Key Recovery -The derivation of private keys from public keys in elliptic curve cryptography (ECC)—made possible by solving the discreet logarithm problem (DLP). - -- Shor’s algorithm, developed by Peter Shor in 1994, is a quantum algorithm that efficiently solves the discrete logarithm problem—potentially made possible by the future viability of cryptographically relevant quantum computers (CRQCs). - -- Long-Exposure (Quantum) Attacks -Attempts to derive private keys from public keys that are vulnerable for an extended period of time—that is, longer than the ~10 minute window that a public key is exposed in the mempool while waiting to be confirmed. - -Long exposure attacks give quantum attackers an unlimited amount of time to perform quantum key derivation, as long as funds remain in the address. Poor wallet hygiene (e.g. from re-using addresses) or use of addresses with exposed public keys (e.g. Taproot addresses) increases vulnerability to long exposure attacks. - -- Short-Exposure (Quantum) Attacks -Attempts to derive private keys from public keys during the brief period when funds are unconfirmed in the mempool. These attacks cannot be prevented through wallet hygiene, as revealing a public key is necessary for spending. - -Protection against short-exposure attacks requires post-quantum signature schemes; that said, executing these attacks requires faster CRQCs than those capable of executing long exposure attacks—and are therefore viewed as lower-risk than long-exposure attacks in the nearer term. - -- Tapscript-Supportive Output Type -Tapscript-supportive output types are the category of output types that support tapscript (including Schnorr signatures) and enable taproot-dependent technologies. - -- Pay-to-Tapscript-Hash (P2TSH) -A tapscript-supportive output type with nearly identical formatting to Pay-to-Taproot (P2TR)—with the quantum-vulnerable key path spend removed. - -* Footnotes - - ^ A Cryptographically Relevant Quantum Computer is an object which is only loosely defined by characteristics in quantum physics as of today. It could be understood in the context of this BIP and in Bitcoin that it's a hardware-agnostic computer supposed to have the architecture to keep coherent a sufficient number of logical qubits to be able to run the Shor algorithm in an efficient fashion. - - ^ Shor's algorithm is believed to need 10^8 operations to break a 256-bit elliptic curve public key. - - ^ Meaning, deriving private keys from public keys via Shor's algorithm - - ^ A vulnerable Bitcoin address is any scriptPubKey type that exposes an elliptic curve public key as raw bytes in a block, making it susceptible to private key derivation through Shor's algorithm. This includes P2PK outputs and any script that contains an unprotected or reused public key. - - ^ In the paper How to compute a 256-bit elliptic curve private key with only 50 million Toffoli gates the authors estimate that a CRQC with 28 million superconducting physical qubits would take 8.3 seconds to calculate a 256-bit key, while a CRQC with 6.9 million physical qubits would take 58 seconds. This implies that a CRQC with 4x as many qubits would be roughly 7 times faster. - - ^ Used by P2PKH, P2SH, and P2WPKH addresses, though not P2WSH because it uses 256-bit hashes. - - ^ Matt Corallo, Trivial QC signatures with clean upgrade path, (2024) - - ^ "[SQIsign] signing is now nearly 20× faster, at 103.0 Mcycles, and verification is more than 6× faster, at 5.1 Mcycles" SQIsign: Algorithm specifications and supporting documentation Version 2.0 (February 5 2025) - - ^ Why not have CHECKSIG infer the algorithm based on signature size? Each of the three signature algorithms, Schnorr, ML-DSA, and SLH-DSA, have unique signature sizes. The problem with using signature size to infer algorithm is that spender specifies the signature. This would allow a public key which was intended to be verified by Schnorr to be verified using ML-DSA as the spender specified a ML-DSA signature. Signature algorithms are often not secure if you can mix and match public key and signature across algorithms. - - ^ Bas Westerbaan (2025), jpeg resistance of various post-quantum signature schemes - - ^ BIP 32 relies on elliptic curve operations to derive keys from xpubs to support watch-only wallets, which PQC schemes may not support. - - ^ Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the leaf version as c[0] rather than c[0] & 0xfe for both P2TR and P2QRH. If they test against P2QRH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. - - ^ If m >= 8, then the compact size will use 3 bytes rather than 1 byte - - ^ Winternitz signatures are much smaller than Lamport signatures due to efficient chunking, but computation is much higher, especially with high values for w. Winternitz values are for w of 4. It's worth noting that Winternitz signatures can only safely be used one time per public key. If addresses are reused, private key information might be leaked, allowing attackers to spend future outputs assigned to the same address. - - ^ XMSS, which is based on Winternitz, uses a value of 108 for its most compact signature size, with only a 4.6x (2.34/0.51) increase in verification time. Signing and key generation are not considered a significant factor because they are not distributed throughout the entire Bitcoin network, which take place only inside of wallets one time. - -* Changelog - -To help implementors understand updates to this BIP, we keep a list of substantial changes. - - 2025-07-20 - Changed the Witness Version from 3 to 2. - - 2025-07-07 - P2QRH is now a P2TR with the vulnerable key path spend disabled. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. - - 2025-03-18 - Correct inconsistencies in commitment and attestation structure. Switch from Merkle tree commitment to sorted vector hash commitment. Update descriptor format. - - 2025-03-12 - Add verification times for each algorithm. 256 -> 128 (NIST V -> NIST I). Add key type bitmask. Clarify multisig semantics. - - 2025-02-23 - More points of clarification from review. Update dead link. - - 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long-exposure so as to not be confused with the language around block re-org attacks. - - 2024-12-18 - Assigned BIP number. - - 2024-12-13 - Update to use Merkle tree for attestation commitment. Update LR & SR quantum attack scenarios. - - 2024-12-01 - Add details on attestation structure and parsing. - - 2024-10-21 - Replace XMSS with CRYSTALS-Dilithium due to NIST approval and size constraints. - - 2024-09-30 - Refactor the ECC vs PoW section. Swap quitness for attestation. - - 2024-09-29 - Update section on PoW to include partial-preimage. - - 2024-09-28 - Add Winternitz, XMSS signatures, and security assumption types to PQC table. Omit NIST Level I table. Add spend script specification. Add revealed public key scenario table. - - 2024-09-27 - Initial draft proposal - -* Acknowledgements - -This document is inspired by BIP 341, which introduced the design of the P2TR (Taproot) output type using Schnorr signatures. - -Much gratitude to Kyle Crews for proofreading and editing, to David -Croisant, who suggested the name "QuBit", and Guy Swann for pointing -out the earlier name for the attestation, "quitness", was -imperfect. The attestation was later discarded when Ethan Heilman -joined as co-author, whom I'm incredibly grateful to for transforming -this BIP into something far more congruent with existing Bitcoin -design. Thank you as well to those who took the time to review and -contribute, including Jeff Bride, notmike, Adam Borcany, Antoine Riard, Pierre-Luc Dallaire-Demers, D++ (dplusplus1024), Mark Erhardt, Joey Yandle, Jon Atack, Armin Sabouri, Jameson Lopp, and Vojtěch Strnad. - -* Copyright - -This document is licensed under the 3-clause BSD license. diff --git a/bip-0360/merkletree.png b/bip-0360/merkletree.png index 62c73f3139243ce88ef0a0e88f28f5c53d483472..9ec24e663ff1b89f9205137e1ea992a98d5fca87 100644 GIT binary patch literal 103756 zcmce;WmMH$7e2Zb6;zOtP)a03x;qqBxlJp=-QAtC-s5rMcV4}Yc5?!YHB`2{M<;q8(Qp&(_oW z`c-o%C6nQkMjRpet54`}I%>z-1?q(UHLA0h!alNGbnD;=MI`}XZ% za}4)gaWVUFu2w)s#WTB!l*TjckcJfuGCwM)YW6kz0OM!ug;IQqy`)M`V`bP zHNRzRB?)@ndSYl~kk-eK}YKD&m7#-E`f6?7s_X*BYtAUwKPtzjgurKP3)_4uAX6=r|i z`+|~^GBez1ds2hla#a2y9-hj{A<{b5ULW={@>5VyJbn6fw9p7u7>!!y`>hvc)>ARO zPPBV_dz;fWaew{@-@JK~klXeNHa0dfpELS9dUfn|6xN&1JM-917)|2H8 zdOnx_85yP(9|V1Td=O3+Beh=Vy~D%QbacVE&tws{i*49Wx)v4|?#J7qv9XV6qk<|N zR&a=kyE>xiG=9Iii>PwhF@ar#$1Ql%j^ll?CkB^Qn6EVLNnC0r^Lev3-#l6AB<01= z#uf>7!0K^i`HewK)Y6h3A({3?B}X-i*E=8n!G83py(tj)hOM3554C*V)%A5nW#v~d zULc|wb)Ir_$GGh;7n%>z{@dTb@hLQv>dBLLT4mOS#+~@f-3guWOoPTYGqnj|B=!yt zH@F>^(cwK`y?(8rtlZ=><0WQm%iI~wWZE2rhmelvju^<0EAl!&vcIkp2m9#vY5DM! z&cnmQz|b(oduMTxvbdzgUowq0VrO%#=q8p;-DT<7Xs%Y-ttY(Bo0)>D^72o>!u@h{ zb1SJ<^Qsu+;XC~2&!4Z8d3c<&Y9;^q^XJx+mQbQ+epvHEYI=B99^#j*gDEo`i&k`bR}Yfzgl(xTE3X;u_f4773w$K{PE)ld3=1lUr9*`Gb=03N>37jFq%TXuE39+9J=+9d?qlZCNK{& z_Y2*v@eKwotooB1T68hSF*BUh*!CqC4Ry`hU%?JuR*I zmqwAexOlQeB=y0@NO&BV&9^p(-PxC2fBy~%9cRoet*uEMt`G6pFQP%*Ar|zE0gLYi zXFA%N5Oa3sH0_T6;j}UQ_U+f|W`$JIzB;gD*+hN`*h*do0fB@F3b8NI(XH=ppoq)L zF1JNcEG{qqTgynA-`e_HVlh(gy7v^W>v=ro^2Wr(etVL~)6;Xb#DW0Aj_2W!nlb71 zzfLBpsm`^5471UKIgunCS66NVM(ro$`^G2M=2M`Xb=I;6Z*75!j6Zn9sPm z2~kl|Tf#`B6ciK!EtZy+A`%nBLPP(GY$)fbGMJC#g=S?vCnY6)V{ELTuAV7tGhNM7 zSy}10)_>byxM3(qt&@IbI(fsu(#lFgT-^0nH8MCK=pEE+xXSb2p{1m}MMp=6j)5`M zszQqgcQpO`or7Mh^w%JLMS$7xuSe&{J1bKzGf3};ZwHFalo0U=38x1Gazk#gCF0J` z&aq1;=jTQ4hvpCgdm&<@V(WRIQb|QKs;oTEHy_Hr@%61)6_M-7*%_<%h3lam8yg$q z8@s1WeQn451tr!@C>#b^nI7Y*-wYrQurQQc_0XO6&U^92^QX57${_ z!n1MZvtMHbp-fd>;|V8cWT-v8v@US6v6yIl`0!zJZtkVJ+kYXuZuJL){Nu-ux%v2_ z(Gn4&VZ`mfjXPbzxZ3~zMZU|7_xaWjf_oSkX>v(|^m?`N$;nTiQc&C|C@u9)37WwO zbKahm0Eb~=XGiW7At7ObQR{{GN zM(+=iK;L2EPdFdi{IQe&31UvKW?5 zsM9DixrqgyzW#C%!ikbzXJeztWVxM)&Pr8}wvv((Ix)Arz$a}qa!#9RdUg(uAt!oT zTAZ=5F=2R@5Hg`F-yR*Lxn6BN6#go}OifLFCrZ-4sK_C!xC$j~CrzFPQrC^-%*;=# zt8Whu4-1Qmlvdi?+sXO)+Ec7ZhoyZ0+10Un@$y7igAt3?l z0wkowWcZkfNXpup5&mq>)FnA@jk6g1xrOv_NYIcqs492+`}@m1Pg%FOw`1bsa7jo) z;ZLOsi=bfQ#z_9c;^M2&#~kXlo;;8wIl%{$;Tpz*F8_;f9{LC>l|%qqcBlW0-+%bf z*YCbsP>h3&+yJ^x79-`5*(9-&l!u3BFi$7Wda6=jSX%J^4vrUf!;1c}ZGZRkZp!mh zXa5?0jr`_|`*f0{m}r1XP)gH1>%?(Xhh(KAzIiV67` zPo7QUJ%Fk(Vje}4@#z|m=aAyr7}(jrLPitZbIRAQ5LQ+m#7$z7P#mH{p;^nqAY^{$ zi-P*wWk(mEUcJ8F7o}6D1&~ZRte4T!C8Vehomyo#RyMX+4hwt|UdLoui-Vn+q}kco z3`QV97(?oT!4lH-YHUhv(JgK~oPp=OVOU|>FQbHwqct7vm zfnji1m+8##B(}AQfQ5zS#uKnzrn-wSuw?)`q`(Mhw{+9QlxU;aZKjFU)YJse zH`#vu`o-;a#y*s-;*o8?u(03;7-Y2AY=A90i?W8$-riol#2oLLT;eOV2FTBENAgGz zV5Mo0A}OObH zafJhdpIumJ6eIKUD=p=Wq?R!}SnVsXs37;7g-|ma$~Bz~3){2zTv_J#ZAo`pa9}j@ za{DF8tYW~+fNy00gP*SF$`r!jiOw+}-i0bRB zb4)9S^OYnYLJsqXA|KHW0IE~4GV3G2yJ(%PWn~`#B7R0qy2D_wV0Op~2pKf-*NqCXO?(zW&AB`Z_J7!DnA0Bbyi7BVU6#HNjiG za&;~L6cmI5I3q=;%Gq$KBWk`sO=|w)bpKCxx9l&?63JV)Z{LMdipA~U8vw^p1*!Oa z+|B^J4y(xs(HL3n`9a!3yMG^77>&hsS04%J;YTORYzXr5@(c&kWemX*Q)Cl(pFVl= z0$vPID)Kk}D=YQ&lTY@0grM>SyAXwy)>>Rz3WPHJ6W~*!B2$J-E)MHSbqMBqXymWr zIIWr{D;$Q*_E&lcVEeJ5e1IZqZfh%77P2rlfRd+7Omf=Qt_sTex;g*>?~?nqb#&lp zYHB{EqIwNChkVKi`G5|&{!mpcO^)6dcb=1wvl`4)fF?jflFwBv(n(=8q2OtSW`NsP z$p|2?=T5TWqyhycC0_cmP-_S)DdD~YI1F}1rl_Puw@LcblmZ~Mm{=?8zylKASMKh- z;QP0Ou0ub(e?R)$`2OYDA&P!i3`_OZ*#-igls^Uv(%vc;8-SUAp|miYsTGi)bRs4o zXoa20)T!b`AQ2-x7Pt=@f{Tj_fP4(6)i}k*Wix?ZZ-Idb0#eW^G%8})Ol1T4;cmt) zA&=J2*4EZo>=(rkxvt?tfC^7oJIVN6nWv|x!&L|*D%I5032~{VpRlpv0#1U`PEy(( zQoTam@W{wBCZ_x@b^!qa1Qezf-j}>k1iHGqW)47(m5`Hb?dl4F!gX$Wxn)GpC-lPy zk=N7H_hn%Hdi-i?1RR#T<{<2Q{%d~*wTGg-{JYXp=h)NSU%yB-6QMS%!xv7Lry=E5 zlFa6XwHKF`hKvIJfvG5$=&~{{DDKyf!DQA)j;~qD^-9c#1{;(#miYMil$4c!Zg0C1 zK701;(89&#n6+wbJFK;;v$Hc8BEBEiD^XD>e{@X7ph&hH`@IxMttQ?NjlD@qd+lhLs;xSzuO%JxZSESu@SGlXp;1wIU|0Z-`Hx2Nv+Ox+rZ0R^ zYX1KHD|K59$}PA>){M|*c*Es3X7>)05EO5Ka4an?Ni|d@C4UBa6F_80bd0KvXsGC1O?5D zy^v*y_{fr|&VkE%vJE^(1M(1sXox-pGdZuC=qU8$pBcYBj;*0o@A`yILC9u;{x^=x zbiCMXeLEDwOMiufso>R#(b>_~`REcuRq%KR|B*0tNtdTtdP&aAiooEmKnoOP$e?iHY51 zGv1xqDmlGFL&oz>fly?B`_4>0wHM#2FTqrvlJeAUzUgiu)MbSxf4~0^?Q?OdZBAAw z{ZcO!j^}X@g?NQ*xOrc?2YM1P=_+HY#xond2M_)Z?VOO4%j20L6!#rTSy_CatJ928 zhy=H%V-J1;0{$;ZL1p0Q@9)36zmE&62(i^}eeikTZ)2&s)m57BTsDkQKKv5gfp(0F zk0>OMzLeL7u%E)8=6e+Cyf6KVii%=bj6RmT?Wbqz)p=)GT%Rn2!@7yUP6h)K3Iccp zVH(yM2f96sMYWL8kr(+hHKl|65y*+E2}gZmWPwnWK^Uc>r+=uFE{zS)It5NrC3i}LN~exJR_6^B^u z=3fCYi)Art+0P3?qTMJ72qFLB-l#}R-!IwmU%x(lc<(m2X-^d`@^j_%dwQtZ0L6c% zrKubkOPWD57T~&Cosjzh4LIlf6)Z+?fqe@I*%{t5l};Ajx013B+(*a9?4dXkTh;=9 z2*$tsr=6&hrdW?k7NUT8%bOT~c^URqRXOkm85!B(H-0%tAmK4YT$u|SbY*K1 z*lmdq}r+8e^7Vv?>;_0e)V1p(FIieqZ1PV zfOZP3r+6XI+uGYBGbhyk6n+3WP@sn#3879{L_96Fj|Bz(W2dWCvxZ-3ti zUX=-bZu=&X1+$bg9$1Xz zr2!ZxeDtW$VuTU;8~^&fALZ>L)`$OUxmLLj6gW2q)qWk%qwuAq{uuoxtmg6wk6v4@ekN#GQ(?b|o%pS~+4pg6^sh5(QtqvTRCay9q#daj-qoaYx?m z+N7s(c`9RdY(LaKAu>yOUM&Y7gREe=$4A9cn>Y@Wv`JVD^+N_)vf}$_jE4oq}6?ijyqSs@wKFcL*_d>IqVmhGHj7=XedTsU!SYHdrC%z*qb+$ zQ1C&6+a3yQ=sK~mvI4Ne0>lR$RcJ7!0U)8Irk-D1{Hbg63o1 zKvfhHf)22}t-D(^OBq?TCcB>hgl&xY`W5oc9ddH=rqI0^IkEF zl9lxfJP_>i+}s?XnIFoucQG)iI61#T@CNUOmwJWv5`GCFYTrPWmgqsT?6Oxw1{KSmBoJWWea&*tjRdkYoC5&&;J?}TS~ zklFtD-&dfGf}n;cjJ)6G=`%m8mkoZ}Vaq1kd(@G%QBO9<86G6vqYzx1`4(DyKtCVZ zFD|2IzpG9Y!PPPS<|yyvC;J29`&8>Dih&FMuW1=SHrpN?;C)eI8){|ppGp4iOB&d| z_VcHyKx36B=fC^+TwR8Lt>|DN?ga;-)q2KCG=A*M5J818oZ{`i!NH%&$;sO1ynJyOPNK<`)m%$Kpiy{*(A50Stz0&{+s=IF*u1&iMY2awyX=r=-+M~5v!#UF zo;QTtrqpDy{sAH+rW}ny217ao9gW{MtfVePOinB=&EhB`A+j|aBVcu~l97|ai|#yv zUtU(1)JyR4YnxWtDz`iPp@2Xvn=}0cCfRcI;fBQDw)&Po?|F<`X6IJhmfFOz&>DZ)? zDWH{A?DA`3vbu?ca8c)#i?mFfk$l<%C#P6GZ~jZc^N^|g_?h7&j*f5I2eU>s)pzTJ zuJpTu@aSWCqkhE`drwryCIRq2IiBIMzv6F9ms@GGsWb30rS8^Q@Hx3b#>M3w%OC47 zH-{d>>c7w#ZKRm{*vVq}jm-XX%;QHaZdac8zqDFMcItY*WGUHsZE@UO=@HwfBI$iD zq4H8u5eIqzKVAppuWLBsEp^4Rfi*2`Z|nXTaZ`l4-*T!l3TCA-(6biUS?70v_EzF} zNv3P*4hA(NOQ_TwSElv;4ig5M9O}WLBO=qlA}sg=huTv^sax_t=C~BHZe45r*71@~ z!)cnVl-c_J0KA5JH310E-S|w6`j&6Scb7Vg5BD2e|AsbweJHC} z8&dd#d?b4pokYU@(WA$Yk-cYM-gv5krajU2cTqmy_v6$K5>~grXx6|E8D*lL{3qcbG#a0b^O+wSeB(Ql}X8Zi3iGiVThZl;% z04p1|aKZ7S#9^W8;f9f!xn!kc`vjYbesV@YcpMSS-ukkB-T&bN?6oC)r_8d4val~* zh6uV;v=^FCgXis9@MA&{(&^p91Lk-hQ5z7!Qw%SH{adOB# znULi9qow1gJdNbVJQ}atmy^Xe&KC!`2rW#Kr;FX@4T!z=_Cb4nj+o?75^megr$#f|iYez0>f7X#Vv~+Cjy)XAMyemsl7Fg`$ z+wv8&P7M2=o;j}8*D7VmFE93{zx;sX=IG=|IG#(CYTC2B(D0#eWN1m-m0P6Bsc~>L zW~0p7ZoQvMk&RWI?4jSKK+Y2>O#Jd?x$5)R6GIs7W#kbF>A7ay zH-At`S*G)gsQ(!ioNx-Murf|2O{m z2X2DL%>}hrRGQ(=xmUzqm-BlHUX@&_GDYL@_d|u%w1O*3;%}^O>XFHftowt^a`wdNcj^I9tr6q7Em9&85_=3kBci>E$UIP@+jl2 zi>nb}*ce%Xyimx(Wx7%Awz~dMD2dc+T;F?z;9qeBg+`SJmxc2dbR*;^hVW!$WZcir zBR|J?&0`SR{w`W5GaG=xqUQJS=-d5ij>l$H_rk+W{#~3(6SMlY2nsFqSxS;nh#Cja2=s>cQ#p7c0X3Qi{m~nGR|78#l3SL;K5SkrnNt)Q( zyEqu5%+o<@=pDV~r{D5>N!i6-H5%863O!0v<>@;`JiI-H{KRTDw|h>Hxfq?crhIZ6 zn>){aZwywXip88>c~tW`J>K%Dx%;B`<6-P(&fEv9*tdEkoNW%=Q}zM%RYiH+Mn#3DP90G@R22hdHhNID0XQ~-u4_|MlfI>; zbcSrg;6ytAr-THZDBUGKC`!u9xuH$oTd`lYY5Ww0CTo)ZZ|Lgi`pl5c))sw1*?C#k zc-F_Lvl6VE7WX4@PIvwtGM;uGy*$-Uu(WkLb77(p`7qD%`oOVd&pCf@kxTLJ_}OWc zdeCfco{n42MqMZOWL1XlO9OHpt>R>hVEnX>SpLnK>lbFt)__|{+z#(?z6w1XZLRr zvEHG9RIhxl(|=`4hzrhhBGvB8LJh&{$G4?UH0`of*ux{i+Qc6N5_g;LPMSZCru5|8-#iJ?;qL>eUT2>O_(BB+66 zJodL7930lCG+KUUBMU-6pvC4x>uKo8+19JHFy<6VQ!JdDuqpKFU?IQxa$h$8x6l5} zy3rmB%TFq*xpke58BgKe^J+4}!D4Kb3*EVu=aJ7Vi@3(#XC*lp+F&i{?#Oass@?my zFQvWEB@__TTgKH95~4UVQ{s#vqQz5$+Yr^3W;ZLdVRMuBNy-1X?;S0RT-Ic6_37W9k0>U} z(tH}vF8Gb@V^Qo~t}4FEdY%7}r|IqQS4EXWh^D7c3N*J3epS_}${H{)FaPXeT9d+v zg4+L6M68=cpks_8z-+RVBp>6Ed&Y&3Wbqx6iJD-8+@Pe!W3upo0Cb$Zq26$^;cK0z zvo#(z`A1uwVM40WZn_2rv3xlO{RCM@ZP&Nk8rlhu?9nl93AAd2YS;x4Y}j*>2g|Oo1TEV-Ee{RRzQ- zFYo-~T6>?)5~kq}H1AWO5RZwCjgsu_?rv#s4@5S&faUn2JkYRa_(oy&P_3;7jCT|;xJ%Dzn9xzSd{SO_INO~P1I=5LFuQmzszd0K&_g@ z9U54{LsxsAr%X~5CCSNnSHJ0N)~~yQQgwY~%=?$egT9&zFf*mH#q7N15w;Q%8b+mW z8SMX}Fi_XjH%+97?P z$2&xDCw%#MA>%}UnZDNDhLYwXw}*S7&48#=ZGul;x_2@8=s9xnCa@yw|JFIJMB4%vFsqZqfIpE2 z?bPb({&PeoTY#?A4|(M^#%g3_ z*c^RnZN0spC+VMADW~f`2bFVH)x^($qLKpr`kZ{h9rJ1|bB?#-va0w1AcQlOHz&#? zj%;c*p7zWo@Y&kBtSr{n5M!V>WxG3dlU|7>OsAi344U^AH1U)@rHJKlf5`UjN)&@& zL~%rbxEuwQ%Y`wXyIW|Y%)rvR0X(boSE^iU3%9!~Vs<9=ng8kS$#Q4BckA7Z;1zcK zZ!urr_NQ!Z6*}_!Ay2oe%LI+MY@?k1*;&K>r*s zfA)C8TSHty0XzTbvW$p_PN_YPV#c^W#*StnSZm}9?mSDTDh3J#1%fe=KTs=I({-3( zo6~%-lw_DAsH%V8-XSnJP_-;uASfY~LZYy6eYnA+Vkj@SR&*-;FLO!3;&}6YM?;Jv^zVsvm9yw`4v}Ndqq)Z#^ZCv4^s#^?U5jAzt5e7K;Bcq17g|Ky`_sW2L(hQ4Z>U*QHEsW>}1v4oMa-(-tq z6WacE&y6<+$B)-VbLQ8Ch2=4x9+#YekM#BSK4GPo_WETN&QRL2c6~kehk? z_U&+O$|4A>DwVf8CMSuZ1z7Ppol@Yw)^R-bWj8&q!+<&TEPjTmjj^fz3(AliF?eI1{@^BQ>u$Reb6Kg$@_DLyIUAOPMI6qW zvurozvnDoZsfE*TsJ{7m=A_z0Y4*v{RgEv(^+luDj2C7yX^7YHqwf==$!WPV(Y`2BU98nPAA{)@YGXy} z`iuytOF0tGj#`s7ITRzmFuMg6LNWZv@8ie$xw*aGl5iw7sH{vZOW6=6Vpz!8fBg2X zW2nJ^NwEK8L=w84a&nj(w3XUGVSEZ>EhCuZNBw5?Fpj+ORXM9xuR3aXqmU|$<9L6* z=X9ZW_#0X4zZjTRglrFF3~DM|-&S>YE_d~?n_IjqsC6QhbwIjs0CrW&0*Tm*Z_l!=;BnrXS{ z5lTJwNFA*-_dmPXw!vtgz2UR@H`glD#86WC1W&uVI%}kw2YmQle%(*+;CbJ%`MWoT z-tB(gA3R|2z}=nPwDgWWy6tT>Vei`N3~(mXRMUBLDxgnC@AXW<_sTdqEiu%M#~h=8 zj1mvmkuUEaO4zQp6P7%)%Cfq;ZohQFbI0oh+ccbb*;$+Tf%Wz)J&e}TF7z6{TuONU zz0CbZqDTTfyoi{XPrxq^To6V>l1-rr-ZwNv1)Xf5q3ptJ)X>s0Bs?5bESxkArsMHK zK8cx`G}CS?2?4qrKvV$0qB4e%gpDR3h^DQX>Kbt6*^$idXJ>z?J$@|2T4YbiVuvjz z>yM3tFY~v@KhL#926s?>PFN)D3fDQlJTBXL z7g{4A&;R7CRYnUMB4X=0Z1fsXtNGzK#I=*7C^4wyy3g&2cLLLPR|9G-4 zN%&xUyLer-`k^17ko~f)H?3qjJk>_1)XU2!byx1OPF9n70^Ny;#FM3XJ8F+JH>Q4D zaQ$Xw zv*kRc`PuN&K?BO$x90PzIh^0We;>4UUWOc|E$DFPz7~=9Xu(|!85s!DJcV4Jyi~^z%X9|KrUo`sm|8CWJ=%)pwZ@u%x!xF@W-j2e& zmy;>Mp=GH@$=04|meH|npW55E%=(+$hvy#AV$4Oq4QI>6@-xyDv)&$y<}2Q3rG0ph z_n1t4@=E_pHG$d{$-)LuDa_3kyDz+y-)F&%> z!LIsr+e3PDB2JfLI_-PlT`<<_!@g%rvj=`@9V%G`wSLb0Q#qLXZDTYR|(2LKhyZX+SqqeX$|L34N_(oe>haq&U*^l<- z#?xikvvuN_d@iGQgf2cS<){|!uO#hN4TNGR#Y=Z5H00^sxrML=CO}xe`pdSV9Qx^k zmpaQS7(_9=p4`vW^4?t3`$}J?IhI8q%=dG#zZuV$YLk}oa$J6ZJb7GVROEHCK2~0D5}sL}TY<(6U)fOdQ);POO~D$FQ&mK=m+o)`F3p zzL{BIO^sJ9N)G51>}+jaf6d+v8i}H{sPN1F12knADXFY&nIwLM5==4!FubQF6SdFo zop1Opo_m*%pQexsMxDPNgmwkz=G6WAsMWXD8EJi$FHxMygu)_o8CDt_$J|%3s6T!r zt~71nXEHTCb6NK*{f2+f|2?(S`tDW`9&w%RjY#t$=I0BT-A5E+gi{%q-(fnivCjH0 zlxx&;H<`D_`0~tka!fZx=EI#Pe#7-`#ZDJrOn*g8m&5Xv@l`%!@3yCOM zG;YUv)<>~pzozVOAp+KWN}t!#_KpmtL7&M|z)@Tv@oo?brHGf8piez|+&S09kUY)m z+K!x@k58@UZ@*KEk#D0TvhYmL`1t;SO2pk%R7qX=q4hEP3$MgDG^u`{KwwWkc<>;q z|E95_p<-GzDy-m75Ui+FhRKOQ2R;o~xYuP669JU#y{pf%j^;YtquM5C3uv z7X1Em*iE07$DoNE?ac1`-#6P>5vx>`(Dn9?jYC1XC^o?mw6-Q(-*Did{wQi}`JJy+ zPl&oFsb|rku?;33(_}scvjYK4hBOlWMH#udp-D-4u|>OyB~@B=$|^uNnXL690)kca zZz4J5<7gJmiu~KTFzg%bt#9dHOw+w?&sSwQbJ`Ry@))jU85}Wfl@ls7oZ#dndt!|Q?9uIKL*M0g`U;D;EYNBbA_XwnQ%x? zz;?*#-Qdpxk~orRRO5cA+o9pgw4=wECHcGPd5y?v=XPYn2PqOZ4pu|$>#MY|^C4P+ z%%jj!E4Ngu3B}d`#|_naFD)UV@oBCSvgE>WxxnMI%1TdO$JNwq28n)LW-hMQ*4B(B zoI7~Ujg6_2J+?(9B}+it@p=B?+2;>!|7js&pVQL*>F8JwEM0oef=3rF; z_z+1hDzvZCieFew*ZKEaMAI%PBH}AN@05MFHcpqhm{USOq_cUUHAY5!8&#I%O?^{G z+&ZxnU8VNv{=a{*EIavPrk=id_zwkml^$L3cznBf|K3zPjzDWMSL?-|E5kwtA%9%V zmzytMy`|AorT4*CiTs)IB|1_m?*c|WNcuYvKvUAv{Bv^|ASVM8!NAH&#@?P4I);GP zu*t~efMUnY%#2k2K#vd-0Z{bSwX`B5BSlP1sA0?rY#Y$Md`e5BD%-K7a0KofBnZgl zEl@>4M;OQqgA*CrHSTyYYXQCkusnW3y9!hYAE4F+UT}r`AuaSOxOsT6ff@nNk)EE8 ztQ@wt!?50e`h*5V7jYRGDv$wy6cUSsMCRqo8$it0uCTu?A|e6`N9b(PgTH_pCln|w zkc}jP)&XY9v}C@BNBW}V?buD@^e@s88hz1g(TK9I$uqxLwGYQDr?Xu^zaSbYA&~tZ97wF(_3K zNJ|7Z5)CvoczKbZ%r7he|Ga)+AQE~2h6V<{0RgD3;bg5KNfQ$jgC7rrb`H?V7l7V| z6bxKkc*3vj9UM^7(n24=x2lQ{7~4;onXzE@43su*=S@ORPR`Yh4F^zmX=`gEwS&<2 zh4lyKB2WulJv&if&AOi9{CIe93ubmPOPo1kyLbuG1WCSf#Km9 zK#TdG_SFxRG(Zz27W5>Pl9B>4A`h_LttLv-JdU@SmJs#`e=Pf#g#U3hzTLZjAK9+b zEHMYmLW-*3cR}_*^YGrm!2xh?g`v!{va*7nNbkUa2y}BIBR>Fb7&Z@nKC4qcOBvn* zOzp$Rk9UBL-*e7+J@Ef1hM7#OzW+}Lar^(J7C2+&cT^`ZDg(p3cmISzco0!iD#Eci zm>(~-A}TB_G)@N=N-yXUB=aJWSFX88ltSR);0S|qgER(YqRzm3QVis9XK8M3W_jED z1RATI(noO11vW8?PNL2Gue0=Hm|nNR3lbwS@V_O><7!6ngi)YYf={74Xt9!Q9vyLxuaZ<9fvVk_E zuV24@^XARhDtf@KSHSLl1{5V==7ShYTv4$frN^Q-`35{>^dbM?QSU5R> z;&TfKdaw$eUNz7o1vP3P#4q?%M@I)Z$RHI#Dtti7CiHJc7wx68@X0fH zZa??ucAj3Htb#(HLvAFHMBp#g{)wsz}MAE@ppoT7jn^I ztzR*u^t^`$19oo)ko6DNhwk6+zI#*Q|8N2B2d^k%f_Ohe#rS6C`O@;T{l+i@(B32@ zC7*I|M1iFxms{k31rG8+;0_rUVkgP9gMDvV3Kx0 zf+LMl1AZ@PEnsJX;z!GNX(!a_B9sKT14b&cCk4cGr}e=G(5IJ%Nq#x-IojrD%s99v zJK3<#czr)ga-2}%6}gsh+-HF=R_MP&5+1TrRE1cDcoA6y5k8lS=#Y(Q$JrMDo}w6Z z4!v^FVR40CFwvfHVqr(!4ee9B2@CH~qkpVK!R1Jn($PW4}?q_7@6 zI&Cv|L-$-2;-llqw|YH zKFMoqUo=SlOif8i&dv@3yYvpkqARhP5k#t=M`YpVMl;Fz+xAE)CkU$>T3YS^^1jl) z1Tr4l{o0vow-3=wdiRVW4F6f}OBEVzxw@}RdeED*9 zFbnscODZqu1B7Ga;)sUxbk4_&(9zK9A@B=&RBcXx_!|{cG7TM_h>Q$|sHiAjUPun( zQ(;ffi@Ir{=g;p#B+MzO`T6q}oXapIo2*;yO1>9x54kVMdtM)$>=}V<3ln570bp^! z-nNBW+iZ{u>0W5(`yo(~|~F#srA0Nqk)X>^#=`qfo;c61a#+TrHqO#y1DdWHQG z>bWcs0f4vLS8AmNacKeA)W|jqh_Fm8CrUAnj*gJ}#h~EeJs1QwPEV6Ur=}Sx7UG1( znO#{409Q(di-BN4-rrj`NiY<)Rn6Uo?r6*PWS1OHt+;1uY6{_vf{Tj)=J&!-%L`^r z!SMqI?O&*po_ENVnf!eW8k)k=M*Wb&@z;7kK+hr%Ck|j^H@CEWffxbNB|K5cN4BA% z0i<`YAUM8y^~TIh0u1?UY^=oP`EdqPN7H1;0-EYR2>5^$WZsT|ej6ET=11Men4 z5Ao9{AZ&|45YNL3NKK{4)v5ZXTk9zSB8FsCOwwNXqV4bBP(Ug0I|Hz?fuB~9T751yo2N|40e?c^aJE~PoE;G9sd^ZLXuMewUanKzE1^ihj~+` zLh4&kwyAsrmUuAaYzaNRB&0A5ub5dwjMF9NMHcA&U-fEfB|3iwZCY^;XA zD{x!ILG=OSdl^uHQ^16191i)wt~s}P%FeEw83(xrsfh%o_UA8Oa2^p6MFQ*=a6kA2 zF8>xh6x!)*Ai8}7Wc_W21VwOCbFb-VYu@C5u+)p+VnZrV1}-9mL}7Y-sSD%$yu1g- z#>NnBl~1vz$VEQFDJ59YmPeK~AS~*G>(HJL4Gc7b_b}_%BfvNBPN*m=C&OU|eLYa* z%Y%LgGG_7HzMGh2f_@-&foBf|F&Wfi*}~^8+mj7I^23I+Gcd0%F+afs$1xin@w=#K zZgJ5MY!Zy)1{`MKTU5lhJyVD2#W@L8|5Q&hy_7gaqgvGR*7$kSdNQkh# zzVd=p_5@55oEI7XfkIzuIrjeZXROSuECUd6$FQ5>!08U>(=mZ)K!Nz9GXQ6HF!JBG z2LkecTE}|05F{^9KimN{?hiOczy93~#1nqfWhfc}oC|~KVHb4w4ejk~4hhJ3x9)kU z*J37@lHPL4&?hT!&O z#Rs@YLv!mn1~hl3gly1!-WO;N&vi~dYobJKY)lG zr2ga-6d#~sYUt`h2hFW;0+8{ARaEe@v$H`ST@QF6dvgQMS^$kHE;Qd1%B*!D@?(LX z)E~G2Aa8>ME`s5v_rry2J65AzK`U<0n{&dT*Cn{c>@7LsLX%wLqO{Z z?|nC%OsEBF5~Pd?F6T9C$qrKL45DGi=F=kn-L>@njuD6T}Il&2gYfpcthEzHb*K)?mg z16j!VPLHZ308&8Z@R=Xjvp$I8;h>Fr&;sTVE5PibHBBnI0Q42eDEaT-zohEzV3w9z zXFZ*pD%#p1Ad#wu!*9mV%`GezKyK=KxQ+)uMcDz4v%5LQ2LH@L0tGqbnZ5@cse_s* z=oJKdt<3D~d&iL=Z~6m{@;Np(5TcAQfIy(Mwsm#+)zt}sNWhO11V|5{h?=Z&!93oX ziKbCfQ)`90M8wC3K$=!QcO4sPhGhrgdM5iLPG;tM*fy$CFfwuJsi0RWk`s7=ukb{r zt~Ex$!wj3&L3k*yswxViK_SB98C=go^$-}m+(5L1lZAu)?8%cSNO>TEsPF5i5lt*` zWJ0RT&h%)dQ_e0@t%7;f32FCtKBF)6a{VeR;h2|EUmy^?fG`C+^)=JT%8KFQa0>J} zb4;r|4$H~EexVC^95q2sg(z|#d5Xl2bvSZeAO%st*#OAA1~!MNhbp<>j1wLQ4kGyj zZvh0y^^7J&6L?xVRsHU^)+p$ky5UqdI*HoZRrAV6h&+d><4IAw*mc z;9L#YvxDb|dO!pK(0n0fUtC@yGk^Q>H^Y+7i3uX;N34R}1;l1{fTba9qX6`_1x6zD z3E+^6r`jsfNlDiV8-5^!^@G=&1x2w+n2BsG>uum7zl4;Pr&|*QOl=h&!!s8^ue*DD z4WUF_SXfx^D8#~$@;JmhNKYbgJtY2s-VPIX57f$gvkfRG!Y?2>q*z(-_c!F`wZQ6Nk*t8-i#W@yZXJ9F9P`3I4h|UP1?tq&BBY3_RG;S}#6G zL35j%$n_Sc#35&4!G;*xh?EQ~)PZ+EZ}b0R?#-imZu`F9ZyB0|QY0A~Op(ewRw|Xu zRLGEuQ!-?hXrfX?LS|A#6qO-UM3M275D`s=;w%-VG(NAxb)9?f|Mq&G{XA>!weEY} z*X9288;e=gk}) zH7R_Q=!X!nxS%Q%XF$}=)SCKlnuq|tGQFpUCh3nDHOiHcsWEE(vgO;-G+dn`Jc@?4 z4oy0|4*w(}w*39GIBj1ymZACgx7TLI8SYN2RvA;Hf#J;ioPMLTYiaYq<7uv;RDW^3 zy7{~O=RZt7p&|b1Tu6sLRE42Q?nN!Pi~2DB@bLd*FOd-UgE5_txQzx@2o+O&8gDq% zE#`a7s=hVM|J_xO?f^}g5`~#~*DYY|;YrmXow$5i4UPC#DsackZvKd-K2k;X>DyQ3 z*Y9F@;}6DK&SEMCY$fP**KXX<>EFMNl<1bF12N|#a$fT`#9KcqLCV~!ag)u!-JnGp zZLX~dJLg2rN(HemB0?e8A%2#&mMeli#Qs}BPQu(h{!=49z!gB>pr)e250IpyjslOu zaog3aHP%;}jRAX*0R}Ui-Mo4ZSzc(0mMr;tM($VhqQCyKJ(@}Wb;eZaVP>q?KR(?!so*0jEM1Ei2Iz%JJT+PNAQTQ#SwpvE!(Oj96qV zs<@`uI^6J*J8OJ8P)rG%EjqR6*w~W2A8!H}5;f!`&)+|Kwr;Bx zOxSTnei`|G{q?>xP8YE6N?yb~>3vnbW5?E@8}#HpK@anUG87}2-YMU6uNsPq7Y(Ox zvdN!47FARGyEsxo>Wb4+a4><$N_t2kN>x=NtlKVL9H^s1(V{Eu+rPh8X?bbsM5%h zsAYnJa(>RRfy0KK!KEQ^ow_A+c*XnS?k`U(1C@z_AK$KURI=4yUv6U!f`dzF%@!_RY)#DBH+&mwLo#_m<=XG?DVAu*WZBlA{`8c?x$9R&6a1yN-?~Lgs9|a%xM( z9v^bnap?)7rHn+nrtCu1?r)=KK7W2UQGn7eU_@7NYdN|NNqYbOy%=d?gJeNb7X1uG z?7y`Gtw8)m10KJnrR4%R??&JlXr!f-BSoD@tk&DJXU_tVTr_fs!*%EkDRRdGRIRKm z8b^SLij9@$AYimNR1ys}#t7*Yx>>Q)bVqwuNJMy1v}~1Y7jVUvP63c`Rm>`NH8n}1 z0-^NZLX6Vu-MfWEanin9w_T>q4KrMX_gMO!I}){r6>wi=!|ydAKR66fb0BJw?^X4k;`u+QP=JD$DIel($F^Ql?A~1@M*3NM)#XvuGwl)~BbXQDd~G?Ul?p zi~w$-I5n*;%~2uErUkdFSaE9>=3qQ}slg+_NLSaQsDT}#!PibR5rrX)5E`THd}AVl z9GHL*OY#>S>wtrt<87RWC?Y8_xQ7m{wSa>_W?M+~yIA(L0PV5&`EyJSzj(j3|1H1o z`t=cqm`zC3Fe;xveUe{iJ7EIN<4#Me9Gh0tKI;nP0hwzbc7mR2h+9sg^FAb)md#!K z&y}9Js1nNopAG~sI;MT$;o8ftUc9IiZevMRvNyK8xY$~XrB1S&J9naGxz$Q(H_eHP z%EpZw6?8c*gf?x7?nYln2ib$3M1byjd5(!}_HFM?^m)A`Ao@}I{ra5*iR~c0OLT6b zqCy4NUeX-6P+q0cqvbaoK~#5--7D~J^@(BpxRhO8L~b_3L?Vx`(nYq**85YQ_)n4oDbJ-mNEFgTbN zUVl{s!Cy~O)6$w~X^AGgrJq0~s;1qZGIy?)ipox{5qqSm0BYl`tvg7E2QS$(m8^3Z zw0;~vJXU&6o7=N!S6EnY=`!A1B0;;qv)*ZT%e%hgyLazI?}V#Ln?;L0|M;Y2+ElAc zX@+Z?70vHNcXI2!Pwzb$aY-XVxS6#<5r9a?*{!|pX?^1nDsqV4oP!{8y{M7Du zZjQ?m&^(L-{SOJg%}u+*!#8>y{ag>GD=SW|iRUtg2*PVqh@f%a47Q9`TnE_E@59U~ zQ_62O;(s!h#6*u{fmxnZ@b=PTDQ{;ERTxd!xSXrtS!4($oJlGw3N0wt?tb{tl{BXA zf{8&#mr1s^dxB3k+0%oFcb*vt5>hi zEsJA#B321bl>$7(r$f>pcYV`q}&Y=Gm9Uxsg*s;O`1qnA2ITZy{ zAktCN0u=gGKKB`2$Vjx37oI0<->!)GIq)Zam~w${h~4j0zOU3n@A&5#>wF`<>YxAa z8=2AH)XKo%ykgmy&9zgDZs|`cZF)O@W8)7?QL4p_FYg|-v7M=@>9Y6Ngx$*U&9z1t z5wwxezN@}2u{+H(6&*G~2}+r~1Zf~Qb$b*UjjA+=-OYK%p1@nWL&0i9<`c%N0>A=} zNW{U!{Yn{i5HHuJ2oX(J$z-CJj6_Ye6=1@rvHDF-GIKyhsTN12@WY3<1HsQ6IS|;S zKjB)mMLcY}jtf%-FrPzpm+XFYHh9O#N(qogSy-~F?OpF zjxShOM1#Y+0ouh>M(o>HK;36FWXL#Co|TpD#PIJUM?cM=7qFF_ZpEfoJ@Ea=!Gm{R zyqNA1UduKVYIuAC@FZD)H)z^J{5Yls*3p6DxU(omS2-vsNX!t0%On3=M7)xuDO08} zozl<=mj{CYa@lhFbT2SvXFdneCQ6x)VUwp(u|}5xiOB%hTJcblF#2+?tfugDUb=M0 z!Gjv$%TjsAeRCWgqai=5yDY>1it^UqtNL3ZzzdDkebzbPY!Z!Zl+Yjk{Aodi0w@un zgo4s5lI$)FZY0lPs#mC4F0c5Y$wLdIF%-)@c5CZG8gyZe3w$0hO^*ZBrt3&GN`r`9 zCNh3ox3-`h2^d!dPA33Uj8<0Si^O6Vf~K0AU&WUQQ@r*BuZIsG-l3ghCHsb6`}_Eq zF5ql;*nxUhxt2OA?>~INy)}eh@*|%o5EV+CB-~RN{k6nsP=jdy*R!L2^^PlR4i+9- zC!(VK0Z|lY1f7`@DOz@xZuZwzqP20_6WnCtlqPl$C}9ENGc96C{y7c;c$?_ufDxWQ ze;#`|kEN-A>|aEj?>@K7FAr*Boq+?V&+@1~3nr?-6a`}g#g}_U<1(qp`g())-;t)> zGcq!Se-ebd*^7R(Ou5;`3!Hitv=+_KihNSER#4ln`thwq+vWbQxciFQ4B&6qih{do zgLAGvX4mq|{TR$MU;LeSgUDY|Q`78{#D`;W^z+ir6@V{y|Ngt|(&hV9(~Vt52R;xz zoWrF5>pw6l;CF`Fcc60=|0(;Pf|~faSwmLIiofBt|9f6CQ?~=QcVM3Zk~RGl{K@p45%0h36^8W(e9W$@7hWkir3wMy+DM6 z2M?AcB4s+!+2m}quLTV{m6y3zz3D*dqX`u z$`vD(a8elURVB|L=>bNnO9$Soxk2H{?31DYb~>g7d|#Ttgt9~)MfPsZF8=yNXCStK zH$bFm!N5(^rJ98+vg1moW$ znN66WgrQm*UN6E}8FRY346YcAn`;RZJVwDii`H-0z%X-^ndPi&E479EfjU^AKj89` zA5TJ;KuAp8#)$wSPlVAYOiWlW;%?xq{vC_@M5ax&u@R2YClV6c5%`w9yF9+624|o< z;A>D?b`p%!U%a^Z;?xu<2fKFdN?U4Sk?v8nW3Gio3l^r+{Nhia3b6CpJ6w*lFH!<< zQA?^`Va!e9`aA&_!qg1crkgxFDh6i~rx+MfLlk`aWQQ`D#5dN?0#`#bmShtwS8!|R8+F~F5~CVKTcos z6@Z7<)r!LN)VXuER6J_T@rlx>{AZKd=$y`A!HT0yI%KB!_?MV%+`w7zh7|`AB!4afhh2j z(-9ophp8{n@>if;OUuFN$;4;k*3>~Ii(vJYW%eu|F@Uy)DS1|Ra$HvVgyntd9Es`* z#UqW3b~A{bNFY4%^yx&}yqg;gX=C|oplob0UWz6cC#oJyXb+FtFd#4>K#XRn^|nA$vsn^VcSBkLMhjoK=GWPS3>?COffwYlXr$!*tK9YHtG22LtyqjvyRW| z-wVi=J}X*Gn?P9ll0Aci_ZvD*ChXzKW17VXmo=h#Cs0_6I+!K5aqEo-D&_G+FvDnk zU|+BU&jJvL*$#&(ng=Ib++zbc?y?eHfDDT=_r_WU zd|r9|U1|YIVjw4+Pnf_<>>3yy@?~dZV@dF;{CIqDacC7n_pM|^K^nTYvQQRhS($K~ zsx0HjNONh3awxl{9&mMMAbpD%!ZWHOlVa|N zdHflpcl*P`{aH2hapPJMn;uY+i3H9tK)REV+N6jZCTY*xHw_v{qe0i}J!7{eLIW2S5#!tkAb}+)e>?$U?G&&`361uZP0{~W|X*JRo|IOHqPA2nv zruAZJl_fW<-eD5RNX$U*2^Jkyq-6HjU#E93BQ4a|xPLa83L{UPUp5l^NmgB5U0A@? za(RJ_B;ZtS?XfxKK#HnmI06>_`1}L_sQsQpz<1gsM`{Xy2KYw5%t=qx{!l1xvaP`; z<=eEe#PL1x_Cu&jaHLdM?f32MK=V2B;OLD5y8&f0&%$-oGWtC)0J&4Wx;A*n4hxp> z+_FphI9&gkbEv7cg!k-T?lgxC4i_baiyJV!vzR%vlR$XsYrC2Hgi>IGiEXxZS&De|$GArYep2wmS^B`7jh&;k|JzTklIdNhA!Lf z_J$+PW5aw+^)|LjRVSFQP>?~`ve%pf=e7>SFCk8m%-={mnPa+YSUgNfao{?KYu@8nE*`EJxr#Q9F_rmj-X2I$?^p9C7m)tddYGuu1TrTOS0ChU z8esBEYamC%bI1>02NZ!wCaxe+!6bh@lx2K}^1hm7`lk7z0vDX%fxn@W-* ztdP_#I8!}%K9~FT?!ArnX#t5(wb5Yiwf5|}z4wyE+>#R^`2lDPmq${K`t4XrV74na zY&bA$O*KP)(Ru>QjwR@kU3QYkTX+t;^`j;nt9W&R;F1=h{M`|qK+J?r+HGkoCGoU` zw=q1$*3wF1ZDB__KsLARa}m!^Ltde)a@2OT_FNG*hXmsk_Z&%1=8p z1~!cMt?SLlfaj)eu)V|;7g`V)w&IbbP`-}1NFo!6uYd$d-B`T>TGOxIC5BIRbQD`N zwA&a>iq^=@M@iK=DH|^(I=FL6h1D^gD)R(<2=(TA*TGHQ8hmb9KLZ102*X=Ac))@F z6f7V2e*DveUAY-_%ZnOr97VyEuC41sxdR{;Mv~q1={n1HfCF;2&}yn79=o!gD;0uE zKB#*TkTukX7-6x;eGZm4h3)Qz%M;-Qk_OLFUVP`kR=4V54`;8`*&g0 zyl1$Hx3@QR6ZPM9bpqB6SPku*ldf8PhD8)FX30CqpFW5UctH)o{Q`N7Z4XFsuB0*Rd;p`^`0mG zFsWH7@3yxR)1vpcHg&RW3H1Y$<1RoHSGsC40@YvnZ<9Ra;vFW()}AZ0>PHGL&amkC ziIDsF>p5FhlA1>X#e~$)6D*B*E2|TnNw^~|diIPl{GeVh&jPdKA8@?l;$8n*5p=V1 z!%`#tUrxoPrE|YFUKY$aJJ$oX@Qu3>`p%yHp0kOWrO!20nR)ZH3QfEl4zvqyEN=XE z>vFOMoUhF73E_X)Pj@&kXYsOE_X`hm_3B|#iPZn<$tl^&-RjyfI~sX z)*dtFmicTS9}~faga*!1woA5maOm|alYVvTanz_$$GFZzaoweh7ey0Jq_WE4sv1A~ zGTZuo2M!#V88vxh>gQpbGoL((tC)2J5DYs{+gAzSjPA?Mog!EabCQ58%>I=1ZX*va2u0myq5cq zJjZPKJ{MBOOdB6Qim2I2s`&LQgVsuWTGOXT9VlDn6G&N1q@A?0kiP`sa|s1bMhXcD zSxM5RLJ+fJG?%*M_QyYep7*LA*y3&H1d|DKrhGT8>tFV2U&=6#@L&Bur>nCOvtu16 zoFGfJQdU-;3;w{RBM&J4#0-lb%{EkZqo-#9NHP^z006O|M&_-j>|6EaX=jAK-8iQY z$hka%2i{9sw`^%f#ZIIJm1xi7S>WnAvYW(zt%$n9=_dnLknKwSYytY3tD=a%|l$EDGt#`U4y-7Qn z==yc!(VUNA<9Au8blCWL$5B@S&&}+YnKr@3#*gw?%(s#;(LPCq;8{^1gSbcUF~v1w z$F_q8T?+eN%q$UVfgpfcXLl#(?CLf~5y&aD>!^-QHX{0@0ygoiwNoxEJGKW1he|nV zWuZBy@na`X{(kaf-Nm2OwBBCqv|`4CH1E@LI#Z7NmmgP_{5n1IEp)LNz8&sNr)w?FDGzSHZeSZ{ z>n%wpo`#UujW;~>EYTQj9_D{5$-7c>>g>+H=8gcdV1snY-`}#4xXXFn)jcTD3Q0CVy^)k3V&^aNoUb>0y^Of z(^x4Nv_W?kMT#IBCjND9Bu%4WVv1|eBtqu%R9|1`!Ji`OR$Eg?(sq4zs`-6>_x|vp zvx_D)R9AJL9@*>U@f-Rtnr%BgKK4P*eEhi1w$*k<3mWA4spl@9Z@9YgV9LENjyu=( zNazt3?0V*T^!ZlZK3orzyISP@s$tYzQ(qNnWm8Vy!Ao6tU3)TY_whYJK|8Bg_N#M@ zDf`vv)93INW9xZ6$Gs1|Cg0)GUv3{_#$chGxV}Vjo`v`Ol$8pGk!N(iMrmyA9l9kn zzK!OvAweGsOhzvUadx`y*xCO@R@PW(G;~KG6Nl1iVA{ZhQ=4DIMGjOY{)Z21A}un_ zNv3OLT-O4K5z45-%T;%7_Pq`~7E;H*qz%@o7~tQ<*rg>UUJ#}r&Q#EhCR$0fK;q5| z^ABiU_1|bU64FJPMUB;S*EG~E6wRvZcI?=pZD24jY9~wxSKwZ8DINc(1rsqgy?yLe z9KnIuiZF`an1A+nX7F$yO}W=A0Ko6)4dA@Be2sYd#+Ffj`nTR z0`$9Zxgpg|Pj$SWO>W2Y8B<2RiJskMO?#E5oHD~{rqv!Z&yVqKP&@3UoPVW-O6H^K=? zBe>9>oS_sBLIfc0hv1SKPF)3HvHd$MsH#cu3g}8Nn!jZ@k%&G5xEvpGWz`42J>Jas z-Z^+(m!ijSZAvUf=^-3pSw$2|LSG4Y5$hiBj35L$X0BT z(eA;>DNdntj9PG}D?Z)TUAwl_!Flc1$amExTRuD)R`9&8tJ}+L&6$~2g57$4)Eo<2 zN5x}a>&2f{HQ();+0FFs=a;>-{RTi&MGR3aFyz5Ryu1aJZfEUkPbc}KF*h$tMUjNFzxikI1 zg4Y*@6eZj*s=MxXaL%0Qtro)wooVM|<4WE?Y5V2%ez*6pG+6)kUIl&T_71zd^Jgb& zAcLwdgZLSFJ6F52**6~>DX%1N)%E^Jw}xZJKUU|botx7;DxpsK%JXxsbLN_K^*^F= zAiU;_f#dqiTect8cf5SXY|J`)%hr)&8?MZH*ssrtMRF4!HtEjxK6WVZi^KU7@s928 z+^l(eI;_Qtc`3V=I)_g^pWxrwM@jok#fpU&w_40h*?fGvlJC*6W9N4}o$$kd{mBiH zmwFi-(XD>F#`5@ZrLEYTRX60_%*9KZQ=b9D@j!BJZQ2mAjyc={bh|Gd2E^WdX!0R! z%r@uJhOdbw?=K`vMQ<{bDj zsn=9QIuQeI{1soWF>LVQ=W%65bR~@sy!SGHv`^~(^yM{Pc{{~%Q%8uZqHo&%|4utS zn{grSCfA;rzWk>jqw~sX)%P}ZFR1Xa&tJATDJ`wC&XUMHF7Qa@hH{;+{?~$ZT$_G5g`kxqLhfG(_^D*)&$hgzJKpt0fNw1>9>SFE3yFbeiY^HN9V} z!~%zAzL*Tfkx?li=M%+6U{b{Q3j>`&Ijxz>$1D=i8o-wL0undb3>CLup&vGfest&N zr!w#Hj&!e-%X-Pc+)Cgx_PwSG)IRtsB^)SH#A^T??3L$7G#*$AsgmhR0Mv&HOO6RLmd^KxtMko1iQ~nCbTcLy0b+%wqn7B%I3% z0tshnpeWHeQx}e_W;UEPfwov$`ZiWm zoao4!Wk#Cz)`@2Fg_tYEG7`kSCk>{onG_3_0-+5cU)GFptOGm-Wm3$^6zf0W%nIXr zicWYi<>?am_ptYzz6$kSq zPiDVEUhRvFt%vlfq{PP364bF54~t>!`KoJTi{zT<`@82R8z^@heNaq!Y2WwOs`3nn z$%wn>rokmWboek=qiHdieohLIm&SNj_z3|y02gE&OXjMlxYkJ4jGJS^O9nyw1+=%6 z+@N!%9q`>Kn~l;=$l&-<9i$rsUS`yLARaIp$l`2&pQ@JG`9@7adA;E5x9WDL1y4Z#%sLL~lzm?E_(?;1L3+_lae49=F zJ~U{XB(LxRZjgc`NZ+8SB{$1&>#}ZM4Yfk<7=HV|YWXO^i0ifcxVwD5{Ux}>ki1ZxkjJ~&_nCr81FB4P|^mf?OC%U=k zR6!A72Tq4>EH6QP#%=ViITMnWe%$g2rByZd2eO|uO;6%TwzCmdZ+CU=uFCVe%vN|LB4kX#{~QS^nnhZULz-gxV>Djp(p&J5+9f#SatP z0`n=!jJk{=UH3Jfk{@v1-Dl6*GPW^a#uzUmb`Y#W?!4(jzlOTs42Ie1DUoe?2T9QU z1lw+Q7TqA80#V@Kk{>=KOtRq>DG^#QH?hJ4Kq_E5Wd0r@svngeBK}=$Aeu@0;9>Ap zm^@2pX7xwz6~qk0ayDIrB=7VCDU_6VzW!_8t(z4w8wgYaSw*UF zk3y0A;{(Mwk1`@#aTe}@lHff^wZ5evHq26+ncKQz(}u6}yux+#w{(^1qNt-W?yg1$ zHC>kpE-sdnCf?~d!6nQG6eHA<) zzToH03pHME$6Q)`{DbyCoZ-cvR$n)osZZ?>Go2e}{8>JHEaqPar*{&b2}BsL!p+@) zsBO!uQ!mKdF)&TrYo~u7wyE}kCxMz>U=T6?kj%)?da4Qli-_J@5HS$e+a2<-kK(c6 zVQEU35tAIid&xe``hIgKHMIgjwTR;#cHDpd=8f;yxzPtkAd{pn2xPjRP6NXJIDc_x zU|=h$2l%dS?xkwGhKZIDU!vgbwD7Cw#?)GBDBs|B{LrRfrK{k4ba1mgSp>S;&P|4I^ijoO*z2T54udz*}(1WQsK9ld-p6Q zG)5hue4<_~ZbzL+B@>mg zecBGNK=WREooUF;=U^JxzT@#ln5}WtoS`hDg}Z5_SzTHgTkG4q_Zj`=P&~ zQvengl7P)6KkC<+iVLS4AHA{cb2ke7Y#GB*sWtk0A12JZX@&K}sf2_nxEkq&+r$Ez z+M(*Sv}E)uWC^56fIv(BRy%3dM5-eAvX$=}9iGZvOiu1a8KRHk?2B2KR%e*!Q@X=;W57!_YTj$xgm`G^N3q_8Rv);dkQ_jRy%$aweiUxKUSmF z0n3yTW-H-H$;a!d3QiaLiQc{U!oxxX451)~_-OyG=F$U{!AIDAXE{ZB9e13iso;XvSRH9b1SKi4paBTE8pw)s%(a`Wm%OvVk&V{PbZp+5b498T2TraKQf%CAM;6wXZci`nn``VNv%+^+GJ6Z4nldpZk1ciOc* zj~0?3{lOks+kUd0DD(<2zF{^ac$3^B=Vzn0g%uXK(G$Z|`7<+lUDSmOyC}8a zA7ukiM9iiO*FH&Q%*B0l9VpWUVG$pLwrA}WdCG7nEauJYI{mELmoHxgw}_@2-kqVi z%a|HPARyT7puMVn-{gPh%t{m`+c9}C(+R(W?3OtRbT@jS(+2g|R%u0`FF0maXG#frA* zzQygksv#|zGYQSo;z;jap{pDFRS5Mv10J`m=vMGAFuajiX80Fykd>*O+V8l}cekK# zL&OyL(utcQO~{&fkc9H}7a&4mme#tWs%j~`S5~eq!y&G^Q#uoSd_!q--1#04J*pEBBa28AZ!t`v4@5>D4PTTW0L$z?aU%;b z1REnYLSz8XT&!bsv@G*szOQigpvWLcTcWE4kFKbE&^u6>j^iw>E8c^m-R)MQF}Znb7OFPSme zX2mf6LCAOi<$%lmE9{m2Oa0dRSMuB9U%xBZtcF7vMj`2TlrvUmGMr3LX9 zMy>m%2DTMdI&jvQOJdDOj?}-|CL>2_rJqZwGS!{Pdn?OccXrqO_ISXy>{WpqTU}eJ zuR>Ixw!Uv@(t!f${=qGqFMX2JICP}X%{C4XdOF<*$|_g3Ti+Q4^_?~Uo7O09@#OD2 zr`ed!RL%Uj$|2dj?wrAPuX3t0C!UW(*yzWe!PPr-kLNnrO|4CPqy9zR@6!+4%;j@c z{Y$H!>gTGeD6al#W|_98)yCiU^V>-S&$i)*B-m}5Hdg!8=g(=bOE!*RAQ5@f;L&IM zys(M-=|3K=aa!WU2b`{T7!aD>;d)r)g4NI6PJOT$xAH;W%Ac#PAHMIKQ};x(bpBQK zcV0IhZfax-W4RO{d1uKDU!_OyeMVM#wvr~Un; ztCYB@(ZO*3kx`Logbh^^=%TR|1_g%RgG(xP4raGXyKDkQ%(4fxG=8amAHS^`F zf4l~s`aFH`(p=g6{=d69-Wb_KC;sp)HS4DLO3DV4+}xHrzsUT#;6qN^8C$GAuKHrp zazm-|gi%YM?%3?Jo3eLYfl8l@ZwlTPEkcitYV~?jY2pAML-Q|_Wuz+kk{v@(?fcQ$`DOb-ZyEyDRc?xk zIjJn=B{qoNh_cY>GaeU*7*H%@p zEUcQX_5MevfiJ%6)=b;={I7qWYwSFFSXL^XGkEJU*A9BeQh%h~9^K$|=k(bzQjgE> zs@tJ9?LWGGOqb-sFQ5PE)3<-xt$m}0Z>rJ@HJG?+wMUy@%W{IE8)WB>AKm=kWYYPk zS-N+eJdb)->3PX{%S-T}D!Qopy_9o_Ozvu;P~NWIY~G9(((^%y-M_!Lxu0Hq)O{g# z1ovccqc7#bZ2pqny;3f0Z2yj9XUvJ4e)I4Rub2nlG&TDS=flENq;&&6fI2OD->on%-l$SvrBf1rvK8mwDb9&d%$F`Br0v~6df8T3= zaMXpf{uhgiGb3F1yflt#oHh8(r;E*#zL=~t>NvFR&dT3UJ!GU@o!9p7nwriJwt4a- zD*Bw_lIv<$_pV5LoYz|F;dMG;@$9#`(brD2|9wF)*}t947xR~``b ze9iNRNeX)m=UZ58nj_uWsWfvzagL?i&5gfrB$jQ>-JreK*7>jHAs6?kwjXnB!2s2t z`9XZ0`{L){yBMzA?eyZJ1XG=?#H6nAU2>fpqn(mC3j5U5KUVqAiamE$F*h#u+=A~1 z_CEhQX39|$&o(>f47RwGY#<}?5M4M|CGTGpk}2(MKz5%666Yd*k|gasHk2n>wj|`rJY?(Nu4UEZ43*k~NDf`#z0%=0A79gJh>S z;?zh|qe>QG;Q$?OP?z~txRecCMMou`D)$l zjK1fkD8E^8tTO$^XY<^E`-8ILmn*$bJ=U5EB{Hm`;C+lmOry8S&pB-(2X_p6acOt6 zUZ;8Wqm>QLxx3G*Dt2F6QWzq4wOm#j>AB(jbdSCJCzmuYnHp34ZsXc}r8`Ye@&#V} zSlvJ8M;FKB4Xq`OBS&2B-=6f`__@V;tB$vij#22oxvr`a%)9^lWJRLC=h12#naEzQ zp|=hOH{Cj@iE8^=Wl(wchyelaA} z$D@bvEdV0Xzo|uPsgVD_^JQt*>{BtiK|wxeO9zr|Cl`(X6ng7qn@KyJ-Q45<`%eTS zIu9H*{wEUe6Ah!&J<>lkPW!w5%Rq;~xzC1eTM$2hWR=s!o%)L=@Qg@#*eskZRn>4c zyjz2#NA_XxJWOKIj+?)YVFuKtkdKTTLWONc*DTD;_)!|J9s#|>2W7Ym{-|Ip(=qkA zsYZd}Dk_32Vh($4LwPq`RYK@L7ad3!e?g59?;zMBQjZARB)EJ%XNrFh691mjvsW)2 zNGUH|&)S{4w;g)W-=yEr>}!BaA0hFjePkY3`r+ox5OrofNB(@NY2;>v0YIj&58;)L|9K@q5>WOQ`g$n83X))LQN;_F zHNk0uc^&^rzq4z6oyeX^niiHsy|hdQ&J?;ifOvjqIy}wBPkgoxU#z2WQOQ2Iy`tr4 z<*At_4+=w!9cHc)E1-CNZd}>Y1ZNxwcN7(rngw zk+5cYr{xno9q&?jIYd_c`2)L_eMD6k*Y3|3A9r7?&!3Nz`_Eg5I`7|C{y*P3B~->W z-sI0xtB;1q7&oQ%2$SG`;!VDFXyP1XEB<-gDSzI!RoI_@S6|fWjz-*U`mJl8l{(CN z=?4Sh4xzz&?bVgWRPv*>bcV8Z<#u!P3)Irc1%$$bO56>KSJ-~zjQKW}>L0&_CV7d4 zg}N2_RfNL9Z?B#+ohW??_(pVLL`!ciz0|B)o7eb*8N!&&J_4O^vv% z!qJd6;Vx!tV$9T`aQuJ+!m4E!khId(w`h=hO+Fe78i`I01t9VY9sCaBxcE#~R%ioo zqkxV&-??#M#<#Ydx@=?W<*`695QanOJ;rRPas`DK21csqHW}-rp-@YrRqnK64eS3D z?JFvp={Y`};b0L1;EOB%(?Mb?zYR=VOf7{QmU;bOp|={@ehv>N9v-ZK(88QkN#lL) zvMD+dq)dRL=U?=Sunp&Kt>R$W$KhZD{KNi3;Uk{#Eno5|+jL5rUWSuNs$ZNSY4WMw3b5D^b&Fjwzay^+1oy~?g2 z9q2p8f-eLl6D^~#Zv(s-zVXK?qeG4NLOKZ7Kaeg6~D*+U0} zT?8p{Gv2wUXN9}BxrGI8_QJob;8LbZ+^ZFf7TKSjGHyTsW3XVbGw@?&#eeo1|62c1 zL^@$yAjCz_pI5}>+Ru%sDSz}rJbo4KS2;E-alzP_el_|X^C#NaNRqHYo$kx%T^I$C z`Ge(A_o==kqPLbx-d`UC>J$L-?acU4Y%*t8*A@j|`wqE2cNZ%xkp6_K`Tf$~rGnt< za;_mQTj5|2P-Ay?9zZv8Gv0VB=pnOsrzIB~e%9HY!d3Kr%Ek^1pJKBbjWY7uiuG*) z4}c#De=4E*{c8qm(jW2A+qa#W0;p`+6&cwbKy_x{S;9|_!+dberlA5T1h}wm^sf7Q z23&3&zf!RB`kHOz=QC=cU@=DlE_8`V4hjMMgr@~i)T)NsRRWxvcVq3w&oewTU8#0> zdPw8bNd_#ZP>w#&!?Z?d(>W7n(B1gBbL&3m9}$*=mO6I{f$qyALybRAo3>sCoC8hM zB#xdCh?-tqw|>1?2u8*7K!@57#mB=8#}Z;IN1b72o1|H7*c(j8wDH9Q@`YrWP9*3b zI^Daz?5cpqFuDPL3nHHBGN$4syKVG_uPl(Da_1$ZJbD>f3D-7V9NdU?fgr4WEokiWV0JD{gokhX6<_gAXxmIoy20x} zEfBO)vHVs|oS;%(lWy?qjR}>fGnv-aI>s{FXO)bH7d*-~4#@D3XGB z;@li#UOyR&K$!RirKLm!<%tK4WOyKHV4Axyrzpa-0Oe-iiMeQi!YeHF-hZy2< z8e@vZE<`OmE~RG-*`!^tJk@}`K%6u)bV;Z(dQ>%S+$1C5t$$KO34f zOaKNWPrwcU0kPf%)?L4IN|X%dS1Tg!>)m&$>}RRYRGfUzqkNmQdIqNZYUtK`auLx$b7W$qHSD6^MRfd_7@;unRV$e zSja^Q!nX13hU4G|Q_8f)Vl{2JQE-?@9_uVa1-em$#16mzCh-fbHrTALO5w|Bz% zx`WCX|DUNj#WMsUYbN3~&SiK>P({Ag1{z+26v13wj!d!oQ$k z0hbC~dHhh_wba0p9wTV(fZkLtvQxkMqM8%u8`3}wb#T9Bz9a-~O8Y{tWgLbzpsEVD zbEt*fcR{qNbA9e)3csqma^0sQpFcKYO%TJcz&CGiwAlIPUoHSHgaHa2goD~($jv{h zt7ABhSfZ_7t;5)-uoB~-SUgp+R~t(~A*>0Z4nQ0u;P0UnEPH!t8yjbcN8V8y75p%$ zR|UCB-_Wo(AJ4=G<-&;RGiRRRO~UQ;W8l=mIoX|N5;-%1_rz6-F;$BG^3~UmQtyvL zP*{b$apn?3eSP5yz>PE-;?1SqmO9#S66x(vLN?hwu~*#At9LcxTGLG2>e+3Kmn8$s zo=hNlLvv5}w-a#RL2&V3`Oj53K1+$ZkAR z;bZ~BEHIhGIh~Em(-h8@xSK?k!GRJZ?bz60*z{tuZ9WG-B?h|~pTG=+y@^-zNf=qv z`RB87aW7#Lg#-&y9)tNbAlQZBzsmdC<#;>o`>XWgrgjX;H%fR{MIfg!SQ+>L!D=nzY zqHslrN^}ykPuefR>BL^c2vjKW{pDZzYYsqR5~}@zuPwjx3WZ_sCn1i)Yoy`^>e&|J zUX}=YpP7fDkC{_Z2(w2@z<^}V1cacm*4A>87}knv144u_p8D_LQX0PIOB?8jZDFWG zP?g`C8F@Y*9t9Q{XsY7vCQRD<;QcQrwBrNaoUNr;Z#!p>R1t`gan=uyBq9W}%mSz@Ln@6zm#& z5Aknoe^38{V&- ztwXbQ&e{ow%85sYDl>4#A@2c!_1u+(6!*6`cZQfDDogP(|8##uq7u#lSl3I(cNGZD zhmacfj@-NjlMCdzayVoO9UJB^p*#h1LN`{1TQGB%xN^Y!+S?>dOvLCr;3D~08Ae

5%9#b5q21CTj6ZM^ZUry5CV;g)jpbHf8+p#3Emh0j_xPZLZlR$%L%j0 z2Epcm;g+d;=LUbrK4jZ}$nOP+Df<{2ihD1pKqysPaFh$}^no@-)t4>+V5o5} z^bH(Q3_`E1bpJM~>liP!?wc!w>aaaLFvjiuPUZXJX!Ri9w^?}Y^-C$gahk+WyAP<; z8He>!3ZX_5mR40ISuH3$Jn0JN|8qPz^wtFN%UcM}AKfz5mNF4E zg9Z!P%Usv`eq1I7sUneS^1;K01ul@mW>~s5vRsz!EgH(gv_SC#=_vdN`Rbf%`}Io{ zXK))EJ6QBPNbZYrpBnwz&Ig?~121?0y(Q77(My<7j~<=kU>KLWzDyGbiLJ1!fIWnX z8FCsV#DTO}q{t$(YUrc)ZK4@g*~cUIS=Z5m@s*&JdtBFr);& z9A*msY5p^%~&6v{g4h3k3SY%`8; z15NQLp)nHJ2e3T_^G;sfbpEjEbO(nZ>PnbjI-m(u{@BgVSU=mND~@4c!gvu0{Fv%* z`ug!6$F^skW$S7UUn#+%#Fshp)se>YDe5lvAVFu zwRE{&gsngu_&p*9H8=dE@uL6h^kwo!FRvecT^&3G&UaXU#hM@K?M%&JHDczGj>l5o zqZy+^?eUnq$L?kAD5!)<9p$Y6QE%VAjYXyd2y)*xoYixJdPxRL=W~p?ut(bx-AM7< z+^0uPybpT}O8?eXlsQ|d7KNJ{CEr-!&_s;4ZHN6{6nbkGEL_ocyw835U%aHeVWeyP zcfk6b33!mW3LAQ;Q6l%CM>m=GAg7CGMDA0_k8utwo;}SuBIZC!Vxt2+3jFVOZIRN` z!$WqYzUn+9k>m~(r^dw_8MrO1toaT!>2`wNXY-NHzZ^hWat1*#HpU=G(B=3E4``vX zQZ}wxbO4tYYfDic3(}w%jSLvjmTDl8+v#w85F{mRiw{`)y`AIFV`xsGj}t0a3WEjz zb(k4GeAe4V#=oA?G^DZJgawmusDc|qW)A{H$Bpz?zSYqrNAdpxRPBLN0{793;36UA zu3fu|?{Hqkb-L{KJV`P}Ax%}E{{1bnC%-r$&iw7kDFk|53{bgt3#R$f}Tu+@4`iMC2ueF-gf#;kG+q?4O47PSH7k2*&)D)n^uT7 z`Zq^AY#nZvv|%!1liLkHCeT*u;!;Qzjg(QWV0^|0x-vo*M^cLx(3m>8+ba7L4E=hHYHc&PY6qZL4~Xlh9vqJP=e``2WVUydF-M&%sDp<9-h zawvW8mL*G5Gv5@WukC1<&hu^OToxbP|3A1X{t45|#}E4^8BuwEBoc#I13EO#2D<$Zo=f zJK~E|<2N@O{F*$1uLv7Xp1g(Br(E+E~H2ZZ!(A7+;1^_7lQ z&|~5AE220N_g_+475I+M8P(IkK+x1kLzl#MHjov=GboIe46@5oL7}_1ZP|uy~$n^p^ zHb1_O{55$FO}@B=lJV@FoSbX6n+O{SR;W7^!NAoxMG6aR>?A0)!Jq@hsX9F_@snlJ&f?0Nl1IgpI_3f>u1C zWEj_vQpt(UeXnR{eeQfPDU88I_MfiLWvr|N2Jj~k89TC_85s0hpr#Y`J)$3`c7Hzf|a1&2ih3xXj^e?ES~ zgdP0muavu%mY1;ylQqLybK!yoX1s%*L~myUP_od&V~X_f{rjU7WbzW2*N z3reVQe;m943m{b@s1~M>bdfX?WQ$PY<6X68sbQZ!J*0(PfeNGk6(b;7Gn$j|#7ThG zk6ygk1Kd6d)~@(J0}qArSSAo3S$$oh@L`mLxz8y;2Zbw3-Q0GATgsf6V)ENk`$0gk zP=FbFJH@XcIed#}Zka_rH(n=vDqVrNZ;OqebTy5;OaT3bUc~9fF>V_G^RxH5K=%h% zmd=qN)6(xtCRXg0JRTet#xa;X!O^yraVP(^^s@@p7;9-MWZ-JzpKZpC3#9c534ZwD z!!a&mM5ct7r1YFJkU`?!$jJPDt@=Qlzd>d4xwv>Q;3OeKDR(rTH^rxl%B|+6`j&p8 zD!DXc!bHSV%2Zd-7;!@O516M|_r~i5`vozKxKNd%MTiK? zGAkAlEw_OwA$IF~*~y`v2tV>O$wg3u=`LCm+{9dgST*&bR;!F}!m5^PLX*$S_9=r1 z-=6M@ogz%Hm=vhK!@|5rxQ#HV7(EkXo`$)`HMINk5?Jf}vmPOqvbcMR@g1m^=+jn~ zJlE!^il#^kxD6QVbap?^!Ked@mUW;~?LxRQxM`*-kKMfwHAgiqp1u#Ctn z-ce__kBQA#^cJ9&iseVL2apRUdsdaGh+hZnCvIjDSLg!$FIchSLg@>QO>ts?Ck2G$ z8j1_1Xw1b8P*keO&Lx$xxWH0h;BKRqY>!-F#||aoL`D$mEWS6?k-%Tuvtoh4dr-~^ z|Gdiylzt}>qHuYuAAKj84l6vt&L!GQX24HECMApkeMb)E@Y2Am0dC+w>Q2-t?wGb-b~*FFbORdd{4s zoLNBKD%;!vvoA77QIX*?v|*fO)n1-EEOic}1p+UBPWKR8@^xYPc7Ep%wc-sQM4Ep8Nm(AAdEha8Z)TOeK}QLnTEe8bUUakv*?mqEIx< zhLq7#N>SM(NeWp>Sy@q5M#(Co|LyMm`TmaM|2f{D<9J_hmwLUP&&N3L=Xu`GJDqvp zx$rb|MPH6RUES+9Zyuz1v{8#9o?xBbifEZ6Fyu{nxt+qsAcW=DmYf!K1+xwksMjmhL$Ge;Hqs_o%QPyL^3g(6$BDX7Zn5)y=?X9ihgdoaBYI&y47~c0oI) zkD=g-4hcD$Mkq|?`9ZVlBnck8eFYA2+WcR9iq3udw2(%U2@|&18(c;<0ObiKTlVJ7 za6I<|ttTLi3xABLfC?dU0A?NE_y+uPB;BP{a?-E^NxEmik^^ZMX*}VGXpVpwwtE6_ zLV_IeN(F(|vL2Pw6h>YdH4#!72*iRXz1fSy?6hw&w(WL~G(|mru%BuUR}Gd1%Hz znrq(!VnkvRw+a{MGNwaH9FzdYE>8dia06>!eS~V9iON4@w~d~p5VoJ7s#)@G<4)}J z^qAs>P-E??F^39~gHX9yh`F#Ao9Nk+GDR`2`zJXSm^T<^ic1mX>U*{2u(z9{Hd_2nCH^P>;zj^~rsFd=EIx{=m*AWQcKiKbgsG}kV$ ziFbyOo<)Bu`kL#p*^QWyq!M5i%g#&g!@Dr@Yi})s3E}WI2@a=KxVkLFK~fqN4wpCc z*?8HTxu7Nek~mWfuAArcqL_r{X!UMMSYYW`N5|+gyT293Gc|60in~johh8}DMSeFh zFu2}5DBbjs!CZGQq`zudnW)EeJUjxa9v(c*eBb%Nu(78GeI5_o$ho)q4dqx=28~;*O|G`<>n!sZ>x4MWgHla1Jer5Gt8TY)@Vv8$>*VE zB?$OD6RZvD)f*E;euX}rEl zd&-p;0qJdM^V=j^+54Vd?MP=`dVV)2hs?_n@s2QnXWn(|*efcY{{^n+!I0zB#9z8a z@nz`w9QtvL+Gh~50kgyC8HI6gfTmtcgVr9ib*4gZ;etaUor!m;8rDkAthBVAoES|w z39%gs?MIa&W4}t^;I(mt`5f|2`v&&}&Au6$A1?bFo-M;3mE4IFFIzbkbIZ%me)K)b<0d5T8| z`QGv;JF>mZLJ7M-AsNIqoD3G<}uFEN$2 zB4(vqanSo5GWH3wik%dd!;!oA#h00@Iy5j$=qdG(Sa2cl^38rVk+3G(q~d$@zT$cd zn<2bXtq&fX7U+terGNNklHUzBvoH#K34+dU>B&i-OOc?Z@?n%Cvq)K_CZN7d8j3BcVDkeSdkvynv^h2HVT)h%^3PY5Q35_~MrWU%q zdgj7Z;XZV*d3t)zK=x%S@e7@A-zsW|g=olsguLs~Ls)uoMv=TI)hPdC_LEq&Y4NjR zJ`qZaQ`xuqir+t1K~o9u&kB=f`1rLCP@!Io?;=b9zuais^51K3o#AMYxy3Yy2}h?W zDR?H=(7Qk8XGRrQp|y!!j+u0C%#GeR;^ez3Bw$(&6;|KJ?uk^ zV?!mv`&&}BW*a`(Sg$eYeJcu<$l(~Vsfm>N1kUe%oICTU8z)eX|kIXEBC8|%UZtXe|a3kjjj+IVa59lUB!qbe;L?TS3HN~CE z@n%dE(+34?E*MmX|oz!@2PxpMcxvNGIiA%U`kYXpw_0$XhjeDdI%_lPfC29dMMFFbLSp|_x z=jME>c1hXbf;q&WwMmZSz<^9nYV-bLcd9(%qjZUnl&ptfyLe%5wDUK(r5;3(p#-v! zIVm+&?lLEn6F=Ll{uS4cgYg8yw~)Xf3fK$kuI$6lkdK++wh1c-$&eD_R>{5) z#Z@d&2tZ8(tTsvqCJ8K1!=*u%(_$(7ARXX%>*EyMMY_?MJ^Yy~?|cHAhrQlB^=C=eO4wQg2L zMqKQYf`j4ZA z8(otEqup|29?X1Q^QWXV^HQK`&o&iHy4`u#L=_xXzNkA6WKQHSObThDNS z?O;-kqCa1(sCB{2G68`ue3EG?IGPie!L|H(O-;Q{Z5(wKKHxgZhZcDmNk~Bj(8+J3 zzyGyES8;wZYoiNZ^%8N6_35Kx%c$@c+-fa;FSgso2_8eZfatLRjsl46(aCzwYW_n% zH12|^$id=AKQb8`fuL76EIF~C^>nKmtsvk|QrxKY2QtgCc^CMgjzfk_>3hJAtQMWn zZj-e{bcB?ZalV}b&t1FNDm{E%%+4IxXbf#z`Sdaom}ngClwyX?x87Tklom0+IUPzS8v#@Td!ud zhc??Atj+zmh)^^V3L20u@(-OPw+s!O-Tad)i+r4uB$!|PT{uD{%7GM@kk+Se{Vy0? z8c)dh+4jqZM2AZlxq-&q!}1W(Av&*j3Tg;_P{LBfG&}-=Up5P}I_>lG@Ab6=rIszP z(NXE6_5EYE`!|kEKhB=63%VX7pYU&5$@Nf?_b{|e=Q8hlbh3f7GVfxfs3}63@jgA7 zvBH7yg8Y1*1BT?wIXPu}&taQuWCPZ(3^p)lNIcaz*dI*s9MIWLp|E+UgM4aNc+ zM!zGm{+k6D3&D)7r4tv2JHMN0x6L0q(R5yDv_6;`S2{d^L&5+lBy~vopYfD+tbXku zYC_Ue;k+AEL z<3AoB9^+UEak~!{c+tXzhP!N7q9aF)9Jydpzg^B{fb6eCVJYBD!tm9-W&z|h`Q9Om ztNbj}b5D8P3xsRsx|_n)_@%0SHb7BWoohzp4#R|mi+!5+m2gj^>o6G3LAbc>^fUk=d%6AN z?Bf6a6%K!rLuOnDIG;b?$Hc_G(CGJjCqqr^Q-|y$EForI{LLJ5A)1?t$$?!TpBzm=DKvkF>e@?FSAXykJti_fXM1*eaNrgg&UnQ5`w{U69NI zNF0}}C3A0h^xnNQ({(#+(Y{jBj+GwGl`32dYNt^fhj<%4vp{p1rzmiVp_d8cG@Mi@ zHY{1VGBugM5O8H|*O)_xwy-^4LYZaLkN=s=fX~olvt5{x7{(>vnn^%M=dZFV@=Mr~ zWwuHpurMpLdf45Xdr{TFKFg8ZmZYG`ciF!?#-vY7o1yga~U^+~X6I z(G|@BLk%81X_eNR!SGF%d~Zo!UuN}tx{vnl?@bZx-JYCTCSH2 zlEX_$HWW|SuWvo-X&JHv-J}5FBfM$_^a{fzBJ`JCyavB)LqI^@+I=+-3b~s8l2#xh zF;?~J`E>3zK6M(^o?I`KE2*Kznrf073y1kPs^iuzr{wY75?zeMpCo}b#F8+C+^K9m zJ2-OZb0@B1v^FRdT12d=LIkx)rB5LAoBXIP^rT_MS7?6yg56k-Ro-k54cnhA&VhuW z8%;RcBG}#7(&|1KYu2N-X+CV9Z$l>C;Z4#9;isvaOYgm zf!9b`x5h>ZzZf{g!Aui_6~ry>rKSRX{|*W3ZT)N;#|6}{#J|&$B+eqaNN3&o+Wg_6 z>o`G@Qd9HsCOp`UYdA;|SUYr0l`l0VrxAHYlpCFtmO>lo<$+{T;)4~2VRjQQ{I^QE z`S@I!L1)ODiiLo>5!!Wl@Xh@Exs+;MciA9_kF$$+X6WYuqp(1`_+VKpUn!nDD!wzj zcH7kl7~_2g7PW2LwzQWY5dga=*y#r}0z~~rmC&>8PsRZ-5N=;MbEfp3E&B9eA52o4Rkq9au!;%@V<6H&q5efV$_n&d({%^1^n{gIKr!DZOw z>=c&X1j)^%BC}o2r{o)2u3;ZE^x?RZPmZIj-kMeAMV%DuVWRZ%z_0Ropr-rw=@Z9e zq?jLlY=$2sSyEamZaSq(#QfBILz&&Cn8!SBPNkU_F_ko41$^WZn}_(QSV+BZ+uO(} z5CbiZWSR$>!BWk^_T0P`uX)tYL9_tuxY)5SA6(eThoPS1_uB9J_c+{{GKomh3FFjj z8iJVmL5LURGU@lV4lB`2L+TpyEOXv>cf_GAuNl%4$@1B{R7wo3v z$ntfk5Iw)@{RqWI2P+Z}D}yIpTt8H4Dee_+PF=)SF*i?~VbSvbjl8^> z{P;#b@D0Cwk}Ln?TqO%Ifr$+|o}CYtN8Z%Lf$}7TN{_ zXj^Rkk-c^;PFOu#l3hF&EWqvPQu*7sZ?woh$}?CEd-mC>aQC^IN|PM$cS+V0*4%a~})TNi(p8=uV6?AjjP z{vhO8>hz08=Z~{8YhKWxydRFi#w-*VncB4#zli!19}30b{$(^B!W|% zWZ(Tbp33hZX&l{A9}#ZzW;xDf7zqlMLeqX2?a{MJvNk}jjEuJn>&Y^opt1Km=|3#* zMBcD^M7dO<3Lnn1WO+fyiO^vp(~l#C4wOZB>G_WggCyF@XX9Egj_`}^G#7P#1CxEsAmn)53#&G18H{uiDBA5opSu{gvj##9wT z^0qW`kqLEytM>KtD6&AycH$VJZXVt}T*a_*)DYab(nCP`*yuN#wzZtSjOD@hqleLxUd~r!3r`GRF?9(#4mZ$0yiF zOqhMRai2a=ad(v9$|js&xGPv9bp@5fY*jz|^$Zsf&6!yo?>#XCQXkkEhS=z(<`mY< z%}fukxEQ`-7g8qDmjcl9*J4EaqV$|NCw*;sHupk!<6nh0K6aaUOjS|}VUw{4>_CiG zb7!OA4ZZ~9B!jwzrN-_{&-U(azpl)3lwo#6EDfhGpx8Yqqc!_Rq~q@0KW#F*Z{2qX zkIsst;dYey4m9D6<44&AiV|9cg&sf}ByX}Yn_egv4j$<6&5jrEoPCVXPMC|dnVTHv zELzmm*w|Q_AEjYboUvM32BED?Od0(w`T@0r-N~uDnw3%$I2wh$eVAT4 z_&o}hW%uyTMn5}DezQ`QheJUq4*0(x|v^S zATlR9i^<*bpj8<*2p!U-P2a!MRJkMQv2r>xsh=W?N>FkZv9@TvcYUteF@0&@6e?iq zrgJ?#nke{r*3`)c4hOb^*L?KoLHRue8{xZM0A9{-a*5WANz+~?3m6X|yqPtSL$w)kCWo_G89cHHt6-s;aT2{*30 z+&XY1N7sCLBTjWUn~y!4kpuhp`PP8vqOR=;{7*;Pg zw<~MSw?{E12w~0V%$XyR2J&*{py6FB)GYs8y>ca+m^Vsg6kU1|G>b>s+gs5j1S91b zH=^mVk->6YvmQZvP*IKBwc9^n%y1}jiO-jU8!@nw8dsJe2v%ZQsVeZ*IVIS)CI?QJ zi-NN|(J@B(fVuZ}Zb#58hjZ57k(sple*L-k+<_=)n3WsK68SgCVuM&qK-ULOxm=?4be6FooA=xJXGx{rhATtR0 zkTf<ZqS9O~}&g0kx`|V1HM^6Q@_gmy}Jq zk`$~w;qRIN%w#yA3Pd1SX3EE7&Dsw1p*FtE@&$YeRgYeUIZ)_Mx#6%67=m-yu>Kt8 zvG`Iuys9{kA$~&Jqg$G^-blZc*M}GLH0kh?N}x$fO>0N)KLCf27DmNq?M**x8!vV1vToQc}1sckw%66Sm1%IJn5m< z^7aqyjutbF)2kQlVZCnMp1V=o=8Hb3_w-+WNiuk08T6c7CP4ATNhgg6$Lyq9G1gGC z`s3;6lDEtA%*xMqa9#8xh6#@sUapO$S=_0&c|8ggPQ;`0`&k7J<1Yt%OG0mxz8c;? zLaJD%~t|iOSye%f-$u(A!>Y;4MkJfNtBv%}HH#laK`NBC z4E*B(j^Hi9mRuX$ylG;%W0H&hvHzMFE>*pVs_0_W(#7bW@r^nOx@g{9%q1tAz9@hH zzRtKwLinz{*-NIR8&=JaaZa+E{Y_g@`^LOZ#-;dn{gM4{fFjX3UJX4@z8xjq$^{R{yzQpbTtYa{o+Hjd$%USAyC_)$LZ8D9WuN-`*n73i@Hlss48VQ9Pvol)SMkT z4s8p3{%b^O%i3xSPKq3FUDl1w?zmJ}tL8-dsZ&>YuYHefzBbu#N}}_bj#gGH=wK@$ zRxt~Ipty`jCwH#W%ITUB4#B?}LX+;4wB?^>F`;+;qN0VY$rB#;$}hZPBy%Z?U7AvOo@#7=DHSa323ys;1dowT+Lc0A#@#R-qWG4;`8tP;)pS!yGZzig^Bl)am9!)>K&)miuS? zbIULK=gQCDzmH$L{1zcftgt>kdN@?G5f=c#J9jW&e-m$ArswC4dac{GwfD2U1S41l z#gl*<_njH!l3-)J@LysfZBjt3A1_G8wgbX` zw~fU;dZV^cx@evXv(tCjZz`$EW8<_ORfWJiJ~ElSJDt0krt8BWqu-cPfp$sRt!6koHZmfD$jqcR^QV{HV&U&Z6_|x5 zlB%rlk?q$;`H%HXy+nrDKhOv!pjb4AEhrx_0eaadTrp z8VUb%Z~6MbQ9x;l8e%xWDVN7BYnEd6txs#M^c=gsn-Yk!?Z5M-O^jnSOoVX%^7|1U z5htWo9EC_#j#C_=TzlYjnwJ`jCc(A0Z{I%EH}51un$m|FT+CfybaDAXLU8xZ0PbkB z8AKO?AQpc&CgBlK_0n}A{2#U`X>S6|rDJmkNi=EQTNScQ!l1-`B_u9VqC#zX0hXRLm!H|&bI9bEvGa8fL%;8gm_2Iv1L-)W-0Tb z=I70v`T4qkDAt*7CMKS=)&!Tq01E(0{>b7)SmUQYBipFxu~yAev0Q_^%{(hD7WGbc zNy^3;u+!v>`QEE*E~FtWt!W3)~$v8c>H6WmqE!et{{4pN2ULHH~?wvb3)%-S6K&f`zTA$ap7g0dZ_S3_3 zk-6p|UNgMqUh-867`3>&@`e7bI8c1sVcC4XB=2-u`Nu%bC}^s&IOe&Ji%uBn)>(Yr z@LyA0Z&I9#0gqjN@>&K)N1&(TuaAtImKv;Kbjka(X(kNor2uIW+)ID`9k#YnS()qA`~#*p&>9zd~{rGl0J-s z%#q%s32omFx3ugD7NPQ2QJ}A&ZynyfV(b+5YcJ|rS&RU>_~KL7uJ)oeUMw4zHrDgl z^+T{Qf&=7%LLq7)Um?_~KX{S$bfesee8n6?S6WxPi zjf;3pYK!p6Xa>p(wx=@t$K|j~BWx#z6OQiN>F}PfB=DV(l;$m3e3?|rnPs)~=(r>o zY!)rHA39M@p|)%1&W_zb{%(Rb;}U=;{l9M>+-aq8ub2;053d?S4mSWR?CqO)JUH64 z#Cy;O){AfEgn{=CIVUx5(?%L|6!m^!jXWZf4~JU}tKBk6jpJv+^mY0t=n&{yc2Y$! zbE{r=Nf9#sdJ!9EjKkHO9GRAC{q-W-QA!EATV8mowMq-sg4zf7jKHGeH)Wr0lmXhX zBwQep^uo;~kf#ojPe%ft;kTtzn{}`*GzG9CZzpbmnxArQou)50TUN~QErCP)#~HQs z*_e|pnhn>a@3HLv_#G_eR+*dYYO?D400CpRu_b6;9{uo#Jh;iHk2?N{`n4Md4zk?( ztAnlWCB8$wO~%w*?78@#C%w4Jd9w{rg#UZxu2;1Njn7=V$hmTBOIoh*t3BQW0S||D z)3_0 zhLP8ER@Bcor)Vl6)37%1kLV4@rWPmLF)U~T{KYJ8&zI%r^A+4Y;=_3lg@e1xY7Nl_z zi{|Qgcm23FUSoi=35Jg5iV@ZxPXl`H!&8eU&wMq8yF|NHt1c&qcpHsejoB67eK?@w z4PDKa!L&$pLFDLBw1~1mPWfOjTF*El9>L&~W)}=mE_Lce=E}$XfxLQ1uS7G`Rvog@ zxiCA9qGp;icW(Hk^Sb3-kV?4#+Vbp19x?LZ!iH8f5{wmq5HW)@cHpclO=2#Rys`@t zaV}KjBjm90iH^fu_cI{NOr&8x9G8DAY#AL0*st?2j2y?rU|r0iCAR|NlQ->?QF81O zMFu)fI&$O|(>_8>TrVA_X)7hWag!#q@sSR~{e%*`lag5)_s$|d4_l2yN&w~UW@a5K zZXm6SNWG@2%z43BtD#)2zEBoTnl*cH!f5)CSfy|O5Og*lJpneiz+O0R{6MxeF1pO$BoGcYt4M}gAM@6lxq!aJK^kX(x_1kA6=_AT64qguVxQ> z=nLzn`KSVKCmC|ScOJyW#YF@MJC}L>d9>bk`HSp&@(wRw-o&jo1#S1smoKB@7wy`? z3@^DbXM@!IDs^-thxLtqCM^bYZ|)fegQOgd(8C4p9GiSmtH-pPoW5auYV#!|=G@t{ z1$2&a57XGvO$k!>7~;-_=7n};h5GzdbX7ODChsvZK0cQYg{1&6RXJj`0=6YA=7hY( zN)4BvMzi!@=BqCx!vLu9wxq-&z{+y&+_@az88$Zu?Q#g`^eN2BlBV;M3FB&F)te?h z5J7Z&^7w7eNui>`$s&@E1RS8(QD37d1ytCiVME9BPx5yOP5?8|r$~-U$BE7T@9@JE z4Sg_4h=K;%kDusnJ?#ZBfUX@qpbH<{cfo5|){KL7zn<4Q0}l8yYd_A*zlu&hTt#J* zZs&2+jiBB4^_{PQ1V8e>CakC!5IL_n#zw2v}Pog(ozbg$nmd&tWj(( zaicyY?+6j9akG{Rq!1(ER>Xk=w|RXn1Yg_)2QQfP%DWvqU-oB1A4W`S#2#-&tr(*F zpuPf?@EyjQoHH5)ZCO-qAis&6C=-r`pr1@gadkTQhniy|R~{AE3PwJ8><@66?XA20} zC6kPhlk1@3z{2AlZ1Fkq?S@Ip&@0k*k+I(cf&g`DbgpOIDAk)B#BGHuJ zLFU4xoE%kdur>pO9ir%GmR5eQBphTpoVPo}!?$qwOMIbt`XL~now*3$gLL$hino;3 zhWG=@!^>__>|cUo;(}MGy?iLbI;ym1shQZgp~WQBl#@r~Z9!X%(_6S`5!99{3+=9{ zZ~kU(BWROS7AU0r74Yyf%$f=xlu3bZH2!5StD`H}i>C;kK@4DdxkP>LG50nDVoxx- z+Og_|43`2VNslg>R{f6L4);swcE({FDj*(?JM=SEd#n$?SjcX9TT$VFPX;y2naHt| z(^tNHUiXLR^0urjCpGhDAV^sX@1S+t$h8~Ie)*r_XDmPF`SZG2Judi1V)!RWp!1QG zl(#QmS}Il&gK@Y1g&?}WsF}iNUD+CQ`t%Q-k(+Zb#(INUZE9`c$nYIYWDw~vp{kKKgj z$iPUAJ5^ss!tB^MeCY(X5HtzZW@)q?-K)gBuBMqJgZ1+;s>&pNCJr>lpv9{!wxvu9 z73%^c;?#p@csGRb%QEfSs3A$vohq)a)h0iyE5VlQeO6>%fmo7QHF zY-E6xSR1&iW??sU|x8{RkCwX!nNHC-1!O)i#_7ylM`{#=Pd9y6tTt5blzku<>)@{A>D zf#dNWA^7`5=!ezvg6Z7VyWs4%FCF{#J#p02yp=9E0W$G;#UE))Ac?l z+vLfZFbJH>qyr&+G0AB3uBvAH$7^(*IxTZ?x5=lha4K*}Oc1LLC(gZ{eAjrl+(6U< zAiN2t{-W3!?4s3w^<~OHYXN8 zZG-tqnl5w4O|I*Wi;O9UTOqf^zGJP?F~}>D`X1%DzQ|_48^=tqHS&w%U79AcYZ6@! z-}U&kU($as{{F5bEoZd6%(rTQLXmIqWEkK=Q_U~oo@W=q>La#gADwz$++fUF4x6_Y zrA6PUZdM+HS?0`1D1KGHK?9jiymaNt9R5ACnlF{TJCv@RI*IL1>(ul(8KExY+Sp%N zEL6v{%iXt?t7!U$7u>yj_e7g06JaOGJiu+Ul)y}S3gn|6v}%$l;UeT?fGS6#} zi=;8&$ut8-8M7k(=3i)ONv^_>^|h|0JxUx}V+xa;2_ixf{pZn`M+Uibd5N$lCbBm)~p#d59~Bnn^qW@Bt_eMJFajHQ`rmc z!Z?drCNuaF(vm2LIGiVZs&q8ddC58{pJ&$%^JeM)+K)r7d_&$C$&Er$Evt`(53XfY z^xuMtTi4Ed2l|-|{*tGFnMSOoWLwI$AfXe1YZ|kS{zk?>J?96cDJY<_X1Kf8mzSqY~^-3<(kl*K}=bN#>Ma;ntEl18fsR_ zr%(TIS#P_z$z1cKwj+gA78rz12^CoSa+RsU3+L8Z#!$Dhw4GCe8H;;>nyHCbB^;&S>1pjaHNm#MPGhwm^ zGA)MueWzoW&j@wh*<0wa0kX}Z8xa^SR@)CMO67R*sx%IA2 zn>N`uZ+-~b)7~HePV_P~&&MB?TNwV@0N)|VKta1iONkdoOOvu5U9Zjk%AwVJ^u3r$ zI~Rb~$cIPX>dS;M1>7*_Wj~_12d%HIb{n~(`#*44a@XkoN0apQt!626@O?i#GI@aV z3=Z~cVgpWIqrT{IBg}XtTn4IJnoV_6@VmagA7^hYhA?B7#4OH*B6NA^V7p+wrA!8-u4x3Pk7(~m z5Cwa&6fW6(Qo@w(QdK5V39!)oH$1T0L*0Le(uj9WF;inW5!O1|N>_Z`_vY*j$T+~~ zllmJgGo$YLbD)zH8hm=L2b21(y3OQRx`8+O4n8j4qhrub>O7z~SSF3Af|9Ub__(<=#*jU;E*GL2G zrrF}#ef)SYRZf(jpM#e6Ke*E7&!4{}B_txkmKaGt%a~KEaV+Bby=STlXM7t<_Aa@N z&|(!QD=?aypI_OJzX7|kr0@5@!U502p$sX2PwuFsy(U~iO2x|`#XY)o*}`&;qbIG$ z)N=>N@3+%9JLNV(4Fh(=h&pu-PhR!)oZio63`pgG|7%yKmc8&}LXwL>e5Fc;)&43Q z`AOHPo-!=338h_}Do(93op4f+23;U_j%(7jf3#S~?ssIYMCg7Y}2q5*=F+=I)Yf5h<2m74iO3}W$6HK_#AtiE6; z$Xj^^1^P4BLrZ7BCZ-3wG-2MVS=`IItl(@?jsC8F0BeM-cH+`u1-w$%u>&2zWN1>OkC=wZo!x5dg#mIqD|;qysLjNv zKsk4KbbDI@@;CurrN(r^yCy!7NrZCDit;3e{h=!>aU{JVPBOJ}SU zq|D8LL!%XSQTmTxQXiix3jxG_Zd`&ogPPZyMd7pSO0;LKtNNSYQ1Pz@gA=7FI)KzPziT48Vq zVE4#}qy*M7eG1u>PInJRsaSlD4>Q*dmJB6WK@gWTiiuQ)%YG|RkqTlK-69IL#U&^n zqItTmpROJ98YNBQcLBt7{syg*P5plv6VdVUe!xy~YbY>2_@PR+pyumIR;7=U3Sl;* z6&8Ro5VJ4J3`9#kPI)-&ppIW)OGRIaNlo2BCfH&3q+_(sN%9IAQIcv_VIM;ajl?as z$J>30Oq}Um*-=tX0%+2iSs*MY9~ab-L#q<}OFht!%yg&QrFrZjyh|-aVZV1Tmpe0k z`71k2lzr;bAa-dT)l9PDy=veN5e=*599UMu8o3qQ4%J&_wo7gjR#PnO&e5gW)* zG5o$}4O5uuc~;_P1ZKt&AEQv)xCynh1!@831(3!jf9-lOv^s)w|pr-ggIU1y?0hAU?b*WJ6 z-IP6Qbtmr3gYNL~6iYei_!z(&h#sXt*TK8^55Z9qeod41Fpj%UWR|dC`AIL?Ffx@J z#OC+gXX77JlH3Rgib0TE^07m1E{-guxhrzQKx(jrOOJf(!IPGBG%?5xKC~0WC9Qm% zO2C5+*j`24<`fm7m$x8ck+?OPXg#A-&-c(K>YAG36N=?m$RrtAR+NmL=}YGCUxM_qB}iJQDNgZ!R{U4(?HUDR?29JCcUg z5R}FEk>S#WNX}J^3Dyi?!)9b|u{C?`eE;@sM@}nn&L*;DK%0Q`DGS$4yNZ8#Df(($cCL|C!ni<`rX2s-s{j5Qv2I0yD7xC{+%V!E5Ph!8MixcJM^db)<+ zm`IFB@xzB{Tsd?I39iiB*mVe03G~!>*91BdQcmed3Wfp{br~J`_4YX)bHafG&vf?x zLF6Pr-d#Bwq2NMBhPJx;C4SkY$&-&G;Qj4)`~J3IQ(4{Z6*IMc(VSWh$|vEslR`ef zbG%*lx6!t?Gif_P7O@4+GT|%&Xn6w9^XpeaW-gGT-A*sqZS)I*whI}c3+WUJ6*O-f zZ&!K&Kx4Bx)EfGLQE0aCDDnqPe*N+#4nnU%6K#ts@3EdxhjDBV_uj2Z0mF8(|K+sU z)3MG;uGp+`VqQ$Y&Fbd)`+ElZk&3D#5U$qEkoYR+jVGX-FSkS%6TQ_%i>lQ6S zUHAOS1V>CyM6+R!