<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 2.6.10) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-irtf-cfrg-cryptography-specification-03" category="info" submissionType="IRTF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Crypto Specs">Guidelines for Writing Cryptography Specifications</title>
    <seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-cryptography-specification-03"/>
    <author initials="N." surname="Sullivan" fullname="Nick Sullivan">
      <organization>Cryptography Consulting LLC</organization>
      <address>
        <postal>
          <city>San Francisco</city>
          <country>United States of America</country>
        </postal>
        <email>nicholas.sullivan+ietf@gmail.com</email>
      </address>
    </author>
    <author initials="C. A." surname="Wood" fullname="Christopher A. Wood">
      <organization>Cloudflare, Inc.</organization>
      <address>
        <postal>
          <street>101 Townsend St</street>
          <city>San Francisco</city>
          <country>United States of America</country>
        </postal>
        <email>caw@heapingbits.net</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>Crypto Forum Research Group</workgroup>
    <abstract>
      <?line 38?>

<t>This document provides guidelines and best practices for writing
technical specifications for cryptography protocols and primitives,
targeting the needs of implementers, researchers, and protocol
designers.  It highlights the importance of technical specifications
and discusses strategies for creating high-quality specifications
that cater to the needs of each community, including guidance on
representing mathematical operations, security definitions, and
threat models.</t>
    </abstract>
    <note>
      <name>IRTF</name>
      <?line 49?>

<t>This document is a product of the Crypto Forum Research Group (CFRG)
in the IRTF.  This document may contain material that has not received
review from the research community.  The IRTF publishes the results of
research and development activities.  These results might not be
suitable for deployment.</t>
    </note>
  </front>
  <middle>
    <?line 57?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>High-quality cryptography specifications are critical for the
development and deployment of secure cryptographic protocols.  This
document provides guidelines for specification writers.  The guidelines
cover mathematical operations, security definitions, and threat models.
They help ensure that specifications are of high quality and useful for
their intended audience.  Adhering to these guidelines helps ensure
that specifications are easier to understand, implement, and analyze,
leading to high-assurance and interoperable systems.</t>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="goals-and-requirements">
      <name>Goals and Requirements</name>
      <t>The primary goal of these guidelines is to help guide the authorship
of cryptographic specifications so that they are as useful as possible
when creating high-assurance cryptographic software.</t>
      <t>Specifications that follow these guidelines should be easy to
understand, implement, and analyze for different audiences, including
the engineering community, research community, and standardization
community.  By addressing the unique needs and expectations of each
group, these guidelines aim to:</t>
      <ul spacing="normal">
        <li>
          <t>Minimize ambiguity and misinterpretations, leading to clearer
specifications and more accurate implementations.</t>
        </li>
        <li>
          <t>Ensure consistent and correct implementations by providing a clear
description of both algorithms and their underlying mathematical
foundation.</t>
        </li>
        <li>
          <t>Facilitate review and analysis by the research community, allowing
for the verification of security properties and the identification of
potential vulnerabilities.</t>
        </li>
        <li>
          <t>Enable interoperability of implementations of these specifications,
promoting collaboration and compatibility between various systems and
protocols.</t>
        </li>
      </ul>
      <t>Each of these stakeholder groups contributes something different to the
overall process of deploying software:</t>
      <ol spacing="normal" type="1"><li>
          <t>Engineering community: Engineers identify technical problems and
build solutions using computing tools.  They focus on why problems
should be addressed, producing requirements that define the problem
and solutions that meet those requirements.  Their ultimate goal is to
implement and ship software or hardware that effectively tackles these
challenges.</t>
        </li>
        <li>
          <t>Research community: Researchers explore the design space of
different subject areas and evaluate potential solutions.  They develop
methods for designing tools and performing experiments to validate
hypotheses.  This work concentrates on how problems should be solved,
creating artifacts that help describe solutions.  These may include
academic, peer-reviewed papers or software that studies or supports
the shipping of software.</t>
        </li>
        <li>
          <t>Standardization community: This group develops technical
specifications of protocols that others can implement, analyze, and
verify.  The specifications capture the details of a solution and
serve as a foundation for creating interoperable systems.  They ensure
the correct implementation of cryptographic algorithms and protocols.</t>
        </li>
      </ol>
      <t>By following these guidelines and addressing the distinct needs of each
stakeholder group, authors can create well-structured, informative
specification documents that facilitate the development, analysis, and
implementation of high-assurance cryptographic solutions.</t>
    </section>
    <section anchor="guidelines-for-cryptographic-specification-presentation">
      <name>Guidelines for Cryptographic Specification Presentation</name>
      <t>Technical specifications do not stand on their own.  Their value is
derived from their usefulness to the various communities that rely on
them.  A specification can have excellent content but without the
appropriate presentation, it may not be as useful as intended.  The
guidelines in this section are a baseline set of recommendations for
authors to consider when writing a cryptographic specification.  They
apply beyond cryptographic standards and are general good practices for
specification writers.</t>
      <section anchor="simplicity">
        <name>Simplicity</name>
        <t>Complexity is one of the main causes of software bugs.  The opposite
of complexity is simplicity, which is a key aspect of creating
effective cryptography specifications.  By striving for simplicity in
problem statements, technical content, and presentation, authors can
make their documents more accessible to a wider audience, including
implementers, researchers, and protocol designers.  Simplicity reduces
the cognitive load required to understand the specification and
minimizes the risk of misinterpretation, which can lead to incorrect
implementations and security vulnerabilities.</t>
        <t>To achieve simplicity, authors should focus on:</t>
        <dl>
          <dt>Problem Definition</dt>
          <dd>
            <t>Start by presenting a concise and easily comprehensible description
of the problem that the specification aims to solve.  Avoid unnecessary
jargon and strive to make the problem statement accessible to readers
with varying levels of expertise in the field.</t>
          </dd>
          <dt>Component Breakdown</dt>
          <dd>
            <t>When explaining multi-step cryptographic algorithms or concepts,
break them down into smaller, more manageable components.  This will
make it easier for readers to understand the individual parts and
their relationships to one another.</t>
          </dd>
          <dt>Clear Language</dt>
          <dd>
            <t>Write the specification using clear, concise language, and
consistent and broadly understood terminology.  Avoid overly technical
jargon, and define any terms that may be unfamiliar to some readers.</t>
          </dd>
          <dt>Focused Scope</dt>
          <dd>
            <t>Keep the specification focused on the primary problem or use case,
i.e., avoid feature creep.  Avoid introducing unrelated or peripheral
topics, as this can create confusion and detract from the primary
focus.</t>
          </dd>
        </dl>
        <t>By focusing on simplicity in document structure and prose in the
specification writing process, authors can create documents that are
more accessible and easier to understand, ultimately resulting in more
reliable and secure implementations of cryptographic algorithms and
protocols.  Focusing on simplicity in writing does not imply
imprecision or brevity.  Even long documents can embody simplicity
with the right attention to detail and structuring of prose.</t>
      </section>
      <section anchor="precision">
        <name>Precision</name>
        <t>Precision is essential in cryptographic specifications, as small
deviations or ambiguities can lead to severe security vulnerabilities.
A precise specification ensures consistent and correct implementations
while enabling accurate security analysis.</t>
        <t>The following recommendations help achieve precision:</t>
        <ol spacing="normal" type="1"><li>
            <t>Use clear and concise language, avoiding jargon or colloquialisms
that may lead to misinterpretation.  When introducing technical
terms or concepts, provide clear definitions or explanations to
ensure that all readers share the same understanding.</t>
          </li>
          <li>
            <t>Provide explicit instructions and avoid undefined behavior,
ensuring implementers can follow step-by-step instructions with
minimal or zero risk of misinterpretation.  This helps ensure that
all implementations are consistent with the intended design and
minimizes the risk of errors or vulnerabilities.</t>
          </li>
          <li>
            <t>Provide test vectors that check for correctness of all behavior in
the specification, especially those near edge cases.  For example,
if a specification involves a branch or condition, then test cases
should ideally be written to exercise both paths of the branch.
Sometimes this is infeasible, e.g., if probability of a particular
branch happening is negligible, though more often than not branches
can be adequately covered.</t>
          </li>
          <li>
            <t>Employ formal notation or pseudocode to provide a precise
description of algorithms, data structures, and protocols.  This
ensures that implementers, researchers, and protocol designers can
accurately understand the intended behavior and interactions of the
components within the specification.</t>
          </li>
          <li>
            <t>Specify data formats and encodings, clearly defining formats,
encoding schemes, and serialization methods for all data types used
in the specification.  This helps ensure that different
implementations can interoperate seamlessly and reduces the
likelihood of incompatibilities or communication errors.</t>
          </li>
          <li>
            <t>Document assumptions and dependencies, clearly stating any
assumptions or dependencies on external components, including other
specifications or protocol descriptions.  This includes common
dependencies like that of a random number generator.  This helps
implementers and researchers understand the context in which your
specification operates and any potential limitations or risks.</t>
          </li>
        </ol>
        <t>Precise specifications minimize ambiguity and reduce the likelihood of
implementation errors or inconsistencies.</t>
      </section>
      <section anchor="consistency">
        <name>Consistency</name>
        <t>A specification must be internally consistent.  It should also align
with the conventions of similar documents.</t>
        <t>Consistent use of concepts, vocabulary, language, and presentation
reduces ambiguity.  This clarity makes the specification easier to
understand and implement.</t>
        <t>The following recommendations help achieve consistency:</t>
        <ol spacing="normal" type="1"><li>
            <t>Establish a consistent terminology: Develop a clear and consistent
set of terms and definitions that will be used throughout the
document.  Avoid using synonyms or multiple terms for the same
concept, as this can lead to confusion.  When using acronyms, always
provide their full meaning upon first usage and use the acronym
consistently afterward.</t>
          </li>
          <li>
            <t>Maintain a uniform style and tone: Write the specification using a
consistent style and tone to ensure that readers can easily follow
the content.  This includes consistent use of grammatical
structures, punctuation, and capitalization.  If your organization
has a style guide, adhere to it when writing the specification.</t>
          </li>
          <li>
            <t>Use a logical structure: Organize your specification in a logical
manner, starting with an overview and then progressing through the
various components, algorithms, and protocols.  Make use of
sections, subsections, and other structural elements to break up the
content and make it easier to navigate and comprehend.  Use forward
or backward references to make navigation of the document simpler.</t>
          </li>
          <li>
            <t>Provide consistent formatting: Ensure that all elements within the
specification, such as tables, figures, pseudocode and equations,
are formatted consistently.  This will help readers quickly identify
and understand these elements as they progress through the document.</t>
          </li>
          <li>
            <t>Be consistent with conventions and notations: When using
mathematical notation, programming languages, or other conventions,
apply them consistently throughout the document.  This will help
prevent confusion and allow readers to focus on the content rather
than deciphering different notations.</t>
          </li>
          <li>
            <t>Reference external documents consistently: When referring to
external documents or resources, such as other RFCs, standards, or
research papers, provide consistent and accurate citations.  This
will enable readers to locate and review these resources as needed.</t>
          </li>
          <li>
            <t>Keep the broader context in mind: Try to adopt the same terminology
and conventions as other related documents the reader may be
familiar with, especially for specifications that are developed
based on peer-reviewed, published work.  Consistency across
audiences is important to help lower the bar to successful
collaboration and effective communication.  If the specification is
intended to be part of the RFC series, reuse conventions from other
documents in the series.</t>
          </li>
        </ol>
        <t>By focusing on consistency in your cryptography specification, you
will make it more accessible and easier to understand for
implementers, researchers, and protocol designers.  This, in turn,
will facilitate the development of correct, secure, and interoperable
cryptographic systems based on your specification.</t>
        <t>Cryptography specifications are often unique in their use of
mathematical objects to define protocols.  As such, presenting this
content requires special guidance.</t>
        <section anchor="representing-mathematical-operations">
          <name>Representing Mathematical Operations</name>
          <t>Cryptographic protocols rely on mathematical operations.  These
operations require precise and clear representation in specifications.</t>
          <t>Ambiguous or inconsistent mathematical notation leads directly to
implementation errors and interoperability failures.</t>
          <t><xref target="RFC7748"/> demonstrates effective mathematical representation through
clear introduction of scalar multiplication notation and concrete
examples.  It is not flawless: it also uses <tt>^</tt> for both XOR, in the
Montgomery ladder, and exponentiation, as in <tt>2^255 - 19</tt>, without
distinguishing them.  This is the kind of operator overloading the
notation guidance below is intended to prevent.</t>
          <section anchor="notation-consistency">
            <name>Notation Consistency</name>
            <t>Consistency in the notation used to represent mathematical operations
is essential for avoiding confusion and ensuring that the specification
is easy to understand.  Specification authors should establish a clear
notation system from the beginning and use it consistently throughout
the document.</t>
            <t>This notation should be introduced with a comprehensive
description or a reference to a well-known notation system to ensure
that readers can easily follow the mathematical expressions.  For
example, exponentiation can be represented by superscript or by a
carat, but not by both.</t>
          </section>
          <section anchor="use-of-standard-mathematical-symbols">
            <name>Use of Standard Mathematical Symbols</name>
            <t>Widely recognized mathematical symbols promote clarity and reduce the
risk of misinterpretation.  However, some symbols have different
meanings across contexts or disciplines.  The specification should
clarify the intended meaning of such symbols.  For instance, group
operations in multiplicative notation use the * multiplication symbol
rather than the x symbol to avoid confusion.</t>
          </section>
          <section anchor="explicitly-defining-custom-operations">
            <name>Explicitly Defining Custom Operations</name>
            <t>Mathematical operations and notation that extend beyond standard
conventions require explicit definitions with clear explanations and
examples.</t>
            <t>Key aspects of defining custom operations:
- Provide clear explanations and examples.
- Keep new notation minimal to avoid confusion.
- Consider including a glossary for multiple non-standard operations.</t>
          </section>
          <section anchor="pseudocode-and-algorithmic-descriptions">
            <name>Pseudocode and Algorithmic Descriptions</name>
            <t>Mathematical expressions often need to be supplemented with pseudocode
or algorithmic descriptions to bridge the gap between theory and
implementation.  Pseudocode should be written in a style that
resembles real programming languages.  Comments clarify the logic.