&@Y14&-YyN^xU`NDjLOKoOR@-|F>q%XDB%ON``>_t9l$N2$19$5XUk~hkiNRD)_Y>OY`BY8ol|#@#&J}0s#~c4+L4B!!h)?1EYhP zo-Iqs`A#nVG!Txtk=cFv^^4~zfBX8CN9jqvb8s0PrYkm1S#x+hRkI+gLiG4CRvfcG zYigve{R4?&d38LEhzNOp+`;s;G-=#;?Zw7lwa~jSvmr9?o$iHA2el*a(4jXAhF?Xp znEJLAs4;(7Q$7#D!~LDq(P0C4GDLoWU;iT_BAb!7Pf-3cgmlS4~yl z{{815Y1wL-)TSRh7RwF8n0vOL6${*nH|0cKAjvW80SyVa~PEKPVH!KMYUx^zDt*3SS_G1(qE5^JC&c)lcQ;#KXqD^d~ zlWG<>fK!r7@BaOFJ14pHj8>bFtJ!8UU|3gyC1g2H0@W;thY&qJhpUN-nu7g1rpo)u zpvOg_aK!%D^Qee6~Ry)6^n~cygTyd^E%Nt zcm4Y0&ed^)opYhzp9g^chCYC=u2pMath#aSnl!sN@{x`vJOD~*oLp=aF@CxCj+kMw zO}p1d1!j-&!DT?$dMZW(284@LH1W6rEG%7-^W5CTsvBZ*<_)Iv8j5}t+{PU`SM-jC z3b&@NMh9#B;Lod49?*$Xr?hI-==(7mxC(xz@q;6Ge6S<*;;D1xR~LWz(o348;DUNi znPz~)2aZ$StpBqde#7+ld#1g0iK1Z$e#{YVi%Xs-)=@ELPtOf{XYnBG)(>Uv(ch!p zp+i2T^NWZTn0^in{`aWO)9m&A=#QccV~gVLt5@=|AdS>U6z?_c8!d7E!I->HrdfWC zy1FYo{3@_nc?Om)+hF1W*)6YG2uUtRehVhdvjB8#)AO5Kb9M91>MrC*SvLuPz@}PG zGx6!oZM%BC#+s{DGt}5P2zmqn*HIy|v7WRZE0=(oY=dDRTYUBWQ#%M=K#D^C>0ii6rdRKkawE{c~J#3Lo~{Fr%<+A~q=YEZ5L|ricb0ON<%* zWrc*YP#{>gRxsxx&Gj5@gEOm-FFh=gbVgxn7i+5;A9hK?ys08Jjm4#&M}dZ!zs$ei z9&8er+_3<<4_lqBW_azWMRvs+ul5mxSG@V~#Pr|W>+(-Of5|J8A_A`q zL(OlNB_$-lQa4C*HCc(#A#bd+P~V6NFl&n{_wm3bS`z#9yybsDZ8<Y-twbKy^Nt3p+IgCqH`%V_5^ zolhuG<&Pg%!NrknyZc=&oyk!k!{P!1)i7x_j($BL==v?(>I?hpQ25+DG`1w_)P(70 z6Ugm4c1#0WWXADFB})ey8W~xF=np3+ON0OoJM@!ny8NQ({elS{r1>l*W#RtiK{OK4 z@NvE9A_q;v6D<>0A7lX;v?*DG0O_16M6tQ+J19ofxN68)Cx|2Iaw0Rj{2&jbv%Y@( z?L$#l1T=%DEeQscfu^)sRC}56yCaUNhvn@pXoMh5JfAz z?hny_^qMSLVUKx=5B5%*I(3^6t#n%6?BijA?re#ULbywg>Qt@YuZw53QP5A(^8wML zKK>=VAmnj8Mty!at#o*_jrDU7lXQZs#&#!hq|~ei}^TIZEa~ZPP(`s-?HWWF2NuPwHY) zYlT-pO$&-2)kmv!P;NH(oDoJfrYg%Y9vB%LzkgV$ExG0}3lf-Eviz)Tx?8=F?{j{2 z)Sct(JpI3q%UcY6&T$$PwijJR^d)N0*HgNAJg%_hX<0n&-y1I|AB#(zYl{^g9xOq6O>l{-IH~E^qiSl2nR!Au$9D)PRhQIU2>9#KZaS6c zTKBy*z9WeSfMjinlB^!ouFJ=2Zw~VjGznkOQIZZkggJ@F&#U21Q$nV}*J$PL9`E|J z#kcU-wfEO&E-~}A@Oq*#bO)8Tf7ny3ZhIDh%aw|%2lU_lv-ld?K^i3$Vowa=Mlj6H z&%ef-P1k@4O)i@#{UqYZcGmGnq}L^e96CtlFCrxrqrvBl=UZ5qaQIjRuBJ54XzEn2 z2BJ-(T?lQCCbreftOLv{9NdwIHLT5eA#BGXRLg;d|ECylQ2zE!QoE8&Q-- zDvqt3Y&06|w5_98LC$N$8xTeeZyFYf-67K=HCwh^M$fdUI8>E>79Bk+-i)0zNo|9L z&*8&Hl+&}gvEANrM_hq@lh6gyPy7CNCtMR3dcE))xxB=j?HqoWi;E+dRV`}BN=bXP z5Pv6g(R9S=QvV^jWXM|+7S4_5prZU_FzyZ>P&QTVJFgAi*Y7bzP-IAePDEeIPnf-z zEJ;tMCD}2r5T%d1i2DWoRdU2A>2vUyZ;p}~lCs$Q z+OgxOPmhEEV%p1;F5Rf$`M~Smbky}&0pQqzD!}rOI3~mrze~MMo9p{}Od9$-+?;MQ%(e^bhxu<9<|lH1uZ z1o;0svc~`VV$N*wpcD2l@m8EOdJwFHo-cGZT%JvIN7pe2hIBopbct9x6o+i~Svst@ zIEVoz_CF;}F8cKXN6v8a3J%B?nS_p=6MB(Sfs!K5#E(A_{rX;SzO zhv<|fDcp_)_b&a*pwjxr#>u83=d?0KFM)^TxTj_~*YVB%_g7 zS@odYSgAt5q?E*%xJc)`Mh&mniSX5w{EwTdGK~ot#7Z%bGfvOg_(rt_N)*SdF1e%1 z7K(X1X?y;t(Erw)5T3KlzT&9cdr(EcN@WckFHOxMEGVUpEV*KmSJ@c_d>=zo)5w}z z7Nbo%>{@(huc;&R2=o-1Iy%2@&wZpx#XVeMXkwBwrkInhk)pKhSAWuHwYON}>t^Im zdmdn5R|y-ui%Db88$C_6`P}k3bB+gGe$n%JwRQd=S}?I2+^il?+d)q=N2`86r|_5D z4(!L#6jyKzX8KCkRZ!itxlQ!i8SYw=huPErZHGD)6tPLn+q~e&OP5!UheU7>A({d9qFZ5|N26YjCduzP;SQ`srnF(*cAbBnd5!v zpM60>Kv?z5A31SigyIhBkL|Ew8$NH~2ASnH1-wy6eq8GghPttY7MA0TPj@v*7!75t z;WRoTsDBV)Iw5mz?|Wp}!Eo0RO*fQ4a^M<{+G%$6kJKehS4<9`t zlT$j1qrV+r>bXps(V1$n%^k82x!*i}7A1+Q4~hAoZ@*{ORvu%^lJ?^4`^qwd_HLsT z&5|yF+i+0qG4qsQ1Y_e-yzQ+IqpziQC0!{gpQ9`eu+WExYDL~@5mRLoGR5>NwoNN5 z8rzAqzh2a6z<|>R?=0%oudkt)Gd3u(V(#%rFyBMU>4{lKu&kBU)~Ob^Hg5s~wQ!o+ zE)lM?d1ZcrvTZCx4g|Bt;47t{ZFpv+yw%-)Kg-Qc+k66R?m7+|;cu|q@T4MXj$g+B zgtE79ZLIp42F5y?!BA{1JaettI~eern-AeX34vTLRk3!7^X+ceAggSYOR0*<;TE*` zu!h6Jl{Qb zWfTYgxl?L$tGJJ_aM~kgZoBQ+vAH8|lRc)3@NZrib6a;6Ud|~1Pd5W?-K&dY9Ip*5 za-TCNaCER$rRNaDw$y(&PH=J2+tp5?%cd`1_4?J9n$Z3GpO$p&w1~afF!6a_9m1Ka z4`5Vh|8z3Y_Y^bnR^NT@+y{dkT-F1;UB-_efg89>Nz~IZv0tHTH5#hk)I0h8Q>z$9 z8!oJGYUe(C4hb+Tq%)@ercYWeTb`UZWf0!2^gNBI{4W1&Db#!Oh>*%&Gso~3*k9j1 z?Q5y#=Q4HbXx7S2)!`=!N4YE}lGA14L|YDZJ;f@^olKP(3lDg~=n~sRV{Eg| z$L2e!w$fcwOn)yyWW2Cw%t5zqT{%dT;PIcGz<^W##<$^jAPTM|P4%63`4VeJXTQU= zX$M@R_!Q$Sj<;-DP1Qm~cdosb_4dcg8+=rim0D_QHV?m{&qqIY`gCf@)xE!0eEem% zJfp?Qx}Q5olx@GFA@Lw@F?4oYURRtkwt*1|FSh5bIWD(M15`QAupPPlJ>GT|ab9(()j!eGgE1LyGt zuGlgmB@c)xH4e8t%@mu!4pVN1Z_jn>_cn!ji_M^Q(r0mLrhe(_2^+M^>Qi~?tqcz` zWu`4zSL3M79QLs3Kw}P`y+z-x)^E~vHQBvqg(u$mg^U2tpSMD(?!*zG&kHm!Vy{P# zSk0P&Ii5PQ&TjPRZ8Zz)43^vv$D+fm71s~0+}g|dr2qaoy1BfAW2uhrBJYUP(l`vm zTv_8a;{C{?*OAVvmweyFQl^O`X~i^Ybsw{@AwYyeqJ(0KVRn~5e@zr(HlvKaLt+ot z4YG8DO6+xGPwU*>77`Zb{x!i0p#0!-13HnlMTWoq{GQ`)g-7}Oy{oWxxzYkTKeo?~4mmF531fOM7oKPD$QjUQj%+uIu&q31u}p(c5hlB!LwcEk2NuFhK< zz~5}Tdn#fqeIB5Tob5*@oeV6mwmE2l<%Jc>xv!STkI&n` zZ{Jd89rM|SGu;iV$p*|rolD3R>L?BKWI2l_30}~Ne^T3@#<|IJ6@LbFT;6_Ni|*l# z`QwBY;ot-VLQkyeprZoiDwo;iR|=kxa3{Sz+<-A8W<$FTNIdw|)$G@YK3D2KKKJFc z?o+8;S6yJ6{IMzZIs{z~=u>J|(wggwUghKMbr3(Js#cI6X$+SN3%?v`apzyI-v)?^ zF3zt{x3N;OC6=~NiGOX{L8sO22Cue);gnYL_B$G25fe8;Yu~3&pQ^LqU^gwMPHl(R z;&5q~doBd?Ri>H@9yjiu>7T>@6JHlD)hKE!m>B1YlH5 zqdwnm#B9}F5AVOY-z5BoHHX>pD#>=H8uA=+z&9n>j61#LvnRvM4u=?+8faW!aI3PW zcFu!-Kz}@*rvguhBXp5$}a-+$?^VWn4rtvdT?bl{$DVot-z>$$)u|FkTX7ijbJfFgnB z67BrVII7ubs9Qx(rL7A(n`*UdcPlY@R50R0Y;?56hdl`ibJ`t=ztWs=V$f*k-o2|X zEKK4d2n!M)UvKW*H>SmXjiIExFJuQ-3U=+?*N4(!FfMgHq2I~nO^mj|bSlA! zwixTMSPcMSNtq4=Y=XFJP_NTsTh?8<>L|%p3d*&lT5K1;)Rxg*k*2XZoV*pUs+v>f zks(y%6tdVvd4mGY-G`G*CfCVYonY3XO^l;Is9x6Yf5 zVVmm9^hbhIW)=Cqe_ZpeJ8=?OZ@xsN>5Pu2M#mOTldaeOcB7B9<}(5|9<;9IuEl;G z#8+^m!BFGk63z`AlYTrZ2>{2*vZmtnXZ$unewy=*z=_Q0Td-oxYsfxmzQb{v-1OT) zD=&Yg=y8L^jSHnJc_Y)wDHyln>qixul6 z3V!y?nVrVza2xzBWPV|R6R!sAt*x~c`u)fq{{C;_rb74avqyHu(`m%H*mA`!nYN5* zfAcxc+rNK<%zzd4hMIRFzvgk90{8ozBL$oB!vz%Wi4X-cnR!G}`jIqTs(0_-Kiav; z8~O+oJVrZ@9|w3~od?=lg+@l&F~CYi>Mv%}?U~!5RjZK@2vo)+Ky3%PMfyD0N7Vo{m(^j9c(kzB&_h2YAzRgl z#Gt8N7V$?1lanW>)(9;UM{GuZw4*~(Re#8Q- z1ULL|X{f`NY!}GPLT{P814|i1>jbAeK`Zt4nzS0rthz7Z0 z+y4FS`kVp`7enH9n{vj{zVBHId*TDfuvp@;t1(qWn*#X`GH4#sHMYI`Gdg~`f1RGU zh6=Fu$rD|-H8vPBGg}oxG9WiLL~qH_A;Qv20yl0D3P174LjT63q%^_#$F*cIuh3ChP7-mVBv!Tf2nl_Wnad!DZwrE#t^adV2ADABQnxB(7Pk+t92{w0rv0++^AA zK*)Ck)x2eTJfjzUIZli6N_p=x!Hz-M%aFrlitGQEg57h#fUEc*daeH83Qp3+Si*Oe zxu$2&t_j&>a9R%r(SkKp-gLYf?*+(g({0WKHm86|223jY4SRf*AvTiH!{k`tt^39i z&~Yt!<$}04$HYD~=f{kX#~$NgVKw|iVyH}&0!ueg$Ve1%w(Q%#U%X$^3Di+H;nupZ z1taZC9-dODzkndo9<+RRyQTzL3=Nb4#b@4JC$zkRdTti*<^?u|0pjVYQLg1r!z`Pq}Kv00hxV z*OAR8)4(HP@TQW7|1rfP_sSKGy|)smPi)+^2EZ^+V*fD4eBIAb+OW0tA5c93savYw z%lHf#(<{aipI0JneO6X0F$Ea7T!w0$_cAAdfgI@D_&In+)?7l-+#KcWoPe|B19-sh(fZWjEt;`QpwIr zWEPbXvZIVbR+O1h$SlhGJ&d;bqVkNfes?;BmN>painI9{*kdOdjl{L0(r*Svr< zK0xdWDb2w>?3f|ofagWiB!i{^eLa|TO-*7?Bw_LNp$pdt*!+8tfdLydsVZ9gN3Z|_ z^d?$QNOO^3tBr4(7#gbLz+Z;#-UoyvOlabHY*2(gg+g53Etu926Ze zn}?!lM5;t5v3mm}!^H-56M=;SX^W&wBZ{FNfxw=B*#IA*>%QP({8dH zf`<=hVfV=z5;=UB9}izS^54+TJ_rjV$KS*NLhMJn#>UY`FU?@9u-M~34XJ6RXACiP z5?6^|{J@6H0!}W-!!h$7Yuj_GJ;*4z8p1uOjiL0 z@KMp5gaTg1Er%}k4p1*5-T?^_f%qnNriN91%oUJW0jnwiyGH!cVdo%#7=)!AwG^f* zYrLI=%7+H$v`e?M&pCjy9YDgMLf7Elg`lb^?|L%F6qngQBje)-dc45J)=n+VuIN0(S`AzC8hU;P}p5Ql4Rub3CX=^46&0wc=RX)FeTxMRBdb4!l8hiY9jOu zTa-jVJ8EVkPKGEP0p6`5pC;kdU*J}Fr$O&*cqAkk;i9J%v@O*}iRBM_ zkgS4&^ad9KZJj3Fak4VUYK*h$7Uh4)M3T)hEh)G)?CnY6W%w3&p9RZ47TtRc_@+aqlwrw?p_Y+}Q(1E|q)Zf-l$-12ZS}1fyu??px zg#-nWO5a9P2EHHggncLUX9+j`7r)=`Q}w{XKQY%&=ZVWo%&NeSh9>r1h=cCYqvsbf zs;3_3PJHFSnNVI{;)>t{=}oR40j_!*OO=?n%ec2Ee`5w|Tn&%EAazgRPo(eiRISt$ z_El}QzikG(ge3>%O%QMfbj77c-lds~+a1*@A)~f|2ZJ^R2<1&|J;dbm)`P6NMiqPk z8~>!4n3&@4t3dZo%#4Ejlo*!^=#u|3rq>)nA^PEv4Q#v&*ky6X-$cp=OvS-{edYuK zh;9xf(Rr_|ZPL#DP&NQFy8d_Zz@wO$Bqqn~%$*pYj{X7(bbot3)I&u;jAa3ub=)$% z!0U#Ao?iav!^qmJwSPs7eE~@>E^3ZK988$4)fvaqH;{c2qmxiFG(aX4U+LuXQw}`2 z@kLnWJ14B<@mxf}`+;NYO|1tp{f1~}@KiEZt1u8gLl=>X{u_yhF7G4(5i9Yj;?MQC z$B!e4$PyI3s9~(@{&oEl#cczVBzh#aqAJDUM zU}8ZP`mF5d&l|xE)Y!kWhK>Yel1nWPFoMy6N0Q9WZv0xx3rrEk899trb?$(8`z}A_ zb2DE&WI62Fu?dI~?xa6G5SVSppTb&b3-Hfl&y${zg}9SDKxtloxmSq_lL)VaoeV8c zMQKWl{VO8B9rV8VZbn_BwKuo>$ryMLq5}acqtjko6}>Oe8HzhU_xgfl-knGy#Y`WP zq&8+D1*0Sdc#&{_d+i4-(W%3!dJp(bM!?o4ZAz0((L6|2V%St9SNv0g9`Cz+35P zlGY*ZzY^ABC&33%H^EK|{!XJm&_JKM)Mv1sfZ6`~(D#KE!qWPuPYIL5v0{ z5;7VU`$nDYzX#R5*Ht(n&#>8aetsZTN1!a$5N%o~{i03+O zVG)hX-3Cw$fxK-qOvF!!bPt?)*{CdEBN%p~9CeAIySoHK_sq#37+MVo-Uznd_+)PY zbo(JUg>f(g58i#O^;Z#%2vz_vv41h?sXm$mfISZ~GHf$$l;B?I;GvL$1n~A>dqlPv zBeP;@1?QbEI#_^&myo&f8r3>)?m{wQ>%$1bhj0qrg?DNp=}h7Ipm>+>$nGGbN-sD# ze9$Zx6%yhDM<@Z@0xQ2AYxD`N=~CB&ZI|xCBx4NX0fqi8&>x9cXW=vfVcUVm?CHetnRCg=KHMca;?NrM zB7LzybPlmrooKlS>pSVGQ$IZ;!US*$r(iwMFE<6cfUBqra50yW-G%NJwxp-|`Fi-& z4UcLw@LRI;eR6E7}PU=nQ{mYS}P&NE$$q3DMXvr+dfe>j*b_4A8# zxXe<(>O2p~9|i{LGgKK>OFv(&;fX@Y^k<)G2@S5~_mL4bY+sL{L+_lp)$x5NlTq8p zZIH%;C^_$Cp_|0zzZ!&w`9R`DEPSFE1}yRed?jO>1si4s>2OQCzFsU1fDmYflvFWqKocsNO94ZJVh8oNq@gNk&cY>Sqfko{YiUX zubIBunO$*A>go3ZrcFUu#V`=_C6R%0hm>726WBbb7@t#f(m}kr-qBuHukOe03=%!s zglz2AEvTd$E`N?;!u|P&M-No)R-uD0}}{R-dgv#O+WuI1g#9P8!+RBIMG2&XP*9xiM@}pY(6wLhT*X1 z!g67(<*^aBgN7@l_vq%A`GBG7GXTOKwWU0Hp>%S819yA&~xU6}d!6HYVCs=-SU z?J@FSU;nJl7h%M0BxKpl5n9lyF`iOVM*cg|HQ}r-IQ>dnui$O+1TlBeosftxqvSoN zsWA%=Gdy29_?*umKRI60>@|qXBnU|T0h%0iJf*MYXgl+FKDq@2G#cdQHg2RGoq;OJ zq~2gXDd+j~EWoIr@!oU|45IJ>v38$-$zyf_Nf?ZnE_FOg5CLhSF3JEQSo+UEs2~Qr zXn&#gcAP@HN!;Ds7^n~K7XY_>3BN@AE^%78e?JOg&7&@}-CG4Pm3<~aMF2_=MiA$~ zYxuEqR(tTMbf96=!1jsU6>Xxh1xsIYJ0_^-J?`oyXiB=?`d%Ydg+mJh;#3TMLrm2( zWUsg5RI>PO7Ey8x?F0nzcX7$FMI9B~$l7nsz@Y1>GepR{aBLHCmuTK$f(r%ehPDhe zA}t=+_svz3{tFcK=oZjfIT+C<0``K45F5uRx?Dm{20jY3ubBV(bz<~~-rnPh2#q_B z?Gqk0v;xdHq0S>=4c8MQ$kJRfLTd%rlY@gKN!L^~sw6%+IaUyXL|{vJeeEpW8U@U%Y$&W|$$`m{hOTi^>pB8&0CuA>UlxB4xyiDS?r%KV*J)5JVi!o&pu zJL@-b-G@m@5m14TK=FYb?Rq#q#PP^O$bWR*YU==!5Qs_91oVVgCkB%d^CDL0^tRIP zPwhCi1MeOnDS?pT4WjX40BnQ-d=INmy@J*(4C>g7tB;Lz8%+#Kbent8QFu%n@X;1!U*s z)PiZl;X(Lb5FS7e#*hAr0VeDbo=+e#M1TdLEU?q~57*b&Qh-=2YTdEwcu3H~AZj=q zYGmXD5R)7D_%i6PL>L~@#8N~{5(+OcQL#EdfAVBBc)&RIhRC-bO-R#-Mp|E=7G{aU zmoL?k@QT2MkD3DakDxgtG^$8jCcy=UVYdc6DV|hSlo}YCvQt{RnEAyRO3lkhECi!J ztf+DCO2ZID{4UYxz!^pGwO`9UsqrgBY6!@q!JNCjXYM!e$Q2=`SNZ+!Hp6qP1rI^q z4~~9s8StJBSgGO|ih!={b!MBxv)foW#0(tVr-Ce7muJ>+_K_f9IETE?IS-4m7OCP0 z#M=vU`4-O8*dsam(DUv92uM5;$SAtx5p;L!)$T(`Ln7V_s#2tD-04zz^_ou(r!ItU zRJeP1@L#`{o0WP1L+~h+LuDWacH8G9_e9{-0kp)hcW>{Lyx#@MC?tR+@<0_2JOcOd zibHfEhL(YIv4v(##F;7>SQ217Vk{BD8cPIAQ?eFQAFJZnt^e{R;lT$kX!tQ-`dgi8 z@n;rP9FThxZ4Z#_5fod_hxgY8u=3u74F^XTk#CG$J1bM)aZ-e^z9I<(dkRD}DhQ{X z!G}%OcE?~b8V=cAL``x0xYNq#hooB{=1eg(Nl4P0G!T2nZHl$aI`Y6%VsE#d!fQE8KNoOLW0*xX!@9Nqb_SIRbAhZEMSpr+eM-iJGY2wW<|Du0Ejtk)Tg^n*fLOsV&ZIiUlF=R${jbEUuGv~y~H@C3A+PeMbV`> zTSxReP=eP(s;hWFwclSxs4YY;87bTiZ5ijqK%KutStD|(tvU{WLQqVs@ZOLfo@+R( zd(@eWKbwOhvV1lJuz42~Qy1|aCM;u2q-a@h8(V-`w3hjGc5sNgbIU$%OFlZR|p!vje0?lX6w+EGbh&>JwHTaGiw2B;b6gXzkGM-vHrY&?3SQ6lS z&wKDlzaq>3du=H-NfqLIN|?_gmvSNK2Szo5u_dS&N(((_r9!}`V>czf1!k6n1i)bg z*sRw9bxzw6NK6QRK_&zvMimdY8*abfzaP&a_P=mEsrMs0;k*7nhkFw?;11}AfScAJ zV+Yem92}PVy{UmNg(4FIIM7b?hRbt9TtqD0{NniWqE9}vQmI={BexkY{eX0j75}Cd zOVFbKu~%XZZWA`MAe_h;W>WCqj<61yH6d$%mGrP_3@}T2Xo2H19^wsSaX!WvS=GCr zE;&(6cioeP1PG@Nc~V;#8a86I3xbz;Ftz}jWdZ+=p6Z~Iyz||9nnH#mBE>@|KIgpk z={qryQC@x~f2RMSK>@pRswlH*?v2H+a`f=lo1Z|{me@Nv4V>iPaQge{M&0fXWy;dC znlH&_?Rt-Rd#GM{=D9QxQkq<%fxG2v5zRZhJNwVQ^tO&FpS}`@Ib;jZ?j9^TKD#H| zYrnzTj@-BI#d7^E&z(OH=9G%`o2B(1o)s19%+x*c9VO}Yjeo^bvk!y>6&RaNIKD1#D3Ddvdv!DNM zh{KXHUmt}rLN1G$#I#=fg8LfIWXh>g7eA#U5QY+bwI>M4&qh$nP2_d-L#IOseUoNf z*;!a_wN-E4DJhdYC@sCm@^I;iEk-Ubdb;pnAVbCX?e6Npx`Akt9ZBC_7YFU!&Ce|) zX?)C7mmaU4J#`8G5)Cb_%o9H7tuaOb@9i^bk2D=h3moxJGTW|;CN7^D0ZfSm1KpNb zX2NA6;;bGWj}elDvaLpUpg< zu$(=-;96bAf;DA$>Qq7W6&DwJ+;`B$C4ruE{3wo)+%DqW===G*=jmBGPFIIDFNZ$f zQ~U*I$nKTPl;_02QLqqeYg-xj~I!_!oKHH{ad6NIKaAGOd$y4uiu3x4yiIFS(>3E1|y59kZ zFHv2hP?Qnk+7}fL3KT{QBAT7?<@4k)6hFbaxsI>K1p&%{lHG~CC$H*#0>;>0(HF8v zdE`UQr~`@x+e><0-r6tfewMA%2ifXp+L0%3uW;bKMJoaAVNA$yl+dFoy zHoQHi|1PuQ+Johw^&2nUBgF0h^w^IZoo#EH7nm-Z?2}&q;j5t@dxOO$`r-YAxZWAR zy0KB$@y#0-WL|B`!~!cv1zmL78*d&xJOxqopmf=PAz@iSL{z7JXyjR-Ts@wNyRALZRfaaMhb>(B6=UuyMH>ik6wM}4!YI00d^U6 z^~9Ja|9}AD{_;HrPck0-q2qc1zF2BHI)4A{hzJd^z64jwzyH1z4=>Zv^EIDZ+ukh> z1-O{*J78zWvfL(forU#w`(DvO?@hQjzT~gzJ_M&rWOuMgJDR*Q<7U^e*4??I_~t^D zs4pB#8pmw8`B~m!J&}I<*1pF04u}5?SrJP(G zuUPZ&TD`4Py*O#lYGif#c3j&!9UB{a#BQ_a!*xg}yAiIuE2@c@S2P{6jfWR_aUkJn zTR#IeB3<~B=>`w4%|~C4=@)p|A?!s{o`8g!5Y%2M-EW9#P0)tZ*VlJ2Z20_H=U(w; zH~Tfzly8(FHqBW@@x}X{`O<*H{_2nK%7;GHy)C8vCx3cmFnVv_p+vs={CQQLmC35jMM%q5f3yTpTB4)T%gk+W;=W4^4Urj zpTxwI)x8yzWgZkNI85nvno3jRPzhkKQbW&1I4?kr0t;Ti*^1&>{SXszG@sq_8oY~1 zKA7kQn4i$a!r=`1b>Huav*^XpT%^5z%>*m3^`qFoe#(RwgtH!!2FT&mvGjnP!Y=`f z2{$OI;~SylUs~eksc9M-|1M?vq&Ch=@sn%&_?WNEmd+^x`=~(TktSF|+=StuKM5QN z`Jsf-1}BWGn_CcyjpmjX=-0LbZbqJ@8Y(gP{%HO8A)1QNOn`Yo$Xwk_SL?@*#JFYb zPDEb|#~;DSqgq0tb{%=r5d0!lMYLn`B-g9n7foD3X6ktFqt2F{j{v z4Z8{)MAYbw_L;xKLL5aYOfg%XU-wu?75Xj_N$;9DO5u_jf zAUerlXiorjfq5rvIOt#r59!<>CxoSVW2$(k#OFf#40QXw6?~-yp8-v5wIv;GYrbh) zdd1MhFmQcnC{uE2(a_Xr+wSe#?InzB$J9)<$zx8Px}Ka&E2*JzsM3zw2g^lbak0JF z_+Zgei01qEAJq1w(&P6Fw+_$rJ>74f5U+Z>K8P{=^Z6>YS6HBg(G4a!df?tfX+}v) z`wpN9;irL&7{j?3;W)=#X@I&l{rU5IxFsM+GC+m?mOlfJ8-e~pb+|3AB@`eET1XNS z3`tc(DFGC~5H=e$$ZE#MyNUTJ;7S3)67#{)cohC1>)1i;j>f$&_zp|&+3PYC)*H#n z&C5YYsd`nNlVYboi|LWp|0LQzl{_7#`sD<7Pyu%h=%3HARU*Y;LzJI^#QzS2P3-JXD6gMyHlVT2SfUB4+71ip$ z&jur_D-l|j$Ef^XoYS$<+H}?apBBJJp62RRF_*8hEK^g%?V;4Sj_bcGIv%$RyPw@T z|1W9ZfJhO`^W{qkxMU#=pn(n<=mZKwb#UYeFhng74#fdM?V~Bjy`~@{o-oU+%<@X| zANW69r`mb2v@;-KM0}$*aA4?g)HDI@gn@{`LrnlCga8Xz4i+&XPzB%8b}g%Ur5050CnWbPa~+ z_**K7|2$^TZ~y#kgj|MBeQkfa+5jY?wKhfP?d=4J_{!4!v>u*sCe<`75%gya8y3ES>`Lo*;qN=iFZt3X1+RCdAL%yWL*_>`2^e@#cMc9{@YYCihls@p^>`K&3BF{ltwG!gVGU_b0f zSl0jwVjY|iEdzd24fqk<&{0wN)5Jxgq0z)n$ay*yxG{&aAItw6rUu3qeua*TYc3?x z)YO0e{6YI04mT}Ep%A(xQoMF)l4pNiUY7}S7^t=I z%p@L-{79P4moHr%n&>X&VK0?n%K~m|z!3NDu5ZXT+A;eJh_@ty> zw>uSxu7WO?NaVtzAq9$Jm9E0MJ61vz&P^ZOhU$x{u83y|M*dA9lL?0R$%9c7em ztyolIjI`6ziBYkp0_#LNN zk5nZ|K9pPGlVR6v%u0)!)hR5Js!MJXw<$Rq?XTo}v(4Ui8BhJ+wYC%sqoBjd^480N z+bF4a*3NiNyV}lKQHH9oyZw{0!ffv(aohW-%5zjULJ$>d-SOs?dDXMvn}yhbl0ZjW z88KvStV@ytMad#3KQ!vz@wt<6H}1~d@9EVmO>~d3f1EgSgxE*7zJ6_g739TFG!TZy z#=+&~^4Qtp$BNG}5uRkY9WHfaI2s`@A|XK&3hJgeff%=<0hAw3N=gWFiGW$~orL@S z@!INwEs*az;H!wBLSKtdN3Aa{y^KIxQ-9@&C@%VqY89oOq3W$H(o|IL?yL6o8iV-Q`TBb2(=vhwy}X8F<7_uq7pB(leIt_n?fDIP%X|7q zi4;og(~<#ZSk0KUL!jOS4hY1HojoGOCEuOcs0il^TonNNcR{%gCnH8HM*O%b2LUMr z7OfY|q=HVGnqKiylX_4TOm02!A=+HRTS98fN*a`y>vYHVS2|IRzr*RpuYKm&j;NhJ%5xV{YrdSm4Z{}zwO#eKLR8_RzLlC@kS zQbSK)pEZCU7&v%k;C|bIH$z#Z3MLx=t6_2LemolsQMo0g^OSEXsm-Kih5g`j;-?~) zmp2@By`Pd4aX5f_vTb!nQd`3jL!j^>@+E`haVz){>Ns%tED4D%IbFk>B$<(sDM}QC z@rdI)x+9s6bAIFb*+Y5Rs%CtA*?HM%(JA|Ej~fr4I%WGgg_`p2(ZHLP949|7iP_An zxcE1QZLJ=gx|E}KR-cvibg1FU^~t-+0@Cbq-tSoCy+u6oGwzW$Hw$hfnfCfOW~VMM zOXYs+cymZW=CVq6cX-V0oqfX0oG=NwWZ=a$!YqoV`E{iVA=o2+r3C`D&oCqPU2gSKo=3m8Kk_(beKO8 zcbs9accCz?jAa%Ro|m5P&r4p zoR|H;qaxmOhvGhZ@D!=7y3cchwm~1?N<*7)K+%_)y3fKqO^-JyDx8A3JHGUSX1tuu z4(w3F=N)cWoh=`JKNK)lAzJ;Y<=V=J=y-8IS(>Y!)@gYWe{f-2i=E;XFYQ|5IeF5Q ze6FX!O;(VKIfK59GK^DjEeW=s!H zGz$M9^ZFU`1CFMr`Fe*py3yn0=0^_YJ=VHIO*MZ=IYn+uQI1u{#^(Nm=-|3hn_JY> zLlv#vg2$kVA?jhc13t=VIa~1KjzbUn#hPyUtZ>}^sJbh|6*4`sGyi~UOW5xB&lJ_X@M8NH*r18Lh~?qFe$)2+7|n`?Ngj1L=m=akkA#GS?Fl?;sIVylF;6m|H-!De0@FU&R$p zs)z`l&Ys5LGTGHr2@I9=fV0tj6C+8}va-TJ>W@K+()t(1Xhi*IB_r*2kJK`HTI7pB zZV~$UK8=ZwLbb;v9sGmz;E#|_Hu~=(lalq&msfrMGb}W}m(##$w(oW9Kaj}IHmb#0 z5p66XSu`@NHlyfvQ!eZ5__}+2ZLlnY1jU$d*NnTf+xhJXgyjc$=rr3YOdb26dlR`< zHKF(@H5HueDKhp$==LGX?f%kBj6#IYLBi_}C~22R?lODWP6f&{?Fk)P`Sosj`26aZ ze%`}!r++EFpsT;EE25@((r6pX!q@o=G2hP?r&QuyJTAMMbJFITd)-}~C^nN5hvS5L zw?U7(6T))N%d8QfZHkckBlDA3fZ8 z-1tUF$hnY+VAf?%=>_@O)SWrO&vx5yR8lhpd{awHRk$Eg7ZK;+S}3k|!ipzfgr;`f z{r>7t+QU`>H%*`arp{POf6p8t?mT`>bFOcj?E}h$H*aK5J3X^7wc00@TY2o6y}i1L zQzxllT*9WL+moAZjh`Dd^C@@M7IP}3Wj?+D?lyl9V=!EtIjW@cFNOz>{U2=e<}NhEkx`UdK$17&>2Ru zwXGi(5wVjBhW-tlV9eLAdjPg!q#8i^QQ%sx*|rJoU%s#swh$DU=N%k&Vyp=iH85?z zcc2;@9UUCVG%y}}yW`N|xQInI<%7hwb9+1a`SUSp_fH=;yyd-c^Y50A9!=!(a@r{& z|ERnI5ibsvd;4YwBtMGg$@z?sR&gq^omEogj`{GNJn0_>anXSnfb6BNriKJ_>CuGV zdfu4=dgA?AQ6?(nn=#-95*}KxbA<(Ga&yD#M{1Df3?m~P>Vc}P?&^Zu5h-~&~xLmd0x4jMd3%Rc(+pGp*`hJ~5gQ9Fst za(*n)jyug&Gr!fW|DNus(xR3fYiVs{DcKRPpr}qTedY zM%r`O=YJ}3jfMZU_ABJ#_bVlH_Gt@Fj$z2U_v7~C$^fZ{X9p^5CIZxn#kE_5^YW^l zBF@`Y#lx+4f0K}~ISTf@x+3qt>d7^+!ANCyfQNMB>q6@3U~x}9QN44k2faeisZw7& zuE#Y%o%l0`hr#4gsMtDXuJpwx)|u~DU!U%6@95IZ(L5=a5EGYC_L|8eio?P6jYY9z zD3C!yUrr#!VAtG68+IaSmkiR)slK9&uZvL#`$YilZ7eMoR#u*DN8MxGyTnEW;cCKs z4Ht|U+X0W>F3KI3dY^ORKq34Eke48(jF^!EC(jQTXfdeLk16k$PfV0$=WL6N9^bPk zE!XG9pTz?o&sN`iux(rG?|^TWw|$F>F4@}#kMr=%JABr*Hr9(f;#_#Xo;)N)K6LYJ z#goD^mYq2{^X{IZPoI#2Y{_WUG-hAYl!RkwVA-%M|Wr_DJdG92ulds_EduP!l_?}AH_T> zd=qB>f(XRtMvOP%!hrT5p$ZNRTBIFc_w{WNA+lfzi2zaz2p4FG6gM+~-|bq?U%Ya!-S`<(&#i4~8AncSffHc{Xyju& z)-#d3h-e5x6oxKv3aag;%LM7r)zO_UM3jUm$)E)zNDE|W<1uYQzyU;G!H~w;-@acz z!hPt_RCT%brOQ=oi!H~3hd)1KD7moHv@JeJD@jI!Kic|&DoNwYG{rdE?lUr?qBMyz z^mgOpQ&C6<^-tuqpfL4~i#02XPj|5m&mOdFW zQi|ElpI@HqkLl1p!^W<$!Z~21p-*N#UHw3T`OV7gxxVuLpMCQYqtEx)YH&Wzd+@O! zVb6(~b<>gZp65Mfeq~p-E^sP6Zttl7k=*>vTo}Xcsb!pRK2!~SPs=Vg7a=P4y<#pc zJ@*c4eRu{2tF#v5=@a4PXm@UAqFnV8=1@r~a(F3rB+RN?LBV_e{H{PF>b<8^&+-ArkU<1Jg|1I7Gk2jVTArq^M`8uWR4bU$Hs z+;h+3^yv>|E1rNvJUA6TAg=jOkLtT$E?+o*r%#Q|-W9?u?4>fdRr@|MJ$kyv%3`Mx zC4WW5MCtm60>WC-j{| z_4qZQz-D@VLe(y9&=GtCvB`uwIi539*n)t*(gXG9xn~AVi}!b}S6vf5@%(f!SL3~R z4d?uWa$ibJ_@hYtv6CWZsi)?RN4hZ6Xla5ZtAgZ3Cnpxuoey_Y(CtWVs(&3LWMp}U zNCFjT7fn{Sk^(e%wK2dU|qQ*~#?n+!yOsmdmSu zEMBk2adLA}<)x|SuUlVuYdcc##h)tSi;Zv!`}*A80M*Cktu+%O17a86-}iY|T=KH+ zP{5W?Q(fNuW7a*d4l)`%&i0^Q59ikr4r@tMBRtZ02~I%Dpqf&z&Wjv6R0GW)VOg;c z@2r61>!v{TLB7qY4xgcGUp^+^Z@yq|*wVgb+u`xkgsJ%gi?ZMKx1DyF(10y1zB_Os zQ~Y*R6k)uA#?)wz{v@@BM-xqvntJR&J1ynU`CD|&mGE`cg9XVxZX?eFK zEX-1#F5Gz1({G=_FQE#4W^HZULdW-fh3oV-)`B;)8YfwU9*@sL$r8ZivMzi#T$TI0 zm%uA2PMnJIcJi@d3qNSw5-D+tc>Ype-MVRzbcD*wQ9sCEY4DSRzcGp#I1eV}Wt{zf z!9V=Nc<)H`$OXIZ{iT6Uj*d2lO2tpNgs`Pn5`SJh{eozLk1 zE5(drk*eb7rb^K&XPt7PpVfSs3Y1if5>Mp{6);lBf_ahOs_i8HP7F&NKe7bC+_*~4n8Z1s#Yjd+!e)l8wYi{c@^*6 z2+a)OsD1C?q~h73tl*R#fUq@ebv>E zMXL;S@jmffVss1P7KGl7_^U9~{q53P%QvrdX78CDSjmalHk`Wa0!R?}@bMr0&Xj56 z1#iFdE;ZfLtXCBMBgJq0^E(ne0Y3vz%rPj9?m%nUs36y(vI9`XiDJ@Q{*I4l^@;+< z^xj_xIkIiZb?d`%lcRRSOMO945>Zt9F`sKtwd=c&!(YwJY%c`lcB5Bfx~bNdw>SY( zYhvuomrH56tZ<^h`TqdkKUmowD|$1+1(YgW@@=xQm4Q!L!S}p{#lTi?QYPE6U|*|y z<}`HSe3Pvbk}`Xbsq^fPo3^&(0DxiX?99q@NJ)YHpS=A0_a7VcB57X3_WlC3>8!yx_@+J< z#9!tMmnkUNPTXQJG&54ei^qnC5Oqr3$H!`J4g%zBYqqMr&+l%w%6W&%GI+D+u)cZU z%9vsCj9LHKb@)=(XJuMB#7QSkweT#wIA_~3Qg5#8%;w%;liycNZLoXy$a(7^m+Ey! zu#rcP>ehalx+H61VT*he7HoU#ib_P4tr!^*99u3=zWVP;RH@7pM3{PDWqRi^>wbHC^4_r*o*ePP9eJ^WH`&Io1!?3(`@FMFP3H+i;rwwKL7mOi`o zbyDuhf=Yp1p3}@JFuES29rDOi*XVfe?eW^>3!~2FCVTp`6G0@{9+1mi>N97x!}Djz zZwfkYo&#h}U{o05MERDx1ei?8MyzD7aF{%bS!lV(sYmkr>$+b)745s=$xqh%8LfR> z#dd$K_*b>Y$M+!qAt?@Xzm@Sgt}cUkB(K4KO;8QMWa_h;=Y}RDBPqua#!3we(=LYo z)wA2TS8cca^SAz3JO$emr?N$KCTN~U*4)OKJu%xclZLfXlbRT?ei7<7kK}q$OW%I;ax3uj>ypnQ>~dC(^V(^ zsHvj?fa~J(v)iLu-t}sP9SXVWKm&F*VO|kRb+MfA`tGeyQrDT~0;ZW8dnjpn_|#Wk zRBKzhOT1iM99Hp`=m`lOnRFg#zt$uCNOwO;-~s|*MZ)QAYaYw>-B{dztfjdf$Byuq zDozE1$EtG)l17G>k*!}XuO^EHeNe%bTs26zIg9Cu^T-cZk$z$wwejPio>e)Mu~~ji z*mjCxX`idfLB>NAMdpzZ3-PJjq#?a@vIAYj6O&jd#uOJzn!Qf)_4+(FM?t>pM89+h0VEvFrIS5=66r4&+O-<>#D5r#H*)&HyPWvfCGaW}Wt zul$FF8-6PJaz8j)Xje-bNk>&@1`wwq%9#c+387Gg4$*t;R!DQJrCz9u7 zmG=p_43dyM;ZhDM&lMzEIDo!YDJgw#E-}!7Q zVwsv2lKCP`Kyx)~oqk8U~Cj2Ega}RwD|Cp-dy7KFgpg`?| z>aE7TYHIf%#nrz$EjjP4sLdjXZ{IAk9r;!+tw&44-PxmUbBqcrVg#hay(?F!R{8^e zap3XDuox&QJR)8jz^_+R&=mFHaSB~pXWu&bh>*KE0{x|zZ}*%y(Yk*y{7RGdsu`o=fh@%0Q>1Wu0BEf~uVRfaGo@830CUf`jDi zt=noP<}_(1g)03A6^T6-=VANjPIYV{=*`c_%ch;;v}WL41Ky1Mt28;EFL9&e$yqUavW z@Y%h1K&D}cD?H-~3CYO>8XZwfVq;PC+vM;jBLmDr{#Q$jat67vTuSOEPMvEJIaE_F z=h6Q4Bi)&wKgFcQYLcHBJV=hC08J#7r?I_sW!XWGRgvX6)POQl4fH@aW@b*m&m|3k zxMOUZMB{|w#j;FO`!5-aOD zPF4Qe0ai3OVs&)Bdc_m{Vcs|Yt2{ zG#;#caGZ~c@_hEQ@UDDe9Nj@p<8_8+X21OYQmmGbE|j%*nuNw?30^LsdGP4r?eC9- zr+!E!pM8|lmKb!)RrCn+fy~VIj&@ZK1%<~I{+yY1cEl0j;f%b;38C)JJ{Cv8t?L(3 z!LF5XC`WF3Ow@GuFh?9Tu#Y9n)BVu;NWtFvLda<6$?s+kVSrh`&t!&>s%5ZAn5~_y z2-s4_prYTp+g++fH8wUF{5KWil}AY->94biv_EO!{ZCuNjgy!q zrsrp5Z2Xzt=S5>f{W~&MyLbs~dUz0tMfU8xx&7zfVsW*X9^cDReRU^a)z&_73cB~n zGVR@3j(1;V0wo4KA9Om#KnxmVqa&32`KxPZ-c`&C9-xkMQ4UTh+V^-S@nayJNzbX@ zac(G1cekHDr}OM&eZ|!r^|hz=_JS;7OJ$ZQad(aV`|}Qmpx;|RxqBOblD&h*MZ{1hbls#`bGY z1-0dJ@}npd8%~`go(yaVs(EbUtIGSk`=4Q0o5X{`Z(qNjNA4jw{Yr<1@rbCP7tao+ zV08BR3;QKyv6OkzY;{_J`+oTG1L9hu#GjbXJpu@ZA?|S`?kY=!W=x%7ffM<)=`h>9 zqN89sY^T2Vf7ofy^+A*-u1O7GJqzn4z6l2jh#bXz4EJ&j%2Nn7>$~W*4`2DV%X^F* zJ%J64p@qCGfzq`g6h-?49ifWboM51G`}eGg&% z!`T6buNh4`1GFt8u3|t?U%$BH3-L?@r0N(ldE?QV41e>nW0Xi10ft$Nvuq;6<@%=- zb9Ux1^j6oSqk{(wQik8T*~V{*6CPp^XApZ5p?dIR5P^440&*45+mV@ zvchwEMPyUK+S!>F5IHncEu8d}l&bK+L|fSW*N(Yz?^6soTsrdy<@Boar+tyA_kqW} zE_@Y?X9tb5e6PDcHwv~<=Yjjtsq`Ki8Z(x!DY0EN@-jTm`}v`xlaal8jjnp`TLgN) z>rzf(BByw?SN*DPR%|!3u$Y>jlIr(x%+48}N!d!i&yRmqUhGV5ci@2iicnmAZB^#+ zBEQKKG$}IlKXY@5V;Uu0yNPjd#j97A`|zBam)KHJ-H8~vcF=>&sQZ}m?xD(72vF84N-FgVW)VZnGtJ99 zz{wo)D?JWsBL-7AGLk5X?Qd5?TB9i)xk&qaIo`kD97#n-9Q{)nLHuF^P0Pw}otc_& zm+h;*DqspBtUybghAwyDi;H%x`ryk$zq!f%{Y&)rqn(}2RYyGd1DoBRmshX)daHqq zvs1YCL|rfx_n|7czcwEf%*WyhSrr3=Y?&w19Pki8qxrmJaczq{JiGbKEGIF(-5*Df zV*ZG$D1h@7TicH3TGVm_nG&~mV7CYa{$FBmf9c9a3Q)>xMMZ^DN9_4YcQ%%2#Dv=rnaG--k?6e+ zeL_ki8+mWv$**0+fC>mqkrOoNlSxfO85m}AXDE-qB`f5VA-CzK7~^&y?;Ag#NKrmJ zELrH?a)c)5<&7Nr9#d16@wuoE`oe}zz;EKzg2fQE$YSP9=5h?W=JS~Q2bV2RqKu2x zi`U2_i-)vtR7LV&&7AtD9Al$H(S&X=wfqn*FAU013Sk(L*4sE5k=8cx!(#W{syj`v z!Dubxj9P)!_c*b5(QN8U zmM8teu_d?nZJ#I%Sr26NZ|E35$r0V#W3gS@wp!Nsf7yTP($pYvw zyX>D+8tHZj)IZRhU>T_`}v=lK{l9l@ZXoWfebmK5dQnx;<6??^dGhhbl0bj%J6?b_#Lt*4FcK!zJBf$ zQiU)3zpt*{rh)%^rJRHLB=4aAA-+x;m~XoS0U7a?nNmo~g!p~p>$uYYKmLFV-1QM` z4-4TT!mWZK1^Sh3B*>ru=ZD|{u}O^j#9&)>pBxh^ATl^q-l%}>#ehB{whV`uy90y* zaQokZ%RabiO!{dbR}3K~Lb!hj2C+jyuj1*Z%!WmUk?>?Nz_2OJ0pngrEMt3DS4eug z_1jL2bg=&Yvzrhk7Zte$x406-Ir29kp{G4ojR9l`aS^N>`aOcARw6;*3}~%kMYcMq zScyneVloayRW7sPC_$ZF{{jRLLt3y*ng7b{Ksb!^$Q^ zz&e6gM+IRyClM1Hi{Nn*hyhSK>Ulf%RGSNv!(yb#s|M-ie#YB%Z=n%X)ohiN637k$ z1-^>}*NoGn72?jStxaEE-k*rC-NsDaDV-OKJhbz@&>{N+g4!7*QjV{^3C=^;`bCU)8+jO zv1V!TIwH;!QDWQD;5YB7cnrJdjzDBK8_vC!W>xl+Mf{Sq?AwF{Rs?tb`~QkM^MD%D zun)f_OUaV0B;g<_TiGMRDIrZ8nTjGG$xzBt6lu|kq^uRGkjcJPNJ=p!YZRG^3Q0^T zlP&7Ip85Xx{3Gd{-t)fCb8pXmU%%^jMj<)?7smhG2Mjw6Z)XI<#qe1KYApU1l1}nL%1hwEO5SnrNyUOrdQK)e?pF`d8auh`9J~fB? z?YVMgf^z@T&Fj|GmyI<67WcWlpdcLHwad9pJoiVuwntRul{Fy}vM?&X_bMt5!3BpV zK#$k}T8_6zMlOB8!i$%RV28!J!`wMSQNCs6#6jIu3zr(dxx8SQo+N-~Z?m*$-{wn*`T*=$J8k6$bC00W}@E0l>{r!T4%ws(IJ6iq53MUyG1#Q%YiI$z%c` zEu|sNB$H)&S1Xfj*fK;8FFN|_In-p~L(mhaqoKhW*T<5~bt`vU4(fC|;kSZK5dk#E zeM8?0Eh}{f-oiek>URt4Dh51;Ey~h@4UguxBtdg~g%h|!AxtokQM0*GT-=>g6G@^M z36fPc<8XquLOxh@`uEXdz=@_0p$ovh6-|1O(ukZ4J^Wi*n!Usv;Bcq3AY?A+I@!i9 z{;yBp)^-{YPR82Vv0YI1(qw9N8@*u+W{blho~HmJb4+#5-Fp?AKM1f1D^x*SeHR?6~H@mCW2p8 z!r$;&k^4ULz#TdW^I5$G-WBF6!+IhdZ*Bj(?5=|K#kKHSG)6)UE6zfH%LN z-;5xyx20)Cua$xN!Y95=9v!z%*q%Hi{0K)|Ldng3h>?+zK+lr~7M-vkVqwUM*#$Tu z#GznOV^=hXcj+gj28Fsh_wW7BZu<(CGR$a>SrM4ifC%o|fN|q`(LqLgNI2GqD-$#s z*a%6`14P5l=K$ac1&n?bU2va?N}5vY&zF z+{FL$*Ma8e9L5NU#KXj?;f#ZVS$G(r;pofs8}naBy(+WO{LEw0LP*rGIFA3s9SPw$ zhQyR4hMvV8hT-=JuG3qp8#Ujna@)9M2M7fL^5`z)JwoapGb<*lFbGS}qAqrm`zMa| z`1Zf`=h=01Mhjae6=={aJA z1uZ{f(LzxZBYu)M;3vrpIC$)Z;&iGT*C7dv=lTRm zSRt2*!GGNJge@(Tflkp@?+uAJ&8zb8qq6LcO==8q%aP*HPJ4NARrxsS26Cukeh9qF z3|H5Fj7dQ}p2=yqT&AJ-+u=yAcJw;ugB)B5RTy@8pK*Wq)i!gn{a_|VZ*oP-J4yg} z503AGs)AzY&c8T`xPUH#s0S8jJb(Z z5?Jk~{*CehiOgqpmnNz{D=FEFGblv#8>?5CmlsU2VFgfMl_21K9xXq=A3JkqF0iO0 zp!r5=Z}${IfStYlQK4|nx;eApLNGDEHP2QkoIwoh4$>SUav5R*Hp1KJ>nlJq!x&Vs zU1(2Sc`!g(XF(czR`q5X7y`ZpBay3W8?N+t72kXJX#l?zOp?)?K2@|(5{`><;s#tgV zzWAM<_XRUVDG9=GS;ne9sw&Dp-rhnwP}vOp9if={WZhlgmk?qP+-hcqgy$esMp3iw zp`n3L`*s3Q57bXy*VhmKT9W~ZzMERu($%Z2;YK4{HkXK#=qVMbGk;kktuCgN4EBKp z>Vw;ip?|ZtwzeHHR@?UNyGx!gvL=EnwL5DKC0J_`1=^kK{96g?N~BJX5X8e z_s}-2p}`nmcgX~~4iVv@nU#vw6#*cwroYU;lY@v_VB$g1htQ^M1}}&)cbWJF?4+2S zoT&)L*#X2A>_WfEx&qWHo)JUxyAAKc?^N8a*^LVqzaIqotQ0#zJ5@?z$raJB^!jXR zNy#9ZD@CBjwkirzYGdi_d{9S6hxz$Pmh^SMhG4d$;I^}@PVjL6URtwv4qV$Zx03_0 z08d+BLn+#gj<2IL)@S|t<7`C%hzG7{2PObGqOo>re0&t)+-|;&YE%p#o?b`_Vvlcw z^{1^UmGnh`CoM*QfS*egz4lYpw0D5@i^mbQ4Q6DH6+008@x}D?6g**LL&E^+^@k7E zSk$BRKE3q0I>znBe-S5C?mMRLG!T*5+KNZWoMh(Oy6JK`AfWzu#BLGtW9QEO#(xW( zFY8Nyej$k36y2CKVS)`>RQhnxF`5yI+vtpZZ~d6lswY9wFc&Z3akKb=jIJPniEMX= z>t`o$qwT!C&sUg^TU}vE$R<=ySismlLvg7@Zrm6>J_ZZmPhbi%nP+9TXTtRq7i`JM`nMQm*2ha3q*Jj5IqyP+Db{W zv086jpfSI__Az_UUG%FXGyeEnFp5iXpg)>F=F~iJT$!Y26?>y12Q~D_b|*-)PqzZ=#g%17Aq8_kO;fVC>tH(7ywgp`zLEsho?ZZRb0iBGXpdWy zHMC)oa*4Qda5;mgB>n~h`53#QP}PQQ2m-!?1Ps`6T3gG1*DIa;5q5g@F|7MUB~Owk zz^XGiO*jI?=IZ1WyP*g|7172c?lE-t+l7S@3WFg57%Aq-#cI@>%VSxXil+F`;(Ukhu$lNLY&&yGM~t&rJx{73Ba zohVzKs-5WjrmK|6c#)}4yeYy>_h`hS8Ym?RpY>?!9KR=?jUtyzPG+2H-9OJ_sJ>aF zBqo5-NRtlgwIeR;WZTsLggOk`kE9s+CII7;FeNY^Ybyjg6bkVYvW~Tcsk>*VSZyM3 zgnXp?Jj;KNR77<17U!xG#FCjo>*GMu0IX)@VQ}ES5+sk(x74Lng6JFV`It1^1`K3uB~GnBIf22jVaFKTFb9gflzAvjXs0xf+(=DcuP3Q} ztfPn{P_pw+FPKJNA(xA5Q|^EHpZTV7ky=K<}gi-c~QMh zOiW&5Lj@|*_vb2Q(#iKdRH8hUaE<;XxmsG5cs;e6^h=laZ1M^W2!Q6IAYblly3yfm z1>?MEISl?m#u;aFQg;)^c4*|)Ck`EL(pyhf8e(z(Q;YdE(Coy?lZ@bWV^YWH?ozp&_(I@$!!|kW z8cFE2)YEgee4l$Xlw1UUN3T1NAaNPzYxZ6}d-lZcHq2K#`NcI|N?{jc@no_in3A26 zzP`3X!7^7Ayeb@?2ums&Cj-Iv5iI?8r!T#`di6^sS6qk5PzfT&kFc~2%3NO`UvaSk zEolo1X6s(m`o6h7>^T8E@=WbW>!<>Z_c3sl0LaZ`?uijjg`j9qA^Lb|LzCTMBJ!Zw zJw4{~bhpy4Ziq}52aLxddEKJyAZ6K)pS#kueN+n zZ0%2SXO?1eO&eQE2E{0V@f=%vzNo=2Kl`Y-ShTKQk`w6|I=(<7ogIcagJ!F68M?fHsW9ew4Aw*($-LCo&L1mjnNaY)BY+x$$=<@1%Wq z4bs=pB+nY;{KMVF`SV1=PxN}XvkHY0)Tf390V`r_brSOz%L6}+ zdL`+@VxSG?J9<^~6166mekbpGkqkSwFtg=qly$wdtc;&KN+9|S z`7~fIu|8qp;WyDH5S&QdN9@<4XV0{-zdjES?BCx`nn1OSyQ~D%l+=LCSCUY?;2`+5 zL-P|dNKNtaNZLF1n-U4CC-`BlJF3kde_tF7E_*AZ^_QPIt~*%r$5(EkB;wThXPm;Y zL(`p|`!E=pPdeHFc2dk>fKc@D$1@q-o%`gYZ_`EdK)@Q|Kong1&O0!ap%g(HW%9(e zwsFh--+Z6e4LczPdkoo#SZ zb;V;<)zt$|*`8vjOwf7Y+-xF=3<=jH(o*Ceb|K(inBYnQN$6)$ZY3yWTFZD9jmTX^&QevvXC|7Yd7Gb&ZgOTYQx?puzf?u-Sg~V=V6j!B0K%pX4GS}R zcnY2pkfo~u=m36Vj@ccj+Cfb%k5%<9s};e&xaJM-pYEKv$id-OMNT{`=_q?aAaO}9 zV>hGhC>VHGS2D{UfhDb?BrRvIyrS82$r5E^nyV(KCoV(A`1pu-OGsa=;!Gz`j(tVl z!79#NrV%vTKDdnkWqSJV6B2^^qAD#a#kAqj&3tO~@K3um`~m{9TmlJ8+xmuh9-b1Y zR+ZS0a(3KGwXCo6l}N3H%nc0Ix?xW^iHVQ;S&x_v1Nt3RAhMFuM5twETpcbM`N6B*{Crc|ud7TLL1_2qBA|;0pDjE@T zq!>F}?9$y?RAkemS1(4oyHIh{ZeE$qlMxId zIABB^A;ijpHH$!Np3u3YYMovDAwkp$046bKB&2y+5UTClx93zsaCzvwxk(5U_rA6K z+h>%;0BRct0(G;lHVwp91P2Fq1tW?#{HHR1sE-X;V8|15^Rsw9HX~uARxS{$f?({ z=R-O{Wu;E5p_Asc8%5iD?NoWyc8o=vaW5C1njaSQw#_0Nn+7|D(e{|o zZ%OTrM#OKN8yV4VRhHYBd=K?TnbEY8V_o9?hKJcrlZB=C*qD5IVwd|5>h|}li>QtE zeem<}?e**59Q0bB{cHW#sclZrH+&Kr)>upsRK3>3*4f!``x-2%LvioP58Dp}<4to- zLPA2x7fQxQv0nJ{XV*84kF*%5t*tG6+jGk;;TbzfOebpXv=Cfo>Y}LP}{w*MYDR$K?!8U2% z7czo^z?onj&UQYMkDd(mcKNDn&sWEHPz^mOK6mrZI@)S5{Vg?pfGhOQrz{B;Et;cfu7(*-s6xW->Ws-a|)a zjCQ9V&CM8}+%-DT0F))06Ap;tTELJTM>f=d0*8>Vc#L3Px?WdRUq*4v+ay7_39_0M z(@|PuNwpQ4j1!_}tXNSO-Fz6BBV~vF z=zZ;7i#806%~4@aXSUg$xW!0c-qQSB$VL?BgysLB||fVecJ-nh8q|JGgeK>F1fhw?ZGN`^y1c*UxH>*u!cuszH+4@ z^R5c^^z9lSZV{qXzdIya9Nk)6C%}x*e#0=Kp#gKcTM`4l$PV0rug`)c_s7H(y9kO9 zqIS%MQByfGq|{9ayY|zX5OtI4t^l#6Iv9A2(dPU@eZ{p%0aG7DU+&-W@L=) zAf^~5z3tX0EC$Dq2K&@>3aBuV^pgnb^f#Jy9K=B`@zpoV=<+pF z3=LP_SQm%~r;wJ+CUiXOvX!HxEnB9pHF+NNg(SHFloh8XKaQ^$B}ST4>{Qd8b^?Dc z4mIeeyy`H(WOgKm1X>Y}w%tyPHa9+wjF5L*Umh)Bw>g{p!tdAiDQD@mFIdwiU_a${ zA{qT2Y9&vfJ`PXJ&$k%nl-6O{rQSpsAOe@&`qj5r%M-6H^H0q?X6j>-5L)ZM@t$XT zx5Krn4?jE1>8f_Qe6HVN&EbpF77RoGLSy>Rms1bdl7uI(^1Hr>eBY8a#fhq_a}K2U zjn@yW^*MuioZ9te>xWer7IYX88hd})l5q!DG;=1GG2Fvdxq11ezdaUm1~LTuIRpSf ztd*YAmZW-R>M6&F4v*>Ht6yK-^6%HL#Wl&abj#0`?)cXrIZETD>j%StOPy;j+x+Sp zV5V@L`n00L3UTLY>jqi>x#w-u4<%WinfP~keO+C0M#oo%k+u|1QxADpz^QrjW?9U# zSpY&bLUPRzu2Yo0A3XVCvDf>puXwNSk9jXEz3%m1Zk5Up)646R_|lCTaevvsMduFa zZn)~gl|{f^edI%8P_jICUALE|sdY^o-?hmdv8PbZA>M`ZdP+SbkM;9E{AX!)&?ApQ z>#rqHpe$QW9qYCugv7MVmy2`S)Y@;@F#gf|rXw56%gb*r3J?8OaMNv+;sJuXp|#)7 z*AiCP^ii(w9?-+@u$#U9RF$vy-#2v&$?c!1cYV=F?(~3Pzkc1S@p;s?H{tK6$^9N@ zLor-3N~_(l12C%pG)b`uB!W(9I_H$W9cjf#Qk^o#tvBB9?YhNE^~0tXQ>*a+BAMZz=_$Zmw)RevJ37 zsLa{&8y1+d-_e$r{+ojmS;lc=R_xZ-?a-lNaK+@#QG>T^@14A4*Avf_HGdK_6H07< z6H;EU+qLpC)jdsh^WagX%C$?Y)(QEQlj%M4ho8?1DqJe-77>c`nyzSF)L3~jCAY)$ zZT&qKtIwu7PVGvwu~tBh~Vbz`1o}pc_vDnh~6iU>bKcEIC0xjbI z*33@SXlB^iJx(egDYOF#>Qb~bs^1X4#ZKCA*0PVL;_pB5$ymHOdR2_G?W;!7NhEB@ z1B`l`{}(39f+0T+K3YASTU8e*H)%5AAqo@-0cTf_3(Ix;*~kA=l~UHCk!a*jsW?7L zD{}F+!8YpcLUP?kX=&uO#EtszD|L&|^D5iL_te`BoW4N$um8RZ(HJmnD-T=zxT5QR sGo$~$a+7zMlk|UIjgp1_|C=>-*?oMxtW$l>8i_x%%&p~Tr@ICJFL(4C>Hq)$ literal 75700 zcmcF~Ra6{Z&@F`EHb8Lq;O_1Y2@u=~5Zv8^4IbPf!3pl}gS!*l-Q5DW^Zo08xKH=# zvevAgX=b`lpHru*_O4ywpOj@#kqD5WprBCYWF=Lhpx)5|FHQtF;LPH3vo3Hzbdc3{ zhJr#y`1gYDYA;vrX}PG`o4dFhJDEYbySp=6+F3iB8atRV+dElgoCy*@L6Jep zNs6g^WS(TXd#Fn-hnpoOPm7-iufZlVM^Hq-BGXe`EPV!z38h&J3q94H=xRGIL>Fr|SC@_I~0@mGIQ z$rK)iF%OFCZ1MX%vA!Xlz$P;|QYN|?!kB+_M1QC94kG|<5yk~x7^>sb@V7!D=UGLe zxsb+yH1M00JsH+zXSGD;b_Kmv82Z)|HT1ILmOpeT%yr;GX)zOKxFp46%CE)??cDt3 zbO?2Z56|g)LP~yLA#rud^quEns`Uk&BYBvXkDg1Z5P@`}R>g2#qfJ3!wQ2NJNS5l> zG;}#;qgME{9Ac~tLcO2-gDLf28RT1acmgs>Ig|}cOc7j1=IGy5On*TO$Let&sQt(5 zjY!Lsak5nL{)ieh>!hOK?-NNE*Wkt-!CZz{zkfoh`Lf4@-x z5vdHW#aKWN?vtnZ_gDh`M)e23f|t`EbDRmCt?|iW2W`GeS0Z{;=NQzl0@OBD`DLGb z=o18I5_#1WhTj4{5ATyv>#EwY>Ugz4P0+2QY7i5PHyvQ~YH=lQbJIIkl85F^Cppl7 zVh`#vJ~}qj9C}I0tccQCApC$1hVEn-*fVLX=%gD6CJ&8M4HQYLeU7kQ4^V|x+P<3sv!D*pPK%Fke{lT;bBxH z=dIp_O)b>b^C(LN7>Egm#K0|ePvv$KCK_9UX7mNy6y=Mos1^*0*(^i+I;*7VK@=** zE>13`h$&`8!44ZX-JWo=BoZF%Kr48YUZ{su9Q_4G@RyH>@m}geVpa1dNsz3Z47h2j zONrVpKb}?{u~9+`ub*yn9hx?nb(%8x2aa()`@=q-Bm^(`i(F)tdTL%;{C!m#rvil; z=0fk2w3c;kQ06k=VlF1ma z=kPlSs-%k|7~!Zm(KP*Bc}QAI%+BZ}kr<=bC{+0cp(ppE91~4_$rvPEiZLH%i!cI< zu&>X`Pf04O6*_8sA=c~)e<~bU74u>`ZLX%8r1GxHFuc?oem5m}^X=%1*sdHfyE`J^ zOJqIa*%mUi#;en=q!!F%J{*>tQ#>?7QM4+*pLh#vfS%B@lmKL z)y&l{v|X&vq1S(Yy$}anxc>%My;>Mj)Un)2%q}p(V^n=C)qLeobjlnSZ>zoH zX-9EY_-6yE0hTg8C~T(tg8eaw5Y|yP$$^}}3%1mVs^5YkRl#_L_sZg0ptX0e(hppE z(8=i~0&0B1u;dZuU%DPMC0wpT$5)Nm*c7Ad)s9wm#qr^~=kSfA4?l%^)na@{+VBm2 z3!%Lz#;l0EkZTTfaO2{o-6zZRaVKZ|sFwIbR$-l;)>1+FDsnqASy8hEEm&Ar-smK( zo5&fY_4tnM!<|i>De6Kgvv|I+I@Rh%t#kRiWrlw{@eM(W*dp?ZtnaTlO3oj75^NKC zd-1rN&X0mNpJp9#Ht-W(Ce&W(2H}!ZiR@EXw*wC@Za*?#Q)o75DL5D zfhF;ldb#Xe(q{@!E(94JiK2M|awC*i1h-*FDPIb`BoEqP=ZarGGvx2#kzH~6=65`t zT|Wq|ZLnJLuY8ThyR$0DCtTXm8FnNKZC;{y9~>svMo^ut=w4tmb8H(@73Cs>z~C%l zSl9+`>Nt*sw0^WzWiYm&wgDj!L@nS)QS1iCH}dU;rCL$GR=VL;Rvx;lllwR=eR{~W z_~fydEctI+-Dl3>t(S3N9NWv%qge+Bl^!x?UK!D=(x;Pvjq{E_xECk?d!Bst*#ZkX z++z@Oq`qjGeGSHStvl5&CF$l1VR%&x(Lmdqy!J4n%mXB|tZE(+jx2bVGx*cLT?<5{ z|6d0=MD=;Npm={;jV`P%yj^>c3GOcI?s?WE;Q=xcgT$I>7o2QsFF)0nAc87br*l^c z#bU&|?yJ3In85dBtBN{glOG%nQ&PAC1VGNXX0lXoo@HmQFjV*041wWY_!|ftL5rLG zKZ(r#yi+zC6(II#A##7pdLuk+ zFdzHldmJ&3{E&UUmW`vJV|WFJorxL=UkI@h6vIQ(cdVhJ-Wl{RBGy6az{DUN%VBL$ zR2j;-zbBDs^XzyZ1>=)c=LK%un(t!$sT-1$mM{38{QWQvb1KRhj z1|@vQFORK?5CL`^TExgFt`xNl#^5~~bV^_~%|Hii8$9Eum^Z>=`*;Jw2h=7cB1ypk zG4Nw_Kp3V5dG@J_`mCHB)t3<3A25PpO>tvvMBw)w@Ak+QSD6tM2FW3@`v@1zCWGIy zob-GPPSm=@jRYL99N@g5Gy{wvv2J>O*~$5tW$-wNu*Z<2m{Xo;8H_9e&&b@7Ng$pIY5GzFf{`%5#q3sMn4b3 zkk{~}?wmrMND6MeiK4*cJA95o6j0qD@;Www{V`J0dBYb|hHQ)p?E`h!b@~+)d zmQaPJq9iF!{uTx*L5JcB_=7NljDV3RBPiJlBZP6UY!6}GaG|!>4TePxP6fZ~cy9nj zKps5C4e4z_6#p2ddX*xTZv#UjiK3e&1;+WvsOl5wVf0bFxU-z7RBENDH9$&~_@~g8 z5)M*iA{|1UZBr*Tra}|BpQb%!aIZ9V2mTh1$uKo!k_sU%mqYG27IaQlMgfn}N!z<` z4?(64fH6VvM-;E}*68w7$5UmJI}2{^nn1uZwuXSl1Q2M&P;-O+SjUTW?|93`IefkX z5tD+^PC%1Y;yO$v-^wt|55SmLZNW{Nub+EJ$w+E$1FYp&w1O|77Q;M1=i(0yoViVE zw^SQ42^S1t<6jx_9t6?}?%EHECAb@e!4Ho$ve}zmBu3Gg+2MG@C$KBhf*0`b(!e}_ zD5YZF@W^|fVCc+jQg%9rOcA=D;l(*6O^NQfWe7~f#VjrBF?viB<({OXI@dXaL!6LV z<9mAV?}_MCsodp}w#?VQvr1)4Kcv|dnfPX&U}Od4KgA(aQIx?;37Ek^Bh*$0Dh894 zgnZ6VjSqEfD#-Uj#dRl&(wKm4I6Sj+7E2Ho`T?OM+1{qY_*cJ#4u09LxVuxfH z!9(8eI5wzy0xLNyC__Oobb=DUK8jGj2nk|PnC4aBkl}SGgqlkhl z*}&I-qCw=EpqMQK@UJp_nt@O(W@plKZHj+`LEoxZi|26^C~rqZd>PSOjPaiOmsnt2v@(W@t8{{=#N=qzQ6 zf~jvSHMO<3{8`MeBP^XRgCirg*{sIm@ybQcZVnEEgd%=E>A-uLGM1!r;Jbo?g7MH> zTU(hTFBiQJ_8pJ?+zbpOZd;IWMEBFmmv=GQHRf^bIscWu__tdw&^l%Zf?oS zMb8u3nGC~0jTK091>RG{$G1+^Y~a<<^3gR-)6 zJEcsFPn+-a9lAPw($mf13~8lyt$A`$(SCHHQU>#Kt;GZ_L9}^iR@Ukx7z|EXDA#Qi zWM{82x3aRj7xKOv<#pN_RO930gC-{@$9jFao|vf9v2~M`9ke)}FV84fEn&_P@@^Pd zs<-x^va0vzvYtPQH64igd$za7{UvXTN>WP7_e-nWsiujEiB3^bQ7k^c%eS}N z2{JO;#7XDja~Sso`xY2B2;}9G^aOS#?Zb)4{MEUYAJh9hs{Lwf;G_EDgT#^~jFb9& z`)sJGEr1!1mCEjq^Z|oTLqj7i$O~oq?qsrdc&WywmwjAMxK@ORrO_I{hQ-O<)yMIm zOZja{+u#ph^UKTfI$7JCX3{0A44K)t^R+swj|&MLyR*9^FCEUbEP^kr1cVC5vPt97 zV1x!@LD?{acEqE#yc-y*czGHg+6<|gqQF$C2M_HSV70~!1O!^`USD6SXlUZIvXr6; zxWF+n{r&xLJUl!-y}gcZZvErqF@uA$f`X7UkfWpH!^6Xm>}+Luc_cqSKghs9LQYO> zQ4#Iu&!4~5>*(q0H~T(wA08fZewz%KDN@FJSGQYw&3pwVk_L5!A`$l`ZJKt${w7=Q+h#BX8Mmsju}Gs_CzIFldq4nGW>yxT_Z=hfT!uHN z%lCFXdyLW{5sAAT$)A&mo$mL&cl26aZK2I2hs*WdYe$~492t&qva-)mfHM$HS}Q|; ztGYf@hIF=^SmW#L&S6H?bnY@fll|W+!|TiH&X@_)-=>e5K8DGrargldIxctS@C6v= zeIsC%4Ur?Ob}#zuJoal4VCoIm<8gkry91MpMMRXDnvt<=P&5;g>?ir>aiK%(f8d|C zmacB8le6>R(%g!wDpm?g%F^85PQT`?9NpbTeocLgm!I&p05VrL1rK$>eF+BhFHcRu z9|-P!653vzT3MlfD4J{n6*BuK7*kS1vP=wOxXUMPJq? z<^LjPW3r{66qg>?{lk5|Pb2S_r4iXQycR`?mJ7drR=f8-T6ARTgNCV34OCE^K^2+RnF?{e$B%T zS5YhoEkX`@uIpV^Ym*`pa)o7JU;w<*qW=kI{fi*}or6WB_?GM-_8kd-SadX3?47L& zlYh0qL-R=EqW6Jd_2tm)g^TfIknP2_8!b6q5?2PgiG7jTsbSc+PYWqAVyM4Q(i0`k z-MBZa`*_gC28St_*)V9~;q{1!$4CfM5`)X7gM##j61w75)rN-03qxDIe?5$rF>b}j zJJdC@s1G!kYF@gy?zUr44m(N%xD6$rpPyf6d1*<*OX|;`KU&&f3^TqbBwzu)?TwnV z?)&ID%|D1Dt!zhvC|8ni@zrr#1EoQy`ed|0h@7e@e|!IQJY;g&=Xu8P<@))no<7lH z-8NpQ-HJ-ao~z|rF;1=D3gi%(C-utjl8Mak#f-MomcQ#-MNrhnhdszJv%8-ft9bW( zsA7XdQj+@9%tTNrPu{`x&Hjl_xkTjx7GaLKsysiBUEjv0hOY*$|K*Iz(BN?H)OOE; z-9)U&m8Ju03oP=*^$nFUU)oRUXsw$e+QsFitC9Kgmnw7An7cc@4$p+TD3rn|{NBi* z$ciVl>hSQW=gv1u3T~Vv`H=QBWf~i z)=5@Yad)w#l!)IkP3Ea?`_~y0BAethzsLpLco|cJg*cl`-xqrHa;eiK1l-k6oaPe07K=@%Vth{_3zM*a8pBb|+VD z`doCq&tbhQ56q&(M1w8g{jxnU%kh;9*P~&iSH}&uQC=^OIKEei3Al_#_vj+(t04fo zl{j!|fm?2{C0wqz*0h=}{#@cpEade8m>nRFP+JS`io=P0dIjagmz( z{l*I#niCo2{ZF+>oCj}D$D=DVFJPcQXjw#Zn4a&|M92b~J71ARO|0lO?N{G*t@ed< zeh)%KLnIfZ2^}#u=B!XFI#O1pc(lhlJU-4i0CF&$KiJJJExA)Gr6IEl17l;+F~kCX z&W~5SNbZ?&6jCM_?Q6W=H2lorYzcllDb4oN^}eQ1p=~cA1roq^rRL#5*R=4yx{9jx zsw1!_B0k}5a@46djaTFFFnjUA@#9MuUe$efu|nuff8_EzF)o2N0q|%H5}}_KCSpBH zHB(a8l}o7wimD1YnJ9x!GKuuEGON`3+n2d)<#S?)p&!<94IMbx;}>!~zVrL}y|g)+ z?q)^-{#VAWT&JG<_uP@Z`^#_5$|D>(CUhWql9ZO7508y)l(0cp`?of1k&y{PpR4=n z&WGsmi`7B1ZOl;Bmvj&ab~dIxy>xQrszhXey@R_e6%BJUS%(<0VV#ckyp8bSWMCE) zn~w_Uu4PlK72r4dwbt@ zf~s0G4vE1i($>jFKx3=Gt@V7q`|};_c zwR0ECFYbra4H)g&vzw>8@~Te!Y1+*pG1|>`r0_BN;(#~GNgbZ3?Z;-&%&Xpewyb1# zo2Ky7sYizQ)>Sra8+w?EWxXm{LpdRa1oevK73RRRT@LN+YP=~o`i-Sa_6>0Oj}fe7 zX5uZD6OO%uc{J}s0_<&|`g;G-b^xs(g;2v`^wD}jtGH~b#pl|b6{lbr5Gag?mRMRcA23%Y2phdN)l*xslx@<82N=} zs+}<^-8NYvhEaP!q`$hlMzk_W$xn1Sv6Yg!zxiPYJD+kC92SYJK&xVYdbYY~#ffsX zmPO4^>v?wS9%ZZ78Kdm`l&GB#V79_oLWx#*l8>N|4CWIi zy%P%G);ffmo11<9t_k??o_n|4V8tw}G}=q7(kNY&Xh%BB#H!XB2nie3d|;?g&wG1O zGO=Mi^}gGh?S^sjDn_@)dF>iRr!gteSij|aYc}DV=zLxyj!diA}l`q#P0Ii?%5w6r7wVDjK>iCT(sIw#$4ijm}h z?ib#hiCAZW1);RO>|nOPX)`-k)6u`WOQ&xv+lqm~>e(ARqPDuaP`fw1@9MWY{ZhuP zc5g55a-TZr3y)Wwr9>>ZEmBX6o14$&UIxx}tAK#6UhhtpMGn)4v&k}i;!%&=XAck7 zZT~k8UFn~lB6%b%GbEPS!-miI9F}W>CRkXWx77o~`Y{Qm42N_jnfx9B$yxk)3&+|* zZvr}QM|zC*URLxNJa!wq`(d>igk=0@bvs{)GP6FHsDCvx&*iGkmNNI^e|&sg)YTfG zdAhTmo>4_CCIr`q@ce08(PQVBc64x}Ihtp>d3+3!{2?rob8z9HiizcTUlG`v@({hV zxA!AGQPwS)sYFgrOIzFc{A;F8PIkKd*F~iltA*}{;LV<(<;J+oA6*HRgcdz_ekW|% z1RM=N#}qnVM7WuBb;wlr?4BaiZ~M*}x#+?-Prvi}Z}E;T)fbr+joWC|qyp9l^1P;5 zZ+jz|=(scw6qQqv6SKCE(U6AQ>KG12Igmy87j5p40syXf8Dg=UhbrfNr9w)YG$EiT5QDa?wQ0{0cez{&}7 zxe+mRW+{y*XYn=cldf2MY#Z|YSjjy3?qiL^Y_ysiGHbU8F5MqzcbWZ`jdx4H_veq` zd>Nam@N?$+p1+Es2X97%qF|E?eQ>OyPhj}^c!BGJUC4C&)^^&}ll9la0^{Qi(VKEz z#YazVu>rf`5G>kAHTJAz;Wkt1+lOSx{(5TeCc=~Ahj9N>rkTLlk1*k;$m*eHIlA>tCa zg&KIie!`8F`jk~ApAXWr!-5j9xVgD^=>5JBlqd5?6FPs}N1IkvE8aYhbq}}anrwBIfEl(W}^XqO`e`?-hZVlvPA}F+43%L zE~%;6pv$v}XOhby{hq6jU~YX{iUrC<=&ttKtkGJk>=NGh=9>V%JvLYO z_CoUuUS6nhWZR+Y^y7&w8fgFg@$bu}sf|H%Cai!PhwGu!p8aa~FkdY=Hk^47%kPxm z@b!tXGfObKf5-NI_)qPDfnRvI^FB7#M<@~H4Dr%&{Rg)h^NyEWp3o?wp)D3hbdH_< zT{iQp56Pswqw($CC+jUC9AW4%tZrBPFHSe_*X@=@r#FI#)*DkMYb`8i+Tne3d?LbR z+PbFy!Xv*&5-o>AeYjne(;(uP2j2dv-s7pgJ-YQ$K0_~b&gn3p>0I#b0W%W=o@T4y zUW7Hn;`qq0y1ucrE()R{r0H#=m1fJ zL^z^7fs*$7eT~P2aPp~$WNa9z`85jzqX9zzNf60iV?xp6?x17YtQB{qUSO*xY6}|P zVBziv(v|IlCtGX>XM9)T7#{bNYYQsgATZ{%c0bCe7at&cjo_{BzpS%#UacA~UtC>V zY)|J5jg1+1@8_^tuX>r6FLzZAC|?~!vS3?D6bbwCHH$Ps+>#-{s<#1D5z)-_^l0J! z&Q6u@vztbx!Pr{6H*%;Skk$j&aL0uK&(enMt z7bASj$y{p3sVVd80&3cXjD(<~*w{Ze@T8>jkuh0Xd=@yzemW4WJOhSAKa+KXj+_@d zwPeOVY5e4a=}Hm(r(0S+a%dJ2e}YD|t?fr-B;tianb_}lb9R&9u0kc`P{Si`%bpS# zc*bl((N8?&D7KsgEqA0{Aqlil9ycK=4>w6E9-Hl#lA$4vhw2CkxJ=x-(zE5dD;;i0 zSl!RO7;WeQ`AxhPnL?2|w$VkgEbG2kZ0JI4QRb&hGxlHsR};U_0H zVZp({8US0-H_b_a3ImTu#lR4mpHIbYv)FYwQ-m+%#TgzR4um=!0*adIYH}{FB!FtI z?Vts?oq_IdXms>gr^ZJ1>Y5sHfaonKDjLDIpvD~X5A#z&wRkME_jv4;>zh_hhE8b|lZb(clQn z_0m8N!SUQue1`6;@E5@4tv5UGd%3&cn~ZDLTQ8We@NS>ry(St6@DV~S9Yg}L4@;xKXiFHlgPP%QA6JE<$T2bSkk=bE-~1wI)h4D z7M7G3!4b8E^}kov0DgJ!x%pVgVko!$lRISk3q5u{A(yzdg`sTf&R$}<#K_p#=GG9F z;L8evU8n&Ktw7|0Yfjo&>6F!A2Qo)TWUGL7T3S90HFgaiJ|r?QIQ2k$!Qr0tSc~`8 zS@^Hx=Wf=C_N}dOtdJKo65mVe`PZfZa0X9Wqo;yco3yn;@=*O%rEUt4Rawnfs;u@a zA#FK3I}J{Z^v=!X8QqPS1i?QzKx#uIh50>LQy?3sj-OH~UFCC{ZE{(Q^EzZWLOUgnl!W={vnjsjw}(%ns*zb9BMIqu zdfZd$F*TXA;ymH=%QU||!d^}|P_E)gYXOiyZD_UQA*QgG@%vRcGzvQ57~c$@>op#Z z%Tl!k6VHabJ5I})WS&Ch{XAUhi@9^_l9{RtwChU6Oi1E_A?4Mc(#z58=F#JIuwiF^ zVopjL69+keI;@&-@3KgMufJ`f#$UMiuE)wc^6d0U5swKX1)=^>GH&M-jGT2FO`+vF z9Orp*K>UpaV*P7xr2U{ariK+)v@Se`laYx2GhtD+|I60(?8SYN-!%>uMDluIE63yS z%n;N{lS}yF8==Cz7<#S$vBsVKDw61FDC*%ggthioopZ!uEMG38K~LB<0;{{bP5ANp zd)=A@iA8tfgyq^VO27K!4-g)!x%7f{pT6`E<@mOxHMZ~BOwKs8G+Nq*OO{Hfae-pLwz?kfBbO)hu*LD{N78id!IXx{cm#wa? z?Oj;7KR-D5HWI_ND;e=YE@_5!GS=TON6|$Ovpw_>tfIIpD|_I}pbD_JjsRV&mG_>E zixQ?h8kKvv$rr$pn`~^eSC@3De-cu1RII%CnTKx{R@wy1u+d+^i(1p{?8Up=LDFf` zEmlu1HcD$Tw_ZX#l$1aUI?H}3H#js#%^^TY>+NkPBa@JkV&V3yX_$U0f}$qogkOFUbnbId#GS&|9s5kOc7v07!roQsQywb|5C2z4DRcRepEeS-w1+N zXdp9h>*E$^ZUNAvZ-rr-XeD{Vy0*s@60`8Fp0~A`W2Yc4B*uE}7tHxY=Gf4Nk&iX<+o*A#VUgvs8_}aT z?$lfF^!Fl+FLd5%{FB13qZrMH|AwdEFAcw21 zjeRZruD|_`CDKf+trddcP-9kGTp3DkR@_5B(8bf!axi45?c0M$@Kww;(3H{KZcbKS z40uXcP;z+VEZ|W#ngd~=tM`>BXH;rk*94EA9@#v*-@Pt%=Ct_v={5Ofm6#5&7whsc z8+49O-mmXRZ}z4&dU0{j&!0SA%4EOoU{RQw0;aid{*_9^_lZtlx8CGJ*PhMu<{Qbk znb5%|UW4hwL7*&QSUE7XmJM(s26lEYz9)D<%3hEhi@spDPD4%|V)1luv9u_^{y7_9 zIb6_@T1we7S64i2@*kx(zPDg!pIX|Qnod1k%%*NJkf8rV9Gexx6|cu0w%{ZX5Bw^;$JFt z^C{;$|1qbP4R>coO3EK=H4QjHeGlTC7<6Ivk1Ic=A~CbRqq>SbG(E14qMxn=)<<*M zw%mVAp09rk5H~>yCRN}_u%$!+m<^Tg+mFN3_8qxW1IpCO3CyTj%D7G5_h%UTEiT<^ z+ChDyZ?At3=Sp#bnr88w6+mhsmDB5X`uWnRWRIRMHv$#sheWa?DCHbsThO~*J9{%s zQql<^-4szRonwe=B~v(aw_A%TSg%z>>hbli>sf1fI=j#&poBv;dE6U=r7-Kw7JAQR zrwDKi)^4X;Cv&AIx^)PI*4E<&?ZXMAK3xG7`p~j+3Y3%#k)0iXaRkbfxdhyE>#H}r z;;93wiod3%30?f@2?4I5M<%$IBa}fGiNp5Xeh)P`IxNm(^?`|yb7MN1@P>#h0+FQy z?2NyjOl=12{HshwWo43)g;V3@Y>=HyU+s2^%9-oTaNmz?p{c(YF#DDId2*{QFEwTg z-By*$=p>T1W_@peU!28Wcj`DPOiZ9099nvBAjG6`# z{bPtt=UldzA7}nPU&kwJg6?i_@(Zr!=c?RnPi$<%V`5V%3NXJ-)=;mPX}hZ|Pqsu2`kt(c!XP;v51TJFTwnG8^_}8K&i0+mmkkoRw=wP>{rs z+T3uU-l&r5E-&9ATa$_a3F%@SZs_g%4U+@gtFswmpHo{~{HKkevXz>U$tqSmNy*8| zT0o>j$CU(SZ?D7k?bF4hUC(rwHCkMG8AJ$vnR8KAT9xm@Xw-OdX`hS>LjlmL#) z+KHbt(JLazY_LFqlQHj5iy}@PVG|HtM7g=TGIbbh!>Z*;M~izyec@SISvi=>8>kye zVF^plejfh;ay3=@VY*-PXGmI0+0RX z{fC3rb6F)7TEoiyW3!QmtMW$r(-#2Av0b&dwYkA0yDWuVRMUVmvCqTPlYz6NBj54iq4ulis98RssR$`#)%-`; zd)!RPhydKjmyil>Ve{wN*+|(rqU8 z)h#bNspYkkft0L2>=en{Otn+f4!qDfnQb-_3-J1Fio-VSz3v~KE<*t*S~<|!!4pBV z&?skxR1uIVh14lgG!r@vH}NDOW-nA4p6?zV0ZbFH9r*t#RFadWMMa?itx2&uJy5I^ z)6&8Ngh;#s0?yn0sKALpopRur{wYA%IXD1qKmj1z`KM8diwo@R6p4$A13dkBwooJh znFylcG&MD?=F5gQd&3Y>P#|k-*&G(*lYqvAot?eOX%`6y0{Z}UKt)A0`TGk4vq2kJ zz984QHx$sAyklWu@$vEDbvwZWs_-&-Qx3rH)oHMi1NJMA-O5jZ>DFs?i=LfT*Qxu~ z4ZycatNPhe&DcDd*sb&PSO93yDra^9d?z4aLASO(-a4jUp~j|GRSjHc(QBnezuA`R zu?QqR|Ez154tI5ZjoU{B`DTh~^1FrDjH_8+X=G6FaUhv8X(`n^TBm$^fA{eGt4g>a zLlXV%#^DS%yh=_*o!e?9z#bp+oUVFfd~AG}4=PX6Idwi;oVo_^TThQQ&m?_r3Jbp~s;a8G=;-Jir>3SxVqjoY z0Ai;Ypo+8)5IOz9VPPt8XaHzs3Xh6f0TB`k%*@Z<=~!7EW!~J}@NjT&SOcM_6AJ_5 z@?a=|)^PIpHmk+`{PhYD{1m=RJ6)=OegP_mBfUL64f7TH-o9VI?oeQxy5Nhl^7uCki+wS`nc^2M9A~(lF1adx`*xrS4Ck|$n3&-jkn1%9V_eV7 z%yb**>tl+JjeX-}Wo3OBqRmOPC;CqXuTH5B$n^+Bi)OUT4cc{VA1Y=J%b)-ns+`+L z^Xj)^hc099P176woV#*DKBo`V^)Z{o`yZb}Z2!~G=l7Jz#;IaGEQ{-WoUD9z9N(4G zC5mi`4lPhx#q`E)@NP7^oCH2b!%_DY^#LY%p8pN=!9A8oo+{o-j9AouQ*Co5p30{8 z>Xy6nwkW@h%Jj8GneLD*T#CTx(ZKhFq(K4j*v|A$WeoMfbuFR=EW|IQJ@6kpc$zT| z!5;2fPS^K!AQrl`_`B;S5gr>r2YF9@T>aAT0xGtD{3M5e2%Fh^<@)+}jqB8~*KO2r zSxeOJhqHwTR2ZATkQ(&5_X20QMEYZ7nM=kFCJ5&t&dFTKE zBV=AW(q4Bpn`%Z1BDRPG0dfp2=u!CbmCb6*5l%RqcdLx~$AOWe2wQ7N5-YuQ;Ad8R zNA#4?O<|sufp9#3(ylOWP(nq{pBMxV+c6+(j~dXSWE5$~=wU!;(rm2{fyNE+ z?GgcB54FhHKC(=rdZ6M#vXBQ`$&tzZDk%A{O}n5sbohpy-g!Y02e{$&xrS7tSwahK z5jDU>#%%!t)5N&n2DE+1m&sp9Hx>8ouBv6)R{7SA)07b~jH5kZT(K4W(!+C!XS%_s zlkq=EBjiN>J~|Owfgubm=qkayY9>2dE()wbD3vjbkG}X54x5Yd?)aSv?7_CEI`sle zoa}4Ji!QFSvjp$XoVxH>z&u#FKNHLc?}JkIrDqIu%yU!pz%?vcmgGppi>N0i_`{xZ z^duEwy#6qYf0Ido>&riS&Rf(LwkC2;n)Lb zy1oQ|*~2lhzV!&M8ka!WJW*Y;!OO1UWc;spNB}~>_Vt>03tD$JjRo%k<}!dey#XID z;t{@6QZ;Q>LQB%GyG`QU>nBUk5w11O-;Wp2lgYp9pZ@E8$()rIY-1WrX3L`a^F~tt znSw5Y0vMD1_yV7G(TonJ7G8apzram0-EQ zE_Q>|zi|71_tCs*6M>FJnm+qHdMNO!T|HqH6c84Nrz-nYev8Uvqx$!Kxq34k6X=o; zQIW+-(g-FRFkP%hK(mw@SgK6k6v`nt$~FCpz=SEHb@vNIIx_y5P!j_8<1dD;s5&k` zG^M=k0=dO2&~x=1;C;yZjAP;^PIi%*=E4xgfsNua(4?Y73>mH}bjfqNueSV@FBJdA zoC9@EarbKoYKhFPevM9-lU#(N* zi@(fmrrCtErc}XXbUSiHp>HTtW;Ac zQIqe*hJ+WkSXap)4tk(CL!1$EBEk^(s@p?CF00sR;L!UbWP)fo++q0Tb6w&}M=r0a zCwH6$q9rixPKHk$T;zlu zghG?Fxa7Hr!DO~^g!6cWD|Ue!M)v2uI}UJaZB>qpFB=yF3S zLwTUlU`Xj7*+IGjvzpT^?=ZTMx-^DFLgT|eVSzM~B_R&SVvxxs!mTxXtN2C^6Xy{c zyrP2vN&_g-vK6AJ#gQYTEgl_%seiT-Qf!y}0kn6Gjlj@P09h_ni4*h$hq-b~M=E@- zpn!CH81b7F?RuHn1fhzj&WfGvw2%ynxsasEXN4-wiGzASseuZg1cSSPPPpHQ2)~j- zt8VZ}&dApKbHpCFAW7A>@!pYGCNrJB)H|N|-$I(u)5##Gsz|zuF=Q{|FQ8UikpK|o z45(*SpRTv7w+kisn=lfiB*KO?_<0tdEm%imoc`9E!cWGY?CjVuU_t3BT56?nALF}M z?KF1~>>jNVh6%WY&VktD8EuIicpjXR7>d3`!C>A`Dcg&dUFYB!V*!(at(uc3A7qbr zQ*@cqD4RF+KNb*;VLkCL9Snj%EcB50=Xr4BCubLN7k+qVd9WZ1MlO{; zB8#Y&>Wku4nJD96G8nX1fZ93=iNIdf^Gy?_>7SNT6 zfe>g2cI&c#noD$LCK8XhO#8nUeZQHV8ranJ-LNZCeG@xDyt(o|? z_|wM*#6ez2p>Z*qckyAL1mV|xv7BDv6%Xc=9G6sTPoxtTUKDGre{dB<_P0nVzNHdK zf@#m8_nRdQdEHFXgDl6Rb5kuYoaSz&C9xb{81Z=`XVmK_TEHYMFeH8uvaXx6qUrY; zyL?;^H#24iCd(bt{()``!;i8<)I0d`S-A;}H+&dUrFTLfPZEJAKLiUjfRG)Je6rJo zWbCkj;X8SHW^IeFeW_!yO=O2~*@*ek$RkkfA&&@eNwD$)97#@{pQn2Rmk}70SaYwR zD^N}oR&=idToFpUX&`^ieqwCBd10`ro2KexfkBN6A6NPK3G?dvF)_g8kmN2l>I&>+ zDK*RYS_l(PGH)QLo`vH5q!Wkd6~_IJ z3f_XCC$e!G1A{3>XP`NFU0x=kZXLtq39diQnJiS%f^wXLlnruI9q$hZ%1bmI%X%F6 zAGcp3N`z5c-y!kfa_~`*p^&d9zTq8P$m$0AZot8$(%&*^)x}s-stXPiJWz0uD;9^X z2b^*FBgr=lOvB{9mHv;m&jyy(pV4$aZqpedN^hc>G)yT5|9pDCsm1s&Pyi{)W}Sp$ z4)X{O*1r#ygVm9DAKsowSj^zu$#6qD4B7a$A*4<$Hi4Q{is$sl}Ern`CHu=6Os>z-D z--Ds1h8zT-<~VGSN)DJB5rN!23i8UYf1`?yK;GbO$KK&un}pYHx-d_EWtqki zJ(WoJOC3CkI6_s;B-B*L?EfL|JHz1$-!~aOTJ-3N5^a#E(Mcjgl!RdPLA2<-n<1iy z=+Q-u5N1epW<>8oqD1e(=-puU`0f6${j%5YUe|uu^MxsnbKdiw=Xu`yzMuPW?X#ww zk)v6{ABdY~+1h}cWMfi%qOdEpKMQmd@9e~OF_=~^hTy(GZzgwR-B&8JX!F(pu6|MW z9ge>*QW2DHs?k^_-bxv$v&Vn{Z*UB4Zbi5?o;0sEQH9|WwSapGSEpHYAXOp17==oz zVbOP@TD(`vw{91tQ0L>%5ovQj?a*2XA_w*aB(&UPK0%$CBkhHu< zC0_tqobrw2ASFmHb(w-|m7Es?M?7O5`t_n0_IrgTs3P3r)lcHYYAQ>zDE-Z?k|HJs z0m)EkF~yVIXBs9}DUJxW2HU$}GPTg_`xBn;XeVe6D|9!5TAw$wF8!T*3K`cXDAXEN zGVBX}MK+=T6BxWy+_76pF-?eZ-5UMqW@+?99vM(wt!mS)#{YHx*m7}FVGfMkPs=yQUi8|>0Z9*lk@Tj&G&ZvJCFg!(& z?7gQ(1iW*4y@qOJ34}{<`==x>|LBJWVTYmCq=|2+D4#u~eP2K4oSIpWc3)?GLOG3ciGf zC^P<)ebc8=oGpZ=K$F}vrkH4|)J;#It=0eeEp<;O?)0Zo$B%&v*vXEZV$9pCJNDCAkaXo#dEXw|hoFQGeXNGZW4@BM)EUue9vOxCTt|;pwiPL`Q zDshcb<4v;D1>vOdJ`kiGiV3Lgoi0C8zQ~|=osCAnKr>Wcsv@C1SerRPXhy`2cUYDb zF}dcZrAnWK^tG+@Jc)~6J!>WX%aXn~Gcz@0~;@pybe+Xp=?zXh#I{r zKDx~aP5C*$l9VP1$;-H1p?eA1$`2qoiB+H|&o&?g9|p#FUxu2^A{k+8{0ef2U;>!9 zVL+etRM?{hGjRQ*Y^&S>A4P>QNi#TVg92PAfo_?9kJCtH+4(`X2gk~V2KyvVA~Pdw zyf5%4pxp~O61BTFT_+`XEdI3YbaQ$+c~l8tPqN>tO`Dxn-M=M&?O;PDZcS}a`9%*B z85NaXkYcftXPIi|y<)Xq~0)c=Tn>&TB_+>U1^)l$x2F=Ao&ol4B<)UP|`zv&Q8ADM2`-}O^HzvUC> zNKgkIR9&F8p+{PBVPn$(9tr&tjf zb$zJV_#4K!iHh`UnYYP-!qG&n_1lDLZPW8dCz20y9CDvc+U)Zo(NiX_M3@@t&Uvqm zeKB_j8x6q*=kAgkGa4EhEnS~%$~C*oK^i0v%9Oc+%LtB&w&fTf-}S6A=Vho^#+G){ME=Dj2x8lFP>&TkqrVHf>nXxKWHd9SUEA;S)2ShB4kHe`XHl7=QZ@N|~$m z|2z|IyC#Me=T$E|Y1}(Ym=FOME^j*mvk`?@OL9J|N(%d}b$`x%HiC$PVWu${tqT^C zV(wr0?$u9^o}XDK5P4D9Y@X3lZrNAz=|mOnW8N{u%z53)ak_{bfVIiWlsfI~XWnMA z>~4|2Udxr7+@If$n0M>{jh?TlqroxQg$^oEFDMPUf((hAYT~mP!R36w>`a_+uZa&t z-6591y%UrOn_orCM%<*^q4IC znCN_HkS@~3dA!~x);d^GD(OOzr(W!JyGZPDr7bgg99nR619DQzHC~}lx@CGnV9=J= zaj`-;N4jka{`V=~MkBy_DtR6mgX3phQNX0>xb+)$Uf8nvc9(vho;Zh~nFgv{Q10Ce zfrdL%lYbscBCdr{i>^}V^!4q7>+I9VE|;_wPY@Gq2ZhrXRn(fE;QC7{axW@t=J2-= z@!!OkhD}Aq@mankCo%!8?L%b|E*HD#+tM6h(l7BjLNIH?XjP&V_6noQ2qDLZ6`me^ zn3)T9InMZHT%3+o+lV{>o4ZBQ`rIH5OsXS1dCj6LJEb?{fuvlin=6d z3Db8WN0el%Yz&8VJ)d$v$+IV`O~`NvIRqgU&Z^*jS^{!IYejD%AA{jzHKJTxNorrM zP(CfMv2D%5+VSV5Bm&=%S8~rb?`MDa8`P-jJ!fq!PBBr@pdXi5ZHMhL($Mrik?|)# zg#JXVMeu`(P%>9j!=$SSAxo<>JD&=0ytj`+sATe+XQXMbLT6w;Iz|;6e5DC6nu_80 ziFLK7|4-XNF~Zc?RVJT%1jLVz!Kc-B&yfs$zMzb*KMbWqKa^&pk|6TIXMo>Fr|HeO zXgkJit7(cQ4lh~mZInRr^V0`!Vq1#4&v+7L|$6?P*f7t`)+M^E6lcOubtZ_xGj zmnyxh=mh*RD+HRis)b}GoqWqVoPFH^jYaz`yfdAQkBaJHF1wxf$3D;M(uRln_D^_# zavZ#?^VL@aZcv+!f|0NjSNOVAz;Qcel9pxA3TPV?H*5)kY;D^Om9 zFIp*!gZ1dY6baSU#g)pB-08nhR9W*fX0@DPy+JJS@oWITpp{YKk(dSV%!&Mm(5HrL z&94a{kv2Z^?V%e2YuMZWw&rjkFSp%55U#KDz(yYieTOw6ZN`7yKSmoJ^}HmdD=ai^ zV?d7@5>3QJ4qsJfmi{KTCvH$C+%6`TJp0}4E~EWUL>>__2)jqZB#zJ^1V^1uwQ#QY z{U9qh4ImMi$U-{`bX`T*yusV?>enHbBA_N3NGF}y>cYaS(P|LS{vdFD7W)^VXn!*VuyV!YF+4J=zizgpYNihOQH% zJI{ur(?j_@P*E9Dgjh{S{BKC7Kg3BSHNeEwX^GT-lxL0lB+BKl+Hm_H-GfV(2Y*{| zGnA3_i*0A`=n?me0%x(jlT}AX5OEzsgMEGXF#_Q2h0nUOt1iTtZi}h!pxVXV^=c|d zD^R~N#%G#@T(=9)8?Nh;SGPpXA7hn4`<$bQf~3`V8jrj&#C^9M#J6up!-Z^BU@ESm zhN}FzwP1KKEP6@3Pr?G^c_*%GC{nT)JKP*Y1pbD=+wsNB>S?U!G%>Xg@OmNbP0%2`TZF74K%Rg=do8O?!59RsICqX!vR+Ir#NH8YF2_Oy~kLrf^L7c) zW)PpRAja3tl$X@lnf1lt%{N8zjCY;8!xrQao_-`JN-zIx;|LAA3Lzh9!me<^TWKg} z@)0@cAPhQ~tOHf)mIXhE?;h%BMdUlv`-Ftq_;Pe)lBw07r(1>g>Y-nQ@%q0}9ddEW z2+A)TRS!f43k+Tp)@SyA($lUsSV`F`0hSIa&1>(dUw4vRknb zYx6e?!h1|)kl~LiX%R{RiHj>)PsKp5e^w$In6Z+xq+2g9jbhGYET=e!$-q#7wYgII z1f~9zwAo4bOiH$nkWSGdXvT~b-JRIr)@>x!;2|;}A9JYb?}R?F5vt`B*VSwyz=Z^V zAZp~qe}Y8sidJwAbVEAL*!qLmJ-22;afg_QoCG=epB+(!R3ybSGE9&^D|rNqWoWPJ z+3@ZwNWS76C61Nc-WZx^qa_V%&T5tEtZnU{H|(Z+pJS0~mXT#;M2EoPSBamKfe$^B zS#t^Gl~6Y~DYLuhd5 zIFw;r0YV3YsQ&5rw!G@q=aU_Wr3|_yAF2PAd{0{ClGv+lbl-fOJN$bM{dTJzWBIuKyHy`EVOmDPjsfD83dYIQf9-8jtr=iVC&`0{h~MY<<9|j+K`O;52m*V?E*4BN48o z-4(Box*S_V2kdFKis8jGPY`$uJSWB1GUN2sBu#JEAC2Qy?qQhhI4hFkJ3#5m;>aOn zUHu~6Sru^uS5CDser{KYgUEeA}ty>^o<>u3B9@nC#@lO_kTuARov%J9VlHWOv%$gWu>W})(b9KLX9cl4v z4AjL79i-=k1~U}QNVRBJaz77AZV-S(4rW47Vcp316exZ|x~lQJ;%#y(0W8d#foC#R zle&a|+N5Z<;M{6`W}DT*4j{OkfJgCoOR3fH7SlkY2*C1 zd3d&w)w-=m8BA&xCh5-$ zU3U-#+dHQZHELU}@5oHbjN!v9IDz8D<`~ge3`(oC_<*B@%G5A)X9iu6#FfVqWhv+m zV7b$N;gM_FTB|JZNV{-c4~;|HX1Vd(gOLlTx6?kK-zJAtc8k4mhwL2|vCh+y=bl(k zwG8jg7v3+vKFea!+f+Var3$F@#xh4raufU1SHAZSzq&>KeccM59O8q?px@ejcl<{t z{&@d_v>(qOs~`oPyC@nux{Al$dITI?SS&&_bfRp3s98Avc_q1%$A_Ppp_?nOjBcu? zB+ZVC=fUr6f}fQtHAVGIaToR*sq*-y5)E}$%A341JLd+98(=%v*S6K|TSjT99VDnv z{(0uG@oZ=2x6Y8c2{OJPD6x6?gi2}A-%^DPwfTWI@{k71aYZel57_JI=+G*nD*_bo znn&kB0(pI44?)GQod?2P9vU8(Oh>Tm!@NBy=f5jQZ+Te(fk2|$%5%WHDD)$+g|xdA zn&8T{^~zTAoZjH%bgs`$`mmxgQEw7PFCQmbsS4-dc256*$QQULpbD-6T$ue;sKJ4!p%Ak}VMowCVw8aGR0w8StCT>5OM|RL{&6qwR3+U^E>cu$O$( z29FzmkCB(LEo;MhI)G!xmzSR(k6r>^ELMPz3ZS6o`+!|eP=Yjg@RE^{z5e<-no-#J zHZwCBdI@M9Hf<2o|N2@z69#nbR2ct=IoY1(8>C}p?eAo=&}<7M!jJm!VYO~PWceq# zC?T{fjv0`z$9(znrRdmct~moRg19jPSz2DskaT1OBrSz1?}*h8&w>;~&K61fQiaq2 zfCF!`#*R9cNz@jwd`S_|ivVQ5FDoEOP4=owupqb@Ce&_*FZ|Nx2rf{o+dD*Aq0E&N({qGxmuq(fGDmR-$#i z;K}mit;Qg+cg+tMn#3BdN;};W&5XzELpkUB-JDZ(uAH2~M>J+lJ~n_KG*2=3ldQMk!-o%pj{g`Q?aXFPPEGq zh?%?78nC{sXFj}HEaZ1m8ChmtCAC^^pwW^O{P4(iES2QqK6OM$1}gm8x$)rQOKDBZ zwnJWUXZ+xFn0D5AXPwh5LSTApNPuqs@*{O_utHVrJ+7qBrh`S8nTF&@j({k>yr86^ z965qCWLm z0d?;BdnWURjZ*PS`H0_nq_S6JTA=c;wDy19Y3*efTgDunjmk999}bT6a6SN;gq;u`l$r zwU>2wce$UT?`fn7Yqk9>U&9R`QYtX6w?~+-W*fE|O_wyyAVq zBc~W?MeX)LYA2-+h(xk0Z|~dmr3n1~W+E-1j1O4uSoVCp=QLgW!2)(A`OiZuQ{o=b z!rMPhPDb__P?BNhQA&D;oN_)CdBfenIVXK^ovszOv@ApIjg8g2TW126Rp8}Bb^>Aw zC}t7~sI{tt&OIJKdEx+c>{a_W;}IrhMPAHmqZn~kFH6fert1k%qU0eQ73coE zIHuWT9Mz?CotX!(=nR%$F;AiCV9Juap>-AIcNQVnQ0u^F?(Zg{n3rI&Cc2oMK5uzI zk~aqYzr1F7slkKOmP6dxN^u?jB;taa3X@RmkFD)p%eeX@;bK4go^SV#3U1u&Z0TD< zQi*r@uOwHcO!Rj8ak1kuV+Up~%V~-|tIj>Re`w%B?D&v9fm5L?*_Xm@&nEbM7#`Rl z(@2sv;Y?~gq~$0*(qt}o6LVOnebyV-(((7M>?}OB#^U1|9r%N@yr668^Sr_}A*;JH zek#%&o4#@rb(;fQ+<9H;pL)LX3VnL8MoWq2S;9(=>GV|#xNYP`3l`6>j!9g-{f{H7giSmD%k)a~)($JMR8xxg2HRau~l;$HelIR8xe;E^<{`o|SA~1Zq?qYeRg`cs_8R z{R>Vhe;xX9+!XGwA0Q_Qtga9t_g@U)*kr@fe${uG!8iyJ|_r0Qf}=pt_%+rChgh;~uk#lMPD z3JGgVn9p-LFKqH!Xel*ctn2L0xNNgC6<=YLy4trJJwi#lEavc;udKRuziNDJv}9$~ z@Z)Or`_{}o2MdD%vyPEcjuO9(q^GIi#P66&=V|7UL1h>JJrR+OS>8Xj-KZl*RW5FS zSlb(5kj_rphyAyZ>;6_jd$yn2BdKbf+if`lPgS{YF|6!uw-hyq1W=)HffIsQt|h66jR#x zz+6dn9+J=Z&x0Ind2~x^EdsYC=K^;XPIl*YfQZliERM9%^Z^hCML&Q3%qH*mQK+&$ z?D`68_qG9Od^Hc);5Dd#v?cMrfYjJh0-kcE0mqwhtkUt1-&bT8_E&uj1w9HFCH3@%vjhDdr|&-{dH2 z#WT3^kGD2~Suz3zP?gqzQ@Zi%>deU&Y*OZn=9sHX@=U#EFLgXw3tuA6mc9FA`}@7) z$dhz^HYJ~I3nuX51ksC`0B#8C!1u3DYxqyq*u8BvI>_OnhSllL@)^<^Gu4`GOgY@^ zCG+I*lZK0vtUKbH%u5NJb{*w9_sMk`hqGV2E~6dz^hn0RG_j|^338=2+DdW9UuQIM z7zlrN#19;Rj2<2v=zaeak)G|ZBC{8Yux$lA;JO>t9h^$^8-IuJ)O~2=b2!U7Ra$PA z8cde`XP{InMVXm1eBd8z|GSYn&=+VkE)U>IZCFm7HIla$VXx}B_7~vtXk2~!QMV<) z8<0#UzrFlbs5aFaEcd4zTLu3&QN;;3mK6k@AB0EReS=WT@8M}>NfiS%lX|cz9x$G5 zz}J%p16O)zG*b3(OO!x-1*FRoj^h;YE9~i5@e3wKFy!O!?!q^{Nw2>dOFCo#w_1r& zn%qwPJ0Rc7Z)jwrtJ#1=H(TvjP*?~^Cs)QzT(vyqh;Gs610HCH7+%KNG_rLSCX`G2% zrqY#Aoi8nTmB7>wf1+G6Ae`x`#ZIUIAQ}|zn0i_>_iB<&gBON1VtuvS@Y1HiJUcHtFbm-{S z*lM9GM+IJgd07qZZ3?dk#&$~Z#cE$F(6A$I-Nl1iDz+WW1e-Oc03(Q>W@8Ne>8M*i zP?1Z>Q36>nZe(Pn=*4%PT>0Kw=V@Kw>=;6#pm@L)dC9zjY?txpo(5z1UkI`jePdn7<~^oWgP%B4dJn>0fdAPU|;RQ zuURgQ(X1}@p*N`kVfo~y_yp3z`CdCU{v^_x1W-H!&UfSLr-tXij)46<`PwRG^bkl8 z_q8%pFfpHjqE*~)Z=r}{v>MRw1HKIn7n|iZ-**PHq{V?)12jD-10GC9^=|io#$X^r zaZj%*FnF{4S#L_Xzt7fwDd=WCOxk%t1$&clr#= zI+mC{&$kker{*HR??ijNO6dP|)dbg-iy6*$7HAl^bqw6yPN!hC^DIo8^IZk4TyME-E?pb#=!5efm zv(+rNL}u*U7)3N@OY`c>?QgQ?&+Q@nW|d80II70Ha^l&Z+7DTu8L=XEs@{C_o7<{`NON zAcIeo(21tywI9jHFV?WRA~pt07uT8(hYA6EsIrn&uu+mwRdW)M6KY_%5J1h{U6`P# z(HX;l|K(L7u|mL6KCqZ$1ExGsRJd>dnDDqdo&f6C7inO1pqVYn#sFAXelc&6UC;K^ z9+e05?>dd2jTe8um)UJTv0dr4x!1_a^egVW0@bB{*>F&ek<8hPd{r!DU zxW5BC3b-93v&??qznn?a8qMT2(|DG39*xjg`Ro?Yo7MfQJ>-RNwbOG9oilyM%XeOV+ z1(aKpwU%^0hQFy{b8!VgK_KBU5mQ{lgb2iHi)>9NH?B(;nJ0S+n1AKDS=)ZmjTZdj zNGM!0yiUL=(Sq>)>Oi(nc2n|XQf|_+F!mK2p04zSKB+LS4!deP{e>xzl5mBE+Hl9S zm#R0V(Suh|9kPpl^2eD{TwmXiz5QMFa*op-}%AuRGGG$8bS$oDgN&}P!K!}I@@EL8dB1aWfZ23 zXOlVL-+O9&2wY~4rsG9RqAHf4F$aM$J>R%|pTdCb%I)3_$)f3FJ{+X=Ks?{VJYDta zP*CY=?b*~Hphx00yM@B%&jFZ`j4v+}e?Fxjm|`sepa&(rRw`X!p^`kI`jJfvGxf^f zj1VAnpYXHay8&sE!sr2jqc{D3i+%`ni>l-TYd3Nxk%5gr8d5+{h@Bv*nV6@d`$J@d z8Ji3_<~&eMd+x68(;*L;^Y^+!5)xi6_V)HWiXYX)2GbZ$jdSA$g8BcvmA-qxB==#pkJ3_^bHNm_hX=dHdUicZzSdD)p*RHH zCTM1UP#ML_L?EH4wfc`bXvbWE2~QEKN9D2}P?wYC;g*B9g{ZC_{(StST~Iv_+a%s2 zud|5DE+FW#V0&<_R0@g5&YX0YJ`9e^Qhb=Tr9=%gYC#F3)s)YjD#bs=Pp&I+<@n!P zR+`iDaGO4#f+3bi*XYL+S#hOY9%bN$Iwsp;2F@tN^hwJ*ecrwn!PAt>;3IO;!~zqm38tRU`=z zfjwb1Gndp&i=i%OAn8k+k77soK8@SkUWc>sIHtc+3o1}<1ofFKx|*hvZOg1ds$uct z-RTA~s9e*G&rU}OQWW2ZfDBEwAf8`svLi3O>s7Zs2>Iw~fo{~Z)s4Z^fu_#7p9UDB zFNZDhryefAr$bz&w-v#K3k267Mv^Hec={epn=iCcIr#2F=%pwAp)ZILM1ov?^bpEf z<%T`uN*m0Km9#7#C^Fqx!*Y;|gxToI5iUo2ZD;8|)W>^+NF!J`%IZTQby-v(~PAseEy;@Z(5z_>oGa+nv26!!_5GhbS z$=P74yU<>3mI0}puTq{}2$cV;DG*JsSIeo+V!V;ReO5;Ci_8DT-C8*zfJ za=EC2jOmG9s>D#A%{ouBx~!!I|Dr?@9d!zda<*l8ihx4g#|#^{kBHv_&v*i)B0s0o zhi5&^Wwb$hp;ds>z4NTRz`GQ6mouUTmWrf(e1+MgQ?m@tE>OqQ1;Ur(+uhHkaiEH& zTV3S3YxNToGm7lpVd3bztGb5Q7NL&F;WmJ_fwmPK7G8UlZi{5@-=8JC#jf>LS|bl>CLwLswVj$J0nWp~`$ zqg^;_7pZ@bFXQs$$zJ>RgFTk72^A?IYvR(ugk>3hYf$sfNvPqqTyT!K+?wuhlHlb}%)cs%J zN~He1!pp(__o3`twhiv)t7)U2Mc1plL?oeF%8s-3TZld(4(w7Zdp#wVi<07jZa|k7 z&LU=CH56u<+F9z7`$wP;DFeN(nt3EzPIsp$r47d$l7-D$=<*MSJw{LrDp!EwyvL>+ zHs&s$j7?JSkq8W1F-%+54Z1_R1o!+xmLlf8R~yiulrOiDX8z2l%ntQ?zys$j0}$Te!#NAB3-LSVdPuiw}cJbwRR(w z`0?&6M4-rZBa}l``re-r)Y-xNk;77uu_{vaRd_?7dnmUK6@4fSeZ6bj=|LHDD z&UP`Tdk{PGJUNa9YTagv8D5vOeAXfU=lC$jm9KDr0H23V+Wq@xmymT`!^(k)cz3Mc z!0d--A0G8wstDsKhQCFEcfuRQ4>h*AOl>crubNArl}2+zN(UcdCQeYuzG|kE;wDbV zXFXp#;HPq-o~GyJ^@g0|eC;(4JH?nC2sGO=MGY2lNz__)%vBx&%x{b-Pgz2PUy-Dd z=i@z~+@eO1^vn89Yq(}@_!GgB2g)I`ija)PrQs95RRM+v^V*kfM)@w2?!=B%FJkL* zL?COoDth~-wF81fuOs!-^br>wt^77A`T#K$7YdBV#4TwHZj2!&VX|uc z5xCgw4mn}-anXuC{Qc;s9Wn~VS}UM0hLIGIig_bXPL68n&Uh8+$)$4Jt6AH{`Ja$p z+eZ9QDRD*P`mdAV9)H?1VIm!