Control structures such as loops and conditionals should use
consistent notation throughout the document.</t>
            <t>When pseudocode requires constant-time behavior, mark the line with the
<tt>CONST</tt> tag.  For example, with CMOV(x, y, e) defined to return y when e
= 1 and x when e = 0:</t>
            <artwork><![CDATA[
z <- CMOV(x, y, e)  # CONST: branch-free
]]></artwork>
            <t>The <tt>CONST</tt> tag and the CMOV function above are an illustrative
convention used in this document, not a standardized notation; a
specification that adopts a similar marker <bcp14>SHOULD</bcp14> define it explicitly
in its own Notation section.  Such annotations state intent; they do not
by themselves make an implementation constant-time.  Specifications
should also identify which values are secret, so that implementations
avoid branching on, or indexing memory by, secret-derived values.</t>
          </section>
          <section anchor="visual-representations">
            <name>Visual Representations</name>
            <t>Diagrams and other visual aids help convey complex mathematical
concepts.  These elements must be clear, properly labeled, and
consistent with the notation system.  Visual representations
supplement the text; they do not replace it.</t>
            <ol spacing="normal" type="1"><li>
                <t>Ensure that diagrams remain legible in all output formats, including
TXT, HTML, and PDF.</t>
              </li>
              <li>
                <t>For simple state machines or data flows, use ASCII diagrams that
display clearly in all output formats.</t>
              </li>
              <li>
                <t>Keep every label, variable name, and symbol in your figures
consistent with the notation used in the surrounding text.</t>
              </li>
            </ol>
          </section>
          <section anchor="mathematical-notation-and-unicode">
            <name>Mathematical Notation and Unicode</name>
            <t>Cryptographic specifications <bcp14>SHOULD</bcp14> make mathematical notation and
algorithm descriptions clear in all RFC publication formats, including
plain text, HTML, and PDF.  Pseudocode intended to guide implementations
<bcp14>SHOULD</bcp14> prefer simple, programming-like notation when that notation is
equally clear, for example <tt>xor(a, b)</tt>, <tt>XOR</tt>, <tt>concat(a, b)</tt>, <tt>||</tt>,
<tt>mod</tt>, and <tt>randbits(n)</tt>.</t>
            <t>Non-ASCII mathematical symbols <bcp14>MAY</bcp14> be used in normative mathematical
exposition or algorithm descriptions when they materially improve
clarity, satisfy the criteria for non-ASCII characters in <xref target="RFC7997"/>,
and are understandable to the intended audience.  Such symbols <bcp14>MUST NOT</bcp14>
be used as a substitute for defining the operation they represent.</t>
            <t>Every non-obvious symbol, whether ASCII or Unicode, <bcp14>MUST</bcp14> be defined
exactly once in a dedicated Notation section or at first use.  A symbol
<bcp14>MUST</bcp14> have exactly one meaning throughout the specification.  In
particular, authors <bcp14>MUST NOT</bcp14> use <tt>^</tt> for both XOR and exponentiation.</t>
            <t>When a Unicode symbol is used, the specification <bcp14>SHOULD</bcp14> provide an ASCII
or function-style equivalent at first use, and <bcp14>SHOULD</bcp14> give the Unicode
code point or character name for less common, visually confusable, or
domain-specific symbols.  For example, <tt>⊕</tt> can be introduced as XOR
(<tt>⊕</tt>, U+2295) and <tt>∥</tt> can be introduced as concatenation (<tt>||</tt>).</t>
            <t>Formatting <bcp14>MUST NOT</bcp14> be required to recover the meaning of an algorithm.
Superscripts, font choice, glyph shape, or rendering differences across
formats <bcp14>MUST NOT</bcp14> change semantics.  Authors <bcp14>SHOULD</bcp14> review formulas,
pseudocode, tables, and figures in the generated plain-text, HTML, and
PDF outputs against the criteria in <xref target="RFC7997"/>, and <bcp14>SHOULD</bcp14> consider
copy/paste behavior, searchability, screen readers, and font support.</t>
            <t>The notation is normative as written, whether ASCII or Unicode, provided
it is defined, unambiguous, and stable across publication formats.</t>
            <t>Checklist for authors:</t>
            <ul spacing="normal">
              <li>
                <t>Define a concise notation table covering every non-obvious operator
or symbol (<tt>||</tt>, <tt>^</tt>, <tt>**</tt>, <tt>mod</tt>, <tt>XOR</tt>, sampling notation, failure
symbols, Unicode operators, etc.).</t>
              </li>
              <li>
                <t>Use exactly one notation for each operation throughout the document.</t>
              </li>
              <li>
                <t>Never reuse <tt>^</tt> for both XOR and exponentiation; spell out one of
them or use a defined function-style operator.</t>
              </li>
              <li>
                <t>Prefer clear function-style or programming-like notation in
implementer-facing pseudocode, especially where readers may copy the
text into code.</t>
              </li>
              <li>
                <t>Use Unicode mathematical symbols only when they improve clarity for
the intended audience.</t>
              </li>
              <li>
                <t>Provide ASCII or function-style equivalents for Unicode symbols that
implementers may need to type, search for, copy, or translate into
code.</t>
              </li>
              <li>
                <t>Give Unicode code points or character names for uncommon, visually
confusable, or domain-specific symbols.</t>
              </li>
              <li>
                <t>Provide at least one worked example that exercises every operator.</t>
              </li>
              <li>
                <t>Verify the generated plain-text, HTML, and PDF outputs; formatting
must not change semantics.</t>
              </li>
            </ul>
            <t>The following baseline operator set covers the operations most
cryptographic specifications need; any additional operator <bcp14>MUST</bcp14> be
defined in the Notation table before first use.</t>
            <table>
              <thead>
                <tr>
                  <th align="left">Concept</th>
                  <th align="left">ASCII glyph(s)</th>
                  <th align="left">Example</th>
                  <th align="left">Notes</th>
                </tr>
              </thead>
              <tbody>
                <tr>
                  <td align="left">Addition / subtraction</td>
                  <td align="left">
                    <tt>+</tt>, <tt>-</tt></td>
                  <td align="left">
                    <tt>a + b</tt></td>
                  <td align="left"> </td>
                </tr>
                <tr>
                  <td align="left">Multiplication</td>
                  <td align="left">
                    <tt>*</tt></td>
                  <td align="left">
                    <tt>x * y</tt></td>
                  <td align="left">Define early that <tt>*</tt> is group/field multiplication</td>
                </tr>
                <tr>
                  <td align="left">Exponentiation</td>
                  <td align="left">
                    <tt>^</tt> or <tt>**</tt></td>
                  <td align="left">
                    <tt>g^k</tt>, <tt>2**255 - 19</tt></td>
                  <td align="left">Choose one symbol and use it consistently; note <tt>^</tt> is XOR in C-family languages</td>
                </tr>
                <tr>
                  <td align="left">Modular reduction</td>
                  <td align="left">
                    <tt>mod</tt></td>
                  <td align="left">
                    <tt>x mod L</tt></td>
                  <td align="left">State the modulus and the range of the result</td>
                </tr>
                <tr>
                  <td align="left">XOR</td>
                  <td align="left">
                    <tt>XOR</tt></td>
                  <td align="left">
                    <tt>a XOR b</tt></td>
                  <td align="left">Avoids clash with <tt>^</tt>; all-caps stands out</td>
                </tr>
                <tr>
                  <td align="left">Concatenation</td>
                  <td align="left">
                    <tt>||</tt></td>
                  <td align="left">
                    <tt>M1 || M2</tt></td>
                  <td align="left">Define in glossary</td>
                </tr>
                <tr>
                  <td align="left">Comparison</td>
                  <td align="left">
                    <tt>&lt;</tt>, <tt>&lt;=</tt>, <tt>&gt;=</tt>, <tt>&gt;</tt></td>
                  <td align="left">
                    <tt>s &gt;= L</tt></td>
                  <td align="left">Make boundary conditions exact</td>
                </tr>
                <tr>
                  <td align="left">Shift / rotate</td>
                  <td align="left">
                    <tt>&lt;&lt;</tt>, <tt>&gt;&gt;</tt>, <tt>ROTL</tt></td>
                  <td align="left">
                    <tt>x ROTL 16</tt></td>
                  <td align="left">Define operand width and wrapping</td>
                </tr>
                <tr>
                  <td align="left">Equality</td>
                  <td align="left">
                    <tt>=</tt></td>
                  <td align="left">
                    <tt>x = y</tt></td>
                  <td align="left"> </td>
                </tr>
                <tr>
                  <td align="left">Assignment</td>
                  <td align="left">
                    <tt>&lt;-</tt></td>
                  <td align="left">
                    <tt>x &lt;- y</tt></td>
                  <td align="left">
                    <bcp14>MUST</bcp14> be distinct from the equality glyph</td>
                </tr>
                <tr>
                  <td align="left">Constant-time selection</td>
                  <td align="left">
                    <tt>CMOV</tt></td>
                  <td align="left">
                    <tt>CMOV(x, y, e)</tt></td>
                  <td align="left">Returns y when e = 1 and x when e = 0</td>
                </tr>
                <tr>
                  <td align="left">Integer / byte-string conversion</td>
                  <td align="left">
                    <tt>I2OSP</tt>, <tt>OS2IP</tt></td>
                  <td align="left">
                    <tt>I2OSP(x, 32)</tt></td>
                  <td align="left">Define output length and byte order; see <xref target="RFC8017"/></td>
                </tr>
                <tr>
                  <td align="left">Length</td>
                  <td align="left">
                    <tt>len</tt></td>
                  <td align="left">
                    <tt>len(M)</tt></td>
                  <td align="left">State whether the result counts bits or bytes</td>
                </tr>
                <tr>
                  <td align="left">Truncation / slicing</td>
                  <td align="left">
                    <tt>M[a..b]</tt></td>
                  <td align="left">
                    <tt>M[0..15]</tt></td>
                  <td align="left">State whether indices are zero-based and bounds inclusive</td>
                </tr>
                <tr>
                  <td align="left">Random sampling</td>
                  <td align="left">
                    <tt>&lt;-$</tt></td>
                  <td align="left">
                    <tt>x &lt;-$ S</tt></td>
                  <td align="left">Define the set and distribution; uniform unless stated</td>
                </tr>
                <tr>
                  <td align="left">Failure</td>