%lpF}}UovcJkl=kQmA-PqUA&E8?Oo!OQYoLAQF2-N z*u7KH06N%wVM;Sq=`P8X_OqN+HA}6hWDueaN!|d4KuR$B-OBpBEvA{&ds;(={c>Gv zVLdnT0Mb>dI3Dzfgk1ienZpluT*E9EG>E(c2RvjW!0dE0)l>W$&GS(-c^UM>qsknW zP6ynzOSh65tI~W;xjUR`ezje>oK+my9dh|l4|Z-kp;h>SIY4x=wFr08|b_c3xX3-IheiO zbY3?GQZ)jKUy(d7es(Hc>;aJt5lCB_dvWl((N2l+LAdpmy`q~9md^2d@;!UiC`512 z?=tnRPYznl^2z9@Yhr_FMR@RiSF6yK7|lwY=mL9%&NKgoV~MpuIvAsKBWv!H3sfV) zV0Rb;BK|K^qq|bmwzfCcqkMYE5i;&tVPZ?`qaDC*-EugFoe}*B`hlh}G!{XNahzJN ze>Y6T(Z87^I2-PCMTW4=TLml7?w@wDL|)^^ID!X!jJA5GV1uMjf}LnS-j zIkEXcgFT3C6D;M1NaYKktX|!{9`b@3CBJoPSVx91sv-M=2_CTEs+v*^EK_|1Dy$cD zTrvV67Nomh^AAmBN}9HV5^O*k4G#JU=t6LX#S_GK%B{&Et_qK`P$E55L<|oI3q17B z(WRcqk@zp%>>P*}Jot{bWl{Q<$B63(bV$}d$*yYe zSY*ryd36Z7n&cR{u%uJbyJamM3`+g{Ph6Ma=@K@>{nrE4`n;v4XGDODLv}Mwv zeESVLF8ARnfLC=1UKdVyFry(8xXBgQ-t$H4YYFhLCra`Wj; z6Wfq=S5f#3JZCs{#v`HL`rr1vCE#0Zm1pUXfefP+-z`-(uUoAjkholO-R=8!8YOrC z{qt+s-{0&ghckkEKt)f~COZ_f@*{=aPW9>a!|G`jy&LAzkZ22Yzm4Ii?ljrTHM_g2 zSh?6Zvk%j_*Z&}G|IanJo%pP~0Z%XyGV&sNrD$-n{e~~C{>FHMr*yR;%7=S)my7w< z@D?a4n=B$OSsHOmS`wf`)!txjep_kSo!PWeL?&(_?ux5kfy zK#@ySA8&K!IW>zuOa#EBNA8z?wRPAj$6fc8k;VM6)}TN(0KKyfoaH(gF1V}8lisr5 zQ!{{dc@|&c*#7m0CNr*6pvrDMUC+<|3?=}nzpX~it}Yq8s?-0^Oeu3hO)WC%%J$Rg zEQOWNwz}YMhqO}BvnyF6!S*uQ3^y_TXME+OLM8}+adqbPaorr&e5x%9kk}3XrW5WX zyvBp({ElP-CKA@BnmCA|kl|~u@~Id{7TIA;1RWtOmKJaiYsn{Pf90Dz>n ztV&JtlEGVzI|Z*g&kX0yHQkJo-;dep6`DJL9j{DuYAstvtwfBQ)qk_*yr|pgt0GSa zAw2u%O{c%p0Zg(DWSEtC5~=gm*~zpeE$gqh-Jc|evJ&>V56d?I-UsKVUnp-wj)wC} ziL7Ww&79sRS1y1Jp^`N~ZuxIg1%}KQA(uDCz9`&KK>6B+HSWiMi);+8zsCXlDurcL znvQ+9))oJovTuR#TQi*txb(jnl#P4TM6)GPD~bwDYCKHds71lFfo!#Ms$T%z;yro> zP$N1y&nQXBsjW9KL~$IKcmNg*_^AF|d=e=Wa7HQ`d`P2O$aOS)aCt?f}2hr1dhJGVSKncxstyHj{T*SpMjD3DxH#kFqYK%v2Dm1 zkOUmm{s`+Ze7IZO_rsf?Tf3giSH4A=(g5t-zb;&2`>t_DCV(&zxQyP5x;NN=R}hXF zAW5MYr55{>@Ie3dZgn=ffVghgmPnc^CDp?d=c#5Fg7$!;(joujjla7ZX#=0sYEGC& z4og}yF0uiU$jyCEuqtS{5=l0{xBgWrYL>Mf0N2?R-97>s6Q1d4lTfix3Q>NyRxmSm zo=NZ9a_O#}UbT}$h)HwyJfkSdT>#^`;Ykkk1z)wkwXxO8?7K)s(J|HJot^msz|?2c z)tC$syRrkD2E=r69EW^1S7PFC1(ap=Mh%}3Rl+lWTcx*PCQp`Yg_A?RVS`%p519b`>{ol4TwQ>cGQc(ST$%ZJ>)cRa zxd0#I=I&}BY&7KmE$i1|i6bdF`3q0hjfTyWEXYF`&BUy?<5!1=fhQgZZyr~RnZiz$ zZ!rlc?a1Z<6EK`^|8=>E(7&U1NOztNJ~vFyucBjvF9sRf!2xd?XOMx`QG!NX4v%!o51+AM0>?U<-MF(8zH!Qkxhv+$xtRq-`l)RaF3^VMDD zh@8jL6&Ju1*TXedy)G1t=F{;wW|yV|Q~^$ZfpAd-s6A#5XA0Gqb%&CTQs2H_-JY@_ zrsNm=^W_FxKLSW(T`jrHXE++T+MIuAr})~w@_gv!ZuzNzdE=Yv4c@+#0sy4Ud{$SY za(GyyzXRkA#Og3ADIx&?tO2623{ogaLquK;P>4a%(c$5LU4IB~Nz=~$pu+pyqW#jZQ+`~h7?LxrnoJe&ML0ke|FhQ30XLEU}WH>2T%c}+g~0=$~m zv-mSQzUmfg2OIf-`2cnTxueB*8VvR!?k0fdptC|0wH#`wR@&66yV^gBYi;Y;jYDc2xF+|ND+-DY)OHTZmd^p;RNZ_i z{*ZG<<8WNmN-LsS1pZvnkhZ=Y;O5FqYm93R+_aY?oTlqD-jCV70?57eqn*d0QKTiX z3(2Nhm-PdaN}xyx8_yBpYF5T?y>bIFe0^>8XNjQ$Gt(|iJ*x`LWc)`Vm`614x$Gwk z9$GFg0<_mVXI80)us%(x>(;c)5Lbiwx7EO zu}Hbb0V0)ui`)Qyo#S-=$t=*}&%Mm3$3!b(vdIv zdVTtW!#^ErjHK-F&w{-E&8AkT_LT~bMK5;)ST5YtL`t27iCI6+fW08&c$FSVG^!tn zz3+%!sQe@kr=w+gjLl6)di)Zz)jUfBp76opcTNV-N!EE&=agsIDq-*^so0yq;~HRI ztB8dv`ukUi-cz)cdZ5&8Ab3EX+HzUdGgZilusrIvw)aV$vNfNNXi2Dw0n)bT7eV3S9Xiao_kxVQ0*cByqBo%M&4%)Y7x33H z7sD0M3(X?HkwiVu=R<@r2^}=vy(!2-)2vncIP$$X06_ZbQ$qNCWeUb39uW1Kvpewm z=>Q>EdH;HC{lCA;zl}&+QR&mp4=`uc06u+l_cnl#bdtztrN5^I{!d22vD#D=5uZuu z6?(K8oD!AYa0FMO=_OMQO;*;)FK6}T9%1Fjd)-&)5e*y(k3+bPu1McjSX57jRt7yy zufyEC7st01Xk>T+tsYM)px;Ym`wY~m9+?2r-AnU7-=xXi2SftH?+GN~#>(z@Z;|%5 zA7n3^SK<9#v6KPj5K`5nKAg^`Be!>BF7z#QSsxY~V@-M^lnNJ~@d_sH}dpn=vC7nHmDTOKM zDPD3Y-^hn`;QXsADE6ofHe3lK@QM$I)UzTO-o(8R)n+ak%vW3(QmPipG3yn0QGAh{0+6`$Y6MWVMb@*TVe*AoY7C@kv{^HE-*sj;ulh8o8vkSXgXacg|5C0Z^6+Q`a zsI|N|ENG+L_TZ~4+kfKr_b)m zO3#w>2h=ZS|4Sa7rgWwFR7x?zRIsS|>%X)BXViP%F&jD!i|puRNa-v;W=^c_qR4ML z@X z`vHJ_6+`lv5qJOPPrL9+yErrUvei zAXUaue4Q6#2i%Ntvv6;F#>6q@vKNV$_Xz*ROBTO5YG!o}fOe0lK=MASA>#&W1k$D! z%$ux(U$P`$;^wo=S?fu^JU_SwFHkF*;~CeZ4A4&?^YOF56gkbLQwq~njI_racQ_>i zV-M|PHf(^-xpk1V)v&nW2c@QDU4vZVBj%CR=HQ>-dyG^w=o2qL(-^c34Rkb{BizUt zpKG=WS|dX4NFqZ7L%X29FP&piM)&vLrlvw7^2yUA@nA$dM7M@P%Sc7x3G0mL68tJo z5YDISv@y8PVJ^h{o%du5f9H`U1eTEj@id@kR4$$v=Bu%_(y|yFc}J?MO%5#A&fCv- zB*jzbA^Eq`)cGTc$P%DA7ABVIYl;*{KP}2!JF58%2@)ZZW6Y5JCCQAVpPAyD_^1Z| zKtfF%;bc6~V{Zi1p6EfF*6D?}m)CS4&6XbRWF8OqVJJ6#KgN6OG&4B2O^o}O%e-hF!4%Stood^wbXSW&>~^yLVjm1!p2@(QW?L0M`9S7%PIaTmlM;bC=k4yJRBRrj=9gD;VKSI&p8B6f z!O^u*D-X=Vz)4CSAl}2q+ex332vPGfQ7a%D-KPhUl#_!aT%k{lAR-|9sM#iKXU6ow z;TSxkS?rU^?aM=B!g2cAdxgwECc9Su3r(-99b5q%24~UpXf}*x5OPv4P$%-?%8u}o z9iANWMPh>0uz-fYX9I?`v(oKr_OCbbM&oT>R7WomlMWq z#U4AC<#akT4K5wM1mBhAi=EzoYKypb!$5%cl56rk(~sV&#WgtvMXhoe|H&Np8c*zd zECOEU_Dmdz>z89e?`PSBxd)MU>xBJar#6=!VuP{-(of?ofqm6>RE$neog&{TgJ}1t z(X5kNv+-8aazfGiJAm6k+ymk!_rJ@N1UUH*2ol<*v~#+^2aCjY7&XYtAAi5$q%YfE zcveL7A!IHBljcDv&XerIZxE@CYPiE7BCBrO4ZE(;UMj+P$y4v)%H?=<5b}6<`{o+` zPK6N7f#03abqJnALr7eFb`3u^tFM_uvjaIdYw2hoIOhgh+#wHpW)-Ub3e)zkW#&i) zqRe2gIKl_@yZxZIr7F_wp#}WKTzKvF|;C42y#hV~vo@Z}*;q++y5-HYslr!mRcZ;BAW?mUn)~mEc4UHh! zB>@`}k#lj)>^%dsE;*=e3Ymk}nPYJcicsGlSNEayWNBslPMuAM!M8=ba+y}h+N&Q)BJXbUUzbOSl?yNu&L(%R0wo3T2y3Kfn`n_)#!!3ibG9#0 zCTl*@^0a}IxuqiGO5F7Ss4KYq*MDt8A_$;j5AH&ZEiUUSs^I#Qp*BsCD}zd@&p9Y6 z+CcY)NqAr3IV+8=PKB|?DgyR>jI z8$;mTrzjsdwG4hBFG^52iw%I>Uw#X|L)v*!d=^Ta{rBkJm?gr@w zC5IN29tA;C1d$X}x`u9$Aw*#40S1^m-|s&6x&NMLpB?M0z4m(Fv)0-hw=vRxt^Q?9 z>n%9_vU?_4OtrF~&$55XCJL=N%CKZ-Q5A9HW_(XEa5MCukA0?;|Me6LlE7Dg|GdM6A*4 zX~403D`J!}#ri&6JUDso&qCet*=aQT=|MM;u1RrrhY8)JlP~+Sz^b9I=oNN32vI}2 z4vMZ!gn=eD1Ds~a#Gwi2S29Mx9lQN`Lxt%(beG7CgSVoao3Lwyl(f_Si~mD*6)t3; z1Hd-G8|4m-`GX%d{$F15>%kWdqLT7)sz{okhBNl4(H;t4HyhORm z<91S+;=1G5?wI}fZ}bCmLQH1KNv{&B8)p(=@D#x7qO^);!`=J?zvAWFPy8yRvU)&|l}_<>Ma;X{?FGMLe5v6PJgl(ZKk17ZXzb<`iPbr6 zmBT=IKvZ_hzU<6N&0|=>{uRcHNM3cn_nX;NZezf+`CWogq71)>Vm|`Rkl=0Vh2r1* z0Vnz8^Zt?@B^E+q>?=bFxa%)*hZ94s@=c}~_Xu(a5w{;!ZkZ6qp{(r}&nA9$t~P&#*f+ZC-JpI2}(P(-y-AI;x13U!|-dZ;jX z*yfh8YtNiy&n&|65Z~d;fk|n5m0%;6FK>-O4k)7ypEz!8-+Nu>38V3vFLJ^kInVb3 zB0t&{J$v^%3R3wev4(C1gQS+iR<1|s1`kwgf(`LVd`pgcAFle0zxG7xQTuDPZv}zk zSP6KxsgCYSj_%rCESYVMZ{M>|VCA6nC?M0`lreJBG0K6j+md1>Rp4M53NqSloyF-| z!F++r063ybG0qD|(k$<|2Ug$3c=vh&2*`bx*R__?BcAVPG?5q6C7fM9IF^Rbu)hI+ zRl^$#jGIGJ3hcd{3@Uuv-O^-H9rkq9Ljy*Nk*+i;CG+xFen z@tkjs#olGjRSHTZASyzqSJ%fAT9AIxG(8hCN64C{!zeJt&D*PO<^;CjblWOGYT zxdvfLP}U3gM~y^{xI_A_hem*LqQT7V(A=`aOnG)iEHR?yRzMUnAd#l^5}blv>P`W-ZzRe1r1Y=txm@x*cviKF6c0$8d4-pav?an+qp=G$OqsFrOROsRiw6 z4M^+6>CEJPna_Lpa}}uI%1E2A!>2u4-)q-a$8;_=p;!HVT zma14)jTs;g8PDW1nV~vjm({`>D(K~Hi)4jY9K`58wzgW<2igC;4^z%0D4?unJ!OJy zjQlnP(68q9cPH5+Vi_hR(}v4AibgZJHU7~T#jheGk`i8zOai)@;BlX~FGH6PqiKr{ zxOiu)Dj(glk`NZY)!SD5Sdv&#v_v=Rjn&+wCgW))y|7>BA>U%Dud_i#1#HA0*YzBh z=^%E0pOvjg(-bC2c4;x~g`^DmOa{4G9wq&!@LHdaH@n-D_GOaHdvAI#t3T?m__dOf z=i zrDlO)A9)gyX{J$XcjN8X{%r8<&)l=of}5?ywm;Wp|1%TWQw;JWHu3&3qiXW{q+@@9 zxpJ$uDs+b82aJkqj;24_XJ`^up)4PRXri}Rz*E0MVWdI zsB*Z0#RUNoE2Q68uE>OeS3Hd`5FHKp+S+SAvHm430mz3M*j#>%*}^t;Bgw55WF)zj z?qufyfmJ5$j2`%fO{I}RB(x000>=wI8{P)`E%z9bVjj`UXkzO3?#WXlS`~yxzb$y7 zMQF89>Ub#+qvW{U?8fot#O>Z;1x8+JH&gyb;b>X{Kk+UqRbcPs)X-h<#KP{oO5K_| zL%H(^fN5+(&KqF4r4N9h^Pu&shLL(@OeGX_D&81`Sg_@`|6`gfSFcE`Fc;F(Mgte1 z2t=>P5ER^5DIzrrz15s^A7&ZO;66{@7&sF+rX_7UI$ZKo%b4e9iZEZ5lkUv}773Q5 z)w7ZmcQ0&W^DsrxSv>+HScyrH_G$G#&nC=W1a^o(xZfs6n5FzUg5c9s5xIdfH0jV0 zrgGF9X4%pYJ1Sc)z9C1|z{9{?m1x%EkhaL6+zgc?LE}_{ysell*VD_{#C3HGvWe?n zjw8%+7Kpk^nl``UT89&S5lN~R4S>vsbRHTC#oo9kkE+V@Y>MHE0$g7tyVdtYwvrkqW zyHBCH$XaYkA$iuxy4=lHRE7lgEjm>@Q$rM+3HF#5G4_Db7=rI&@b~k?2rgPD)*1zc$c_Ub6>fKP5!*Gbu<=o9M4p6w0N$1`a;_OMv0t( zLy4J0Oz`_*755b;MojCJ!x)cg?o0=yQzQLOKveo zl~3*vd|yMgPl!qPU}rdGr@$95=8v#_q|_gE;Z(qpAn6l=THb@R}>>f zi^BQ$-HVD3*N)x4q^pQqE=b#%6ce`M#f4~{$1|vOEdWM?=rHKP!b^KFO}`FAy!o4$ zuO{No4y9-UZ9ET0U3USJmAEu(epi>bXo7cijXBbF^hDzFw>bcfq9K?}|7FqCZ`kQ% zWmzC>kNJMEw0>OknVFc#%HJ|dc~>S%w>Hxp)ynYc342Um$fO>U68JjLql}Jgs|$U#R_b2t?nWlUX)P|AK6FgzE|Ahk8?Y zXuB5x{`u-Z5>;wt{xvBB2wIPwxdSO~QUuzc=Np zT5liZ+H=|V(y#oR#2fGZAPR&xqU4yZ_=eiT8*BGJ!&*T2_v{E@QG=Txo3+teCIP(W zAWk!kKE*w^`ltu8(3zK4#rk!=`O4A1n?PO4DY~}#>-c{bTW+~*=6D2qmCo}w^YA9J zAAbI%{!$#Vvq^41FGJ_05hMM#1f&z3M&nv}G2;ojchgg$54q(F-`krKw30qfOPZov zyrNS3SiEI)t}Va7xh;H6n9}+pBfDS>RC9Ojk)~k8Q3!>i%rb%_jGF3_gh|5TNh1vw(V-o+Vyn9Js&D5 zns=3s!l_Uk6hqCAGnpTYi-v<2JA(u*Of@+z1(>PCfkPY zhNmg~-irREC-YdM85F0H68=1}qFLB#o+mn=C0F&w8mVcH2kS9SO@VaBdkXiAx6qeT zOqU>*m*IG_c+sFjZ3+jcDtupPxK~m_cH*F*qfFzs2)$ZY3p|c2lSno|OB((W-Vs5R zsO>a)|MM5j#7gm|gA=$O1#R+4Mv_YvrxahZShinmxY|jyg1m^$T-oJGU$I(`$oG~u z(i0}xOJ%nL-CZ6X6Q(RZO55r4-fOodwn}zCW=<@Z^<}7GSH_=}lf<6Uh02pST{tAd zb;C=n{Xh=s-t9rD6LyKR&aoGt{*o!ZX=$0SNC?J?g=G|6@FEb%CR_AN6~LvV|#>D@L3Fr5~|<^i}?hQS0YUDQM_k6QBK}E0ghC#_Q-_c zlzgmQ(@c46a|(ehGZ4{$4^v7kiIVL{rOuXYc4orSc|9zWMt60%>+L@ytC-1h^p6%M zvMhskm8Zae_jy}>VO8Nbb#7blyWly||Hkk^?U?W~Rs~z!b-aIko89>|U&sufUE`s*@o|LuW zNhn*P#jRh4-*Wgz`H5e>u~{Y)TCk(tmMNR_3U}+zU`Xd2jLP3s59-O-Ug*fDbU$)Dx@vdR)1S`4WXX$e731%!>LW|6G-@G-27w#dm?szHo1Qz&wld#hC#3LVD zsrFz{Mn#$M#yqtY6{o5ihEngG3EEj5$#pR#o%LzYb-o1Xu)0p^TG35gm}9{s7SB|l zfft6$w(ToU@vC$fzn1|5Og&|@lcLpEpc(I=E)3%$l6kPiwDCO2KDTgo64c5r-%RoF zzb#g=n6j}^m|jfmocaN>A(y{FjaL3K-}f$j3Fo19w`}6Z!hU3*K95|jICx5#1Tjh` zymPIIU|zF2FIm19$>#9y;g1fO$OpU&kJ9t~cqi^(vbGXX8?GvHiZ;pW_fiO$=ph~- zSUesdQk2<2O2 zs!ds&6N^nwQT>h-1#RBd^6B-`ZbT2N9)!0|r1us>{v8V)GYfaiPJ5NUmZDc|kF?<9 z%AfK^cl8F^vB5T9O@H+Z)_(>{!}C@b;E#C%EMLV#-E#sWJQEW#ccI){V=`40^h9@) z&!vWn2f#3FO8<$u#`rahf5#CQ-}KxPL9!!u*HBxQ$NCT&D~8lYhxALZ7i7Cv2myj1 zijqW{iv135I`=vGs&kcQlYnjFINv5sU0g9&cXKr4|!c$#0)>`&>50fo9F%l4#>JK~O?e#c!LL=h`<`@`wPfmVTKe%59o!@#Ms$43a4kMss%R-qjwy(NE@uWrmYRO zhQr?q3Aeuh#N+dj_x^EW5}V>z|)%vvcs7qd`|Tt5y`bUN8zUXU0bDt zmVt;s9!?cB@Gp*(=}$&eGP-LFqOYS$?3OpDP7{BUGC4aq+NoNO_ZZkVLQHS{%J;Kg z;sz;fdpIAwE|JD-lFS*k5z;AQQp2!)l z61=S4F&{xcOg`*ID;<5V)vgijk4)y#o?bR&KCRumRRO=*x=$gczZddPW9gO4l{gea zpm)Cfsn2MUsay?FRSyb_kXd|YbaUf(gd%0|dambfKa*rnA5Xm)`2S)73Y86q4?Y0h zvbG5%(%=&0dM#*|`dF>PGP;J~13n3F!>S(j0SO!-xv-U;TW^xz>EMNu=NsPK4&}D`hN8 z_EaMpyqZ>!RWpkn@09k~HihYvJdNI-(M?$m!iP_6P&97wFH=Ha95$i1e--1ytLA8i zVohmbt7<<)@p82S@r_OgP9Qpu2kuk`b*f&1K8a^~i|F5ohYeu792a1@aX`0e zxrZHzFhwPKiWw$)T+?^^BX?lz;8s7gtMBhr8*La8&NKgeu$o_#;KC^77m7TZ2)0T zDR2sT+=l|~<_oJZcVAX@AAqT{VT=PyQWl>_c`R?Nx!y@0)Sh{}oKg;7j9tKRLA0fS z_rV;ngGcQT62g4-+HkLtAD-J8-y)RB%~Mge9K|RMdQ}?Ul^`XU{Qd9&xAq*c2XBWr zeaL#S^Spd{j;1&S%e@)JnSWxF+*C?y>3LXDGho@VrEyKWAa`gsSZvp+UFyKdUX-+9UX%@hKIKU#$>=&}4gEsYhAxq6m4E+aA zId->~6<&+X3lm+Jpp2e6-ev5?*P5UF2jmIm%P+Mze{y>bA2r>D2(*(1Xwwr#0@R5A z?k??r3i28jd|Jc!in{Pe+h}uxJu{&lRSWp^V{!1dSB5>aD{aq%Yiq!YhtO%m0z=`W zl1e3`V3(|#P&djJ&Av_AjRGg{RQu28Nze(VxK85mFfEpZ zQB@toxoI<sX zf3`}J?_`Sm(Q9icHOp%X`Wp1YvL)N$TC7Nxt*m9P-{@s4T^3)7J#*f`3)hQ#Lelx- z4at*iS%2~`n0)cNSFRpX&Nzn@I@9X+S90YkM2km(jp0{SZb+_oVEiBpi zkp?%BOeP0>}S*&QV>tLc|OR}n*J%Y{#VH$xp_}^alH*I$~efo|B6Qv*jAqQ zEuX6<;jO@jP@_b1n}YI;V0mL}adDSQEDV59_|m}>-V<3Js&FOW_&9ulwSqT04;!Dz z(w(h%kV?LbCFuNBef($H$-Th-b1u2s6fQ|_QrOt343@eUovBE08;Rk2xeVWa_$X!K zjv#qEx{Lse8W2Bf23x+6JH1$G?;LwX&iBBgLKhnwbU9s39+h$Q1TX#5RujT2X$n|l zn6%)NHS7-%xM0&VDHA&uP2qI&4%HSeW`t=ykBpCq6cvU`_&WlH>5lXiJ#znBGyqyqeFb$Svte;>Y=(zME15DuseVq1DT@XR7_|CBOceRqfCXK2M zs4$b1@19}dW5k$+eA8Y@(lpmL(_gAUt&)?kPF`8A@nG^=Lk4)Jp|&tnfRX>VhgOzr z>iZu3ud(e)nPYT0#=h#CdYH!VYC3{nZ=q)Z*|k(`ADpB&tW8%##lQQ!t9UdHln{U+ zelre+dWGax;z&J@_;)Wpdfa6^&2U8{ADoxto=fnFqulYDcOz)Sdjof-J$>hi^wYE; z>PEWB{>X0T3qc+6{HHAj*X~`Vl?s+2w7jS^_%UOcHxKtiPNdjt^dV#g89@rQMJPOPmOb+ZycW zd-{_)_tu?I*rP{UrkpX(J=c80Ny?@xfs~x}*M|o~iENn~^O(s~sR390gOuU&=tRA; zUygdF0RY^Uv_xdx==+$_NG?3fymm2>#~nO}GX}js{zHWbefm7Qw5QfOd z&PzhlmVC+BNdECINk8d*ld6Iao-ybbXqmrSI~#nIIi)2@Hn)T4_wcVvAny)iQGIbI zpRh)-34ZsNs%1=BMGLWb&;T;0zuS^mH4mLK!&uq!{*A!U*2pSUi8-!@5>t=6F8@1n z*G1FS;91B4S-?s(;QNCfA+TlI==-#Kbi>FhwZnE9oBu{c;rX>bC4n<8ReqyhdN~tM zyJ5Z69yYlZC`Ov~fNl31=H45#&h$xH%WVOVrX=xhYR{$0E?McQF1b1Z?hIkGBt%Xcld)V+{4xw$;fB zFjXw$nk0N1Pb)f>8rdTvK`sAfO#PZ-2VZC9GQam`P;kqH-lIn<_`UuhjR(uq4SGzv z%HZ@Zn&^Fi!v5sG4`q$srdxWpXOLfy@|zj8=En*X+eb>yALOH$+9ot4cYl1Na{H=< zn^~^mt2JFgIr}J-N=|U>at?O+i4ds$)Y2{pg$fVEY=J|bl_^Rr9zKv{xVf{a*gX)L zX|T}BK)ztmgb@*@$r(J*8(hSX8lG`fWU3*i?s!9^+X=TnQ?xhMW z+wd2h=vxOnFI1OBZZhu@(=A4YK2SBTx0#*NXmaQRAQM7%pbR<= z+n}N__N}$`%od@JZzz-1U?0>iD}_o=B^HDi4E{J$K}GRw7QIjHYnD}~gEp8MZK)V= z421CSBBU zKWr-je2;9f|K#*CqxLrCC9%H*%GK-w56&ni%WeSn61v=naZKDLnFq)RJCRV~dF1-E zmud!f5QH!Wa;bBW-Yw!NXJpKXwHijnB!Ttbq4|(0)<+--6q{gFdfh)Ru;m4ZpeLrSsrC zqm}xC;!F2bZ4)at7(QzX82w4ywk}Q~$HW(1GxhvV%>J`1D=0u;JyOE>-P-bNB&9ap zrQ4u)RJ3P!Fp6Ht4iA-AW@mUOriSIzkFK5ZB(SN_U}v$&(3na34Zi;|$j}>qS^y-Lcpr{nl^e zxv?OUYGs{cvbXEuaN~aA6KZjB&86hhfsD;(=4VE3$CXnc72G;v)u3gR#=Ve-@vBzN zjO2zgjSx(R7gt8T8Wjp{^L)7lr{|9Qlz}fnn z?j}(fFoU{;agH*4VQ&*R`H!Fdllj*~NZYOyC($^i9Tf;}xTuM6hN?M96m( zHBq~AmWdY?V6ZdE*gSgovV+d)`6}_Jg6KB~6Dqk^BJ?~>4;v{hg2pxCFa4!nd!@cN zb?Ml;o^`EPN+!Tn1&Q-rk&J4)|1E~vNi)f79BsFviR1ZQe=XsD8bk6|qcI2Lq2I$* zlQux_(tjPv<*%2!HFAbA3OFv)T*r%Qf{%?I6}nh1(s>}h@>~}U6DuLzzCBIKlB*GK zZf0oXWX`D_X%ACN{`PdNAM>0Ta0{;5@@UUkz=n>O(z0BCG!fF;+3?Tw59M_juAfKR zk;3!G1CiS0-Cs#gOXbUb@=){6cG+9SkTsM7%hBjw1%kIzhDZSW`_w_n8 z@?$`iU7o`;uRZw*Suc$*WuKg%jTJ;@S$uzBe+-mr;0r(31-vF#!#@N`4Zcq?x1`I$ zX=Z~%Up+Qe3Di>IxHuv353F-MA~aWbJ4+wlA!-3zRY3-jaZ*$c(3nm(e_-U>vf@sT z!s2dF+}Sv!Ll%dG>slhNENkfJY<*Zimg7Qt3=?VT_6OfMy* zOs635v!O1iC}S)OGgJozOf|%Pt9(rcESq&(;d!WU0?CzOs|7BZ?m_&} z)5bF)mjVe2w(6&jXtCj`FCrG)O6j_C*Q7vh``s_1Xh;9J27oiosDswuYg%~&)g(Of zdLa*ww3KZ*(X*E(8}9U3cBU#+P|U7LjAkD1zEcuBf&E1$NwTPU*k`zVqQH+^Eu7BK#X}vBtlKW13lxMU!+IM4O zQbzVmdW5CDiTN53tU11>MO0L4kRr=NULn`b@{evm_UCo%N=1s~6w@A8C`P(n)0DpG ztKnMyR>~C{KFMaemeUzY7^4OCX&HSs#h{YS7`N(!t5_iE*yHq5;sHfI?Gww?z}q9& zS#N=v;SCehwN1|4>)V}EnJP)QdN8&K`RNLC;wEDeA948?wo0{g5!AiVDV?!a1*AMP zD=hMx;*Q!yL>05Af#0-Jh(?a~2W@VaKhdsAi_{FCMFBy;>la_cy^0w;yq)-lZ z!h}b{-)l3q)!8DxC>q)nh#%d4hh5vK93=Lg5iwqU)ABnWLjAdTMLHHXi22}jaK?z$ zGy>&mqa{AI0Wxkc-sLbJ!JEAhZ%z3a5ZFlSaXrSH4EAOfI^$Y+=^Y-P8&yW}DNyYV za!FGKjkg{2cPGPgPZMG0+B9QjVqhxlWmH!~0*f|Ja~}2sp0{b!L_0_{EC1#oEd_~u zd@$8ZKh}HW19Q8k-nM$4(8A9hbVwR^*u(17+qKf=6Dy?=tyb<$Ho1YO6*j%%hVN@U zdyVQ?$F>fB5$6w%AsX^9+S{(IuTw#sJ*FQ!QF;1an(R{z*{{_EsU5B94WrX(+MT{B z;2XJprpGsmcB-a7aQ>{7yj=W+( zg?9_+=Xs3qxvD)H>*|zuGs{)-Zblzv0$(8Zfls#X_S!M|eeR*PMwmP8R*v-MMo!j- zG1XsJ(F%OH8=buOziD6wNA!95^V%Zn6M$T);fCP*_`X??Ja2x*kAG$W-%b|!wcik@ zNP1TKE{DK#R4cb*7h&D!jLZWxyKg=k^AN&tl=xY}l%ZYld$3AZz*j}*&U-_Lzex%Q zT%>_Yl~M=l{wxVEeHA5<8lU(Vs}QD+c!XkLM%t2D^SwgUVqpV6F~LOT?$z*MlfE|I zwF;!s?XS(0N)T?j;a?D-<$(FROLMQtl!vQ!gygP+YTuwoD{kcG=q!CQ4raJSUs|GC zKPxSq>@cM){PpizwcULz(T89xHwM5E)xVB3Pp(1VoG+Hr8C!&?<6D@X`SX{zj^{zx zBxkx>HG@artz70no%x@Nm?Dn70h79dGwOen6N>gga*QPEhtM*pc;QkM5G;Fj`Y^BMH)2GVvYk)6uds>!-64snnyMhNef{EJo9T=RMJI|+QE z(Eeduc6cNj3RSGe;!)xFC2sY{Au z-cvSUe((rTd=|ondPIvyI@CRA3m9e@T>m-ENYcKh>drotbM~g1T40cXK9h7mR!XSf zXsompGACt|&{9}3UTqr|Fs%W2`)VBjp5YqvB>RN2O9v7>8A)7dfA)dQ0;H6Ob?#m+ zFe{rp!yq^7${+}FwBLx0%ID8f45u#Q8Y3WiyhYS#T{z!1E_ z{7&||4Xtv9WqSHIlXzx&)*$K_kVr2-B>h%9dU2GyH#s+ zG2U8@uc`M4#iPb=D;|6(lIxRd#5t$gcf~<3lZ|jU<{-;d@4G&M5Wj^~H?J}(V?rui zuAU;4_Rq+RGZRj~Kz9&65YQ#f)8y=;eT--eT$z&Os+78hEJQ7mPx!qu1^dzcIu3~; z6V8M00rHf}$dks6LSUaDm-`Abn(A}bZc`fEpU47n&%2x+xh&SRH9YclLUD9uayve} zMuU&RxuUTZ*Ht>GP;qV9_4Iih(WBCcTE@Z*=Zb&+OmNrp;DL6=x?6z?R~`er!t@;( z1l}(>c=1Gt>qazFZNm)xC(T)FS?!$yg_#~wHSP2Fkqp-dky06T>5PQ3JbL3AFbb9o zDHgVGNDdtdy8YqBig`DgP|HoV$?IFE>e6CeHPQdD@N_79U`3uZQ{#-q-w`wnn9}4|5mTQ9(nFe3)kFJ

|sm-~6UzOZnS%B`E~>im!DdaBL9Dkn%sG)qv#EURVTvNZ_` zmu}5|$QWK>hQgD2treQ$YkTVIIsWyf&VuV`{Zp}NI z!?&_!x(!C=+T$(SWw;k!=Z&4IM2X0$pKh=!x)cQqrcYuaprTK*Ml#ES``1Sv3H~@` zKhD_^qa85jbZJ&y+ZnD3yjwZbXaTzAO2Xb&NEu7|?Xxv)fl96>mAp4|34QO_%Bc6T zL3Ym~}uYtTbJ0G9m$|JiHiGEi>IZ%=G z;)NnzhV_KDbqkXCA5Zz7CR`9&@W=)RSta&;Ky#}msYB@y<@DloRa39VHF(ZtD}bL1 zpw})AQY117tw2~C6)F1bo5#u{P@f4?*pT&1FA_t#tyV;OyLg8&0C=+M#fum{Kb3*q zM6rnAib1)4QUOCC48wMzQIWQi!@u7oyqA_9ocWTr!_;Kt_CApy%hfG`iulP$+AxfW z1Q;EN%+x|n{qFgwPUcvI#!G!=CDcyx=}Bb?vgfyV@CW1Mnzk@^!-NT1M@q@36Pm6s zQ|HZDwSYZ#rs4zClKSzy+O)8nEtb3yR!HTg+}Jd0Gu&TcKTX?Zd8*pgqKwx|r!jZx z1B^5gu{<2Uy`=yvUunZ?zrVBX3=^5r`cO4auvYQ$u%{xcUK}IP>FQ-R83*gHa#GEn zI_~!2)+T?$^nD*Ott>vQw@}+TnGhRcl zxtGY}AS@5Y?g{r0ZUNg5m6k=wi|}7BeF>{5di<~Ae1T)C-$tkfM+O_iu?%@9HsG>6nly!=ABWdIk6+{1}q_TjD`tt${}Q7i78NxUot4 z>8)qRcn{N16j37V;r=pLx$Z~3EX~0eQIh3lE-Jqy&dT{&b7a&|^@@4ZyY5*rk__81 zH3W2Y^8ejd?GcBB+o05cf#d%;$V+aa$56lVBo!^+csou>eb@ktr)l zeB~|va=z2QZ<9H59~j-Ia9%`y!mHLm?$-B4K|n8J>UYy&1}@gX8l#&7x4}(!(bI>| zGlx61@^nRVt2T_mvBL#G8>3;0*s4|Js0QU{MMHU!99zRE^n4#1I_h|3VN1fo z{B+8EZ_XzBhIA(=Dp?nZ6MHaJ))Se)^e;XPa5>x97Dg44>MsBAyVsIBrJ8)hBM1fg z!({f|C7gNudG5nES*jdU+@Yl3xvKcap7OAy(aL(^DJ8hmbUoWxcda+Aj6GFyyzFF= z%jl@e*7Ynx!u zQha|_?+b`U`&LOxc1Tn_BcDT7?==TJ&J3J#)9NZNbS~{GT4(rfj$ls9o5%9|ge_Qz zoD|OG9^1p~wr2#}mq}5VHDwo#l@hHZ4P3FU9Bs&%+Fu7!eucb!n`!AulL~)tjK_PV?!1ni-n6x-_<=g|&Hbw=G6@VKaehvoX;iJZ<&8RP!Xd z#wYdcX&Q8<4k_QfQh$#MK8h|kHc5V8Rsg?}_mFlxdY8#Qll}*u)F|;Si|EG9`VB83 z-0A!v4NNPdoOio3IP|xKC}P(iReYB^SweZVfP`AA_0>(qgm~~pc_;>Aym`$)Ziz>> zCK9V%Z|a{lu%p)d4>9w+Uw2E7t`v6~eFPD^5)7KS2(TsKeMC|pdh2uSk#)Il?5{sm zdkWj%!Kc3f>uPv5<%=U6=p}X(S0ce}Qm)Njaz&R7;Nsr2c$fh(i#0QNs~HJ7=lB zI=-aP9?bwbZRf3W&d)41RK(23Ae9i^IXcO%z+&RH@w$N9@l9`xI_t5bwV`%+;d%C7 z^P{(=QX6l#U-Gzn^su8aVrqJp{fo&J7w z?z@BRs0QBi^p_fBoPRU!9PyXVfHj%TT9oK{UYB7v7!%|f&wJZt_GLryHSpoBQwEyK z56vW^aTgYHtGfHGhv{4p+99z{>1NnXG?(JFT=em=jd+FM*7hFn*MZD}_O~09;Code ze@&%>da+~K7S?Y{W3gd;$twS2cdrRadk#_~xS|3nZY57wSph~DTJTxngp>@j6_tOy zg009Ezh?o_Ro@P0AvzLJJIXf#Z!HMx{4GDowD#gnda<3~{+SYolcHF4J^3?)fp278Vpjd4A5k_Y3ehiDv zzW3e$h3z>{YnkcL_tXfNNBFDD-qmL}u)x(x<$AT9jJ2$-a2fxBPnsl`zqMP@Wu-R9|Gmd`h(4Ik!Hf0Wz*sT~$nb|ep zMN5bWAh#q&O2SWum$B&fVOguZq zk;Xky)W?&*(gS6sg}b<&o$Qrh!`9$(M&6PU{*|GMbCH8IYW*8%Bz+c(Kgk{-(@ruRtsXF(4awXkwJBgAW?NZSq+mj0^|K~@jfO#M(eXfLv z$Q|0cd}ZuV_E3$=;P%YPwSr*vV1D`_2SoJ%NDvZQbjZ|xXgx(?fvsdNDFsURU7q(Z z9q3tS)*DWEZaMC^+yRrn_m`rHRoEIhI%CL+)PjC~a?O2;QQ9wv2Y-JAmsNDXh`9@Qa0lz(2PG}5kW+9L)<;YK;5lRqM4D3*WwCV|wD!zoL(ioX<5+ixSi;@hVDPT8In^LiVWU zl$qU#e8Tb}gV_<{nxMWw`r?yKUf!Z$T&@p9v)_dyejg->Hrb%AN)o^&+QbjuU+e?fwJcKF5 z9|VQa66sHpdPmQ%nHfp8?8S%2hGUdyN5Av_@b=11%zZr7i=>M!&i-H>4aWDK7e%k8 z6MWU(tob@V7e%l;+O>k7+vB``P)}yDEvioS2RTW4%+j_>CUhSgK|qqGofC0K z#Z3;K-3uG_>zU58Te=y(y9f0>o|@E0C8E2wi030>mR&;TyXRc-G2~3G7-cTm`Nw44`F$8GzCE2 zzigYhf#hIm8oSIKC6!Jtd8GUK?fc!!#dS1oM}P zlods+(5T>^O~LgfQX#Ubg+{K;(1n4+FANr-uNrs070cai=uy;}*J>yg|IC}y-75js zoJjtoK-T|5(^-Yp&1_+~Efg)q-KDs@ySqavZkys(+>5&wcXxLyP~6?!ZR5I;lmFse z^6ZdgCTp$vzIP^>a_UT7KE`rT_QFvbsI41_tZw05L&BLBCMU=*m%|nUz16;T*OyOY zz{Rh9QGT}hNY%wU8k%}?oPY$&owa(|1fYKUJ);J;1V<-l=d(;qrcPfuYPojsI#(Y` zG)aA)%R17xRg$hb92{+*#yK4PECedf=WA>J=@dj5&Uo_I8K1o1My6B*4PxOu{nDSd z)#TYjX{mKf#fPE*4Ie))=1cC5a!vRsRxon20%u^->v}Z44gqGG-QJPxRLew>XA`8i zt}{o=6JLMtQmqcczfl}}soMU!U>csOvIRFQR)Vstj@q*ICk3aS!dJC@qsP$Hro;|c z+pu!!-R8b*QdWWjDK?tMh~3o7Wc_V5v1|yU7zbDj-JU? zif-WXhyJ4<=*dfrM1hSS?%MCI>LYUDcY@-(H16((CxdXz5K9?6`leEefs(^JRV>OD_V?*iRk-ZLw)zwR`>iwLQ$zWaRr@kIpZ{)^N2c==Paz+J-AxMCeiqK z&Hx9cNwB#=1fvmIMS}dz^b&>Ttif?;kW;3+vbk;|q# zWn8_TI$g7&7Wfxr4}fs~SZ=JzE~}3PxaYZpe3kx@&b>2Z^m&!OkEeBON<6 zliO@YTWo}?Mm<0M9unU~32xhE5C=9hkybnYtn7Png3pwk!@@KxxUt3>eY;!uuAh6M zcl-QR{DIED0{SA)fu2_%>{qpG9=G^mhHv!1 z0>8)h1qUy5m!_wad}{m1s3Tx6{l*`n=t@DFB~o?*QFw4gX|sP9K~6Ssa63MOE)XRY z*}gh_BEYNhjkFPhd7OK_FM}SO)fMYK*;S$V1!8?V3$+eg4(ECDoE>j0$5xeEB>DMj z$^Im+MYF2{I*OTq5ER6P?Oa^_Dp}H4V;bN~s{9R}*8|sol(x9UOE$>Yc%Q)N${I0j zD0@Z__)Q$!F|vZTzS}od@8%ET*WjFN_#7A!)p1%9vQ&0Mmj)5bv7I&+t@DvaEA3ac2O?*SuSAkcfFYBe#5yF_vJ;+ZG zuRy!Hx7Jlr1EH7}GecaYJ4! z{0{nVWbUl4o%)cDHU=8^e7b&MGrV0$Ob)GpoAb?Y6{d_^rgry9*t5K%29k#hqLce# z2P&vUoZ57o(g>2U#%3;criOnhHkz3ezY zZHC5N;%8r$(ipIcKk-B75IK`~+%BFR-dx+&Sl?Ky|FO50e|W61{!UV%-)VVf;ygQ( z>S;^C<%B$Bn@ZvY4!)4qJ1)%U=&{}kYS)KW>rtgRdbBzgyN)I=xi?2gz#-Cpk4nASs@hh>#2LVa!79MEVwdJM%f&wR}LXzV6R0kFJ9@_zCg z+ObPKIh?>^-XZ%B{pbY>K4{1l>&cf_Orwt5n`M^3D@QCN>zgiPEA*Et%@)pQ&rrT* z-vp1%7q=yv1x8}|nUpKmvi*nMd}1bV1H~4n=;-8j$)+c#OeqwE-2 zGd+y zvy&Gi^rH3%ROPMM(kV1<~;&7NauAy=Eg;_#hEF(ia|E%Wb>ATZlm@P9fKWr|9 zbE46cdWIelK~MCgx1KmUK|X#k`xDThI^C?=_E=6@9foDTx%0HXhjO@yO2lanovn$% zka{MOa)EbwiHlJsi=7r61q%K3i~NNSl2?{C@cQ&W_>*Gt*qRPF2KE6G{~QE(YwuW1 zqt6~$g5=BWKZy1FZt+f(pw_O6q*m&SA!olRs2?O=o#U-eHNmcjq?@=*BoCqqy$^Ad zO`;K0zMH2eRP01ZWXl9^m}ni71g;~T+;qgp2Nue8ivYS7hcPTlGd7op7rhrKn!9Oi3u62B+zt&Iu!ykwI>dgp}yiUtQCWI5H=0 zJUCJP(^oT0mb|Ur$z77GB?Xd`xWO2S<^nJ67T0vnSCq(sp;v zupP4#%GaOXe2pjMltbt!N2kSj{*bV2VlDgN^U7qe{*^miCev{=g6?^uo;}_A^rBe% z#B`ir-7%LML0M7DAIZC_-AjAx6rkrzJZChB&aO{4^-mR!Qu+P0o#94{E;vG(W6)dt zid8T`bL8T==jWWhw~1RqDK(vibVHQpq81$VNvv3Q_I!Te-ufF38=Uv6R` zRurY%sJ+ac{XE~^KjQXX`XJWhJ$(H^kn*l;P1Z553x67+l;b3wDOSMvn-&qJ=bkF3 zf@JH}E3L-`@4qI@-&%2ha`AOq)?*0nfW?Ep!a4`@(=E?Lj?htjVVr+d<_z8nVnq=8 z$viGzKIIC{cwndvd7v;1w3BV`39#!=IIRka-ef;~^!ON+Y^R13UHo>%ntoyYjT!!@ z#YcD)q^tklskYwi+Fwj$E?{}089&tLZT8e&ZlGGDi@EC@8MLC!_nv&# zoh4cCym_D}3bItky76<-mwv*k1h&lJ#osT4Jznsr z+vWK^yWHA?gt+2@Jo{;lEH%CZH%Ua!u=YVFHSk45lgdp4J3$~;%YnCu6yL*y=c~Iq z7bnjjkRHZ056<%0sNP*G!}W|3NGda&cf&ATYnpY$FrJWUS68C!JGmB2E_I60vdfq# zpYvps6e{IiVFnZCZ<$Wt1e(f~CwA6DHMc)6UiCy`?k@TxyEr6N_i8Ht{u1pG?dZ{a zG1Oa_D)n|&GyV8UdMy5`*ycL*xD|pmWM}c?`sTb$vdaXv<(-S8I|rRA089 zxJ8>p0t`*+swHv#<44ZLOK{a~n}l~&JM_og;^iW6BZU9vB4{4iU=_k?Gkk zkp1a3WW^1C#)zZc%N69me>$NSKc&XdA{xhA#{Ovplba;Lo^FV#dMc4wuppK-(M`I{ z*9{x~E{GuWmbrEaxbGXb#CD@s$;|KDtzR;KP$sOINfYW>`k!d3Mz}Rf{XSx$9<^^E zQs+x#Dnd`oKqmhl+7h(afv%@Ale?MFVR@IZqe4BYbem-tP1!7_%sDRm7uz>N=(Oum zH&+zd$&7CX*)~0A4RtVYUj5d66=OZ-TqQevW6?%hkqP)JQFlh<1cQEX&-(ylAjm}l zL&Amc#Pi9#iXJ07k5|IstLTGm6#HuUFby?7n=C_Hu~eRC{ZDJiy#>KKK0Nw5`Klr% zPq*q1c5s$#9g1cY_-4CANV49eI)YsvJI7NCzKb_=D&Y8$eYFdQk-^64L!oTwVe5(C z^UxJF)6zeUS7JnkKxaCF6+ z4{5?Cg;Wx!Sg8b1X6v4L6o3c3o7nJv-;+15@b;UtHS8#2YaE_7o0i$?(Kk`J%R|Ha zfb!=-2BvMRlQ#H%;8iv08X@R!@;9Vq)1J+YC!nt2DFKR@YF}}a9Xt#E>wcsMkpyF= zhxXAMzW#t3ArITxBu{rFc-=zE_0CoFyHYUq_anDnw_^q$_0FJbNBA$6UTP z+q-XT@IIz)^bDWJLLk+l#fypnX+~gzZiGsa{T9&Zb3OKioo2fb96Fj z$>*zTGr0eqptuzL3;ebQ^gwzUH`7qMRS9o}~K4hhcVncQ@l@zAXrT)v|D`5W~B(klag% zi_y-Yor~$@G^UC#FGxbCqTwbhHEgiXdbW^}lA=*yox1@ABL9}7?Ho8v8Mj{-FH zcc&1Xf+57c3Sn4O9g(q|?^x_xzioS^s2Mta86?q-r1rM%{y?Ib;8&7)MV}vJa}Y9p zb)OXnw@c9XRAUNI&J-*^PvcS0M@uT^38v>|`)!gfhgoxzTJ9uMU@JhP_aIzQsgGsT ze<2ij>fV$Z7h8`gX)m-vLTCurg(ez%W3CEeD{8+3i^h$!?LMtVf|tdcW3;{zM^srQ zD#anR;vr@HhHKQ;r(A1pj@v?>34C2Ad^a%#-*FV*=h+WeAoP4NW#sP6@(#|s5vZVG zh}Q(s7>VpZeZF>j#87aQgA1#%6`jl}7RXf>6}ml}&kJ)P9rgyBh)}3 z;Ysc8?#Gq*5(Q&HB}{k9p^P;mqo2%cAehKh_1wQ(2Nond&uFnc2JXR^e{PdWMx7h- zm7JkCD*DI4#DoqLIxKCb5#)syoC8ntTqYT<&V^FY;54=MMYVKa=du!mAeg8`cg~(+ zD(4#JNeg8>h)(*>qzyqqdPBYmx96!82@NAZEm;j7)32JO_29w_;Q8{ze;zfKp931Ux&TvrznNJl z%tx%VgPeA=T`PocHa8uu`3Tc-+iCiwD>omhnhsQAWC{PWuY1x0zAA+Oq^Ua*BqqZV z^Nt1oH9h~TQUE}y9{XbPgE53~-q$GXx&F{I?J}LNl~d4=&(~DtB9jwdqCpQJn#`O( zQJO~{rV*?VE<8Hf{T+KuqpU04hy!LOW@|+_qN`mqU^OV7QLX(q5k603ouxv2CMJ;x zA)%&f%jQdFYiutE(@QYg2_qZS!pc=YhbwA}O^36kRr&Jg(jFxN>lN=s35yx< z*gH!N} zf?06D5c2JFurQ3gri#yoAi)_d z`z{VS$<+KV;`eLaxipHnoQlv1rRwJmDw(Q9Cmhn>Zd4R69^-O+bCX`{Y2E0oMA@OD zQ~6!t-fIv~X_v<}YytF^b0=y&ZWqofiAjwn9&3^rSK9IR z48v(B9Mhjx_}IFG4uq$SS@cJGK_uBDN74lUUkf08q@_{v_ed-zqra~|cs1w5aE3i@1UDiPL8;40Vc{=pW3ro1~pugBQIy}=)n zVV z_4oE^@7LH^sKT#5%@^p$Xb$=%EpiuPpC$B5cqmt+-LFY|{_V74=b+SGQ-;3hbtdj)ns&F?cI7)U$VRiQe*N-uTQ;|IeBh%6ztFeA z*J_c;b-%nu=>`#RPs6jDViki{!f`vcxF=ZWaqKp4Te023hxQvCEIS8n?DcGrvc)rg zpv0iJMO83V)NFHRu&fOZM8dNj3?w22Th~N&UiSU6W+n*6rnZ$h0ZVe&B(Pr) zb9J)YAYka=HTh&wA@ALf3=2GDKm-gVlz-eWSXUnMD0j5}0Zw@kW=6gh3q3lXAgs*7FrrtKobvNY@c(;*8$-tQBZy`SerS1Cefs^EkG383C+@H9vp#u&suvXl~!PrpH z4B7GRpb+mwg5tJ={mmh_KprRJMy_O+IfC}juQW*H5-IKFmilj%EuYRluunmxT)x{w*d6trTbXB9U~4Z9ccVsTA@p*3 zxyA|&+I1XnJ)KqB?+zyoVBkRP`Nw$;Zr|j3Ma6=5hvRffXusGPg1Uru_1g5w1%t2T zp$$Ty12ww3DyH5Uq*2D+RN%UZ?5-}EZimyHUVr;&BflX!i=im)xJeIMK?NpBGWJ^T zzOz#SFG;xH$-sie)iBA#h32$OrMLpesx6`41Hz89W-10zkpt~t-M|%lCm!>bG0Yq4 za5Bw;+lpval0=c=u`91|yW3cI38l-(J;y3hHL6}o!4IyUYqb)WR_$Y%Ui`ms!&Z<< zGX#Sm5oeZrJ7k$Pq!tN|g8g1u!**+&6WRcWmH zg0%Fg1o@v(2m(FGP5H*e-QXGKUb+S2$mA#N$hqN0QHf&N;9iphNa&O1odcvIF#`+| z+j8*(45=E0m8D=vx$7H6TeMbDd)b&4-ERBP;W|RL3=G3B`H2@_@I$8To|Pk&He*R6 z1+W8a7g2LB#!#P6r2;MTLujsDnA*tU>M@7s8A&YcXwhV_^7IOuQ9r5$vK;zPxvrzI z8>m9F-9M}iU#TXykOwXzOX8RqSXJdC-%RaB(}>PYKcMJ-@DXOF5|UTZ$;2U%&bUD( zutG%Tt+{f#h#}}XtHUuuVNZOm$L;;s3M;Z?eFV8~@k)fFJ!piBW4^;Jsz#&>9Ex}+ z?byS3SOyPFW_}qUCJSs4veZS%Yo-+y)p)S5+m(7uB)6b@7uBX%Ol)nf!tEi9QosnP znTe1@a<*}hynOl|wq;i;YR}xwbfc)3YDEE;hDmo@4t0)#z?MW7I5~f4d8|K#+VE+3 zPM4yFv{sUtVJU~$oF6f8_=WPJisgoyTI{GB<5p@GIw1Bm*uMLA9Ax%Qlw%ugR=MDXF9T5t;2cm-A)`2e@2%^F?db5V3fLrz`Cfj?e6+zKKLk-mTb}K4? zGdi4pSh+$q4kbZm-&RBjw+O65C`V;~c#zODOI0K9@Jcv6^7_@!53Ny+8-P%4c^)ST zjt%iiJrNYM*H0j$$e5w(5zba7sbIZBA`Zl~gN2T=BA=((R$N#JHs=rcYdVzq{5=Zp zqRE$?7%K3E+y<3>`kvkE77MORi4hLZ!&~P=2)Q_4Fgd@P1JVkf!2Ty!_28H~UVC!n z$?t(aYS)`XH`$z^I%s!D2 zL+YD*?p3Jtodmy?@5dCl-QrfPa%Je11+OPjW!l$()7lBI6&A5&R;wRwUlh-sUt45X z^riM6L2h4}M;NiikR*qr0S;-!K^a2I9kAJGT-)x4l~>m~qx9J!ff8#hEpl;v_Plo- zk`y(%$pj{LiwL|{yAAQ0X)`A(+I);2heMT+NKRG0EUBaVvQG!O!Pe^J4^il%dt&=t zqd6=eGrMMD_*z401)D7%E%GJ7!AKc6+=IIQrd z4JNDvNpAJ}xmT;7UaTIO5|OKMyrTH^*%4@BxT0Pk+>E3JFx;*7;tYqn-7;Ra0uz00 zVBaEsdJPL~sLvO$=WYHM8BFgdT~-*Xc+*;VL5YLu18<%k7IOvsUFw_s`T}T$%U_My~lVFt3x-xzoB-&~bgv-5-Atyx5gLl?2sC-nIMVWCq zrK3W5uHsC&exw|)6SFrL42d<#56FTG2p3c*=q7eifrQo){YAf<`XeQRKiMX}}XMI|Zf6WfWJ#sghNSO$bhECY|8+ zqd@1r-n{t2zh|)AUX{7>oYQ0f_G)j^X=!O#*f}^DnrmvPr|(>oWWTX6Gb;<7xU4hb z;^Gd_CY^X&8Wb+WOE=fnC=Z#kcD{PIQPVIaVU6swy1G7uQy6|InYWy?Y!n9$eZ7#8 zkzr9OpGWssXym{3OqIWH%8wd1DgHGyGRnrv!O_34(A03UiGYZRq)wakZ)HV?>CmT9 zM?q9H0DcNS*WS8vs!)bSqfC7wdm>|am$JBGwLWAng8&8@_j<`Zsnh3`m&u=THJ&!z?dzM+epZzHCvIj& zwd?hM6;`lofcWn0avNvl_L^&PC`>MSh>^bFd;Oq>=hvSt>-`(6ol%);J0C6Qv9z8YnQoo#45>ioCzMMMbalfXBz-BUkdwIgZ!deg+B@#+> zogOhaGgDE`o7K^>Vl?O)%M$P;dggZrwwKiJOuOiQ&suMHUHtFRy~09{`yVng@bK`+ zLd6<2*2}D_YF6j8s!{cz$vVTHPyaQNSI=5Vl~f{E{rcu$JW(L0tcn%>=TG|g8zrCh zCZr(MW*Xbmg-Q%;Y@yr64-*+YV&dZeI$b+pA@}FI*}iY2(LNFB}Yk^-v+*fo2cX|Z%>E34`ESJ z`#?*5j;u6d)6?bLpZZ$K%*@RlpKpH_$*1Ki|oySqMs!pA%X0jMJ^S+wX@Uv!>&^zThRL? z$E>ZDfJjl@c%7d6Yc`+MW-?KivZsqa5pYA9oamIyFXLRlzzK12JqEt7cTi6TxI`^`qOCt=o1rxHtmQ zPBBBfda)F#+y(q^V;v}ow)G>nV~&v&OEpkZL*v$K`Fy!e5>Pf1PP zzPN~KZRPo}yu3WL?Qm(`}<4F%iAX>z{aG|JUl#!$;rE0TYlZ$ zLYQxK+uPf2Zf+>V#7efdj9pz_EiEla*1vTsDf#&`#>V8WZEWBX5YQl8yu4|^pChBA zwav|go14U?>ardlyg+3IT8u_S6y4nH+PR+pe!dn~9Rgb&Lu_ETSilDh-?Yn6M_Yk5DZQjrcdp_=N1q6#-BC zrg{_M!wCXG*XW35TNPE!;Np5Vr3Y|S(m~usSJ;y?uVKQ9 znaGD1P=^-aLq%OxN&}{+gs4&TS-}>X9`+jc=co-VfKfb+spW)b~aqQmCmy1(NKCJ-ZQ$H>U&za+G>k^^EN_A9|wVX}Vj z$Vm9*rM+S%Z%|?3H(OiVe**((xVXbZapdKVe8ASy-jMt0A_aU5gwJ$9WxU=S=H}yb zx;aqT+1aUSZl+>mOMrs?%ItI?KQ=xtBPS=un2e5&{=2^3sS}?7pSVWz&mmYFSIX)wA0`3p4k_}qRdpk3FN2+;!k{XeROeCZJ(chmUBOB2=| zLtLCw5}I|sI$N*DC!CV*O28*6D+zN@RCH^x7(LO`Ti^&TxQUU3}1+TZ)*4Ouqjz$CqLIbT#5%l(GbQQi}t5UkLKx;$kwekv0%N_Rh`)K-t2i(`5cRL%}Z~Fg!LUo~s;+7$8Mi zP+)F$br+6_k(@a7bA{a$1|~zdH9niuW~X>OorZ}?iZX%4{nAj-2h8)~&-)XV78%*l z#OUr`5*_!-O5NG(Lw}E2YGek%hF(X?DGLiwVxL{XW3JVm!DD~@Fjt#zUeh?JHE4nJ zMjkK5v@&(e12I6%s3$A)lP0rBVYie~?@=@)tx_t6C_~6M3wX@NMn?XrskjJ10bSmZ zor42OcXuAh!^Pp{cHb9bL4qV%2}eg(A0MAcVxg>;7cWk`jmY9+DuuER`FtRiew|<> zP%8A!%*0PkDL2_|PSj5dM#xj_OtS!;%9D?ymJsFx+JWt4aq9}qe}eykA^^0;h&I=w&J-l{YEK>vQqWc%;mRI!Pa zE+K&%Xqv3fcGDbq;`0;l120c|*qAI8QpmOg1FV+RvSCUJ-)e#}XAl!0PAv3)hy}CAZ1K4|=yro$Kj##vi>Nrj zLt^wPhYV711a!}r+waLuVN}Dz<$gZQwd-~fNu^`0EI!_bD0sbYKtBuOR`5(jZ!QoP zK+yfaoNoFXz4Cof)+rJ$qyHVYjzlCpqr1?llq=kc_!yCXD=ai!?@|Do{Ks5$ zYRo_?8s%vBcYY;9Ix>Nwt2A7B_v0tOi^YmuX~yCUbR|PG+lhur!QDkxE)oljk&xrTkgNdJH?mLwN%ZEIt7*b%2dg9kJ@{r9>+ zASeJOQaTT0f-4*FO9n@8Tx~52@F>lI;^2HT7p9oDS*A`4s3J;M)_9;cP6KH%k;zv) zU-V2OKo#QHnC3PvmoHzsr>RSDRay#+JAtCD8N=CLz1J~S{yt)w1=mf zs^-90b=OV^*Tz<9m7dHnkZtN{*=gaK2j6}q9gL?tUGK^8Iv)w=Ncw$pQ)EjnSEudh z>|E|}uU`-#5cJ{}6cjxnV`F0jw62aBrVa34U}DIH{>A>a_+$6@CK> z;(r~1YS-BxhDrBf+r2v-8CAI5{&ot$QQAKqRexSZB0OWg+t2Z6!CJEx~|%E~ArBE6p! z7?ai1)y3W1xU;gd8tgW+_V!FGIp;B5F;z3p&)uzNDDFdouOWl32z2+}JMffW@d7&= zIgWXFzGQGj_yEtl)lBXh0kIVivmd!0RDW_a`5iDO)$f;3#afkRE^mun?^$n|eD%)} zOw?-BDKEoR)@$9_G{0eQOjnz}oK8bg@$uE&T;p61;NOC${5J^sSUr28qxD<3}9JpCDdPogIPO3N?oZOh<-15WF8GxgMQ!ZL*-;hmnLI0-`3%e4sz7Z09WubjLFC1!r8EJu@$9OxhP{YD~Tl_X(^CDV0evSOU`FzVHMX`9q`MlbWe2tIWIex2(Y7y$6K`zw%8a`Gm|kaP6wgA ze1Bh->yIIUvH2r_!AjzDQAbz3&lHRjE!`{T5ygC9d3~NXIgn@E=#UA?A@O$_ z>UQ6bDAM2ljVvIHRCF{Y0Rg}5;P9US2HUKD+5%RUMicvrlf~uGG8Omj4F~FW$yeX6 zJmGXdcfaqRYU!gw7JCMQi5IIu*6(l5R_kfDl|R&qlw-3J#H?izLMF2IfqIb2@5bCN zCfcy#ECkpgC*Wpm*IGorf5$BWV?3yo}T z6&)OEEx;d*NL5%CA|oS#GDX72_d`xvrBuD3xVYZ;-KUlq@GJjzS=rbCkmM^ZBhxcB z76}j{z=f6AfoTh*zoE%10MUnI2(0MGn<{`GWYXUQ!n(lJ9HBfk5rfyt5eDd2otJmS ze95czG7XA?!Z1Rl0IdDnMk{$d_R!41pn!C6bo7743P|bQi+zcqLb-}{fSOg%%Z`o! z;a^&-@E`_Mm(^xFDsFBZKpYYf5J-1K>;jV+t%{QmfT+Mg2wK=&X|jm`WH>3Qf8~#6 zGz^TuhzP{!=x9JY&Xr}}_3uRCFFRi57zR5!0})|S85u>lO#S2eIh?L)1(oadQp$vU+(6(|HyQ-Cg)`i@y80Mdbl<;RcOv2|{eLaMIU>%;mz4G+ zaMOFd>Srvhm1AfMv{>nH^v_$`dJ6Eo<^ z0*R9~F|l`Wh<XD5MfLfQg6Qq(cu#Z z`goudSO!`c&+-bHt#WrFLqjX;)TRZ-U}i3k!kQLsIcb^6;T~by`4dwEWMnV)@|@#r zZ%Ij8#$DJiIX3m?{|XC~SJgvROVvk9@6VR&0b-B<$Q&qp06n%N&;S6J_k0N`g@Eim zz18Az1rq?2Hy6;^emRZs$kjIY2W`2I*%>X)VVHa_HBQ^2X)SG^P%dw0If#BxC!eaL zr{myG_bw(2`99{ZY%&Ig)Elnzx-jWSW*1X^u(3LBvHEE%>f=vP2rR{oE+{%=&5^SD zVg^I4u}@KCy1ieu>iHsRiUwe@2AkYWnN4BZ{jdd}GhS!^2hjS{Iw}i|_V<+dv@E%9 za3wQqyo!DmB?||lNq+EfwPx#P6Cv+Ez$G;?Y5PTV3IsXw_>fD^xmg=Iuy7`^qhhAu z;Iq}pVXGvlrV3Cg)!k+LE_E4x1S=|jXqlUF08F4ZUA$th@_!J@(2xWO(?V7E#n>HS ztfoK?l{~1{qw6YgR#DcC^iFb-qd=37jQajE!N(gE(~Qkn;F->8 zoyvs_DB!xvAFa7p@NEW>QBjR#jsQ2ZcX7coP<53{P}bLoGde?P^3QMB<$BYw621G*QSDJW`hWU^qibXT0y#f^ zw4P;=$^vBRL-(8U`=rorDT_f7;eHUJDCJNx_ntxktW)zes|^OiF+GxooJVOFbL>5mT&mo|sCj;yIk$Km2w zEDxd0&H@mawwBK|obKX%wX1VrSFOH|nw}9WC@EgGpQj@Q@RD0m~| zLT@OUe>e%b?ccj)e^*vA0OJ+_?u<=M1Cx?4fxCKqdWuU=9|c@|!#%){*4lm{dU|>S zz7-h$rhZO>fqIh8Y12C}00S^EM@Ps1oc(|P7Jwgs2?mCe;mOHEfD|;^y6PF)7>Rfk z!c%ey5&w{r>tN>``QhM@s0shM8s%utk^?}y141ynjQl#?|pA1#hmfyo4PZx-~K8Q{J!u&_;RjmZ#1 zxQvadEA|PF0d5UMZ}`LnD>H@bWLYeRro(6!@FZZin)v9LI&FA@GB;ifMj*;sBF@n?D@VUlF zJ0;Ds^tFD%H;%FV|B6hS2!+`Hq{Hcc#uvu2P&wA)T|5D`a`( zKbkh}bYM@%_!U5DUG8@p2h~5M9uBhy=a#f1PfErPN0aL<4;2C9WnWWkG``k4e}Cod zV!m-&&30Ztd3keNAZ`-;?$!Qu?$T{?-;7sTBBZyJLn40Zx z|8OwVCgEhxhRyHG*u-k1^~g(1F-mgcFfy^i^tIOa&LfUA3urt8JM3ud zw@9n)umaG=!Tj-WI0O`ew~cI$c)@j@_&@IHUn>IzRcV9Zd8z*4UHdDn{5O=qYIE^J1k;X%)o6@e*YIe*)J?CJ!SvW_ zdc&D@hP6#&U}DOiX`3K~9^keAP51cTTUT~#UG_&XU5~hKUj3UZWq0`XjbAWJ9{{{O z+$qUf?!n85SeL8WzVY#?Vd?qg8+Z)IuQLF9`42dbj`j@?!_(2xnUAMQsH&oAYHI#R zG*ylzzA{_RQ3G>3fOYHX@0Vcz@fjA@>WKgehuIHcH*u+{Ve*uH^Ya?)hn>$S3_K8%+YBCE1mwZV*@P#+_Pgy$@+xG8=K`R(o=rmz z)~nI@bN9;?Y%?Ol<=yT7S~~A|D*yM7H&G}u3Pmz9vXvQytjJc5m63If>^&07PUf+) z%Q*Jl5t-SJ?PHH)WMq%ub-s_Ezj++zeZTMPx?Zo>^L^jOu&-W=6hNLqIPH~y()aX- zMPYjP&UkTgyP-#Xsr`x7`_i(^fl~9hJ5)1fNNudEDqHmSgnduM*RQ@X{WdlEUc8J) zLQXDaYs&*ZMcRc&oTak0WgV`NO26aWkXqhTfeCQ`@c50dPluh0?7ScYIGR4^Fc}7F5Qf%Er zYe#sU;P1BK_J2R`$Y$oDL}Cw-7`xr3t9T9@T?u3lgV-CHIXU;43SHoqPM7zJ4I&ZL z#mPYI-$A_Psk)kBXF58%B#T#IN3{U2^|qNHpKGir!T-G6L%Zwh-&9dO#kuINYA!&SI9{T}_*WM>R}L4oqXluj+5E za%DUdw<1nXO$~A4aJ;SIl@@C4USEac={}_m}eju%dkNR}h6x zaLBK|VM=`^rCS62+}XRu`g>=`Bk*b|Lt`m5MRlsiUfQRnrEFXw)GdDBlOM40kV>M6 zyp@zxXxtnQ?ee9i4UNp@Qo_SYDAGtjd&ToD)qAKZC@PlST>*0vT)0_hU3LKswO)=! z1*X&jguuZn!9bo_Pr9|@B=A#P4THHfyG$V#UznPFa=)f>l0SkbNxJ)M?fPT^Z=SA?ZGsn`hci382uzVuoqy0ZclD(qlYoGu5ab>jrX*&v4YBomB zfFg>PrlDS*g9qZXZ|1IpK1JkOzkK-;ZT2n4)4ZEbBVe}l$+OLj`} zWm8?|OEok(g6en&!z1KVp?v9-*hdTk~PkzZ(}(@eyix|g;gXZ988UG&4ufPhqd-k+y%k19UR1s5&gcS z=Y3l5M~PC^HUjH%m4?FkO&Mr57F;?8tgRBpnt|_-x z#0)={5yN@2n`}awns1HGeo!zmM$5+Wx^S!UlQKn{)7|;;&oECR+-ZF|wVk3@7KRW+ ze|djL>qwidgBhMwg4w$hhaVk^A)&VD*cUkp<;_zWxIXx2n?Igu>hDs(qJA_&H|0ccO#JS^{FsQT zZWcnK)9IV9Z$e&v{I>pAbHNpOi9{lBsFZ+{iOF3PmMH zxm-=O!}Wx4cFL@*D;m@y0lcW;gWe%=Jz>570(iB`WYu8D>EHAHn5rP1AP=9SRLwte z^QFJ^x$VMM&iyyxZxD#>_!~c08=5{RKQ-42AH9bS9)3PmdSlyq*@XX2Bpz{7U62xH z?wR6P`1vKch9Luj%wpEN-U{Qow-snb-z*tEn}&4BmC>ZN`SQl!_7wM2m%gd)Y(j4$;rZxV}PwwLfV-<-Zsm&r*Fv!(n8l%`IGnLb~)M$@V$Fz^}(A}b%tp%6U+R&WUX zO8Fsiq0JGt^Hhm&EJ{;dMi$g*a`3M=$bwfOp0EAehR$=aSFvvvgr|7H*lVlf*x>WG z=SShWFHTM{1a(fK>oVc14%RlZ>TDD=0@jQ<^2sp}utmnk$^f21{o~!y&%~DCmB}K8 zkJV0A%UNcm)YJ$LM==5~8L%`CUkk}%Vvs5-9>)#mMKjm}nrc>rF_1E^A~iF3V`5@L zC4xAk*eD>^GV1xtREnIcO-)b>1=i$q;2#h!vhwn7^ViaMNeR`|5E|Ech6Li>go;eN zWsDc+`PN1^E0bRT%HEkdccpI`?vUq7%1}xcl~Y$IhnN$RuS7}?1ca7g@tfib(FemX>$Y82GB{-`d#pKoZ98 zh52o(`A{M#r#7)^cJ??w6WmFHb|3y#ZAnxJ|2?XAgbQ{d#Kg!)58g1w8ac!^U?^Va z>s<5`+|9^f1U@PcBO!0-CVZ^)jdEwe=gXn9k}N@wd3h4(C=lYRIm+CC0aTky=qTye z1*v8>{q7ExT>3-0JSTbF`0Px~DP%{$#t;f_?0;{M99R8{A|f>FZ-8r+u(!EnVa%9+ z0bAJP;9rY!rIC61nlkl=zw_> z%SW#n7|MbOrI{JuZw+(Uj&B9u7V_A*tC}74-F=_3x$$PQ(8rIV#F~qXxEUJ6-+`;! z_U}|lo#3FR)+S$Cm|-9^fG^I2HWp@8V|i2KE)WqIcu)y_xs7CN)0rM!s$~|NAyVE?>&K z<7dE$^im3hU7NUZ_l6+6>E*}{g1nY0AjPSX{c8FkAnT7ZwZ_9)}cp#RH{&Yh{ zS=}$ZMkL*BzZE)Hru>VA8ZV{?zK}+xX5@u@uXdscCd*oyFWjG(t1h$d&bo{bLfixZ zsDHF5oW2Gq;Q90CU`Rc&8vFGRi=h&H{~v?gA5EIC{R5+~--Rj2D=mF1F-7IK^U~TK z^47dce3q@s16Pn|sTVW?kav~Bg74=~TybfH826WM{2RFS?NU%!?$4o+O!l}10wgm! zS=V2+9i&AiHC13uIzvzB-N28`&h7PT-`^LP%)!-xP|$33;}6snafL=a2sH)-o)o)g{J9~=>yKzF1 zAm=aO{CJhk`p%&B@f99>W;OBCsPU^;6%PJNB9!8uVXu)b^Vny-QO{lf6*zki?!=wL zy>SQkJuO5iU61?An3Ud(S9%T3Tt?I0-{k1L6@rV5%!NG!wQtbog}YxSSn(?%VImwI-7_K5RAHxzPQxL(xW?onrW71HC>=x=mD#dtKB5Z@Oi6wlY^(wi&WY%pEg znscxi{hBvk(IQ_>fk`~*let^>{sVJjocPI?-a>9@`lOT;Eo~Lk zl##yZ(Yl19&4!+Zzwbp86A!$)sgte}VSR(BIjeK-&IU7( z2_Jk_NVtjI)*p97$p`E&KZo={?Xd=$FgW>stMg<=0f1dolgKmq#Z5JxENrA8883{kDV_DRyT zXL}>~KGdNUPK~-6a$R!i% z9}4Q({zL!>(&Tqjd>)}rz8)`N3fU222kEH{v=y|kUp+&)ud)B!ZZ_%076tH9T^4pW znVhOKOo~C{-|QC>yn`ep)Z7?(4w-RkuBL&pSzFfWv8zq{EvJ(M1~7%~F$Dwk++V&; zdEO>7G6D~U7*;3WW)e4Tz>3&1CF!d(z6!D7(vgLv3}=(pmPT#Sc{B#y6LEoP8f-WQ zW+4>QW^MBrSHpZy^C#5t@uuP7T6LC0Fix6_ii#GNlrTJe`04X!0>mJ%;(2=0uaP)N z;ED{U#m4xN0nj4gelOfE>A3(ex7oBjTBPAQj8e@sY_9j*#SUI0x&HKQ`r)_Fo;!oc z0-k(tZ`;QO>}!vC=|6l-P1TvIB!%!;`rnEqd_|i5b)&4TFEcoq8NfVOkQ7Zpv!}67 zll?Mr4eh$WFcZZZby6e}RVTw4k?fi;iZ@!?_CL}k%6|@N_}3F zxmov++4C6NM!J@l=i)TNZF?7M*cU+DmCXHtDjwo~C#TvHvj{EpdEBYsABBy#@sD1AvxxqGdW>GO(I%j8|I=*M@-rh~@iXqWS zY3pconT600zGh680`1U8s=1@T9fKb(=v0x07t62HdE#_4&;fL?3{XN>?%oZli6jF^ z5&#zN<$stKFYP+y?Fx1c%DwEUTXcR3eLdYtoxP(ahbI-&xTw*o?z7(&gjs+2$G4Hz z3!7XPQWrTK?LGIjU+}ku(g>91l*dFzM|}CB%!SD#ga8IgL!9`Hd$*R_SmTAZ0Z;)( z(x@>{izx1KFu=?KU}p-sx*~qR?u9}I8K3!6gG*{+hklTye@4uANHH?@rm40ry%iUS z7T;3O^F_Yp_7ABCKmT;(O#Rk=$Ck*8&dd8H{PIY8L1-IV|CXI?>WhIaI}_gKS**Zy>5%U!2rh&}C*` zKbxSr{%kx(tc}P*|KP7mU#=uh&d|qlmDrwpnJ6U^5bR?b8+{_#Ur)V0W$@85`ppZl z=N~`+EldOhQPR_d&giaN_cNL?LpGGey*888jtrcfVIXma^Ry&`DLKHqUYrFJ(PAhE zfxh*>?e^$RMOciNR~r%0uWd3ge?=#21fWWJlo|0l#67os#32MnEtX>oEwP$lmbz5P zcXPeu;|pTf=;3(8+1l1yD1GiP!!wny-vDn7xCDkYP~G$qvN%7#AD@N)h{bF;;~Kc{ z#XASKPD${b2z(9&MdVW%G58!M$Mud(?TQiSBmVR$&sai@uF;sqMRM}nNGo<0wx*nm z)AT?euVow8Kjz`-t6`}=c5}-jqU}1Wa~~~q<^ukclONv`|;%D}=>;ak|f!|jDw z*!5-nT=&V-y1Kd-5>2i~ynfRL1(v3?Rn^J*qCVGX>&f&PGc*0iWL-qzE_RiR&{Kjf zg4?|Je!X7RS1>^Pw0b7n17QF=DR#`QwDD4jaA|NXTAG)Gl743bO{3qieZ695hZUV> zy9Rc8OM*b)keL>s7J{}bwFTOTd7`Szo1s?dgRa=hF#rDM*qC7S&;!L@7joSZjoY;2en z<1;j*l<82s#sr<^)(Zeqge;Gek??;4|JU?vtSpT(H>EO;VW|h!5Tx+~KJFAGcDNSc zBGv5D_`lPTOY_>>UmL0wz%h=SFdVJ)rY3t$)ZJppEgx3e;II4|WM$uo7s2Y|yOL$00gV)Tnj%Cqb{V{m0hTUi+` zo233=rbQ*)#dJnOERpBqTCHe|)nv!EOk%KPrYg8tfQNJZlKptS+7T-ap4Qa(pHGgP ze{d5Z7$IfXyE$BT6ivDlWInY=+Lo3vF|!6PNr%n1Q|l=poz`d9{Ry}BcNyt9Ld_*V z&0=SM{)@X~O9vAeCCs2bUS~q}w6rk2;s9MYfyN7Wry4F#3Qq;j!alMst!NsNJ-7S2 zY}nNJp-UfL=+3M}sV}S==r=8P@&#=EBI`{(NR|Q>UoD=Re#=a6)z4#_Mk88eUdGNY z%;HE=x~Ka(kGo?4BmdTw*xoBJ)i~W5+~#)$%Eu24hjo>HAhZ$XmU0jbwY0S04sOiO z`liw@D&>SgXcnmSv<3FR`C-KF%1A`4Ot=ZO0~bM|h=_#XOcYhkZLVS0?fDQYU{KZaHL(+$Du1^-xq`Du0H6liWy(S+N0mn= zY-9X&CsE0N-2ylj10u=?fI4WeUDP7wt%qv`3^H*gE<97#)_~z`uZ|Rf^-pnc{COOM zcRb&x|2NOU^6m0CTB)JLqPZYC%G5}$z2vzjpex*H&^R6FzGrsG1bh68Z`uPMzcOEt zaX2OitViHRsd}sUaFqux%Z;R`omgrQ2$nQ9o=JT z=>Y^|fDAz*ReA7<=H7Tpmg2N19GOFy3vE)iCMCtnNWZ#~%*mNXqNa)nqArzCzXcPZc5WV8?5Hd|q> ze<~4Y#;0#j*a<0qOV~WRY$Dz`gZ#GI|86#itG+k>9?l?r{A764CR-Q<3{E{UkDu4-sKFd2giDD&ZiIRs&Ys>w}+!13v$*BA9 zQPs%l_D+v@ETp`im%0iTQeQngf{L4=mbqG7y@6b4V9LleFfd`(jOKiu%gVx*6H}e4 zkVBD_JVmXiMr zZ3-5eodw1e5D**{p_a9kM_SNXDaj`$~N%Gl|S z>4w&M{pcQOU~x|zek`YGqX4N3zC=jCH9%(~-c~cy@S#N)??YW#S&TTzppJVx7$v{i zuHGTe=(ixt3oI)7<3Xf>kIwI344wG7%2{uku%tt)G|f3h~+MhcgALKtn_=I#^mmC5FnCrdXyCF4MHdG z5vmQ;{7H>2;^(U=IL^arnPr$*c)VN_ag^uM5O-z(1+hFnRaKSr_}f5Hz{aD=7PD%TcxFsXxOqoN>oi;_yXq+ZI~L3hW4&U$uFGB5ervR(Xb(9?`cC4&-YT9k|U4S3C M7q6u9CEoh}A6o_^^#A|> diff --git a/bip-0360/merkletree.svg b/bip-0360/merkletree.svg index a3dcb37937..00296fa868 100644 --- a/bip-0360/merkletree.svg +++ b/bip-0360/merkletree.svg @@ -2,14 +2,14 @@ + showguides="true" + inkscape:showpageshadow="2" + inkscape:deskcolor="#d1d1d1" + inkscape:export-bgcolor="#ffffffff" /> + + id="layer1" + transform="translate(-0.34020621)"> + + + P2QRH Witness (input) + id="tspan2">P2TSH Witness (input) annex + id="tspan52">annex 50 + id="tspan54">50 Initial stack + y="238.933" + id="tspan56">Initial stack Merkle path (32*m bytes) + y="116.78066" + id="tspan57">Merkle path (32*(d-1) bytes) Control block + y="116.78066" + id="tspan58">Control block Witness Program + y="116.78066" + id="tspan59">Witness Program SegWit version 3 + y="116.78066" + id="tspan60">SegWit version 2 tapleaf tapleaf version + y="251.86074" + id="tspan62">version tapleaf tapleaf version + y="251.86074" + id="tspan64">version 1 + y="286.50917" + id="tspan65">1 { + id="tspan66">{ { + id="tspan68">{ P2QRH scriptPubkey (output) + id="tspan70">P2TSH scriptPubKey (output) How the tapleaf Merkle Root is computed: + id="tspan72">How the Taptree Root is Computed: OP_PUSHNUM3 + y="69.920135">OP_PUSHNUM2 tapleaf Merkle root + id="tspan74"> taptree root tapleaf Merkle root - - tagged_hashQuantumRoot + sodipodi:role="line"> taptree root tagged_hashtagged_hash Tapleaf tagged_hashtagged_hash TapBranch tagged_hashtagged_hash TapBranch tagged_hashtagged_hash TapBranch tagged_hashtagged_hash TapBranch + style="font-size:16px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect255768);display:inline" /> tapleaf + y="605.54433" + id="tspan75">tapleaf A + id="tspan76">A tapleaf tapleaf version + y="251.86074" + id="tspan79">version tapleaf + y="605.54433" + id="tspan80">tapleaf B + id="tspan81">B tapleaf tapleaf version + y="251.86074" + id="tspan84">version tapleaf + y="605.54433" + id="tspan85">tapleaf C + id="tspan86">C tapleaf tapleaf version + y="251.86074" + id="tspan89">version tapleaf + y="605.54433" + id="tspan90">tapleaf D + id="tspan91">D tapleaf tapleaf version + y="251.86074" + id="tspan94">version tapleaf + y="605.54433" + id="tspan95">tapleaf E + id="tspan96">E + style="font-size:16px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect265632);display:inline" /> + style="font-size:16px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect288534);display:inline" /> tagged_hashtagged_hash Tapleaf tagged_hashtagged_hash Tapleaf tagged_hashtagged_hash Tapleaf - tagged_hashtagged_hash Tapleaf + style="font-size:16px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect389388);display:inline" /> + style="font-size:16px;line-height:1.25;font-family:sans-serif;white-space:pre;shape-inside:url(#rect450123);display:inline" /> + NB This example assumes that the hashed values of the leaf scripts are such that H(A) < H(B) and H(C) < H(D). + + From cf939d7ab8d11b47abb826123623e091091facf6 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Tue, 16 Dec 2025 20:47:16 -0700 Subject: [PATCH 02/18] Integrate changes and updates from the collaborative Google Doc for the rewrite. --- bip-0360.mediawiki | 255 ++++++++++++++++++++++++--------------------- 1 file changed, 134 insertions(+), 121 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 7d89225433..c4627ed8fd 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -18,18 +18,18 @@ ===Abstract=== -This document proposes a new output script type, Pay-to-Tapscript-Hash (P2TSH), via a soft fork. P2TSH outputs are Tapscript-native, hash-based outputs that disable the key-path spend functionality of a Pay-to-Taproot (P2TR) output by omitting the internal keys and the taproot 'tweak' step. The script-path spend functionality of P2TR is retained, and thus all spends of P2TSH outputs are Taproot-style script-path spends. +This document proposes a new output type: Pay-to-Tapscript-Hash (P2TSH), via a soft fork. P2TSH outputs operate with nearly the same functionality as P2TR (Pay-to-Taproot) outputs, but with the key path spend removed. -Through this modification, P2TSH outputs provide a Tapscript-native, hashed output type that is: +Through this modification, P2TSH outputs allow developers to use tapscript in a manner that is: -# resistant to known attacks by cryptographically-relevant quantum computers (CRQCs), and -# resistant to cryptanalytic techniques that could compromise the elliptic curve cryptography (ECC) used by Bitcoin. +# resistant to long exposure attacks by cryptographically relevant quantum computers (CRQCs), and +# resistant to future cryptanalytic approaches that may compromise the elliptic curve cryptography (ECC) used by Bitcoin. -It is worth noting that the proposed P2TSH outputs are only resistant to what we term “long-exposure attacks”; that is, attacks on public keys exposed on the blockchain for time periods longer than the average time needed to confirm a bitcoin transaction. +It is worth noting that proposed P2TSH outputs are only resistant to "long exposure attacks" on elliptic curve cryptography; that is, attacks on keys exposed for time periods longer than needed to confirm a spending transaction. -Protection against more sophisticated quantum attacks - including protection against the recovery of secret keys from public keys that are exposed in mempools while a transaction is waiting to be confirmed (what we term “short-exposure attacks”) - may require the introduction of post-quantum signature schemes in Tapscript. +Protection against more sophisticated quantum attacks, including protection against private key recovery from public keys exposed in the mempool while a transaction is waiting to be confirmed (a.k.a. "short exposure attacks"), may require the introduction of post-quantum signatures in Bitcoin. We believe it's worth considering this path in the future and intend to offer a separate proposal for this purpose upon further research. -This document defines long- and short-exposure attacks as specific quantum attack-vectors. +This document additionally defines "long exposure" and "short exposure" attacks, and other new terminology in the Glossary. ===Copyright=== @@ -37,29 +37,25 @@ This document is licensed under the 3-clause BSD license. ===Motivation=== -The primary threat to Bitcoin from Cryptographically-Relevant Quantum Computers (CRQCs)A Cryptographically-Relevant Quantum Computer is an ''object'' which is only loosely defined by ''characteristics'' in quantum physics as of today. It could be understood in the context of this BIP and in Bitcoin that it is a ''hardware-agnostic'' computer supposed to have the architecture to keep ''coherent'' a sufficient number of logical qubits to be able to run Shor's algorithm in an efficient fashion. is their potential to break the key cryptographic assumption which secures the digital signatures used in Bitcoin. Specifically, [https://arxiv.org/pdf/quant-ph/0301141 Shor’s algorithm] enables a CRQC to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP) exponentially faster than by brute-forceShor’s algorithm is believed to need 10^8 operations to break a 256-bit elliptic curve public key., allowing the recovery of private keys from public keys - a process referred to herein as "quantum key recovery".Meaning, deriving private keys from public keys via Shor’s algorithm This problem that is "hard" for traditional computers is made "easy" for a CRQC by Shor's algorithm. +The primary threat to Bitcoin from Cryptographically Relevant Quantum Computers (CRQCs) is their potential to break the key cryptographic assumption which secures the digital signatures used in Bitcoin.A Cryptographically Relevant Quantum Computer is an ''object'' which is only loosely defined by ''characteristics'' in quantum physics as of today. It could be understood in the context of this BIP and in Bitcoin that it's a ''hardware-agnostic'' computer supposed to have the architecture to keep ''coherent'' a sufficient number of logical qubits to be able to run Shor's algorithm in an efficient fashion. More specifically, [https://arxiv.org/pdf/quant-ph/0301141 Shor's algorithm] enables a CRQC to solve the Discrete Logarithm Problem (DLP) exponentially faster than classical methods.Shor's algorithm is believed to need 10^8 operations to break a 256-bit elliptic curve public key. This allows the derivation of private keys from public keys - a process referred to here as quantum key recovery.Meaning, deriving private keys from public keys via Shor's algorithm While it is unclear when or if CRQCs will become viable in the future, we propose the addition of a quantum-resistant, tapscript-native output type for those interested in this level of protection. -Grover’s algorithm -- which speeds up random search and poses its own unique risks to Bitcoin by potentially weakening hash-based security -- offers only a quadratic speedup rather than an exponential one. In broad terms, it allows a quantum computer to search an unsorted space of N possibilities in roughly sqrt(N) steps (instead of N), making brute-force attacks on Bitcoin’s hash functions somewhat faster but not "easy". As a result, and despite this advantage, breaking Bitcoin’s cryptographic assumptions via Grover’s algorithm is still believed to be a "hard" problem, even for a quantum computer. +While some may balk at the potential threat of quantum computers to Bitcoin given their limited functionality to date, some others - including governments, corporations and some existing and potential Bitcoin users - are concerned about their potential for advancement. The Commercial National Security Algorithm Suite (CNSA) 2.0, for instance, has mandated software and networking equipment to be upgraded to post-quantum schemes by 2030, with browsers and operating systems fully upgraded by 2033. Additionally, according to NIST IR 8547, Elliptic Curve Cryptography (ECC) is planned to be disallowed within the US federal government after 2035 (with an exception made for hybrid cryptography, or the use of ECC and post-quantum algorithms together). These kinds of mandates have triggered concern by some ECC users, including some Bitcoin users who prefer to be prepared out of an abundance of caution. -Some may balk at the threat of quantum computers to Bitcoin given their limited functionality to date. Others – including governments, corporations, and existing and potential Bitcoin users – are concerned about the potential for their advancement and future use in cryptanalysis. +In the most optimistic case, wherein quantum computers never pose a significant risk to ECC, we understand that the possibility of quantum advancement alone may be influencing adoption and broad confidence in the Bitcoin network. In other words, we believe users' fear of quantum computers may be worth addressing regardless of CRQC viability, which is difficult to assess. Given these concerns, we think it's worth considering changes that are minimal in complexity and risk, and create new options for using Bitcoin in a quantum-resistant way. -The Commercial National Security Algorithm Suite (CNSA) 2.0, for instance, has mandated software and networking equipment to be upgraded to post-quantum schemes by 2030, with browsers and operating systems fully upgraded by 2033. Additionally, according to NIST IR 8547, Elliptic Curve Cryptography is planned to be disallowed within the US federal government after 2035 (with an exception made for hybrid cryptography, or the use of ECC and post-quantum algorithms together). These kinds of mandates have triggered concern by some ECC users – including risk-averse Bitcoin users who prefer to be prepared out of an abundance of caution. While it is unclear when or if CRQCs will become viable, we propose the addition of a Tapscript-native, hashed output type for those interested in enhanced resistance to this threat. - -Even in the most optimistic case – wherein quantum computers never pose a significant risk to ECC – we believe that public fear of their advancement alone may be influencing adoption and broad confidence in the Bitcoin network. In other words, we believe users’ fear of quantum computers may be worth addressing regardless of CRQC viability, which is difficult to assess. Given these concerns, we think it’s worth considering changes that offer quantum-resistance, are minimal in complexity and risk – and that create new options for using Bitcoin (and Tapscript). - -As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH) – a Tapscript-native, quantum-resistant output type. +As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH), a tapscript-native output type that can be used in a quantum resistant manner. ===Long-Exposure vs Short-Exposure Attacks=== -This proposal specifically mitigates the risk of long-exposure attacks on Taproot outputs. While other (hashed) Bitcoin output script types already mitigate against this risk, Taproot outputs expose their public keys and so are currently vulnerable to long-exposure quantum attacks. +For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscrips outputs (P2TR output types) are currently vulnerable to long-exposure quantum attacks. -A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because they give quantum attackers ample time – as much time as vulnerable keys are exposed – to carry out quantum key recovery. +A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time - as much time as vulnerable keys are exposed - to carry out quantum key recovery. -Short-exposure attacks will require significantly more advanced, error-tolerant quantum computers – because these attacks must occur within the relatively short time that the public key(s) of a transaction are exposed in the mempool while a transaction is awaiting confirmation in Bitcoin's blockchain. +Short exposure attacks, however, require faster quantum computers, because they must occur within the relatively short time that a transaction is unconfirmed in the mempool. -All Bitcoin outputs are currently vulnerable to short-exposure attacks – as all Bitcoin transactions require revelation of the redeem scripts and/or associated public keys to unlock and spend unspent outputs.A vulnerable Bitcoin output is any scriptPubKey type that exposes an elliptic curve public key as raw bytes in a block, making it susceptible to quantum key recovery via Shor’s algorithm. This includes P2PK outputs and any script that contains an unprotected or reused public key. Comprehensive quantum-resistance of outputs from short-exposure attacks may require the use of post-quantum signature schemes. +Bitcoin outputs are generally vulnerable to short exposure attacks, as most Bitcoin transactions require revealing the associated public key when spending.A vulnerable Bitcoin output is any scriptPubKey type that exposes an elliptic curve public key as raw bytes in a block, making it susceptible to private key derivation through Shor's algorithm. This includes P2PK outputs and any script that contains an unprotected or reused public key. Full protection of outputs from short-exposure attacks may require the use of post-quantum signature schemes. -Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a Tapscript-native, hashed output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers or non-quantum cryptanalytic breaks in Elliptic Curve Cryptography. +Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a tapscript-native output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers. The following list of output types describes their long-exposure attack vulnerability: @@ -73,10 +69,10 @@ The following list of output types describes their long-exposure attack vulnerab | P2PK | Yes | Varies -| 2103203b768951584fe9af6d9d9e6ff26a5f76e453212f19ba163774182ab8057f3eac +| 02103203b768951584fe9af6d9d9e6ff26a5f76e453212f19ba163774182ab8057f3eac |- | P2PKH -| No¹ +| No* | 1 | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |- @@ -86,17 +82,17 @@ The following list of output types describes their long-exposure attack vulnerab | 52410496ec45f878b62c46c4be8e336dff7cc58df9b502178cc240e… |- | P2SH -| No¹ +| No* | 3 | 3FkhZo7sGNue153xhgqPBcUaBsYvJW6tTx |- | P2WPKH -| No¹ +| No* | bc1q | bc1qsnh5ktku9ztqeqfr89yrqjd05eh58nah884mku |- | P2WSH -| No¹ +| No* | bc1q | bc1qvhu3557twysq2ldn6dut6rmaj3qk04p60h9l79wk4lzgy0ca8mfsnffz65 |- @@ -106,37 +102,40 @@ The following list of output types describes their long-exposure attack vulnerab | bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqm mj4z82xdq4q3rr58u |- | P2TSH -| No¹ +| No* | bc1z | bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve |} -¹ funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs become vulnerable to long-exposure quantum attacks anytime their redeem script is revealed. -A complete list of outputs that are vulnerable to long-exposure attacks: +The following output types are fundamentally vulnerable to long-exposure attacks: + +* P2PK outputs (e.g. Satoshi's coins, CPU miners) +* Reused outputs* +* Tapscript outputs (starts with bc1p) -* Legacy (i.e. P2PK) outputs (Satoshi’s coins, CPU miners) -* Reused outputs of any type -* Taproot outputs (mainnet start with bc1p) +\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long-exposure quantum attacks anytime their redeem script reveals a public key. -For further clarification on quantum attack vectors, please refer to our [[#Glossary|Glossary of Terms]]. +Note: Extended public keys, commonly known as "xpubs," and wallet descriptors also reveal quantum vulnerable public key information. For further clarification on quantum attack vectors, please refer to the [[#Glossary|Glossary of Terms]]. ==Design== -Pay-to-Tapscript-Hash (P2TSH) is a Tapscript-native, hashed output type that commits solely to the root of a Tapscript tree. Functionally, it is a modified Pay-to-Taproot (P2TR) output with the quantum-vulnerable key-path spend disabled by omission of the internal keys and of the Taproot 'tweak' step. +P2TSH (Pay-to-Tapscript-Hash) is a proposed new output type that commits to the root of a tapscript tree. It operates with nearly the same functionality as P2TR (Pay-to-Taproot) outputs, but with the quantum vulnerable key path spend removed. -In other words, P2TSH outputs commit to the Merkle root of a Tapscript tree without committing to any internal public key. The script(s) being committed to, however, may contain keys or key-hashes. +In other words, P2TSH outputs commit to the Merkle root of a tapscript tree without committing to an internal key. The script(s) being committed to, however, may contain a key or key-hash. -This output type is designed to offer Taproot users immediate protection against long-exposure quantum attacks – as well as to provide a practical output type with which new, post-quantum signatures may evolve for additional security. +This output type is designed to offer tapscript users protection against long-exposure quantum attacks as well as a practical output type with which post-quantum signatures may be used if such signatures are adopted in the future. + +Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the tapleaf Merkle tree as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] hashed with the tag "TapBranch" as shown below. [[File:bip-0360/merkletree.png|thumb|Construction of P2TSH Taptree root, scriptPubkey, and Witness]] -To construct a P2TSH output, we first follow the process outlined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] to compute the Merkle root of a given taptree. Then, instead of computing a taproot from the sum of the internal public key and another point generated from the hash of the internal public key and the derived taptree root (i.e. H("TapTweak", internal_pubkey + merkle_root) * G) as is done in P2TR outputs, P2TSH outputs commit only to the Merkle root of the taptree. +To construct a P2TSH output, we follow the process outlined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] to compute the final tapbranch hash, which is the merkle root of the tapleafs; however, instead of tweaking the internal key with the root of the Merkle tree (as is the case with P2TR outputs), P2TSH outputs commit only to final tapbranch hash, which is tagged, "TapBranch". -D = tagged_hash(“TapLeaf”, bytes([leaf_version]) + ser_script(script)) -CD = tagged_hash(“TapBranch”, C + D) -CDE = tagged_hash(“TapBranch”, CD + E) -ABCDE = tagged_hash(“TapBranch”, AB + CDE) +D = tagged_hash("TapLeaf", bytes([leaf_version]) + ser_script(script)) +CD = tagged_hash("TapBranch", C + D) +CDE = tagged_hash("TapBranch", CD + E) +ABCDE = tagged_hash("TapBranch", AB + CDE) A P2TSH input witness provides the following: @@ -149,75 +148,75 @@ tapleaf script, control block = [control byte, 32*m byte Merkle path] # m is the depth of the script in the Merkle tree -The initial stack elements provide the same functionality as they do in a P2TR script-path spend. That is, they place elements on the stack to be evaluated by the redeem script. +The initial stack elements of P2TSH provide the same functionality as they do in P2TR. That is, they place elements on the stack to be evaluated by the script, a.k.a. the redeem script. -The control block is a ''1 + 32*m'' byte array, where the first byte is the control byte and the next ''32*m'' bytes are the Merkle path to the leaf script, where m is the depth of the leaf script in the Merkle tree. The control byte is the same as the control byte in a P2TR control block, including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1, since P2TSH does not have a key-path spend. Unlike P2TR, we omit the public key from the control block as it is not needed in P2TSH. We maintain support for the optional annex in the witness (see Specification section below for more details). +The control block is a ''1 + 32 * m'' byte array, where the first byte is the control byte and the next ''32 * m'' bytes are the Merkle path to the tapleaf script. The control byte is the same as the control byte in a P2TR control block, including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1, since P2TSH does not have a key path spend. Unlike P2TR, we omit the public key from the control block as it is not needed in P2TSH. We maintain support for the optional annex in the witness (see Specification section below for more details). ==Rationale== -In this proposal, we adopt a “prepared not scared” approach to the possible advancement of quantum computing – and offer Bitcoin users an option for increased protection if they so choose. -This BIP does not take a position on any specific quantum computing timeline, but rather proposes a flexible and unobtrusive option for users who wish to mitigate this risk according to their own estimate of the timeline. - Design of the P2TSH output type is guided by the following intentions: -# Minimize changes to the network – we should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. +# Minimize changes to the network. We should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. +#: +#: P2TSH leverages the battle tested P2TR, tapleaf and tapscript code already in Bitcoin, reducing the implementation burden on wallets, exchanges, and libraries that can reuse code they already have. This approach reduces complexity and minimizes implementation risks. #: -#: P2TSH leverages Taproot code already in Bitcoin for tapscript and taptree construction – reducing the implementation burden on wallets, exchanges, and libraries, which can reuse code they already have. This approach reduces complexity and minimizes implementation risks. -# Create the safest possible path for the addition of post-quantum signatures - in the event they are used in the future. +# Create the safest possible path for the addition of post-quantum signature integrations, in the event that they are used in the future. #: -#: Importantly, we are proposing a Tapscript-native, hashed output type that is resistant to long-exposure attacks. While existing hashed output types (i.e. P2PKH, P2SH, P2WPKH, and P2WSH) are already resistant to long-exposure attacks, these output types do not support Tapscript – which may be required for practical extension with post-quantum signature opcodes. Unlike Tapscript, Bitcoin script as provided by P2SH and P2WSH does not support OP_SUCCESSx opcode upgrades. +#: Importantly, we are proposing a tapscript-native output type that is resistant to long-exposure attacks. While some existing output types are already resistant to long-exposure attacks (e.g. P2WSH), no such output type supports tapscript - a feature that may be required for practical implementation of post-quantum signature opcodes. #: -# Facilitate gradual integration of quantum-resistant features - that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. +#: P2WSH, for instance, is not tapscript-native and as such does not support the OP_SUCCESSx opcode update path that will be critical for the integration of post-quantum OP_CHECKSIG opcodes into Bitcoin.OP_SUCCESSx is a mechanism to upgrade tapscript +#: +# Facilitate gradual integration of quantum resistant features that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. #: #: We designed P2TSH with an eye towards integrating post-quantum signatures in the future, without proposing more complex changes while CRQCs are still in their infancy. ===P2TSH Trade-Offs=== -While P2TR outputs (and ECC-based key-path spends) will remain an option for folks wishing to use them – we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key-path spend for the benefit of quantum protection. +While P2TR outputs (and the use of key path spend) will remain an option for folks wishing to use them, we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key path spend for the benefit of quantum resistance. -A P2TSH witness will be larger than a P2TR key-path spend witness. That said, a P2TSH witness will be slightly smaller than the witness to an equivalent P2TR script-path spend, because with P2TSH there is no need to reveal any internal public key. For a more complete comparison of input witness sizes, the “Transaction Size and Fees” section may be reviewed later in this proposal. +First off, P2TSH script path spends are slightly larger than P2TR key path spends, because you have to include the control byte and script in the transaction. That said, script path spends from P2TSH outputs will be slightly smaller than script path spends from P2TR outputs. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. -Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR. That is, since P2TSH outputs can only be spent via the script-path spend, users functionally reveal the existence of a Tapscript tree whenever they are using a P2TSH output. Of course, a chosen leaf script is also revealed at spend-time. In P2TR, when you spend an output by the key-path spend you don’t reveal any script or if you had any scripts at all. +Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which is that users reveal they are spending to a script tree whenever they are using P2TSH outputs, since P2TSH outputs can only be spent via script path spend. In P2TR when you spend an output as a key path spend, you don't reveal if you have any script path spends. This trade-off only exists when comparing P2TR key path spends to P2TSH script path spends; P2TR and P2TSH provide the same level of privacy when both are script path spends. -'''Note:''' P2TSH and P2TR both provide greater optionality and privacy regarding script policy compared to P2SH [https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki (BIP 16 - Pay to Script Hash)]. +'''Note:''' P2TSH and P2TR both provide greater script privacy than P2SH [https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki (BIP 16 - Pay to Script Hash)] because unused script paths are not revealed. ==Specification== We define the Pay-to-Tapscript-Hash (P2TSH) output structure as follows: -A P2TSH output is a modified P2TR output that commits to the root of a taptree (as defined in [https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki BIP 342]). Unlike P2TR outputs, we disable the key-path spend for the benefit of quantum resistance by omitting the internal keys and the Taproot "tweak" step. The root of the taptree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. +A P2TSH output is similar to a P2TR output that uses the root of a tapleaf Merkle tree (as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341]); however, unlike P2TR outputs, we disable the key path spend for the benefit of quantum resistance by omitting the internal key and the tap tweak step. The root of the Merkle tree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. -===ScriptPubKey=== +===Address Format=== -The scriptPubKey for a P2TSH output is: +P2TSH outputs use SegWit version 2, resulting in mainnet addresses that start with bc1z, following [https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#bech32 BIP 173]. Bech32m encoding maps version 2 to the prefix z. + +Example P2TSH address: -OP_2 OP_PUSHBYTES_32 +bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve -Where: -* OP_2 indicates SegWit version 2. -* is the 32-byte Merkle root of the taptree. - -===Address Format=== +This commits to a 32-byte Bech32m-encoded tapscript tree hash. -P2TSH outputs use SegWit version 2, resulting in mainnet addresses that start with 'bc1z', following [https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#bech32 BIP 173]. Bech32m encoding maps version 2 to the prefix z. +===ScriptPubKey=== -Example P2TSH address: +The scriptPubKey for a P2TSH output is: -bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve +OP_2 OP_PUSHBYTES_32 -This is a Bech32m-encoded P2TSH scriptPubKey. +Where: +* OP_2 indicates SegWit version 2. +* is the 32-byte Merkle root of the taptree. ===Script Validation=== -A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki | BIP341]]. +A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP 141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki | BIP 341]]. -* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the Tapscript tree. +* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the tapleaf Merkle tree. * Fail if the witness stack does not have two or more elements. -* If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex'' ''a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. +* If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. * There must be at least two witness elements left. ** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki | BIP 341]]) ** The last stack element is called the control block ''c'', and must have length ''1 + 32*m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. @@ -235,7 +234,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP141]]) w The steps above follow the script-path spend logic from [[bip-0341.mediawiki | BIP 341]] with the following changes: -* The witness program is the Merkle root of a taptree and not a "tweaked" public key. This means that we skip directly to the BIP 341 spend path tapleaf Merkle tree validation. +* The witness program is the taptree Merkle root and not a tweaked public key. This means that we skip directly to the BIP 341 spend path taptree Merkle tree validation. * We compute the taptree Merkle root r and compare it directly to the witness program q. * The control block is ''1 + 32*m'' bytes, instead of ''33 + 32*m'' bytes. @@ -249,33 +248,34 @@ By adhering to the SegWit transaction structure and versioning, P2TSH outputs ar ===Transaction Size and Fees=== -P2TSH and P2TR scriptPubKeys are always the same size, 34 bytes. A witness to a P2TSH output can be slightly larger or smaller than the equivalent P2TR witness – depending on the use of key- vs script-path spend in the case of P2TR. Let’s consider the cases. +Equivalent P2TSH and P2TR outputs are always the same size. P2TSH inputs can be slightly larger or smaller than their equivalent P2TR inputs, depending on the use of key path vs script path spend in the case of P2TR. Let's consider the cases. -===Comparison with P2TR key-path spend=== +====Comparison with P2TR key path spend==== -A P2TSH witness will always be larger than a P2TR witness when the P2TR output is spent via a key-path spend. P2TSH quantum-resistance comes from removing the P2TR key-path spend functionality. Consequently, every P2TSH output is spent using a script-path spend, and so P2TSH witnesses must all contain the inputs to the leaf script, the leaf script itself, and a control block. All P2TSH control blocks require a merkle path except when there is exactly one leaf script, and so the tree has depth ''m = 0''. In that special case, a merkle path may be omitted from the P2TSH control block. +P2TSH inputs will be larger than P2TR inputs when the P2TR output would have been spent via the key path spend. P2TSH quantum resistance comes from removing the P2TR key path spend. Consequently, it cannot make use of Taproot's optimization where P2TR key path spends do not require including a Merkle path in the P2TR input. If the Merkle tree only has a single leaf script, no Merkle path is needed in the control block, giving us a 1-byte control block. -P2TR key-path spend witness (66 bytes): +P2TSH witness for depth-0 tree (103 bytes): [count] (1 byte), # Number of elements in the witness -[size] signature (1 + 64 bytes = 65 bytes) +[size] signature (1 + 64 bytes = 65 bytes), +tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), +control block = [size] [control byte] [merkle path (empty)] (1 + 1 + 0 bytes = 2 bytes) -P2TSH witness for depth-0 tree (103 bytes): +P2TR key-path spend witness (66 bytes): [count] (1 byte), # Number of elements in the witness -[size] signature (1 + 64 bytes = 65 bytes), -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), -control block = [size] [control byte] [merkle path (empty)] (1 + 1 + 0 bytes = 2 bytes) +[size] signature (1 + 64 bytes = 65 bytes) -Thus, this P2TSH witness would be 103 - 66 = 37 bytes larger than a P2TR key-path spend witness. +Thus, the P2TSH input would be 103 - 66 = 37 bytes larger than a P2TR key path spend input. + +If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block, increasing the size by ''32 * m'' bytes. This would make such input 37 + 32 * m bytes larger than a P2TR key path spend input.If ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte -If the Tapscript tree has more than a single leaf, then the Merkle path will increase the size by ''32*m'' bytes, where dIf ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte is the depth of the leaf script in the Tapscript tree. (Note: Huffman encoding of leaf scripts offers advantages here.) +P2TSH witness ''(103 + 32*m bytes)'': -P2TSH witness for depth-d tree ''(103 + 32*m bytes)'': [count] (1 byte), # Number of elements in the witness [size] signature (64 + 1 bytes = 65 bytes), @@ -283,100 +283,111 @@ tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (34 control block = [size] [control byte] [Merkle path] (1 + 1 + 32*m = 2 + 32*m bytes) -===Comparison with P2TR script-path spend=== +====Comparison with P2TR script path spend==== + +A P2TSH input will be smaller than an equivalent script path spend for P2TR inputs. This is because P2TSH inputs do not require inclusion of a public key in the control block to open the commitment to the Merkle root. A P2TSH input will be 32 bytes smaller than an equivalent P2TR script path spend input. -A P2TSH witness will be smaller than an equivalent P2TR script-path spend witness. This is because P2TSH inputs do not require inclusion of any internal public key in the control block. For that reason, a P2TSH witness will be 32 bytes smaller than an equivalent P2TR script-path spend witness. +====Consider a P2TSH output with a post-quantum signature leaf and a Schnorr leaf==== + +The P2TSH witness to spend the Schnorr path would be ''103 + 32 * 1 = 135 bytes''. Unfortunately, we cannot use the key path spend optimization because the key path spend is not quantum-resistant. ===Performance Impact=== -P2TSH is slightly more computationally performant than P2TR script-path spends, as the operations to spend a P2TSH output are a strict subset of the operations needed to perform a script-path spend on a P2TR output. +P2TSH is slightly more computationally performant than P2TR script path spends, as the operations to spend a P2TSH output is a strict subset of the operations needed to perform a script path spend on a P2TR output. ===Backward Compatibility=== -Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH outputs and validate transactions using these outputs. P2TSH is fully compatible with Tapscript and existing tapscripts can be used in P2TSH outputs without modification. +Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH outputs and validate transactions using P2TSH outputs. P2TSH is fully compatible with tapscript and existing tapscript programs can be used in P2TSH outputs without modification. ===Security=== -P2TSH outputs provide the same Tapscript functionality as P2TR outputs, but without the quantum-vulnerable key-path spend. This enables users, exchanges and others to easily move their coins from Taproot outputs to P2TSH outputs, and thereby to protect their coins from long-exposure quantum attacks. +P2TSH outputs provide the same tapscript functionality as P2TR outputs, but with the quantum-vulnerable key path spend removed. The similarity between these output types enables users to easily migrate coins from P2TR outputs to P2TSH outputs for protection against long-exposure quantum attacks. + +Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but requires that users do not expose their public keys to attackers via public key reuse or other unsafe practices. -Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but does require that users do not expose their quantum-vulnerable public keys to attackers and avoid address reuse or other unsafe practices. +P2TSH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. This is the same level of security as P2WSH specified in [[bip-0141.mediawiki | BIP 141]], which also uses a 256-bit hash output. -P2TSH uses the same 256-bit hash function as P2WSH, and so both provide 128-bits of collision resistance and 256-bits of preimage resistance. +P2TSH does not, by itself, protect against short-exposure quantum attacks, but these attacks can be mitigated by future activation of post-quantum signatures. -P2TSH does not, by itself, protect against short-exposure quantum attacks, but such attacks might be mitigated by the future activation of post-quantum signature schemes in P2TSH outputs. +Combined with P2TSH, post-quantum signature schemes can provide comprehensive quantum resistance to P2TSH outputs, including protection from short-exposure attacks. -That said, the protection offered by resistance to long-exposure attack alone should not be underestimated. It is likely that the first CRQCs will not be able to perform short-exposure attacks - as such, defense against long-exposure attacks is more time-sensitive than is defense against short-exposure attacks. +That said, protection against long-exposure quantum attacks alone should not be underestimated. It's unlikely that early CRQCs will be fast enough to perform short-exposure attacks, making preparedness against long-exposure attacks more time-critical. -== Security Considerations for Post-Quantum Signature Schemes == +==Security Considerations for Post-Quantum Signature Schemes== -While this proposal does not include the introduction of post-quantum signature schemes, we think it’s worth commenting on security considerations related to this possibility. +While this proposal does not include the introduction of post-quantum signature schemes, we think it's worth commenting on security considerations related to this possibility. -Quantum-resistant signature algorithms (e.g. ML-DSA or SLH-DSA) offer different theorized levels of protection (e.g. NIST I - V), and each should be scrutinized before use. We are currently researching options for the potential proposal of post-quantum signatures into Bitcoin – and encourage others to engage in this research as well. +Quantum-resistant signature algorithms (e.g. ML-DSA or SLH-DSA) offer different levels of protection and should be scrutinized before use. We are currently researching options for the potential proposal of post-quantum signatures into Bitcoin and encourage others to engage in this research as well. -We also imagine the possibility of introducing multiple post-quantum signatures into Bitcoin for redundancy. Balancing the risks of additional complexity with the benefits of signature-type redundancy will be the challenge here. +We also imagine the possibility of introducing multiple post-quantum signatures for redundancy. Balancing the risks of additional complexity with the benefits of signature-type redundancy will be the challenge here. ==Test Vectors and Reference Code== Test vector data for creation of P2TSH UTXOs can be found [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/common/tests/data/p2tsh_construction.json here]. -These test vectors build off of the test vectors for BIP341 (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. +These test vectors build off of the test vectors for BIP 341 (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. -Also included are test vectors in [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/rust rust] and [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/python python]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature learnmeabitcoin]. Similar to BIP341 test vectors, all signatures are created with an all-zero (0x0000...0000) BIP340 auxiliary randomness array. +Also included are test vectors in [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/rust rust] and [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/python python]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature learnmeabitcoin]. Similar to BIP 341 test vectors, all signatures are created with an all-zero (0x0000...0000) BIP 340 auxiliary randomness array. ==Related Work== -Below we attempt to summarize some of the ideas related to P2TSH that have been discussed on the bitcoin-dev mailing list, bitcointalk.org, and elsewhere. - -Quantum-vulnerability in Bitcoin is an issue that has been discussed with some regularity on [https://bitcointalk.org/index.php?topic=133425.0 bitcointalk.org] since at least 2013 – and there is clearly user demand for increased quantum protection. +Below we attempt to summarize some of the ideas discussed on the Bitcoin Development Mailing List that relate to P2TSH. -The idea of Taproot with key-path spend removed has been discussed a number of times in the Bitcoin community. +The idea of Taproot with key path spend removed has been discussed a number of times in the Bitcoin community. -For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key-path spend in Taproot and activated OP_CAT [https://github.com/bitcoin/bips/blob/master/bip-0347.mediawiki BIP 347], we could achieve quantum resistance by using Lamport signatures with OP_CAT. +For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key path spend in Taproot and activated OP_CAT [https://github.com/bitcoin/bips/blob/master/bip-0347.mediawiki BIP 347], we could achieve quantum resistance by using Lamport signatures with OP_CAT. -Lamport and Winternitz One-Time Signatures (WOTS) built from OP_CAT are quantum-resistant, but are one-time signatures – meaning, when you sign a message you reveal all or part of your private key. And so, you should never reuse the same public key to sign another message. This is a significant practical vulnerability for everyday users. +Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures - meaning, if you sign twice for the same public key, you risk leaking your private key, which is a significant practical vulnerability for everyday users. -This would require major changes to wallet behavior and would represent a significant security downgrade. +This would require major changes to wallet behavior and would represent a significant security downgrade. Common practices such as RBF and even CPFP could risk revealing private keys if no stateless signature scheme is used. -[https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path] and [https://groups.google.com/g/bitcoindev/c/oQKezDOc4us/m/T1vSMkZNAAAJ Re: P2QRH / BIP 360 Update] also discuss the possibility of Taproot with key-path spend removed. The design of P2TSH was partly inspired by these discussions. +[https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path] and [https://groups.google.com/g/bitcoindev/c/oQKezDOc4us/m/T1vSMkZNAAAJ Re: P2QRH / BIP 360 Update] also discuss the possibility of Taproot with key path spend removed. The design of P2TSH was partly inspired by these discussions. -Commit-reveal schemes such as [https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/ Re: Transition to post-quantum (2018)] and [https://groups.google.com/g/bitcoindev/c/LpWOcXMcvk8/m/YEiH-kTHAwAJ Post-Quantum commit / reveal Fawkescoin variant as a soft fork (2025)] have been proposed as a way to create cryptocurrencies without public key cryptography. The ideas in this paper were more recently expanded upon by Tadge Dryja in his “[https://www.youtube.com/watch?v=4bzOwYPf1yo Lifeboat]” proposal, which effectively quantum-proofs Bitcoin transactions through a similar pre-commitment scheme designed for Bitcoin. +Commit-reveal schemes such as [https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/ Re: Transition to post-quantum (2018)] and [https://groups.google.com/g/bitcoindev/c/LpWOcXMcvk8/m/YEiH-kTHAwAJ Post-Quantum commit / reveal Fawkescoin variant as a soft fork (2025)] have been proposed as a way to create cryptocurrencies without public key cryptography. The ideas in this paper were more recently expanded upon by Tadge Dryja in his "[https://www.youtube.com/watch?v=4bzOwYPf1yo Lifeboat]" proposal, which effectively quantum-proofs Bitcoin transactions through a similar pre-commitment scheme designed for Bitcoin. ==Other Methods of Addressing Quantum Vulnerabilities for Cryptocurrencies== -It is worth noting, by way of comparison, that [https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 Vitalik Buterin’s proposed solution] to Ethereum’s quantum vulnerability is quite different from the approach in this BIP. -His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin – and would be practically impossible to implement. +It is worth noting, by way of comparison, that [https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 Vitalik Buterin's proposed solution] to Ethereum's quantum vulnerability is quite different from the approach in this BIP. -That said, we believe the use of STARKs (which are quantum-resistant) may prove useful as a method of proving access to external private keys, in the event that the community chooses to burn vulnerable coins – as proposed by Jameson Lopp and others in [https://qbip.org/ QBIP]. +His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin and would be practically impossible to implement. -Discussions related to the burning of coins, and other attempts to slow a potential supply shock caused by quantum-retrieval of vulnerable coins, are out of scope for this proposal. That said, we have separately proposed [https://github.com/cryptoquick/bips/blob/hourglass/bip-hourglass.mediawiki Hourglass] to address this concern and are continuing research on this subject. +That said, we believe the use of STARKs (which are quantum-resistant) may prove useful as a method of proving access to external private keys, in the event that the community chooses to burn vulnerable coins as proposed by Jameson Lopp and others in [https://qbip.org/ QBIP]. + +Discussions related to the burning of coins, and other attempts to slow a potential supply shock caused by quantum-retrieval of vulnerable coins, are out of scope for this proposal. That said, members of our team have separately proposed [https://github.com/cryptoquick/bips/blob/hourglass/bip-hourglass.mediawiki Hourglass] to address this concern and are continuing research on this subject. + +==Conclusion== + +In this proposal, we adopt a "prepared not scared" approach to the possible advancement of quantum computing and offer Bitcoin users an option for increased protection if they so choose. This BIP does not take a position on any specific quantum computing timeline, but rather proposes a flexible and unobtrusive option for users that wish to mitigate this risk according to their own estimate of the timeline. + +This is an issue that has been discussed with some regularity in [https://bitcointalk.org/index.php?topic=133425.0 Bitcoin forums] since at least 2012, and there is clearly user demand for increased quantum protection. ==Glossary== '''Quantum Key Recovery''' -The derivation of private keys from public keys in elliptic curve cryptography (ECC) – made possible by solving the elliptic curve discrete logarithm problem (ECDLP). +The derivation of private keys from public keys in elliptic curve cryptography (ECC), made possible by solving the discrete logarithm problem (DLP). -Shor’s algorithm, developed by Peter Shor in 1994, is a quantum algorithm that allows a cryptographically-relevant quantum computer to efficiently solve the elliptic curve discrete logarithm problem and an attacker to perform quantum key recovery. +Shor's algorithm, developed by Peter Shor in 1994, is a quantum algorithm that efficiently solves the discrete logarithm problem - potentially made possible by the future viability of cryptographically relevant quantum computers (CRQCs). '''Long-Exposure Attacks''' -Attempts to derive private keys from public keys that are exposed on the blockchain for an extended period of time – that is, longer than the average time '''~10 minute''' window that a public key is generally exposed in mempools, while waiting for a transaction to be confirmed. +Attempts to derive private keys from public keys that are exposed for an extended period of time; that is, longer than the window of time that a public key is generally exposed in the mempool while waiting to be confirmed. -Long-exposure attacks give attackers an ample amount of time to perform quantum key recovery, as long as funds remain in the output and the public key remains exposed. Poor wallet hygiene (e.g. from re-using addresses) or use of outputs with exposed public keys (e.g. Taproot addresses) increases vulnerability to long-exposure attacks. +Long-exposure attacks give attackers an unlimited amount of time to perform quantum key recovery, as long as funds remain in the output. Poor wallet hygiene (e.g. from address reuse) or use of outputs with exposed public keys (e.g. P2TR outputs) increases vulnerability to long-exposure attacks. '''Short-Exposure Attacks''' -Attempts to derive private keys from public keys during the brief period when funds are unconfirmed in mempools. These attacks cannot be prevented through wallet hygiene, as revealing the redeem script and/or a public key is necessary for spending. +Attempts to derive private keys from public keys during the brief period when funds are unconfirmed in the mempool. These attacks cannot be prevented through wallet hygiene, as revealing a public key is necessary for spending. -Protection against short-exposure attacks may require post-quantum signature schemes. That said, executing these attacks will require more advanced CRQCs than those capable of executing long-exposure attacks -- and are therefore viewed as lower-risk than long-exposure attacks in the near-term. +Protection against short-exposure attacks may require post-quantum signature schemes; that said, executing these attacks requires faster CRQCs than those capable of executing long exposure attacks and are therefore viewed as lower-risk than long-exposure attacks in the nearer term. '''Tapscript-Native Output Type''' -Tapscript-native output types are the category of output types that support Tapscript (including Schnorr signatures) and [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki Tapscript trees]. +Tapscript-native output types are the category of output types that support tapscript (including Schnorr signatures) and [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki taptrees]. '''Pay-to-Tapscript-Hash (P2TSH)''' -A Tapscript-native output type with nearly identical formatting to Pay-to-Taproot (P2TR) – with the quantum-vulnerable key-path spend removed. +A tapscript-native output type with nearly identical formatting to Pay-to-Taproot (P2TR), with the quantum-vulnerable key path spend removed. ==Footnotes== @@ -406,6 +417,8 @@ To help implementers understand updates to this BIP, we keep a list of substanti This document is inspired by [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341], which introduced the design of the P2TR (Taproot) output type using Schnorr signatures. -I am grateful to Ethan Heilman for joining as co-author and transforming this BIP into something far more congruent with existing Bitcoin design. I am likewise indebted to those who took the time to contribute including Jeff Bride, Michael Casey, and notmike. Additionally, much gratitude to Isabel Foxen Duke for her contributions as editor of this proposal. +I'm incredibly grateful to Ethan Heilman for joining as co-author and transforming this BIP into something far more congruent with existing Bitcoin design. Additionally, much gratitude to our most recent co-author, Isabel Foxen Duke, for her thoughtful editing and crafting much of the language in this proposal. I am likewise indebted to those on the Anduro Quantum Working Group who took the time to contribute including Jeff Bride, Michael Casey, and notmike. + +Thank you as well to those who took the time to review and contribute, including Jon Atack, Adam Borcany, Ava Chow, Kyle Crews, Pierre-Luc Dallaire-Demers, D++, Mark Erhardt, Jameson Lopp, Antoine Riard, Armin Sabouri, Vojtěch Strnad, Guy Swann, and Joey Yandle. -Thank you, of course, to the many others who reviewed this work including Jon Atack, Adam Borcany, Ava Chow, Kyle Crews, David Croisant, Pierre-Luc Dallaire-Demers, D++, Mark Erhardt, Jameson Lopp, Antoine Riard, Armin Sabouri, Vojtěch Strnad, Guy Swann, and Joey Yandle. Whatever errors and inaccuracies may remain are attributable solely to the authors. +Whatever inaccuracies may remain are attributable solely to the authors. From b68cdccfe187572e5a3a9af71e062a813a42bdbe Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Tue, 16 Dec 2025 21:16:47 -0700 Subject: [PATCH 03/18] Mediawiki formatting updates. --- bip-0360.mediawiki | 72 ++++++++++++++-------------- bip-0360/{ => media}/merkletree.png | Bin bip-0360/{ => media}/merkletree.svg | 0 3 files changed, 36 insertions(+), 36 deletions(-) rename bip-0360/{ => media}/merkletree.png (100%) rename bip-0360/{ => media}/merkletree.svg (100%) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index c4627ed8fd..8ece98f645 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -11,7 +11,7 @@ Type: Standards Track Created: 2024-12-18 License: BSD-3-Clause - Requires: 340, 341 (partial), 342 + Requires: [[bip-0340.mediawiki|BIP 340]], [[bip-0341.mediawiki|BIP 341]], [[bip-0342.mediawiki|BIP 342]] ==Introduction== @@ -47,7 +47,7 @@ As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P ===Long-Exposure vs Short-Exposure Attacks=== -For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscrips outputs (P2TR output types) are currently vulnerable to long-exposure quantum attacks. +For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscript outputs (P2TR output types) are currently vulnerable to long-exposure quantum attacks. A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time - as much time as vulnerable keys are exposed - to carry out quantum key recovery. @@ -99,7 +99,7 @@ The following list of output types describes their long-exposure attack vulnerab | P2TR | Yes | bc1p -| bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqm mj4z82xdq4q3rr58u +| bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqmmj4z82xdq4q3rr58u |- | P2TSH | No* @@ -125,11 +125,11 @@ In other words, P2TSH outputs commit to the Merkle root of a tapscript tree with This output type is designed to offer tapscript users protection against long-exposure quantum attacks as well as a practical output type with which post-quantum signatures may be used if such signatures are adopted in the future. -Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the tapleaf Merkle tree as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] hashed with the tag "TapBranch" as shown below. +Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the tapleaf Merkle tree as defined in [[bip-0341.mediawiki|BIP 341]] hashed with the tag "TapBranch" as shown below. -[[File:bip-0360/merkletree.png|thumb|Construction of P2TSH Taptree root, scriptPubkey, and Witness]] +[[File:bip-0360/media/merkletree.png|thumb|Construction of P2TSH Taptree root, scriptPubkey, and Witness]] -To construct a P2TSH output, we follow the process outlined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] to compute the final tapbranch hash, which is the merkle root of the tapleafs; however, instead of tweaking the internal key with the root of the Merkle tree (as is the case with P2TR outputs), P2TSH outputs commit only to final tapbranch hash, which is tagged, "TapBranch". +To construct a P2TSH output, we follow the process outlined in [[bip-0341.mediawiki|BIP 341]] to compute the final tapbranch hash, which is the merkle root of the tapleaves; however, instead of tweaking the internal key with the root of the Merkle tree (as is the case with P2TR outputs), P2TSH outputs commit only to final tapbranch hash, which is tagged, "TapBranch". D = tagged_hash("TapLeaf", bytes([leaf_version]) + ser_script(script)) @@ -156,19 +156,19 @@ The control block is a ''1 + 32 * m'' byte array, where the first byte is the co Design of the P2TSH output type is guided by the following intentions: -# Minimize changes to the network. We should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. -#: -#: P2TSH leverages the battle tested P2TR, tapleaf and tapscript code already in Bitcoin, reducing the implementation burden on wallets, exchanges, and libraries that can reuse code they already have. This approach reduces complexity and minimizes implementation risks. -#: -# Create the safest possible path for the addition of post-quantum signature integrations, in the event that they are used in the future. -#: -#: Importantly, we are proposing a tapscript-native output type that is resistant to long-exposure attacks. While some existing output types are already resistant to long-exposure attacks (e.g. P2WSH), no such output type supports tapscript - a feature that may be required for practical implementation of post-quantum signature opcodes. -#: -#: P2WSH, for instance, is not tapscript-native and as such does not support the OP_SUCCESSx opcode update path that will be critical for the integration of post-quantum OP_CHECKSIG opcodes into Bitcoin.OP_SUCCESSx is a mechanism to upgrade tapscript -#: -# Facilitate gradual integration of quantum resistant features that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. -#: -#: We designed P2TSH with an eye towards integrating post-quantum signatures in the future, without proposing more complex changes while CRQCs are still in their infancy. +1. Minimize changes to the network. We should reuse existing Bitcoin code and preserve existing software behavior, workflows, user expectations and compatibility whenever possible. + +P2TSH leverages the battle tested P2TR, tapleaf and tapscript code already in Bitcoin, reducing the implementation burden on wallets, exchanges, and libraries that can reuse code they already have. This approach reduces complexity and minimizes implementation risks. + +2. Create the safest possible path for the addition of post-quantum signature integrations, in the event that they are used in the future. + +Importantly, we are proposing a tapscript-native output type that is resistant to long-exposure attacks. While some existing output types are already resistant to long-exposure attacks (e.g. P2WSH), no such output type supports tapscript - a feature that may be required for practical implementation of post-quantum signature opcodes. + +P2WSH, for instance, is not tapscript-native and as such does not support the OP_SUCCESSx opcode update path that will be critical for the integration of post-quantum OP_CHECKSIG opcodes into Bitcoin.OP_SUCCESSx is a mechanism to upgrade tapscript + +3. Facilitate gradual integration of quantum resistant features that can be carried out iteratively as quantum computers evolve. This approach encourages responsiveness to the current threat-level, while avoiding heavy-handedness in our reactions to a potential threat. + +We designed P2TSH with an eye towards integrating post-quantum signatures in the future, without proposing more complex changes while CRQCs are still in their infancy. ===P2TSH Trade-Offs=== @@ -178,17 +178,17 @@ First off, P2TSH script path spends are slightly larger than P2TR key path spend Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which is that users reveal they are spending to a script tree whenever they are using P2TSH outputs, since P2TSH outputs can only be spent via script path spend. In P2TR when you spend an output as a key path spend, you don't reveal if you have any script path spends. This trade-off only exists when comparing P2TR key path spends to P2TSH script path spends; P2TR and P2TSH provide the same level of privacy when both are script path spends. -'''Note:''' P2TSH and P2TR both provide greater script privacy than P2SH [https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki (BIP 16 - Pay to Script Hash)] because unused script paths are not revealed. +'''Note:''' P2TSH and P2TR both provide greater script privacy than P2SH [[bip-0016.mediawiki|BIP 16]] because unused script paths are not revealed. ==Specification== We define the Pay-to-Tapscript-Hash (P2TSH) output structure as follows: -A P2TSH output is similar to a P2TR output that uses the root of a tapleaf Merkle tree (as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341]); however, unlike P2TR outputs, we disable the key path spend for the benefit of quantum resistance by omitting the internal key and the tap tweak step. The root of the Merkle tree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. +A P2TSH output is similar to a P2TR output that uses the root of a tapleaf Merkle tree (as defined in [[bip-0341.mediawiki|BIP 341]]); however, unlike P2TR outputs, we disable the key path spend for the benefit of quantum resistance by omitting the internal key and the tap tweak step. The root of the Merkle tree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. ===Address Format=== -P2TSH outputs use SegWit version 2, resulting in mainnet addresses that start with bc1z, following [https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#bech32 BIP 173]. Bech32m encoding maps version 2 to the prefix z. +P2TSH outputs use SegWit version 2, resulting in mainnet addresses that start with bc1z, following [[bip-0173.mediawiki|BIP 173]]. Bech32m encoding maps version 2 to the prefix z. Example P2TSH address: @@ -212,15 +212,15 @@ Where: ===Script Validation=== -A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP 141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki | BIP 341]]. +A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki|BIP 341]]. * Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the tapleaf Merkle tree. * Fail if the witness stack does not have two or more elements. * If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. * There must be at least two witness elements left. -** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki | BIP 341]]) +** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki|BIP 341]]) ** The last stack element is called the control block ''c'', and must have length ''1 + 32*m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. -** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki | BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1.Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2TSH. If they test against P2TSH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. +** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki|BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1.Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2TSH. If they test against P2TSH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. ** Let ''k0 = hashTapLeaf(v || compact_size(size of s) || s)''; also call it the ''tapleaf hash''. ** For ''j'' in ''[0,1,…,m-1]'': *** Let ''ej = c[33+32j:65+32j]''. @@ -232,7 +232,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki | BIP 141]]) ** Execute the script, according to the applicable script rules, using the witness stack elements excluding the script ''s'', the control block ''c'', and the annex ''a'' if present, as initial stack. This implies that for the future leaf versions (non-''0xC0'') the execution must succeed. * Otherwise, fail. -The steps above follow the script-path spend logic from [[bip-0341.mediawiki | BIP 341]] with the following changes: +The steps above follow the script-path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: * The witness program is the taptree Merkle root and not a tweaked public key. This means that we skip directly to the BIP 341 spend path taptree Merkle tree validation. * We compute the taptree Merkle root r and compare it directly to the witness program q. @@ -240,11 +240,11 @@ The steps above follow the script-path spend logic from [[bip-0341.mediawiki | B ===Common Signature Message Construction=== -The [https://learnmeabitcoin.com/technical/upgrades/taproot/#common-signature-message common signature message] construction for P2TSH outputs is exactly the same procedure as defined in [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341] for Taproot transactions. +The [https://learnmeabitcoin.com/technical/upgrades/taproot/#common-signature-message common signature message] construction for P2TSH outputs is exactly the same procedure as defined in [[bip-0341.mediawiki|BIP 341]] for Taproot transactions. === Compatibility with BIP 141 === -By adhering to the SegWit transaction structure and versioning, P2TSH outputs are compatible with existing transaction processing rules. Nodes that do not recognize SegWit version 2 will treat these outputs as anyone-can-spend but, per [https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki BIP 141], will not relay or mine such transactions. +By adhering to the SegWit transaction structure and versioning, P2TSH outputs are compatible with existing transaction processing rules. Nodes that do not recognize SegWit version 2 will treat these outputs as anyone-can-spend but, per [[bip-0141.mediawiki|BIP 141]], will not relay or mine such transactions. ===Transaction Size and Fees=== @@ -305,7 +305,7 @@ P2TSH outputs provide the same tapscript functionality as P2TR outputs, but with Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but requires that users do not expose their public keys to attackers via public key reuse or other unsafe practices. -P2TSH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. This is the same level of security as P2WSH specified in [[bip-0141.mediawiki | BIP 141]], which also uses a 256-bit hash output. +P2TSH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. This is the same level of security as P2WSH specified in [[bip-0141.mediawiki|BIP 141]], which also uses a 256-bit hash output. P2TSH does not, by itself, protect against short-exposure quantum attacks, but these attacks can be mitigated by future activation of post-quantum signatures. @@ -323,11 +323,11 @@ We also imagine the possibility of introducing multiple post-quantum signatures ==Test Vectors and Reference Code== -Test vector data for creation of P2TSH UTXOs can be found [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/common/tests/data/p2tsh_construction.json here]. +Test vector data for creation of P2TSH UTXOs can be found [https://github.com/bitcoin/bips/blob/master/bip-0360/ref-impl/common/tests/data/p2tsh_construction.json here]. -These test vectors build off of the test vectors for BIP 341 (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. +These test vectors build off of the test vectors for [[bip-0341.mediawiki|BIP 341]] (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. -Also included are test vectors in [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/rust rust] and [https://github.com/bitcoin/bips/blob/p2qrh-bip-testvector-comment/bip-0360/ref-impl/python python]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature learnmeabitcoin]. Similar to BIP 341 test vectors, all signatures are created with an all-zero (0x0000...0000) BIP 340 auxiliary randomness array. +Also included are test vectors in [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/rust rust implementation] and [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/python python implementation]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature this Taproot script-path spend example]. Similar to BIP 341 test vectors, all signatures are created with an all-zero (0x0000...0000) [[bip-0340.mediawiki|BIP 340]] auxiliary randomness array. ==Related Work== @@ -335,7 +335,7 @@ Below we attempt to summarize some of the ideas discussed on the Bitcoin Develop The idea of Taproot with key path spend removed has been discussed a number of times in the Bitcoin community. -For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key path spend in Taproot and activated OP_CAT [https://github.com/bitcoin/bips/blob/master/bip-0347.mediawiki BIP 347], we could achieve quantum resistance by using Lamport signatures with OP_CAT. +For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key path spend in Taproot and activate OP_CAT [[bip-0347.mediawiki|BIP 347]], we could achieve quantum resistance by using Lamport signatures with OP_CAT. Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures - meaning, if you sign twice for the same public key, you risk leaking your private key, which is a significant practical vulnerability for everyday users. @@ -383,7 +383,7 @@ Protection against short-exposure attacks may require post-quantum signature sch '''Tapscript-Native Output Type''' -Tapscript-native output types are the category of output types that support tapscript (including Schnorr signatures) and [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki taptrees]. +Tapscript-native output types are the category of output types that support tapscript (including Schnorr signatures) and taptrees. '''Pay-to-Tapscript-Hash (P2TSH)''' @@ -401,7 +401,7 @@ To help implementers understand updates to this BIP, we keep a list of substanti * 2025-07-20 - Changed the Witness Version from 3 to 2. * 2025-07-07 - P2QRH is now a P2TR with the vulnerable key-path spend removed. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. * 2025-03-18 - Correct inconsistencies in commitment and attestation structure. Switch from Merkle tree commitment to sorted vector hash commitment. Update descriptor format. -* 2025-03-12 - Add verification times for each algorithm. 256 ->; 128 (NIST V ->; NIST I). Add key type bitmask. Clarify multisig semantics. +* 2025-03-12 - Add verification times for each algorithm. 256 to 128 (NIST V to NIST I). Add key type bitmask. Clarify multisig semantics. * 2025-02-23 - More points of clarification from review. Update dead link. * 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long-exposure so as to not be confused with the language around block re-org attacks. * 2024-12-18 - Assigned BIP number. @@ -415,7 +415,7 @@ To help implementers understand updates to this BIP, we keep a list of substanti ==Acknowledgements== -This document is inspired by [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP 341], which introduced the design of the P2TR (Taproot) output type using Schnorr signatures. +This document is inspired by [[bip-0341.mediawiki|BIP 341]], which introduced the design of the P2TR (Taproot) output type using Schnorr signatures. I'm incredibly grateful to Ethan Heilman for joining as co-author and transforming this BIP into something far more congruent with existing Bitcoin design. Additionally, much gratitude to our most recent co-author, Isabel Foxen Duke, for her thoughtful editing and crafting much of the language in this proposal. I am likewise indebted to those on the Anduro Quantum Working Group who took the time to contribute including Jeff Bride, Michael Casey, and notmike. diff --git a/bip-0360/merkletree.png b/bip-0360/media/merkletree.png similarity index 100% rename from bip-0360/merkletree.png rename to bip-0360/media/merkletree.png diff --git a/bip-0360/merkletree.svg b/bip-0360/media/merkletree.svg similarity index 100% rename from bip-0360/merkletree.svg rename to bip-0360/media/merkletree.svg From 36bad71920da52c30a2399306d7cd47ab35b1d26 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Wed, 17 Dec 2025 08:23:06 -0700 Subject: [PATCH 04/18] Grammar fixes --- bip-0360.mediawiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 8ece98f645..8d9cdf7421 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -339,7 +339,7 @@ For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39d Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures - meaning, if you sign twice for the same public key, you risk leaking your private key, which is a significant practical vulnerability for everyday users. -This would require major changes to wallet behavior and would represent a significant security downgrade. Common practices such as RBF and even CPFP could risk revealing private keys if no stateless signature scheme is used. +This would require major changes to wallet behavior and would represent a significant security downgrade. Common practices, such as RBF and CPFP, could risk revealing private keys if no stateless signature scheme is used. [https://groups.google.com/g/bitcoindev/c/8O857bRSVV8/m/rTrpeFjWDAAJ Trivial QC signatures with clean upgrade path] and [https://groups.google.com/g/bitcoindev/c/oQKezDOc4us/m/T1vSMkZNAAAJ Re: P2QRH / BIP 360 Update] also discuss the possibility of Taproot with key path spend removed. The design of P2TSH was partly inspired by these discussions. From 74c515d82dae5da5174405a783dbce215aa88c88 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Wed, 17 Dec 2025 08:48:49 -0700 Subject: [PATCH 05/18] Update bip-0360.mediawiki Co-authored-by: Ethan Heilman --- bip-0360.mediawiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 8d9cdf7421..83153dfa7b 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -22,7 +22,7 @@ This document proposes a new output type: Pay-to-Tapscript-Hash (P2TSH), via a s Through this modification, P2TSH outputs allow developers to use tapscript in a manner that is: -# resistant to long exposure attacks by cryptographically relevant quantum computers (CRQCs), and +# resistant to long exposure attacks by Cryptographically Relevant Quantum Computers (CRQCs), and # resistant to future cryptanalytic approaches that may compromise the elliptic curve cryptography (ECC) used by Bitcoin. It is worth noting that proposed P2TSH outputs are only resistant to "long exposure attacks" on elliptic curve cryptography; that is, attacks on keys exposed for time periods longer than needed to confirm a spending transaction. From 7f1b41686058b31d65b0abf40980494875347266 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Wed, 17 Dec 2025 09:11:11 -0700 Subject: [PATCH 06/18] Remove links from header preformatted text. --- bip-0360.mediawiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 83153dfa7b..09e49aa223 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -11,7 +11,7 @@ Type: Standards Track Created: 2024-12-18 License: BSD-3-Clause - Requires: [[bip-0340.mediawiki|BIP 340]], [[bip-0341.mediawiki|BIP 341]], [[bip-0342.mediawiki|BIP 342]] + Requires: 340, 341, 342 ==Introduction== From bf206b389c0d1b3c623bf7ed9a96ff7ea57bfb80 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Wed, 17 Dec 2025 18:23:40 -0700 Subject: [PATCH 07/18] Apply suggestions from code review Co-authored-by: Ethan Heilman --- bip-0360.mediawiki | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 09e49aa223..2da03cc591 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -47,7 +47,7 @@ As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P ===Long-Exposure vs Short-Exposure Attacks=== -For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscript outputs (P2TR output types) are currently vulnerable to long-exposure quantum attacks. +For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscript outputs (P2TR output types) are vulnerable to long-exposure quantum attacks. A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time - as much time as vulnerable keys are exposed - to carry out quantum key recovery. @@ -235,7 +235,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) wi The steps above follow the script-path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: * The witness program is the taptree Merkle root and not a tweaked public key. This means that we skip directly to the BIP 341 spend path taptree Merkle tree validation. -* We compute the taptree Merkle root r and compare it directly to the witness program q. +* We compute the taptree Merkle root ''r'' and compare it directly to the witness program ''q''. * The control block is ''1 + 32*m'' bytes, instead of ''33 + 32*m'' bytes. ===Common Signature Message Construction=== @@ -259,7 +259,7 @@ P2TSH witness for depth-0 tree (103 bytes): [count] (1 byte), # Number of elements in the witness [size] signature (1 + 64 bytes = 65 bytes), -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), +tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (1 + 1 + 32 + 1 bytes = 35 bytes), control block = [size] [control byte] [merkle path (empty)] (1 + 1 + 0 bytes = 2 bytes) @@ -279,7 +279,7 @@ P2TSH witness ''(103 + 32*m bytes)'': [count] (1 byte), # Number of elements in the witness [size] signature (64 + 1 bytes = 65 bytes), -tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte scriptPubKey, OP_CHECKSIG] (34 + 1 bytes = 35 bytes), +tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (34 + 1 bytes = 35 bytes), control block = [size] [control byte] [Merkle path] (1 + 1 + 32*m = 2 + 32*m bytes) @@ -299,7 +299,7 @@ P2TSH is slightly more computationally performant than P2TR script path spends, Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH outputs and validate transactions using P2TSH outputs. P2TSH is fully compatible with tapscript and existing tapscript programs can be used in P2TSH outputs without modification. -===Security=== +==Security== P2TSH outputs provide the same tapscript functionality as P2TR outputs, but with the quantum-vulnerable key path spend removed. The similarity between these output types enables users to easily migrate coins from P2TR outputs to P2TSH outputs for protection against long-exposure quantum attacks. @@ -337,7 +337,7 @@ The idea of Taproot with key path spend removed has been discussed a number of t For instance, [https://gnusha.org/pi/bitcoindev/CAD5xwhgzR8e5r1e4H-5EH2mSsE1V39dd06+TgYniFnXFSBqLxw@mail.gmail.com/ OP_CAT Makes Bitcoin Quantum Secure] notes that if we disable the key path spend in Taproot and activate OP_CAT [[bip-0347.mediawiki|BIP 347]], we could achieve quantum resistance by using Lamport signatures with OP_CAT. -Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures - meaning, if you sign twice for the same public key, you risk leaking your private key, which is a significant practical vulnerability for everyday users. +Lamport and WOTS (Winternitz One-Time Signatures) built from CAT are quantum resistant, but are one-time signatures - meaning, if you sign twice for the same public key, you risk leaking your private key, which is a significant security concern for everyday users. This would require major changes to wallet behavior and would represent a significant security downgrade. Common practices, such as RBF and CPFP, could risk revealing private keys if no stateless signature scheme is used. @@ -349,7 +349,7 @@ Commit-reveal schemes such as [https://gnusha.org/pi/bitcoindev/1518710367.3550. It is worth noting, by way of comparison, that [https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 Vitalik Buterin's proposed solution] to Ethereum's quantum vulnerability is quite different from the approach in this BIP. -His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin and would be practically impossible to implement. +His plan involves a hard fork of the chain, reverting all blocks after some sufficient amount of theft, and using STARKs based on BIP 32 seeds to act as the authoritative secret when signing. We believe rollbacks of any kind are an untenable approach for Bitcoin and would likely be impractical to implement. That said, we believe the use of STARKs (which are quantum-resistant) may prove useful as a method of proving access to external private keys, in the event that the community chooses to burn vulnerable coins as proposed by Jameson Lopp and others in [https://qbip.org/ QBIP]. From 20666ef1f16b47a1231ecf62c084ee738820157b Mon Sep 17 00:00:00 2001 From: notmike Date: Wed, 17 Dec 2025 18:52:38 -0700 Subject: [PATCH 08/18] merkletree.svg: correct size of Merkle path in control block Updates the vector file merkletree.svg. --- bip-0360/media/merkletree.svg | 96 +++++++++++++++++------------------ 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/bip-0360/media/merkletree.svg b/bip-0360/media/merkletree.svg index 00296fa868..fca5d1a02e 100644 --- a/bip-0360/media/merkletree.svg +++ b/bip-0360/media/merkletree.svg @@ -710,9 +710,9 @@ inkscape:export-ydpi="71.752861">P2TSH Witness (input) + id="tspan3">P2TSH Witness (input) annex + id="tspan5">annex 50 + id="tspan7">50 Initial stack + id="tspan9">Initial stack Merkle path (32*(d-1) bytes) + id="tspan10">Merkle path (32*m bytes) Control block + id="tspan11">Control block Witness Program + id="tspan12">Witness Program SegWit version 2 + id="tspan13">SegWit version 2 tapleaf tapleaf version + id="tspan15">version tapleaf tapleaf version + id="tspan17">version 1 + id="tspan18">1 { + id="tspan19">{ { + id="tspan21">{ P2TSH scriptPubKey (output) + id="tspan23">P2TSH scriptPubKey (output) How the Taptree Root is Computed: + id="tspan25">How the Taptree Root is Computed: taptree root + id="tspan27"> taptree root tapleaf + id="tspan28">tapleaf A + id="tspan29">A tapleaf tapleaf version + id="tspan32">version tapleaf + id="tspan33">tapleaf B + id="tspan34">B tapleaf tapleaf version + id="tspan37">version tapleaf + id="tspan38">tapleaf C + id="tspan39">C tapleaf tapleaf version + id="tspan42">version tapleaf + id="tspan43">tapleaf D + id="tspan44">D tapleaf tapleaf version + id="tspan47">version tapleaf + id="tspan48">tapleaf E + id="tspan49">E Date: Wed, 17 Dec 2025 19:00:22 -0700 Subject: [PATCH 09/18] Render SVG to update merkletree PNG --- bip-0360/media/merkletree.png | Bin 103756 -> 103383 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/bip-0360/media/merkletree.png b/bip-0360/media/merkletree.png index 9ec24e663ff1b89f9205137e1ea992a98d5fca87..dc6bdccabf3e151a0a52edd94c4148ba7fbcca48 100644 GIT binary patch literal 103383 zcmce;WmFYx*EPBk1q38SN(3YX1Oe#=MFa^2DGBLDN?K9`ltx-Wx@Gfa+Fj?SUqkYxIhji4djpa3T>K15 zLmr{y*)Nq!l{eoG`r(Uu$=n@traz9Kp`4SV75|PQv@^n#KYjjl|L2O}yBHUn?oYK6 zR9<+mLTM%8|G_c~st(Wo`+MyZ4JrfjvCve^P?Yfho|eDWhLHO2*{m=6h)4fDtN5J# z^M4OXW)|9e9y<0~|||9O^>_W$3HOSP-}a=0-P78iHtb8arPu(0sp zFI5E%xB14~Z+`MVfBqar$oZ&oU?8j`iq+;|waaa77NKH#CG#Q{16cqFc4mRpfl{`5=A4rpqYB^73?1O(#j%VCS`E41nh*|X4 z`qMVYOZ_YDHk3_7*f}^(x5{T$dy`O0KaAw{e~^YL>bH40`K_j=1~I7R8|gR0DIj2f{A-|y#oe&h>p^9!Sw zg_rpR1`-C6@eqZCgdA60GQz|%zt_-c+MR3g#uNReS}bn6J*g@tA@T04w4uIUY@s>u zrHf1TnaW6>hIepqupDDVgqtgJ{hc(0tT208TYU-&p4x9u`r>_gtdNfAO_9J&mrZ!{ z{`~{zqs^quObmB-cQjlI85I?h>#K8CM6OyX^^+$7@Fv8?<)z7J0abK#^yKf4o-^*( zjHhYz+Uh&ebo6d4Jzh@L!r z`t&JqT^5QT+>up0;n2pVAYU0-ft@w#7CS8kCD*w60l$ZBd*AdGtA zn`UMbT3cU*OFi0O>7j=K59PcoHtf2Opp%X7jOH+cA12{_t${pAYa$D7ArY`Wp0csM zt#h!pzB@iXE}AAEk?pWO$%o=oKI5kD`h<>79Fc6Z(!H+d?d@Iv=g+gz@$qblFWbL4 zZVZ)~tA~V!CSMhmm$N$DWTd4PL+I9f-G&XJ`Dux;FHb{2M_c=$VOPu}FT7-vf%N+N zdQpZ5Dda}MdP1OzmCV-dp>oMxkPFlm0`f%k92)Udf-oS;*%X1(}^Q$I1G zet8w=FpdA2_tU@B)~+tX&zbM?`ZxEDGC3!w!|OHy1xcofi3yug_k;O` z1(V@lq^M}vv&&tvY3mP!T}W(fYz{|imK+=%9p#D*U&BcfhozSYrbtsQHsrLJ`~my) zdstY*Sh11GL>cq_`)QURH%AMxAMoORR>*h*!%k$8mX$Sv;Iz21!eQL|Ff=TT&wi5x z;*rb6UW=oXllA499g9Y#7st496!c3GSN9n%zJ7 zJcEOKP(`YGd*xU(t6#ae2oezyna$LaQ;B8uaMRFuLSXa%^5urx$=o;eGW6X(3Cg}= zBU!{3PtV)9xaiN4x9 zGBSTM5Z~u=loUGup!wo%CQ@^Szfw8f%dxV5p9qMIfzIk~pQDV4w<^H{I}2VQQXV-z{JF?Z*RwZ@#4kdN5}-NAv9wJI;c6yxs3ba zlb$8UeP2A$aoG(!Ng#aj!DMvB@}U128;cGWxl++^fZ)BjxEMYWl#oEVF_PahGeb#E zPHu;{ce;{LtlNZX7w4D#HU;fjR!EtE$G7rw9s>F|ij+JY9H`n5w6Mwf!(ks4n~kye z_xF#&_ljI!a9GwH5)~WuG(#ML>E^bW%oNsAP$2LYP0}1VC=f<55FbqB?XB6@qPht= zC9Qqururj^35wK$0z7l`Es1OtRn;*yl`=G>la69( zYH#<0NTI8({Y+n9KYHQo*RNvY;*qBBq@}S01O$>(QYbe#e(Oz?ncuv5^XZ4-Cy2xF z*|?D0rH-g#7{b-bLa?>SH;A!TC%Za!i6n%C-YF>y1c%698LDY~tp31mhx%VA1O01{ z+S=O6>gtz^Nl8idt*x1g>z-|4^jK74-UB3)bBl|#2sXWD?8Cx0ar_Z##>`#}r9SU5 zsE)QK=u1jVhg>CPWr>lo@3W7e-(69Ry(x#82>ulaN%h^`d5V}{VYm51Qcg-sOB1#* zHfG?qoPNLj+rz`-LtcWc{9l`u~2;AY#vho`+A2g zJAY|=o5f=CchdHLT+e$21qEyhL6sWhAg<0fSd+4{vbIy?v+e;f5!KStlKIKISDR4v z-Ksk3#D>*qlIEBA||IR#*iHvN9d3l?q zIGFPemw+G)LchsOt*h<&pf7Bf{?ZTc?5;lyWqSt&;lS=%U0cfv`_bIo92yn%&EFpj z9hV{%5`|0*r|;fE3jrCKe|fn>*5hi}_j&ItzCfT^US1Y^`BFzuFNH!Wz~7%nQ1Ag{ zAk(4jruCtmPk{X@9QUXJF|r=pM8Qm@URR!@$;l6qKGjCN%X?4t^eG;5E;@@e)6yRg zRNK{Fk6__5pVR#nk&hzQHa1yWb;3eU2ac)qr^s1et6T4LSC@`3Z1{SorxNSgUQFgc zapL~~G2`o?|3$&Qs0sC9$d^low*TLO&_aX&e9gv7eBr$H4-7E5Tus+F-^Rho^NN?e zt8Zv%4f)5q<7j6__U+rZ6$XF*{++D;v|pI-e7LSeO+!O@?jjkQ%?dDH)~q-2IqbO~ zm*>aDj(fTQ)ZWi=L-dw)bUdLMx`Z6bI9aP`2T&G(3Jz?a<0Ex-b;ZQOg5R^e6s2VdQ4r9?jqjnM zUm%Dh_wu)I3v+WGzP`5+7hY;Y6_vN`KT3^x&bOg~8m1j{b z8pv~8;daUYI)-zu=6L#rw6s5fXzTsu*Vfk7qjl~gfQsNy;u{$mC7$4hLQu2bn}1nd zU41g^iQ79oY}g+DxcYe7c`#3djOr$bVdw1Oh*rki6!D&2h0ORxjPL_785tQoQLDrC zA$9|(MF87Ib;k+pHxX;~RykNAYER~|YOl^d#BiF_mzWGdKGlT+1W-EK=L(w@cC*o^ zny!aRhCT7flRaAcfmjryIhaz`$%$VfU1qL@(*0Mza|DIO-!HcS&Fuq#m|t1>78OMd z`?;Z^0hIx#V7W88A@RBA4>mnCUtiyK8)BCCtpKP`4hCdD?RW81_6M^%Q4mM+t;t`kY}b{ zkEhUsA}?X30-$^WU{C}ILf!z*qYhwG?E9QPd^XGBd^|inQGluN$;mHYxrU|+02)IU zR#4!j0uFC%YC5+ zRXlBNZLmNgqoXRYwF4mLz`7g2j>=SIbh|n=0x;Js&02FHvt2b#5PIMh`9zf(R-_T8 zqY-9du;pE@+9MZN*OyR|WStSv$>0SA1xn1oBN;|_o05|9t)e2W z7oP6^a##J(kP<*yKnC6+A#V+4LJxkxhcsm?<+L*^Fh(T98|FQ6h4BDi5pfuG-=m1Ux}G=2 zaDDKC#D#JDHa--f`mK0{aQ*@83)pYs!NJjmdPsMrJ1!ZHME%Tv$Q**IH@xHIXu|U4 zvuB@Apkx5p9YDtO21==SfNlLPrYe150fkC?)XpqT$4jz!9d{F9g6y}(eQ#kAWp)rT ztI>YNA!meXg0xdVFrc6j85_%l9G9D0?Qh$)&`j0hbf_@_^cNKudq+k_zLJ!L0q%`| z$VX-bEC~q-*dH2PJVy^g6&(8s$OP=4zy?`_y`Bow+WC_&>^1?N)xqjp>;nB;!{>;UvZfG>lejnJk(2dM52ju4BO|a;fk(5 ze*F0U{kxons*1`FC&nEdSy@@AAqRIfG&F|tcPgp+3S-xdu+;{GC&H{uF9_oe!Hkgk~&hJ%P%B8HVY;0okRz>Bc^@Dn9_7G45 z=PU=@JUpxf@0(g$^o)!$+^!R~(2gs4cY* z+^`if?}_xiS5y?!(MdWp+Kyya=e1eJhGVBUnE5u~KG(W${&6zki32epHeL**zb54} zy$4lSia|#tY;y&nnval(D($!0zfroq0<1|{F$H1S>3F*fQUwX0b*d9TKy6Hjs>mZZ zK&tp6jP5n{!-t=dF_wVf1yu5Yi-F$i0|J7Yni>NG12GFc#!{m%f$h%pWztqmbTmE% z#Ty-+IoAzjl!kA{r=$#)&(en>RUeIiSkLlDSFLtrgVZ$%FjC9y)EiyGCc^~xkVc|;84r|;6e^*u}Cnb5n>Ozd%94khL{5v^0sZ!&_ z1$*7)@^IvrdN~ekNFZ2bG&MD&(dkkr;`i=9S>wx4WNd;Gpb3h^CIH}4%+$o9KGoHN zg-}=&0w?qFXj2t}ARI1gLBVRp8Yow?h?(BRa7rSl{HKt!@&&Bx`mGuVWK5oMJAb`7 zQ&)F)N5<(rK(hJL5lsSs+(=U8FJ9NP662}LQY%~Ad(7%(_W-OYB^8uKN$eN4B8R1YCb`JY;JC@UQqs+c*Mjngm6i1{QZSfCL?mIA zjK_F(i@AI)Bs;?Jbu2{T(Qm`juU^e&B)EwxD1^;5d@Ht`5xz@6Fmzgvjg3vhX^aQN zZ7S?qPLqBwt`Eb#m3AMn@7%eKfsyEbeFeO$6-@NB+qrp}<;)w{(lp`$$Pa@h{sQD} z9HrX{inFsbkQIN^U&rqL`&ZxA<_m*H0xi5R022BD#~}~b|J2nF1ndJgH_iARwmTt2 z6qJ=UkBme?VjW18B!CKRtkzWksw6sk`fn)`!TsfyT2S?fIy&+~)?WsS7GTT8#l^`+ zejRM4R7lNclfOeCscP%%Hv(6*Hk>3o?hAzj(qql3j*O*Z&YoH}%eq4ySJ1;H5 zq5;>}c2T4=fg+ z>-s$*0i~(BvEtp4_<@7%ODFH{w$AqYa!nzZZQ!cv7}tlHulQX^u*k`=;~##O>gu7V zqVo8Ws{dqT(A7^UJhesPdqPhFlN+4~>rTiGh7TV;0R9kna}x%DHkhr1MMg#jRl)A= z?lW20U>_e0AOH(XN@yQHzHMn~3DhD3BO{Q9v2aplUcWZ!O+>kU`!6QpPkj#)zbqm0QtdC347t)ymc!iG7@Nu zuV+sGQ^STtM5MjxKBdkMm02`*9e--E`#byhJw#u5@+;;i?t>qmja)hYb_`cnCMC){ z&zoF`XR-U_Fk7WG9K1QXDS?xSfDEH5c;4i;=(O_JCfH81syUF_4U{{>X`PLa;jUOAjwX#I(*9O7>5TaSB-OWsV%kW5zl>=v9Ca@2{>%)pX|=94`Q+2t?+q|JmvAB z5bLMo3+d3*f6=kA1G(xvhplo3|MvHp zxV|V(0SWB-sL?tII%jjTSvCnvT0*tV(t+U zDI06Gv_yo4%IA6#0RO30V!T%$^h~LZ+Ip?Yib*(vtB#VI>Tw**bdm`T&-Ci_&)}5{ zQC(|(Zsqh%e#aonI+EuThKIaXn|D8OQ;JGU6MTyydLTqt|6SPp$J6A^fp4*8%0ma&SU-h^Jzp}*j zcI@!9(q+ixI}11AOW~^@K0iqK>y9Y`1qFZbxCsgbQ7mP2#Y%Ry{%NlN@@b)YZhN&g z!Uw}`tQ6~okP!FIOt81_ZG~^R88!Kq(Pau8>^~}v@nI6QEp+P-LTF5e3aAhp4qLi_ zv-Fo1XZ4L*zW5UK4fpF_T%0l}F>1!~hOl(S?)QDCfm{=F+B>*giw(&|< z7+})IJc;H)J@<#@cl&=oaPo}dc5pX#{KT7>pMm;}S>5LSgI^W*iPRZCW8&2KNoO$GNHDt2-m|yzx=G&5+NcD`u}SoGL3DX(!`` zOP;bNS+)crN=!$;qit_Lz{N~{R|Rb5SVhIA(8n(*K$G-T%yVKlfBkw>vqIEaORL&+ zgpTTwHwWw!Gvn4n(+jU4+8Q57=7mK?&?Zal&ri$AQO}idc=F`Q>QvP+R&+fA`rATD z1H|)+lz!kfXxo?IK(g8#&@dJ@tuzT9YbJ0y(eR_$eFJ zQoMJjNpv&@)u{V=_?b$qcwhl1*CQb&|8kLYY*Zm3tHca- z9RzU+3k!=htsE#jBisV%ljO4?*}3bupz8wea{a#1RH3*D5 zb>6Z23-qSHq%ggc2XTX3Gv44w{p{?fbVF!QgwWia>L$X*i~1?^T!)H(d>n)7HxYRk z8T2ho2l@x^L9e6v4v8F{&XQlQI$PFT&j=2q8wF+^L~m~1QX1X@JQyUP;AlQx^0&S| zSw7!xu@%3wv(p$@$TZEBk7?=Y*3j4&6cSpx7f<`inIE4ls$N1Xuc@Vqo7r`PUB5oq zn1S<^WQW*syy6Y+NIGnn9f9?ckF&jXQ6$&)TpO4CFc3N2@IsnSuMp~Ljw>YGk?j8Sf?&$7Jd|HQ4=qQ>{i<_*&rMlV0Z|}5O zJM(dC{$;Xget%&Pne627etl+3C`}PPCp3^xL1QxN)E=0wapV=?_}Kf94u_&M+kB#co5yI4KB3@a4~5<3_|Z{` z#h_0Dw`FtlC$(BIhG|3X&6Lm6pVZQm`X+TSE7C-r7Bq_e0sE+)M&Szl6`+Yg(cCs`fvQP!wp z+g~9}Yd^ZK@UB>x)|-s7akLxV#VmJqoR}GW%J!Jx+0<{hIGTxaB~=8W%QEMot6xI3 zVwR%W`ywAIN|%#YD1+~I>LeD*%uOcK@65OzQ1$7IuyK_?+#6;Ve!t6HyLIu(&wt^Y zY`WE@F5cH>x`#Ita@AhHrZ=(^2zmEHE=y7N(PzKv`}KvNH3)GMrQC3W_09^)SNq)& zxs~?Lo80kYZClDxnAq5hn`2dEZ2*!7>fGHA4i5o|8bJ^SRfe9KnG6uqgA?hK!EtdK zrQQF4@auwlqoAlrbmge0h}ai9F%`3zlPB3Gwrb3BYwJltd6j_TmSTt0r5c7uskda- znS-M%UN6X5 z%huEif+|qE<2h89d9PPFMSyj75l1e8h+s%Eng#7n+{2#X2O4cD1tpa%kW~(n9`7zsEY5akeLs~&% z;viS|m5rC=<#}jC$lK+!Djo}Mm5oSj)BYbl;(-qZip}C)xL-HH46wP5s$&~Z`mn|E zTk-8$JS{Ld?FrcZ&`>bUOnPmKYw=PdBr?2lkO%#)9do!tm7UJgWd7%Q?bDs19FnO* zAyn7{t{PoO>%zh&yP6Li^tqa7o6-fEE~{V_-!#(g2@doa)d~Ff8#5l z;Xb6_w+NjG#oXVI=F{c%j6HjrZX@xf=O>-eBkz!{iAa80qP zH|mM?#8H~An<)>s8e+R#NXKfKJ-*?hHj!Pvp*$jjfwN^w>Mgs=T}XUMsS;4O=i+l+ z)vj>OmH~zjTJ<+LIEvW~pnVFpVqbkNoCt0M}s_pJ+HMUS65&r&#`B@RH zLwaOnK-?i;kcGvQv5MI844GSgsDA?n6)%p-wVVFZ{N#81jCD=HYSWcSa6LcutK!Vn zO_M^R%u;W^DD6Vh>Jmga}_r>E3`tsNKz4S9G;#q9{dpUUu>$+Yu(E>j({KR5v(($ zf$<(F5DXqnyE%~0b{}pyR@i-jp#9}*I-Rurw&7V(0?Lp5t14T^8r-^{yj?9bm#sgK zTS8;wx@wtY*|<3t$~jh4+~+wP=v;qU?4&I-|91Q*hFo^g)IebrnxJK$&;vXRP*K+x z`?%25lC$J>S!lik#21hZh-VTK=)l@oOjn=&`SAFjpQ(^{R7^}ewBFh}I-HUDa_BfL zD&Bc~Ty1@gd+o0o^AnPTcBY<6vL0`zK-bo;Zn}$h123s24`%h%6Y(`JZV892#=l*G z3g|~Rf)5cnFFl+2~SJBcqV8dSR#>}+c=-K@~7_+-m_jf<3gD7SK*Nnw)wg`za=6Hc|d&p=e&jk zQ(s$OZ0c*EPaS=ElvEZi6*tku-3^0qZ}0bfWUYtN#BUky(Y8d@G^Zy-CMq(1O1qvi zS={V=GEE}%_4xwb_XtfV+g$VDcYPdBpQ%fr2S?rS{}=HtQ^zbIJ(B3~J`WumciH5X zbL~ZulWl?IIgat#D&8k9uWd^lo#W>DXS`?QT%q&xyXG^sou_SkAHC2tp7s3s4147x z6F=r_X68JtN*|+?sM~_pUUka3v^@0aOjT8~C*yp4cZta_6NAg-^^J@ONJvyH?xSL1 zVd?7XB6XC&Oy7Yf@}ozOynp_D0Q_9cV6aTH#Q?Kba3)+Sz-VOs*6PlxZ5t{Dk1(#8! zK%mLrz1#kT4!u=MmY$wTdWz0!rm64jSVooPK3Paa$aC1k17ES5$5L2IH=ILa_jeDq zn;#83K~_kXe=HqAOh`zj$XFu1$z!Ok-}r;H81YKd$LQ65I;Y7D3Rdj=H{P;*^^UzM z6qnMga(UU+n$tSp^%0tMH~Dpb@$__u^Q0`_cn_Vd5F+naWD-C0lV(^YlUzjEwz%-GU%ytNR;c*kHqC&)y0W~?4zf0+5&$}*fIt|e1Cl{4Cd?^m z=ugC)eTWebgb--E*hA83h3-ro#Zz4#DcCNjb6I7YNP1Q-i4;-`sfd|9;bLYUl3l-y zvfUhrI<9hfL`C^uyWb;&0-al(1XMR`Bm(5nKR@EDtlIy3Vd>+G zVI;E>WV=0qYfers4`RivMM0URw$|2%yu2h14#()r!u=y7Ez{HSzzG6D`(H2IXJBhq zn2Rfd-)>!SR}Gj*P_gJ}ydH?4rKPo+{evPNOrh~8dMqafpcvy}SCP5b*C>j0%Qf|= z8KT$E)YaVtlp7a!>Q-vpF54IV&R7eIiW{1WS%_uh7Q-HiL_FT%(xnYMt9gEhfZ)BL zkfe`qQhJy|R@2aN|6qUe^8v#Hmk$icX}$=oi(=e45ZAhTzsJ$B(%D?~$)-Ov6od!O z`R{hv%^x*47tH7IahmmoYLK}#jpPe)A04TTjTO31y?nDhBjF^43E{pW+wkK*6?Jq8 zT^bs`S^krKTTsXEf`-cxGwT2}8khoPK9;&+Rrk4^PnM zXm_%#NYajg-dLGM;MqmI<(-Da(7WV@sp*T8BD|s{T|K+R?&F88dmdFkS#T68mqx%tyxz`<9-rzQyUG0uj8TsXFIbo0B+?kAy=}t>{ zZ#uEBbjW)6e4#l-j=`t;{uj?!GIOVU8DE~V@fh_TX>4BD2}w9?H#SZ_s2kB_D$jo{ zVB0v>;Mp)yK6h%ZXIH20u=CvB5Uu6Ljm)L_PU4&qtD}VZQdMQH59|Z(wDiuPoCDwj8Iiy?_jFrdC+>6 zxa*4-nv{I^4MIXYOR6Sr-rk!H$zP7+*Lyc#8K_>KB<}0pawc4xmY%R}b(Gm5bG<|h z>YAP)a$e^_gZjz*p{2;OGL?~{jD`&d%0xM13+xF5ADwok1{@Y&lbl+l4xm*C-r41e7*3 zG$~m1F;RiVJqY+gLYA14;$2ooq!x4EpeRga=dOan8pkJg6p<^RzgseYKa^S0Q`3D_ z)oU(TSbe*kr}-M_xOf&8m+L+Wm6(_!lO4?>Yio>3w>S}83jKk}3jLL3cAGKwfB*J@ zj-20jm`>6gNUuI0dRIM^g3hevQ`nb{| zJojZ(KdvCB#X#i0-%+EwsnxYDGr#|K?G~_ajhG*>+mY4$a?6)vForEXe&kZBD1^>a zZk=ILo~!X9c3WsL#aRgih0#-04hstlo|3)~6`+O$p@h7=d}~Js*bR~g#~}=-fcPiX*couAqNxj>pOR9 zqlNE%i&3gmPGVODseplLd)`9Jn$3AzvX=d}{`&5mSaUPGT_1Is`!P9?{w@`|w~8Z~ z_4-;U!$RV^E=oT{a~Wdq)5|=QRv@Tj(>qyqzfQ@DB3^qG-|j2@hVJ-?daUR25{0+a zp81xycQuzDTF2Fi=keJg4UIr-n)}7`KfxmNKxQvro=0B|$Udla4LZ0O;NjF??&)Zg zk#==lGJOc4tZwAja_f;fwxi|y=x}`5_Wtg&L1P1@{=UBF($YDTCQNtk++u=`w3AFr@hkhcWwY1X+Jn;IwP=X9)&XszT=w4tHE*7Q2x z+Ilq3Wg&C$f+8-8Ld%ox^%}pGT!hw0S{{8os|ct$Y;Eld?X0xtNA^GIbqdJVTprbE z=7-+;x5UQIo{VgShYI$$w5%jybtODvW@diE%$#!=_C zBb}b_7b&9SSXgkH4xOnwq^J#WJWbR~;E9j@oKFpsG}S75X6P(NxaESl>LV!kr0Res zmy*&2ZN}ncxBYc;R;`|UKbABGuk}An(r7-ji*phL4%d#zugmKGk)br_9Az^BYq6U6 z+kU9DFI-)PYkCN{k1bAelH_`U+nRQBb18J;^XImBQkox^{uK>aE-&$yeUlSppTD=h zGL8Cy=@=P{A>Hrp3tbHmFwoVN&mBMoO-g^A`?cv*3q2K7t?jp|Rz;4~5w^A^ zjt<7el_ktozPtX~urUHI*O^RJRp*=pBxHfnIoTf3I<;-PJAQr^8Xxh}?fLVHSX9&t zke_Roe$dOz?X z@%8L%^I{Ht*lea->l?0~p}tt~aFc>C>rj^GYv0ZR#L@8Z=GC#5U$|6dshQ-=n>d7H zjjQudOA!Ok)rfZmr3Km}g?c2U_lul{pWOdlfzn&>h8%um*2KWTkijNa^-eskkTk5E z*;tV`LW*--(s zFAqpMySn!N{bP)%Pb~UfRrPLzeiGDZpN^*-v|49xFH&10^%G8}U=IS$BDj=U_9gT? z-)+p&f(>M$C0IdDZueJ}{Nrr>o9p?W?gTEE)=KX&KNr92malrVW!*vNe$MvwOsPCE z_rmhQt#5BA4SN@}od@~Y>9R!+_xG_*%;t7*^G_ZyF+PdqJAHd$v;E-K@fh!69V0az z8iQuO!NpB~BLaDO1O^t)@(x!{g7^sSn(yMuvT~*yFd`tx2EjKvoJ|-s5*LezPy#Ut z7M4En5&-f1`!_ErYeCS40$vJW#sI{CK&5$nJO)JNpc^hME~a5-4g?Vj9B#?Vn!sKV zVnG=PIG7BqHGrvaV`9o%CRl@r6Nvw|_V#&5>EI#yPR3&az8cSO-_XH(_5vz)(0N0{ zzM!c$c+VUWH!4t(JBKivYI*`i4I0q7+qk@hAY$lCeU4c38@^y`keL&y_LdJ%_ ze?35%X0_B#2vOA6$0so}bJe?3TyqUYF=sfpwY`&CL0|bOZE$jsEajs9)x1y|HA&NAtlF2cAUC{(;{G4#x_cakN6UWn1HOc0GzG zmn!P&3gs3W2;?U8M7sk*NYJ{!g-0M8B7YQEWS~6O(b4gMK0N)KpMU!L@Ies?FZY0H z;xZkaovg3{31R|h8{jQKbv$Hezw0gP0m69@F;hK!h=4{hh<;9?*akh@b1kg|q}6DC zUewI&3Gkg@MhgA;6WB8%P#wOnvcCgbY*-aOyY+hjlR*?M z&(9CCKh&r9K|`9N$cThiBpH@bDOa_>l5HK0t7{G&!FxEyJq5g0BK~**Z7) z06`}PDsH4CEH7`nxVGz>^Z#|I_WJYX(fub-QuO`*Xk}fEHd_h}4;ND$yd)6dHXFrz z{kn^Bvv2>y`Oy|QEhE*JXJ?wc2XidDK|5+)%e6l|{n5teMV4Y{e7vS<4k%n( z(68Qt$v|;RFbt9XI+mN$d^{X<=aK5dwyScW6BGvu6X+eK$*OhPH2FgF32xAIInKK}128eL7G^)74iUsQNl>GeQIfBh{yKf;OeFWwLZ{tCX z1C|NtOYdAoMu-fVR_dy%s_Xe6WdXemQoRp?C0aVV>Emip&lZD)7JR0Z=fbJq2t<3K zui$UzzpfL2Ts}t$#>suNIzX(zeExUAW z0*;RCe=-~)Oc7EL!yCcY@Y`yxzIYuiJw1JOV*_anfRg~55cGHbpo2WmYvOmm5|jvf zFb5)0kaOYPy({YC;zD?Q!2%!)tij!2YFh<97pv-6&JNr*Kfve!dKelerj6P|h*=-) z?2!F%Fd8EHsF9KU-9vc=1vYMOafo2>sI8qH=tTZbO~rwzaA9-vqSxJ->Lyeg@2ed{ zKtC7~AOA*8?LLsu>$BG%!5sEII$Ba(9F3He6ttIniIl7`!AOxhxG`(KlLbnJ9_Z$9 zt0OHtAd}|~q7>@GAZwZQW}qh)b#Ywgaq7svgU+DM3H*lkS|`qZ-&VAQ^Y;Kq@;xXkc``` z^{*%TDOe@IKcEzC4P9!;#WQ#3a=F4oeZJEY%-HG{bI zx3hCIWIQ}R5CmOFuOS$CeEs~Wxw#`jpasJ5ArEN_3l{JvLF{<<`|{$#<*;Pi)6v-( z>4DHSGHL-CH`vHTw$+igHCV)ez(7ExjO7<^>!NmC++%+H(EjkjAC$sJM@O8-y@+@3 z-tqA>O7>$Vjibr+e38#uoc-(Ra=H`+4$+gO!>z5YXg(V{aM7?HM+MO;m4N`QzM%mb zHsNQ^!fVsoHwLpji;Fps?Iycw&^A_I9!=P8j)tJ!xi2_un+(=)_h{_IcIfMqfatpp z3}6vgcAfvL1#sN}B`i{%3TZf}z$o-U8@g2n&^L$3H(lO+vbS)$9BWDO;Q(neXQV^T zJjcMoN`Yi?%uLCR>{rO<*HcLLr<^W^$)2p|0}adT zcHvlI06yyy@M!os{}kAXal=xefuk}L>% zDQ%?+{{_Vd+4jK=GSTd}z!w45`UY4aO0_x=Qmx;bfhYltO=gF3-ut!!od$~WX4blk zdeHn*Rs_Q-k^Q;9mJ%#X&Bu4@JN`Yp9P+u*)GY+W6xBlAm(dGSX`q|G>Y0vf84AC4 zN4QVftCh%Qr3T`^yjS$76n3;-lqPhAIW3sq^5Z4A}=!E$7+OI zQ^z~Fb={qDm|Z_~Yj;)_`d%En2(RpaO0e1KbUi+G>E>hlaA{8!z;^WLZ1Zj=oSA1} z%moAH*NBKA^bPb|w~_$)Bc=n_!Jmj>0DOW9uut^CY>-`@kGC%uw~AP`Kob5lE-ooM z8!GZUpjK1-&7N2318$4k?#|bXi~68Y&Z|G_@0W*7`A)#Y>GWUPASEMwXWeSCbmG-I zcpZKSIIw`|6bH@{FE8&bSkgsLL8xwZyshz*&jzg{lDPo_>)h(957=9P9Djb&p-vs5 z4SHfLP~JnAxWIa;9rp+%xn3Z9O@ZaKf=~v&-;Y-ppDtkgkCvH}Js>AXDv86x!)GBd zc!6C26y<)PNX0S_kBmgRcOirzKg?=(_Aln;Phr>lQ0L?vOe=48?Cs9Iu-zIb1iQ#9 zSy>6Nks@7G5SA}e>@BCOeIH3jx+F7PSAeQ^7JOi(X;i1Jv^1 z&^6hftT?zhwE^!b9U&nhTzo)9O${Kk(rWI80r(LhD6PTZXbV+jAmx|9G%W$!oVDBw=*3F3P>uT)+<0--;#;6 z#X;X5)Z)zW^WH+h_hK7Vt!Q~33U|5GE)d$Th-_e`W&l z)t}EO1%-w9WjR?{&%x80ouJe3H3`hffYFWnl5bH6yI_Fc7xD}ZxG~{Ai0t00t%-7^ z7564O`o5?8H7ZC+nc^5xKSL7;T&3E8wydnJ>!EO%g?j~H&0fH8;3$oPTpBhK3gXS1 zH%L2P?ddWZXxOpl=H_@|b0B8nG68TkJcFGHdTn6(Ji$*6<=-vP_xD2i0{GzR$9XZZ z5UkX&5#U2{?_HG+$xg$OXc2n)y-3&mpQIPx5;HQs!MRx&%u*l`aT5dw8Uj(jpabqV zzxjDx+qM2%TCRtL&@&bu$}$Kj?CCZV@kXz%Iymd;IgnRW{B>mePFFYiX-yGWtR`!m ziSPO@)|?}a1W1=6TyB5?od(7c*U4H}GVt*sU9O<#_k(#Ar4IS*^F1cU4-Wdf${83a z)m>j0&AVJZorDaie;5`0&dw=7!ty$7KY)8eZrj-G<8G(GCxiRx`4gfSfTF+|nOQOoU$_hY$OZV7AhJM* zl#GI)4#5BsF=({2Z0nHsfxzN`Mani;$R*O1zp}CtO3l2ICtO^m^%@&?c6Mobje{@- zx2Ui%=bd>A=mLNXSvK31oSb~F6x@GO($XPOQOAFOUtgFtLE?QVBt#B81v23tZBO|F znh=BwJlgTo0K|f~>o$mPkXMSpJe&lNxUw~mu53ee2C_#^QPHd1az@!%3%=uhh4n2s zfgs0=Vhn?uARtx1sr7*3oraNd-E#{Py`|&X!DH|cB|%v@DJumy4QxQq!4D5%2n&)P zxJhU@I0(Sa2Zh+L-e!Q#b3lLITbO{%CvGV6`kv^MUOl1c`u2)Uf#!ST)1s=Gp8xU%`eO61>{ z`IZLp2V9*6?$>UR$h1MyUC&VPiZ+yA9Q5=D+f!t4s0rPmEIa(`Myj_deKht+4w(hh z)9Jug;ql`KNoIC-vR+G&yd8iN@4DKF(hu|(w}im4|BCkR!R8nN%+Ocxi-6n`QC%fe z4{t`EU&vO-+bYn|;MOGA3{n|mjk;`bvBPa*Vq$0tH$cuoJO#rF@)iNG_K87dI-IBB zKT&SkFf>G{TSx+tQ4}Z|6a=8_m%$W5ND3MHJ9BVE5eT?J0FEg-*x-;M0FM3DUQL?H z*1x^I=TcIbAOJze05LH!CHZ+tFpW!_(BqeVHAgBi? zEDd1~xQ+H^|Dpm+)BU&D2A5udcM<{V!2`S@RKmhnG(GqA0$ihOPXt0Zj`*O2YlaPn zM?l~S*Z@wc9(Z@bvnU2s3 zY1L7H=HW9`Lda|muuJJTp#7r^y5PIQ^A!WP8WMT!HQVy6X2!c^yn|U|Bt-{i9$nSV$_&iMI3h#kY*g==9b)p9vDaAy0hhtQimN)UVi?1pk=_p z_!o+%y~Q>H#4}Y@Qdm_qxDx{@N`m`Cnjtv6Ra0Z!+#gARKRta4+%BEqj)dF5mRLDB zfWeUjq1~7K5^O$=aI=*+3B+4m0D=&d*0lIgz=Q}H_Af*Uk!&~ka4>y540+{c4$uKF zs1WY&KyFPS7DTdZ;I1d+aNuI8oRZ0o4lEWHmii6I0uAsW+@?i2bkzdk)dP+JG)%8P zs^9g!32+3m!TE~EWnE{dOxAt{nB&0yhjHuHt%P5=Fx9{Kr(>VN8d1UJ3#?kTji7-m z01thMW({&f{XfjTc~p*V-}Zl$v5ZAZqB=t=n#@BaXJoo0m99_{mqcWU3=OE1 zGRsVbP$H2zN>pYUA{i=4i4;nd>iz7l`&sX^*6;Vn^T)g1_1^1V_gZ)AJdX1?_We6- z+xFe|!s6m!M#1RdbbIw`$u16(%SPhlL~lmVsP{Pv2MJ0Tk&BsZyveNF%moV~aOfGf zs;Z^rUH8L_DgW_)X1lT~v2_S2Zi-Vt0r&(ne$``g+9@fmrS$-P2=*c)SVQ7c9x`0GnPpE~uNu%~j%E8~GHzs)ApYcYZNE6WQT zr5n$lb;O7&O6TkfTH!5B*DEIi_=M9qxl=Fw=X*PsTKNC|I!4iwG}%*jn3-%0?TODS`2S$iMMw&H?FGk7!>OEBJM!1yCV(Hbd-%c$ptx{63T)uPrb}JZ$WTK-?h6#bHLNs{5)`JJT z`h0v6Y-ME?R3u6mK=sK4J)iQtNc0VmxgYSZ6X(OP|_^NRaMF{Vo>rl}l7MwKK6{YA-5<5>9NL-R2CI>5wt2#Y*0 zY~y7zgWpCHr8QfRNxq&r3yE0WRh8&@6(mG>rLQmdC7EV3Sq#Xfq&Gb6YV|C>Nv}SA znpI}CbQ?W7P~+ZW^~?BnnUhz0>;c6|))P@=w~_!qa26I$p;Zu}AhS$FT= zZI3OPY+Zc3A+y%Di7pmWAfbz)zV_p`}|?PTci3?6MXI1B0BnDI0c~ zxc&uNm%f~?MKw%LWz#pV7DtGtfec$uBo4}}7B+1mUA}TfRb|`7ix*90a(VKcdz}<5 zF(e_X(uyit0%TiVE!MMTgX_~2DOv)a>(S;>*62&gZa16DWTMlQ`eDT&t95T$254kw zwyP%p?40pjw7VV*SuY(O%hG}7=G&#Mr1m$M<_V%e@&GGc1}dOvDF(b{hba`c!N#en ztB*gp15>`O2M!!C-Ojr8SG0tplgpXzwotTWoJ1~v2F@E-Pc1K zipR%n`Q}GQ#KxdhXc|aMW-w&PJ}H~&@ZeffJ!6|jvQ-1EngwP?bkWI+KjP%Q4!cm4V0YK3=cwl0IKB1Qh1IgLl2%YLSi%D%jGuGS!L z31!;$_zs;rD*k1w)D2o#?w<1yFu#MfAj}>+i>8( z>(xcQ^Iw40N?UjB`fkw|u~W0p3fOcKG4-Hf1pRb{(^!!ziHPw<@cuf>Kh}1n+Tha0qsy z){lMHtFb0gZ9<355;HC{-q<`2+4Cj zRDc!HmZnLP1U3oGVAtwVn9a`_lP7;&zj&9vJ}IXeiojBv$f?UCUlM0kG&PkmkaCNU z8|G%EtQ78WVle>L4qEfmw5|5=)>7q#k(Y3}%*- z09`!KU*pANebj;3{H>9ZYNJ2>ulwCiP-hdS@x^(TK)~XV2`lM);>Z z*%k-T@Gd>L74a>Qd;@J^^lb02mFA*FWKFwM=yNMw7+gBD^7}u84iUR`brslsR>W>o zEdC}O9HIs%>hbhg8?w{i^VSegeJcwT;DR3~x{mny^XE)5u5aCsQ{LfW@)l?Pj_edftAJe;HW{ISpe^;r^z7MFt&HBFJ@9bk=6-C%BFY2-BMM_h(vYHr zBgZE4%c$m)32>kBaShUXJoLpR4 zFw$-9Dq5q*$0l}>Dn=j13w0fhnLFkh%(|yhBZ+s!%hqC+S-x=LY155Ij~)#I=>c%D zA5z;?07?RQ>l8NM!=r#^=ghftH*v9uj*bqzxuIPvr8oS{%)7vnKhx3EYXZHr7IzBM zcRz59VsgLRrIp{0J@eRa(|z6X9F=HUE2iHjxJ{;@7$4vY~?z-LHs!L-OvekD0 zTbcSj5N{V?)E*N$9|CKo-rI2gyiaVFXnN}R%d1L$sWvADCO9Q2f?IYvJ)zEyIDeBl zR;qT;kdR%w9Am42HiGzS1-y9e>0N%T$bI!n&)nS3X;Jkg3TS2C;~tCE7fdbgh)Sos z|IT{>&tTF-^TuDzh#j~zdbV4>V~-hR7wf^^IKv zHWf|rttwTyvZA6bG~J+~Lyu76`hI-bC@sSqB(=X|yv~ANS7~u~^Sg;p6-rL(d5N$HS86U!ClJM&6#;Eg_+Qy+ob(-{^ zx4s&XduJh*Y#*M1*U=bal%NJCJ#R?u(Y`oiG8|6BYhuVx z7nZ;}%62pZX7o%8-ds_m#y#J)6Ddv8&Rx%zR!dm8Rytz@^wSS!+T+PlCCz~gTZ87L ztg0TDn?=(JagXm{5PU9VP!oxJZm-%)mQMd9!nW>OnM`-Bq6A9EExXb74qEcQB}KDX zkRWlon@M?x!NTkouU@rk7Ql^;toQUw?M1~4$CI7s) zdC(Ni121k=?@p~2@0{eu>KAymX}^9!Y;hp=?p4?Z<_kA5@`^PP1V7su^PU_(d9oFy zTjBYnq_65*;VY8B?deTt^YQ>c?j#$+x;pO>n72W{rQt z`cgodEqpylboS&R+?wKY_J}>F6R#_rUQt)n;&E3>R8RkLbw$N?8WNV}y3kOpzO0c% zP|Z=6+5)PcAoPI9c(4U$&zfZ=mt!r|lSUG@B!>2RJD_iINy!fIUI=tM!7(7Ap(0mN zVWedW+^dQT80BP|tY8h+?pVC+a6y5CL1tv{;9y{3ajO>CYekVSe0u& z25q2<$X)hMp7m$$357Jty_ z?;twaol#MfoW+yRfJ-6pQbC|w>SM(|(- zLfXjjWbFq#k%tVAJ8ir+aFbc)p6JZc(Va|OB7juHhyrU_81hO5q<_=CeQ(l+LhiSu zHsi}klHlX0E=0K~CZE22Q_Z9ISWnW2Rc%jE2tpyyQXvz-cb0Inmf&I8UDa<{1gQ$Q zAq{p@3kh%WpdC9p2x=a@H-<4Cn9Lh|a&%&%N&nzM^en`K zbMd13L+qb=(ZFPbN}}#pmP9A**3`_~O(&Yimf1WKU%u(`qo4b%g@Src$He69-VTDX(-RE;#3!+nPl z^>k#tdi5&cW1OxmGeB|^icsz5{rjz7B)V?k=^!g}TeN5k&#~1JFZx9w6g@2FvPu1z zM|A*fL&DWm`u+R+BOtyFtO=l11qp?Vz))b1OamI$92mAzRT3%coXv*)6&9>ZeAAW#Xx+%UgdVIM0h&1X6D z1O+MS3?149J|X?bh{m=l(^{x??i>b|PwlTL(a&z;Y3L%qVnfC+k8lmB?=PGad9QBt zT%s_a1yr!9{agelqPuq+L2!**PM3Q|poH8s#dj76VDRjgzAJJLz|q*RJ5J>n*}eXk zFNslin@xPgYGS;=Q2?eK%X!zupK?VM=hALuLz;g%Xgm5bu^`zde|ZWMWmZ^QkS2{` zzNS(EO`(vCvwdTZ9BCrqcc{&V%#Ize&d9DnGO#Efh1g6*LjzNvmIA~f2C}gU`yGYh zO&jQ7tmInEnNw_7^a$7;r~_zsBTscENKiIXY=(mcvBh!{Ah(1Ba5F1kDauRmBcEQh zqj9@+$YQlaB-%;# zg@Dl&Bw$CYvlK+1D^5n%37lZ$#EET)?jZy@*3TJSqYLLk14t4E*a)hW>n!|g?c=+G zCQnCchxo?ITzDKZ9$o}OL*Xzcwmw{b*l@=-lAEQ2gXly6`clWP zgb6|UbOhmWtF01I=jcT&5a>~z=j^8AdUtZCKcgKV4Su@#+xxN1`%EQ;8PGQtmXvHD zPThFvEXWl`SDoM}66 z7^=Qtsv%;m*hG|P<01p_trNTsR$>^+tT^t0SsQJ~dNMjKWEi!^o_+fquXqol-#}Dk zNfl>nXSWWZPgzeHo5M8trY00&!Wf-rDaKzapH3R#@aZ*UuAMZD+}|^~ zaQx4u?w~2eMb4{eg@8i}L<@9;2iN;_dtQgJ|1H zZlaANR6F-FqQ9RvFYZ}Gz+VyMz|Ht+i&Hy*^LZ8@RzJ$fIy8#PSUYia!=rdQ3gnOP zP&!;%Rc**!ZU)n&(-mtRj6WDlU@C&G2wsQ_O?+#n)&Qoo$FUHax&W6%3gv|C(`aKI z6P(rpzSvY>1key`&hC|1ZVdEE63wC_8yxwa_7+$eHTu7t9hqoSfWI zC}rzw`_r?xEqGIPH)_l{HY$fzY{L9XaEtVwrB7nR+i%#uT~(S1SE&KsP66ITVk4<6 zTwL(sLkK9Hk{1q(qN!4wmGk)V4Gc^LPRrbKVaa%QaXYOc%WQ0-16Mpf0~OKX`H1?+ zefu=wfZq;{{rfL8NrGd-kU6Mk2*@$@F0Di}o}8fV5vGi!2PcpN=UPz?vor;}4jNpn zt$m!eO3~CiA<`MsM4@NcX48~f7iTl2sZmJJ5_Jw6z5=EnMGdOMs64Ocoha9`z6#*x zSl*1AE*6wb1OA7B?dDWMV1F1F4O--XI zQS4x1&(C{0I{uCBsF0RZooTsta7Q@^m)T!vPM0(9G78Z)#sgE#2Mp**$t}b@DngAI zfeiBmNbxh2iztMwf-eyk;}94`c6&;cz0D~Vp3~;dGk9>wVn3gTGBuPn$ub^a_7g-c zjx#^rfBH1ur|g-^U4W9Yy*rIR7=?%4R%-9+(#Pw0|FQ%7sk*b#ECpYo?GOh&C?z6v z^tivrEHd)}p&D59?f2sg`wYbk7DIkf2^>M;LhqCTia@P$F|X~Wq=1R25V4Z~%0C+( z@7bBc|Ma6FbUT=3wt~oJ`+MYHx8OJC5AB^fJdQWtw0ZM%5INqWQ_`$vz^q5V#6vHB z{{HQ6c+Pqg5_uoIgck$%wpS6<0fj58^~i-$0(NcoS2W#)S!R6P=uS?(oz7VLF4U?U zMzn1?@NmKeh#uqy)7GmbH4d3LabjHE3=|E!6Go4YCKu}J>$gx-iwwAG^g{*au#i9< z5YTA&$;rvNU}5?j&4`WlFF?2*SB>aHkW|gd?J=A>^(NV7e*DlM-M)PJqJ3I!Id$M% z-@m%lRJ6F&@ZJB%-_EaeO*3=#GhW!7GmMLWu|8?#j&@ULe{NEC!oGgONbxye`*!>H zj>9_iVxLDOdA@5Zz(MzfeS$m|tF7mMeX0NNuXtLlr6ah-Ysa_OB_@HK0vgJ>BEfPQ z&@#CB30DxGm|-R+iB>~tRn^M=nLD?Ly+sAE>C7o!8QUiE$5dndbFB`3^S`&~=b@-5 z*TSR$lqw{U9r3O??)JP5!(00?ASY)>^U$C8iF^JrFUMIiGBUCm{*zT4N+Se$kV4{Q z1=0APDEjoN6-_Yq>Kdqe(xK^%CMMsVgTjFqOwt_ej8~i@Sqbz}l7PWQK|>2Zi`oJ^tbqiU_+cYl;}fQKzJ2F* zZFet=%Z;TwlBZ1hmY-sscTQdV^le_tXufp+r5`5XpNmRQk-#)cE^o?1F`aX_W87qt zu!&G7A_=gaGUX=qNdBwS;1k^DdOBWreji)XuH7tZFPS{Rz8-{JkBW={Ew{Jt$Yeph z&vdrtubC0rH?yahuXx9(I(}@^U28t<>i~e<1q$qM`pfBDrj7sAGJU2LF&7O z_a6kje)v>w_Iql>ZzWm$;K?`UE^cu0@Y-;L4P@fkV=V-%z*LZb>*&{fnP(26hdnIx z_YE3wqt8cJJ``2MII!kO-8^6nDtg^c;UiXQ%hsW2skOJWt1b0Yn2BdOp052Uf8x*Q zyI#I@Nt{iT{)xkGg60cwWoV$rWJ}TTMND^peJ-9oq}* z%9p*qtQsEnaFj~2pSJnaCxrvO6pRlJ-?Ht(>7O}^I!Fb%Kk7B!#F~uu`Ml}c2(M1Z zTw8r_b;kdpYJ^9A2d1nFXLnwfMR(Pc}AZZr42vYGIuSV^);i46REeb&r9=R5q< zrrY`~rFKEJd*^+08sa}7(_#Xm} z-}!I7Q;;1&^pAuS@w^ITEY1kweWu;LJ1#!qUjh>`$InuKgn!}?E1;MF`+BTy3kV*< zF%|qXn{$iezJbcPf$pS#y8GOKfb9+t=>#(ckw~>z`S@$YUP=x@76JLc(nBfj=zQIMZuF7yEAIbV+1X{-*pQm`CjC54tpCw=dFk7HwX*8|W(&%4HAmEl zQ158;2ZVFj{8<$AR9oqvXaSGFos_=4HWbLnlro{_LZ59mroNRkMWxP~=kTQAfONkn zFXrTEl8G_z`_nf7(D*VmWG56VkKxf@!pk$iLRIyHV^0eH>KqW+%s_gxS}FIl5`8`0h^I zq+zB=jdv4-Nq9*A>7+$KEXkNc3A?-L){g3g%Sx`>Qwe< zXn1k_lxUxYW{$IiSo4O@rcs=MuzjVBzgF?=_uT1&{59)dEDVl4)nBvpWAuq=Tf-!K zhp8R>rzR$bz1aKG;X-V}v5l*oHPb)6`1|GUfbY$FSXXqa442E2JziR^xik}_%@f=a?L#r+mh#AyBj#VNuRhS6U%FT4@Ryh3D`ch-4O9vJ4)q2 z^Xjh!&kt@Htj2ot9DAy}E%i-^O?N9ee+d8JasZGq;B^2lIt!*uox0)l>4oR>79pdH zef8k}eF|_6g6ZJ)3S_`&g1TZwrz01=Uj0~dK6C;ccnx9NOxyePZ`4Q_^ z8>4oQJKV|tY5#tf%R;MG#m(IkmFDx)vQ(p={Q1e&9aA2R=~{fnYOhPth~YOKHVrYS zAh9^V-4amMopZ&+un?LsXxeo&Xvmkv53#rZlKP}Vd^74)Axq4D`g9c47dl6LWEG{K zV7~NjicGvfySelBnSja3|FVeYt7V%u85OCG#^=2d+>3^a^9qBp>efL=mHPYJ_*gGd zYalF0C%qf(EYDBXrbG=!55TONj?aOB73Dc4Hq%mdPaoJ6v^Gp7x!NZtesa5kGLumw z$Ep;L`AhkTb@5+6wNVKB-M(|LC_D4u&&<`|t}bt_`R?(-)xH`5>YkcqYTNat(t&wR zzK`*5(dS@uQ_p`wlINOaTTW7c;N{FFE_53BO5MF=(uQ#s{fDirY}xhTRR@h3wI`Qb zTuBS~)m&?OY7?(3dGE?z+R*sN_{^Pl`}W=FDUZI0KdVozzI85ZlJ~Ewl?#UXRW@#! zp+5ED=)*h4uXy(K$-cmepWUac0FAOeN)29b}!7u-zRm{y{_e1DcZ*rbo znYkZ&6Ix@={ir)qs}d#$KiGA}y!;WAO#!-RXx)@Gzf}7;CkJwV;h8-%*x5p~1};1K z_+MScIf3bieZa^#%T0q(Lc97nMl`c}(Di`lv}|?FTBfpK!2;CdO#t5bIzswR%_c`x z?gDAgdKR;;t2=zAOr_EpHT^2IGaPptky6IiD1KYYx4vUY!0Q{Keuvy;aMq&zrtkq}y@l+f5Ue zdzWpT`e=&E*H@i8ekgIzi*J_gRrO`*^P_W?9v!}V^X(3E-KruDh+WTa88p6s*dqAw z=>sylv-y8?q21;7O};mQSJ*RXu?!QP`muReF@Au=)IUEF$+XambT4mwahZA+!V`Sl z;WvpWXsULIwupy|xztYq0o^zBd zqMm?cnAU%LF-<18%!vAF*Kaqyd+XNGC)O__s=Jo24H@11&#+2T<0TXGwX+foH?Lo* zxtnGwHSzhOf2qnJvHycUB|hn7B?o6cd{k9C0Rm->y~WozEe8D_pEK~)?9cA8Jx7eG zKlb6zmHf>6Z?|OK=?oaq2_~ceVjxiw0{%-uhFOfgA2J%P%N&fXor~|GLf9+y&BKqBC!b}fsV29 zmqq2SU{@r`Nm@B2LKE=z?OPbgoCZlorRZvtoi>4~|5k2o#qZy**}fb`wvdhrAj+ZFj&0jULdZudjRK|t zM=|O{4bhon9@Z1vyGg*N;lNun`FsRO%_@you6Et-XloltO%dk>umYI4I#THw;;`6v zeGCjn0TV16SXccL>of#p<{kQ1rD_(xd>|{4f9!p^oLq(QWZl?d_}H7WI_HEs>?e zD#j-?3g}`)3x}^&Rkz5)hJ8+YzCV|c&{{yZHr?ZGf5dHfW)(*1uG#`Q+ClnOQ=@)? zB2-1%H^j$KMFo|mGg{=h_;^(bC#~bOd@`B2nVBxAu}oIW>)S2dk*`=QK@J zHAib<(|c2xsvwYs-RL1ZOnIg%?ISE;nzNnZN+zO4=2j3Hp24mNd7O#KBu-|CrfeFw z<>Z+&Tcxe&G0v1DXUEK_LyRk+^SH5Nb!CUq?{5bI1d`rHm?n)sMfm{7$%{WqpZfVl z%F3lOnJ3aO#0uHy4w=;r0ZtqP86zaSaDw`fJDjhoUJD%rIA%iQER%qCt-;LIW~DAJ zYOWB?n^94Dj8;TRqCsr0G8qW&0Y{;LeYTW3YiJ0~Y3z?hZ?5zYlgmI+^{~C+49-{} zptI-Ct8H!~A*GuTUy*vf21!PD;2K3sV2CQtAan>_!TH2Z1DVWm{J5G1^$zxATwVxT zp`rfek3s(BQYi;j$XLouip9_=KLwHveq=)n{*iYjm(O0bXc9$NKe~A_O9tX0gtaOv zGZ&Jx7@S3M;Qm@N@!yIJGO6c zNh@(QI@%ISLolC;me_MdlWMnygfu5OW>cW|VwFnS%tFT2P5>K);8cZO0SCXF;#rIyz_c{z&_Y?@kqv7{2 zyDTSvEkS=nhCZRIw3bSFUds^p3mvFJH1F~$rCeC)3`J^#NsJ}+^L*Cp3JD7EUFb)> zIQd5CG5OqQsR02pnKLKjC`1F^JV9}EJ1s2`n%wA?%OT4)8m56?@>3^q3b0JFvbxBr zW{Q@4&!g;)T848mH`oUAB&Ho_V|BoTPF`KJu$B|`f{)5LB#ps*C8-Ub+lq>cLGp{Q zT|4w*fp~&g%(%8HvaQx2OW=C7cjbUO3ek*iIMliut zQp(#wCA5?T`U>_b^xjPa1*0ynP(AU@9sOx5w&G;a76U!KqV-D8CXJ|PN(g46)1N(Mk4h4-F^u*oX4-fS8{pbtQko$rPp1J;QCHspcX$|d0TLML zcXNrEmT~7_aK5I7rslgRvEu>7kjW(3|KfIo7`HCuRXZhnsGzD+W=pWKTfiOJ*w}D# zJKK23kXrY)?IgiVKoaTb>W&O8=WW~he0X>;96Iv|s6Tx(60=OwP_&TRh_hp6&u-YG zCIU3A5G;+7gd2e(TmTaJO>AWjC6qx_OWv$L-7m1LRCBF3oh=rcerO8 z6vZcXI)xL_7NZc3J4>9G+FyT~fbxhzIxsaEN(Ik=oiZ81T8Pxt z&R{|#S)z52#4yZxJ5dB6Cr6?Vu9(eh+p_Q?7^|uC8!CTr-$tMqKnpz9NK*6ex+d$K7s*NP*A=4!!E;4=YaXut;26Z#ii&{fp>*rcPBycQ~5m&S;%bku|zkJS_5@ z(Ac;(_2J<1tM>NJK|3wRwjA5}aD-Wh&Uc2mH@_3H_w1%QpECz|{ByR=%e&@#w)dGG zw)0o+i;hSH66j{$iTN28LU- z1}|wUVD!^7u5z||V_uQV@GMj`3KGiF#`AAeC-rumJbCS=O>KB3ST6)?x^8yvH~)ES z^S!NUmR0i*VFsV6oFr@|%w{#k?^!VYEssoYTr8vIv4K=ArqaN<`^Wvw~i~5HBrWoU_>oLOc2Fo7RupsdDF(f(W4LCBIItUtk zG}V`wrU&fqt{Ucn4kFQ_;@&SyqMbRN&pAsYScqY65EC8g@G^g z@|2glH++m*8qJ1?99*Ly-67PZ~U?h$`u)BUgzY;l+q^Y`5> z_DQx#?(bw|1c$oZ7bi}i@P2#dj43yV56Ech{Pzgc-7_Po#gO%FhtWhSutj*y@H*dr z`O+}1yzzj%q4crdljqNSLI4Vd8%b;%M{id8hi1(3gfffVy_?&{3QtKozbO9@5&_1G zvJpljXfrSf18A8C<4j)jpxRM;SpTTTg=0a{*oaD|d#CU?@XN$!n8?JTm2VnI^>Uj7 zy$IYwrp9a*B~hW@>cL@+_=WU5+_=BV`Q_!#3?4C;tPo9-N)qR;M*evg=#fpw zJY>@8{gS~9;B1Eg{WEBVrJt_A0S^7m^O-k){ti?CgNF=xf)5b$J)vA}6w@b2%;Okj z6D|RiJUVgqhWCS+UD5+^*iPf4)r&4l(GvD)P5C1oNV2?%<_v|sT%D3$i^ zeR(gf8L5^`co>b2P?1AN=`b*U>{xSD_P?QZ(~H&cN`Q26XHZm#*ugZTPoEYZ6HF&f zzx4Xs3Z&00=O8rOoKhA+;cbO=8C?VnpDoy)y`eQVgg8)MAn>&0LT_Q~;?kBd&6Q`7 ziW1AUeHSYo2hArvgve#Wtm>$p0fT%Sh`VC&kkI47S#QjgY-4B-m=C@94bnTjdU|XR zNHY`>RsggJ6M&Xmu?`Ch3Ie$o<&p*bolsiJ)=f7aLk1Ld8*X9k*@YUM@r@Fw1f@CmF6;=pcb8xKUCrjcNhpOa z6xj{O4S2G)1sTOJgqmi?jIM~^g$~Mi^0hD5Uc7k06A5M~3~&6s^nTO`SKoYBb{=!S z9R1xDP4r9@^{6s9+1>uVl`q>L;c?>e+hhuO4ujW=8q4r5|CcK`mm%!2!%5e8PLUfvD< z!{i?GJvpcK@MXd^f)N(izb*FX^cG6Akk*~Q-JK(+1f1~rr)oDrTs!sn+GE%sRAbyb z>0eM|tk%DrwqaP4f9HF9EDrpa81CNo-^t&|TMGYD#@h$|XC_#+#lK|o|BD}Dc-J^E zDens|2SS5?_TEgN`_w(i5s!a1*Kl8yrm!)o20lKRWpH@Z7GprUsmli^>@vDe!@V(>*Wq*fX@q|6*PIlfVgvqug9>Ov`bxw{1CZ>!mc1c&g8)B>Fv*W4_RJ+ zMQO6z)#y{l!&Bxy`g-$9tjF8aYO0%~ZZvEfs{=DDiQ%T~j zjJ_p{EB;Zn&&jErcHj8-fKU2}2G?86zZh+5qWx*omz(Q{-f^mZFyTbp$s?vCv^%Ij z2;8y1m89c&&p0UYt>iVME4k->-WkO|R^;5<9$`Bpdf<39KS&g9~A-j6^OFnN}z1#YX$E-~s{fjDl ze^>fFv^se2`DUGhQ-|A_XYP?zw&b}6U5`=dX?&n<__60L!?%o1OaCYZx(u&RGB8$6 z)oPoSb!5%gtShI|-HmT$x;@(&<`l5Rq|=5CvvPL+^4;~Tsr#`>>*D6<-G5otH~rm_ znAjt2q}(gAj(uO4+}s>)mi_E`dP-7$(f-(TJc+;Vx2#tRZ*puTFQV?^jwG*@y{y^> z>s940tkNh5bDi5~rPrG=E3DIFrs;paq8a|>t+rcHdd`Wtvw|L!w4FKsovufjM^R12 zd`Zfx8C_&IUFN?f{8nb)fb>@Z?K`beYbxzYT5fPl)r=b%JPf*0i>+BUsH>mF^x-QM z#w>3Li+GlG+i#y<^4~89jC8O2N0RpMdf?{uqT@xA83FFDZ?3JnadvMTN#|Fl7Y8Ef z^fzeM;=-5AH}fyr+BpS{xzo$$QiTAr4-o53b z_t3AmI#*TKb(Bbi1^w^0C~2E@-DBwT=3kPyBwp(Q8(iM%g~i zUPk`)(+wb#42QMYm^4I=5sGnL>Ydkfx7Og03AWR1Tkali;Wl%&Q_O?I^W1M~TLfPpH6j>n?%7h0 z1ur^|ox1SwwoPhM!NcNDXD-Y)On!51`S?Kt${R-AK5EzRjOnPq$0~)oOfXds`?X?J zrc(}K*Qx8Q=eeqrp7i}%Qc>vf?3QMyi3v$_UM>pFJKL&WBxik_TC4v38m;HzrLUUzS?ZYs;en@e1#j{sWw^DQm^idjlZorSyyceSs z5_`EvTNZy#eewN5!VP`*5aq0C z{k$T$dQstXg^hBx?PKa_4tn>+OMfeAj$vw&C?Mq5!j@aF0@yG2hOe`x#+b`7q}TTv18>lN0z zF2j!&7dxF@+SS=-nIviS?{{P0`d2aT(HlNT^p1!cp%%5~>$_iEtoNI13NUfLyQ=LK z5_|Gp_J%fG-_y!H;R%4ihDpPJH7!)%67whce}66_-{z^?ivTzPkfTIU!&&n zOd+MDX|h{BI3j6afy)0*in%S~=NS!c-A*%6B%K7ucVpj2_(iv#7%|gh*3tj`=)e8? zA9mq?l8EnVm>$#7n~^g4j^EPGtAnRM+&{|Hv5R-$tj`wb7ra!ZRJ2>(IbkzryV@^T zibx8$vAU3$Fp+T;Okx=KiT`YeR_7Xj5aG}TLE^G6uZ48gez^g9D;HnY!R`spv=M-s zZLnZ){PW|tBJ0OzkVGqK8ic+5PsfH{5*2} zgb8x`!QfYRarR+qw90jb)Ep<5Fz%7b97*sia9;2W$63}~-2cy2?CG10IU%|5Ief~$F@aZcf~6(~C1`WkcpG=D^yiMlLPITSt^_>t8nY;=0J}@7!&%_LV!D(9`Ph5I z&h81{e2vukg1R!+QQ;%t0frB9FE7;(RPS&<2Q#q0Wvr(T-Gn>K-ra>tzADiTE44T1 zXF7RhP)a%Wp^1?!dw>_8kj~|NHO9?XLX){i_=+pv*E=Y8x)8$Nydl z8o`ia&N`xUf^p#_b6#h`cwg~z@e^l}EE9|;PhPGNkrW?^TQG}72g3t|%^VqQ1#o%( z#Ws8?r9pr&I9=J5mo%CH%&ce1681?H;=t(NJn%Q#B(GXB{h*oST=8V-U4-Tw!ym(l z1}3Rd7&{pBS5dip?;h|}%wfB}0V^0TS937}7xDG=oyiy{8oG;5Tn1)3J)j;<8q$6E z@NN{x892|05d}K9OMi5DDl{N8SoX`q`fI8nwpRnYx(S!B0wKk_OsDnW5O#~}aQ)Qq z23IF!I<*l+;Se$Nu!rd-fR}7Y3RF05G+XomcFX6TcVP?B;DjLk5%R*+`X60rDkEof za-VR=cYwb8d3s+4T(pGSlYkh-MNz^J9%f*J;!4a}a13@@TAC!LN@yj5$NNPjwd=6O z(#$a&99caopkXjz!v+M`9O-Lt_2`g^J$JZatsx`|!mmFlICvxg*2_6&nL7h{H|Jqy z>Vy`Nrd+80ez#lMpAS$+&nWt#&u^~@FNK#qST>zq)4@1|fgc@#A`j{_%0|Z^{maug zBhsFk6YsES*av$3JYdX-*Vg|!nH9{`UqMGdaLheCtR>Ud8K z$%Y)FCVw>~w-}>I?=_d(mwyP^9xs_NjdnhKX*r>tP zN|JCc0#Oyh9;EW)WBmGNdJboO=9r^2%OFhf?9c#gnwl47vAQ`!_Dqppf6_B@+%_QK z7c(xKAaI{N`Ei#=`*-a4p4j1d)QEtFyybf*goxROKI06)J9pgKiYZy%5AY-;0@p9} zLBx@l8WcRz+TkG!pO=nir3EJ% zjU9=YmBFh}h%a|UDSV0;T$N}On~0$ZhJyr!Ne?@@bOlp3VwMt=7wq^~URuo%Xv+<# zsl}|smoLUmuQHIwtqD{T(=VZThTLdfkdbl}+$arXnQ0^%=2O`ve2rkKffe zi}Si!n(ib9{57ZAMByT_MQp8GG~l2V0R^uXrTP_JkO^T7!)6lNQw1VD@J4fq`Lz}h z+BaZJ7z_^1+M+$mF!CJ|K`9WQ56}*G@I|%SVF=g(AkF|EVgeTp4`=lXvSG5LV{?Ea zl)R(&-1q03iJ5yeGJ^9EE{h2>uKqYRCK}4y3=+(3-4FE4k_0Zv;ZsJ&E-9gqA5t2i zg@OcJ!t|9O@4=yj#?G;HDNj;k@RIJ=nKV%LGql244BQ5jx07dvcXsdJg*4(Bh9q|s zvqR88k^Y|r+5r5b)4O+TaGCTq-DRpDRAH>NrJ%HGJCrzpOD&RqW@H5;JkH()ieF%@ zK^Y)`er#vf5_Ocn?{?{y2o&b$SAQ}7A}QE0JnBda$1ovyaQv(}ByxHar9W5nO#osg@^3NhE=FZSH2VkyZST zc=z*NxXH|U^OOoQdh{n2iXj%3!=mcxt|8}B$K$vP>mvL~h{>%xn;*5hI-%!H=nlIi@O@Ug!}}jFN@n02)cL z%pk?_wsneI)Nsv&{fz*d*~qhb5ASG9>83VEJx!x-k?{V4?%}Q)zdNDahN3AVsiC&( zur2}*>2AY(CAciH*SRUC-@!z!$b$$Um|9X~JaSFLuafj$In1ZF0~ouNkr4yh_IkJ1P$PkENn$c%^dR^&}EzHxlW8X=ZRLXFF zt>?}yS+TnBTalRY=E_9>*fGzj2sr>64;F@@WLj#`Hz0(4)wd?+j*lR67-Uf?dG`_cB0A8)UdZ3NiHPuN6Ix&{YBWQw2&6$CC8<|_n=H7OdoSL*^<+V z?ZAZ`mv^R?69tU3aI=!$&Tsp8znH^I4{jyI_}qlB!oWn;de1WQiYM|}8CIBN3I?Or zn~wZFqyM}oO*y?_viw*7jk|U|Pd)wNp~lIfV&}DD3PHhF?~+8>metf@b3y17S{|%JPHtgliYX`>;?|f3e+-?d~x0r zu$#Qz*sz+)R#>j~KfEwA_iEvs)*2^u#k3P_sN2K)us4PiY&roOvuv0#jLZH$fHx&d zXKpLFZnpW~!8vyu@8R0wjsFuXL}|(8KLr`44R~s~6b_2BS5}KuPrZ0etA5o}e&v zAC{nnRNN4{!qN~{Nko5Q@%MpUI-j)m?Xe`&Gn5f`{P{Yf=t?7P83ySCpwny8IZn+D z_)CRB)2}p=tWil~2%R2FfdNwtMnwT2d@iM#)IlOh2ojodQt$?)`bY+HZ#nhubQ6Em zJtwP$lPwY$YnsArhI9W|47FxKiC{#jQu^wmi8Pbvgq>|aN(47(0{At0TSea_{U{XR z!nguXKorV$aUCJ=Z;+%!VIz1K(fsCqn$j6y^)tMEMqp{@j0Z5X+B*Wh&Wo6@NoCNDfiR_sB zO9)C3#{iBM?%U7>I56( z-BSpIy<{@{Fz5`dupWs0_HD`bd&R;;kz%SlmcK$~Ha6DInK=>UG6tWkS5Bj!J{l7v zc&Syf6ODHZffqxfq0bXt8^^6iyxY}c)lMpxI23eE11UV<KRDcPA8XcUSQ}^v z5Qu~j5i%xnGJ~KKJv>?#irGOinJ5?D4A0KEje=dVyFGX=ULC}IJ=tNn{T=jd422>7 zqV$O4sdwLf?<0Fr+!0UpUyBUPuH^D6tU;eVdv=uDcub*nf}oI$m{BGZVz{u3Sy!0A z_kP&6>yT_X@1R#$RmQN;JE&}9VPk$V#^cj_mo9W;qTVEVAMUs{A)e|ucT5C9Du&-5@# z8P6A|4`w^^o?*GExWhul^5W)75&enRk0?qUu!3veq)Gbt=ph16M%iPYiLb5`BvtzdKewDpQQB2IO$E8{-AaDfpZ)_rA z1%YTtIBQGZxT*;MSgwy`seR9=#&iBurjn$hYi5>Y)yILw?*2J9iEiu`<-gk7RLEvw z0L%(2B;C?PWN{B|i8H*A!(lk^)#we*Oi~)urPw$M7-4l?BKR4>_;)$3)lOnoD~!=4R#2RPK*lj#yIlF z#wL)-5k>|vCyf9faRZI9+E4T7Uspa*Oz~6Vx9Ze85WiR;jp6lGQwk3dQ8;)d3su)h zIRn&dQ8~)7TD|4s-=Q1}1)&F$(x^U#0h^6YX!~!lqTx)MxhbyUcI2|j=TBD(HwNLr zMRDs}QWImY+0R2lM@1kU)pJK7A1y2nfPCml=HD(}Lcf|u_lR6Uu;f^%pG+~%94=3Z zP;k$&F^rVatl_POtF35DO{s~;_3120gw*xeq0`!XlOk5sjxh&|;^D1DDio-$H;6HY zQFeB!7$yp!3M;H8$Ow@nbYlewGi576H&IRuvP;y9_PL*(V61^;I$FI%l~Yh$+>GE| zm?9cUT65tlhKrOQ^`C%kP$W>Z$|8CRz($x7VNh6kfLWX7bPt>-CFH``{*ED2&CVlnURQM%M6S>Hv%5~aL{7Ks5Rfj%%(uIXcl`N%};HGO${CUO6E^PLy}M|)tN)F5 zBYsO1x|q6rKWO}-ez$N_=8QC$|B$27DYDdQgf(%pJzwy*~hrwOpEgkyyO20>Yl ze}2;O7}L)bAfs6HG!lNc=} z0eytno$QoGXkvq+V?T9amFIrOU0$aKX!G*_fSQB{iqmAz9A#?en@FAVFRgH$v2FWy z*#!9(b{y>+My}Yx8?L#^JoG9Smsu=u`X0rUl<5PJF``u|!n(oI(lYQ#L(+rWx6=@Q zwg)REcEnt|>uPLVlap@3ME@fyCqGJQSvWdyf}S!73b)*!qOVwA90WzGCV9| zb`Q}u?7X@wAl|j(JQiKfZ9%Iq^p%Y1Woh;gKnUKN`GU~|4+;|o$OD=Fo3q=Y2p4K` zbUa!Utck|3oFix0ZTh}snIWr|06H2V;$JmK&!&dddUJN)0j`!Za)$!GsfbX>JX18K zj~HN!T+?cE(moMOh@I#Ui9a`hAV#!TaZdKoy?=0tk5BRV%!G%6kn3^n^@rKC?{u~| zF?=wkt!wv9wVk^O$D;^LC;eg_m8v-4g4#Ci)vGRmfXv+5F5eqr&>A$wP&ncsO9L>~ zMWv}9)GIT$@mI-!zP$e;uYa5l-ehB4#3wd_6elcLaga*`QZZWa?ViT!bAUObX*FkehSR|@av@q}83qYIePiRc>#EN)AI9OL9Bn=py)^k_7W1C5skmaQ6~r?H=n&XtF>hN{i4d;1Wk6S zz*8wC(}WQSu-YhU2maWx516z!E`XdrSj3kSCOF7lk>Vfu{KO^Z^J9HnCg@Xzgcj&u zBt_7Eh0#zAR2MqzU%(7H=1Dnt4V&CKbieBlQ0~z=XRNXe4<#)&MW;P=Ql-TkIf; z{@K7Xm78xnCb`ycHHbiGH|B&GS-1>!48comc2T8DC56cRv1%*UAt zzu+_OS#8@+Qa*<73b8jevZusStbps;B7GuBu5X3I(IX$ zt~hppoZz^8UW7w9eU&(%gbz+b+DBMB{ds#?GT8J?qMX2M&_o5tU=G@Ihr!j}$7cTS zGt3dMG~p_W6#;U3caD|VLmyI+nlZc=NNW~xPE6JS%r*Q<9G$=BdmGXczCi-n20C?w z_Gktj=BUr8g$j^Z25(-R(ZZ3J!hQ4imKJr<)I#ZG75w_o8xEToHM}cs1%!!2FO%NA zgNVR1P-@E`3S1ZM9D|T61wUx{F8>qMF<#?Py4zU(Mml2+4QmzSe zFeGDhc0;GhWUadlXiY~#Tkq@To5u(UL%orfo-Z$Yd z-<6lKalSr^UJ5s%8@oT{w(ugn58}8p;oqyLcVucF@DwAa4K}+ zBL>5;mfCdqulF4|X3Wv|HAVemeBEHkgvJ_B@F#17)3Y|B{1xuN-~mMH47S%}Y+r=O zW?Fc&p^ZO_+I7SL3U7AItgTY<+5|oqYg?yN>YIumY-7le41DT@lO$e1R-79oQHJ;k zH8D+&IANMcKN;1(WHS0hYXd|w+uePX zbOLI4wwKpL$%B1~qc`v>y<~R)gC)zBb(e%3SSH&T9;?mUGB=ovMBMB!aiZ{um zrV`f|&JksYhOJ!37eI~< z*HZnd1=8!PudZV5gv|^~9lf|H6OX|ll(CB!o3UBMX^=wf%Y=FQcM(qoV#NzT!isca z-IXr-Gh~rk3Eu&VX3$)zxJVqOYQv0Wr?vGlB=8um!;kr^{Qg~Z zn=GF0$$|_J8O;2GjA#hW0E3ai z^jCW<*?CunSNmmp?gR~O5@@=(E?<~>L&W0BI-1SStc#@_aMF^-MBu3I4)*p19KA=x zE)YEd$#?O)TS_tY#U9T%5J4Q^g9h7S&{U$`WC}u^k5D}Y0Lx~gOfR6O0 z)l9x$%h5VPm#rQPBz`I`{FYfM500j|Jivcg%Be>AfDDM&Y2aR8b3A^C7fe8wblT%^{m5$RY zaS9mwOt@H3Hj0re028GWan2DKcQ)qo%J+=G1cbDRk+~os8j36->Tqz#nd;e7CWHo5 zkQn4OlNhoa*>i`|cs1$*(U|kJD1@4eKY-bWPohC0q>ZGn7cDvt;p|pwD&oHQL<#e% zW-2$*(h9o14I3D~apOAh8M0#wMgf9<@I(@uWOyE+r4n8fbif`jPIndjG@>L?$axB) z_XyqhBEJ+c75vVEU(x(RblhYo)-3?~!q+~U7aA3vTTG&QEOsyu6R@}KhGwFwjF%&GMs(&F{olq5>}H;O5{ z>7n~?hqD+ruEBx_M^$+gtV#!JYF1`OFP~U@@|QwP-%kqT;F?Q0AveL(e0w;41D}XeN06@0a4xB; z;F2U78w8~Q(W5g7q&XgCNeHl$OnZ2;?ClnXJWG?&$Kfy(GAE41|*eKKuXV=B?E`f z-!ld0_AIZp`wH@zOhE7ZJ>w6wIJ%Z8;lG|=TiXNls2=w`8CgXavWz#(FL#-;Kl3d~ z6sceZj?T{ZZ%cj+9Jsu|lbuE1;BQ}l!wBYRow?6p_ZpA>x^?S#vc+r}2Fw(frXE%% zqe2zx(&kCgeik;frbe=fWO^UiA<$St#rz-mT20AaH)BL%jZb@7%*QE5&2u^Mi{8W8wTdY144jZz*VTe8iUtaCz zM{j|MYxFdo1QNNV=irDV55k8Qk%mQdP}1mNDfPjtOE=dt#ikx72@dv=*hLwPHi>W* z&|bt1DgbOU2o67+C*?Rul6YCbVoaFO3LGFYEF{<>w`;WFM+Z7zL2;-rWY$RG?Sbp7 z7()$%(hp*b*L8=bDdPpi#|Wc5ibv$xB0Fj_g)ke%gKj{=B=a_HIyLCGA&Ni%CF%E) zetjLfr)~d+{Ph$ri}cstvHDI-&g9Z)^r?4u3x-3UpJmCqkWUG&L1EYllFo?O3Pr+I zvk^d-B+4q8sZcOVxY~`~i3T$+E>hwvs;LVh#})g}(eWuJxi|gQp7w(^IOT!vQn-ss zNv<5p6X&uK>l=PW#4x>`QX5Dz9dxlIKO3!jGfrW+$?+2~3UO;nTnnh7nkn}0-|vAf zPSVz4S74FrbC9+8**4LKGltVMB;~LB*+Vut4d0*LYYD{8XaZ#u6fmcOH}$S--!X2D zA^T zBfr$<8XD)J#0b1Drpp)AC)}<=CQLADFX4QOE5JB;C|>^8_z8gQ^&y`nL>A8!_ppkn zM@C1$@h%gz3JlzO4geZc`J@q57*18R@;1ve_8zLQZ{fNT=_Xt@!6Vv|AIqL9#I2vo zH^4tR=k+%7LcSwtkN|%1GY)dEF5OTS!24z~iSP!