                  <td align="left">
                    <tt>INVALID</tt></td>
                  <td align="left">
                    <tt>return INVALID</tt></td>
                  <td align="left">
                    <bcp14>MUST</bcp14> be distinguishable from every valid output</td>
                </tr>
              </tbody>
            </table>
          </section>
        </section>
      </section>
    </section>
    <section anchor="guidelines-for-cryptography-specification-content">
      <name>Guidelines for Cryptography Specification Content</name>
      <t>In addition to cryptographic specification clarity and accessibility
through presentation format, the content of a specification also
influences the overall value of the specification.  The syntax of
cryptographic objects introduced and their interfaces, as well as the
way in which the object is structured for use in applications, is
important for reliable and secure implementations of cryptographic
algorithms and protocols.  In this section, we discuss factors that
relate to the content of the specifications and their impact on
overall quality.</t>
      <section anchor="reusability">
        <name>Reusability</name>
        <t>Cryptography specifications that rely on bespoke sub-algorithms or
lower-level components tend to be brittle and invite implementation
issues.  To create efficient, interoperable, and widely adopted
cryptographic systems, it is preferable to reuse existing components
or primitives.  Reusability allows developers to build on existing
work, reducing the time and effort required to create new
implementations while leveraging established security properties and
analyses.  This section discusses the importance of reusability in
cryptography specifications and offers guidance for incorporating
reusability principles into the specification development process.</t>
        <section anchor="build-on-existing-specifications">
          <name>Build on Existing Specifications</name>
          <t>When developing a cryptography specification, it is advantageous to
build upon existing, well-established specifications, protocols, and
primitives where possible.</t>
          <t>By doing so, authors can capitalize on the collective expertise of the
community, as well as existing security analyses, implementation
experiences, and best practices.  This approach reduces the potential
for introducing new vulnerabilities and inconsistencies while
promoting interoperability between different systems.</t>
        </section>
        <section anchor="modular-design">
          <name>Modular Design</name>
          <t>Emphasizing modularity in the design of cryptography specifications
allows for greater flexibility and reusability.  By breaking down
complex algorithms into smaller, self-contained components or
modules, specification writers facilitate the reuse of these
components in different contexts or applications.  A modular design
also simplifies the process of updating or replacing specific
components without affecting the overall system, making it easier to
incorporate new research findings or technological advancements.  An
example of a modular design is the prime-order group abstraction.
Algorithms that use this abstraction admit a modular design where the
group implementation is described in a separate document dedicated to
the details of the implementation of the group.  This approach
simplifies both implementation and security analysis.</t>
        </section>
        <section anchor="clear-interfaces-and-abstractions">
          <name>Clear Interfaces and Abstractions</name>
          <t>To promote misuse resistance and elegant higher-level designs,
cryptography specifications should provide clear interfaces and
abstractions for the components and primitives they describe.</t>
          <t>Well-defined interfaces enable developers to understand and interact
with a component without needing to know the details of its internal
implementation.</t>
          <t>This approach allows for the replacement or modification of components
with minimal impact on the overall system and encourages the development
of interchangeable components that can be reused across different
applications and within protocols.</t>
          <t>Cryptographic objects typically have a set of functions associated
with them that make up the interface; structuring the functions to
fit well-understood and existing abstractions helps make the job of
using the object in higher-level algorithms easier and less prone to
code duplication.</t>
        </section>
        <section anchor="completeness">
          <name>Completeness</name>
          <t>The operations defined in a cryptography specification should be
complete, with defined behavior on all inputs.  This includes error
handling and edge cases which would otherwise not impact the
algorithm's cryptographic properties.</t>
          <t>In particular, when deserializing a byte string, the behavior on all
byte strings should be defined, including cases which would not be valid
outputs of the corresponding serialization function.  A complete
specification helps avoid implementation variations.  These variations
can lead to interoperability failures, gaps between formal analysis and
real-world practice, or security vulnerabilities.</t>
          <ul spacing="normal">
            <li>
              <t>Define behavior for all inputs: Ensure that every possible input
scenario is accounted for, including edge cases.</t>
            </li>
            <li>
              <t>Error handling: Enumerate the error conditions of each operation,
state whether distinct failures are distinguishable to callers or
peers (distinguishable failures invite oracle attacks), and define
post-failure behavior, such as whether partial output is released.</t>
            </li>
            <li>
              <t>Avoid multiple valid behaviors: Consistency is key; avoid leaving
multiple implementation options open.</t>
            </li>
          </ul>
          <t>Avoid defining multiple implementation behaviors as valid.  Leaving
multiple options to implementers leads to compounding complexity:
downstream specifications may need to profile the algorithm to pick the
preferred option, and validation tools must be configurable to assert
either case.</t>
        </section>
        <section anchor="documentation-and-examples">
          <name>Documentation and Examples</name>
          <t>Thorough documentation and illustrative examples play a crucial role
in promoting reusability.  By providing comprehensive explanations of
the specification's components, interfaces, and intended use cases,
specification authors make it easier for developers to understand and
implement the specification correctly.  Including examples of how
components can be combined or applied in various scenarios further
clarifies their usage and encourages their reuse in different
contexts.</t>
          <t>Documentation Tips:
  - Use clear, concise language
  - Include illustrative examples
  - Highlight use cases and scenarios</t>
          <t>By focusing on reusability in cryptography specifications, authors can
help create secure, efficient, and adaptable cryptographic systems
that can be more easily integrated, maintained, and updated, resulting
in more robust and widely adopted solutions.</t>
        </section>
      </section>
      <section anchor="defining-security-definitions-and-threat-models">
        <name>Defining Security Definitions and Threat Models</name>
        <t>Cryptographic protocols are always used within a context of a broader
system whose security relies on an understanding of the capabilities of
potential attackers.  An incorrect definition or assumption about the
threat models to a protocol can make a protocol that is safe in one
context unsafe in a different context.  Precise definitions help
researchers assess the security of the proposed algorithms and
protocols, while comprehensible threat models enable implementers and
protocol designers to understand the potential risks and limitations of
the specification.  This section provides guidelines for defining
security definitions and threat models in a way that caters to the needs
of all target audiences.</t>
        <section anchor="defining-security-goals">
          <name>Defining Security Goals</name>
          <t>Specification authors should explicitly state the security goals that
the proposed algorithms or protocols aim to achieve.  These goals
should be comprehensive, covering all relevant aspects, such as
confidentiality, integrity, authentication, non-repudiation, and
availability as well as resistance to implementation flaws such as
side-channels.</t>
          <t>Furthermore, authors should clarify any trade-offs or limitations
associated with the security goals, ensuring that the target audiences
understand the intended balance between security and other factors,
such as performance or ease of implementation.</t>
          <t>Authors should also enumerate relevant security properties that the
construction does not provide whenever a target audience might plausibly
assume them, such as an AEAD that is not key-committing or a signature
scheme that does not guarantee non-malleability; higher-level designs
fail most often by relying on absent properties.  Some goals are
context-dependent: non-repudiation is an explicit anti-goal of deniable
protocols, and availability is typically a property of the surrounding
system rather than of a cryptographic construction.</t>
          <t>Common Security Goals:
  - Confidentiality
  - Integrity
  - Authentication
  - Non-repudiation
  - Availability
  - Resistance to side-channels</t>
        </section>
        <section anchor="formalizing-security-definitions">
          <name>Formalizing Security Definitions</name>
          <t>Formalizing security definitions is essential for researchers to
rigorously analyze the algorithms and protocols described in the
specification.  Specification authors should strive to express security
definitions in a formal language, using consistent notation and
terminology.  Authors should accompany formal definitions with clear
explanations and examples to make them more accessible to implementers
and protocol designers who may not be familiar with formal methods.</t>
          <t>Steps to Formalize Security Definitions:
  - Choose a formal language
  - Ensure consistent notation
  - Provide clear examples</t>
        </section>
        <section anchor="describing-the-threat-model">
          <name>Describing the Threat Model</name>
          <t>A well-defined threat model provides an overview of the potential
adversaries and the risks they pose to the security of the algorithms
or protocols.  Specification authors should describe the threat model
in detail, including the capabilities, resources, and motivations of
adversaries.  Additionally, authors should identify any assumptions
made about the adversarial model and explicitly state them to help the
target audiences understand the intended scope and limitations of the
specification's security guarantees.  Clear threat models help prevent
misuse in inappropriate contexts.</t>
          <t>Key Components of a Threat Model:
  - Adversary capabilities
  - Resources
  - Motivations
  - Assumptions about adversarial models</t>
        </section>
        <section anchor="addressing-known-vulnerabilities-and-attacks">
          <name>Addressing Known Vulnerabilities and Attacks</name>
          <t>Specification authors should discuss known vulnerabilities and attacks
relevant to the proposed algorithms or protocols.  This discussion
should include an explanation of how the specification addresses or
mitigates these issues, as well as any residual risks that remain.
This information is valuable for implementers and protocol designers
to understand the potential threats and for researchers to assess the
robustness of the specification's security claims.</t>
        </section>
        <section anchor="providing-guidance-on-secure-implementation-and-deployment">
          <name>Providing Guidance on Secure Implementation and Deployment</name>
          <t>To help ensure that the security definitions and threat models are
effectively realized in practice, authors should provide guidance on
secure implementation and deployment of the proposed algorithms and
protocols.  This guidance may include best practices for avoiding
common pitfalls, recommendations for cryptographic parameter
selection, or considerations for securely integrating the
specification into existing systems.</t>
          <t>By clearly defining security definitions and threat models in
cryptography specifications, authors can facilitate a better
understanding of the security properties and limitations of the
proposed algorithms and protocols among implementers, researchers,
and protocol designers.</t>
          <t>Clear security definitions prevent cryptographic algorithms from being
used in insecure contexts.</t>
          <ul spacing="normal">
            <li>
              <t>Following these guidelines and recommendations from <xref target="RFC3552"/> helps
create robust security considerations sections</t>
            </li>
            <li>
              <t>Complete threat model discussions facilitate better understanding of
security properties and limitations</t>
            </li>
            <li>
              <t>Proper security definitions enable accurate analysis by target
audiences</t>
            </li>
          </ul>
        </section>
      </section>
    </section>
    <section anchor="catering-to-target-audiences">
      <name>Catering to Target Audiences</name>
      <t>When writing a specification, it is important to consider the needs of
the three primary audiences: implementers, researchers, and protocol
designers.  Each group has unique requirements and goals, and the
specification should be written in a way that addresses their specific
concerns.</t>
      <section anchor="catering-to-implementers">
        <name>Catering to Implementers</name>
        <t>Implementers require a clear, concise, and unambiguous specification
to develop production-grade software.</t>
        <t>To cater to implementers:</t>
        <ul spacing="normal">
          <li>
            <t>Provide step-by-step instructions for implementing algorithms or
processes, ensuring that all required inputs, outputs, and
intermediate steps are defined.  Where exceptional cases occur,
those should be noted and recommended error-handling steps should
be given.  Include test vectors to help implementers verify the
correctness of their implementations.</t>
          </li>
          <li>
            <t>Describe best practices for representing components of the
specification in code, addressing exceptional cases and
recommended error handling procedures, as well as aspects of the
specification that are difficult to implement correctly (e.g.,
where side-channel attacks might be possible).</t>
          </li>
          <li>
            <t>Clearly indicate any optional features, variations, or extensions,
specifying their impact on interoperability and security.</t>
          </li>
        </ul>
        <section anchor="test-vectors">
          <name>Test Vectors</name>
          <t>Test vectors ideally cover all branches of the specification, with
reasonable exceptions, such as branches that occur with negligible
probability and as such are computationally infeasible to reproduce.
To facilitate writing tests, where possible, all functions should be
written with determinism in mind.  In particular, this means that
functions that produce random outputs, such as a function that
produces random elements in a prime-order group, should accept
randomness as input and test vectors should specify this randomness
as an input to the function.  Specifications should minimize
internal calls to pseudorandom number generators (PRNGs) or similar
and emphasize determinism.</t>
          <t>Finally, specifications should make the connection between
specification and test vectors clear by including explicit
reproducibility steps that describe how test vectors were derived for
parts of the specification.  This might mean pointing to a reference
implementation with instructions for how to run it, where the
reference implementation is written in a way that is clearly
consistent with the specification.</t>
          <t>It is possible to include too many test vectors in a specification,
which increases document length and decreases readability.  Authors
should provide test vectors that cover:</t>
          <ul spacing="normal">
            <li>
              <t>Typical test cases that exercise all logical pathways within an
algorithm</t>
            </li>
            <li>
              <t>All valid but degenerate cases that result in error or early exit of
an algorithm</t>
            </li>
            <li>
              <t>Exceptions that can be reached by attacker-controlled inputs</t>
            </li>
            <li>
              <t>Invalid inputs that implementations are required to reject, such as
non-canonical encodings, invalid points or group elements, and
modified authenticators, each labeled with the expected error result</t>
            </li>
            <li>
              <t>Boundary values for every comparison or range check in the
specification, together with values immediately adjacent to the
boundary</t>
            </li>
          </ul>
          <t>For multi-step algorithms, at least one test vector should include
intermediate values, such as per-round state or derived subkeys, so
that implementers can localize divergence rather than only detect it.</t>
          <t>It is not necessary to include test vectors for cases that are
statistically improbable to be triggered, even by attacker-controlled
input, based on the underlying cryptographic assumptions.  For example,
if an error case is only reachable when an intermediate data point
matches the pre-image of a hash value that was randomly generated,
finding a test vector to trigger that case would require the ability to
compute a hash pre-image, which is deemed unfeasible for sufficiently
strong hash functions.  Exceptional cases that do not have test vectors
should be explicitly noted in the algorithm description.</t>
          <t>Lastly, specifications should provide references to machine-readable
test vectors (e.g., in JSON format) that persist alongside the
specification.  This helps avoid possibly error-prone parsing in
translating test vectors from a textual specification to test code
inputs.</t>
        </section>
      </section>
      <section anchor="catering-to-researchers">
        <name>Catering to Researchers</name>
        <t>Researchers need to understand the syntax and functionality of the
cryptographic protocol or primitive to ensure its correctness and
analyze its security properties.  To cater to researchers:</t>
        <ul spacing="normal">
          <li>
            <t>Clearly define the underlying mathematical concepts and notations
used in the specification, ensuring that all symbols, functions, and
variables are consistently and accurately represented as explained in
the section Representing Mathematical Operations.</t>
          </li>
          <li>
            <t>Provide detailed security definitions, goals, and threat models,
including the capabilities and limitations of adversaries and their
impact on parameter selection.  In general, authors should make input
requirements that are important for the security of the protocol or
construction maximally clear.  See: Defining Security Definitions and
Threat Models.</t>
          </li>
          <li>
            <t>Describe any assumptions made about the underlying primitives or
protocols and the justifications for these assumptions.  Such
assumptions should include references to external documents that
describe these underlying primitives or protocols where appropriate,
unless there are gaps between how the underlying primitive or protocol
is used and how it is described externally.</t>
          </li>
          <li>
            <t>Clearly present any security proofs, analysis, or references to
existing literature that support the security claims of the
specification.  If there are gaps between the specification and formal
security analysis, these gaps should be noted, along with rationale
that justifies the gaps.</t>
          </li>
        </ul>
      </section>
      <section anchor="catering-to-protocol-designers">
        <name>Catering to Protocol Designers</name>
        <t>Protocol designers in the standards community use specifications to
understand how to safely use the cryptographic protocol or primitive
when designing a higher-level protocol that depends on it.  To cater to
protocol designers:</t>
        <ul spacing="normal">
          <li>
            <t>Clearly define the interfaces, APIs, or functions exposed by the
protocol or primitive, indicating how they should be used and any
potential risks associated with their misuse.  For each input, state
the requirements it must satisfy for security to hold, such as secrecy,