}kz=)a(v~Xx-A9?8Lm+`C3KPMo zm|LxWWA|GNT&a*#Lqm@TECU!8?GLE3*Ja8X)ePJ^A-&mqvd#pSpr%i-o3r_NE#5~I|AO5?8OrX#CI=*TgZr32?0m1M zJ^7k=M<4Q#1(M?YFx?r?pe=w5nSclk(q-t->nR0m;fJ1loCg%ZIp^Rt>0EM58y-{V zi}X*0RN)FmpjEvB`ar$=l|BpMdlzLRo7_ldI zT~~jLSSCN=$C64@&KD7jo;&w5Uy z+(i-2D3cK*=CpomA2&~x0VT1{dHSF^GL99Oya|AAk7389)_b(1tQS4aj_hn}h-KRb z-e+Bk=Qn;b)SK3u_KArV5;QxvAi*u6r_x-DLqS2ixhtILK}7EX-zvls{V8X$*05o} zgGc3#K2%0Q7gEiw(ZS1_u(cOy(UW&EXQztaW&u;w7VukY1#( z4sIQ#BrbQP1_-Z`S4G|{C`d|qH5q3(J^zxq zYP-2joyadsSh1qR?bRVq+Py>xEy7cf6XAc@ac%zLiMx${G=qXNV*|_mS$O;XBkmcT znD6cO`e(kC2x%%jZ(bko*oprr>yG{;>UyR9L|s4FN_AuzGB@bhh|Nu5;kaL{r#;%0 zH@suQ zxJ60MI+ajUhHvT78a`P<_WB9z!sp}SQUn;Hp>gNrl;=ly{jbM=v~_eON)b_48Y@9G zB+>(rEZZz_;(L#R6@~^DlB6n8%uF!hyPFiBIQ*|EC3@(vv;P4q)L= zZBo7bN&TSNCC%98y%cC>-UwDb*qqftMiSvJt?LlU55NFp~)D(7_X4L_E8MO)u% z9o2Tm<)vHb{TT4Llk0p_wq?ECezp4&E1K^9SpBnl-MSB*ZOqi#jX$GjW9wvhK44mJ zmy_N-cRgIR)H^mcRb#Ht+tUsM^$%(PC}=TSt;ZB~+tjU=F_~Yh{%i{fau_{p=J>BA zZmu0&7Jdy}O_QE3fAo=^JMS(L*jOyVvRZK|Z>4=YHASPQK0Ti)|821`fLR0VH<`@}aM3o$ zDl9>bAFR;#x0rUWQPZX^4}D_!o?M)VXd*)>0V&Z$X#ne#oug54WAmcB^WsX}$IhBL zv-H=uWT_`0rSkVUX}#Tkwb8^Tdj1yt(?Up?ox664>JeSjh{KDY10YFif%L`$2j*Yh zCqr=P6ERpTkXcHhi^8MTtBBDmU_k=PLdR%P`Vblg`Qc#^o^#Q;tz0sz;(v#4X=8cE zCH?YG>S8?8<-?bBk8`@+P-@*4`nDdxT9k_dHdEb?kJ7biy0c#HP&sL&^JAk4S0XC$ zq9SF;6p^NHn#n)2(twVviM=9|-ePvomwXluB9%=PBi9ho}*&G1zKLx_)#E2c$F?fKxa(Khz2 zM&BpNb%D^{a&SHY($1LI$9~#06dpAgp>i)e*Q%mjqu}o9`-Y~lyI=Ys>iQ;2bZk2E z2-}6&L|z3RCf6t@BV!kL$b5#Foyz-}Pib=lc{f5eCIMZOx{fS?{?UiV4JP5~rc#}H z*2E+{e;&kQ4V5=(Un?Vu2D7#K0N3K;@;&FRM{QjgRVjVvJd*h(65s@um!A zW|@XaCg6TgP5C)-MRlp8`;Vs!=@9C{GZ+lH{dczm>83bSZ>Fc4%g0a8${Oq7 z&{+;}C}io$j!gY9;uc4T1pJ7A4)EuXgZtdk1x<|h++4!w_OZMaF#)s(rS5mEpeuFq z9Y8p-l!*c+Ffj1QRCBW?g2@V*jKr3E+P`q%PQ}_%EBW5QK zkt3M8-GK=jN2ZQ7o3&_t!_T7@;@Zi5^r#rls(-Xap!eRrr`RYvFvI5zAx}ZZ%uq|J4f)D@w(=-liUNTVLvlh;C-ix16>0$(OQj1x)Zc2e&(Z(2LqwLa~Oh) zj$pl`8zUROeE$3d9rmS5fk%&8adk9pH^6FHA4{3(t)rnTkcrDvEyIPxv@!$o9VJ@7 z=v_P8sx1teeN(2_Vt6r_ozR*iZNs@?6o%8D{n~G>?+-^oCes7UPeLm7>^VMq4k-mS~vX(&OpeJw)HbM6^1n1!sNl1Zn-t;$l#4L2;>K_BNdb`c{%}P## zo(B-(yM@%F5cUGI7T!1d1U^=bTcxzD>?W^L5)uBFy>yktE(y3NNSrt&)iipsxfJ)5 z8ZxeR1y&8Do;Lvr6f3w4S;fsIfRuP!isl_udCGd5#&zNrrkUr+sRKjV<7{}z+qbV_ z5lqlH4jVQs!~Ga)t|tj@eIXx8DdQT(p3rPqS1Rx7YFD6^lg$4xJ;L%-mib}43YjxR zac^<^Fmkpu3N6)e8*hGD3g=;ybH8_gK!hZYF!!pL>kuRbwLbi{tF$Cy>H|JinK9#e zNk)r?b!Ge_H!sz29kSF!S!AofYNy=a7+I43T#I&yQbJNh z*k;v0bFZeKy8G#2UY=lvfHl3DGbQH9NBZ6gjgA~s{$*VQh8GzVlZA4q)uC@f4q5!c zxw9WY^Poj|KO-X&MY<@-v8tWUmM1JSL&YT0)&j&!SK@!?TPcu78FnQ};QaPW$w5;a)- z1<{_4Vrry~7m7tnv^{(G>Y5L5&fQ7-zh>piP{OIe7%hC4LKm_BU^6T~;Bh#4$e7zF zJTP#2yusp~2Mxh()~s6Pgm`tfeYeh?Lvmf62?;bW=W5ecI1UR83hGP1jduLX;xT-@ z&;+8*RBmvmvt{Tdw{J~=4^dMj|NPj)cOGCulx?Ibq%(6yCfV5qQ2J_5PZ%Zk!$FVp z^86L9?5S2CkC9fXKtmsnY-Gg?N?5NUjFvt)PPx_$ezi>H_sC_VI8uf!3` z3qiC{*yGbi*0IVBs>(w@|H9MRM%r3gTAl=0=P)(*{YM!5tuEfjT{sWiK&6gFsCD*} zCx_7)C9M0_kq^R4H*9T9Wu>L~Tlr|Bb~1_tGiPnW8@^pN_(ELVIA0`GE%#LU zZrFe>RNEXD&Uwj_zRX20{nNuJ1kLS4Wd~Zmz(a@bfPW<&R3a&LB83IRqTZF1Ji341 z2gF`Goxxu-U2Ebu*CwgGsaRX@pp|YhS5oU%t;QnlJrWeuXsx8na^V6Z#}PHHaszDT zoIUAa*j<=eF3j&;ZM>ChMXKixpMK!l@j71&kP9Enm?CSAU6`s zVE^b{cV}q*G)eTJ2$#{OY}t*)bGeZAQL}}B?9iE*l23U4afjy3>&Ogn4`xl%!g9zDl|{~dHeX(RY(m-p=N@}B=am-&qms# zZP0MadJ|NY6!eF!`z~nA%^)q9;e#TF_|#Jr!`nzI0(`Z$ zI5k8(WeNv)VQ0VYHh<+(hOTjcTTU9QI-*qm3mFEZ3{^s^J09=9q$P5ce-n*wSJ~3; zp|7eVVna^j-r6Wy&!NCn|dzNhVZ@9iE(7IqB0-QV0zq}!JT3$^oMnu zJd52H%2J_}je0hJ_rYdxKB*M0%*eel(D(;+khpLKBjGM_qU10QG}ChHb?m{23ZLN{ zYKI5yK8qR=&yNgBl5jSF)wvAh+;0({mEQAH;>x9fV*S+6I3dMO8Y4w0EWoo|qXO2d-|yPiI!hoz zuDcU_`k3e_IJ$pcarvm=7ihXh5qSqA_HW2caB$CD!+c7?s*kUBD!EEf`ed^<5x@=l>bj0RkiVV%u zU9o!5wrpKp0)8?WW9jP)sHy4w&Fj~%@B0S6y6!?-Z?hBtn}e&gUY&Q`R%r0Cu+W5- z>t_93+Q9JRLG|tu%GGLB*+x2rlq%sOwrm+0=pOR5AkngX`ROu%1>ld#E6nOs9@fvn z7{YbqXm5X{@M0qm*!P*#uj$DfLtx{_`ASi*w1O?Yyg)sM-M&Rp&8Lr?a&BBrZ~Ae^ z#tD1jwCt~5p<4@N_9-OS>+5imHnh?!!kVh8s^8fIZo6#hQk716;Wpi0_$l5qX*Z+( zN1o%F6)W`KUj6%Y;qe37Txp9DomBVd;E1#`w&nq}O6sw)ZMSqlf`-LoCQjVPhSgS( z?gt2VJA4i7-W&d3DxD%W|LjI)AL^gV`$J#%muBa!mR;CVkcS|ed?$_X`x+bhXZA&R z)^d(}SzW%DXLy8N8K^!|fSbe(kg_I8on%YUH3*Nz!Uqzc=6dozQ$Mh=U{2c3Zx^pM zqlX#+gwzcg^ky?HIiqv{?p5G&A<04$`5#nbCUDz)4fQqJ-XKhxEnA-8+5i>Xv3KtS z%YZJN^`Z%8;h>4eMYEW%B} z^ca~e0|0>IOnU_sgSkoEESHBm_ZmmOZKO?Ild?p2z;UrnN)vz%1U#dQKh=odiXWe+ z@Au^Mz!8h&`d-k$W+p4&dxDA!?TAEJ27OahDJdc&Bc;lP8D<}@tavwGf=+Y$%u=-o z*N{+FuZAsJ=5nz(9SPp2VzmEVU#hai(k7ETNFFeHOp!ZrlUj2jOJ~}k;Iy?~DTG*OnR`YV z0>*Iu`PXHt4H~#Us4_#m5Ik>F0}!dM432x`yz}4|g2`94n+*OdswWlz*Ge|VRjD#e zVsCwiRS?ERar?m&zU#(r#i|M@4275Jq>tC*?oHi%_uxIX-E%EgLtqO$a~NHm3`*jY zFS6G;kl&e`2vjFyepPGh&kZ(}Jm?T%s~=%|rsQ&M{knC#AgSebI0vQV<>%MhwYJLA z@=Kq6ZSJHuw@kxr{4>8ADXN*Rd>#?DV|wDenkEY8$7j89z_6bPryaK}^DecW-R`5! zynPowys$m=?yvbwJ(f#Lj(W)222VSg8C#{!a?Ns>H_z6&WTsnZe~aUNkNx$&`uERz zRPe?>ul%iT$dY?I1S?n@o`yx6iCLFpCUi>J+*POV#G=DF1}IG+Gr)_*IiDJk+N?cw ze?87b*%8!9N2ZQ`(?Xb#6f+6XZ+ zh){V$X89~!v1-*;n@BTv_k{DSzs_PB(FVudrL0Lts{ZtOtD~zc;%UXMg_(%w%L*EM z1EYsflM6=s%5sCDjC?~9!B5GF=%_XSR(iTBT3Tm6JRUoU_%*Kj)9twXR+d*%Yyw)7 zfIgkEU)uhcSzYU?Et{6){wp~%f;rq0R^^|&`%8Ro)o5UaZ5PNCIR^01o4PyuT4zC( z)P)b!@BHezsEr|k1=m1v#`cxU<5Tt@Y7pTVFgQsu#SlfCkyROftQ*yvs{PH)U+ui^ zW!#i=V8z>v7MBL=(JOc0avP0Fk%6X8<3L4OatL0y^0T+NgUafwuwtl>IJ1uSOm-PNPhNPWF zoc;Pbt3n(*R_5l89DFFFEPTO-R4pdobEA ze${+;A}+>RS!vpsB^sjWQcz=icz9GjJ9qa}Bq*9FekqZ~swrl+{?Wd7M?Ab(x2lUT zXe-mI#aQd?HyG*s-Zp)=&nufDroQ6hVsl>>??OJaxi4gNXT?`W+-tiL=mlr*tKDgs ztBInrwA2Bd{6k@(B&hglg8>6bfm^N$y^p^~*q(0Y;5`pPM8JqUn?FXvjU(BB9DA8{ zP)?C;HF4r;FR$CH``UnrhEsx4b&dCJPt5#gMv+~bbv#Z(Q`3xEnl3k?>hkD%=T)}vEp3V}nNEh=smc>jW_03m-uU*89 z3`3WgknkjF;|9m=&S2hWr^RX&7Zr{3g)KvsH6J|6Ty_oN6k(>J4j6xx8eF)^3z^5) zHTUH`okZ5876cHKdmb zr>3aa)IZTIw~-isxOvVa9KuL{X7oF%2x}CCiW{6W55eoi)33K_L$B_PgdPRN<~i?< z(7@0P^8~dJG!>@3A>A#i(iwVq7;bT`C~2M!l`~d?Z$|F$b)g1iQ#6sCL%$%&Du^f~ zN=z7t{QRoH^?wq0EhHH0Tj4$E{5OagC9gMSZ==@?@->e%>JJXmWwbf^MzwZ5Q3X?}-lEGD%MOiKqe*ux zzt&J`kvy`zU=L+h3L0&b*ydNsaiQ*60dvl$kZVW*0oNmJ&2&tV@{I_NX!x^-W<#V! zb^9*32by!au(&*Ft`+X@BGOc-REjn%vwL%2&pYB3@&dMzTpP9UP?lnP0sS|EeO`Ac z+$PeZjWwhfu=6qNzW|mEn?4kMJRVQ$mTlYWx9%(diSP&H28EwL?|}rE3;Lt*VAn~G zu<5%WJS*Fn*&PrSDm?HE-9(s4;W8Et6OE+yn@87N%d}{aAZF{J$V|*0q}r%a^P@|q z=(pgI@T_o~BO%u^>-@@(O`hN>4pcc(`O(h*cu-EUr2@hud2W%mTA0PK_bUEAaI|BM zIDYmw_zqbnr6p~zN!iAir^dHq!Gxf6qkZu2eTv|g@rL zW%Co_zL?8v>&+JJ+BF(A>Q>dy%kJFeVk`w2TK_d|+?!&_o02vL8ov7R(03NqCDT9> z3EI;zZ6@JaY*i+f%cMJLG6N&YvFjj-U%YY>zh>$`TxW0J78XPm_+3up>+5226Av9f zZg^J}OE8zs>>;QA)=Zx>rxSNr)`!~kZpRP){GGJUUk+0V#=;nL`{lY$O6;p?%tn+^ zp#DAVob5ZPn^bOD--6x;4Qco2vuCej4RgG5KPV19f$X>0)xSBX9}@A7|E)WVXZm%Q zWf^Z*aj6qfzhBy7?)(gDKCYa2ZF7H%(cCfDu3pW~%-oH#Z7E>{=U1P$3AZ4_N$nZs zCk<3rK<4))C281;%0W`K%r}8J9PPVsuk{sVQW&O&o0qf1>GH*@EYv9QAZ_<86e^+C zn>q3bl>0Pe*6u5>soXBc#)je#LH1WLH4;4{3YV|3+*2{`KpT;Wp`zSRn0S`}z7>w9%#8z=^9_iHP4|{xDuO zM@mxOCD+M#c`Wc}@#VAc-P?oD)xpWBXv5+eW*ZSqAf*ZfMkO#!2a2Yf)#1{|<^R37 zI_YD_UIqql&>cgi()n2F>gXKMCcz?|7PpLdOf54A8p(4mhj%J6W73uS>g%7$J-q&R z^~%Urz8bg{TeoaEhHtZU9%OT?_L=EL=T${hxAp~vi<`)9&ZgbD(`Web#N3+S7ygvL zfm4%r2)+>=9X*)qfg3+DfSWp)*94#%0BNp~vV7;FdNf(8eBYxS##{^yJb=&$C0G#u z^{!l)c?vy3_xSaQE!1mY>b)Nd9Esz8(bf8oU*1?Jq|Pr;HT2n9|spam_9Ez zC#MKZe-O%J{4)BR4NTz4l2pO5;Ti4mT(TjD`;nhOK}tg10K78nn25 zw0X^nc()4OCXE|cGjnMPE1(}MK$)BA9<>Rvh8haMumFSUrr=~$EPeF!B4%zq@*T(u zd%knPFQYi(^N0n^xpQYbjhgoEI_hm(w^maqWwVFrA4)hJ`$e6-yPC5L%JzT|Y*xC> zf8GOStv>MgRqfxg4EcdFNLq2ZWEOG&0RbZe&(!MEH688ksLbo7?l8FL!Yn3}_w87! zQbZBKl6N*vYrdAA-cH3;q?zNR%8!rk7xMQemFyEd$89+ro3&7!of6d&M(MD>|827R znk(R;GPuML+HdZ_OO?D!RS(d)mM1O*Wb-a;HrDZgyFWW8IZ3V9!fZA4<~9V#4seRc zK8ZiL*Nn?&ZT|p6#{sV8=I57SddR(|9crr&M|5g{Tc@s&kXVsUaqKV!yBd9*|B?9& zr|-pKXYpMKj*af_p3~N7b?QaWb}}^d^^EHQI}_UR*lSS@87~~<|9dU>mF-I|kXQ_@ zDmN&CS5ZV1*;fwT5An5sznU<8keA%JC2|-~TL&w1);iQQ^6vqQaA76+UY0dicP4B` zMR*%_>L@aqET5BkJ6plO}@&p_fEsEIEx281x{(Z^Vll}r2PZF-^$%GY` z#0$`0)3IYq!qa|LR|7iEtftZTA=D$GO0%_=VK*%O{7jiGW!*k)0V+=<*DoyhnWNc5 zt}T~0s-jRTE=GoQho=%4A7qP&fP|RI)r+_lNqL4v?4Vq5LUrB0Jbd%{I!VQ12JMa zCN1t8_5s3|pXX*7p3ud|{vI?Px7`pXxG7$~c;R_*WDEkvX7MrxqHRu|(prvfLW{@mMdXQej^GcHQPUgsco)?l&jos+2XtI8Evz38N@{#x|K#q3 zAc!hvJahy%Q};(MJE z{w9Dxa~A^|@c;#FyL*!*x;9hMA2XjZogO7%$s)A_$?8q?T8&s?97VlAMtdvA2LeO9k3Y_xP~M9JdFQd%!*FPEul}D#C#dY zCdOKX4w`V%P<~B+bmn)r{aDI3UOTn$WYZ?Uz~qy{E&Oe~=ZwzS2fB~ZSc57`1bAT8mj20K;(YJ^di!)!MOD>U6my&Y z)-06qxSTkmaXc%)FEAlPO18q_v*Y?l=OiDgz1U3C9HnA?H2vN9gf#_zZo48n`L;H8 zA0%pVh&Eo;9NtJ2A~G5KVvY7mq*^a7eK#BxYAw1Sv7ZB{+2||9-QD30#!o*fB3)^0 zrkt^Tc+sNPz934;|G)tye~a%)M>g~n50WH{QkR9I4r%)kiA>2!)pbm7YvN@Zy14)B z-8PY_2wfy;fa|p(Ov&44$08#a$7gJ|`(Ma|OFSAAi64=4Wk|$ke}@dqygq1FvY}*$ z*xH6o>OjLNBewph59a4>AM;&l*R4!aAr{;FG&=-tC3!E%VkE7Fpe@vHb~e50*-}X( zblbzdpfzMjTUp^U+c>DkZc?O;4#Y(YsiO$AMp0in&YvHyK8rGY4>$U2p5;}SFKs0? z@W_!f>a&bn0^Nx@l0`3bjyZqc{&#h_<^Qrb#Api0Li>V0@?mwe(j9x);Ji>0I3?lk zBpxe}qo*5cR}u!>UE($XD}_tEierM3>gVjW)lcw0j^;+gp1Mou2{2KjJ##PGcWR8^ z%7bEb6VQWIV4u;CKK|}8DM)DwuoOZlM-HT`Yd&a*vlW#&m&pyL`?9DYr9LjQ=*clF z-{(D{(09J$Ml+=bMYJe{CJTRDxD8(8uJpBd&o&#bZ;!K|)AkN5Fb`ja?<<}!RJLd& zie}vF0giQxn^~lO%-K?v`v9^O-NAM+E&nC^v%qT&rkz)a;uvQppY0(*Z=@{2#$P)a zb9e~S$j&txA*VYH0Xh%|4=@Jt6_m3gLWJoOTnhbzef;IkWCw_K3dPh|phoPKf(@fd z#i^Ha<3`AfpWo(sX#=Sd7P5^JSEkv)X_&Af`MUy75zX*9*fc!BX96PRtCUon(WThx z-5V4bNnjA+O(+y*eXUwG9WyxW&JIpaE+a^}u(DT$S4Q`&m&;X7K$VL4xkS`RUoNpd zA*NmpKW3MW5NY>$iY=iBB|8)VM&g2aAcrhBfLMz!l%vCg*HTFGm+&N4UH%?|t1hAq zoksh?L0_LcgOi~?aFyMsZABEy5>$>hQJ^}BOrz-V+OZ>T>@SlXZTeQu=@dGa^N5)6 z%Q{lP9X8%L1Z+6(*<%rYGt-H{8D%y^b$O;?84T&h-Xm6ZYDbkj$mMfu#I%C7gpzxY zg|HsJpV|KzZlW(BgGVC0MJVccr~tAb?PRCa^4{i@i8nZ{zEqVyx0yDr0azZgAB6{X zzIX(9X`!3}hz;64E^Xo((9@mdWJlCm4LqpQ)GF-!>!6JjkP40KVEl1?#;)$w2<hZxppdVeb43d zO=L1HmpP8`rnGsv(SCRTf!}mJ@87(soG{`jpFI>IH}z-Uj|Dx;*HeD6L^rl=(Zn z_hByF7Tn%*+Ncli+I7^I62D`|9&q7a%Gg7(07yNJ+T)6Eu)qIkz(<->cg>c@)0Ykc zC1D9CUF2$SingppL$7Dg?mu{NYGyCHPnxdOmyjzHSY7nlNe^S;EdIXF$pibe=@pQi z`=m$a6ZgqrlSte0jBoXYt5Po9TDMWb`>TlCE-!kxm7XMF#p|v1YxO5mgwVmxwm%jW zWEns6+~cR8%3G(=ETK1U^u4l@D9jH7jc143tmJf4xe=4}^W(PTgKhOR4`#l-m!9sn zI5^)Y^GX+@Uu<1=uIoZt0MwqYVnSe_x7#*Ockfz9pDCJr3mP>H$Z zZ(tyVT~st)rC%C~lP6B(>iQXM$|gf2`|;z;_r|aho~wF{_*3a;zqb2w*ujwscfL!b zOsW|xNzy&>?3qEGC2L^VZm^J^<-s6fynwztRMFM6h`& zy=yv`DMgw4`N+iucVGSqTAp+h224r}WI`kCHgPkdrg}|dx%~BmUN%$t<=e1#0v0ub z9qCoElGQp?Kwi{i1poYsFQ)>=DsjhNhHSC>p+?YMu>vx|v7?(4g?%c$*z zG>x~}SaYU{=G!Uv`$D~a!8?nK+;J5T>8#w;=y#bCIGUdG4~wr(M{&T z0_B^2xt3&TyuHJ5mXuXE(G>si9BLV4QohW`pH3q0m6sZ>vR|0@rGf|VAj!EP`0J|z~4_tvHuA{NL z-qK`4Z}Zh?D){ZA&{Pl{G=Iogx+Lii;bp}%4Ms-*SAB)(o$z6Afk>BZvl|{tQY$DJ z7Ti{X&Z$F$W|zpdr%$KvcO!#G92er30yoc#n=+Wx3U0pJw7J;;2>GY7B|eNK)@>ZZ zB4^L?NA)gpc7)JRuCD9~M5fMcd+PeRwBDS_?OEvpm5WpP;iDKr8z2RNah$j^rH?@~ zE<^o%8#HVvwSYvyKqAWB$rZDM8HX&>^T-lV`h;@m3)vuZMm5u>uoM1K4R}Hh)?AZB zY$`f0Djozm*&rQ?+c!s|0NhK$k)CElX!f?8<#iQdr%pMc@|Lm>AS@e*T*TddxB_=@ zaZ7NwT=g+A%LBi=$%NTzte|CN=*wKl@Mjwi(U1_2fu7;L*NCaqIyaDQP`Y}7n2H*5 z5n5+)!Lip0dBrGlWd5M1`vL~KOe5kK!L$)(6*@EqV<;p>PEp8C6IBw6MiSpZTk7$z zHI-W+_-Y46w*`GDxkbHZHus%&VL=lS!&4$8J)HWL-zO!k>ER|PQQn+nA$c4ZQ< zMSP0QMMD3=Z5&Z^3ehT6D$!nixJKm%Ep%G;nz<9{ohXE0qTNe+=8z-;!?y#j6jpZ^ zZF$ng|0w80jtPs~DF6HM{i(d*m4NFKsRq;fFXtcni0Y}BFh5BhW-*JttV_-YL{`8b zO?|811uZ|1w~Bal;Yt)9Xl}&ZB`PDr7tSw#Wh_QvZVNO)W-NAG;mXil44%}4B2ckD zx>yXOTRYDGavi`_gaDj?|CnUBQH2Kqa1@FXtjOIUN&WI331J035n_~k1}}mNLP*WM zb#|qFg7V&nR2ri}v48Q&vyzZSsa%Z|TU|qAtE6(o{pGS0FSq35r!1eKO1UhN8x+bS zx|M%{4hATF6yknSH=;V@%gI79b$CowDjBP^(W6+9+{^VUzdUcny~{ti1rINI!_qLq zwVSM36<3;53HdIBFU>cjza`bnYnmOGY6_eIYMt4OB9iy;CFF-vD54zD;au%{mw?cb z$S`2wN~tnKS%#+5DX*v-9H6-+)5h=(I6V5T+nhBLoZw!)V$k5h{?m{D`*JU?t!>0- zmElcZuU>&Lw1!s-FNdyDf8aA1^TCKhz_ zRe<%>NR%B;xHG2F*eR=>x;EpI^JvAz3l~me4Ds2sN2(-W9Q7w4kVbkO#8y9?@yGY?-_K0&T*%q9bYe6XB-m7QUy96mz{T%TnWG#RiWrQan_CE4 zz=@|+t6qDotZ^1?qV7@^7DJYSaq_(+WRVL64y70b{d(BgE_P z_=yu2vNJfpEjfQ(KIC|D^!oEv=-bBzH8D8M*sY;^s~I8Y4@_WAgEX~`R)vJ4aA4XN)cz&NY5D(K}_(GQ>A{pnaq@<)`f(Jt|GC|?- zCZrenj9{^W#?3{3BO9!^_!ec<>tlcpYu2pMtX%(6;}}neL#^&`+6k|f*BCftKV!xP z;1&KEMv9hb%QIl~g-U{z5bGX*D$?b#ajvQpkx~F*Q0{h7*iWCHnA0liEIl*xv;9Gp zJK65s)~5|AbB-!EI8qbhW^)Lr7RGn_fD{Ry$EZ&qUxmu6VBem*Nmc7=&fXZ^I|LG` zfd>PvAoBL?+jkmgSK|oZSw=c{9wT#Y;6V+6)~lD&3gV@;g_-hC_fQs(jqmU0u02*> zd~p9h6#YCDrl-dTjZtuN^;rJmDyV!;m?o&W#&fco7>SsJgoO1`mh=nDjdS`a=pCp`CxH9UX0KsT{p ziI9uO#3|aaUarihIP;bLtLg#Po8Ve@LTw;{4rPc<=Kt6tVgBhwodzjpl0lK~G*@Tf zzyJ`Mlzl(A0mk{VicVoUT4Cs4ImcV6KlrKd8)g5I5NCMK% z{~f~(p{9V`wg33bcT?tr2k*EUR6WGH3%I6q9?*x!nLseb{62x?EVeeeG{zer@gChgA z=UrY!HYIxR5Q}3AbqqI>{jTP2oPT!uCFPD6XQI;%1$BVS$hRo5*c_?k|j?IOKf8 zA){yc-3I2n6GiKGkQmCq`XR2)?G#utn8)VX;Cb!6%HYF?8z^LwHxs^bdSW{->CSin)oAoE_U^$+?QZ~kGw{N=S4P`rFp6Ru>X-y1uDSv3O!kho!f%(05a zdIu1tiPK7kxC!1(fmD)#*yH??{9YtC{PuYijwsQAQUQO0Bn!|VtAeO-@UskKmO|a@A~wT+?T@H&}&hJOG1ITM5zGy^V#p0RA~{6-neJa z=#rm3K}i{gq5d_QZ`$zB0Kh`nj9$5MHdj%_Oae`IwHyw6j{swQEPZw_6#Q&?Z=>RB{;!WXqXPt8uvB%Hynw z3FoI7@OAoBHNP@=O5L`WY4oNQbs|>es{5X>AwSQhWQ0`Q04UK`7 zkyh76yIEYg|DDR1zeuLjio_3jd3n`zU_y+&Yt#P_SEwVcr~Htuy>@S2{l%z>;>F9C zfuH!`Bh6NFp4v!s2M}j#dZXoi%Z9%i4AX2T zvk%oyb@!rSL#%$Ed_yVfKZ`lFiHFShC&o-1^l8azmIJy$ z#v16Ce$4B!V1Fx=g{|d_3vPl4?9RSUhU!BnJT9xH7vD~f-1>paxWGC}tO`*QK}Wyw zm6#H+6^4goO!M5~D>rvfTKJ{p*Sm`P+G#z@Dh916^e}tcq?7T{_{*3ZO?)Djfmh+OojvY?4gb>~#KmdwrPLaz$P^W%G1?DWt?Px7VJowmQrpQ$64W|} z53k?^)$m^eNUHDv0X@Ma0iX+!%Y=l6-n@5%i)|YvS)U$b?uWa0fe8kEGG4@PIx=F^dY2tc-TT-n_3af@ zZbDBAcIJ1-DKM>fK9+R^^&vjbYfLn{I@Z&UJX z@7>|)d4n*mmF3GCfR~?tx)fnX3hXgGxKq6+WYo)iEvJRyC^W!O7{)2jCxwROgZq}v z8F>VeLTIH>!36fBkVLCmi1=0FTKIG@@LNF3`MBV^&>L-FPEsUHvaqnQEp&|h}ocE<_x(jy*ykTG3fRABbo}Mzy=UaQT)Ma0ha7cbIHQ;0yJO^l8 zRgiZcuDBibK@d?oz0#NKUYWlcNbQ2K!I25e_|Zp*B3*YGM;lq-w>YiE9E({(QX<$+ zGAahK=1Qz#g4RMq{+HY9*7k@qXO#D))!COeil9fcR|*9kydX5VSDIxQtS+dlN!;MFmQ*StEMsQ;DM8xCK+HJ^Rp+ zZLSYbFdl`TL}r}%9b$YfR)fx5wzx+y$?pI7vGBS`Y{*9oHlGz$c5b;l;Cj~qK`-^j zo|i&+?;DVPZM6mx-(l5V+1b4qRA*q`>0}P$u zuKE{v9!9=5a6=dBb>ctNZl|X9PHq$7{kH4lChI5HcV<|yiU%^Ff*OOM6zJau3h2mu z^9?oSI!X>l-CvD?o-MZ4qm<{aI0+JJG+)-afTR^iK?mR(c0XAMwBE}rgOilH4bAe>uGbWRszs>1f5*PQ&UBYKg(&1FqKC$_CGYnah z+sgk+9khG*pI4<;$)wD6n6k6!U^R7y>1<`@VVh2a zI1fktg;wbOZx=Iu~-s?pY`SH^bA0pUB`WFiM+R|K{HmVoN4 zqfI^110wF!pEk1_{EQVpkI(p%m3}x*bIAgw&fLn+sN{JP*+9YFVZ@$ZRd~p#lWLE| z$T~Vdf|u@f{qS6*%}fNiqPnnr-GmU>cnhEkp9e^-ZIFL>4p|1&mN?;o)7pnBck3P3xI(1X{s`plUVXb*;zcxT3hg?Tcab1_Gc%I^!$&5s^q^qpzw z{=l%u1%I?Oy!CqYh?+feV8?yk@)p{o;Bv@*$qt+9)1&15dp)D+8Vyuf#Yf%@Be`6+ z%f0UW1M)Nrf-j&)qD1PBtSr!B=eqUYnbEYJjB1d5p%OBo0UebF2h}+{ok88YjdlKb zvq|2F6Gv3Xjrvl)k%8i)U|KcOaIL?ZSMrpa&wD^xNkw<2*gkM8T4+Ce_5>!t{NEFq zV2B|m)Os9ih2!XBWilC`-!Bi2-F4|A!I_~{OY7;-Guj&DSKUO*(B`y@QBjlnpyEr{ z7}J+%Y_#VeBxX$=R!F&{aXf3G?rx{FW&A)M0)&)z=3Duwj6ls#FTVdb{>R4f!3EyW zH*dVFwQB5KRffwcD!FE+#&2F$5Lt)fAy50I)_|Z{X*JfCmQe+(q2wj$`6gl)evbrc z0NUGkIl~>)4r}OyrD#cE9EHVHofrL z$`~n}vVJTtU$C(|V|ajawD&R)uni)S^(Eh&BmOG&PwEo)Bfza4)Iag)UM8I#E^bO) zcCP#Uss)`Q;eilM4=JG}cjTCV|ML1kY9qO*8D;wVkjC$>6?C*#Uzy z{q%nW!`gK-G|YNG-W#1oWN|aOrI5k=2u_X){i&3jn?LZ==U=J!?lp#^(MTik;pT!1 zZH9;4DLoZ&@yYRT<9~d8*@$cd$#YCdXb;MW$k3_%=UOjH)Y8D|4FD!H2b2*?j zx1__hHMRPu1(>s9gA zQ>QK%vTm`HqoYhO1(+GtSxv?^P{qw}e;>WG*hmxHYcvRWkdnKdZO(rN$afuozxq3# z$jjb!3`_TQ3O@U+0KiPb0theBWI4$|7)g{?s!kjGkr(O^J554Jv2DK^qO`FU)}|Dw z$ME@^f<_M8FQ2>4-Y3m0Th7l1LzY-7bWA)FsUtw9`!;CCaA_JorY%WsH(-+QkWDt@ z=R*S3X2ealvx_N?0g-PocW!aLZXQskiquuV%QUC*tic#9v@I zA%$eg1(%hN7cie4mNdTKz2$vL-5N!UoYLvaCD)P&eapbVyqvyKExwnbDNX-eP&+w)d^+uTm;z&NM*6J{Q=%~YLoB)7o)r!M92f4Ldf z^&JKb%>8dek@4h~^G`FudCr_y^&WK_f5el^*ZfaX?U;|B`dV686kIFM(Lj5!jd9NP z9*Ga{H&<1k_^M=|3Bf}yE%MuT(Y2&k!uF{HhAf)FqszN~_RP6+O*`(h`_?qE>9eM^ z!1sdmO0zD%+j}|xGS^3)-M4+GE&Hf<{m0FqWlbZV4u3N3etc8=X5`4Ke(-->6x>{o zQrbKE*0MIe0(QeGwtPEj`gCv5pi9 zPY&v;MNxWb(Iu-F@8n)z6!_Wg!hNOwo6K@FXZq`K0Dk|OIH3PN+#glFUgp?vx6H`f zJmKEZ5wFpCcY!))xJ{EG+XjjiLG__IE535EP3lr3cmuNq3*ODB+}23+jBqnRg!j)p z1THJ8G$3gvMn#<*{%ERt)VBPl*V3J0#eoH(8~CCE^zi$~R&Z$79)#qG%+3dmsCh)U zfnGq%A~@tc;nZGaqgM1-d%%Fp6VBU0GSH)7$IGA8FrXd_GP+M07-tE}x-`8eVL4Ui>;%^>WbInC&wu>*&{MPXT#5xDIjFqum#-ay z!dBXtLEZxoLA*+KJ34q7>>bqq-Q||tS3S$q54QYv)Z{xvshKB|?Z;1*@@<$%OrB1| zQ0twH9&OAw@H%yB!G)6pDblWv_B)1M*Ma)7r^_|>S9qJ-p;r1nAq2inW{C0N@21u~ zBMXArQ()6KIhz^D`0(?t4%qqB*Pn*v zGN28;W}E)6f4Xc++|7q?prWk%dCX)v?YZgbp{y5jCr_U`QW49G=RgYjGvF_TulIhf@j8PBwdTtI@*sT}5>}Sb+Ji-Knj)#> za*OqY{{elbQ7JpFKMmx{pxPfebhR- z4u46v^o#-7slM4Z>fUCR=q7WJZj3r`;DE%~k2zTa2i~n$fF(Z!LS=yYqCJR2a)3*` zBgQnBkel%3$$t*1PPMWTOHPgi$)%`eP87rC{Wz0)2yLk{r4&Ykb!9uNBZnj*558OyYiEmq$L zGg%BEbng|IdKj3^BdlqM=TdL&?Ks?m4|bYNzK1N{?nn?3`I(ASg!R_v#NIE0@EtgJ z?!OL>S0PZ9O*p3eTxa;fg*G?Mwdf1`{iL;Cj2?*DyBWi9Ot?}&oWSY?tJq=|(UkG; z*e`nq^-_PxV}8$>8V@m^*K|9fm?7oA4H*icn9lz{^FBq*^w9)kYZkI#x6%+d=| z$n=O$VLfMEJ4hz%r@TVnmPAqQDb$`ce*X(T-a`pOH8wt`uAPLvofka`>Q1^L@T}E7 z+$LQISemWj-j^Rvpts!#<6}eC?vnZ$EF~QBKL=z;#z`X>odEyqv6ejx!)xZovpSHBiKj^1qL^>6qvBw_91kIMIC;W7mpBpCfVR~y%B%EBaMyNCyn-oI1!M!ID?}OSm75pC% zOJRa!#dTOmRNIrLO!3-h{IdbVG-hJlWWUItFmy<8C2m`p48o*RaZ@m3ts#Fc;_TT} z2IsZSeXw{pAs2$PQEs z_ZB9xZe{QtqE-p3H(LAAR_MhE9jT#G*%^`%z@aFhn6d(QW(R(lOp%fNE7C$bLq^c` z?cBFdh5#Y{c=;wIJvyB=N4Sp7^7G}OQC%7Gu)yd#z@m)G1fEffP<>{M(FvQd$dv@| zZ{BY`$CPNZke`v|zgIRG<9h;L((=V3Q~=p>K&dBMB1Iu9NoI*@6lwI;D75}2A9bzJAVwzrVJEuv00Gt*TsPlI2FxzT`fO%< zvT<}w%tRPT#;bEEDq62y-*m?)Dy;hI>MP@CDw|MzNNdl9YCCJzc#d$=fkyL(GE$F2 zrV>g0dKdz*ir!IeaVvx%uu+@j)2G*tTZ^p+Ux{8tv8;TH}pyKBSjTw7ssZd_tlFpF0Bs-EN5>GBUD^ z&3~5&lPl`HPq=ADMvvkUvg;mt)&}T-J;u>r8F5|u*Wqj9&(?jTo)@EmqP`zOxN9Pz z4a6CnotwK4PXQA|@l5J}SK$Bo_Vw#=B&}c|R3gA_sw2X!u--KPbQF+0|5!*o9@uqCarKxw@vj=3W51;<2f z?sZgDV%fQ_6F7uu;j||r3yB^VuLwzx3us!z$;l*ryk654||+$G6A5Q0H|5@!dKF%>#G+%3DYbci9m_*10a@_r~(++?``bQ52X zU|?`!1s&f*xC?PQSRyiyXh-p5is3YBlG$_k@cr^Rv`3ir*{Dk9x)bm^abyuu=I~}t zE7$>M2CU+h<8uBQk_}GaArq6RQ+22zb()}K%eq-zG7x(I{(aQ}q~f9xuEk|b_-&9k zLCll^4;Taxff(5YPM_%50QqdUhxUL91Ng2_f2QN8uKw^pEdYu-kZ8_PbH+}D69bUF z@WtY+x@!>L1j7xg{?jx8UroYh2`oGQqxw$;gaku8h9u9EsQUrp5a$eu)FC!+MP9U# z1jmN(U@}a&=Q#8Pj z9|tmRCQza5ei<@21n;FYRa~9zJ@H za|R3fxw)!HIg%U|#IzmI7^heM{IQ`~!wJJk-iAshuEyzDw*aD|A-q5snJP>_Oql|} z*54h&uqMLuyXfM|ayP6HPXuM4MAG;GaXkauqrr*sg4XG?uR9=E#`YPUE)P7L2;(^i zq5;IxQ`RS*XTXKVh@+n13Bj~;#CUieR7w#H!gLKr2;{p*kD?(ZMnXW`6|XJPmF9kO zbM224P%QC1ez4$2V2Pt*=09|Z7N?_TZxC^rdjEZ>+lb;o5@arN+jjtZC&aDb`v|fJ z*f7$cTV^!L9s7%M_yduiU;M5Cu0r}iw~iAN7#Ey34bYe8MTf#|T@N$@IYE!!&>PRL zJ$>}(!gEvHWVhRF_u^#$d$2YuL{tE=uq%tZU9Mq~H{)*+lbfO1k+}I~xceGn@H5*{ z-((C`T}N%tM$7N1Nf=y-W(InqXTE;?goJGPqI=1|BUgGENg!>udg?K|APT}9 z#oAlcwG5n`AA6Q|*~dSB^24E>)9bZ8Yx z%0vtcQ6?Ze7fSH;&(}a9lH=qhzz?($=U%0{3uS|nR!qK+eutPw4Ag`0BjPmNg}7$^ zZiZ6V-T?`<=;6jLWABcMV_%U&KB2T9Y zEzi>DYkilcfp*8KCU&K*K=1K)0KMn^gtbE26;Cn}t;q4*@gCPFiT2E4Ft3GFFC&w{qSw?H0ENb1NE+icx)VHc6y zOs#>_fe`I?N;mqL|6kg=zEbnE?=q0UQ<|DVkanZuO%LARZoHqFs68(g@Ei{zV?vGCiH^Dj zw`-r8_2tW&c;4s!YP}Rh!v~C(7;x69XiO-xfSx5Fs-)Xn5_S0jNO}Kyfd;x{Z+{AG zUonvmg1(NSXZ0)^kO$D0L#Gyw5qxc{S|S&VPu0s@g_fN7xn7o(*zgZwy+ng?H@bMS z3!?0wME3`pyF*)L%AQKA`b_r7SZp9dBmA1FG1l%eg671b;`%vuZfeSr z0|GgsJVZfw$-p_G8c@s1(_-_;c=V&`o)LBXJ!LD8tLVcG3r=HqS-fI(hf zKEcvvx^{Bu-KS5{IF%2;Y*x}1mGX{he_BEkIaUuGe2p`u52c8%62O3l)JHs|_bn|c zfR#RBWn?6j34`_Di>esyzvFM?3qBy9JHiGS8KJ1wJ$=w&=AItVPBmio2P zD;+_IF+3|y?n<~dw4hK20i*?i!M#?&+LD`?S!-l$tf4T1=SlQYFi)SEx~Y)}fR-2! zj(Yx1&*!GAh-)GS1wd|C^;m-G6^vrGp|6WEKk5UcRSRuF$O9n!heRazQ}z|61}Sipo9uf8h7j}Cl?fduQh zxOF5Gk&LI%Fg?0ejYH%)ib#y}eAvAd%L?9Yd2U1-yebf~25Mm$BB~bC&C?)etSY-g zwDwkteW!7)o+6+vWQfYF9Xjh&KfXY8oM6ud8XpZXwmns5=n@&Ee#EUc$4qGd?_nwb9lh2 zmC}gNp*U;`Y7!#-8H%J!9KK&ihz5D6#xI#by>QUrJ3An?S;VZwlM|KU5s*k&N_%m+ z5z#>KOjfk{U3AC+;2X#NpY*06v-YBgZm%0sQ# z0qVyAY8rgN3rJLp?LP9vuYUfH;RWd2)KFJsq^7D6E*pH8l6x`!r7cjy{D93W6*n#u z37DhMZl%ANANT+Yabo*pJj_sL&BbDaRc}Rvm`31{w*V>@+{ip)$-r>h=_Em&LEmj= z0udxScc=|R0lA?+OF;lS8nKoSHIlvyUIeX(m+z!UmjHSntR@bdF`yd65G+umxTXmq zBpm+A$JsPup^_p>7@}E#*fupSjSL(SkqB*IP^J~!hcpEL;9xbUMA8)XuQLi8Dlt+3@US>ByUxMk^oH4%08mXgl;0Sh zLWfhAFx3}fUW6@Grl0w#8)O0@AHEZ4I}v3F3Lix~1^6PI3JxRLY9Lb)NKmaScjo1B zd~fuB9i5&2*u0Plh}n1Wq0v5}qLQk2nUN-#u&xp92yR9^S(JsmCZcTeJOz4}v*{R8 zQKaH;-}u^G<%+ToA}~neNFi$nw4ds?waJbp4?XQjg#!3iXz&FAQ3s&n#MK@6;d{V` z@6{g0!y!8RFHz_j6E8gL#fv&v{6S4)$XqDGvT?7EREVIBByzI&}RGLl0+XDdVON3AVk-YEn^tS4gzb$I^|=g5eH;}Z0NP5eotq_ z0jKnnV`tZ~nR}B$FM^AzIKDkK(Bl;Zzrv<(n9)@>;DufsctW3W3i?RwYlxwTZRM8f zIVMm(V}WL9lFyVH;A$D0oD8kmT%#rId*Iuh61(#u=JgK^rBaXNA`&CZDr%dy`nEs9 zBY{2}8*m#UP}C-pjpQEiARmaDmX;Vd1i6hd@o_ES(cEBNg?l|_`>Sr10bE<#P}2Yj zb?xa{D?N)71!qPSly0bFuo{X>PZJLb*E~VjewGeaLHyFx)D)4t3UleeBV+CJf3?pN z0s5m86HP7O059@j8m5a)j-34tEI$Gh!I1*NZUCySl8OfuTQ*_T=;g58>YycZLkQAm z=@)@z&@vJG5qI=|na~iET^z`u=Xi&TOdR1DKuWMzsv5L4DA$E*j5i==vli4Q0j41E z$0C`#B?L9Jcu_flhTw?OFU<v{u(SMCn_^AU|ow`5r&Kab(oXDJvn<}tTeoXN3yIuJoKqLy=Pc& zbX>qO)>fHIU@;*0^DgUB(d}WpLktm{m_xco8m3IKh)ksv;a>+!DCvj7rko}3?+Wn| zcuzeGiDOHDpWYn!3h@@x|5|9%_TrU)2$Z))DGc9KyhO-5d1Z&*N zgeR8-l58p*osFQj?k+|J3hG0tu z^o&!6@9f7x?e0-jtZrWb(^DECwdJyTjVTLa2@Hk1bHywM=OZ$000efz{-R%+9~gpN zqk{7kzeRY8Nos+IBXBz=QrmO(Hh5;}GQR?PheaX;H#TvsX(QDJ@QuCmlALECKnh|+ z78;o5P+s3Ke{w2*aKeN_0#O{@_MJ<2eQdgE9G!oc+6j}(iD-!o5D-PV0=fN(#*q2Su zVFjZ_7U)e>I;7pJ;ibCXPfggkL)U#aT88QyeZREpS&E}nP{ zYTeFrp9(B2i88cmnD`My1f9aTkayX1yz}$tkY~?qqVrMs(eZpa$LykwAZKL*1I}Bw z)>?}OD+!+8T6xRYd4xCcZT-r~)@@XtQh&Q}H}B2SZ%JJaAh6TPkI15+(b8&@`-!G# zzo=;Je2={o9vorg*K&VNM?+H|yS1@%_KMwE9LldvT#_~gF!Bcg61v5_OGe{hnHvCh z*V)QAJ6m8@Z%h08hf#Vjp|#2@U?s&#voCsSt|drZQHl+sDJpcRAPVUUDEwT*vJtnknpN# zy>8>5SXWno^_P77S@#Qzp0CZ%A+=rzmfA0;J>1kvG2Gwf?Jbl6v~;A2L!5R^CDTRo~H3i0W4YhZun;y()mnv~i2|aBP~| zTxeDhg_{~bhJ+WCXgRO~YZc)LSDG2&T~ge*aF_Mn)5qcO^gBMwJ+w7cl>qOttaZ zanl&`iu|T?FL8np%5Frmfj7UmIJV#k!I?jf3e?H_1c*}(^aLJJnPEOZhD_k9hCXa+ zemY7V#}^h`h%RmO8c11CQ7WdU+>kZSRi`8^B;VkF%nHG*!M(kYCXup)W0_E@qd|Qn z9If!e$mrCg0PVq?;v*(+yx88&y&DlaRzNX6>Flh_)6+xdE$c(R%vBYlbawc`Lz}tK z*WWH(`aW4En;f?4X;SXTdsHNMD?$JjCgwL^*5yHYM&Oh<%jReLBo7z~dc8k*aM!xW z>Wf$%opS*i;7iYXzGlvKR>D|QXot}}QdM5VW)8|D+r#`-OxT3g| zpWjVRb~R~Me;=cG;^m9S0m@@Q*>IXX%2^_{9Mg$PhdU&;DEk{JrfeJ!+7_4&eD(G{ zc9W4;#4KFEctk-K=V$4vuX5YVE3>x~+s5$aiIF9k-$6J@St^FrOO#3KMlPNa8N2Q# z7HRgTJ5AmtD8%ahR1dY^0@;;0YRLzWV(+ObaXEHwWV~JKy+9pwoNIVZ%6B1t)9jbg z+i{hB!L_6{YinQC?d|U^_VVt!Enr;s^|a=Wu930vKWOP#eHfz!0pJnLIf{|E2g)yl z!gTfrlPVoLymMr8+4$b#ei2NPf`zXkYkv@Q$?Z#9&~dR2X(u3!oC{D%1B!6tO0quo zyJs}^_3qwwmSj;}ei%`up~+tAdQEXyl!x{(cN^YN)R#L)P+f z2yTrBxZ*p~s$SewQw#G3DLy!O@sg^V9*bG&{4sk&6Rt?}@&MX_Qk6~aHD!68oj5cL zm?-gM8X0Y;4?SP7q_;7cO^w6(7t*p(X z65sz_zrN%oTliMiPSo= z{)DmH78r--X*{lneS2c%7Ms7vuhGz>*G7MSUHpusV5FVTMLKrxA97=&Z`aOH>h@8>ac7ROd9Ak^@#m&$xZW%bIs z7orB>dk~tcVeB?UY7AUlJ7BbpuPK!G`pdYfqS9OJmZ~}TiT!C)Q+;0f@P(kpBOGlAvL#v+>~)k@ME!ymfKX(jCxlCn&X*?w%_&kSP*RWm z`qe(ujYK7)GC^;Vislv{j+14NygV03O2RygrgCg%M!0A49Pg6!<=VL%eU;}=O*7^a zYj_lcK0Y>2+dAg!0jdiLD71jwpo1gW8yql16O4-tZ3{?M3nJnMOh+heno!LVPX`qt z{6INoGLPZcAu?g`f#@cQnM-)fC=t+E`GZ=9$c@kt19Af{Oz>vJ_d;+DilEOGd&{am zrER}Z+m?9hLwkrunTwA8xqz=DBhOwfF6o*XZKvJ4*H+^EyKxn>v-Eo2ie{7FYTx&= zpKSNJA5fjxXm+=S#Hn=t@F> zy`gzW!!=4wL?eW#;JJz31QfsK6Ilijo3Gu*$iScwH5!b!EWn=~ZmAscCr-!iKht5_ z8Vzp;%ElzUq{FB~$;la_SF?`ZO}-d8pa8p+%W9M$dbP+Z?52dO}%8OYeo>*NcPRBuG>b%+N~d(W~EDZv51; zk4upy;AS#iLzboJYQr35npwuzvgDcvEe8AeHH}}BS5plVNQNSb%cRd6G@I5lOs z^5=_ZQgooTK|Y_N6pP%&i*ZUWTyGK*j;jX!q1tKHeVeowPS0=Ozll}p$5)>oO*%$R zy`A*r>Fwsei`z{$eT%}hwcfs){u1>liWDuKaGWfI`mI~C*T=}de(G}j-6aqN``+8h zWEuN1@MYL0glq|Og>e4{;3tN36b=c3x1*-6MF3C=21o%oAY55^*MX27AlQ4m=wsvO zRbY1j=uu6%uz!(b zjb!J-vSL+S*2xN9ViQ>WA4YiZE-uE2J2ESx{~xa0$Tw~Hn<$f7KW5S1TQtA=?>nEI zI773jxw@l1tK9UI)nB{hI-IUGN%D7sijU09FP&(K7FxAze?mD6nj;`2gc4v8%n~Gk zg7C=E64iEgMmab^)C+~i2{7k`vTLW}DhbvGk&lIwklQF3qz)Gp0>J+R@Ffv0s{?Wu zCP}g^BSSb9FkkP#InC&6k0Trv+E%jA2LHgo6G^w`T~qs*vi>nJ$a-$dtEzg&#D z&^birzRGj1a{mBZ1FVQd2o9kKoOm4=NG|y=^6p(?nihm>bR-0r2#q5#Pv}u>tQ9<7 zI0y5`nLWTH5TQxXj=}2I46P0^O$U)IFq{+VW>PtOSLO&lA1v@&NUVs^wsC}hdLE99 zqBnh`d{Tq9VQ`38xj2Sjv#@lWJKwPQQSk)cz3uwyUjFso_Z~4b7moUE1-^X9C~s;~JHBLTYadqh^rZ+B`mk&_5({pnnZ?lG*ndhpx#-c{R8 z`-#Dw@?5)E9^W;Kq|qe|@1_oB>A z!sGFkYR&zEpG7g;EjRgHT=MqYSi_aYwHw~Atf|iC8dDiiQDN7NZ^_Gdyz+M!%mi)F z(a~`mZ5585xbYHmW@JQwWNfqV>Fw=J0fJ0I0@j`|f|#xW#auF_yN_IMdPLCs1=&A!R+AK+#a6q=1>3tvttA&(P4UI*zNy zadLcZ@ZFf_7ueQZU{XhU_;5JS5o)4r#Srq|e?uOOe-~H1!?!T2U92wP-453N3Xc2xg@1&#$Vzvf@3FoeLCOd!)K zPh=Cwv@Bvlmt>MZ5;zJqRB8x4AnZC2s{HudbZ`Z$ni%i;V|tn>ka0j0%s(bp1c@3# zG(}ibY+oLFs{8`Vl`6i3mY~!VMYE0Dg%NPp?^lojC=cRQ|C{4YV`~ke^Zk{(_js)Y zgt^Tu+F+lJH6Ok9;7RhMpf@k%f6zDh$Y?y+&pWU!iBzo{vU zm0GM)o441^Kw4`XN0BwoG?@s{3@>prdve z;*FqnGVo+Xl#J_%A`1RrAk!05B#X)tnl0DM#P^;MMY z6M+`&uybCC{W3+i`F)-^vFrN}-ju&%wD7YnF+L`XSaQ?%dBhX;Z~yu8b)_{GZrD*? zW{SC_V^^HEeD8RhXJm|ayuJ6@Yo4$BQ4GT_Mlu}7Za16h_aEFpy7p^GbF-nUa(=%Y zN5jA0D!y05T>#T`Dc~Le8mj`{me9rP>egl8`PR4QPB2B_Btc=r|WI1 zb*Hp<;v|t+Te zJzC-La0|;z6buZ%;WhF=3~=R3MpG@V)EAkQOyuNEv6;2w2G&bYX{qmN20ct8>ylU$ zckESi^|fu8F-Pgf_+TDUo7V;8zwd_;DjzrM9&*Hm_Po1>F*M3ytE5HP9)lKAum7Et5e zr;(9ox$RsPlXr?frp4%kJL6W*C&8x>J}vx+DBm2VqD-uPd~kusL3^7#pWD`I;cQFE zle`lNTI&~_1{oPF5zJTD)j}29uGer_F`aB z+eOPCU`XQC5ZlOTjEGYvt?<)FV(r5@ywr4sd-?VGi>zht-VM8*^83y2QmXNPP`?&mWQ++0yV4!J_ zmeOOu6k+pQBhai>`~_bkJobbyK{*a|aO~?> zGDHMo6Z?pfX76#4zZGP2%;UI!b6{x*rRv+anzd#m65L<9dfBP=e)r+5df(a@5y$@I zUZid0>EQfpot=grqa^sjQl8~wz+jg!Wx}*al8WOk(a6h*wA*;tlr~vKuT?8ws9!fX zGKwJ6-CkUBL05O-qbLiVl#QV=`)I4#%{s64`+IcsbQ_Cim#`7UoX482FVK?snY;;V zI~l30XS5r&^;Kub3(fxugQIi<)z=P7N*2i-VdkXgwu&tOLUVQxiZr)hT-|6CYR9Dp zYCR`fcf*f~u`bkH^e5ZJFAr($2F*p+zYpbqJ@8m^${i0rYylXs$D}0)Nl8gSBDlof zlA*fE&oGf^9QykS*AFMBaicRdd#OoZ`e>P-q`FJyKPcMVohw{iAfL?D7|LF-9UvC(*{6;x=lF zy6$e~6CvI9y@UwvTJTCDc<@+k_aO~@CJHq5-g6>!SthSYT_sm{`NgNGiow-%ckLa!hok>k!# zCxZ;Hg5x;_q)Ka2c`kh2hTfdWO(2mnM_4(I7Y6z=x`+NoB_y>8@99xHd7f!AN$%az zv_m;rwUd}0Tp(g>;cOMKc$Y@iq`WKRmSfg|y#i8HsuU=k2G{w2&`M!#@E#-?S~8IWu-72>LumP zqdO@C?)vVQ1E~c}T0goSf6{Q~r#M8$ zAh!`Z!T>YGBPUurJ3E4x!^XqPhO315OL*T{0x+HeuKcT89@oQI~A#^9i82( zx6aa^HLDiBrloJjGtRpJ%T%CshK>fUdBpC$U%v1(HCs=2riUTi_x;_wuUCE_5EM1y zf4r#$t@Lp)MN1WMQgrSBg7+0Xo5VE(pi_{P6Mzo*$+~KPo8zDW;F@NF?FmeUGBiKf zaR}f%oPGeYihfRy6-6S-7*hZWWlya>Ssm{Z(1h9YgyXj0nOgzJTbCwVw`8oWEV6QF z+iop*nOweHIDKEKqvD!f)8A*0#xdw;T3bnNr-w(F0AqYzrZ{8@{>|fK2sk7pD?0mC z0W_pJl?b6glK4VPL57(tJK&PXB#994>z5rLXJ^1ufFxXg0DcI(9Yu+yt$h-uE-@Dy zUb1oc0nxreE8ay#*Zv|s)nDlJX`F5}+Zo;;I;3l4N>`*BQ1$$5YF38o#9ETj*_8Bq zw2h40OL-LT9{58coYLfCQ3s{;U?v@xhzMGjZAGeNKHS{MYq_8gWaSOVG=?4Q*y7YE z_?0hvbxlzIpGa+Ely4mSOz7#6%W9$3OO{R!VL!*$_zFgOBQD)<7meFEL4EGrHH*tB z5fMt-6zG`A?$b){HAT2Zw#0H?@|`)~qqqMmg&sexdm9^QUCfR>^ZxX`_N7E_7@Z~wT(OWhV?&?PC@7$k^(^>(_Q72YpYjvy8@^X_$%KZEhn|jp z5E~uX;J10FitaVd?yuAL^f0p=tb+RSJ&b0E4-KKjqi_;@m3{D0>|^VJB5SRDREo21 z^P?)c<~2M}Xa-==1wp;x9InT4i2V~|v{?kfGcG}0eSJz?f)qWXr=i;vGzqS*R)jV^ z6m4-TB66^jfeR4u0Z2L^qNJ#AVB&#RL}Eh=+7;0Y?`+iRXD?AYa?O zvi2_~TL|*qF5moUT;`@EN}rdTSH!=MLXlgp#rf{f;Z$-~m%*@(PtV1(PVQuW9Lp~* zLibcuG%Gh>-AHX)_FJpLusd~aaqQ*amu37vPJ%1v0nb1MB_x4R1G**L43MAW7NbIG z7(b0eR2PgYcvGky_^<`vyeaX~G);2Yf>n-i?!u@>j(3HWKmskmwtzUF0=py_2sR?K zBcUqZ{1n;W9}(%gBK^bB@$2xX=RZE@bK}0ERz?Gft^YYB_}ye1GbOIRL(BgiN$t0uYy(pvl?Hd_c;k;i35ZtBDDxj zROVq|<_+)P(+m#}OK7BHV?eHQ0&;qYuy>~#@a+=wL2U3&z&G_Ey`im0K}rdPu_vHr z$6F;*6?g64y&d1BNt7n*r_)zkx5rE3OZu-~SGOvI3;dlTaK{Qm7wE@ef69d*|oAHTk+vFddzt?)HF>go}U>l%FWq|kBB z42yFN&!fZTE9)glH;AcT5Im|tEd$Ax7<8XdKpof8qJz2T!IkxA04(8uAuKr%x)77T zuDRlBx9jfg>R|bptaK8=aZp(B?V`3o8al{oLM4C+22g&8y;5x%b3=&N?}B`WghW@x zf4NP3tF60(L`?7Yyt1`ih!sJSBRkWs+jlV0>_vOfXWR}aCO@78UqrdKDkjYZ{en(T zQuw-p!k&YoO@k#)QN}tX*1%cWW$2|dGY#dOIRw{#Gco`5*5s7l5eREaaTKe%ddJO% z$*lbB@IpHC_gwb|x7H3{<`$8vDC|JDy*&o4AODQ@XtT z}@?%5> z@}GX?w=M;J+<)?a%*{sRtjwhk1Z`hM^hfIs`lj_8)1wMk_y>(k>bo31U25gR1GGRw zmgmDbYJfDkiO1MTQZllrpZD|COdUK(ZC*r%F~#*ECqh#)(*pKj;?eahb@f-q3*E-m zxgzc!$2G7nc2nY0O>uXRWe@eoF5;Y77&-5^{ds=rasH?jh^wz&6iN})DPV?~73{V4 zuY|QPJs#WN&`!TlFe!l~R|6 z<@ax=SiP})xv9PN-Fq6!l7MgD_MAwm9k*=C)&pG`n)l*>?-Tjmvs_$a(tIR!KsQgG zASYJy@u}4>)1xyx{>U78`lY+O5womqB75e%Zh$v)n2!gg^^PK@^wle`Ji*>EDbCXw z8b7u^xMeX!u@U(-yfs@qJEz%6hrQOA?=vxV=9wNN@T0Fo6`nCM+wSY8|Jde|z@}^DpM9!Wrv7$$SBjWL5cGMSi~e~X#>vRX7tFlD>#HB^ zC_GSByQmaaerFfQ6t5k{)z~lT&!4ZDRW7_b!t1S=-1n@t>nh3_yV#$G2~DArjShQ| z>T%@tztJsP;yUYlQ9?nv?0aku(M8zeDVQEHSiDd){{8!()SUS`x8mZoJ^RmW_Eo~Ywaur793Q=yQZje!UNoEaPN2ocC^x;am29|3X~}D-DC%h< zTI%y}HZ-47WAE;cs(+#RWEy*QM;GQlJT~842^QXpu9P8t|2k5e0|X`UD>imVMbMX1 z1d?THN(a8cePdPX!o9a!yF32+=$yOgf90AZR|Ue|emLed)HSiEQ{4!R)c;@{>;3pt zSS=~Xj(uyX01^LVNikClof1JVqmkm(<5oJN*VA+Lmzg3ntf45>sB~Thn;ICfL1-Bv z?Xqe99QVJ8=t{bw)kjP&fFG2#oTBC?n;4%HI;LK1X ze)6i&e0fHtYwlbo_NIg0`5pv)}h?s9(#^wbcd9M(yu`$SO{E0t!p9f%x&7(&# zmTIR^)V<-KnK2^j+_)Mg%9S6TGb>LFbi$*fJRZcx-=E=PxOJ<hX(9v7mk(yJQoLwP0~6 zS#f@8zBaqcYe7trC&AH?eP;UJ=J0UX8y}(#qs|_}6sERBS+`C3MH<@9SJo%J743In zqdu+izS9DlFE#t_d4qz0f|T3u0;wb|ZzqtyU>d*}IP6!U0)Dc@9+ z$Nn(cy13B8mf!gHE#VR<%>VOmMSSm``bI>jrrlw()SYe+MtfevD<4K@?iYdOvtD^k z$SV5bsJ+7-S0T;Y{*m-gt3CZCzZ5jo)sq2%su%M2pa0oGO4J48jjCA(4q4;ru@9zG zMIr?ekW_rpulpL03%6#Bm}4K+7FeIu(9@=?JpEt zFZMY`i8-=&-=86=CB6uzsfc_2GMNFS`JIL3hop~O?5|$`AtCLwk(s{z2SwDdRc>h} zG=Af~wRU9vxmH6YlaSa9hBlo@vhN-DTW2``Sft^1%%P%%jy;~fYYu__=SL``P6Yv4 z03B5e5j~kd$^8U&oGfYi*>_F-*6Y?4eP%hXs_|#-KVbQ*zog}`aARyR?b!5~zoogK zDbqn!;ihUyyTVKV+%-Am+4rt*FyNzsVp_}^n2$BTi|*|I%u4d$$H>MxNCG^j%a3w#A{5a`a z_tku-3gCVw^))H4-E)jTPd1JzZC#4w2D6T)pN~I$ZP_^P$4|?pfNg+2#IF=D($W^q z_KE{QW4xw*U%kwIw$OXUg`_s*?~=IPZ~G>X{^&;4#-3ZvHJ&S?tf+ucb6fSXnU7A5 z_>Dhz9w6y%95rTO3^0g~HaP6ko_@}q`;x~u5utKQ|c-=~$jagU{`y5pnmCh3B z>!0(MvW6GG;*}e6vW9&B^n85M;Zxz|FQO(n5p_2u1u2<)*S0^+Gamoa_bMtX@t&*i z7B_A4{pLuudmR<$h3p;dQ*gyFl!*6b%=x1%miAeqTl4a=Zj>3}QxKw3*7}hf%qjEr zQwra@qMsu1i2oS}P2N18;hy%r#Cg7`;kz5aT2?ko>Hlc~BIjw@;;cbE2m0rW?o*{U zD-#^`Q z|D+|)Pq937a(>%xQWMFtXV0p8J;i0C*So|Q7Fq`d(T61X`~v`VCy$nm_~E>(FWoU& z@0}P$-$U4Oh~6CX9BHr3t(+r9w`qPa){h5KWZ2q}lBDq}27!4Y`Y?dL)jT}CRi5JX zBIfjZHa1+ceos$x-uNdiirG~oXoAjNE?R`^d`xD#?HJ zsFC0)M-2blO%zxJ|;^1U`Vj3arh*W7O`I)x8VN?p3%AzVD+Vi(TohXju| zH&pm|#r>E*0Z1dG`@%Oi*81UkGB~-vzn6oe081s^t~nAMS<}vF!LjA>=2P!lNOY_( zZ?=K|0Jf1dP^#v2@}w=J>sh(tqPkD_oE9ei)pXA5)}zmjN;LmHvR#Q^{r6Px-jcvK zLDVPH)5PjWcu|!DB8~7J9tJdBZ((je7=A}3{}e@v`k_k8P4DY21FWdDJ9@fRz0c49 zCF<`VNH-<7WM5WQwV3Ki{qf@~85J$<`VkwN<)?~ms$m9<)bl;PMTOGhb)!5ADdY>ExJQ>|#i&E>Ydc7vpr_wnI|fi^n8iM<{ZJ3`j}s?<)NFw$jE z7#y+*xV-XnaCgJThNZP5%?%b76l9){9*}T@pZ+yyB>MClPS1?VZx+OjB_*azloSJH zcEh_#*oU6)>^~}7JJ_*{+{b&@zprnPxsv}}&H5bR{f=&BrMWX}Kgn%F{yMBqaXf*Y z$qFY_bQ!$mt}COJB&(`)o9^8Et!KGpJ&iv%`50TCv-5x4p^wjCM1-1)3h7L1TW2;Y z-QcFAotSg4*lQedt+ga0T2I2@BjI~Nw<`_mtivHYL!XvPCqX>yM4MY;mwbq3dkP`>7OuKQ#TBKzPvc%*)C2+-|dVm)@- zV&QPPHMa*@1cJZmNhoeihd36oo9CO+q3*#;zB_p7NkWW3w0iAi10WlRqenY*^tRpq z5Dbv0^>4Pv{EfHcS5jZ3l4;Sg^cr#yaQT53M>~34j#lhfxL88QFy?E*_5S^b)V%!2 z&!wfZe&Yb*4vKlqUYzI`&ChQ&$PSKTxDd0o(4y$ny`Ml}0w>yo??uo7D|jzVd**ao zd+bqL7yGcT#jDJp9Yere+RQwo@b-PhA)&F6zk#$Z`!D%JRCJXarQ!1{Cs%`M*}HMG zVnFR-#}jLpzD;~x1>b#rj^~>5ka(_3jjo=4)1982g%873hPxR9UYrQE`daHR@jb)F zuE9`STfI<1@`$QBVB>*8_jL*q|A6{qGK$(~&RBiDhuq1^PcIXgJnZa9q%7Zq{K7K4 zT@}2IIMC433ilNSmP^-upzSFky_Odqk!sl7?u0s{7&9T3|IJzATi`Trcw=@9t5|G_ zgCuS@drC%b`1T(zDd~Hyo9ZW*bT{aqCW7T{y?XRR;)4F(Pgo4zCAM^e7?$v=vs2T} z0#L4~^MJ$$IhCO|?<)7*2y9+_Z8Bq4$zH~z)C7)Y;a}c+m&7&+aF;_#r5y_!B z>xq=o&NNUYp&to_ZhHJcIp8NEUj)JE_ZU-dCrp+Cv)0iu3HKd(qjFl8K`tR-)J?Yc zjoY5$sdBpqjyY3)f9QWN)ZP9yw1D(~_Kn%Hu%p*cO;myo?V9oy(bF^73psRViDDgO z#$J7V4<0=XE{L6}`_Rp0QvQcIQ~ixwvGY-KIh{}XU5Cf|!KN4fXTLzL8y+E|B;_6zF;GKTjsye~FO}W|h;XawzZ#tR7Zz z1S=CFUg(+vK2BOgnKoBEGm+`~Skw^n6E`F8ow#}n1o|0mV@{tp*X!aCX{c#XW8Q0Q zXfaSW@>T63hq|yK3Fg?wuRfwI@rekFD=v_b96NW6l6-En{Pa=pRk4GI4xyDJ#XyS9 zjemaE)jw@fhBnlN^;hH4vRz9+!S{%Q3^$oheu2QVXYWc5KW?aduA;)u$sUIEV5`ql zJy(6&boM{$9L~ISN%@3c%$?2o>ZeASR*wuy((YbmJ!)c#zCkSSBiTs!S2udib8_3i%8!#spE zwAzUcg!F@_(SfvOE>+U^op$n!>e&jCR7$&l%Tn|y{NBPKuW?o#6(~`YB1LUvz{L=l z0g)Ya&3W(xyzt00Y3T0$UG-?>$^HWe`CC5FUPBHHuCj@A*9*ythHR`MoZ{jw?>{so z!N;)v{R8DvOZ&&>?_Mi>2Sr0}e+rYCKD4L-v9}i(6T$4a_D3DdXq8~b86_(7)4^wB%zm?9B0Z!#M`F-78_4kd-_>U@Z ze>AUtWaOTw-90-%RN%U&w_k{fu_-=(u8ESu;?r2e>M>Dz%&IN){J`qX$o#wgSB@eI zWl&QD3kKd7;&R=-@a6EW>BnQo@*0axASG^JqHh{fFlEvrfW922NbYH7c^=KQnb~-e!X7$ww<^mD}4Ty zuvEF+GqxH%wBKU!!5+`~nfTV11Fq&i!R9No4XeC<6pufs zaT*)1-tt7RexmGF{&t*xhA(}Np}DiPwYWWWk1eoatoGFYp!3ehjv5+Td_r$&;&sHl5VTGx>2U1?Cq_qW@}S!$))1T&MBOZPZGwa(7tC9llV&y*9k)e1cD}A zy)mN5%*;}UI)Z4*N!*G`f(y?o;UJ_2Iilh5E9mY+M#b$k$Dd0(L*Lu}dk?%7*145l zGU|RS+z@^cC9&hpc~TpP3IqG9*!AY%FEvS~thpyZV4(?^uzFo1z2NT^ z9_bf_LkdEv6bpvxa&unXarrYLtF&`xmQ?yQ7cdjd{7mgz{D&hd>+{7~I!vY@_g&xg zlFuD?D=5sM@N0gXdOlHFqErLd!|UZyQoP4PaVa$?V`Gqv>)dQqgc_d=cvATNlU9xg zkMwkRlxuNfo29+XrttuuF5ve$5 zIH8PkIRBh~Z0|L)b-~~9irjA*x5JDNY_V$}rjQdU0k9&<+jC}XXA(7yj zb?;&xMXvLinhsGsBkAes$ixco?Qc5+wpTyNJ}dkE>31Y4`*$75x^gwo&c1cbt>g2s znXLkEmbhl#A$d|M4!Tge>{@ zZk70bH5J`9`eyKPtUuQmon<62*{kt+#*y>R!-Naqfm`|hypo%j9V%zL&fB_(@(2k^ z<3H{E8yrmHn0D#ZkYDk>i)&Xc)1`FG+u}d*r-vk$yVKENq>Z<>`}w&5@CJ1sKNc)- zWYsET^ve`?&(u);_?11Z8u;wtyYQMGIZbZkY!jTZQrPq4nPoz@KQYN*L@U^EI4sjX zMYy#sYLSEUNUX;_m^*lo2ArDHxsT(S|4Yp60vCQUmMV!uQ$!e2m2DexJgvqYu#e3D zzPx_!GlC*?4gWps>LQeXkf;KiSGum3pn3jrQTr2x0e&f2#yb=UN)VHlcIhN7n;wv_ z-VS|DEs^S_;ykPXvJ7#fL4W-&um0_Icpq7F$e^H_iS6JV2Wr&ZTw%f{*;{Dkt+;i< zAobmmGvsd(O!eQd#aNde7#a89uT7Az>hXJ&P(NV+MOl{LtrA8r}wmx!1O_VC7+nUax1$c4gCPoXDIokI(b~?8POCbNTW5&NWTz0@6U5hlL4hZT6Cp(!5 zyD5=t3dI5pP=3xz$Sm=Up7uZ#1tJNay_+Snhu{rY*~bW%_KVXuy9Fd97}3fEq^FM? zPyP{q2*DioJdrSf_2>FTR9JWig19gy`j7FK)HiQ9@QnfFv>p?H3H>ic*3TM5qP5P! zy2H%I_Td>knGsKU!>F<3aH?a74G9T;KOF)isAouSFD_mM;!bes@B$GJ&W2pd`M@sf z+V9c@F2p!>Yi);;)K6{?J{H$B#Op^$CVrguu@ge^eIc6ZlcFPt-u+Lc|4i zX7>*{*v-@NXCcAC2W$FFmDZfv2dk(W)F${dNMS!x+1T1j zm-NrYAa0b24!xVtp}pw@=MXo73!j;ty*Eo90R>tZnruHmh{;xG!8{{o3E{+K z%J{lY*A+f}`m~+IdGK{nr^B=aNNnVLIbXd68}@&vM>aidA_8`HlV$JIi%^!q?aN5~ zz;?+#g4cebTxMoutY7CrxOw^O*GFDF8EXiQhIb;mi|3eoILQN~V>ylF#o&=HC6gPt4QDjw>smHLevZ^Co|C2!1Iqn`WeEpB_@$9q)kG^HnkQVIG@>p>EWBNcw%B=_C=kF8$lE{ zNk_I`PMkH=Nf}74GKUdi^9*ni;yR)o zzI=gbeb15?vIQt^W8sB`?ccM4VGMPo^Y zYz@(3DFHyRYl>1yrFxSIR}%Oj}<+n(ht-l_mpNhM_EnP!`Hbj%37*aTx{q z1?jjK*u09GhD5&TPUmcF({_JaS{T4ACh4m&IgAw{7M8sy{u$_j9J)^)%Jx>{CB zF2iuRZCH42H!o3{2E>%dKg*uols+QvvDI!r8(iZ5+g?$zROB#&fU8;R&hN2JMs0DjEM>^78?uhgeHceVZ z2w(&l%~qiOK~%m#igvRBxNVz|l!UNYH)*SwJXx3CmRS1IVH{n0@W24aDO?^nr5gc4 z%7q((woK`(DX1q3$TKuCu`97Fji`4ScZgk1q_AghO1wH4rSt0#}{|?BYh&Pu!#;v4ygi z{FvQnwqzAMNSfH`|A|hMX-%F``hU=0(85EXT`+k!)~|*Yl7aw`MLh}>OLQW9PDau+KL$P`o#s%b*!p>ygu+ec{H zh?db~_njhG30jM=`LgG~e16lO#xPMQb3##ktHe>f{Im;qUGGypb@H~R8NVCNs zgM7*3Hh_PJhAa9N(p%j*Xm!m8KhI`~sq z>UM0dxcK<6hzL!xiyTfY4oxKM7)oW7FL8l4NK%NsoQQS?BXq$XxphrVO>KPo$5N@V zgCU@kVb7X8c6TnTQ}gCcd!|v8p)C!t$9Wt(K>Cn--XYZ}Oe*P)!&K+R8Z;lhbzzV= z{>;pQP>dA?Ua)8Y%D3i&M3YPj23~QA1!QPtiF@cYrs;SRVHz=ZHuvPT)~gH!Z;Oiy zfi2h5+Pa%^Ea2T78Fdjj7@(g}faEpj-&}NH3kst7GCFE5^oB>G{3t{vq(~S53ZtVQ zXr{t@ps`*CI}vg7Ie7||k}DaL4i)nf`(~b5{OF>AVn!B}mpNOcaTKcO0}2 z5~Q}$_4{(Z7mZ=U2oCT;<;J$@G;7(QT_ z>cQNYr}N=3%LkCD86lyYLXhDx3=D+c2#MswRbp&sdP&0Cb+yM=41t$rWF&uzm9_P4zH~ul<@Be8 zOFq54i=?37N7;Y~Uhk%vcPvV1C_wVB?L4gzHa$)HPMtaxziC7xriGc=eq8boqQG?r zDImSUKGAM}&{5k#S%_}2fXz$nx&mqb)EzsjqhnyTViT>5T6#kw=rZ&}vczJI%TV{y zlYE}6s-q(zCzK8+vX~w;RqENUx14kl>42E7gTojW$Ux@-Z|HG@u10Y4-B(!WogO2a53 zj@CcMaAZ=%yrJ$Aw_wjOU~~8G6a~67N^u9B>dQ)7lr8f0WwOh#si~=i7~dCV1=*Gj4Gr@a zE*u952o+l>iSvbf$iBLRzh?KQ;8Y8CdQVmRsY3^Qd8I!Zj6>rw+Gm83(MEENbk3sa zLc$`_H82=YF*jP{KS$Dpr7b^xU49(k<^+so8pjmRYDB4uyC=1x1oP06=yd@BB5G)0 zyFLM|LaxmphNzQM)h24&jxPHB@^W`#xTeNNZDqyEl_}U%cj(+;|MiGN<%)E0KgFO zME46&x!12>KX&TW-7L(t;^J+9xQ%=D3XO`0CQmGdMN5yC;t8$oOuDmqMvG{K;zHd^NLr#;X~1IizWy;#hmg2jxru} zJY1RGH`ZimEG#|f;?_h|vtWoj_88gj;< zXez~MhNRn;{%*?+>Y!GDmwT{?&moM-dr$n}p>;>JaVWlv^>SA0vm^!9ve~V+O3M80 zH-8~gM0@4Mp?wy$0j`fT)zbl@mH9e6{YI_P2F3!Pvpy&}hxQ*Y-IC*k%-(Qf!#9a=7CbuOz`XG_BsEMLBxbN1p9n>~t z2f7GCnBXrNj+eG_E~wS^gFUVwfz1|~TVu9^3aZ1k@^UE9>c)sN;COFvx7(?2FFR1l z5g3r?cnPZw)&~JsA1yv5rI4LYcJG(OLbxI0ThbJ61|?yxLpyQ%GfH?_vZ;tZVoy`fYC~ z=!IzmA5>Lc%gYPHMI^3^iH(i-dq#tF2jv`~M=VLSQjBwc^8TWKy`IW`aa1LvTmwAx zhOcg?C>`#&IF6n?vP3=`_2^m=8E`G0xW>Crm=HVTkJF3FVsR!B=|1=Mm6_Rr|J6cL zjBRXY42pq@`{~W2eNDWjSz_7nBcuu)ZucW=Au+Bv8A-GG7^cQ3rj06i@;_697cw!n zX6;%zljDsjX^1B_@)imB@n!WPmA#EU?C11`&#T%qAJ#vxs%;HTZB2~CX59$=Wu^DL(i8Mv2O5~pshi#7?$+Y0E!s-3( z?zY1B)2GbQk%)jdH@K|w{{4w`t23{&osWvXGz8A7RYz5@@E*(?c3YV`woUq%pwiFR zD=L!i9hvFs*sAHyLZbgV7E^k|qN|PwI*tF+X4;Weu|OG%YhL9tS`qw3?>+tiL-Fw^ILBX+$H7e5+>O$loTxDG$=NiVt2 zC8iMwR#T&|cUA~KL?az@Q1iAXw;UjFw`T)qULQPcn1*|bYGxsPcZM;dMH}hiLqlxN zjkC<~l4aIFYw(18z!#_hj7}_v% zoroW0Om@x@(feRN=!7FBG1EzpU>w1agmof|5`qSK^z40}CSkli5vn7z6-Wy8v5JZc zOLW7qRqTl|Zu@Kv@GX{rh}nWQFJ45ltp+zynpTDu_W!h;E_rq!8P(hw(?8pS9cCgg zOsKN_vbXQvjV2ERIjaVkS|F0>^Qq{xRHmpYqUf1lTVRttc)`s}Ow+J+^AKXFt2k>u z_SI4_N|RbC?Ed9>ToquZl$Xia>Pp9HnZHVFK~J)nAdMhEjr`K>0tXGMM=*vdhtOnA z`dfs z@gL%X#JavOnoVY&@@>b(Ds{eHe!cwmQjdNM#eP2xA6kQ2%Pxcyz0Bc2(*bJ-vk}mi zWPHhNl=AGLQFCW}U3z1$b!Rf`Je1zm2~xk(%0N`RiS2Rw(5ntzx-@#FOhGzfndP3c zhSkdR%G0J?bw|r>3jKB8{iwgqDjQ7~k->v7HrCZO)YHW0Pl+%^a-jK{+}^Jq054y` z^7@=LPf$y1bI>PWq8Z4F7%LJ@GsWomcolvj0>K_SYS^WSSxJ%()? z!qWF*&`4;n$G!@-zYYz#9ag`3c;xIfozMEfY!y11&~elD5mHbsb$nU@mNA7mNlMb} z)cFsmlBq+^D?B;-fjJw?d`XEm53u0nYv@?|rUM7ge`%uogUX$R4tK)yYuS}9X+?y; zn~7NMsT9+CoiHjWFw`$3DEbl%)Oi(Ax1JRyb{i`)k#BD`mKG0Q^!-1drl^G21@nx^ zVQqO~B65^*2?-H|vMRn+^P0RDUF7)6UeGo$h=I6KL!s`56|j^pUAtc9a1(9WW8>oo zPS-HX5q&X)BZ-|vnMl;s;A2D37Abh?#0g&cjZV}vcpaajq|GwDWztD4{r>kxx<4%c{O`>5UtS#2)Y5VS%|I5h zoN@_`tPA)_8}|<#Y^h8LyEh`Dv8>tGcLlYbFkI@7-EE`Udvnlf0pueR!5rgI9D=}X zcl_bTq$wwzBGDDiE?OhANm2xU!%{f$E$5ZGR`x*oY|xvqn?pb9qZa{vNp6^`>2&hM z<+Rh%synjCxSl!)rG>2&1{@GCwi22r+jkaGzKCFeCG}nxR5~-9Pj|*yHq=*!gFLqI zcSo(z5z~jouPg0O%Q}LN*$97dllPXqrn4EdWSXRW(TCNn9F7xfB=1m$260j%oMYScq$3>d`WXK=+^Yy*RjAh_ zVFFRc5T;;txvGR;HG&xDD$b_%7c3xL?F3t&MT-V}{_`TLyC5<|Cy(SqWCwPPA-ci0 z$V7P8%JeVuiR(in%tWu0XCiGAbFlJPqd2xgFRFlqYV#Hsk~s*%?%<(Ag*M(9)zHnt zsB=<03$^;}ZJp0dHK|-I-#f4GUkCh0P%mPS%eP51pD=A&;_(-MJ-XE@uoAA1NN>$o zKl{++NroXha8i{aU^zo%7_8Ux_{F`jWV^+oR{l=YKEsE1 zCfkQnr=nxt{V26;N-sOk`a?1lB^q8}zXi<|?%l@aM^nRslDJ35QZE#g_sc3|FR4Jy zqW&TDafE%huu)ah6X&v`^D3h0G63j~J;~!~824ka=B4wlnGDctZuEd}7eyNU7`>6r zSS6~e%GVD!h_OYh=HS7D&X3-N@1NG-)j&C#aChE_T|3cI6oPPA!Do;SBu%XcezH>M$qT0vy2qsYiX4%R0+tCZ>BmImj z9xLC1F5j7`ZKfM%Z&Z@55>pZ!lRojlm1J$rb4r^ws>z$XbnKaQ#y)xWfwaJZRS7*z zbW@hsI6oNcrafe~13DKWowkjgZIb%&{K%!FpQcUnI%s-v%)@n`Pg~@!uUhx-jrzTb zEAt_5qF07pmqAa+(bN3r%sxgBHdk5>hi)H$2BsI|-0+#rVR!hh>|||q71XVkjoAD8 zjh~<2wVOBdFf7N>ERI+Fvb^94X>GO-xp{Mf%z{oi{1fgMjd>!ES<8{r%df8PL18xe zr9L^7;cutAjZ5vYu}3vvc}2;b62<$kuE<(M74k~*P4P15DcH@KllZiLl@hjp01JQ6$6IL>Gn;OHHEOv{d_GElxut|o5K^W8Sz}BwTsKk&%8djd*{w- zo)o#s?ONxEn2!0^dp%z@!gq+?;`@L1d2IWmzGd*!r#=*0M{BFI{cCA9Fb3p6j5Tr6 zq)?7pM00v(=2hzQA~e}4ocq94zyI!#G1>W_w#dPT-G1T7@kAe?d`C6sW6!7{L$V2$ zi(AvMf_XXE4z$PAca3Yq0^wDzHykQ^g^nVa?O=?;$=j-x&^~#qhw4|ECZ>iwaBe!mQ#~pRQfI=6Ua#1*kGKxCELb z_Jzbz0<$4{S{%~@9vPmc_50vnJ7i9gD;L2$lX?)?|0ooHQmoNLKVO=gr7+B8Q9_Z= zu(S5Ou#FEN{>n7NK&#DPxq%=951(>)a}Q05dE2$5{Rs6b)zR9^xJDyH6c9^RRu%#1 z#&M}RN4>Mlx2~cw2~)?FNGKMTA+}}HR%>*sXrx#m-xSm+-}LT6osJztsgnK^)cWU0 z^Qf&`!<|z`QxzybbS#dW7Q4(TDW^|&4zW`nJa|B{J#@k$Ot%_#ScMhkIIAjTb@PV% zUY;{|Zb^B01PYN(cW=SF9W>%7A48lHNf}BC?QAvEF<;;w<}&$$$47?~1%+ zuyaZXpNy~S=I+$%%nclD6%OQfS)% zPPm6=PI3Z@yvY|Y8ZOMzTl(;y*~3RsdXk9Eq*GhadT*JAOn-IW=-b`jgAi_sU-x9i z*|EA#r*8P1h%?^Ody7$FAIMupN zZk^a5O0iP7seQNY{$iiz_JhvPTd`t0wU(Txp=&PuI;H#R%A&OJn?*%&muGFOJG^PS z^GUM@Q`asq81!4s%br(*eR~Ei4hTp92;pfMSy*Qjdij`fq#5HHU9A6w9XjCror@mb z7^N<}wL?K}F}v}3kzJ@M(azjf5K=eCiZR@`Z)p%xV~dC-ab zZYYyM%)VdWaBR7*Q{3L>?Ik4>S6J#l;R`RX_djnkg_R@KE6)x+dI&FL(WTwrEfd__ z9BtZ1cB;tr9dexuob|o8%(=3pZ@+%ix^67&chxw+I>W8zv9{On>_@*ir%d#p@TDb? zRqlDZay*TjHzB7i*TsvpZ#=4(3AFi#c(yt7Ht|b+zJrnvJKHR&} zrjOV2N%pmdUWR`ZITIA_vii7ZCu$P1v>SeKe!ObL{FXhAx=#K@-$3);`-N+d9d3O) zwowgns_$6QZ&P0XGoyAr?ohEcD*4(ypg!{pQ~ld!*6s`ZZiKb9OR7g)Zq2q&-j`qT z;$MPq;w40^v5p(NL|gw+wSVi^rolh!{-D>r`+|2JoR&}A!$6lYH_`XHk3IOUPw8s? zirrr`ZfTZ%2Ca1O4Rr2U?AyGu(6U!E?_^WnJNCUp$+ja|)r%||ZK(6iJ$uUIe4C@D z=6@6&bT{^$H7huxQ=sd&>9&4v+b7TOeR7$IpyqG_b1o*;SpFNtxeY0Mb(M%^$~oiK zsS%n*MMc1=oe`G4@~NV-k{VM8la4K)EQCr=NbDLINV3$1lQiFI@qo;%te*fYY_H2} zbHdX^f>xYzx4UB|@1E=9qd~B6g^QZ_ugl(HMa@Qzj3H~!Ui-CG-8T43+h4N-V+smf zxDNSi)kMqK=HW=xcKsSSiU!=N=Zy99GtF#+A6v%OTE<3oXuY+`O8%=h`O0_h`uWTG zd*Wj?BxlJp=-QAtC-s5rMcV4}Yc5?!YHB`2{M<;q8(Qp&(_oW z`c-o%C6nQkMjRpet54`}I%>z-1?q(UHLA0h!alNGbnD;=MI`}XZ% za}4)gaWVUFu2w)s#WTB!l*TjckcJfuGCwM)YW6kz0OM!ug;IQqy`)M`V`bP zHNRzRB?)@ndSYl~kk-eK}YKD&m7#-E`f6?7s_X*BYtAUwKPtzjgurKP3)_4uAX6=r|i z`+|~^GBez1ds2hla#a2y9-hj{A<{b5ULW={@>5VyJbn6fw9p7u7>!!y`>hvc)>ARO zPPBV_dz;fWaew{@-@JK~klXeNHa0dfpELS9dUfn|6xN&1JM-917)|2H8 zdOnx_85yP(9|V1Td=O3+Beh=Vy~D%QbacVE&tws{i*49Wx)v4|?#J7qv9XV6qk<|N zR&a=kyE>xiG=9Iii>PwhF@ar#$1Ql%j^ll?CkB^Qn6EVLNnC0r^Lev3-#l6AB<01= z#uf>7!0K^i`HewK)Y6h3A({3?B}X-i*E=8n!G83py(tj)hOM3554C*V)%A5nW#v~d zULc|wb)Ir_$GGh;7n%>z{@dTb@hLQv>dBLLT4mOS#+~@f-3guWOoPTYGqnj|B=!yt zH@F>^(cwK`y?(8rtlZ=><0WQm%iI~wWZE2rhmelvju^<0EAl!&vcIkp2m9#vY5DM! z&cnmQz|b(oduMTxvbdzgUowq0VrO%#=q8p;-DT<7Xs%Y-ttY(Bo0)>D^72o>!u@h{ zb1SJ<^Qsu+;XC~2&!4Z8d3c<&Y9;^q^XJx+mQbQ+epvHEYI=B99^#j*gDEo`i&k`bR}Yfzgl(xTE3X;u_f4773w$K{PE)ld3=1lUr9*`Gb=03N>37jFq%TXuE39+9J=+9d?qlZCNK{& z_Y2*v@eKwotooB1T68hSF*BUh*!CqC4Ry`hU%?JuR*I zmqwAexOlQeB=y0@NO&BV&9^p(-PxC2fBy~%9cRoet*uEMt`G6pFQP%*Ar|zE0gLYi zXFA%N5Oa3sH0_T6;j}UQ_U+f|W`$JIzB;gD*+hN`*h*do0fB@F3b8NI(XH=ppoq)L zF1JNcEG{qqTgynA-`e_HVlh(gy7v^W>v=ro^2Wr(etVL~)6;Xb#DW0Aj_2W!nlb71 zzfLBpsm`^5471UKIgunCS66NVM(ro$`^G2M=2M`Xb=I;6Z*75!j6Zn9sPm z2~kl|Tf#`B6ciK!EtZy+A`%nBLPP(GY$)fbGMJC#g=S?vCnY6)V{ELTuAV7tGhNM7 zSy}10)_>byxM3(qt&@IbI(fsu(#lFgT-^0nH8MCK=pEE+xXSb2p{1m}MMp=6j)5`M zszQqgcQpO`or7Mh^w%JLMS$7xuSe&{J1bKzGf3};ZwHFalo0U=38x1Gazk#gCF0J` z&aq1;=jTQ4hvpCgdm&<@V(WRIQb|QKs;oTEHy_Hr@%61)6_M-7*%_<%h3lam8yg$q z8@s1WeQn451tr!@C>#b^nI7Y*-wYrQurQQc_0XO6&U^92^QX57${_ z!n1MZvtMHbp-fd>;|V8cWT-v8v@US6v6yIl`0!zJZtkVJ+kYXuZuJL){Nu-ux%v2_ z(Gn4&VZ`mfjXPbzxZ3~zMZU|7_xaWjf_oSkX>v(|^m?`N$;nTiQc&C|C@u9)37WwO zbKahm0Eb~=XGiW7At7ObQR{{GN zM(+=iK;L2EPdFdi{IQe&31UvKW?5 zsM9DixrqgyzW#C%!ikbzXJeztWVxM)&Pr8}wvv((Ix)Arz$a}qa!#9RdUg(uAt!oT zTAZ=5F=2R@5Hg`F-yR*Lxn6BN6#go}OifLFCrZ-4sK_C!xC$j~CrzFPQrC^-%*;=# zt8Whu4-1Qmlvdi?+sXO)+Ec7ZhoyZ0+10Un@$y7igAt3?l z0wkowWcZkfNXpup5&mq>)FnA@jk6g1xrOv_NYIcqs492+`}@m1Pg%FOw`1bsa7jo) z;ZLOsi=bfQ#z_9c;^M2&#~kXlo;;8wIl%{$;Tpz*F8_;f9{LC>l|%qqcBlW0-+%bf z*YCbsP>h3&+yJ^x79-`5*(9-&l!u3BFi$7Wda6=jSX%J^4vrUf!;1c}ZGZRkZp!mh zXa5?0jr`_|`*f0{m}r1XP)gH1>%?(Xhh(KAzIiV67` zPo7QUJ%Fk(Vje}4@#z|m=aAyr7}(jrLPitZbIRAQ5LQ+m#7$z7P#mH{p;^nqAY^{$ zi-P*wWk(mEUcJ8F7o}6D1&~ZRte4T!C8Vehomyo#RyMX+4hwt|UdLoui-Vn+q}kco z3`QV97(?oT!4lH-YHUhv(JgK~oPp=OVOU|>FQbHwqct7vm zfnji1m+8##B(}AQfQ5zS#uKnzrn-wSuw?)`q`(Mhw{+9QlxU;aZKjFU)YJse zH`#vu`o-;a#y*s-;*o8?u(03;7-Y2AY=A90i?W8$-riol#2oLLT;eOV2FTBENAgGz zV5Mo0A}OObH zafJhdpIumJ6eIKUD=p=Wq?R!}SnVsXs37;7g-|ma$~Bz~3){2zTv_J#ZAo`pa9}j@ za{DF8tYW~+fNy00gP*SF$`r!jiOw+}-i0bRB zb4)9S^OYnYLJsqXA|KHW0IE~4GV3G2yJ(%PWn~`#B7R0qy2D_wV0Op~2pKf-*NqCXO?(zW&AB`Z_J7!DnA0Bbyi7BVU6#HNjiG za&;~L6cmI5I3q=;%Gq$KBWk`sO=|w)bpKCxx9l&?63JV)Z{LMdipA~U8vw^p1*!Oa z+|B^J4y(xs(HL3n`9a!3yMG^77>&hsS04%J;YTORYzXr5@(c&kWemX*Q)Cl(pFVl= z0$vPID)Kk}D=YQ&lTY@0grM>SyAXwy)>>Rz3WPHJ6W~*!B2$J-E)MHSbqMBqXymWr zIIWr{D;$Q*_E&lcVEeJ5e1IZqZfh%77P2rlfRd+7Omf=Qt_sTex;g*>?~?nqb#&lp zYHB{EqIwNChkVKi`G5|&{!mpcO^)6dcb=1wvl`4)fF?jflFwBv(n(=8q2OtSW`NsP z$p|2?=T5TWqyhycC0_cmP-_S)DdD~YI1F}1rl_Puw@LcblmZ~Mm{=?8zylKASMKh- z;QP0Ou0ub(e?R)$`2OYDA&P!i3`_OZ*#-igls^Uv(%vc;8-SUAp|miYsTGi)bRs4o zXoa20)T!b`AQ2-x7Pt=@f{Tj_fP4(6)i}k*Wix?ZZ-Idb0#eW^G%8})Ol1T4;cmt) zA&=J2*4EZo>=(rkxvt?tfC^7oJIVN6nWv|x!&L|*D%I5032~{VpRlpv0#1U`PEy(( zQoTam@W{wBCZ_x@b^!qa1Qezf-j}>k1iHGqW)47(m5`Hb?dl4F!gX$Wxn)GpC-lPy zk=N7H_hn%Hdi-i?1RR#T<{<2Q{%d~*wTGg-{JYXp=h)NSU%yB-6QMS%!xv7Lry=E5 zlFa6XwHKF`hKvIJfvG5$=&~{{DDKyf!DQA)j;~qD^-9c#1{;(#miYMil$4c!Zg0C1 zK701;(89&#n6+wbJFK;;v$Hc8BEBEiD^XD>e{@X7ph&hH`@IxMttQ?NjlD@qd+lhLs;xSzuO%JxZSESu@SGlXp;1wIU|0Z-`Hx2Nv+Ox+rZ0R^ zYX1KHD|K59$}PA>){M|*c*Es3X7>)05EO5Ka4an?Ni|d@C4UBa6F_80bd0KvXsGC1O?5D zy^v*y_{fr|&VkE%vJE^(1M(1sXox-pGdZuC=qU8$pBcYBj;*0o@A`yILC9u;{x^=x zbiCMXeLEDwOMiufso>R#(b>_~`REcuRq%KR|B*0tNtdTtdP&aAiooEmKnoOP$e?iHY51 zGv1xqDmlGFL&oz>fly?B`_4>0wHM#2FTqrvlJeAUzUgiu)MbSxf4~0^?Q?OdZBAAw z{ZcO!j^}X@g?NQ*xOrc?2YM1P=_+HY#xond2M_)Z?VOO4%j20L6!#rTSy_CatJ928 zhy=H%V-J1;0{$;ZL1p0Q@9)36zmE&62(i^}eeikTZ)2&s)m57BTsDkQKKv5gfp(0F zk0>OMzLeL7u%E)8=6e+Cyf6KVii%=bj6RmT?Wbqz)p=)GT%Rn2!@7yUP6h)K3Iccp zVH(yM2f96sMYWL8kr(+hHKl|65y*+E2}gZmWPwnWK^Uc>r+=uFE{zS)It5NrC3i}LN~exJR_6^B^u z=3fCYi)Art+0P3?qTMJ72qFLB-l#}R-!IwmU%x(lc<(m2X-^d`@^j_%dwQtZ0L6c% zrKubkOPWD57T~&Cosjzh4LIlf6)Z+?fqe@I*%{t5l};Ajx013B+(*a9?4dXkTh;=9 z2*$tsr=6&hrdW?k7NUT8%bOT~c^URqRXOkm85!B(H-0%tAmK4YT$u|SbY*K1 z*lmdq}r+8e^7Vv?>;_0e)V1p(FIieqZ1PV zfOZP3r+6XI+uGYBGbhyk6n+3WP@sn#3879{L_96Fj|Bz(W2dWCvxZ-3ti zUX=-bZu=&X1+$bg9$1Xz zr2!ZxeDtW$VuTU;8~^&fALZ>L)`$OUxmLLj6gW2q)qWk%qwuAq{uuoxtmg6wk6v4@ekN#GQ(?b|o%pS~+4pg6^sh5(QtqvTRCay9q#daj-qoaYx?m z+N7s(c`9RdY(LaKAu>yOUM&Y7gREe=$4A9cn>Y@Wv`JVD^+N_)vf}$_jE4oq}6?ijyqSs@wKFcL*_d>IqVmhGHj7=XedTsU!SYHdrC%z*qb+$ zQ1C&6+a3yQ=sK~mvI4Ne0>lR$RcJ7!0U)8Irk-D1{Hbg63o1 zKvfhHf)22}t-D(^OBq?TCcB>hgl&xY`W5oc9ddH=rqI0^IkEF zl9lxfJP_>i+}s?XnIFoucQG)iI61#T@CNUOmwJWv5`GCFYTrPWmgqsT?6Oxw1{KSmBoJWWea&*tjRdkYoC5&&;J?}TS~ zklFtD-&dfGf}n;cjJ)6G=`%m8mkoZ}Vaq1kd(@G%QBO9<86G6vqYzx1`4(DyKtCVZ zFD|2IzpG9Y!PPPS<|yyvC;J29`&8>Dih&FMuW1=SHrpN?;C)eI8){|ppGp4iOB&d| z_VcHyKx36B=fC^+TwR8Lt>|DN?ga;-)q2KCG=A*M5J818oZ{`i!NH%&$;sO1ynJyOPNK<`)m%$Kpiy{*(A50Stz0&{+s=IF*u1&iMY2awyX=r=-+M~5v!#UF zo;QTtrqpDy{sAH+rW}ny217ao9gW{MtfVePOinB=&EhB`A+j|aBVcu~l97|ai|#yv zUtU(1)JyR4YnxWtDz`iPp@2Xvn=}0cCfRcI;fBQDw)&Po?|F<`X6IJhmfFOz&>DZ)? zDWH{A?DA`3vbu?ca8c)#i?mFfk$l<%C#P6GZ~jZc^N^|g_?h7&j*f5I2eU>s)pzTJ zuJpTu@aSWCqkhE`drwryCIRq2IiBIMzv6F9ms@GGsWb30rS8^Q@Hx3b#>M3w%OC47 zH-{d>>c7w#ZKRm{*vVq}jm-XX%;QHaZdac8zqDFMcItY*WGUHsZE@UO=@HwfBI$iD zq4H8u5eIqzKVAppuWLBsEp^4Rfi*2`Z|nXTaZ`l4-*T!l3TCA-(6biUS?70v_EzF} zNv3P*4hA(NOQ_TwSElv;4ig5M9O}WLBO=qlA}sg=huTv^sax_t=C~BHZe45r*71@~ z!)cnVl-c_J0KA5JH310E-S|w6`j&6Scb7Vg5BD2e|AsbweJHC} z8&dd#d?b4pokYU@(WA$Yk-cYM-gv5krajU2cTqmy_v6$K5>~grXx6|E8D*lL{3qcbG#a0b^O+wSeB(Ql}X8Zi3iGiVThZl;% z04p1|aKZ7S#9^W8;f9f!xn!kc`vjYbesV@YcpMSS-ukkB-T&bN?6oC)r_8d4val~* zh6uV;v=^FCgXis9@MA&{(&^p91Lk-hQ5z7!Qw%SH{adOB# znULi9qow1gJdNbVJQ}atmy^Xe&KC!`2rW#Kr;FX@4T!z=_Cb4nj+o?75^megr$#f|iYez0>f7X#Vv~+Cjy)XAMyemsl7Fg`$ z+wv8&P7M2=o;j}8*D7VmFE93{zx;sX=IG=|IG#(CYTC2B(D0#eWN1m-m0P6Bsc~>L zW~0p7ZoQvMk&RWI?4jSKK+Y2>O#Jd?x$5)R6GIs7W#kbF>A7ay zH-At`S*G)gsQ(!ioNx-Murf|2O{m z2X2DL%>}hrRGQ(=xmUzqm-BlHUX@&_GDYL@_d|u%w1O*3;%}^O>XFHftowt^a`wdNcj^I9tr6q7Em9&85_=3kBci>E$UIP@+jl2 zi>nb}*ce%Xyimx(Wx7%Awz~dMD2dc+T;F?z;9qeBg+`SJmxc2dbR*;^hVW!$WZcir zBR|J?&0`SR{w`W5GaG=xqUQJS=-d5ij>l$H_rk+W{#~3(6SMlY2nsFqSxS;nh#Cja2=s>cQ#p7c0X3Qi{m~nGR|78#l3SL;K5SkrnNt)Q( zyEqu5%+o<@=pDV~r{D5>N!i6-H5%863O!0v<>@;`JiI-H{KRTDw|h>Hxfq?crhIZ6 zn>){aZwywXip88>c~tW`J>K%Dx%;B`<6-P(&fEv9*tdEkoNW%=Q}zM%RYiH+Mn#3DP90G@R22hdHhNID0XQ~-u4_|MlfI>; zbcSrg;6ytAr-THZDBUGKC`!u9xuH$oTd`lYY5Ww0CTo)ZZ|Lgi`pl5c))sw1*?C#k zc-F_Lvl6VE7WX4@PIvwtGM;uGy*$-Uu(WkLb77(p`7qD%`oOVd&pCf@kxTLJ_}OWc zdeCfco{n42MqMZOWL1XlO9OHpt>R>hVEnX>SpLnK>lbFt)__|{+z#(?z6w1XZLRr zvEHG9RIhxl(|=`4hzrhhBGvB8LJh&{$G4?UH0`of*ux{i+Qc6N5_g;LPMSZCru5|8-#iJ?;qL>eUT2>O_(BB+66 zJodL7930lCG+KUUBMU-6pvC4x>uKo8+19JHFy<6VQ!JdDuqpKFU?IQxa$h$8x6l5} zy3rmB%TFq*xpke58BgKe^J+4}!D4Kb3*EVu=aJ7Vi@3(#XC*lp+F&i{?#Oass@?my zFQvWEB@__TTgKH95~4UVQ{s#vqQz5$+Yr^3W;ZLdVRMuBNy-1X?;S0RT-Ic6_37W9k0>U} z(tH}vF8Gb@V^Qo~t}4FEdY%7}r|IqQS4EXWh^D7c3N*J3epS_}${H{)FaPXeT9d+v zg4+L6M68=cpks_8z-+RVBp>6Ed&Y&3Wbqx6iJD-8+@Pe!W3upo0Cb$Zq26$^;cK0z zvo#(z`A1uwVM40WZn_2rv3xlO{RCM@ZP&Nk8rlhu?9nl93AAd2YS;x4Y}j*>2g|Oo1TEV-Ee{RRzQ- zFYo-~T6>?)5~kq}H1AWO5RZwCjgsu_?rv#s4@5S&faUn2JkYRa_(oy&P_3;7jCT|;xJ%Dzn9xzSd{SO_INO~P1I=5LFuQmzszd0K&_g@ z9U54{LsxsAr%X~5CCSNnSHJ0N)~~yQQgwY~%=?$egT9&zFf*mH#q7N15w;Q%8b+mW z8SMX}Fi_XjH%+97?P z$2&xDCw%#MA>%}UnZDNDhLYwXw}*S7&48#=ZGul;x_2@8=s9xnCa@yw|JFIJMB4%vFsqZqfIpE2 z?bPb({&PeoTY#?A4|(M^#%g3_ z*c^RnZN0spC+VMADW~f`2bFVH)x^($qLKpr`kZ{h9rJ1|bB?#-va0w1AcQlOHz&#? zj%;c*p7zWo@Y&kBtSr{n5M!V>WxG3dlU|7>OsAi344U^AH1U)@rHJKlf5`UjN)&@& zL~%rbxEuwQ%Y`wXyIW|Y%)rvR0X(boSE^iU3%9!~Vs<9=ng8kS$#Q4BckA7Z;1zcK zZ!urr_NQ!Z6*}_!Ay2oe%LI+MY@?k1*;&K>r*s zfA)C8TSHty0XzTbvW$p_PN_YPV#c^W#*StnSZm}9?mSDTDh3J#1%fe=KTs=I({-3( zo6~%-lw_DAsH%V8-XSnJP_-;uASfY~LZYy6eYnA+Vkj@SR&*-;FLO!3;&}6YM?;Jv^zVsvm9yw`4v}Ndqq)Z#^ZCv4^s#^?U5jAzt5e7K;Bcq17g|Ky`_sW2L(hQ4Z>U*QHEsW>}1v4oMa-(-tq z6WacE&y6<+$B)-VbLQ8Ch2=4x9+#YekM#BSK4GPo_WETN&QRL2c6~kehk? z_U&+O$|4A>DwVf8CMSuZ1z7Ppol@Yw)^R-bWj8&q!+<&TEPjTmjj^fz3(AliF?eI1{@^BQ>u$Reb6Kg$@_DLyIUAOPMI6qW zvurozvnDoZsfE*TsJ{7m=A_z0Y4*v{RgEv(^+luDj2C7yX^7YHqwf==$!WPV(Y`2BU98nPAA{)@YGXy} z`iuytOF0tGj#`s7ITRzmFuMg6LNWZv@8ie$xw*aGl5iw7sH{vZOW6=6Vpz!8fBg2X zW2nJ^NwEK8L=w84a&nj(w3XUGVSEZ>EhCuZNBw5?Fpj+ORXM9xuR3aXqmU|$<9L6* z=X9ZW_#0X4zZjTRglrFF3~DM|-&S>YE_d~?n_IjqsC6QhbwIjs0CrW&0*Tm*Z_l!=;BnrXS{ z5lTJwNFA*-_dmPXw!vtgz2UR@H`glD#86WC1W&uVI%}kw2YmQle%(*+;CbJ%`MWoT z-tB(gA3R|2z}=nPwDgWWy6tT>Vei`N3~(mXRMUBLDxgnC@AXW<_sTdqEiu%M#~h=8 zj1mvmkuUEaO4zQp6P7%)%Cfq;ZohQFbI0oh+ccbb*;$+Tf%Wz)J&e}TF7z6{TuONU zz0CbZqDTTfyoi{XPrxq^To6V>l1-rr-ZwNv1)Xf5q3ptJ)X>s0Bs?5bESxkArsMHK zK8cx`G}CS?2?4qrKvV$0qB4e%gpDR3h^DQX>Kbt6*^$idXJ>z?J$@|2T4YbiVuvjz z>yM3tFY~v@KhL#926s?>PFN)D3fDQlJTBXL z7g{4A&;R7CRYnUMB4X=0Z1fsXtNGzK#I=*7C^4wyy3g&2cLLLPR|9G-4 zN%&xUyLer-`k^17ko~f)H?3qjJk>_1)XU2!byx1OPF9n70^Ny;#FM3XJ8F+JH>Q4D zaQ$Xw zv*kRc`PuN&K?BO$x90PzIh^0We;>4UUWOc|E$DFPz7~=9Xu(|!85s!DJcV4Jyi~^z%X9|KrUo`sm|8CWJ=%)pwZ@u%x!xF@W-j2e& zmy;>Mp=GH@$=04|meH|npW55E%=(+$hvy#AV$4Oq4QI>6@-xyDv)&$y<}2Q3rG0ph z_n1t4@=E_pHG$d{$-)LuDa_3kyDz+y-)F&%> z!LIsr+e3PDB2JfLI_-PlT`<<_!@g%rvj=`@9V%G`wSLb0Q#qLXZDTYR|(2LKhyZX+SqqeX$|L34N_(oe>haq&U*^l<- z#?xikvvuN_d@iGQgf2cS<){|!uO#hN4TNGR#Y=Z5H00^sxrML=CO}xe`pdSV9Qx^k zmpaQS7(_9=p4`vW^4?t3`$}J?IhI8q%=dG#zZuV$YLk}oa$J6ZJb7GVROEHCK2~0D5}sL}TY<(6U)fOdQ);POO~D$FQ&mK=m+o)`F3p zzL{BIO^sJ9N)G51>}+jaf6d+v8i}H{sPN1F12knADXFY&nIwLM5==4!FubQF6SdFo zop1Opo_m*%pQexsMxDPNgmwkz=G6WAsMWXD8EJi$FHxMygu)_o8CDt_$J|%3s6T!r zt~71nXEHTCb6NK*{f2+f|2?(S`tDW`9&w%RjY#t$=I0BT-A5E+gi{%q-(fnivCjH0 zlxx&;H<`D_`0~tka!fZx=EI#Pe#7-`#ZDJrOn*g8m&5Xv@l`%!@3yCOM zG;YUv)<>~pzozVOAp+KWN}t!#_KpmtL7&M|z)@Tv@oo?brHGf8piez|+&S09kUY)m z+K!x@k58@UZ@*KEk#D0TvhYmL`1t;SO2pk%R7qX=q4hEP3$MgDG^u`{KwwWkc<>;q z|E95_p<-GzDy-m75Ui+FhRKOQ2R;o~xYuP669JU#y{pf%j^;YtquM5C3uv z7X1Em*iE07$DoNE?ac1`-#6P>5vx>`(Dn9?jYC1XC^o?mw6-Q(-*Did{wQi}`JJy+ zPl&oFsb|rku?;33(_}scvjYK4hBOlWMH#udp-D-4u|>OyB~@B=$|^uNnXL690)kca zZz4J5<7gJmiu~KTFzg%bt#9dHOw+w?&sSwQbJ`Ry@))jU85}Wfl@ls7oZ#dndt!|Q?9uIKL*M0g`U;D;EYNBbA_XwnQ%x? zz;?*#-Qdpxk~orRRO5cA+o9pgw4=wECHcGPd5y?v=XPYn2PqOZ4pu|$>#MY|^C4P+ z%%jj!E4Ngu3B}d`#|_naFD)UV@oBCSvgE>WxxnMI%1TdO$JNwq28n)LW-hMQ*4B(B zoI7~Ujg6_2J+?(9B}+it@p=B?+2;>!|7js&pVQL*>F8JwEM0oef=3rF; z_z+1hDzvZCieFew*ZKEaMAI%PBH}AN@05MFHcpqhm{USOq_cUUHAY5!8&#I%O?^{G z+&ZxnU8VNv{=a{*EIavPrk=id_zwkml^$L3cznBf|K3zPjzDWMSL?-|E5kwtA%9%V zmzytMy`|AorT4*CiTs)IB|1_m?*c|WNcuYvKvUAv{Bv^|ASVM8!NAH&#@?P4I);GP zu*t~efMUnY%#2k2K#vd-0Z{bSwX`B5BSlP1sA0?rY#Y$Md`e5BD%-K7a0KofBnZgl zEl@>4M;OQqgA*CrHSTyYYXQCkusnW3y9!hYAE4F+UT}r`AuaSOxOsT6ff@nNk)EE8 ztQ@wt!?50e`h*5V7jYRGDv$wy6cUSsMCRqo8$it0uCTu?A|e6`N9b(PgTH_pCln|w zkc}jP)&XY9v}C@BNBW}V?buD@^e@s88hz1g(TK9I$uqxLwGYQDr?Xu^zaSbYA&~tZ97wF(_3K zNJ|7Z5)CvoczKbZ%r7he|Ga)+AQE~2h6V<{0RgD3;bg5KNfQ$jgC7rrb`H?V7l7V| z6bxKkc*3vj9UM^7(n24=x2lQ{7~4;onXzE@43su*=S@ORPR`Yh4F^zmX=`gEwS&<2 zh4lyKB2WulJv&if&AOi9{CIe93ubmPOPo1kyLbuG1WCSf#Km9 zK#TdG_SFxRG(Zz27W5>Pl9B>4A`h_LttLv-JdU@SmJs#`e=Pf#g#U3hzTLZjAK9+b zEHMYmLW-*3cR}_*^YGrm!2xh?g`v!{va*7nNbkUa2y}BIBR>Fb7&Z@nKC4qcOBvn* zOzp$Rk9UBL-*e7+J@Ef1hM7#OzW+}Lar^(J7C2+&cT^`ZDg(p3cmISzco0!iD#Eci zm>(~-A}TB_G)@N=N-yXUB=aJWSFX88ltSR);0S|qgER(YqRzm3QVis9XK8M3W_jED z1RATI(noO11vW8?PNL2Gue0=Hm|nNR3lbwS@V_O><7!6ngi)YYf={74Xt9!Q9vyLxuaZ<9fvVk_E zuV24@^XARhDtf@KSHSLl1{5V==7ShYTv4$frN^Q-`35{>^dbM?QSU5R> z;&TfKdaw$eUNz7o1vP3P#4q?%M@I)Z$RHI#Dtti7CiHJc7wx68@X0fH zZa??ucAj3Htb#(HLvAFHMBp#g{)wsz}MAE@ppoT7jn^I ztzR*u^t^`$19oo)ko6DNhwk6+zI#*Q|8N2B2d^k%f_Ohe#rS6C`O@;T{l+i@(B32@ zC7*I|M1iFxms{k31rG8+;0_rUVkgP9gMDvV3Kx0 zf+LMl1AZ@PEnsJX;z!GNX(!a_B9sKT14b&cCk4cGr}e=G(5IJ%Nq#x-IojrD%s99v zJK3<#czr)ga-2}%6}gsh+-HF=R_MP&5+1TrRE1cDcoA6y5k8lS=#Y(Q$JrMDo}w6Z z4!v^FVR40CFwvfHVqr(!4ee9B2@CH~qkpVK!R1Jn($PW4}?q_7@6 zI&Cv|L-$-2;-llqw|YH zKFMoqUo=SlOif8i&dv@3yYvpkqARhP5k#t=M`YpVMl;Fz+xAE)CkU$>T3YS^^1jl) z1Tr4l{o0vow-3=wdiRVW4F6f}OBEVzxw@}RdeED*9 zFbnscODZqu1B7Ga;)sUxbk4_&(9zK9A@B=&RBcXx_!|{cG7TM_h>Q$|sHiAjUPun( zQ(;ffi@Ir{=g;p#B+MzO`T6q}oXapIo2*;yO1>9x54kVMdtM)$>=}V<3ln570bp^! z-nNBW+iZ{u>0W5(`yo(~|~F#srA0Nqk)X>^#=`qfo;c61a#+TrHqO#y1DdWHQG z>bWcs0f4vLS8AmNacKeA)W|jqh_Fm8CrUAnj*gJ}#h~EeJs1QwPEV6Ur=}Sx7UG1( znO#{409Q(di-BN4-rrj`NiY<)Rn6Uo?r6*PWS1OHt+;1uY6{_vf{Tj)=J&!-%L`^r z!SMqI?O&*po_ENVnf!eW8k)k=M*Wb&@z;7kK+hr%Ck|j^H@CEWffxbNB|K5cN4BA% z0i<`YAUM8y^~TIh0u1?UY^=oP`EdqPN7H1;0-EYR2>5^$WZsT|ej6ET=11Men4 z5Ao9{AZ&|45YNL3NKK{4)v5ZXTk9zSB8FsCOwwNXqV4bBP(Ug0I|Hz?fuB~9T751yo2N|40e?c^aJE~PoE;G9sd^ZLXuMewUanKzE1^ihj~+` zLh4&kwyAsrmUuAaYzaNRB&0A5ub5dwjMF9NMHcA&U-fEfB|3iwZCY^;XA zD{x!ILG=OSdl^uHQ^16191i)wt~s}P%FeEw83(xrsfh%o_UA8Oa2^p6MFQ*=a6kA2 zF8>xh6x!)