uniqueness, or uniform randomness, whether security is retained when
that input is adversarially chosen, and what validation is required
before use; the consuming protocol determines which inputs are attacker
controlled in its own deployment.</t>
          </li>
          <li>
            <t>Describe any corner cases or situations that may impact security,
providing guidance on how to avoid or mitigate potential risks.  This
includes explicitly stating the probability of an algorithm failing
due to invalid operations occurring (such as divide-by-zero) both in
the typical case and under attacker-controlled inputs.</t>
          </li>
          <li>
            <t>Explain any dependencies or interactions with other protocols,
primitives, or system components, highlighting potential compatibility
or interoperability issues.</t>
          </li>
          <li>
            <t>Provide guidance on configuration, parameter selection, or deployment
considerations that may affect the security or performance of the
protocol in real-world scenarios.  This includes the impact of new
discoveries that weaken the security assumptions of a primitive.</t>
          </li>
          <li>
            <t>State concrete usage limits derived from the security analysis, such
as the maximum amount of data or number of invocations per key and when
rekeying is required, in operational units that a consuming protocol
can budget against.</t>
          </li>
          <li>
            <t>Identify the context-binding inputs the construction exposes, such as
associated data, info strings, salts, and labels; state what a
consuming protocol is expected to bind into them to achieve domain
separation; and state whether keys may safely be reused across the
construction's operations or with other algorithms.</t>
          </li>
        </ul>
        <t>By addressing the specific needs of implementers, researchers, and
protocol designers, a specification can be more effectively
understood, implemented, and analyzed, leading to more secure and
interoperable systems.</t>
      </section>
    </section>
    <section anchor="general-recommendations">
      <name>General Recommendations</name>
      <t>Developing effective cryptography specifications often requires
collaboration between multiple stakeholders in the target audience,
including engineers, researchers, and standardization organizations,
and engaging in a collaborative process helps ensure that diverse
perspectives and expertise are considered, resulting in more robust
and widely applicable specifications.  This section discusses the
importance of collaboration and compromise in specification development
and offers recommendations for fostering a collaborative environment.</t>
      <section anchor="encourage-open-communication-and-feedback">
        <name>Encourage Open Communication and Feedback</name>
        <t>Effective collaboration relies on open communication and an ongoing
exchange of ideas and feedback.  By creating channels for
communication, such as mailing lists, pull request threads (as
described in <xref target="RFC8874"/>), or regular meetings, authors can facilitate
discussions, address concerns, and gather valuable input from various
stakeholders.  Encouraging an environment where feedback is welcomed
and valued helps ensure that the specification benefits from diverse
expertise and experiences.</t>
      </section>
      <section anchor="seek-external-expertise">
        <name>Seek External Expertise</name>
        <t>Involving external experts, such as researchers or engineers from
different organizations, can help identify potential issues, uncover
new insights, and provide a broader perspective on the specification.
Engaging with experts such as those in the IRTF Crypto Review Panel
who have different backgrounds or areas of expertise can also help
identify potential gaps in the specification or highlight areas where
further research or clarification is needed.</t>
      </section>
      <section anchor="recognize-and-address-conflicting-interests">
        <name>Recognize and Address Conflicting Interests</name>
        <t>Collaboration often involves addressing conflicting interests or
opinions among stakeholders.  It is essential to acknowledge these
differences and work towards finding mutually agreeable solutions.
This may require making compromises or revisiting previous decisions
to ensure that the specification meets the needs of all involved
parties.  By maintaining a flexible and open-minded approach, authors
can:</t>
        <ul spacing="normal">
          <li>
            <t>Build consensus among diverse stakeholders with varying priorities
and technical perspectives.</t>
          </li>
          <li>
            <t>Develop a more robust specification that addresses real-world
implementation and deployment challenges.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="examples-of-well-written-specifications">
      <name>Examples of Well-Written Specifications</name>
      <t>To provide a better understanding of how to write high-quality
cryptography specifications, we will analyze specific sections from a
well-written example: ChaCha20 and Poly1305 for IETF Protocols
(<xref target="RFC8439"/>).</t>
      <section anchor="chacha20-and-poly1305-for-ietf-protocols-rfc-8439">
        <name>ChaCha20 and Poly1305 for IETF Protocols (RFC 8439)</name>
        <t><xref target="RFC8439"/> is a specification that describes the use of the ChaCha20
stream cipher and the Poly1305 message authentication code for IETF
protocols.  It demonstrates how to write a clear, comprehensive, and
precise specification while catering to different audiences.</t>
        <section anchor="introduction-and-overview">
          <name>Introduction and Overview</name>
          <t>The introduction in <xref target="RFC8439"/> clearly defines the purpose and
motivation for the specification.  It provides context on the origins
of ChaCha20 and Poly1305, and how they are used together to provide
confidentiality and data integrity.  By presenting a concise and
informative introduction, the specification sets the stage for the
detailed technical descriptions that follow.</t>
        </section>
        <section anchor="algorithm-descriptions">
          <name>Algorithm Descriptions</name>
          <t>The specification provides detailed and precise descriptions of the
ChaCha20 and Poly1305 algorithms, including pseudocode, constants,
and mathematical operations.  This section caters to implementers,
ensuring that they have all the necessary information to create
consistent and correct implementations.  The mathematical operations
are expressed in a clear and unambiguous manner, which helps both
implementers and researchers understand the algorithms better.</t>
        </section>
        <section anchor="test-vectors-1">
          <name>Test Vectors</name>
          <t><xref target="RFC8439"/> includes test vectors for both ChaCha20 and Poly1305,
providing concrete examples of inputs and expected outputs for the
algorithms.  Notably, the vectors include intermediate values, such as
the ChaCha state after 20 rounds, allowing implementers to localize a
divergence rather than only detect it.  This section is invaluable for
implementers, allowing them to verify that their implementations are
correct and compatible with others.</t>
        </section>
        <section anchor="security-considerations">
          <name>Security Considerations</name>
          <t>The specification dedicates an entire section to security
considerations, catering to researchers and protocol designers.  It
discusses potential attacks and their mitigations, recommendations for
nonce usage, and the security properties of the algorithms.  This
section also provides references to academic papers and other
resources for further reading, enabling researchers to delve deeper
into the security aspects of the specified algorithms.</t>
        </section>
        <section anchor="iana-considerations-and-references">
          <name>IANA Considerations and References</name>
          <t><xref target="RFC8439"/> concludes with IANA considerations and a list of
references, ensuring that the specification is well-integrated with
existing IETF processes and standards.  The IANA considerations section
is essential for protocol designers who need to register new values or
coordinate with existing registries.</t>
        </section>
        <section anchor="problematic-aspects">
          <name>Problematic Aspects</name>
          <t>A criticism of this document is that it does not cater enough to
implementers in that it does not define decryption as a standalone
algorithm; <xref section="2.8" sectionFormat="of" target="RFC8439"/> describes decryption only as a set
of differences relative to encryption.  Researchers familiar with the
concept of a stream cipher understand that decryption and encryption are
identical in stream cipher constructions, but this may not be clear to
implementers.  The identity also holds only for the stream cipher core:
AEAD decryption must additionally verify the authentication tag before
releasing any plaintext, so it is not symmetric with encryption.</t>
          <t>In summary, <xref target="RFC8439"/> serves as an excellent example of a well-written
cryptography specification, providing clear, precise, and comprehensive
information for implementers, researchers, and protocol designers alike.
By studying and emulating the structure and content of specifications
like <xref target="RFC8439"/>, authors can create high-quality specifications that
cater to the diverse needs of their target audiences.</t>
        </section>
      </section>
    </section>
    <section anchor="examples-of-specifications-that-could-be-improved">
      <name>Examples of Specifications That Could Be Improved</name>
      <t><xref target="RFC8032"/> is a specification that describes the Edwards-curve
Digital Signature Algorithm (EdDSA).  This specification had several
errata filed against it for corrections and has had documented
criticisms published online.</t>
      <section anchor="test-vectors-2">
        <name>Test Vectors</name>
        <t>The test vectors included in <xref target="RFC8032"/> were not comprehensive and did
not cover all the cases described in the algorithm, resulting in
multiple incompatible implementations.  There were also issues with the
permitted range for encoding the signature scalar, which excluded both
endpoints when it should have included them (RFC 8032 Errata ID 5968), a
case the test vectors did not exercise.</t>
      </section>
      <section anchor="unnecessary-branching">
        <name>Unnecessary Branching</name>
        <t>Some parts of EdDSA permit more than one verification path, which can
split implementations.  For Ed25519, <xref target="RFC8032"/> gives two options:
8<em>S</em>B = 8<em>R + 8</em>k<em>A' (where * denotes scalar multiplication, ' denotes a
derived point, and = denotes equality) or S</em>B = R + k*A'.  These
equations are not equivalent:  they disagree on signatures containing
low-order components, so libraries that choose different equations
disagree on which signatures are valid.  Specifications should avoid
such optional branches and instead mandate a single verification path to
keep implementations interoperable.</t>
      </section>
      <section anchor="compatibility-and-modularity">
        <name>Compatibility and Modularity</name>
        <t>EdDSA is a variant of the Schnorr signature scheme, but with some small
variations that make it incompatible with other related Schnorr
signature schemes.  This includes a "clamping" operation on private
scalars that produces non-uniform scalars, complicating compositions
that require uniformly random scalars, such as threshold signing, key
blinding, and hierarchical key derivation.  The often-cited
incompatibility between Ed25519 and X25519 (<xref target="RFC7748"/>) keys stems not
from clamping, which both apply, but from EdDSA deriving its signing
scalar by hashing the private seed.  Many of the issues in the
specification derive from the fact that the specification was written to
match an existing implementation rather than define an algorithm.  This
limited the authors from focusing on compatibility with other related
standards and primitives, resulting in numerous issues.</t>
      </section>
    </section>
    <section anchor="conclusion">
      <name>Conclusion</name>
      <t>Quality matters in cryptographic specification writing.  This document
provides guidelines for writing effective cryptography specifications,
emphasizing the importance of catering to different audiences, including
implementers, researchers, and protocol designers, with the end goal of
enabling high-assurance cryptographic software.  By focusing on
simplicity, precision, consistency, reusability, collaboration, and
compromise, specification writers can create documents that are easier
to understand, implement, and analyze.</t>
      <t>We have also discussed the representation of mathematical operations
and the importance of clearly defining security definitions and threat
models.  These elements are critical in ensuring that specifications
are not only technically accurate but also convey the necessary
information to properly assess the security properties of cryptographic
algorithms and protocols.</t>
      <t>Finally, we have examined a well-written example, <xref target="RFC8439"/>, to
demonstrate how these guidelines can be applied in practice, and by
highlighting specific sections of this specification, we have shown
how authors can create high-quality specifications that cater to the
diverse needs of their target audiences.</t>
      <t>In conclusion, the process of writing cryptography specifications is
both an art and a science.  The guidelines presented in this document
should serve as a foundation for authors, but it is essential to
remain open to feedback and collaboration with the broader community.
By doing so, we can continue to develop and refine the specifications
that underpin the secure and reliable communication systems of today
and the future.</t>
    </section>
    <section anchor="security-considerations-1">
      <name>Security Considerations</name>
      <t>This document discusses best practices for writing and editing
cryptography specifications.  It does not provide any guidance for the
semantic contents of those specifications.</t>
      <t>Poor specification practices can lead to serious security
vulnerabilities.  Ambiguous algorithm descriptions may result in
incompatible implementations with different security properties.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC8017">
          <front>
            <title>PKCS #1: RSA Cryptography Specifications Version 2.2</title>
            <author fullname="K. Moriarty" initials="K." role="editor" surname="Moriarty"/>
            <author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
            <author fullname="J. Jonsson" initials="J." surname="Jonsson"/>
            <author fullname="A. Rusch" initials="A." surname="Rusch"/>
            <date month="November" year="2016"/>
            <abstract>
              <t>This document provides recommendations for the implementation of public-key cryptography based on the RSA algorithm, covering cryptographic primitives, encryption schemes, signature schemes with appendix, and ASN.1 syntax for representing keys and for identifying the schemes.</t>
              <t>This document represents a republication of PKCS #1 v2.2 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series. By publishing this RFC, change control is transferred to the IETF.</t>
              <t>This document also obsoletes RFC 3447.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8017"/>
          <seriesInfo name="DOI" value="10.17487/RFC8017"/>
        </reference>
        <reference anchor="RFC8439">
          <front>
            <title>ChaCha20 and Poly1305 for IETF Protocols</title>