*Ai8}7Wc_W21VwOCbFb-VYu@C5u+)p+VnZrV1}-9mL}7Y-sSD%$yu1g- z#>NnBl~1vz$VEQFDJ59YmPeK~AS~*G>(HJL4Gc7b_b}_%BfvNBPN*m=C&OU|eLYa* z%Y%LgGG_7HzMGh2f_@-&foBf|F&Wfi*}~^8+mj7I^23I+Gcd0%F+afs$1xin@w=#K zZgJ5MY!Zy)1{`MKTU5lhJyVD2#W@L8|5Q&hy_7gaqgvGR*7$kSdNQkh# zzVd=p_5@55oEI7XfkIzuIrjeZXROSuECUd6$FQ5>!08U>(=mZ)K!Nz9GXQ6HF!JBG z2LkecTE}|05F{^9KimN{?hiOczy93~#1nqfWhfc}oC|~KVHb4w4ejk~4hhJ3x9)kU z*J37@lHPL4&?hT!&O z#Rs@YLv!mn1~hl3gly1!-WO;N&vi~dYobJKY)lG zr2ga-6d#~sYUt`h2hFW;0+8{ARaEe@v$H`ST@QF6dvgQMS^$kHE;Qd1%B*!D@?(LX z)E~G2Aa8>ME`s5v_rry2J65AzK`U<0n{&dT*Cn{c>@7LsLX%wLqO{Z z?|nC%OsEBF5~Pd?F6T9C$qrKL45DGi=F=kn-L>@njuD6T}Il&2gYfpcthEzHb*K)?mg z16j!VPLHZ308&8Z@R=Xjvp$I8;h>Fr&;sTVE5PibHBBnI0Q42eDEaT-zohEzV3w9z zXFZ*pD%#p1Ad#wu!*9mV%`GezKyK=KxQ+)uMcDz4v%5LQ2LH@L0tGqbnZ5@cse_s* z=oJKdt<3D~d&iL=Z~6m{@;Np(5TcAQfIy(Mwsm#+)zt}sNWhO11V|5{h?=Z&!93oX ziKbCfQ)`90M8wC3K$=!QcO4sPhGhrgdM5iLPG;tM*fy$CFfwuJsi0RWk`s7=ukb{r zt~Ex$!wj3&L3k*yswxViK_SB98C=go^$-}m+(5L1lZAu)?8%cSNO>TEsPF5i5lt*` zWJ0RT&h%)dQ_e0@t%7;f32FCtKBF)6a{VeR;h2|EUmy^?fG`C+^)=JT%8KFQa0>J} zb4;r|4$H~EexVC^95q2sg(z|#d5Xl2bvSZeAO%st*#OAA1~!MNhbp<>j1wLQ4kGyj zZvh0y^^7J&6L?xVRsHU^)+p$ky5UqdI*HoZRrAV6h&+d><4IAw*mc z;9L#YvxDb|dO!pK(0n0fUtC@yGk^Q>H^Y+7i3uX;N34R}1;l1{fTba9qX6`_1x6zD z3E+^6r`jsfNlDiV8-5^!^@G=&1x2w+n2BsG>uum7zl4;Pr&|*QOl=h&!!s8^ue*DD z4WUF_SXfx^D8#~$@;JmhNKYbgJtY2s-VPIX57f$gvkfRG!Y?2>q*z(-_c!F`wZQ6Nk*t8-i#W@yZXJ9F9P`3I4h|UP1?tq&BBY3_RG;S}#6G zL35j%$n_Sc#35&4!G;*xh?EQ~)PZ+EZ}b0R?#-imZu`F9ZyB0|QY0A~Op(ewRw|Xu zRLGEuQ!-?hXrfX?LS|A#6qO-UM3M275D`s=;w%-VG(NAxb)9?f|Mq&G{XA>!weEY} z*X9288;e=gk}) zH7R_Q=!X!nxS%Q%XF$}=)SCKlnuq|tGQFpUCh3nDHOiHcsWEE(vgO;-G+dn`Jc@?4 z4oy0|4*w(}w*39GIBj1ymZACgx7TLI8SYN2RvA;Hf#J;ioPMLTYiaYq<7uv;RDW^3 zy7{~O=RZt7p&|b1Tu6sLRE42Q?nN!Pi~2DB@bLd*FOd-UgE5_txQzx@2o+O&8gDq% zE#`a7s=hVM|J_xO?f^}g5`~#~*DYY|;YrmXow$5i4UPC#DsackZvKd-K2k;X>DyQ3 z*Y9F@;}6DK&SEMCY$fP**KXX<>EFMNl<1bF12N|#a$fT`#9KcqLCV~!ag)u!-JnGp zZLX~dJLg2rN(HemB0?e8A%2#&mMeli#Qs}BPQu(h{!=49z!gB>pr)e250IpyjslOu zaog3aHP%;}jRAX*0R}Ui-Mo4ZSzc(0mMr;tM($VhqQCyKJ(@}Wb;eZaVP>q?KR(?!so*0jEM1Ei2Iz%JJT+PNAQTQ#SwpvE!(Oj96qV zs<@`uI^6J*J8OJ8P)rG%EjqR6*w~W2A8!H}5;f!`&)+|Kwr;Bx zOxSTnei`|G{q?>xP8YE6N?yb~>3vnbW5?E@8}#HpK@anUG87}2-YMU6uNsPq7Y(Ox zvdN!47FARGyEsxo>Wb4+a4><$N_t2kN>x=NtlKVL9H^s1(V{Eu+rPh8X?bbsM5%h zsAYnJa(>RRfy0KK!KEQ^ow_A+c*XnS?k`U(1C@z_AK$KURI=4yUv6U!f`dzF%@!_RY)#DBH+&mwLo#_m<=XG?DVAu*WZBlA{`8c?x$9R&6a1yN-?~Lgs9|a%xM( z9v^bnap?)7rHn+nrtCu1?r)=KK7W2UQGn7eU_@7NYdN|NNqYbOy%=d?gJeNb7X1uG z?7y`Gtw8)m10KJnrR4%R??&JlXr!f-BSoD@tk&DJXU_tVTr_fs!*%EkDRRdGRIRKm z8b^SLij9@$AYimNR1ys}#t7*Yx>>Q)bVqwuNJMy1v}~1Y7jVUvP63c`Rm>`NH8n}1 z0-^NZLX6Vu-MfWEanin9w_T>q4KrMX_gMO!I}){r6>wi=!|ydAKR66fb0BJw?^X4k;`u+QP=JD$DIel($F^Ql?A~1@M*3NM)#XvuGwl)~BbXQDd~G?Ul?p zi~w$-I5n*;%~2uErUkdFSaE9>=3qQ}slg+_NLSaQsDT}#!PibR5rrX)5E`THd}AVl z9GHL*OY#>S>wtrt<87RWC?Y8_xQ7m{wSa>_W?M+~yIA(L0PV5&`EyJSzj(j3|1H1o z`t=cqm`zC3Fe;xveUe{iJ7EIN<4#Me9Gh0tKI;nP0hwzbc7mR2h+9sg^FAb)md#!K z&y}9Js1nNopAG~sI;MT$;o8ftUc9IiZevMRvNyK8xY$~XrB1S&J9naGxz$Q(H_eHP z%EpZw6?8c*gf?x7?nYln2ib$3M1byjd5(!}_HFM?^m)A`Ao@}I{ra5*iR~c0OLT6b zqCy4NUeX-6P+q0cqvbaoK~#5--7D~J^@(BpxRhO8L~b_3L?Vx`(nYq**85YQ_)n4oDbJ-mNEFgTbN zUVl{s!Cy~O)6$w~X^AGgrJq0~s;1qZGIy?)ipox{5qqSm0BYl`tvg7E2QS$(m8^3Z zw0;~vJXU&6o7=N!S6EnY=`!A1B0;;qv)*ZT%e%hgyLazI?}V#Ln?;L0|M;Y2+ElAc zX@+Z?70vHNcXI2!Pwzb$aY-XVxS6#<5r9a?*{!|pX?^1nDsqV4oP!{8y{M7Du zZjQ?m&^(L-{SOJg%}u+*!#8>y{ag>GD=SW|iRUtg2*PVqh@f%a47Q9`TnE_E@59U~ zQ_62O;(s!h#6*u{fmxnZ@b=PTDQ{;ERTxd!xSXrtS!4($oJlGw3N0wt?tb{tl{BXA zf{8&#mr1s^dxB3k+0%oFcb*vt5>hi zEsJA#B321bl>$7(r$f>pcYV`q}&Y=Gm9Uxsg*s;O`1qnA2ITZy{ zAktCN0u=gGKKB`2$Vjx37oI0<->!)GIq)Zam~w${h~4j0zOU3n@A&5#>wF`<>YxAa z8=2AH)XKo%ykgmy&9zgDZs|`cZF)O@W8)7?QL4p_FYg|-v7M=@>9Y6Ngx$*U&9z1t z5wwxezN@}2u{+H(6&*G~2}+r~1Zf~Qb$b*UjjA+=-OYK%p1@nWL&0i9<`c%N0>A=} zNW{U!{Yn{i5HHuJ2oX(J$z-CJj6_Ye6=1@rvHDF-GIKyhsTN12@WY3<1HsQ6IS|;S zKjB)mMLcY}jtf%-FrPzpm+XFYHh9O#N(qogSy-~F?OpF zjxShOM1#Y+0ouh>M(o>HK;36FWXL#Co|TpD#PIJUM?cM=7qFF_ZpEfoJ@Ea=!Gm{R zyqNA1UduKVYIuAC@FZD)H)z^J{5Yls*3p6DxU(omS2-vsNX!t0%On3=M7)xuDO08} zozl<=mj{CYa@lhFbT2SvXFdneCQ6x)VUwp(u|}5xiOB%hTJcblF#2+?tfugDUb=M0 z!Gjv$%TjsAeRCWgqai=5yDY>1it^UqtNL3ZzzdDkebzbPY!Z!Zl+Yjk{Aodi0w@un zgo4s5lI$)FZY0lPs#mC4F0c5Y$wLdIF%-)@c5CZG8gyZe3w$0hO^*ZBrt3&GN`r`9 zCNh3ox3-`h2^d!dPA33Uj8<0Si^O6Vf~K0AU&WUQQ@r*BuZIsG-l3ghCHsb6`}_Eq zF5ql;*nxUhxt2OA?>~INy)}eh@*|%o5EV+CB-~RN{k6nsP=jdy*R!L2^^PlR4i+9- zC!(VK0Z|lY1f7`@DOz@xZuZwzqP20_6WnCtlqPl$C}9ENGc96C{y7c;c$?_ufDxWQ ze;#`|kEN-A>|aEj?>@K7FAr*Boq+?V&+@1~3nr?-6a`}g#g}_U<1(qp`g())-;t)> zGcq!Se-ebd*^7R(Ou5;`3!Hitv=+_KihNSER#4ln`thwq+vWbQxciFQ4B&6qih{do zgLAGvX4mq|{TR$MU;LeSgUDY|Q`78{#D`;W^z+ir6@V{y|Ngt|(&hV9(~Vt52R;xz zoWrF5>pw6l;CF`Fcc60=|0(;Pf|~faSwmLIiofBt|9f6CQ?~=QcVM3Zk~RGl{K@p45%0h36^8W(e9W$@7hWkir3wMy+DM6 z2M?AcB4s+!+2m}quLTV{m6y3zz3D*dqX`u z$`vD(a8elURVB|L=>bNnO9$Soxk2H{?31DYb~>g7d|#Ttgt9~)MfPsZF8=yNXCStK zH$bFm!N5(^rJ98+vg1moW$ znN66WgrQm*UN6E}8FRY346YcAn`;RZJVwDii`H-0z%X-^ndPi&E479EfjU^AKj89` zA5TJ;KuAp8#)$wSPlVAYOiWlW;%?xq{vC_@M5ax&u@R2YClV6c5%`w9yF9+624|o< z;A>D?b`p%!U%a^Z;?xu<2fKFdN?U4Sk?v8nW3Gio3l^r+{Nhia3b6CpJ6w*lFH!<< zQA?^`Va!e9`aA&_!qg1crkgxFDh6i~rx+MfLlk`aWQQ`D#5dN?0#`#bmShtwS8!|R8+F~F5~CVKTcos z6@Z7<)r!LN)VXuER6J_T@rlx>{AZKd=$y`A!HT0yI%KB!_?MV%+`w7zh7|`AB!4afhh2j z(-9ophp8{n@>if;OUuFN$;4;k*3>~Ii(vJYW%eu|F@Uy)DS1|Ra$HvVgyntd9Es`* z#UqW3b~A{bNFY4%^yx&}yqg;gX=C|oplob0UWz6cC#oJyXb+FtFd#4>K#XRn^|nA$vsn^VcSBkLMhjoK=GWPS3>?COffwYlXr$!*tK9YHtG22LtyqjvyRW| z-wVi=J}X*Gn?P9ll0Aci_ZvD*ChXzKW17VXmo=h#Cs0_6I+!K5aqEo-D&_G+FvDnk zU|+BU&jJvL*$#&(ng=Ib++zbc?y?eHfDDT=_r_WU zd|r9|U1|YIVjw4+Pnf_<>>3yy@?~dZV@dF;{CIqDacC7n_pM|^K^nTYvQQRhS($K~ zsx0HjNONh3awxl{9&mMMAbpD%!ZWHOlVa|N zdHflpcl*P`{aH2hapPJMn;uY+i3H9tK)REV+N6jZCTY*xHw_v{qe0i}J!7{eLIW2S5#!tkAb}+)e>?$U?G&&`361uZP0{~W|X*JRo|IOHqPA2nv zruAZJl_fW<-eD5RNX$U*2^Jkyq-6HjU#E93BQ4a|xPLa83L{UPUp5l^NmgB5U0A@? za(RJ_B;ZtS?XfxKK#HnmI06>_`1}L_sQsQpz<1gsM`{Xy2KYw5%t=qx{!l1xvaP`; z<=eEe#PL1x_Cu&jaHLdM?f32MK=V2B;OLD5y8&f0&%$-oGWtC)0J&4Wx;A*n4hxp> z+_FphI9&gkbEv7cg!k-T?lgxC4i_baiyJV!vzR%vlR$XsYrC2Hgi>IGiEXxZS&De|$GArYep2wmS^B`7jh&;k|JzTklIdNhA!Lf z_J$+PW5aw+^)|LjRVSFQP>?~`ve%pf=e7>SFCk8m%-={mnPa+YSUgNfao{?KYu@8nE*`EJxr#Q9F_rmj-X2I$?^p9C7m)tddYGuu1TrTOS0ChU z8esBEYamC%bI1>02NZ!wCaxe+!6bh@lx2K}^1hm7`lk7z0vDX%fxn@W-* ztdP_#I8!}%K9~FT?!ArnX#t5(wb5Yiwf5|}z4wyE+>#R^`2lDPmq${K`t4XrV74na zY&bA$O*KP)(Ru>QjwR@kU3QYkTX+t;^`j;nt9W&R;F1=h{M`|qK+J?r+HGkoCGoU` zw=q1$*3wF1ZDB__KsLARa}m!^Ltde)a@2OT_FNG*hXmsk_Z&%1=8p z1~!cMt?SLlfaj)eu)V|;7g`V)w&IbbP`-}1NFo!6uYd$d-B`T>TGOxIC5BIRbQD`N zwA&a>iq^=@M@iK=DH|^(I=FL6h1D^gD)R(<2=(TA*TGHQ8hmb9KLZ102*X=Ac))@F z6f7V2e*DveUAY-_%ZnOr97VyEuC41sxdR{;Mv~q1={n1HfCF;2&}yn79=o!gD;0uE zKB#*TkTukX7-6x;eGZm4h3)Qz%M;-Qk_OLFUVP`kR=4V54`;8`*&g0 zyl1$Hx3@QR6ZPM9bpqB6SPku*ldf8PhD8)FX30CqpFW5UctH)o{Q`N7Z4XFsuB0*Rd;p`^`0mG zFsWH7@3yxR)1vpcHg&RW3H1Y$<1RoHSGsC40@YvnZ<9Ra;vFW()}AZ0>PHGL&amkC ziIDsF>p5FhlA1>X#e~$)6D*B*E2|TnNw^~|diIPl{GeVh&jPdKA8@?l;$8n*5p=V1 z!%`#tUrxoPrE|YFUKY$aJJ$oX@Qu3>`p%yHp0kOWrO!20nR)ZH3QfEl4zvqyEN=XE z>vFOMoUhF73E_X)Pj@&kXYsOE_X`hm_3B|#iPZn<$tl^&-RjyfI~sX z)*dtFmicTS9}~faga*!1woA5maOm|alYVvTanz_$$GFZzaoweh7ey0Jq_WE4sv1A~ zGTZuo2M!#V88vxh>gQpbGoL((tC)2J5DYs{+gAzSjPA?Mog!EabCQ58%>I=1ZX*va2u0myq5cq zJjZPKJ{MBOOdB6Qim2I2s`&LQgVsuWTGOXT9VlDn6G&N1q@A?0kiP`sa|s1bMhXcD zSxM5RLJ+fJG?%*M_QyYep7*LA*y3&H1d|DKrhGT8>tFV2U&=6#@L&Bur>nCOvtu16 zoFGfJQdU-;3;w{RBM&J4#0-lb%{EkZqo-#9NHP^z006O|M&_-j>|6EaX=jAK-8iQY z$hka%2i{9sw`^%f#ZIIJm1xi7S>WnAvYW(zt%$n9=_dnLknKwSYytY3tD=a%|l$EDGt#`U4y-7Qn z==yc!(VUNA<9Au8blCWL$5B@S&&}+YnKr@3#*gw?%(s#;(LPCq;8{^1gSbcUF~v1w z$F_q8T?+eN%q$UVfgpfcXLl#(?CLf~5y&aD>!^-QHX{0@0ygoiwNoxEJGKW1he|nV zWuZBy@na`X{(kaf-Nm2OwBBCqv|`4CH1E@LI#Z7NmmgP_{5n1IEp)LNz8&sNr)w?FDGzSHZeSZ{ z>n%wpo`#UujW;~>EYTQj9_D{5$-7c>>g>+H=8gcdV1snY-`}#4xXXFn)jcTD3Q0CVy^)k3V&^aNoUb>0y^Of z(^x4Nv_W?kMT#IBCjND9Bu%4WVv1|eBtqu%R9|1`!Ji`OR$Eg?(sq4zs`-6>_x|vp zvx_D)R9AJL9@*>U@f-Rtnr%BgKK4P*eEhi1w$*k<3mWA4spl@9Z@9YgV9LENjyu=( zNazt3?0V*T^!ZlZK3orzyISP@s$tYzQ(qNnWm8Vy!Ao6tU3)TY_whYJK|8Bg_N#M@ zDf`vv)93INW9xZ6$Gs1|Cg0)GUv3{_#$chGxV}Vjo`v`Ol$8pGk!N(iMrmyA9l9kn zzK!OvAweGsOhzvUadx`y*xCO@R@PW(G;~KG6Nl1iVA{ZhQ=4DIMGjOY{)Z21A}un_ zNv3OLT-O4K5z45-%T;%7_Pq`~7E;H*qz%@o7~tQ<*rg>UUJ#}r&Q#EhCR$0fK;q5| z^ABiU_1|bU64FJPMUB;S*EG~E6wRvZcI?=pZD24jY9~wxSKwZ8DINc(1rsqgy?yLe z9KnIuiZF`an1A+nX7F$yO}W=A0Ko6)4dA@Be2sYd#+Ffj`nTR z0`$9Zxgpg|Pj$SWO>W2Y8B<2RiJskMO?#E5oHD~{rqv!Z&yVqKP&@3UoPVW-O6H^K=? zBe>9>oS_sBLIfc0hv1SKPF)3HvHd$MsH#cu3g}8Nn!jZ@k%&G5xEvpGWz`42J>Jas z-Z^+(m!ijSZAvUf=^-3pSw$2|LSG4Y5$hiBj35L$X0BT z(eA;>DNdntj9PG}D?Z)TUAwl_!Flc1$amExTRuD)R`9&8tJ}+L&6$~2g57$4)Eo<2 zN5x}a>&2f{HQ();+0FFs=a;>-{RTi&MGR3aFyz5Ryu1aJZfEUkPbc}KF*h$tMUjNFzxikI1 zg4Y*@6eZj*s=MxXaL%0Qtro)wooVM|<4WE?Y5V2%ez*6pG+6)kUIl&T_71zd^Jgb& zAcLwdgZLSFJ6F52**6~>DX%1N)%E^Jw}xZJKUU|botx7;DxpsK%JXxsbLN_K^*^F= zAiU;_f#dqiTect8cf5SXY|J`)%hr)&8?MZH*ssrtMRF4!HtEjxK6WVZi^KU7@s928 z+^l(eI;_Qtc`3V=I)_g^pWxrwM@jok#fpU&w_40h*?fGvlJC*6W9N4}o$$kd{mBiH zmwFi-(XD>F#`5@ZrLEYTRX60_%*9KZQ=b9D@j!BJZQ2mAjyc={bh|Gd2E^WdX!0R! z%r@uJhOdbw?=K`vMQ<{bDj zsn=9QIuQeI{1soWF>LVQ=W%65bR~@sy!SGHv`^~(^yM{Pc{{~%Q%8uZqHo&%|4utS zn{grSCfA;rzWk>jqw~sX)%P}ZFR1Xa&tJATDJ`wC&XUMHF7Qa@hH{;+{?~$ZT$_G5g`kxqLhfG(_^D*)&$hgzJKpt0fNw1>9>SFE3yFbeiY^HN9V} z!~%zAzL*Tfkx?li=M%+6U{b{Q3j>`&Ijxz>$1D=i8o-wL0undb3>CLup&vGfest&N zr!w#Hj&!e-%X-Pc+)Cgx_PwSG)IRtsB^)SH#A^T??3L$7G#*$AsgmhR0Mv&HOO6RLmd^KxtMko1iQ~nCbTcLy0b+%wqn7B%I3% z0tshnpeWHeQx}e_W;UEPfwov$`ZiWm zoao4!Wk#Cz)`@2Fg_tYEG7`kSCk>{onG_3_0-+5cU)GFptOGm-Wm3$^6zf0W%nIXr zicWYi<>?am_ptYzz6$kSq zPiDVEUhRvFt%vlfq{PP364bF54~t>!`KoJTi{zT<`@82R8z^@heNaq!Y2WwOs`3nn z$%wn>rokmWboek=qiHdieohLIm&SNj_z3|y02gE&OXjMlxYkJ4jGJS^O9nyw1+=%6 z+@N!%9q`>Kn~l;=$l&-<9i$rsUS`yLARaIp$l`2&pQ@JG`9@7adA;E5x9WDL1y4Z#%sLL~lzm?E_(?;1L3+_lae49=F zJ~U{XB(LxRZjgc`NZ+8SB{$1&>#}ZM4Yfk<7=HV|YWXO^i0ifcxVwD5{Ux}>ki1ZxkjJ~&_nCr81FB4P|^mf?OC%U=k zR6!A72Tq4>EH6QP#%=ViITMnWe%$g2rByZd2eO|uO;6%TwzCmdZ+CU=uFCVe%vN|LB4kX#{~QS^nnhZULz-gxV>Djp(p&J5+9f#SatP z0`n=!jJk{=UH3Jfk{@v1-Dl6*GPW^a#uzUmb`Y#W?!4(jzlOTs42Ie1DUoe?2T9QU z1lw+Q7TqA80#V@Kk{>=KOtRq>DG^#QH?hJ4Kq_E5Wd0r@svngeBK}=$Aeu@0;9>Ap zm^@2pX7xwz6~qk0ayDIrB=7VCDU_6VzW!_8t(z4w8wgYaSw*UF zk3y0A;{(Mwk1`@#aTe}@lHff^wZ5evHq26+ncKQz(}u6}yux+#w{(^1qNt-W?yg1$ zHC>kpE-sdnCf?~d!6nQG6eHA<) zzToH03pHME$6Q)`{DbyCoZ-cvR$n)osZZ?>Go2e}{8>JHEaqPar*{&b2}BsL!p+@) zsBO!uQ!mKdF)&TrYo~u7wyE}kCxMz>U=T6?kj%)?da4Qli-_J@5HS$e+a2<-kK(c6 zVQEU35tAIid&xe``hIgKHMIgjwTR;#cHDpd=8f;yxzPtkAd{pn2xPjRP6NXJIDc_x zU|=h$2l%dS?xkwGhKZIDU!vgbwD7Cw#?)GBDBs|B{LrRfrK{k4ba1mgSp>S;&P|4I^ijoO*z2T54udz*}(1WQsK9ld-p6Q zG)5hue4<_~ZbzL+B@>mg zecBGNK=WREooUF;=U^JxzT@#ln5}WtoS`hDg}Z5_SzTHgTkG4q_Zj`=P&~ zQvengl7P)6KkC<+iVLS4AHA{cb2ke7Y#GB*sWtk0A12JZX@&K}sf2_nxEkq&+r$Ez z+M(*Sv}E)uWC^56fIv(BRy%3dM5-eAvX$=}9iGZvOiu1a8KRHk?2B2KR%e*!Q@X=;W57!_YTj$xgm`G^N3q_8Rv);dkQ_jRy%$aweiUxKUSmF z0n3yTW-H-H$;a!d3QiaLiQc{U!oxxX451)~_-OyG=F$U{!AIDAXE{ZB9e13iso;XvSRH9b1SKi4paBTE8pw)s%(a`Wm%OvVk&V{PbZp+5b498T2TraKQf%CAM;6wXZci`nn``VNv%+^+GJ6Z4nldpZk1ciOc* zj~0?3{lOks+kUd0DD(<2zF{^ac$3^B=Vzn0g%uXK(G$Z|`7<+lUDSmOyC}8a zA7ukiM9iiO*FH&Q%*B0l9VpWUVG$pLwrA}WdCG7nEauJYI{mELmoHxgw}_@2-kqVi z%a|HPARyT7puMVn-{gPh%t{m`+c9}C(+R(W?3OtRbT@jS(+2g|R%u0`FF0maXG#frA* zzQygksv#|zGYQSo;z;jap{pDFRS5Mv10J`m=vMGAFuajiX80Fykd>*O+V8l}cekK# zL&OyL(utcQO~{&fkc9H}7a&4mme#tWs%j~`S5~eq!y&G^Q#uoSd_!q--1#04J*pEBBa28AZ!t`v4@5>D4PTTW0L$z?aU%;b z1REnYLSz8XT&!bsv@G*szOQigpvWLcTcWE4kFKbE&^u6>j^iw>E8c^m-R)MQF}Znb7OFPSme zX2mf6LCAOi<$%lmE9{m2Oa0dRSMuB9U%xBZtcF7vMj`2TlrvUmGMr3LX9 zMy>m%2DTMdI&jvQOJdDOj?}-|CL>2_rJqZwGS!{Pdn?OccXrqO_ISXy>{WpqTU}eJ zuR>Ixw!Uv@(t!f${=qGqFMX2JICP}X%{C4XdOF<*$|_g3Ti+Q4^_?~Uo7O09@#OD2 zr`ed!RL%Uj$|2dj?wrAPuX3t0C!UW(*yzWe!PPr-kLNnrO|4CPqy9zR@6!+4%;j@c z{Y$H!>gTGeD6al#W|_98)yCiU^V>-S&$i)*B-m}5Hdg!8=g(=bOE!*RAQ5@f;L&IM zys(M-=|3K=aa!WU2b`{T7!aD>;d)r)g4NI6PJOT$xAH;W%Ac#PAHMIKQ};x(bpBQK zcV0IhZfax-W4RO{d1uKDU!_OyeMVM#wvr~Un; ztCYB@(ZO*3kx`Logbh^^=%TR|1_g%RgG(xP4raGXyKDkQ%(4fxG=8amAHS^`F zf4l~s`aFH`(p=g6{=d69-Wb_KC;sp)HS4DLO3DV4+}xHrzsUT#;6qN^8C$GAuKHrp zazm-|gi%YM?%3?Jo3eLYfl8l@ZwlTPEkcitYV~?jY2pAML-Q|_Wuz+kk{v@(?fcQ$`DOb-ZyEyDRc?xk zIjJn=B{qoNh_cY>GaeU*7*H%@p zEUcQX_5MevfiJ%6)=b;={I7qWYwSFFSXL^XGkEJU*A9BeQh%h~9^K$|=k(bzQjgE> zs@tJ9?LWGGOqb-sFQ5PE)3<-xt$m}0Z>rJ@HJG?+wMUy@%W{IE8)WB>AKm=kWYYPk zS-N+eJdb)->3PX{%S-T}D!Qopy_9o_Ozvu;P~NWIY~G9(((^%y-M_!Lxu0Hq)O{g# z1ovccqc7#bZ2pqny;3f0Z2yj9XUvJ4e)I4Rub2nlG&TDS=flENq;&&6fI2OD->on%-l$SvrBf1rvK8mwDb9&d%$F`Br0v~6df8T3= zaMXpf{uhgiGb3F1yflt#oHh8(r;E*#zL=~t>NvFR&dT3UJ!GU@o!9p7nwriJwt4a- zD*Bw_lIv<$_pV5LoYz|F;dMG;@$9#`(brD2|9wF)*}t947xR~``b ze9iNRNeX)m=UZ58nj_uWsWfvzagL?i&5gfrB$jQ>-JreK*7>jHAs6?kwjXnB!2s2t z`9XZ0`{L){yBMzA?eyZJ1XG=?#H6nAU2>fpqn(mC3j5U5KUVqAiamE$F*h#u+=A~1 z_CEhQX39|$&o(>f47RwGY#<}?5M4M|CGTGpk}2(MKz5%666Yd*k|gasHk2n>wj|`rJY?(Nu4UEZ43*k~NDf`#z0%=0A79gJh>S z;?zh|qe>QG;Q$?OP?z~txRecCMMou`D)$l zjK1fkD8E^8tTO$^XY<^E`-8ILmn*$bJ=U5EB{Hm`;C+lmOry8S&pB-(2X_p6acOt6 zUZ;8Wqm>QLxx3G*Dt2F6QWzq4wOm#j>AB(jbdSCJCzmuYnHp34ZsXc}r8`Ye@&#V} zSlvJ8M;FKB4Xq`OBS&2B-=6f`__@V;tB$vij#22oxvr`a%)9^lWJRLC=h12#naEzQ zp|=hOH{Cj@iE8^=Wl(wchyelaA} z$D@bvEdV0Xzo|uPsgVD_^JQt*>{BtiK|wxeO9zr|Cl`(X6ng7qn@KyJ-Q45<`%eTS zIu9H*{wEUe6Ah!&J<>lkPW!w5%Rq;~xzC1eTM$2hWR=s!o%)L=@Qg@#*eskZRn>4c zyjz2#NA_XxJWOKIj+?)YVFuKtkdKTTLWONc*DTD;_)!|J9s#|>2W7Ym{-|Ip(=qkA zsYZd}Dk_32Vh($4LwPq`RYK@L7ad3!e?g59?;zMBQjZARB)EJ%XNrFh691mjvsW)2 zNGUH|&)S{4w;g)W-=yEr>}!BaA0hFjePkY3`r+ox5OrofNB(@NY2;>v0YIj&58;)L|9K@q5>WOQ`g$n83X))LQN;_F zHNk0uc^&^rzq4z6oyeX^niiHsy|hdQ&J?;ifOvjqIy}wBPkgoxU#z2WQOQ2Iy`tr4 z<*At_4+=w!9cHc)E1-CNZd}>Y1ZNxwcN7(rngw zk+5cYr{xno9q&?jIYd_c`2)L_eMD6k*Y3|3A9r7?&!3Nz`_Eg5I`7|C{y*P3B~->W z-sI0xtB;1q7&oQ%2$SG`;!VDFXyP1XEB<-gDSzI!RoI_@S6|fWjz-*U`mJl8l{(CN z=?4Sh4xzz&?bVgWRPv*>bcV8Z<#u!P3)Irc1%$$bO56>KSJ-~zjQKW}>L0&_CV7d4 zg}N2_RfNL9Z?B#+ohW??_(pVLL`!ciz0|B)o7eb*8N!&&J_4O^vv% z!qJd6;Vx!tV$9T`aQuJ+!m4E!khId(w`h=hO+Fe78i`I01t9VY9sCaBxcE#~R%ioo zqkxV&-??#M#<#Ydx@=?W<*`695QanOJ;rRPas`DK21csqHW}-rp-@YrRqnK64eS3D z?JFvp={Y`};b0L1;EOB%(?Mb?zYR=VOf7{QmU;bOp|={@ehv>N9v-ZK(88QkN#lL) zvMD+dq)dRL=U?=Sunp&Kt>R$W$KhZD{KNi3;Uk{#Eno5|+jL5rUWSuNs$ZNSY4WMw3b5D^b&Fjwzay^+1oy~?g2 z9q2p8f-eLl6D^~#Zv(s-zVXK?qeG4NLOKZ7Kaeg6~D*+U0} zT?8p{Gv2wUXN9}BxrGI8_QJob;8LbZ+^ZFf7TKSjGHyTsW3XVbGw@?&#eeo1|62c1 zL^@$yAjCz_pI5}>+Ru%sDSz}rJbo4KS2;E-alzP_el_|X^C#NaNRqHYo$kx%T^I$C z`Ge(A_o==kqPLbx-d`UC>J$L-?acU4Y%*t8*A@j|`wqE2cNZ%xkp6_K`Tf$~rGnt< za;_mQTj5|2P-Ay?9zZv8Gv0VB=pnOsrzIB~e%9HY!d3Kr%Ek^1pJKBbjWY7uiuG*) z4}c#De=4E*{c8qm(jW2A+qa#W0;p`+6&cwbKy_x{S;9|_!+dberlA5T1h}wm^sf7Q z23&3&zf!RB`kHOz=QC=cU@=DlE_8`V4hjMMgr@~i)T)NsRRWxvcVq3w&oewTU8#0> zdPw8bNd_#ZP>w#&!?Z?d(>W7n(B1gBbL&3m9}$*=mO6I{f$qyALybRAo3>sCoC8hM zB#xdCh?-tqw|>1?2u8*7K!@57#mB=8#}Z;IN1b72o1|H7*c(j8wDH9Q@`YrWP9*3b zI^Daz?5cpqFuDPL3nHHBGN$4syKVG_uPl(Da_1$ZJbD>f3D-7V9NdU?fgr4WEokiWV0JD{gokhX6<_gAXxmIoy20x} zEfBO)vHVs|oS;%(lWy?qjR}>fGnv-aI>s{FXO)bH7d*-~4#@D3XGB z;@li#UOyR&K$!RirKLm!<%tK4WOyKHV4Axyrzpa-0Oe-iiMeQi!YeHF-hZy2< z8e@vZE<`OmE~RG-*`!^tJk@}`K%6u)bV;Z(dQ>%S+$1C5t$$KO34f zOaKNWPrwcU0kPf%)?L4IN|X%dS1Tg!>)m&$>}RRYRGfUzqkNmQdIqNZYUtK`auLx$b7W$qHSD6^MRfd_7@;unRV$e zSja^Q!nX13hU4G|Q_8f)Vl{2JQE-?@9_uVa1-em$#16mzCh-fbHrTALO5w|Bz% zx`WCX|DUNj#WMsUYbN3~&SiK>P({Ag1{z+26v13wj!d!oQ$k z0hbC~dHhh_wba0p9wTV(fZkLtvQxkMqM8%u8`3}wb#T9Bz9a-~O8Y{tWgLbzpsEVD zbEt*fcR{qNbA9e)3csqma^0sQpFcKYO%TJcz&CGiwAlIPUoHSHgaHa2goD~($jv{h zt7ABhSfZ_7t;5)-uoB~-SUgp+R~t(~A*>0Z4nQ0u;P0UnEPH!t8yjbcN8V8y75p%$ zR|UCB-_Wo(AJ4=G<-&;RGiRRRO~UQ;W8l=mIoX|N5;-%1_rz6-F;$BG^3~UmQtyvL zP*{b$apn?3eSP5yz>PE-;?1SqmO9#S66x(vLN?hwu~*#At9LcxTGLG2>e+3Kmn8$s zo=hNlLvv5}w-a#RL2&V3`Oj53K1+$ZkAR z;bZ~BEHIhGIh~Em(-h8@xSK?k!GRJZ?bz60*z{tuZ9WG-B?h|~pTG=+y@^-zNf=qv z`RB87aW7#Lg#-&y9)tNbAlQZBzsmdC<#;>o`>XWgrgjX;H%fR{MIfg!SQ+>L!D=nzY zqHslrN^}ykPuefR>BL^c2vjKW{pDZzYYsqR5~}@zuPwjx3WZ_sCn1i)Yoy`^>e&|J zUX}=YpP7fDkC{_Z2(w2@z<^}V1cacm*4A>87}knv144u_p8D_LQX0PIOB?8jZDFWG zP?g`C8F@Y*9t9Q{XsY7vCQRD<;QcQrwBrNaoUNr;Z#!p>R1t`gan=uyBq9W}%mSz@Ln@6zm#& z5Aknoe^38{V&- ztwXbQ&e{ow%85sYDl>4#A@2c!_1u+(6!*6`cZQfDDogP(|8##uq7u#lSl3I(cNGZD zhmacfj@-NjlMCdzayVoO9UJB^p*#h1LN`{1TQGB%xN^Y!+S?>dOvLCr;3D~08Ae

5%9#b5q21CTj6ZM^ZUry5CV;g)jpbHf8+p#3Emh0j_xPZLZlR$%L%j0 z2Epcm;g+d;=LUbrK4jZ}$nOP+Df<{2ihD1pKqysPaFh$}^no@-)t4>+V5o5} z^bH(Q3_`E1bpJM~>liP!?wc!w>aaaLFvjiuPUZXJX!Ri9w^?}Y^-C$gahk+WyAP<; z8He>!3ZX_5mR40ISuH3$Jn0JN|8qPz^wtFN%UcM}AKfz5mNF4E zg9Z!P%Usv`eq1I7sUneS^1;K01ul@mW>~s5vRsz!EgH(gv_SC#=_vdN`Rbf%`}Io{ zXK))EJ6QBPNbZYrpBnwz&Ig?~121?0y(Q77(My<7j~<=kU>KLWzDyGbiLJ1!fIWnX z8FCsV#DTO}q{t$(YUrc)ZK4@g*~cUIS=Z5m@s*&JdtBFr);& z9A*msY5p^%~&6v{g4h3k3SY%`8; z15NQLp)nHJ2e3T_^G;sfbpEjEbO(nZ>PnbjI-m(u{@BgVSU=mND~@4c!gvu0{Fv%* z`ug!6$F^skW$S7UUn#+%#Fshp)se>YDe5lvAVFu zwRE{&gsngu_&p*9H8=dE@uL6h^kwo!FRvecT^&3G&UaXU#hM@K?M%&JHDczGj>l5o zqZy+^?eUnq$L?kAD5!)<9p$Y6QE%VAjYXyd2y)*xoYixJdPxRL=W~p?ut(bx-AM7< z+^0uPybpT}O8?eXlsQ|d7KNJ{CEr-!&_s;4ZHN6{6nbkGEL_ocyw835U%aHeVWeyP zcfk6b33!mW3LAQ;Q6l%CM>m=GAg7CGMDA0_k8utwo;}SuBIZC!Vxt2+3jFVOZIRN` z!$WqYzUn+9k>m~(r^dw_8MrO1toaT!>2`wNXY-NHzZ^hWat1*#HpU=G(B=3E4``vX zQZ}wxbO4tYYfDic3(}w%jSLvjmTDl8+v#w85F{mRiw{`)y`AIFV`xsGj}t0a3WEjz zb(k4GeAe4V#=oA?G^DZJgawmusDc|qW)A{H$Bpz?zSYqrNAdpxRPBLN0{793;36UA zu3fu|?{Hqkb-L{KJV`P}Ax%}E{{1bnC%-r$&iw7kDFk|53{bgt3#R$f}Tu+@4`iMC2ueF-gf#;kG+q?4O47PSH7k2*&)D)n^uT7 z`Zq^AY#nZvv|%!1liLkHCeT*u;!;Qzjg(QWV0^|0x-vo*M^cLx(3m>8+ba7L4E=hHYHc&PY6qZL4~Xlh9vqJP=e``2WVUydF-M&%sDp<9-h zawvW8mL*G5Gv5@WukC1<&hu^OToxbP|3A1X{t45|#}E4^8BuwEBoc#I13EO#2D<$Zo=f zJK~E|<2N@O{F*$1uLv7Xp1g(Br(E+E~H2ZZ!(A7+;1^_7lQ z&|~5AE220N_g_+475I+M8P(IkK+x1kLzl#MHjov=GboIe46@5oL7}_1ZP|uy~$n^p^ zHb1_O{55$FO}@B=lJV@FoSbX6n+O{SR;W7^!NAoxMG6aR>?A0)!Jq@hsX9F_@snlJ&f?0Nl1IgpI_3f>u1C zWEj_vQpt(UeXnR{eeQfPDU88I_MfiLWvr|N2Jj~k89TC_85s0hpr#Y`J)$3`c7Hzf|a1&2ih3xXj^e?ES~ zgdP0muavu%mY1;ylQqLybK!yoX1s%*L~myUP_od&V~X_f{rjU7WbzW2*N z3reVQe;m943m{b@s1~M>bdfX?WQ$PY<6X68sbQZ!J*0(PfeNGk6(b;7Gn$j|#7ThG zk6ygk1Kd6d)~@(J0}qArSSAo3S$$oh@L`mLxz8y;2Zbw3-Q0GATgsf6V)ENk`$0gk zP=FbFJH@XcIed#}Zka_rH(n=vDqVrNZ;OqebTy5;OaT3bUc~9fF>V_G^RxH5K=%h% zmd=qN)6(xtCRXg0JRTet#xa;X!O^yraVP(^^s@@p7;9-MWZ-JzpKZpC3#9c534ZwD z!!a&mM5ct7r1YFJkU`?!$jJPDt@=Qlzd>d4xwv>Q;3OeKDR(rTH^rxl%B|+6`j&p8 zD!DXc!bHSV%2Zd-7;!@O516M|_r~i5`vozKxKNd%MTiK? zGAkAlEw_OwA$IF~*~y`v2tV>O$wg3u=`LCm+{9dgST*&bR;!F}!m5^PLX*$S_9=r1 z-=6M@ogz%Hm=vhK!@|5rxQ#HV7(EkXo`$)`HMINk5?Jf}vmPOqvbcMR@g1m^=+jn~ zJlE!^il#^kxD6QVbap?^!Ked@mUW;~?LxRQxM`*-kKMfwHAgiqp1u#Ctn z-ce__kBQA#^cJ9&iseVL2apRUdsdaGh+hZnCvIjDSLg!$FIchSLg@>QO>ts?Ck2G$ z8j1_1Xw1b8P*keO&Lx$xxWH0h;BKRqY>!-F#||aoL`D$mEWS6?k-%Tuvtoh4dr-~^ z|Gdiylzt}>qHuYuAAKj84l6vt&L!GQX24HECMApkeMb)E@Y2Am0dC+w>Q2-t?wGb-b~*FFbORdd{4s zoLNBKD%;!vvoA77QIX*?v|*fO)n1-EEOic}1p+UBPWKR8@^xYPc7Ep%wc-sQM4Ep8Nm(AAdEha8Z)TOeK}QLnTEe8bUUakv*?mqEIx< zhLq7#N>SM(NeWp>Sy@q5M#(Co|LyMm`TmaM|2f{D<9J_hmwLUP&&N3L=Xu`GJDqvp zx$rb|MPH6RUES+9Zyuz1v{8#9o?xBbifEZ6Fyu{nxt+qsAcW=DmYf!K1+xwksMjmhL$Ge;Hqs_o%QPyL^3g(6$BDX7Zn5)y=?X9ihgdoaBYI&y47~c0oI) zkD=g-4hcD$Mkq|?`9ZVlBnck8eFYA2+WcR9iq3udw2(%U2@|&18(c;<0ObiKTlVJ7 za6I<|ttTLi3xABLfC?dU0A?NE_y+uPB;BP{a?-E^NxEmik^^ZMX*}VGXpVpwwtE6_ zLV_IeN(F(|vL2Pw6h>YdH4#!72*iRXz1fSy?6hw&w(WL~G(|mru%BuUR}Gd1%Hz znrq(!VnkvRw+a{MGNwaH9FzdYE>8dia06>!eS~V9iON4@w~d~p5VoJ7s#)@G<4)}J z^qAs>P-E??F^39~gHX9yh`F#Ao9Nk+GDR`2`zJXSm^T<^ic1mX>U*{2u(z9{Hd_2nCH^P>;zj^~rsFd=EIx{=m*AWQcKiKbgsG}kV$ ziFbyOo<)Bu`kL#p*^QWyq!M5i%g#&g!@Dr@Yi})s3E}WI2@a=KxVkLFK~fqN4wpCc z*?8HTxu7Nek~mWfuAArcqL_r{X!UMMSYYW`N5|+gyT293Gc|60in~johh8}DMSeFh zFu2}5DBbjs!CZGQq`zudnW)EeJUjxa9v(c*eBb%Nu(78GeI5_o$ho)q4dqx=28~;*O|G`<>n!sZ>x4MWgHla1Jer5Gt8TY)@Vv8$>*VE zB?$OD6RZvD)f*E;euX}rEl zd&-p;0qJdM^V=j^+54Vd?MP=`dVV)2hs?_n@s2QnXWn(|*efcY{{^n+!I0zB#9z8a z@nz`w9QtvL+Gh~50kgyC8HI6gfTmtcgVr9ib*4gZ;etaUor!m;8rDkAthBVAoES|w z39%gs?MIa&W4}t^;I(mt`5f|2`v&&}&Au6$A1?bFo-M;3mE4IFFIzbkbIZ%me)K)b<0d5T8| z`QGv;JF>mZLJ7M-AsNIqoD3G<}uFEN$2 zB4(vqanSo5GWH3wik%dd!;!oA#h00@Iy5j$=qdG(Sa2cl^38rVk+3G(q~d$@zT$cd zn<2bXtq&fX7U+terGNNklHUzBvoH#K34+dU>B&i-OOc?Z@?n%Cvq)K_CZN7d8j3BcVDkeSdkvynv^h2HVT)h%^3PY5Q35_~MrWU%q zdgj7Z;XZV*d3t)zK=x%S@e7@A-zsW|g=olsguLs~Ls)uoMv=TI)hPdC_LEq&Y4NjR zJ`qZaQ`xuqir+t1K~o9u&kB=f`1rLCP@!Io?;=b9zuais^51K3o#AMYxy3Yy2}h?W zDR?H=(7Qk8XGRrQp|y!!j+u0C%#GeR;^ez3Bw$(&6;|KJ?uk^ zV?!mv`&&}BW*a`(Sg$eYeJcu<$l(~Vsfm>N1kUe%oICTU8z)eX|kIXEBC8|%UZtXe|a3kjjj+IVa59lUB!qbe;L?TS3HN~CE z@n%dE(+34?E*MmX|oz!@2PxpMcxvNGIiA%U`kYXpw_0$XhjeDdI%_lPfC29dMMFFbLSp|_x z=jME>c1hXbf;q&WwMmZSz<^9nYV-bLcd9(%qjZUnl&ptfyLe%5wDUK(r5;3(p#-v! zIVm+&?lLEn6F=Ll{uS4cgYg8yw~)Xf3fK$kuI$6lkdK++wh1c-$&eD_R>{5) z#Z@d&2tZ8(tTsvqCJ8K1!=*u%(_$(7ARXX%>*EyMMY_?MJ^Yy~?|cHAhrQlB^=C=eO4wQg2L zMqKQYf`j4ZA z8(otEqup|29?X1Q^QWXV^HQK`&o&iHy4`u#L=_xXzNkA6WKQHSObThDNS z?O;-kqCa1(sCB{2G68`ue3EG?IGPie!L|H(O-;Q{Z5(wKKHxgZhZcDmNk~Bj(8+J3 zzyGyES8;wZYoiNZ^%8N6_35Kx%c$@c+-fa;FSgso2_8eZfatLRjsl46(aCzwYW_n% zH12|^$id=AKQb8`fuL76EIF~C^>nKmtsvk|QrxKY2QtgCc^CMgjzfk_>3hJAtQMWn zZj-e{bcB?ZalV}b&t1FNDm{E%%+4IxXbf#z`Sdaom}ngClwyX?x87Tklom0+IUPzS8v#@Td!ud zhc??Atj+zmh)^^V3L20u@(-OPw+s!O-Tad)i+r4uB$!|PT{uD{%7GM@kk+Se{Vy0? z8c)dh+4jqZM2AZlxq-&q!}1W(Av&*j3Tg;_P{LBfG&}-=Up5P}I_>lG@Ab6=rIszP z(NXE6_5EYE`!|kEKhB=63%VX7pYU&5$@Nf?_b{|e=Q8hlbh3f7GVfxfs3}63@jgA7 zvBH7yg8Y1*1BT?wIXPu}&taQuWCPZ(3^p)lNIcaz*dI*s9MIWLp|E+UgM4aNc+ zM!zGm{+k6D3&D)7r4tv2JHMN0x6L0q(R5yDv_6;`S2{d^L&5+lBy~vopYfD+tbXku zYC_Ue;k+AEL z<3AoB9^+UEak~!{c+tXzhP!N7q9aF)9Jydpzg^B{fb6eCVJYBD!tm9-W&z|h`Q9Om ztNbj}b5D8P3xsRsx|_n)_@%0SHb7BWoohzp4#R|mi+!5+m2gj^>o6G3LAbc>^fUk=d%6AN z?Bf6a6%K!rLuOnDIG;b?$Hc_G(CGJjCqqr^Q-|y$EForI{LLJ5A)1?t$$?!TpBzm=DKvkF>e@?FSAXykJti_fXM1*eaNrgg&UnQ5`w{U69NI zNF0}}C3A0h^xnNQ({(#+(Y{jBj+GwGl`32dYNt^fhj<%4vp{p1rzmiVp_d8cG@Mi@ zHY{1VGBugM5O8H|*O)_xwy-^4LYZaLkN=s=fX~olvt5{x7{(>vnn^%M=dZFV@=Mr~ zWwuHpurMpLdf45Xdr{TFKFg8ZmZYG`ciF!?#-vY7o1yga~U^+~X6I z(G|@BLk%81X_eNR!SGF%d~Zo!UuN}tx{vnl?@bZx-JYCTCSH2 zlEX_$HWW|SuWvo-X&JHv-J}5FBfM$_^a{fzBJ`JCyavB)LqI^@+I=+-3b~s8l2#xh zF;?~J`E>3zK6M(^o?I`KE2*Kznrf073y1kPs^iuzr{wY75?zeMpCo}b#F8+C+^K9m zJ2-OZb0@B1v^FRdT12d=LIkx)rB5LAoBXIP^rT_MS7?6yg56k-Ro-k54cnhA&VhuW z8%;RcBG}#7(&|1KYu2N-X+CV9Z$l>C;Z4#9;isvaOYgm zf!9b`x5h>ZzZf{g!Aui_6~ry>rKSRX{|*W3ZT)N;#|6}{#J|&$B+eqaNN3&o+Wg_6 z>o`G@Qd9HsCOp`UYdA;|SUYr0l`l0VrxAHYlpCFtmO>lo<$+{T;)4~2VRjQQ{I^QE z`S@I!L1)ODiiLo>5!!Wl@Xh@Exs+;MciA9_kF$$+X6WYuqp(1`_+VKpUn!nDD!wzj zcH7kl7~_2g7PW2LwzQWY5dga=*y#r}0z~~rmC&>8PsRZ-5N=;MbEfp3E&B9eA52o4Rkq9au!;%@V<6H&q5efV$_n&d({%^1^n{gIKr!DZOw z>=c&X1j)^%BC}o2r{o)2u3;ZE^x?RZPmZIj-kMeAMV%DuVWRZ%z_0Ropr-rw=@Z9e zq?jLlY=$2sSyEamZaSq(#QfBILz&&Cn8!SBPNkU_F_ko41$^WZn}_(QSV+BZ+uO(} z5CbiZWSR$>!BWk^_T0P`uX)tYL9_tuxY)5SA6(eThoPS1_uB9J_c+{{GKomh3FFjj z8iJVmL5LURGU@lV4lB`2L+TpyEOXv>cf_GAuNl%4$@1B{R7wo3v z$ntfk5Iw)@{RqWI2P+Z}D}yIpTt8H4Dee_+PF=)SF*i?~VbSvbjl8^> z{P;#b@D0Cwk}Ln?TqO%Ifr$+|o}CYtN8Z%Lf$}7TN{_ zXj^Rkk-c^;PFOu#l3hF&EWqvPQu*7sZ?woh$}?CEd-mC>aQC^IN|PM$cS+V0*4%a~})TNi(p8=uV6?AjjP z{vhO8>hz08=Z~{8YhKWxydRFi#w-*VncB4#zli!19}30b{$(^B!W|% zWZ(Tbp33hZX&l{A9}#ZzW;xDf7zqlMLeqX2?a{MJvNk}jjEuJn>&Y^opt1Km=|3#* zMBcD^M7dO<3Lnn1WO+fyiO^vp(~l#C4wOZB>G_WggCyF@XX9Egj_`}^G#7P#1CxEsAmn)53#&G18H{uiDBA5opSu{gvj##9wT z^0qW`kqLEytM>KtD6&AycH$VJZXVt}T*a_*)DYab(nCP`*yuN#wzZtSjOD@hqleLxUd~r!3r`GRF?9(#4mZ$0yiF zOqhMRai2a=ad(v9$|js&xGPv9bp@5fY*jz|^$Zsf&6!yo?>#XCQXkkEhS=z(<`mY< z%}fukxEQ`-7g8qDmjcl9*J4EaqV$|NCw*;sHupk!<6nh0K6aaUOjS|}VUw{4>_CiG zb7!OA4ZZ~9B!jwzrN-_{&-U(azpl)3lwo#6EDfhGpx8Yqqc!_Rq~q@0KW#F*Z{2qX zkIsst;dYey4m9D6<44&AiV|9cg&sf}ByX}Yn_egv4j$<6&5jrEoPCVXPMC|dnVTHv zELzmm*w|Q_AEjYboUvM32BED?Od0(w`T@0r-N~uDnw3%$I2wh$eVAT4 z_&o}hW%uyTMn5}DezQ`QheJUq4*0(x|v^S zATlR9i^<*bpj8<*2p!U-P2a!MRJkMQv2r>xsh=W?N>FkZv9@TvcYUteF@0&@6e?iq zrgJ?#nke{r*3`)c4hOb^*L?KoLHRue8{xZM0A9{-a*5WANz+~?3m6X|yqPtSL$w)kCWo_G89cHHt6-s;aT2{*30 z+&XY1N7sCLBTjWUn~y!4kpuhp`PP8vqOR=;{7*;Pg zw<~MSw?{E12w~0V%$XyR2J&*{py6FB)GYs8y>ca+m^Vsg6kU1|G>b>s+gs5j1S91b zH=^mVk->6YvmQZvP*IKBwc9^n%y1}jiO-jU8!@nw8dsJe2v%ZQsVeZ*IVIS)CI?QJ zi-NN|(J@B(fVuZ}Zb#58hjZ57k(sple*L-k+<_=)n3WsK68SgCVuM&qK-ULOxm=?4be6FooA=xJXGx{rhATtR0 zkTf<ZqS9O~}&g0kx`|V1HM^6Q@_gmy}Jq zk`$~w;qRIN%w#yA3Pd1SX3EE7&Dsw1p*FtE@&$YeRgYeUIZ)_Mx#6%67=m-yu>Kt8 zvG`Iuys9{kA$~&Jqg$G^-blZc*M}GLH0kh?N}x$fO>0N)KLCf27DmNq?M**x8!vV1vToQc}1sckw%66Sm1%IJn5m< z^7aqyjutbF)2kQlVZCnMp1V=o=8Hb3_w-+WNiuk08T6c7CP4ATNhgg6$Lyq9G1gGC z`s3;6lDEtA%*xMqa9#8xh6#@sUapO$S=_0&c|8ggPQ;`0`&k7J<1Yt%OG0mxz8c;? zLaJD%~t|iOSye%f-$u(A!>Y;4MkJfNtBv%}HH#laK`NBC z4E*B(j^Hi9mRuX$ylG;%W0H&hvHzMFE>*pVs_0_W(#7bW@r^nOx@g{9%q1tAz9@hH zzRtKwLinz{*-NIR8&=JaaZa+E{Y_g@`^LOZ#-;dn{gM4{fFjX3UJX4@z8xjq$^{R{yzQpbTtYa{o+Hjd$%USAyC_)$LZ8D9WuN-`*n73i@Hlss48VQ9Pvol)SMkT z4s8p3{%b^O%i3xSPKq3FUDl1w?zmJ}tL8-dsZ&>YuYHefzBbu#N}}_bj#gGH=wK@$ zRxt~Ipty`jCwH#W%ITUB4#B?}LX+;4wB?^>F`;+;qN0VY$rB#;$}hZPBy%Z?U7AvOo@#7=DHSa323ys;1dowT+Lc0A#@#R-qWG4;`8tP;)pS!yGZzig^Bl)am9!)>K&)miuS? zbIULK=gQCDzmH$L{1zcftgt>kdN@?G5f=c#J9jW&e-m$ArswC4dac{GwfD2U1S41l z#gl*<_njH!l3-)J@LysfZBjt3A1_G8wgbX` zw~fU;dZV^cx@evXv(tCjZz`$EW8<_ORfWJiJ~ElSJDt0krt8BWqu-cPfp$sRt!6koHZmfD$jqcR^QV{HV&U&Z6_|x5 zlB%rlk?q$;`H%HXy+nrDKhOv!pjb4AEhrx_0eaadTrp z8VUb%Z~6MbQ9x;l8e%xWDVN7BYnEd6txs#M^c=gsn-Yk!?Z5M-O^jnSOoVX%^7|1U z5htWo9EC_#j#C_=TzlYjnwJ`jCc(A0Z{I%EH}51un$m|FT+CfybaDAXLU8xZ0PbkB z8AKO?AQpc&CgBlK_0n}A{2#U`X>S6|rDJmkNi=EQTNScQ!l1-`B_u9VqC#zX0hXRLm!H|&bI9bEvGa8fL%;8gm_2Iv1L-)W-0Tb z=I70v`T4qkDAt*7CMKS=)&!Tq01E(0{>b7)SmUQYBipFxu~yAev0Q_^%{(hD7WGbc zNy^3;u+!v>`QEE*E~FtWt!W3)~$v8c>H6WmqE!et{{4pN2ULHH~?wvb3)%-S6K&f`zTA$ap7g0dZ_S3_3 zk-6p|UNgMqUh-867`3>&@`e7bI8c1sVcC4XB=2-u`Nu%bC}^s&IOe&Ji%uBn)>(Yr z@LyA0Z&I9#0gqjN@>&K)N1&(TuaAtImKv;Kbjka(X(kNor2uIW+)ID`9k#YnS()qA`~#*p&>9zd~{rGl0J-s z%#q%s32omFx3ugD7NPQ2QJ}A&ZynyfV(b+5YcJ|rS&RU>_~KL7uJ)oeUMw4zHrDgl z^+T{Qf&=7%LLq7)Um?_~KX{S$bfesee8n6?S6WxPi zjf;3pYK!p6Xa>p(wx=@t$K|j~BWx#z6OQiN>F}PfB=DV(l;$m3e3?|rnPs)~=(r>o zY!)rHA39M@p|)%1&W_zb{%(Rb;}U=;{l9M>+-aq8ub2;053d?S4mSWR?CqO)JUH64 z#Cy;O){AfEgn{=CIVUx5(?%L|6!m^!jXWZf4~JU}tKBk6jpJv+^mY0t=n&{yc2Y$! zbE{r=Nf9#sdJ!9EjKkHO9GRAC{q-W-QA!EATV8mowMq-sg4zf7jKHGeH)Wr0lmXhX zBwQep^uo;~kf#ojPe%ft;kTtzn{}`*GzG9CZzpbmnxArQou)50TUN~QErCP)#~HQs z*_e|pnhn>a@3HLv_#G_eR+*dYYO?D400CpRu_b6;9{uo#Jh;iHk2?N{`n4Md4zk?( ztAnlWCB8$wO~%w*?78@#C%w4Jd9w{rg#UZxu2;1Njn7=V$hmTBOIoh*t3BQW0S||D z)3_0 zhLP8ER@Bcor)Vl6)37%1kLV4@rWPmLF)U~T{KYJ8&zI%r^A+4Y;=_3lg@e1xY7Nl_z zi{|Qgcm23FUSoi=35Jg5iV@ZxPXl`H!&8eU&wMq8yF|NHt1c&qcpHsejoB67eK?@w z4PDKa!L&$pLFDLBw1~1mPWfOjTF*El9>L&~W)}=mE_Lce=E}$XfxLQ1uS7G`Rvog@ zxiCA9qGp;icW(Hk^Sb3-kV?4#+Vbp19x?LZ!iH8f5{wmq5HW)@cHpclO=2#Rys`@t zaV}KjBjm90iH^fu_cI{NOr&8x9G8DAY#AL0*st?2j2y?rU|r0iCAR|NlQ->?QF81O zMFu)fI&$O|(>_8>TrVA_X)7hWag!#q@sSR~{e%*`lag5)_s$|d4_l2yN&w~UW@a5K zZXm6SNWG@2%z43BtD#)2zEBoTnl*cH!f5)CSfy|O5Og*lJpneiz+O0R{6MxeF1pO$BoGcYt4M}gAM@6lxq!aJK^kX(x_1kA6=_AT64qguVxQ> z=nLzn`KSVKCmC|ScOJyW#YF@MJC}L>d9>bk`HSp&@(wRw-o&jo1#S1smoKB@7wy`? z3@^DbXM@!IDs^-thxLtqCM^bYZ|)fegQOgd(8C4p9GiSmtH-pPoW5auYV#!|=G@t{ z1$2&a57XGvO$k!>7~;-_=7n};h5GzdbX7ODChsvZK0cQYg{1&6RXJj`0=6YA=7hY( zN)4BvMzi!@=BqCx!vLu9wxq-&z{+y&+_@az88$Zu?Q#g`^eN2BlBV;M3FB&F)te?h z5J7Z&^7w7eNui>`$s&@E1RS8(QD37d1ytCiVME9BPx5yOP5?8|r$~-U$BE7T@9@JE z4Sg_4h=K;%kDusnJ?#ZBfUX@qpbH<{cfo5|){KL7zn<4Q0}l8yYd_A*zlu&hTt#J* zZs&2+jiBB4^_{PQ1V8e>CakC!5IL_n#zw2v}Pog(ozbg$nmd&tWj(( zaicyY?+6j9akG{Rq!1(ER>Xk=w|RXn1Yg_)2QQfP%DWvqU-oB1A4W`S#2#-&tr(*F zpuPf?@EyjQoHH5)ZCO-qAis&6C=-r`pr1@gadkTQhniy|R~{AE3PwJ8><@66?XA20} zC6kPhlk1@3z{2AlZ1Fkq?S@Ip&@0k*k+I(cf&g`DbgpOIDAk)B#BGHuJ zLFU4xoE%kdur>pO9ir%GmR5eQBphTpoVPo}!?$qwOMIbt`XL~now*3$gLL$hino;3 zhWG=@!^>__>|cUo;(}MGy?iLbI;ym1shQZgp~WQBl#@r~Z9!X%(_6S`5!99{3+=9{ zZ~kU(BWROS7AU0r74Yyf%$f=xlu3bZH2!5StD`H}i>C;kK@4DdxkP>LG50nDVoxx- z+Og_|43`2VNslg>R{f6L4);swcE({FDj*(?JM=SEd#n$?SjcX9TT$VFPX;y2naHt| z(^tNHUiXLR^0urjCpGhDAV^sX@1S+t$h8~Ie)*r_XDmPF`SZG2Judi1V)!RWp!1QG zl(#QmS}Il&gK@Y1g&?}WsF}iNUD+CQ`t%Q-k(+Zb#(INUZE9`c$nYIYWDw~vp{kKKgj z$iPUAJ5^ss!tB^MeCY(X5HtzZW@)q?-K)gBuBMqJgZ1+;s>&pNCJr>lpv9{!wxvu9 z73%^c;?#p@csGRb%QEfSs3A$vohq)a)h0iyE5VlQeO6>%fmo7QHF zY-E6xSR1&iW??sU|x8{RkCwX!nNHC-1!O)i#_7ylM`{#=Pd9y6tTt5blzku<>)@{A>D zf#dNWA^7`5=!ezvg6Z7VyWs4%FCF{#J#p02yp=9E0W$G;#UE))Ac?l z+vLfZFbJH>qyr&+G0AB3uBvAH$7^(*IxTZ?x5=lha4K*}Oc1LLC(gZ{eAjrl+(6U< zAiN2t{-W3!?4s3w^<~OHYXN8 zZG-tqnl5w4O|I*Wi;O9UTOqf^zGJP?F~}>D`X1%DzQ|_48^=tqHS&w%U79AcYZ6@! z-}U&kU($as{{F5bEoZd6%(rTQLXmIqWEkK=Q_U~oo@W=q>La#gADwz$++fUF4x6_Y zrA6PUZdM+HS?0`1D1KGHK?9jiymaNt9R5ACnlF{TJCv@RI*IL1>(ul(8KExY+Sp%N zEL6v{%iXt?t7!U$7u>yj_e7g06JaOGJiu+Ul)y}S3gn|6v}%$l;UeT?fGS6#} zi=;8&$ut8-8M7k(=3i)ONv^_>^|h|0JxUx}V+xa;2_ixf{pZn`M+Uibd5N$lCbBm)~p#d59~Bnn^qW@Bt_eMJFajHQ`rmc z!Z?drCNuaF(vm2LIGiVZs&q8ddC58{pJ&$%^JeM)+K)r7d_&$C$&Er$Evt`(53XfY z^xuMtTi4Ed2l|-|{*tGFnMSOoWLwI$AfXe1YZ|kS{zk?>J?96cDJY<_X1Kf8mzSqY~^-3<(kl*K}=bN#>Ma;ntEl18fsR_ zr%(TIS#P_z$z1cKwj+gA78rz12^CoSa+RsU3+L8Z#!$Dhw4GCe8H;;>nyHCbB^;&S>1pjaHNm#MPGhwm^ zGA)MueWzoW&j@wh*<0wa0kX}Z8xa^SR@)CMO67R*sx%IA2 zn>N`uZ+-~b)7~HePV_P~&&MB?TNwV@0N)|VKta1iONkdoOOvu5U9Zjk%AwVJ^u3r$ zI~Rb~$cIPX>dS;M1>7*_Wj~_12d%HIb{n~(`#*44a@XkoN0apQt!626@O?i#GI@aV z3=Z~cVgpWIqrT{IBg}XtTn4IJnoV_6@VmagA7^hYhA?B7#4OH*B6NA^V7p+wrA!8-u4x3Pk7(~m z5Cwa&6fW6(Qo@w(QdK5V39!)oH$1T0L*0Le(uj9WF;inW5!O1|N>_Z`_vY*j$T+~~ zllmJgGo$YLbD)zH8hm=L2b21(y3OQRx`8+O4n8j4qhrub>O7z~SSF3Af|9Ub__(<=#*jU;E*GL2G zrrF}#ef)SYRZf(jpM#e6Ke*E7&!4{}B_txkmKaGt%a~KEaV+Bby=STlXM7t<_Aa@N z&|(!QD=?aypI_OJzX7|kr0@5@!U502p$sX2PwuFsy(U~iO2x|`#XY)o*}`&;qbIG$ z)N=>N@3+%9JLNV(4Fh(=h&pu-PhR!)oZio63`pgG|7%yKmc8&}LXwL>e5Fc;)&43Q z`AOHPo-!=338h_}Do(93op4f+23;U_j%(7jf3#S~?ssIYMCg7Y}2q5*=F+=I)Yf5h<2m74iO3}W$6HK_#AtiE6; z$Xj^^1^P4BLrZ7BCZ-3wG-2MVS=`IItl(@?jsC8F0BeM-cH+`u1-w$%u>&2zWN1>OkC=wZo!x5dg#mIqD|;qysLjNv zKsk4KbbDI@@;CurrN(r^yCy!7NrZCDit;3e{h=!>aU{JVPBOJ}SU zq|D8LL!%XSQTmTxQXiix3jxG_Zd`&ogPPZyMd7pSO0;LKtNNSYQ1Pz@gA=7FI)KzPziT48Vq zVE4#}qy*M7eG1u>PInJRsaSlD4>Q*dmJB6WK@gWTiiuQ)%YG|RkqTlK-69IL#U&^n zqItTmpROJ98YNBQcLBt7{syg*P5plv6VdVUe!xy~YbY>2_@PR+pyumIR;7=U3Sl;* z6&8Ro5VJ4J3`9#kPI)-&ppIW)OGRIaNlo2BCfH&3q+_(sN%9IAQIcv_VIM;ajl?as z$J>30Oq}Um*-=tX0%+2iSs*MY9~ab-L#q<}OFht!%yg&QrFrZjyh|-aVZV1Tmpe0k z`71k2lzr;bAa-dT)l9PDy=veN5e=*599UMu8o3qQ4%J&_wo7gjR#PnO&e5gW)* zG5o$}4O5uuc~;_P1ZKt&AEQv)xCynh1!@831(3!jf9-lOv^s)w|pr-ggIU1y?0hAU?b*WJ6 z-IP6Qbtmr3gYNL~6iYei_!z(&h#sXt*TK8^55Z9qeod41Fpj%UWR|dC`AIL?Ffx@J z#OC+gXX77JlH3Rgib0TE^07m1E{-guxhrzQKx(jrOOJf(!IPGBG%?5xKC~0WC9Qm% zO2C5+*j`24<`fm7m$x8ck+?OPXg#A-&-c(K>YAG36N=?m$RrtAR+NmL=}YGCUxM_qB}iJQDNgZ!R{U4(?HUDR?29JCcUg z5R}FEk>S#WNX}J^3Dyi?!)9b|u{C?`eE;@sM@}nn&L*;DK%0Q`DGS$4yNZ8#Df(($cCL|C!ni<`rX2s-s{j5Qv2I0yD7xC{+%V!E5Ph!8MixcJM^db)<+ zm`IFB@xzB{Tsd?I39iiB*mVe03G~!>*91BdQcmed3Wfp{br~J`_4YX)bHafG&vf?x zLF6Pr-d#Bwq2NMBhPJx;C4SkY$&-&G;Qj4)`~J3IQ(4{Z6*IMc(VSWh$|vEslR`ef zbG%*lx6!t?Gif_P7O@4+GT|%&Xn6w9^XpeaW-gGT-A*sqZS)I*whI}c3+WUJ6*O-f zZ&!K&Kx4Bx)EfGLQE0aCDDnqPe*N+#4nnU%6K#ts@3EdxhjDBV_uj2Z0mF8(|K+sU z)3MG;uGp+`VqQ$Y&Fbd)`+ElZk&3D#5U$qEkoYR+jVGX-FSkS%6TQ_%i>lQ6S zUHAOS1V>CyM6+R!&@Y14&-YyN^xU`NDjLOKoOR@-|F>q%XDB%ON``>_t9l$N2$19$5XUk~hkiNRD)_Y>OY`BY8ol|#@#&J}0s#~c4+L4B!!h)?1EYhP zo-Iqs`A#nVG!Txtk=cFv^^4~zfBX8CN9jqvb8s0PrYkm1S#x+hRkI+gLiG4CRvfcG zYigve{R4?&d38LEhzNOp+`;s;G-=#;?Zw7lwa~jSvmr9?o$iHA2el*a(4jXAhF?Xp znEJLAs4;(7Q$7#D!~LDq(P0C4GDLoWU;iT_BAb!7Pf-3cgmlS4~yl z{{815Y1wL-)TSRh7RwF8n0vOL6${*nH|0cKAjvW80SyVa~PEKPVH!KMYUx^zDt*3SS_G1(qE5^JC&c)lcQ;#KXqD^d~ zlWG<>fK!r7@BaOFJ14pHj8>bFtJ!8UU|3gyC1g2H0@W;thY&qJhpUN-nu7g1rpo)u zpvOg_aK!%D^Qee6~Ry)6^n~cygTyd^E%Nt zcm4Y0&ed^)opYhzp9g^chCYC=u2pMath#aSnl!sN@{x`vJOD~*oLp=aF@CxCj+kMw zO}p1d1!j-&!DT?$dMZW(284@LH1W6rEG%7-^W5CTsvBZ*<_)Iv8j5}t+{PU`SM-jC z3b&@NMh9#B;Lod49?*$Xr?hI-==(7mxC(xz@q;6Ge6S<*;;D1xR~LWz(o348;DUNi znPz~)2aZ$StpBqde#7+ld#1g0iK1Z$e#{YVi%Xs-)=@ELPtOf{XYnBG)(>Uv(ch!p zp+i2T^NWZTn0^in{`aWO)9m&A=#QccV~gVLt5@=|AdS>U6z?_c8!d7E!I->HrdfWC zy1FYo{3@_nc?Om)+hF1W*)6YG2uUtRehVhdvjB8#)AO5Kb9M91>MrC*SvLuPz@}PG zGx6!oZM%BC#+s{DGt}5P2zmqn*HIy|v7WRZE0=(oY=dDRTYUBWQ#%M=K#D^C>0ii6rdRKkawE{c~J#3Lo~{Fr%<+A~q=YEZ5L|ricb0ON<%* zWrc*YP#{>gRxsxx&Gj5@gEOm-FFh=gbVgxn7i+5;A9hK?ys08Jjm4#&M}dZ!zs$ei z9&8er+_3<<4_lqBW_azWMRvs+ul5mxSG@V~#Pr|W>+(-Of5|J8A_A`q zL(OlNB_$-lQa4C*HCc(#A#bd+P~V6NFl&n{_wm3bS`z#9yybsDZ8<Y-twbKy^Nt3p+IgCqH`%V_5^ zolhuG<&Pg%!NrknyZc=&oyk!k!{P!1)i7x_j($BL==v?(>I?hpQ25+DG`1w_)P(70 z6Ugm4c1#0WWXADFB})ey8W~xF=np3+ON0OoJM@!ny8NQ({elS{r1>l*W#RtiK{OK4 z@NvE9A_q;v6D<>0A7lX;v?*DG0O_16M6tQ+J19ofxN68)Cx|2Iaw0Rj{2&jbv%Y@( z?L$#l1T=%DEeQscfu^)sRC}56yCaUNhvn@pXoMh5JfAz z?hny_^qMSLVUKx=5B5%*I(3^6t#n%6?BijA?re#ULbywg>Qt@YuZw53QP5A(^8wML zKK>=VAmnj8Mty!at#o*_jrDU7lXQZs#&#!hq|~ei}^TIZEa~ZPP(`s-?HWWF2NuPwHY) zYlT-pO$&-2)kmv!P;NH(oDoJfrYg%Y9vB%LzkgV$ExG0}3lf-Eviz)Tx?8=F?{j{2 z)Sct(JpI3q%UcY6&T$$PwijJR^d)N0*HgNAJg%_hX<0n&-y1I|AB#(zYl{^g9xOq6O>l{-IH~E^qiSl2nR!Au$9D)PRhQIU2>9#KZaS6c zTKBy*z9WeSfMjinlB^!ouFJ=2Zw~VjGznkOQIZZkggJ@F&#U21Q$nV}*J$PL9`E|J z#kcU-wfEO&E-~}A@Oq*#bO)8Tf7ny3ZhIDh%aw|%2lU_lv-ld?K^i3$Vowa=Mlj6H z&%ef-P1k@4O)i@#{UqYZcGmGnq}L^e96CtlFCrxrqrvBl=UZ5qaQIjRuBJ54XzEn2 z2BJ-(T?lQCCbreftOLv{9NdwIHLT5eA#BGXRLg;d|ECylQ2zE!QoE8&Q-- zDvqt3Y&06|w5_98LC$N$8xTeeZyFYf-67K=HCwh^M$fdUI8>E>79Bk+-i)0zNo|9L z&*8&Hl+&}gvEANrM_hq@lh6gyPy7CNCtMR3dcE))xxB=j?HqoWi;E+dRV`}BN=bXP z5Pv6g(R9S=QvV^jWXM|+7S4_5prZU_FzyZ>P&QTVJFgAi*Y7bzP-IAePDEeIPnf-z zEJ;tMCD}2r5T%d1i2DWoRdU2A>2vUyZ;p}~lCs$Q z+OgxOPmhEEV%p1;F5Rf$`M~Smbky}&0pQqzD!}rOI3~mrze~MMo9p{}Od9$-+?;MQ%(e^bhxu<9<|lH1uZ z1o;0svc~`VV$N*wpcD2l@m8EOdJwFHo-cGZT%JvIN7pe2hIBopbct9x6o+i~Svst@ zIEVoz_CF;}F8cKXN6v8a3J%B?nS_p=6MB(Sfs!K5#E(A_{rX;SzO zhv<|fDcp_)_b&a*pwjxr#>u83=d?0KFM)^TxTj_~*YVB%_g7 zS@odYSgAt5q?E*%xJc)`Mh&mniSX5w{EwTdGK~ot#7Z%bGfvOg_(rt_N)*SdF1e%1 z7K(X1X?y;t(Erw)5T3KlzT&9cdr(EcN@WckFHOxMEGVUpEV*KmSJ@c_d>=zo)5w}z z7Nbo%>{@(huc;&R2=o-1Iy%2@&wZpx#XVeMXkwBwrkInhk)pKhSAWuHwYON}>t^Im zdmdn5R|y-ui%Db88$C_6`P}k3bB+gGe$n%JwRQd=S}?I2+^il?+d)q=N2`86r|_5D z4(!L#6jyKzX8KCkRZ!itxlQ!i8SYw=huPErZHGD)6tPLn+q~e&OP5!UheU7>A({d9qFZ5|N26YjCduzP;SQ`srnF(*cAbBnd5!v zpM60>Kv?z5A31SigyIhBkL|Ew8$NH~2ASnH1-wy6eq8GghPttY7MA0TPj@v*7!75t z;WRoTsDBV)Iw5mz?|Wp}!Eo0RO*fQ4a^M<{+G%$6kJKehS4<9`t zlT$j1qrV+r>bXps(V1$n%^k82x!*i}7A1+Q4~hAoZ@*{ORvu%^lJ?^4`^qwd_HLsT z&5|yF+i+0qG4qsQ1Y_e-yzQ+IqpziQC0!{gpQ9`eu+WExYDL~@5mRLoGR5>NwoNN5 z8rzAqzh2a6z<|>R?=0%oudkt)Gd3u(V(#%rFyBMU>4{lKu&kBU)~Ob^Hg5s~wQ!o+ zE)lM?d1ZcrvTZCx4g|Bt;47t{ZFpv+yw%-)Kg-Qc+k66R?m7+|;cu|q@T4MXj$g+B zgtE79ZLIp42F5y?!BA{1JaettI~eern-AeX34vTLRk3!7^X+ceAggSYOR0*<;TE*` zu!h6Jl{Qb zWfTYgxl?L$tGJJ_aM~kgZoBQ+vAH8|lRc)3@NZrib6a;6Ud|~1Pd5W?-K&dY9Ip*5 za-TCNaCER$rRNaDw$y(&PH=J2+tp5?%cd`1_4?J9n$Z3GpO$p&w1~afF!6a_9m1Ka z4`5Vh|8z3Y_Y^bnR^NT@+y{dkT-F1;UB-_efg89>Nz~IZv0tHTH5#hk)I0h8Q>z$9 z8!oJGYUe(C4hb+Tq%)@ercYWeTb`UZWf0!2^gNBI{4W1&Db#!Oh>*%&Gso~3*k9j1 z?Q5y#=Q4HbXx7S2)!`=!N4YE}lGA14L|YDZJ;f@^olKP(3lDg~=n~sRV{Eg| z$L2e!w$fcwOn)yyWW2Cw%t5zqT{%dT;PIcGz<^W##<$^jAPTM|P4%63`4VeJXTQU= zX$M@R_!Q$Sj<;-DP1Qm~cdosb_4dcg8+=rim0D_QHV?m{&qqIY`gCf@)xE!0eEem% zJfp?Qx}Q5olx@GFA@Lw@F?4oYURRtkwt*1|FSh5bIWD(M15`QAupPPlJ>GT|ab9(()j!eGgE1LyGt zuGlgmB@c)xH4e8t%@mu!4pVN1Z_jn>_cn!ji_M^Q(r0mLrhe(_2^+M^>Qi~?tqcz` zWu`4zSL3M79QLs3Kw}P`y+z-x)^E~vHQBvqg(u$mg^U2tpSMD(?!*zG&kHm!Vy{P# zSk0P&Ii5PQ&TjPRZ8Zz)43^vv$D+fm71s~0+}g|dr2qaoy1BfAW2uhrBJYUP(l`vm zTv_8a;{C{?*OAVvmweyFQl^O`X~i^Ybsw{@AwYyeqJ(0KVRn~5e@zr(HlvKaLt+ot z4YG8DO6+xGPwU*>77`Zb{x!i0p#0!-13HnlMTWoq{GQ`)g-7}Oy{oWxxzYkTKeo?~4mmF531fOM7oKPD$QjUQj%+uIu&q31u}p(c5hlB!LwcEk2NuFhK< zz~5}Tdn#fqeIB5Tob5*@oeV6mwmE2l<%Jc>xv!STkI&n` zZ{Jd89rM|SGu;iV$p*|rolD3R>L?BKWI2l_30}~Ne^T3@#<|IJ6@LbFT;6_Ni|*l# z`QwBY;ot-VLQkyeprZoiDwo;iR|=kxa3{Sz+<-A8W<$FTNIdw|)$G@YK3D2KKKJFc z?o+8;S6yJ6{IMzZIs{z~=u>J|(wggwUghKMbr3(Js#cI6X$+SN3%?v`apzyI-v)?^ zF3zt{x3N;OC6=~NiGOX{L8sO22Cue);gnYL_B$G25fe8;Yu~3&pQ^LqU^gwMPHl(R z;&5q~doBd?Ri>H@9yjiu>7T>@6JHlD)hKE!m>B1YlH5 zqdwnm#B9}F5AVOY-z5BoHHX>pD#>=H8uA=+z&9n>j61#LvnRvM4u=?+8faW!aI3PW zcFu!-Kz}@*rvguhBXp5$}a-+$?^VWn4rtvdT?bl{$DVot-z>$$)u|FkTX7ijbJfFgnB z67BrVII7ubs9Qx(rL7A(n`*UdcPlY@R50R0Y;?56hdl`ibJ`t=ztWs=V$f*k-o2|X zEKK4d2n!M)UvKW*H>SmXjiIExFJuQ-3U=+?*N4(!FfMgHq2I~nO^mj|bSlA! zwixTMSPcMSNtq4=Y=XFJP_NTsTh?8<>L|%p3d*&lT5K1;)Rxg*k*2XZoV*pUs+v>f zks(y%6tdVvd4mGY-G`G*CfCVYonY3XO^l;Is9x6Yf5 zVVmm9^hbhIW)=Cqe_ZpeJ8=?OZ@xsN>5Pu2M#mOTldaeOcB7B9<}(5|9<;9IuEl;G z#8+^m!BFGk63z`AlYTrZ2>{2*vZmtnXZ$unewy=*z=_Q0Td-oxYsfxmzQb{v-1OT) zD=&Yg=y8L^jSHnJc_Y)wDHyln>qixul6 z3V!y?nVrVza2xzBWPV|R6R!sAt*x~c`u)fq{{C;_rb74avqyHu(`m%H*mA`!nYN5* zfAcxc+rNK<%zzd4hMIRFzvgk90{8ozBL$oB!vz%Wi4X-cnR!G}`jIqTs(0_-Kiav; z8~O+oJVrZ@9|w3~od?=lg+@l&F~CYi>Mv%}?U~!5RjZK@2vo)+Ky3%PMfyD0N7Vo{m(^j9c(kzB&_h2YAzRgl z#Gt8N7V$?1lanW>)(9;UM{GuZw4*~(Re#8Q- z1ULL|X{f`NY!}GPLT{P814|i1>jbAeK`Zt4nzS0rthz7Z0 z+y4FS`kVp`7enH9n{vj{zVBHId*TDfuvp@;t1(qWn*#X`GH4#sHMYI`Gdg~`f1RGU zh6=Fu$rD|-H8vPBGg}oxG9WiLL~qH_A;Qv20yl0D3P174LjT63q%^_#$F*cIuh3ChP7-mVBv!Tf2nl_Wnad!DZwrE#t^adV2ADABQnxB(7Pk+t92{w0rv0++^AA zK*)Ck)x2eTJfjzUIZli6N_p=x!Hz-M%aFrlitGQEg57h#fUEc*daeH83Qp3+Si*Oe zxu$2&t_j&>a9R%r(SkKp-gLYf?*+(g({0WKHm86|223jY4SRf*AvTiH!{k`tt^39i z&~Yt!<$}04$HYD~=f{kX#~$NgVKw|iVyH}&0!ueg$Ve1%w(Q%#U%X$^3Di+H;nupZ z1taZC9-dODzkndo9<+RRyQTzL3=Nb4#b@4JC$zkRdTti*<^?u|0pjVYQLg1r!z`Pq}Kv00hxV z*OAR8)4(HP@TQW7|1rfP_sSKGy|)smPi)+^2EZ^+V*fD4eBIAb+OW0tA5c93savYw z%lHf#(<{aipI0JneO6X0F$Ea7T!w0$_cAAdfgI@D_&In+)?7l-+#KcWoPe|B19-sh(fZWjEt;`QpwIr zWEPbXvZIVbR+O1h$SlhGJ&d;bqVkNfes?;BmN>painI9{*kdOdjl{L0(r*Svr< zK0xdWDb2w>?3f|ofagWiB!i{^eLa|TO-*7?Bw_LNp$pdt*!+8tfdLydsVZ9gN3Z|_ z^d?$QNOO^3tBr4(7#gbLz+Z;#-UoyvOlabHY*2(gg+g53Etu926Ze zn}?!lM5;t5v3mm}!^H-56M=;SX^W&wBZ{FNfxw=B*#IA*>%QP({8dH zf`<=hVfV=z5;=UB9}izS^54+TJ_rjV$KS*NLhMJn#>UY`FU?@9u-M~34XJ6RXACiP z5?6^|{J@6H0!}W-!!h$7Yuj_GJ;*4z8p1uOjiL0 z@KMp5gaTg1Er%}k4p1*5-T?^_f%qnNriN91%oUJW0jnwiyGH!cVdo%#7=)!AwG^f* zYrLI=%7+H$v`e?M&pCjy9YDgMLf7Elg`lb^?|L%F6qngQBje)-dc45J)=n+VuIN0(S`AzC8hU;P}p5Ql4Rub3CX=^46&0wc=RX)FeTxMRBdb4!l8hiY9jOu zTa-jVJ8EVkPKGEP0p6`5pC;kdU*J}Fr$O&*cqAkk;i9J%v@O*}iRBM_ zkgS4&^ad9KZJj3Fak4VUYK*h$7Uh4)M3T)hEh)G)?CnY6W%w3&p9RZ47TtRc_@+aqlwrw?p_Y+}Q(1E|q)Zf-l$-12ZS}1fyu??px zg#-nWO5a9P2EHHggncLUX9+j`7r)=`Q}w{XKQY%&=ZVWo%&NeSh9>r1h=cCYqvsbf zs;3_3PJHFSnNVI{;)>t{=}oR40j_!*OO=?n%ec2Ee`5w|Tn&%EAazgRPo(eiRISt$ z_El}QzikG(ge3>%O%QMfbj77c-lds~+a1*@A)~f|2ZJ^R2<1&|J;dbm)`P6NMiqPk z8~>!4n3&@4t3dZo%#4Ejlo*!^=#u|3rq>)nA^PEv4Q#v&*ky6X-$cp=OvS-{edYuK zh;9xf(Rr_|ZPL#DP&NQFy8d_Zz@wO$Bqqn~%$*pYj{X7(bbot3)I&u;jAa3ub=)$% z!0U#Ao?iav!^qmJwSPs7eE~@>E^3ZK988$4)fvaqH;{c2qmxiFG(aX4U+LuXQw}`2 z@kLnWJ14B<@mxf}`+;NYO|1tp{f1~}@KiEZt1u8gLl=>X{u_yhF7G4(5i9Yj;?MQC z$B!e4$PyI3s9~(@{&oEl#cczVBzh#aqAJDUM zU}8ZP`mF5d&l|xE)Y!kWhK>Yel1nWPFoMy6N0Q9WZv0xx3rrEk899trb?$(8`z}A_ zb2DE&WI62Fu?dI~?xa6G5SVSppTb&b3-Hfl&y${zg}9SDKxtloxmSq_lL)VaoeV8c zMQKWl{VO8B9rV8VZbn_BwKuo>$ryMLq5}acqtjko6}>Oe8HzhU_xgfl-knGy#Y`WP zq&8+D1*0Sdc#&{_d+i4-(W%3!dJp(bM!?o4ZAz0((L6|2V%St9SNv0g9`Cz+35P zlGY*ZzY^ABC&33%H^EK|{!XJm&_JKM)Mv1sfZ6`~(D#KE!qWPuPYIL5v0{ z5;7VU`$nDYzX#R5*Ht(n&#>8aetsZTN1!a$5N%o~{i03+O zVG)hX-3Cw$fxK-qOvF!!bPt?)*{CdEBN%p~9CeAIySoHK_sq#37+MVo-Uznd_+)PY zbo(JUg>f(g58i#O^;Z#%2vz_vv41h?sXm$mfISZ~GHf$$l;B?I;GvL$1n~A>dqlPv zBeP;@1?QbEI#_^&myo&f8r3>)?m{wQ>%$1bhj0qrg?DNp=}h7Ipm>+>$nGGbN-sD# ze9$Zx6%yhDM<@Z@0xQ2AYxD`N=~CB&ZI|xCBx4NX0fqi8&>x9cXW=vfVcUVm?CHetnRCg=KHMca;?NrM zB7LzybPlmrooKlS>pSVGQ$IZ;!US*$r(iwMFE<6cfUBqra50yW-G%NJwxp-|`Fi-& z4UcLw@LRI;eR6E7}PU=nQ{mYS}P&NE$$q3DMXvr+dfe>j*b_4A8# zxXe<(>O2p~9|i{LGgKK>OFv(&;fX@Y^k<)G2@S5~_mL4bY+sL{L+_lp)$x5NlTq8p zZIH%;C^_$Cp_|0zzZ!&w`9R`DEPSFE1}yRed?jO>1si4s>2OQCzFsU1fDmYflvFWqKocsNO94ZJVh8oNq@gNk&cY>Sqfko{YiUX zubIBunO$*A>go3ZrcFUu#V`=_C6R%0hm>726WBbb7@t#f(m}kr-qBuHukOe03=%!s zglz2AEvTd$E`N?;!u|P&M-No)R-uD0}}{R-dgv#O+WuI1g#9P8!+RBIMG2&XP*9xiM@}pY(6wLhT*X1 z!g67(<*^aBgN7@l_vq%A`GBG7GXTOKwWU0Hp>%S819yA&~xU6}d!6HYVCs=-SU z?J@FSU;nJl7h%M0BxKpl5n9lyF`iOVM*cg|HQ}r-IQ>dnui$O+1TlBeosftxqvSoN zsWA%=Gdy29_?*umKRI60>@|qXBnU|T0h%0iJf*MYXgl+FKDq@2G#cdQHg2RGoq;OJ zq~2gXDd+j~EWoIr@!oU|45IJ>v38$-$zyf_Nf?ZnE_FOg5CLhSF3JEQSo+UEs2~Qr zXn&#gcAP@HN!;Ds7^n~K7XY_>3BN@AE^%78e?JOg&7&@}-CG4Pm3<~aMF2_=MiA$~ zYxuEqR(tTMbf96=!1jsU6>Xxh1xsIYJ0_^-J?`oyXiB=?`d%Ydg+mJh;#3TMLrm2( zWUsg5RI>PO7Ey8x?F0nzcX7$FMI9B~$l7nsz@Y1>GepR{aBLHCmuTK$f(r%ehPDhe zA}t=+_svz3{tFcK=oZjfIT+C<0``K45F5uRx?Dm{20jY3ubBV(bz<~~-rnPh2#q_B z?Gqk0v;xdHq0S>=4c8MQ$kJRfLTd%rlY@gKN!L^~sw6%+IaUyXL|{vJeeEpW8U@U%Y$&W|$$`m{hOTi^>pB8&0CuA>UlxB4xyiDS?r%KV*J)5JVi!o&pu zJL@-b-G@m@5m14TK=FYb?Rq#q#PP^O$bWR*YU==!5Qs_91oVVgCkB%d^CDL0^tRIP zPwhCi1MeOnDS?pT4WjX40BnQ-d=INmy@J*(4C>g7tB;Lz8%+#Kbent8QFu%n@X;1!U*s z)PiZl;X(Lb5FS7e#*hAr0VeDbo=+e#M1TdLEU?q~57*b&Qh-=2YTdEwcu3H~AZj=q zYGmXD5R)7D_%i6PL>L~@#8N~{5(+OcQL#EdfAVBBc)&RIhRC-bO-R#-Mp|E=7G{aU zmoL?k@QT2MkD3DakDxgtG^$8jCcy=UVYdc6DV|hSlo}YCvQt{RnEAyRO3lkhECi!J ztf+DCO2ZID{4UYxz!^pGwO`9UsqrgBY6!@q!JNCjXYM!e$Q2=`SNZ+!Hp6qP1rI^q z4~~9s8StJBSgGO|ih!={b!MBxv)foW#0(tVr-Ce7muJ>+_K_f9IETE?IS-4m7OCP0 z#M=vU`4-O8*dsam(DUv92uM5;$SAtx5p;L!)$T(`Ln7V_s#2tD-04zz^_ou(r!ItU zRJeP1@L#`{o0WP1L+~h+LuDWacH8G9_e9{-0kp)hcW>{Lyx#@MC?tR+@<0_2JOcOd zibHfEhL(YIv4v(##F;7>SQ217Vk{BD8cPIAQ?eFQAFJZnt^e{R;lT$kX!tQ-`dgi8 z@n;rP9FThxZ4Z#_5fod_hxgY8u=3u74F^XTk#CG$J1bM)aZ-e^z9I<(dkRD}DhQ{X z!G}%OcE?~b8V=cAL``x0xYNq#hooB{=1eg(Nl4P0G!T2nZHl$aI`Y6%VsE#d!fQE8KNoOLW0*xX!@9Nqb_SIRbAhZEMSpr+eM-iJGY2wW<|Du0Ejtk)Tg^n*fLOsV&ZIiUlF=R${jbEUuGv~y~H@C3A+PeMbV`> zTSxReP=eP(s;hWFwclSxs4YY;87bTiZ5ijqK%KutStD|(tvU{WLQqVs@ZOLfo@+R( zd(@eWKbwOhvV1lJuz42~Qy1|aCM;u2q-a@h8(V-`w3hjGc5sNgbIU$%OFlZR|p!vje0?lX6w+EGbh&>JwHTaGiw2B;b6gXzkGM-vHrY&?3SQ6lS z&wKDlzaq>3du=H-NfqLIN|?_gmvSNK2Szo5u_dS&N(((_r9!}`V>czf1!k6n1i)bg z*sRw9bxzw6NK6QRK_&zvMimdY8*abfzaP&a_P=mEsrMs0;k*7nhkFw?;11}AfScAJ zV+Yem92}PVy{UmNg(4FIIM7b?hRbt9TtqD0{NniWqE9}vQmI={BexkY{eX0j75}Cd zOVFbKu~%XZZWA`MAe_h;W>WCqj<61yH6d$%mGrP_3@}T2Xo2H19^wsSaX!WvS=GCr zE;&(6cioeP1PG@Nc~V;#8a86I3xbz;Ftz}jWdZ+=p6Z~Iyz||9nnH#mBE>@|KIgpk z={qryQC@x~f2RMSK>@pRswlH*?v2H+a`f=lo1Z|{me@Nv4V>iPaQge{M&0fXWy;dC znlH&_?Rt-Rd#GM{=D9QxQkq<%fxG2v5zRZhJNwVQ^tO&FpS}`@Ib;jZ?j9^TKD#H| zYrnzTj@-BI#d7^E&z(OH=9G%`o2B(1o)s19%+x*c9VO}Yjeo^bvk!y>6&RaNIKD1#D3Ddvdv!DNM zh{KXHUmt}rLN1G$#I#=fg8LfIWXh>g7eA#U5QY+bwI>M4&qh$nP2_d-L#IOseUoNf z*;!a_wN-E4DJhdYC@sCm@^I;iEk-Ubdb;pnAVbCX?e6Npx`Akt9ZBC_7YFU!&Ce|) zX?)C7mmaU4J#`8G5)Cb_%o9H7tuaOb@9i^bk2D=h3moxJGTW|;CN7^D0ZfSm1KpNb zX2NA6;;bGWj}elDvaLpUpg< zu$(=-;96bAf;DA$>Qq7W6&DwJ+;`B$C4ruE{3wo)+%DqW===G*=jmBGPFIIDFNZ$f zQ~U*I$nKTPl;_02QLqqeYg-xj~I!_!oKHH{ad6NIKaAGOd$y4uiu3x4yiIFS(>3E1|y59kZ zFHv2hP?Qnk+7}fL3KT{QBAT7?<@4k)6hFbaxsI>K1p&%{lHG~CC$H*#0>;>0(HF8v zdE`UQr~`@x+e><0-r6tfewMA%2ifXp+L0%3uW;bKMJoaAVNA$yl+dFoy zHoQHi|1PuQ+Johw^&2nUBgF0h^w^IZoo#EH7nm-Z?2}&q;j5t@dxOO$`r-YAxZWAR zy0KB$@y#0-WL|B`!~!cv1zmL78*d&xJOxqopmf=PAz@iSL{z7JXyjR-Ts@wNyRALZRfaaMhb>(B6=UuyMH>ik6wM}4!YI00d^U6 z^~9Ja|9}AD{_;HrPck0-q2qc1zF2BHI)4A{hzJd^z64jwzyH1z4=>Zv^EIDZ+ukh> z1-O{*J78zWvfL(forU#w`(DvO?@hQjzT~gzJ_M&rWOuMgJDR*Q<7U^e*4??I_~t^D zs4pB#8pmw8`B~m!J&}I<*1pF04u}5?SrJP(G zuUPZ&TD`4Py*O#lYGif#c3j&!9UB{a#BQ_a!*xg}yAiIuE2@c@S2P{6jfWR_aUkJn zTR#IeB3<~B=>`w4%|~C4=@)p|A?!s{o`8g!5Y%2M-EW9#P0)tZ*VlJ2Z20_H=U(w; zH~Tfzly8(FHqBW@@x}X{`O<*H{_2nK%7;GHy)C8vCx3cmFnVv_p+vs={CQQLmC35jMM%q5f3yTpTB4)T%gk+W;=W4^4Urj zpTxwI)x8yzWgZkNI85nvno3jRPzhkKQbW&1I4?kr0t;Ti*^1&>{SXszG@sq_8oY~1 zKA7kQn4i$a!r=`1b>Huav*^XpT%^5z%>*m3^`qFoe#(RwgtH!!2FT&mvGjnP!Y=`f z2{$OI;~SylUs~eksc9M-|1M?vq&Ch=@sn%&_?WNEmd+^x`=~(TktSF|+=StuKM5QN z`Jsf-1}BWGn_CcyjpmjX=-0LbZbqJ@8Y(gP{%HO8A)1QNOn`Yo$Xwk_SL?@*#JFYb zPDEb|#~;DSqgq0tb{%=r5d0!lMYLn`B-g9n7foD3X6ktFqt2F{j{v z4Z8{)MAYbw_L;xKLL5aYOfg%XU-wu?75Xj_N$;9DO5u_jf zAUerlXiorjfq5rvIOt#r59!<>CxoSVW2$(k#OFf#40QXw6?~-yp8-v5wIv;GYrbh) zdd1MhFmQcnC{uE2(a_Xr+wSe#?InzB$J9)<$zx8Px}Ka&E2*JzsM3zw2g^lbak0JF z_+Zgei01qEAJq1w(&P6Fw+_$rJ>74f5U+Z>K8P{=^Z6>YS6HBg(G4a!df?tfX+}v) z`wpN9;irL&7{j?3;W)=#X@I&l{rU5IxFsM+GC+m?mOlfJ8-e~pb+|3AB@`eET1XNS z3`tc(DFGC~5H=e$$ZE#MyNUTJ;7S3)67#{)cohC1>)1i;j>f$&_zp|&+3PYC)*H#n z&C5YYsd`nNlVYboi|LWp|0LQzl{_7#`sD<7Pyu%h=%3HARU*Y;LzJI^#QzS2P3-JXD6gMyHlVT2SfUB4+71ip$ z&jur_D-l|j$Ef^XoYS$<+H}?apBBJJp62RRF_*8hEK^g%?V;4Sj_bcGIv%$RyPw@T z|1W9ZfJhO`^W{qkxMU#=pn(n<=mZKwb#UYeFhng74#fdM?V~Bjy`~@{o-oU+%<@X| zANW69r`mb2v@;-KM0}$*aA4?g)HDI@gn@{`LrnlCga8Xz4i+&XPzB%8b}g%Ur5050CnWbPa~+ z_**K7|2$^TZ~y#kgj|MBeQkfa+5jY?wKhfP?d=4J_{!4!v>u*sCe<`75%gya8y3ES>`Lo*;qN=iFZt3X1+RCdAL%yWL*_>`2^e@#cMc9{@YYCihls@p^>`K&3BF{ltwG!gVGU_b0f zSl0jwVjY|iEdzd24fqk<&{0wN)5Jxgq0z)n$ay*yxG{&aAItw6rUu3qeua*TYc3?x z)YO0e{6YI04mT}Ep%A(xQoMF)l4pNiUY7}S7^t=I z%p@L-{79P4moHr%n&>X&VK0?n%K~m|z!3NDu5ZXT+A;eJh_@ty> zw>uSxu7WO?NaVtzAq9$Jm9E0MJ61vz&P^ZOhU$x{u83y|M*dA9lL?0R$%9c7em ztyolIjI`6ziBYkp0_#LNN zk5nZ|K9pPGlVR6v%u0)!)hR5Js!MJXw<$Rq?XTo}v(4Ui8BhJ+wYC%sqoBjd^480N z+bF4a*3NiNyV}lKQHH9oyZw{0!ffv(aohW-%5zjULJ$>d-SOs?dDXMvn}yhbl0ZjW z88KvStV@ytMad#3KQ!vz@wt<6H}1~d@9EVmO>~d3f1EgSgxE*7zJ6_g739TFG!TZy z#=+&~^4Qtp$BNG}5uRkY9WHfaI2s`@A|XK&3hJgeff%=<0hAw3N=gWFiGW$~orL@S z@!INwEs*az;H!wBLSKtdN3Aa{y^KIxQ-9@&C@%VqY89oOq3W$H(o|IL?yL6o8iV-Q`TBb2(=vhwy}X8F<7_uq7pB(leIt_n?fDIP%X|7q zi4;og(~<#ZSk0KUL!jOS4hY1HojoGOCEuOcs0il^TonNNcR{%gCnH8HM*O%b2LUMr z7OfY|q=HVGnqKiylX_4TOm02!A=+HRTS98fN*a`y>vYHVS2|IRzr*RpuYKm&j;NhJ%5xV{YrdSm4Z{}zwO#eKLR8_RzLlC@kS zQbSK)pEZCU7&v%k;C|bIH$z#Z3MLx=t6_2LemolsQMo0g^OSEXsm-Kih5g`j;-?~) zmp2@By`Pd4aX5f_vTb!nQd`3jL!j^>@+E`haVz){>Ns%tED4D%IbFk>B$<(sDM}QC z@rdI)x+9s6bAIFb*+Y5Rs%CtA*?HM%(JA|Ej~fr4I%WGgg_`p2(ZHLP949|7iP_An zxcE1QZLJ=gx|E}KR-cvibg1FU^~t-+0@Cbq-tSoCy+u6oGwzW$Hw$hfnfCfOW~VMM zOXYs+cymZW=CVq6cX-V0oqfX0oG=NwWZ=a$!YqoV`E{iVA=o2+r3C`D&oCqPU2gSKo=3m8Kk_(beKO8 zcbs9accCz?jAa%Ro|m5P&r4p zoR|H;qaxmOhvGhZ@D!=7y3cchwm~1?N<*7)K+%_)y3fKqO^-JyDx8A3JHGUSX1tuu z4(w3F=N)cWoh=`JKNK)lAzJ;Y<=V=J=y-8IS(>Y!)@gYWe{f-2i=E;XFYQ|5IeF5Q ze6FX!O;(VKIfK59GK^DjEeW=s!H zGz$M9^ZFU`1CFMr`Fe*py3yn0=0^_YJ=VHIO*MZ=IYn+uQI1u{#^(Nm=-|3hn_JY> zLlv#vg2$kVA?jhc13t=VIa~1KjzbUn#hPyUtZ>}^sJbh|6*4`sGyi~UOW5xB&lJ_X@M8NH*r18Lh~?qFe$)2+7|n`?Ngj1L=m=akkA#GS?Fl?;sIVylF;6m|H-!De0@FU&R$p zs)z`l&Ys5LGTGHr2@I9=fV0tj6C+8}va-TJ>W@K+()t(1Xhi*IB_r*2kJK`HTI7pB zZV~$UK8=ZwLbb;v9sGmz;E#|_Hu~=(lalq&msfrMGb}W}m(##$w(oW9Kaj}IHmb#0 z5p66XSu`@NHlyfvQ!eZ5__}+2ZLlnY1jU$d*NnTf+xhJXgyjc$=rr3YOdb26dlR`< zHKF(@H5HueDKhp$==LGX?f%kBj6#IYLBi_}C~22R?lODWP6f&{?Fk)P`Sosj`26aZ ze%`}!r++EFpsT;EE25@((r6pX!q@o=G2hP?r&QuyJTAMMbJFITd)-}~C^nN5hvS5L zw?U7(6T))N%d8QfZHkckBlDA3fZ8 z-1tUF$hnY+VAf?%=>_@O)SWrO&vx5yR8lhpd{awHRk$Eg7ZK;+S}3k|!ipzfgr;`f z{r>7t+QU`>H%*`arp{POf6p8t?mT`>bFOcj?E}h$H*aK5J3X^7wc00@TY2o6y}i1L zQzxllT*9WL+moAZjh`Dd^C@@M7IP}3Wj?+D?lyl9V=!EtIjW@cFNOz>{U2=e<}NhEkx`UdK$17&>2Ru zwXGi(5wVjBhW-tlV9eLAdjPg!q#8i^QQ%sx*|rJoU%s#swh$DU=N%k&Vyp=iH85?z zcc2;@9UUCVG%y}}yW`N|xQInI<%7hwb9+1a`SUSp_fH=;yyd-c^Y50A9!=!(a@r{& z|ERnI5ibsvd;4YwBtMGg$@z?sR&gq^omEogj`{GNJn0_>anXSnfb6BNriKJ_>CuGV zdfu4=dgA?AQ6?(nn=#-95*}KxbA<(Ga&yD#M{1Df3?m~P>Vc}P?&^Zu5h-~&~xLmd0x4jMd3%Rc(+pGp*`hJ~5gQ9Fst za(*n)jyug&Gr!fW|DNus(xR3fYiVs{DcKRPpr}qTedY zM%r`O=YJ}3jfMZU_ABJ#_bVlH_Gt@Fj$z2U_v7~C$^fZ{X9p^5CIZxn#kE_5^YW^l zBF@`Y#lx+4f0K}~ISTf@x+3qt>d7^+!ANCyfQNMB>q6@3U~x}9QN44k2faeisZw7& zuE#Y%o%l0`hr#4gsMtDXuJpwx)|u~DU!U%6@95IZ(L5=a5EGYC_L|8eio?P6jYY9z zD3C!yUrr#!VAtG68+IaSmkiR)slK9&uZvL#`$YilZ7eMoR#u*DN8MxGyTnEW;cCKs z4Ht|U+X0W>F3KI3dY^ORKq34Eke48(jF^!EC(jQTXfdeLk16k$PfV0$=WL6N9^bPk zE!XG9pTz?o&sN`iux(rG?|^TWw|$F>F4@}#kMr=%JABr*Hr9(f;#_#Xo;)N)K6LYJ z#goD^mYq2{^X{IZPoI#2Y{_WUG-hAYl!RkwVA-%M|Wr_DJdG92ulds_EduP!l_?}AH_T> zd=qB>f(XRtMvOP%!hrT5p$ZNRTBIFc_w{WNA+lfzi2zaz2p4FG6gM+~-|bq?U%Ya!-S`<(&#i4~8AncSffHc{Xyju& z)-#d3h-e5x6oxKv3aag;%LM7r)zO_UM3jUm$)E)zNDE|W<1uYQzyU;G!H~w;-@acz z!hPt_RCT%brOQ=oi!H~3hd)1KD7moHv@JeJD@jI!Kic|&DoNwYG{rdE?lUr?qBMyz z^mgOpQ&C6<^-tuqpfL4~i#02XPj|5m&mOdFW zQi|ElpI@HqkLl1p!^W<$!Z~21p-*N#UHw3T`OV7gxxVuLpMCQYqtEx)YH&Wzd+@O! zVb6(~b<>gZp65Mfeq~p-E^sP6Zttl7k=*>vTo}Xcsb!pRK2!~SPs=Vg7a=P4y<#pc zJ@*c4eRu{2tF#v5=@a4PXm@UAqFnV8=1@r~a(F3rB+RN?LBV_e{H{PF>b<8^&+-ArkU<1Jg|1I7Gk2jVTArq^M`8uWR4bU$Hs z+;h+3^yv>|E1rNvJUA6TAg=jOkLtT$E?+o*r%#Q|-W9?u?4>fdRr@|MJ$kyv%3`Mx zC4WW5MCtm60>WC-j{| z_4qZQz-D@VLe(y9&=GtCvB`uwIi539*n)t*(gXG9xn~AVi}!b}S6vf5@%(f!SL3~R z4d?uWa$ibJ_@hYtv6CWZsi)?RN4hZ6Xla5ZtAgZ3Cnpxuoey_Y(CtWVs(&3LWMp}U zNCFjT7fn{Sk^(e%wK2dU|qQ*~#?n+!yOsmdmSu zEMBk2adLA}<)x|SuUlVuYdcc##h)tSi;Zv!`}*A80M*Cktu+%O17a86-}iY|T=KH+ zP{5W?Q(fNuW7a*d4l)`%&i0^Q59ikr4r@tMBRtZ02~I%Dpqf&z&Wjv6R0GW)VOg;c z@2r61>!v{TLB7qY4xgcGUp^+^Z@yq|*wVgb+u`xkgsJ%gi?ZMKx1DyF(10y1zB_Os zQ~Y*R6k)uA#?)wz{v@@BM-xqvntJR&J1ynU`CD|&mGE`cg9XVxZX?eFK zEX-1#F5Gz1({G=_FQE#4W^HZULdW-fh3oV-)`B;)8YfwU9*@sL$r8ZivMzi#T$TI0 zm%uA2PMnJIcJi@d3qNSw5-D+tc>Ype-MVRzbcD*wQ9sCEY4DSRzcGp#I1eV}Wt{zf z!9V=Nc<)H`$OXIZ{iT6Uj*d2lO2tpNgs`Pn5`SJh{eozLk1 zE5(drk*eb7rb^K&XPt7PpVfSs3Y1if5>Mp{6);lBf_ahOs_i8HP7F&NKe7bC+_*~4n8Z1s#Yjd+!e)l8wYi{c@^*6 z2+a)OsD1C?q~h73tl*R#fUq@ebv>E zMXL;S@jmffVss1P7KGl7_^U9~{q53P%QvrdX78CDSjmalHk`Wa0!R?}@bMr0&Xj56 z1#iFdE;ZfLtXCBMBgJq0^E(ne0Y3vz%rPj9?m%nUs36y(vI9`XiDJ@Q{*I4l^@;+< z^xj_xIkIiZb?d`%lcRRSOMO945>Zt9F`sKtwd=c&!(YwJY%c`lcB5Bfx~bNdw>SY( zYhvuomrH56tZ<^h`TqdkKUmowD|$1+1(YgW@@=xQm4Q!L!S}p{#lTi?QYPE6U|*|y z<}`HSe3Pvbk}`Xbsq^fPo3^&(0DxiX?99q@NJ)YHpS=A0_a7VcB57X3_WlC3>8!yx_@+J< z#9!tMmnkUNPTXQJG&54ei^qnC5Oqr3$H!`J4g%zBYqqMr&+l%w%6W&%GI+D+u)cZU z%9vsCj9LHKb@)=(XJuMB#7QSkweT#wIA_~3Qg5#8%;w%;liycNZLoXy$a(7^m+Ey! zu#rcP>ehalx+H61VT*he7HoU#ib_P4tr!^*99u3=zWVP;RH@7pM3{PDWqRi^>wbHC^4_r*o*ePP9eJ^WH`&Io1!?3(`@FMFP3H+i;rwwKL7mOi`o zbyDuhf=Yp1p3}@JFuES29rDOi*XVfe?eW^>3!~2FCVTp`6G0@{9+1mi>N97x!}Djz zZwfkYo&#h}U{o05MERDx1ei?8MyzD7aF{%bS!lV(sYmkr>$+b)745s=$xqh%8LfR> z#dd$K_*b>Y$M+!qAt?@Xzm@Sgt}cUkB(K4KO;8QMWa_h;=Y}RDBPqua#!3we(=LYo z)wA2TS8cca^SAz3JO$emr?N$KCTN~U*4)OKJu%xclZLfXlbRT?ei7<7kK}q$OW%I;ax3uj>ypnQ>~dC(^V(^ zsHvj?fa~J(v)iLu-t}sP9SXVWKm&F*VO|kRb+MfA`tGeyQrDT~0;ZW8dnjpn_|#Wk zRBKzhOT1iM99Hp`=m`lOnRFg#zt$uCNOwO;-~s|*MZ)QAYaYw>-B{dztfjdf$Byuq zDozE1$EtG)l17G>k*!}XuO^EHeNe%bTs26zIg9Cu^T-cZk$z$wwejPio>e)Mu~~ji z*mjCxX`idfLB>NAMdpzZ3-PJjq#?a@vIAYj6O&jd#uOJzn!Qf)_4+(FM?t>pM89+h0VEvFrIS5=66r4&+O-<>#D5r#H*)&HyPWvfCGaW}Wt zul$FF8-6PJaz8j)Xje-bNk>&@1`wwq%9#c+387Gg4$*t;R!DQJrCz9u7 zmG=p_43dyM;ZhDM&lMzEIDo!YDJgw#E-}!7Q zVwsv2lKCP`Kyx)~oqk8U~Cj2Ega}RwD|Cp-dy7KFgpg`?| z>aE7TYHIf%#nrz$EjjP4sLdjXZ{IAk9r;!+tw&44-PxmUbBqcrVg#hay(?F!R{8^e zap3XDuox&QJR)8jz^_+R&=mFHaSB~pXWu&bh>*KE0{x|zZ}*%y(Yk*y{7RGdsu`o=fh@%0Q>1Wu0BEf~uVRfaGo@830CUf`jDi zt=noP<}_(1g)03A6^T6-=VANjPIYV{=*`c_%ch;;v}WL41Ky1Mt28;EFL9&e$yqUavW z@Y%h1K&D}cD?H-~3CYO>8XZwfVq;PC+vM;jBLmDr{#Q$jat67vTuSOEPMvEJIaE_F z=h6Q4Bi)&wKgFcQYLcHBJV=hC08J#7r?I_sW!XWGRgvX6)POQl4fH@aW@b*m&m|3k zxMOUZMB{|w#j;FO`!5-aOD zPF4Qe0ai3OVs&)Bdc_m{Vcs|Yt2{ zG#;#caGZ~c@_hEQ@UDDe9Nj@p<8_8+X21OYQmmGbE|j%*nuNw?30^LsdGP4r?eC9- zr+!E!pM8|lmKb!)RrCn+fy~VIj&@ZK1%<~I{+yY1cEl0j;f%b;38C)JJ{Cv8t?L(3 z!LF5XC`WF3Ow@GuFh?9Tu#Y9n)BVu;NWtFvLda<6$?s+kVSrh`&t!&>s%5ZAn5~_y z2-s4_prYTp+g++fH8wUF{5KWil}AY->94biv_EO!{ZCuNjgy!q zrsrp5Z2Xzt=S5>f{W~&MyLbs~dUz0tMfU8xx&7zfVsW*X9^cDReRU^a)z&_73cB~n zGVR@3j(1;V0wo4KA9Om#KnxmVqa&32`KxPZ-c`&C9-xkMQ4UTh+V^-S@nayJNzbX@ zac(G1cekHDr}OM&eZ|!r^|hz=_JS;7OJ$ZQad(aV`|}Qmpx;|RxqBOblD&h*MZ{1hbls#`bGY z1-0dJ@}npd8%~`go(yaVs(EbUtIGSk`=4Q0o5X{`Z(qNjNA4jw{Yr<1@rbCP7tao+ zV08BR3;QKyv6OkzY;{_J`+oTG1L9hu#GjbXJpu@ZA?|S`?kY=!W=x%7ffM<)=`h>9 zqN89sY^T2Vf7ofy^+A*-u1O7GJqzn4z6l2jh#bXz4EJ&j%2Nn7>$~W*4`2DV%X^F* zJ%J64p@qCGfzq`g6h-?49ifWboM51G`}eGg&% z!`T6buNh4`1GFt8u3|t?U%$BH3-L?@r0N(ldE?QV41e>nW0Xi10ft$Nvuq;6<@%=- zb9Ux1^j6oSqk{(wQik8T*~V{*6CPp^XApZ5p?dIR5P^440&*45+mV@ zvchwEMPyUK+S!>F5IHncEu8d}l&bK+L|fSW*N(Yz?^6soTsrdy<@Boar+tyA_kqW} zE_@Y?X9tb5e6PDcHwv~<=Yjjtsq`Ki8Z(x!DY0EN@-jTm`}v`xlaal8jjnp`TLgN) z>rzf(BByw?SN*DPR%|!3u$Y>jlIr(x%+48}N!d!i&yRmqUhGV5ci@2iicnmAZB^#+ zBEQKKG$}IlKXY@5V;Uu0yNPjd#j97A`|zBam)KHJ-H8~vcF=>&sQZ}m?xD(72vF84N-FgVW)VZnGtJ99 zz{wo)D?JWsBL-7AGLk5X?Qd5?TB9i)xk&qaIo`kD97#n-9Q{)nLHuF^P0Pw}otc_& zm+h;*DqspBtUybghAwyDi;H%x`ryk$zq!f%{Y&)rqn(}2RYyGd1DoBRmshX)daHqq zvs1YCL|rfx_n|7czcwEf%*WyhSrr3=Y?&w19Pki8qxrmJaczq{JiGbKEGIF(-5*Df zV*ZG$D1h@7TicH3TGVm_nG&~mV7CYa{$FBmf9c9a3Q)>xMMZ^DN9_4YcQ%%2#Dv=rnaG--k?6e+ zeL_ki8+mWv$**0+fC>mqkrOoNlSxfO85m}AXDE-qB`f5VA-CzK7~^&y?;Ag#NKrmJ zELrH?a)c)5<&7Nr9#d16@wuoE`oe}zz;EKzg2fQE$YSP9=5h?W=JS~Q2bV2RqKu2x zi`U2_i-)vtR7LV&&7AtD9Al$H(S&X=wfqn*FAU013Sk(L*4sE5k=8cx!(#W{syj`v z!Dubxj9P)!_c*b5(QN8U zmM8teu_d?nZJ#I%Sr26NZ|E35$r0V#W3gS@wp!Nsf7yTP($pYvw zyX>D+8tHZj)IZRhU>T_`}v=lK{l9l@ZXoWfebmK5dQnx;<6??^dGhhbl0bj%J6?b_#Lt*4FcK!zJBf$ zQiU)3zpt*{rh)%^rJRHLB=4aAA-+x;m~XoS0U7a?nNmo~g!p~p>$uYYKmLFV-1QM` z4-4TT!mWZK1^Sh3B*>ru=ZD|{u}O^j#9&)>pBxh^ATl^q-l%}>#ehB{whV`uy90y* zaQokZ%RabiO!{dbR}3K~Lb!hj2C+jyuj1*Z%!WmUk?>?Nz_2OJ0pngrEMt3DS4eug z_1jL2bg=&Yvzrhk7Zte$x406-Ir29kp{G4ojR9l`aS^N>`aOcARw6;*3}~%kMYcMq zScyneVloayRW7sPC_$ZF{{jRLLt3y*ng7b{Ksb!^$Q^ zz&e6gM+IRyClM1Hi{Nn*hyhSK>Ulf%RGSNv!(yb#s|M-ie#YB%Z=n%X)ohiN637k$ z1-^>}*NoGn72?jStxaEE-k*rC-NsDaDV-OKJhbz@&>{N+g4!7*QjV{^3C=^;`bCU)8+jO zv1V!TIwH;!QDWQD;5YB7cnrJdjzDBK8_vC!W>xl+Mf{Sq?AwF{Rs?tb`~QkM^MD%D zun)f_OUaV0B;g<_TiGMRDIrZ8nTjGG$xzBt6lu|kq^uRGkjcJPNJ=p!YZRG^3Q0^T zlP&7Ip85Xx{3Gd{-t)fCb8pXmU%%^jMj<)?7smhG2Mjw6Z)XI<#qe1KYApU1l1}nL%1hwEO5SnrNyUOrdQK)e?pF`d8auh`9J~fB? z?YVMgf^z@T&Fj|GmyI<67WcWlpdcLHwad9pJoiVuwntRul{Fy}vM?&X_bMt5!3BpV zK#$k}T8_6zMlOB8!i$%RV28!J!`wMSQNCs6#6jIu3zr(dxx8SQo+N-~Z?m*$-{wn*`T*=$J8k6$bC00W}@E0l>{r!T4%ws(IJ6iq53MUyG1#Q%YiI$z%c` zEu|sNB$H)&S1Xfj*fK;8FFN|_In-p~L(mhaqoKhW*T<5~bt`vU4(fC|;kSZK5dk#E zeM8?0Eh}{f-oiek>URt4Dh51;Ey~h@4UguxBtdg~g%h|!AxtokQM0*GT-=>g6G@^M z36fPc<8XquLOxh@`uEXdz=@_0p$ovh6-|1O(ukZ4J^Wi*n!Usv;Bcq3AY?A+I@!i9 z{;yBp)^-{YPR82Vv0YI1(qw9N8@*u+W{blho~HmJb4+#5-Fp?AKM1f1D^x*SeHR?6~H@mCW2p8 z!r$;&k^4ULz#TdW^I5$G-WBF6!+IhdZ*Bj(?5=|K#kKHSG)6)UE6zfH%LN z-;5xyx20)Cua$xN!Y95=9v!z%*q%Hi{0K)|Ldng3h>?+zK+lr~7M-vkVqwUM*#$Tu z#GznOV^=hXcj+gj28Fsh_wW7BZu<(CGR$a>SrM4ifC%o|fN|q`(LqLgNI2GqD-$#s z*a%6`14P5l=K$ac1&n?bU2va?N}5vY&zF z+{FL$*Ma8e9L5NU#KXj?;f#ZVS$G(r;pofs8}naBy(+WO{LEw0LP*rGIFA3s9SPw$ zhQyR4hMvV8hT-=JuG3qp8#Ujna@)9M2M7fL^5`z)JwoapGb<*lFbGS}qAqrm`zMa| z`1Zf`=h=01Mhjae6=={aJA z1uZ{f(LzxZBYu)M;3vrpIC$)Z;&iGT*C7dv=lTRm zSRt2*!GGNJge@(Tflkp@?+uAJ&8zb8qq6LcO==8q%aP*HPJ4NARrxsS26Cukeh9qF z3|H5Fj7dQ}p2=yqT&AJ-+u=yAcJw;ugB)B5RTy@8pK*Wq)i!gn{a_|VZ*oP-J4yg} z503AGs)AzY&c8T`xPUH#s0S8jJb(Z z5?Jk~{*CehiOgqpmnNz{D=FEFGblv#8>?5CmlsU2VFgfMl_21K9xXq=A3JkqF0iO0 zp!r5=Z}${IfStYlQK4|nx;eApLNGDEHP2QkoIwoh4$>SUav5R*Hp1KJ>nlJq!x&Vs zU1(2Sc`!g(XF(czR`q5X7y`ZpBay3W8?N+t72kXJX#l?zOp?)?K2@|(5{`><;s#tgV zzWAM<_XRUVDG9=GS;ne9sw&Dp-rhnwP}vOp9if={WZhlgmk?qP+-hcqgy$esMp3iw zp`n3L`*s3Q57bXy*VhmKT9W~ZzMERu($%Z2;YK4{HkXK#=qVMbGk;kktuCgN4EBKp z>Vw;ip?|ZtwzeHHR@?UNyGx!gvL=EnwL5DKC0J_`1=^kK{96g?N~BJX5X8e z_s}-2p}`nmcgX~~4iVv@nU#vw6#*cwroYU;lY@v_VB$g1htQ^M1}}&)cbWJF?4+2S zoT&)L*#X2A>_WfEx&qWHo)JUxyAAKc?^N8a*^LVqzaIqotQ0#zJ5@?z$raJB^!jXR zNy#9ZD@CBjwkirzYGdi_d{9S6hxz$Pmh^SMhG4d$;I^}@PVjL6URtwv4qV$Zx03_0 z08d+BLn+#gj<2IL)@S|t<7`C%hzG7{2PObGqOo>re0&t)+-|;&YE%p#o?b`_Vvlcw z^{1^UmGnh`CoM*QfS*egz4lYpw0D5@i^mbQ4Q6DH6+008@x}D?6g**LL&E^+^@k7E zSk$BRKE3q0I>znBe-S5C?mMRLG!T*5+KNZWoMh(Oy6JK`AfWzu#BLGtW9QEO#(xW( zFY8Nyej$k36y2CKVS)`>RQhnxF`5yI+vtpZZ~d6lswY9wFc&Z3akKb=jIJPniEMX= z>t`o$qwT!C&sUg^TU}vE$R<=ySismlLvg7@Zrm6>J_ZZmPhbi%nP+9TXTtRq7i`JM`nMQm*2ha3q*Jj5IqyP+Db{W zv086jpfSI__Az_UUG%FXGyeEnFp5iXpg)>F=F~iJT$!Y26?>y12Q~D_b|*-)PqzZ=#g%17Aq8_kO;fVC>tH(7ywgp`zLEsho?ZZRb0iBGXpdWy zHMC)oa*4Qda5;mgB>n~h`53#QP}PQQ2m-!?1Ps`6T3gG1*DIa;5q5g@F|7MUB~Owk zz^XGiO*jI?=IZ1WyP*g|7172c?lE-t+l7S@3WFg57%Aq-#cI@>%VSxXil+F`;(Ukhu$lNLY&&yGM~t&rJx{73Ba zohVzKs-5WjrmK|6c#)}4yeYy>_h`hS8Ym?RpY>?!9KR=?jUtyzPG+2H-9OJ_sJ>aF zBqo5-NRtlgwIeR;WZTsLggOk`kE9s+CII7;FeNY^Ybyjg6bkVYvW~Tcsk>*VSZyM3 zgnXp?Jj;KNR77<17U!xG#FCjo>*GMu0IX)@VQ}ES5+sk(x74Lng6JFV`It1^1`K3uB~GnBIf22jVaFKTFb9gflzAvjXs0xf+(=DcuP3Q} ztfPn{P_pw+FPKJNA(xA5Q|^EHpZTV7ky=K<}gi-c~QMh zOiW&5Lj@|*_vb2Q(#iKdRH8hUaE<;XxmsG5cs;e6^h=laZ1M^W2!Q6IAYblly3yfm z1>?MEISl?m#u;aFQg;)^c4*|)Ck`EL(pyhf8e(z(Q;YdE(Coy?lZ@bWV^YWH?ozp&_(I@$!!|kW z8cFE2)YEgee4l$Xlw1UUN3T1NAaNPzYxZ6}d-lZcHq2K#`NcI|N?{jc@no_in3A26 zzP`3X!7^7Ayeb@?2ums&Cj-Iv5iI?8r!T#`di6^sS6qk5PzfT&kFc~2%3NO`UvaSk zEolo1X6s(m`o6h7>^T8E@=WbW>!<>Z_c3sl0LaZ`?uijjg`j9qA^Lb|LzCTMBJ!Zw zJw4{~bhpy4Ziq}52aLxddEKJyAZ6K)pS#kueN+n zZ0%2SXO?1eO&eQE2E{0V@f=%vzNo=2Kl`Y-ShTKQk`w6|I=(<7ogIcagJ!F68M?fHsW9ew4Aw*($-LCo&L1mjnNaY)BY+x$$=<@1%Wq z4bs=pB+nY;{KMVF`SV1=PxN}XvkHY0)Tf390V`r_brSOz%L6}+ zdL`+@VxSG?J9<^~6166mekbpGkqkSwFtg=qly$wdtc;&KN+9|S z`7~fIu|8qp;WyDH5S&QdN9@<4XV0{-zdjES?BCx`nn1OSyQ~D%l+=LCSCUY?;2`+5 zL-P|dNKNtaNZLF1n-U4CC-`BlJF3kde_tF7E_*AZ^_QPIt~*%r$5(EkB;wThXPm;Y zL(`p|`!E=pPdeHFc2dk>fKc@D$1@q-o%`gYZ_`EdK)@Q|Kong1&O0!ap%g(HW%9(e zwsFh--+Z6e4LczPdkoo#SZ zb;V;<)zt$|*`8vjOwf7Y+-xF=3<=jH(o*Ceb|K(inBYnQN$6)$ZY3yWTFZD9jmTX^&QevvXC|7Yd7Gb&ZgOTYQx?puzf?u-Sg~V=V6j!B0K%pX4GS}R zcnY2pkfo~u=m36Vj@ccj+Cfb%k5%<9s};e&xaJM-pYEKv$id-OMNT{`=_q?aAaO}9 zV>hGhC>VHGS2D{UfhDb?BrRvIyrS82$r5E^nyV(KCoV(A`1pu-OGsa=;!Gz`j(tVl z!79#NrV%vTKDdnkWqSJV6B2^^qAD#a#kAqj&3tO~@K3um`~m{9TmlJ8+xmuh9-b1Y zR+ZS0a(3KGwXCo6l}N3H%nc0Ix?xW^iHVQ;S&x_v1Nt3RAhMFuM5twETpcbM`N6B*{Crc|ud7TLL1_2qBA|;0pDjE@T zq!>F}?9$y?RAkemS1(4oyHIh{ZeE$qlMxId zIABB^A;ijpHH$!Np3u3YYMovDAwkp$046bKB&2y+5UTClx93zsaCzvwxk(5U_rA6K z+h>%;0BRct0(G;lHVwp91P2Fq1tW?#{HHR1sE-X;V8|15^Rsw9HX~uARxS{$f?({ z=R-O{Wu;E5p_Asc8%5iD?NoWyc8o=vaW5C1njaSQw#_0Nn+7|D(e{|o zZ%OTrM#OKN8yV4VRhHYBd=K?TnbEY8V_o9?hKJcrlZB=C*qD5IVwd|5>h|}li>QtE zeem<}?e**59Q0bB{cHW#sclZrH+&Kr)>upsRK3>3*4f!``x-2%LvioP58Dp}<4to- zLPA2x7fQxQv0nJ{XV*84kF*%5t*tG6+jGk;;TbzfOebpXv=Cfo>Y}LP}{w*MYDR$K?!8U2% z7czo^z?onj&UQYMkDd(mcKNDn&sWEHPz^mOK6mrZI@)S5{Vg?pfGhOQrz{B;Et;cfu7(*-s6xW->Ws-a|)a zjCQ9V&CM8}+%-DT0F))06Ap;tTELJTM>f=d0*8>Vc#L3Px?WdRUq*4v+ay7_39_0M z(@|PuNwpQ4j1!_}tXNSO-Fz6BBV~vF z=zZ;7i#806%~4@aXSUg$xW!0c-qQSB$VL?BgysLB||fVecJ-nh8q|JGgeK>F1fhw?ZGN`^y1c*UxH>*u!cuszH+4@ z^R5c^^z9lSZV{qXzdIya9Nk)6C%}x*e#0=Kp#gKcTM`4l$PV0rug`)c_s7H(y9kO9 zqIS%MQByfGq|{9ayY|zX5OtI4t^l#6Iv9A2(dPU@eZ{p%0aG7DU+&-W@L=) zAf^~5z3tX0EC$Dq2K&@>3aBuV^pgnb^f#Jy9K=B`@zpoV=<+pF z3=LP_SQm%~r;wJ+CUiXOvX!HxEnB9pHF+NNg(SHFloh8XKaQ^$B}ST4>{Qd8b^?Dc z4mIeeyy`H(WOgKm1X>Y}w%tyPHa9+wjF5L*Umh)Bw>g{p!tdAiDQD@mFIdwiU_a${ zA{qT2Y9&vfJ`PXJ&$k%nl-6O{rQSpsAOe@&`qj5r%M-6H^H0q?X6j>-5L)ZM@t$XT zx5Krn4?jE1>8f_Qe6HVN&EbpF77RoGLSy>Rms1bdl7uI(^1Hr>eBY8a#fhq_a}K2U zjn@yW^*MuioZ9te>xWer7IYX88hd})l5q!DG;=1GG2Fvdxq11ezdaUm1~LTuIRpSf ztd*YAmZW-R>M6&F4v*>Ht6yK-^6%HL#Wl&abj#0`?)cXrIZETD>j%StOPy;j+x+Sp zV5V@L`n00L3UTLY>jqi>x#w-u4<%WinfP~keO+C0M#oo%k+u|1QxADpz^QrjW?9U# zSpY&bLUPRzu2Yo0A3XVCvDf>puXwNSk9jXEz3%m1Zk5Up)646R_|lCTaevvsMduFa zZn)~gl|{f^edI%8P_jICUALE|sdY^o-?hmdv8PbZA>M`ZdP+SbkM;9E{AX!)&?ApQ z>#rqHpe$QW9qYCugv7MVmy2`S)Y@;@F#gf|rXw56%gb*r3J?8OaMNv+;sJuXp|#)7 z*AiCP^ii(w9?-+@u$#U9RF$vy-#2v&$?c!1cYV=F?(~3Pzkc1S@p;s?H{tK6$^9N@ zLor-3N~_(l12C%pG)b`uB!W(9I_H$W9cjf#Qk^o#tvBB9?YhNE^~0tXQ>*a+BAMZz=_$Zmw)RevJ37 zsLa{&8y1+d-_e$r{+ojmS;lc=R_xZ-?a-lNaK+@#QG>T^@14A4*Avf_HGdK_6H07< z6H;EU+qLpC)jdsh^WagX%C$?Y)(QEQlj%M4ho8?1DqJe-77>c`nyzSF)L3~jCAY)$ zZT&qKtIwu7PVGvwu~tBh~Vbz`1o}pc_vDnh~6iU>bKcEIC0xjbI z*33@SXlB^iJx(egDYOF#>Qb~bs^1X4#ZKCA*0PVL;_pB5$ymHOdR2_G?W;!7NhEB@ z1B`l`{}(39f+0T+K3YASTU8e*H)%5AAqo@-0cTf_3(Ix;*~kA=l~UHCk!a*jsW?7L zD{}F+!8YpcLUP?kX=&uO#EtszD|L&|^D5iL_te`BoW4N$um8RZ(HJmnD-T=zxT5QR sGo$~$a+7zMlk|UIjgp1_|C=>-*?oMxtW$l>8i_x%%&p~Tr@ICJFL(4C>Hq)$ From 2a3c0a8d8a92dcbc1e9d8e77db220073ce67d169 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 12:04:04 -0700 Subject: [PATCH 10/18] Apply suggestions from code review Co-authored-by: Ethan Heilman Co-authored-by: notmike --- bip-0360.mediawiki | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 2da03cc591..c4e08f4a1b 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -41,7 +41,7 @@ The primary threat to Bitcoin from Cryptographically Relevant Quantum Computers While some may balk at the potential threat of quantum computers to Bitcoin given their limited functionality to date, some others - including governments, corporations and some existing and potential Bitcoin users - are concerned about their potential for advancement. The Commercial National Security Algorithm Suite (CNSA) 2.0, for instance, has mandated software and networking equipment to be upgraded to post-quantum schemes by 2030, with browsers and operating systems fully upgraded by 2033. Additionally, according to NIST IR 8547, Elliptic Curve Cryptography (ECC) is planned to be disallowed within the US federal government after 2035 (with an exception made for hybrid cryptography, or the use of ECC and post-quantum algorithms together). These kinds of mandates have triggered concern by some ECC users, including some Bitcoin users who prefer to be prepared out of an abundance of caution. -In the most optimistic case, wherein quantum computers never pose a significant risk to ECC, we understand that the possibility of quantum advancement alone may be influencing adoption and broad confidence in the Bitcoin network. In other words, we believe users' fear of quantum computers may be worth addressing regardless of CRQC viability, which is difficult to assess. Given these concerns, we think it's worth considering changes that are minimal in complexity and risk, and create new options for using Bitcoin in a quantum-resistant way. +In the most optimistic case, wherein quantum computers never pose a significant risk to ECC, we understand that the possibility of quantum advancement alone may be influencing adoption and broad confidence in the Bitcoin network. In other words, we believe users' fear of quantum computers may be worth addressing regardless of CRQC viability. Given these concerns, we think it's worth considering simple low risk changes that create options for using Bitcoin in a quantum-resistant way. As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH), a tapscript-native output type that can be used in a quantum resistant manner. @@ -53,7 +53,7 @@ A long-exposure attack is an attack performed on exposed blockchain data, such a Short exposure attacks, however, require faster quantum computers, because they must occur within the relatively short time that a transaction is unconfirmed in the mempool. -Bitcoin outputs are generally vulnerable to short exposure attacks, as most Bitcoin transactions require revealing the associated public key when spending.A vulnerable Bitcoin output is any scriptPubKey type that exposes an elliptic curve public key as raw bytes in a block, making it susceptible to private key derivation through Shor's algorithm. This includes P2PK outputs and any script that contains an unprotected or reused public key. Full protection of outputs from short-exposure attacks may require the use of post-quantum signature schemes. +Bitcoin outputs are generally vulnerable to short exposure attacks, as most Bitcoin transactions require revealing the associated public key when spending. Full protection of outputs from short-exposure attacks may require the use of post-quantum signature schemes. Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a tapscript-native output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers. @@ -224,7 +224,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) wi ** Let ''k0 = hashTapLeaf(v || compact_size(size of s) || s)''; also call it the ''tapleaf hash''. ** For ''j'' in ''[0,1,…,m-1]'': *** Let ''ej = c[33+32j:65+32j]''. -*** Let ''kj+1 depend on whether'' kj < ej ''(lexicographically):'' +*** Let ''kj+1 depend on whether'' kj < ej ''(lexicographically):'' **** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. **** If ''kj ≥ ej'': ''kj+1 = hashTapBranch(ej || kj)''. ** Let ''r = km''. @@ -252,7 +252,7 @@ Equivalent P2TSH and P2TR outputs are always the same size. P2TSH inputs can be ====Comparison with P2TR key path spend==== -P2TSH inputs will be larger than P2TR inputs when the P2TR output would have been spent via the key path spend. P2TSH quantum resistance comes from removing the P2TR key path spend. Consequently, it cannot make use of Taproot's optimization where P2TR key path spends do not require including a Merkle path in the P2TR input. If the Merkle tree only has a single leaf script, no Merkle path is needed in the control block, giving us a 1-byte control block. +A P2TSH witness will be larger than a P2TR witness when the P2TR output is spent via the key path spend. A witness to a P2TR key path spend is simply a signature. P2TSH quantum resistance comes from removing the P2TR key path spend. Every P2TSH spend is a P2TR script path spend and so requires a script, its inputs and a control block. Consequently, P2TSH loses this size advantage of P2TR key path spends in order to gain quantum resistance. If the taptree only has a single leaf script, no Merkle path is needed in the control block, giving us a minimal size control block of 1 byte. P2TSH witness for depth-0 tree (103 bytes): @@ -285,7 +285,7 @@ control block = [size] [control byte] [Merkle path] (1 + 1 + 32*m = 2 + 32*m byt ====Comparison with P2TR script path spend==== -A P2TSH input will be smaller than an equivalent script path spend for P2TR inputs. This is because P2TSH inputs do not require inclusion of a public key in the control block to open the commitment to the Merkle root. A P2TSH input will be 32 bytes smaller than an equivalent P2TR script path spend input. +A P2TSH witness will be smaller than the witness to an equivalent P2TR script path spend. This is because P2TSH does not require inclusion of any internal public key in the control block to unlock and spend an output. For this reason, a P2TSH witness will always be 32 bytes smaller than an equivalent P2TR script path spend witness. ====Consider a P2TSH output with a post-quantum signature leaf and a Schnorr leaf==== From 135836eedc95150fa3e0090748fbe58b22091c19 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 12:06:59 -0700 Subject: [PATCH 11/18] Consistency on ellipses and hyphenation. --- bip-0360.mediawiki | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index c4e08f4a1b..e2465dcd7d 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -45,19 +45,19 @@ In the most optimistic case, wherein quantum computers never pose a significant As a conservative first step in this effort, we propose Pay-to-Tapscript-Hash (P2TSH), a tapscript-native output type that can be used in a quantum resistant manner. -===Long-Exposure vs Short-Exposure Attacks=== +===Long Exposure vs Short Exposure Attacks=== -For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscript outputs (P2TR output types) are vulnerable to long-exposure quantum attacks. +For clarity, this proposal specifically mitigates against the risk of long exposure attacks on tapscript-native outputs. While other Bitcoin output types already mitigate against this risk, Tapscript outputs (P2TR output types) are vulnerable to long exposure quantum attacks. -A long-exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time - as much time as vulnerable keys are exposed - to carry out quantum key recovery. +A long exposure attack is an attack performed on exposed blockchain data, such as exposed public keys or the spend scripts of spent outputs. These are likely to be the earliest quantum attacks made possible on Bitcoin, because attackers will have ample time - as much time as vulnerable keys are exposed - to carry out quantum key recovery. Short exposure attacks, however, require faster quantum computers, because they must occur within the relatively short time that a transaction is unconfirmed in the mempool. -Bitcoin outputs are generally vulnerable to short exposure attacks, as most Bitcoin transactions require revealing the associated public key when spending. Full protection of outputs from short-exposure attacks may require the use of post-quantum signature schemes. +Bitcoin outputs are generally vulnerable to short exposure attacks, as most Bitcoin transactions require revealing the associated public key when spending. Full protection of outputs from short exposure attacks may require the use of post-quantum signature schemes. -Since long-exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a tapscript-native output type that is resistant to long-exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers. +Since long exposure attacks on public keys are likely to be the first quantum-enabled threat to Bitcoin, we propose a tapscript-native output type that is resistant to long exposure attacks as a first step in hardening Bitcoin against the potential threat of quantum computers. -The following list of output types describes their long-exposure attack vulnerability: +The following list of output types describes their long exposure attack vulnerability: {| class="wikitable" |- @@ -79,7 +79,7 @@ The following list of output types describes their long-exposure attack vulnerab | P2MS | Yes | Varies -| 52410496ec45f878b62c46c4be8e336dff7cc58df9b502178cc240e… +| 52410496ec45f878b62c46c4be8e336dff7cc58df9b502178cc240e... |- | P2SH | No* @@ -107,13 +107,13 @@ The following list of output types describes their long-exposure attack vulnerab | bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve |} -The following output types are fundamentally vulnerable to long-exposure attacks: +The following output types are fundamentally vulnerable to long exposure attacks: * P2PK outputs (e.g. Satoshi's coins, CPU miners) * Reused outputs* * Tapscript outputs (starts with bc1p) -\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long-exposure quantum attacks anytime their redeem script reveals a public key. +\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long exposure quantum attacks anytime their redeem script reveals a public key. Note: Extended public keys, commonly known as "xpubs," and wallet descriptors also reveal quantum vulnerable public key information. For further clarification on quantum attack vectors, please refer to the [[#Glossary|Glossary of Terms]]. @@ -123,7 +123,7 @@ P2TSH (Pay-to-Tapscript-Hash) is a proposed new output type that commits to the In other words, P2TSH outputs commit to the Merkle root of a tapscript tree without committing to an internal key. The script(s) being committed to, however, may contain a key or key-hash. -This output type is designed to offer tapscript users protection against long-exposure quantum attacks as well as a practical output type with which post-quantum signatures may be used if such signatures are adopted in the future. +This output type is designed to offer tapscript users protection against long exposure quantum attacks as well as a practical output type with which post-quantum signatures may be used if such signatures are adopted in the future. Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the tapleaf Merkle tree as defined in [[bip-0341.mediawiki|BIP 341]] hashed with the tag "TapBranch" as shown below. @@ -142,7 +142,7 @@ A P2TSH input witness provides the following: initial stack element 0, -…, +..., initial stack element N, tapleaf script, control block = [control byte, 32*m byte Merkle path] # m is the depth of the script in the Merkle tree @@ -162,7 +162,7 @@ P2TSH leverages the battle tested P2TR, tapleaf and tapscript code already in Bi 2. Create the safest possible path for the addition of post-quantum signature integrations, in the event that they are used in the future. -Importantly, we are proposing a tapscript-native output type that is resistant to long-exposure attacks. While some existing output types are already resistant to long-exposure attacks (e.g. P2WSH), no such output type supports tapscript - a feature that may be required for practical implementation of post-quantum signature opcodes. +Importantly, we are proposing a tapscript-native output type that is resistant to long exposure attacks. While some existing output types are already resistant to long exposure attacks (e.g. P2WSH), no such output type supports tapscript - a feature that may be required for practical implementation of post-quantum signature opcodes. P2WSH, for instance, is not tapscript-native and as such does not support the OP_SUCCESSx opcode update path that will be critical for the integration of post-quantum OP_CHECKSIG opcodes into Bitcoin.OP_SUCCESSx is a mechanism to upgrade tapscript @@ -222,7 +222,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) wi ** The last stack element is called the control block ''c'', and must have length ''1 + 32*m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. ** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki|BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1.Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2TSH. If they test against P2TSH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. ** Let ''k0 = hashTapLeaf(v || compact_size(size of s) || s)''; also call it the ''tapleaf hash''. -** For ''j'' in ''[0,1,…,m-1]'': +** For ''j'' in ''[0,1,...,m-1]'': *** Let ''ej = c[33+32j:65+32j]''. *** Let ''kj+1 depend on whether'' kj < ej ''(lexicographically):'' **** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. @@ -301,17 +301,17 @@ Older wallets and nodes that have not been made compatible with SegWit version 2 ==Security== -P2TSH outputs provide the same tapscript functionality as P2TR outputs, but with the quantum-vulnerable key path spend removed. The similarity between these output types enables users to easily migrate coins from P2TR outputs to P2TSH outputs for protection against long-exposure quantum attacks. +P2TSH outputs provide the same tapscript functionality as P2TR outputs, but with the quantum-vulnerable key path spend removed. The similarity between these output types enables users to easily migrate coins from P2TR outputs to P2TSH outputs for protection against long exposure quantum attacks. -Protection from long-exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but requires that users do not expose their public keys to attackers via public key reuse or other unsafe practices. +Protection from long exposure quantum attacks does not depend on the activation of post-quantum signatures in Bitcoin, but requires that users do not expose their public keys to attackers via public key reuse or other unsafe practices. P2TSH uses a 256-bit hash output, providing 128 bits of collision resistance and 256 bits of preimage resistance. This is the same level of security as P2WSH specified in [[bip-0141.mediawiki|BIP 141]], which also uses a 256-bit hash output. -P2TSH does not, by itself, protect against short-exposure quantum attacks, but these attacks can be mitigated by future activation of post-quantum signatures. +P2TSH does not, by itself, protect against short exposure quantum attacks, but these attacks can be mitigated by future activation of post-quantum signatures. -Combined with P2TSH, post-quantum signature schemes can provide comprehensive quantum resistance to P2TSH outputs, including protection from short-exposure attacks. +Combined with P2TSH, post-quantum signature schemes can provide comprehensive quantum resistance to P2TSH outputs, including protection from short exposure attacks. -That said, protection against long-exposure quantum attacks alone should not be underestimated. It's unlikely that early CRQCs will be fast enough to perform short-exposure attacks, making preparedness against long-exposure attacks more time-critical. +That said, protection against long exposure quantum attacks alone should not be underestimated. It's unlikely that early CRQCs will be fast enough to perform short exposure attacks, making preparedness against long exposure attacks more time-critical. ==Security Considerations for Post-Quantum Signature Schemes== @@ -369,17 +369,17 @@ The derivation of private keys from public keys in elliptic curve cryptography ( Shor's algorithm, developed by Peter Shor in 1994, is a quantum algorithm that efficiently solves the discrete logarithm problem - potentially made possible by the future viability of cryptographically relevant quantum computers (CRQCs). -'''Long-Exposure Attacks''' +'''Long Exposure Attacks''' Attempts to derive private keys from public keys that are exposed for an extended period of time; that is, longer than the window of time that a public key is generally exposed in the mempool while waiting to be confirmed. -Long-exposure attacks give attackers an unlimited amount of time to perform quantum key recovery, as long as funds remain in the output. Poor wallet hygiene (e.g. from address reuse) or use of outputs with exposed public keys (e.g. P2TR outputs) increases vulnerability to long-exposure attacks. +Long exposure attacks give attackers an unlimited amount of time to perform quantum key recovery, as long as funds remain in the output. Poor wallet hygiene (e.g. from address reuse) or use of outputs with exposed public keys (e.g. P2TR outputs) increases vulnerability to long exposure attacks. -'''Short-Exposure Attacks''' +'''Short Exposure Attacks''' Attempts to derive private keys from public keys during the brief period when funds are unconfirmed in the mempool. These attacks cannot be prevented through wallet hygiene, as revealing a public key is necessary for spending. -Protection against short-exposure attacks may require post-quantum signature schemes; that said, executing these attacks requires faster CRQCs than those capable of executing long exposure attacks and are therefore viewed as lower-risk than long-exposure attacks in the nearer term. +Protection against short exposure attacks may require post-quantum signature schemes; that said, executing these attacks requires faster CRQCs than those capable of executing long exposure attacks and are therefore viewed as lower-risk than long exposure attacks in the nearer term. '''Tapscript-Native Output Type''' @@ -403,7 +403,7 @@ To help implementers understand updates to this BIP, we keep a list of substanti * 2025-03-18 - Correct inconsistencies in commitment and attestation structure. Switch from Merkle tree commitment to sorted vector hash commitment. Update descriptor format. * 2025-03-12 - Add verification times for each algorithm. 256 to 128 (NIST V to NIST I). Add key type bitmask. Clarify multisig semantics. * 2025-02-23 - More points of clarification from review. Update dead link. -* 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long-exposure so as to not be confused with the language around block re-org attacks. +* 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long exposure so as to not be confused with the language around block re-org attacks. * 2024-12-18 - Assigned BIP number. * 2024-12-13 - Update to use Merkle tree for attestation commitment. Update LR & SR quantum attack scenarios. * 2024-12-01 - Add details on attestation structure and parsing. From 43c5b2dd82d7000cc46d5515e9fa8270b9ead3b6 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 12:14:22 -0700 Subject: [PATCH 12/18] Remove redeem script language. --- bip-0360.mediawiki | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index e2465dcd7d..db4a0c031d 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -113,7 +113,7 @@ The following output types are fundamentally vulnerable to long exposure attacks * Reused outputs* * Tapscript outputs (starts with bc1p) -\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long exposure quantum attacks anytime their redeem script reveals a public key. +\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long exposure quantum attacks anytime their script reveals a public key. Note: Extended public keys, commonly known as "xpubs," and wallet descriptors also reveal quantum vulnerable public key information. For further clarification on quantum attack vectors, please refer to the [[#Glossary|Glossary of Terms]]. @@ -148,7 +148,7 @@ tapleaf script, control block = [control byte, 32*m byte Merkle path] # m is the depth of the script in the Merkle tree -The initial stack elements of P2TSH provide the same functionality as they do in P2TR. That is, they place elements on the stack to be evaluated by the script, a.k.a. the redeem script. +The initial stack elements of P2TSH provide the same functionality as they do in P2TR. That is, they place elements on the stack to be evaluated by the script. The control block is a ''1 + 32 * m'' byte array, where the first byte is the control byte and the next ''32 * m'' bytes are the Merkle path to the tapleaf script. The control byte is the same as the control byte in a P2TR control block, including the 7 bits which are used to specify the tapleaf version. The parity bit of the control byte is always 1, since P2TSH does not have a key path spend. Unlike P2TR, we omit the public key from the control block as it is not needed in P2TSH. We maintain support for the optional annex in the witness (see Specification section below for more details). From ceb4cda06cff396def8dcff62367e787051c5ca4 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 12:44:58 -0700 Subject: [PATCH 13/18] Address @notmike-5 feedback. --- bip-0360.mediawiki | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index db4a0c031d..22eb054688 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -119,7 +119,7 @@ Note: Extended public keys, commonly known as "xpubs," and wallet descriptors al ==Design== -P2TSH (Pay-to-Tapscript-Hash) is a proposed new output type that commits to the root of a tapscript tree. It operates with nearly the same functionality as P2TR (Pay-to-Taproot) outputs, but with the quantum vulnerable key path spend removed. +Pay-to-Tapscript-Hash (P2TSH) is a proposed new output type that commits to the root of a tapscript tree. It operates with nearly the same functionality as P2TR (Pay-to-Taproot) outputs, but with the quantum vulnerable key path spend removed. In other words, P2TSH outputs commit to the Merkle root of a tapscript tree without committing to an internal key. The script(s) being committed to, however, may contain a key or key-hash. @@ -174,7 +174,7 @@ We designed P2TSH with an eye towards integrating post-quantum signatures in the While P2TR outputs (and the use of key path spend) will remain an option for folks wishing to use them, we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key path spend for the benefit of quantum resistance. -First off, P2TSH script path spends are slightly larger than P2TR key path spends, because you have to include the control byte and script in the transaction. That said, script path spends from P2TSH outputs will be slightly smaller than script path spends from P2TR outputs. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. +First off, P2TSH script path spends are slightly larger than P2TR key path spends, because you have to include the control byte, merkle path (if depth > 0), and script in the transaction. That said, script path spends from P2TSH outputs will be slightly smaller than script path spends from P2TR outputs. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which is that users reveal they are spending to a script tree whenever they are using P2TSH outputs, since P2TSH outputs can only be spent via script path spend. In P2TR when you spend an output as a key path spend, you don't reveal if you have any script path spends. This trade-off only exists when comparing P2TR key path spends to P2TSH script path spends; P2TR and P2TSH provide the same level of privacy when both are script path spends. @@ -196,7 +196,7 @@ Example P2TSH address: bc1zzmv50jjgxxhww6ve4g5zpewrkjqhr06fyujpm20tuezdlxmfphcqfc80ve -This commits to a 32-byte Bech32m-encoded tapscript tree hash. +This commits to a 32-byte tapscript tree hash. ===ScriptPubKey=== @@ -287,15 +287,11 @@ control block = [size] [control byte] [Merkle path] (1 + 1 + 32*m = 2 + 32*m byt A P2TSH witness will be smaller than the witness to an equivalent P2TR script path spend. This is because P2TSH does not require inclusion of any internal public key in the control block to unlock and spend an output. For this reason, a P2TSH witness will always be 32 bytes smaller than an equivalent P2TR script path spend witness. -====Consider a P2TSH output with a post-quantum signature leaf and a Schnorr leaf==== - -The P2TSH witness to spend the Schnorr path would be ''103 + 32 * 1 = 135 bytes''. Unfortunately, we cannot use the key path spend optimization because the key path spend is not quantum-resistant. - -===Performance Impact=== +==Performance Impact== P2TSH is slightly more computationally performant than P2TR script path spends, as the operations to spend a P2TSH output is a strict subset of the operations needed to perform a script path spend on a P2TR output. -===Backward Compatibility=== +==Backward Compatibility== Older wallets and nodes that have not been made compatible with SegWit version 2 and P2TSH will not recognize these outputs. Users should ensure they are using updated wallets and nodes to use P2TSH outputs and validate transactions using P2TSH outputs. P2TSH is fully compatible with tapscript and existing tapscript programs can be used in P2TSH outputs without modification. From 709ccbf7400e2d29294ca25586db2d557d192005 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 12:55:29 -0700 Subject: [PATCH 14/18] Formatting and consistency fixes for Script Validation --- bip-0360.mediawiki | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 22eb054688..5843184009 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -219,18 +219,17 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) wi * If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. * There must be at least two witness elements left. ** Call the second-to-last stack element ''s'', the script (as defined in [[bip-0341.mediawiki|BIP 341]]) -** The last stack element is called the control block ''c'', and must have length ''1 + 32*m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. +** The last stack element is called the control block ''c'', and must have length ''1 + 32 * m'', for a value of ''m'' that is an integer between 0 and 128, inclusive. Fail if it does not have such a length. ** Let ''v = c[0] & 0xfe'' be the ''leaf version'' (as defined in [[bip-0341.mediawiki|BIP 341]]). To maintain ''leaf version'' encoding compatibility the last bit of c[0] is unused and must be 1.Why set the last bit of c[0] to one? Consider a faulty implementation that deserializes the ''leaf version'' as c[0] rather than c[0] & 0xfe for both P2TR and P2TSH. If they test against P2TSH outputs and require that last bit is 1, this deserialization bug will cause an immediate error. ** Let ''k0 = hashTapLeaf(v || compact_size(size of s) || s)''; also call it the ''tapleaf hash''. ** For ''j'' in ''[0,1,...,m-1]'': *** Let ''ej = c[33+32j:65+32j]''. -*** Let ''kj+1 depend on whether'' kj < ej ''(lexicographically):'' -**** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. -**** If ''kj ≥ ej'': ''kj+1 = hashTapBranch(ej || kj)''. +*** Let ''kj+1'' depend on whether ''kj < ej'' (lexicographically): +**** If ''kj < ej'': ''kj+1 = hashTapBranch(kj || ej)''. +**** If ''kj ≥ ej'': ''kj+1 = hashTapBranch(ej || kj)''. ** Let ''r = km''. -** If ''q ≠ r'', fail. +** If ''q ≠ r'', fail. ** Execute the script, according to the applicable script rules, using the witness stack elements excluding the script ''s'', the control block ''c'', and the annex ''a'' if present, as initial stack. This implies that for the future leaf versions (non-''0xC0'') the execution must succeed. -* Otherwise, fail. The steps above follow the script-path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: From fa00729bd6d9b2d3e5141da864bb2d89c0182d49 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 13:05:10 -0700 Subject: [PATCH 15/18] Language, consistency, and formatting fixes. --- bip-0360.mediawiki | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 5843184009..bcb0e84d85 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -113,7 +113,7 @@ The following output types are fundamentally vulnerable to long exposure attacks * Reused outputs* * Tapscript outputs (starts with bc1p) -\*Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long exposure quantum attacks anytime their script reveals a public key. +* Funds in P2PKH, P2SH, P2WPKH, P2WSH, and P2TSH outputs can become vulnerable to long exposure quantum attacks anytime their script reveals a public key. Note: Extended public keys, commonly known as "xpubs," and wallet descriptors also reveal quantum vulnerable public key information. For further clarification on quantum attack vectors, please refer to the [[#Glossary|Glossary of Terms]]. @@ -231,7 +231,7 @@ A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) wi ** If ''q ≠ r'', fail. ** Execute the script, according to the applicable script rules, using the witness stack elements excluding the script ''s'', the control block ''c'', and the annex ''a'' if present, as initial stack. This implies that for the future leaf versions (non-''0xC0'') the execution must succeed. -The steps above follow the script-path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: +The steps above follow the script path spend logic from [[bip-0341.mediawiki|BIP 341]] with the following changes: * The witness program is the taptree Merkle root and not a tweaked public key. This means that we skip directly to the BIP 341 spend path taptree Merkle tree validation. * We compute the taptree Merkle root ''r'' and compare it directly to the witness program ''q''. @@ -262,7 +262,7 @@ tapleaf script = [size] [OP_PUSHBYTES_32, 32-byte public key, OP_CHECKSIG] (1 + control block = [size] [control byte] [merkle path (empty)] (1 + 1 + 0 bytes = 2 bytes) -P2TR key-path spend witness (66 bytes): +P2TR key path spend witness (66 bytes): [count] (1 byte), # Number of elements in the witness @@ -271,7 +271,7 @@ P2TR key-path spend witness (66 bytes): Thus, the P2TSH input would be 103 - 66 = 37 bytes larger than a P2TR key path spend input. -If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block, increasing the size by ''32 * m'' bytes. This would make such input 37 + 32 * m bytes larger than a P2TR key path spend input.If ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte +If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block, increasing the size by ''32 * m'' bytes, where m is the depth of the Merkle tree. This would make such input 37 + 32 * m bytes larger than a P2TR key path spend input.If ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte P2TSH witness ''(103 + 32*m bytes)'': @@ -322,7 +322,7 @@ Test vector data for creation of P2TSH UTXOs can be found [https://github.com/bi These test vectors build off of the test vectors for [[bip-0341.mediawiki|BIP 341]] (Taproot). One important distinction is that the P2TSH test vectors do not include keypath spend scenarios. -Also included are test vectors in [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/rust rust implementation] and [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/python python implementation]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature this Taproot script-path spend example]. Similar to BIP 341 test vectors, all signatures are created with an all-zero (0x0000...0000) [[bip-0340.mediawiki|BIP 340]] auxiliary randomness array. +Also included are test vectors in [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/rust rust implementation] and [https://github.com/bitcoin/bips/tree/master/bip-0360/ref-impl/python python implementation]. One of these tests demonstrates a tapleaf tapscript that requires a secp256k1 signature to spend the P2TSH UTXO (modeled after one of the extremely valuable examples provided by [https://learnmeabitcoin.com/technical/upgrades/taproot/#example-3-script-path-spend-signature this Taproot script path spend example]. Similar to BIP 341 test vectors, all signatures are created with an all-zero (0x0000...0000) [[bip-0340.mediawiki|BIP 340]] auxiliary randomness array. ==Related Work== @@ -382,7 +382,7 @@ Tapscript-native output types are the category of output types that support taps '''Pay-to-Tapscript-Hash (P2TSH)''' -A tapscript-native output type with nearly identical formatting to Pay-to-Taproot (P2TR), with the quantum-vulnerable key path spend removed. +A tapscript-native output type, similar to to Pay-to-Taproot (P2TR), but with the quantum-vulnerable key path spend removed. ==Footnotes== @@ -394,11 +394,11 @@ To help implementers understand updates to this BIP, we keep a list of substanti * 2025-09-17 - Rewrote BIP for clarity and renamed from P2QRH to P2TSH * 2025-07-20 - Changed the Witness Version from 3 to 2. -* 2025-07-07 - P2QRH is now a P2TR with the vulnerable key-path spend removed. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. +* 2025-07-07 - P2QRH is now a P2TR with the vulnerable key path spend removed. Number of PQ signature algorithms supported reduced from three to two. PQ signature algorithm support is now added via opcodes or tapleaf version. * 2025-03-18 - Correct inconsistencies in commitment and attestation structure. Switch from Merkle tree commitment to sorted vector hash commitment. Update descriptor format. * 2025-03-12 - Add verification times for each algorithm. 256 to 128 (NIST V to NIST I). Add key type bitmask. Clarify multisig semantics. * 2025-02-23 - More points of clarification from review. Update dead link. -* 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long-range attack to long exposure so as to not be confused with the language around block re-org attacks. +* 2025-01-20 - Remove SQIsign from consideration due to significant performance concerns. Refactor language from long range attack to long exposure so as to not be confused with the language around block re-org attacks. * 2024-12-18 - Assigned BIP number. * 2024-12-13 - Update to use Merkle tree for attestation commitment. Update LR & SR quantum attack scenarios. * 2024-12-01 - Add details on attestation structure and parsing. From 027c6f4020b41540021e9df7ec5f2b5c69a482a8 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 13:11:43 -0700 Subject: [PATCH 16/18] Standardize terminology around taptree vs tapleaf Merkle tree. --- bip-0360.mediawiki | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index bcb0e84d85..4e6dc26f61 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -125,7 +125,7 @@ In other words, P2TSH outputs commit to the Merkle root of a tapscript tree with This output type is designed to offer tapscript users protection against long exposure quantum attacks as well as a practical output type with which post-quantum signatures may be used if such signatures are adopted in the future. -Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the tapleaf Merkle tree as defined in [[bip-0341.mediawiki|BIP 341]] hashed with the tag "TapBranch" as shown below. +Since P2TSH outputs have no key path spend, they omit the Taproot internal key. Instead, a P2TSH output includes the 32-byte root of the taptree as defined in [[bip-0341.mediawiki|BIP 341]] hashed with the tag "TapBranch" as shown below. [[File:bip-0360/media/merkletree.png|thumb|Construction of P2TSH Taptree root, scriptPubkey, and Witness]] @@ -184,7 +184,7 @@ Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which i We define the Pay-to-Tapscript-Hash (P2TSH) output structure as follows: -A P2TSH output is similar to a P2TR output that uses the root of a tapleaf Merkle tree (as defined in [[bip-0341.mediawiki|BIP 341]]); however, unlike P2TR outputs, we disable the key path spend for the benefit of quantum resistance by omitting the internal key and the tap tweak step. The root of the Merkle tree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. +A P2TSH output is similar to a P2TR output that uses the root of a taptree (as defined in [[bip-0341.mediawiki|BIP 341]]); however, unlike P2TR outputs, we disable the key path spend for the benefit of quantum resistance by omitting the internal key and the tap tweak step. The root of the Merkle tree is then set as the witness program, prepended with a SegWit version 2 byte, and committed to in the output scriptPubKey. ===Address Format=== @@ -214,7 +214,7 @@ Where: A P2TSH output is a native SegWit output (see [[bip-0141.mediawiki|BIP 141]]) with version 2 and a 32-byte witness program. The witness program is the root of the tapscript tree. For the sake of comparison, we have - as much as possible - copied the language verbatim from the script validation section of [[bip-0341.mediawiki|BIP 341]]. -* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the tapleaf Merkle tree. +* Let ''q'' be the 32-byte array containing the witness program (the second push in the scriptPubKey) which represents the root of the tapleaf Merkle tree (also known as a taptree). * Fail if the witness stack does not have two or more elements. * If there are at least three witness elements, and the first byte of the last element is 0x50, this last element is called ''annex a'' and is removed from the witness stack. The annex (or the lack thereof) is always covered by the signature and contributes to transaction weight, but is otherwise ignored during P2TSH validation. * There must be at least two witness elements left. From 8388cc427f071a9c57ac7b108e187f68310eaff2 Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 13:36:07 -0700 Subject: [PATCH 17/18] Add clarity to P2TSH Trade-Offs section. --- bip-0360.mediawiki | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 4e6dc26f61..69e87d1a5f 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -174,7 +174,7 @@ We designed P2TSH with an eye towards integrating post-quantum signatures in the While P2TR outputs (and the use of key path spend) will remain an option for folks wishing to use them, we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key path spend for the benefit of quantum resistance. -First off, P2TSH script path spends are slightly larger than P2TR key path spends, because you have to include the control byte, merkle path (if depth > 0), and script in the transaction. That said, script path spends from P2TSH outputs will be slightly smaller than script path spends from P2TR outputs. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. +First off, P2TSH script path spends are larger than P2TR key path spends, because you have to include the control byte, merkle path (if depth > 0), and script in the transaction. That said, P2TSH script path spends will be smaller than P2TR script path spends because there is no longer an internal key that must also be revealed. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which is that users reveal they are spending to a script tree whenever they are using P2TSH outputs, since P2TSH outputs can only be spent via script path spend. In P2TR when you spend an output as a key path spend, you don't reveal if you have any script path spends. This trade-off only exists when comparing P2TR key path spends to P2TSH script path spends; P2TR and P2TSH provide the same level of privacy when both are script path spends. From 3cb95fb149211ff9ffdfcfcc49a5a02204da723f Mon Sep 17 00:00:00 2001 From: Hunter Beast Date: Thu, 18 Dec 2025 14:43:11 -0700 Subject: [PATCH 18/18] Update with more accurate language --- bip-0360.mediawiki | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/bip-0360.mediawiki b/bip-0360.mediawiki index 69e87d1a5f..06e44ab196 100644 --- a/bip-0360.mediawiki +++ b/bip-0360.mediawiki @@ -174,7 +174,9 @@ We designed P2TSH with an eye towards integrating post-quantum signatures in the While P2TR outputs (and the use of key path spend) will remain an option for folks wishing to use them, we aim to be clear about the tradeoffs of using P2TSH outputs, which disable the key path spend for the benefit of quantum resistance. -First off, P2TSH script path spends are larger than P2TR key path spends, because you have to include the control byte, merkle path (if depth > 0), and script in the transaction. That said, P2TSH script path spends will be smaller than P2TR script path spends because there is no longer an internal key that must also be revealed. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. +The witness to a P2TSH spend is always larger than the witness to a P2TR key path spend. This is because a P2TR key path spend requires only a Schnorr signature in the witness. For P2TSH, the witness must include your chosen leaf script, its inputs, and a control block consisting of the control byte and Merkle path (if any). + +That said, the witness to a P2TSH spend will always be smaller than the witness to an equivalent P2TR script path spend, because there is no longer any internal key in P2TSH that must be revealed in the control block. For a more complete comparison of output type transaction sizes, the "Transaction Size and Fees" section may be reviewed later in this proposal. Additionally, there is a privacy tradeoff when comparing P2TSH and P2TR, which is that users reveal they are spending to a script tree whenever they are using P2TSH outputs, since P2TSH outputs can only be spent via script path spend. In P2TR when you spend an output as a key path spend, you don't reveal if you have any script path spends. This trade-off only exists when comparing P2TR key path spends to P2TSH script path spends; P2TR and P2TSH provide the same level of privacy when both are script path spends. @@ -251,7 +253,7 @@ Equivalent P2TSH and P2TR outputs are always the same size. P2TSH inputs can be ====Comparison with P2TR key path spend==== -A P2TSH witness will be larger than a P2TR witness when the P2TR output is spent via the key path spend. A witness to a P2TR key path spend is simply a signature. P2TSH quantum resistance comes from removing the P2TR key path spend. Every P2TSH spend is a P2TR script path spend and so requires a script, its inputs and a control block. Consequently, P2TSH loses this size advantage of P2TR key path spends in order to gain quantum resistance. If the taptree only has a single leaf script, no Merkle path is needed in the control block, giving us a minimal size control block of 1 byte. +A P2TSH witness will be larger than a P2TR witness when the P2TR output is spent via the key path spend. A witness to a P2TR key path spend is simply a signature. P2TSH quantum resistance comes from removing the P2TR key path spend. Every P2TSH spend is a P2TR script path spend and so requires a script, its input stack and a control block. Consequently, P2TSH loses this size advantage of P2TR key path spends in order to gain quantum resistance. If the taptree only has a single leaf script, no Merkle path is needed in the control block, giving us a minimal size control block of 1 byte. P2TSH witness for depth-0 tree (103 bytes): @@ -269,9 +271,9 @@ P2TR key path spend witness (66 bytes): [size] signature (1 + 64 bytes = 65 bytes) -Thus, the P2TSH input would be 103 - 66 = 37 bytes larger than a P2TR key path spend input. +Thus, the P2TSH witness would be 103 - 66 = 37 bytes larger than a P2TR key path spend witness. -If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block, increasing the size by ''32 * m'' bytes, where m is the depth of the Merkle tree. This would make such input 37 + 32 * m bytes larger than a P2TR key path spend input.If ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte +If the Merkle tree has more than a single leaf, then the Merkle path must be included in the control block, increasing the size by ''32 * m'' bytes, where m is the depth of the Merkle tree. This would make such witness 37 + 32 * m bytes larger than a P2TR key path spend witness.If ''m >= 8'', then the compact size will use 3 bytes rather than 1 byte P2TSH witness ''(103 + 32*m bytes)'':