            <author fullname="Y. Nir" initials="Y." surname="Nir"/>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <date month="June" year="2018"/>
            <abstract>
              <t>This document defines the ChaCha20 stream cipher as well as the use of the Poly1305 authenticator, both as stand-alone algorithms and as a "combined mode", or Authenticated Encryption with Associated Data (AEAD) algorithm.</t>
              <t>RFC 7539, the predecessor of this document, was meant to serve as a stable reference and an implementation guide. It was a product of the Crypto Forum Research Group (CFRG). This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8439"/>
          <seriesInfo name="DOI" value="10.17487/RFC8439"/>
        </reference>
        <reference anchor="RFC8874">
          <front>
            <title>Working Group GitHub Usage Guidance</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="B. Stark" initials="B." surname="Stark"/>
            <date month="August" year="2020"/>
            <abstract>
              <t>This document provides a set of guidelines for working groups that choose to use GitHub for their work.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8874"/>
          <seriesInfo name="DOI" value="10.17487/RFC8874"/>
        </reference>
        <reference anchor="RFC3552">
          <front>
            <title>Guidelines for Writing RFC Text on Security Considerations</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="B. Korver" initials="B." surname="Korver"/>
            <date month="July" year="2003"/>
            <abstract>
              <t>All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="72"/>
          <seriesInfo name="RFC" value="3552"/>
          <seriesInfo name="DOI" value="10.17487/RFC3552"/>
        </reference>
        <reference anchor="RFC7748">
          <front>
            <title>Elliptic Curves for Security</title>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="M. Hamburg" initials="M." surname="Hamburg"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="January" year="2016"/>
            <abstract>
              <t>This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7748"/>
          <seriesInfo name="DOI" value="10.17487/RFC7748"/>
        </reference>
        <reference anchor="RFC7997">
          <front>
            <title>The Use of Non-ASCII Characters in RFCs</title>
            <author fullname="H. Flanagan" initials="H." role="editor" surname="Flanagan"/>
            <date month="December" year="2016"/>
            <abstract>
              <t>In order to support the internationalization of protocols and a more diverse Internet community, the RFC Series must evolve to allow for the use of non-ASCII characters in RFCs. While English remains the required language of the Series, the encoding of future RFCs will be in UTF-8, allowing for a broader range of characters than typically used in the English language. This document describes the RFC Editor requirements and gives guidance regarding the use of non-ASCII characters in RFCs.</t>
              <t>This document updates RFC 7322. Please view this document in PDF form to see the full text.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7997"/>
          <seriesInfo name="DOI" value="10.17487/RFC7997"/>
        </reference>
        <reference anchor="RFC8032" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml">
          <front>
            <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"/>
            <date month="January" year="2017"/>
            <abstract>
              <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8032"/>
          <seriesInfo name="DOI" value="10.17487/RFC8032"/>
        </reference>
      </references>
    </references>
    <?line 1129?>

<!-- # Acknowledgments
{:numbered="false"} -->



  </back>
  <!-- ##markdown-source:
H4sIAE8sTGoAA619WZPcVnbm+/0VsOSIJtmZ1SIlWRIltV3ioqbNzSTVbYfD
HiIzb2ahiQSyAWQVs1uc54l5n/d5mT8yP8W/ZM53lrsAqBLbMYpuqSorcXGX
c8/ynW25XLqhGmp/v/jkx2O18XXV+L7Ytl3xh64aqmZXPOhOh6HddeXh4lS8
Pvh1ta3W5VC1Tf+JK1erzl/Sw/It/jt9vGnXTbmnQTdduR2WVTdsl+ttt1uu
k8GWfTrY8rPPHf3kd213ul9UzbZ1a3qFb/pjf7/YlnXvXX9c7au+p28PpwON
/uTVm8fuqu3e7br2eIizeNx2x33xyve+7NYXxY/46yeOpvm5c+VxuGi7+65Y
uoL+qRoa/flZ8fpY19Vl2fCHMvfn1fpd/nnb7e7n+/GApniseZ+ePn3AX1pX
Ay3gddkUj7uyWVf9upXP22MzYG0/NdXgN8XrgVbbF+22ON/7jnaBv+X3ZVXf
L5pqfdHWZX/W6/t/Xflh+w87/PVs3e6z6T84K87Pij+07SaZ/YOLruqH9nDh
u+yvsoa6PW62ddn5RfGkWZ/xX/qh8364X9z97G7xpr3C3mOW//8WtS6v/uHC
lwfarVU19GeNH5zDSXd7IoFLT4dSvHr84OvP7n5lP37x+Tf249dffaE/fv7l
l/f0x6+++uJr+/Gbb8Jjn31OX3BuuVwW5YrWVa7pTW8uqr4gyjzufTMUh669
JHrvi10k+5IWvPI9/khPVGu9CVdyE9zg1xd0MGVdZJQrX0opG4MP7bqtZchD
V+0rLLBfuKHsdp7pZbjwReP9hner2h9qj3n5rl8UnVIu/yIjyHiOJlztGvr8
rCieDMVFtbuo6f9Dz8PRKG030Pl4jHnddB1G3NARHvueVojtoWtXeVuHL3l+
GHv5p2NZ09GPRxguyqHAbe0Kum7ZSnxJN44odH8kijgtiELX9XGDAbHRMrfG
df6ARTb8Jjr9Cw8SwFzbg+/kLYui9+tjh9dv/Lai4eRTmj5NANMs9i0dXX8m
J920g/9vzBJGR00/l9jCzXE98MbQfG/gFMWtB49f/XibKJO/iRFpt/Mh9+WJ
FtkMJX1pj32oaOq8Kxdlj5nQGa49HfmGlnpZ+ati27V7Hs8ON24Sjy4vKg7H
VV31F7637xJ3wb668Bifnr/0dXvgqYBSL2lvfC/j9PGxPUiDZ7MC86yGclV7
PuWNP9TtCc/r5u2rzab2zn1K/GCQraLddu53KRVkND66A8RL6O+VHCJeQfN3
2Tx53vZanAMfr09Hrdbx6uieuxtvLF6UTYQvq9wP7Gn8KkmTSyLXv57WihGt
0bCn4sLXhwKyiebPxz6zG7RC3KHCdg9jHXu/PfL+EAn7qqPrMRCbJc5Z0iXx
dDto4ucbuvnMIvhu9eky+M29vtpd92pf9pXczSMN3vXEEzaLyGRkXWVT1qc/
+4WrfbnR1/GlL3sanG8qvoYZdrxTIJ7+1A9+jyuH7X1HW0Hyl27+J89+ev3m
k4X8t3j+gn9+9eiff3ry6tFD/Pz6d+dPn4YfnH7j9e9e/PT0YfwpPvngxbNn
j54/lIfp0yL7yH3y7PxfP5F1fPLi5ZsnL56fP/2k4Cub3lNsBi1r5WUZxHQg
pcoejJSodeWxvuKHBy//7/+++0Xxl7/8DUmPe3fvfvPhg/7y9d2vvqBfri58
I29rm/qkv9LZnFx5ONC9xChlXRNPPNAtq0E5xFkvSIrSgXWetuvOv2Fn/v1+
8d1qfbj7xW/1Ayw4+9D2LPuQ92z6yeRh2cSZj2ZeE3Yz+3y00/l8z/81+932
Pfnwu78HlRbLu1///W8duMmPbalS8JX/07HqmP56oR7IxbI7FbsWd3E7pXU6
SdAk7hp/yjxRFLj+ojo4eiZnHqOr0LdyOXFQTAp0KHoD6adDS6ok0bTDaY7k
XrwCoxe02+Gq5APNVWF50bat6/ZquhCihGMN3QI380SLcr98L4VPV9st0Q8o
WflDn4hU8BBiBTt6hzCMRO5OxYyMzu8su031Z564S6XQD7RLmw092ZuCQn/5
09GkOx7372nZg65Zxb1j9XsxXXZZkchrSRO7UzwjnrqvaFXlflXRV5Qfkjof
LqZx4oQdrennznduzOLwZIvzXBPTJvEbt1C+cUZvfCTcGUYEKcImgdZtR5J5
GD9QrE4qX/DmUl6sTOLAcoXWumoHEr81WSjVcLHvVTiAi/Np1qexMuO2pB5v
+A2Y0eNyXZEkwHxVKQjHTVPEFOb1gwVYS3uFA1fBWpAoiyLPRCk29cCsGtqA
Ta+g4yA9K/m2O7TYD6gsl8e6AWfHvKBB8L4xo0/YfsXiK9VS4/nLmefns3A0
i307CEXWdblqRczqCewP9JuOuvLDlafrd1l2VXvsTb6wkhdVAeceQa2M7xvK
d54MJNr1gomvZ22MGPoR5kff7j3JAXp9vD8iSx2UADBqGpvuEi9BlBJ82243
UezdM9qImYt1P3zc28aeEk2bhqXN0/mvjhVd+r6tj7Jdx16HOhzFAmhNzSH2
tCWRRdMhBUbsBx7GRcahF9MTvxBVFiN0CU8VDsTaizBKHYTV/TgJ/taeDD36
qWVdMQ4hcwE9k0kLtVZYM7NhFw5f2Ajx37BfZFSS3ttt+Gd+gadth17qSVgO
5fpdLQot2fDrC9p+4lkgtntnUfVOdvhVNH/Ab+q2kwWJ8UPEVrKB4+Lh9sfV
H3Gr6f2l8qnLsj5iBZHWwx7Ylqt26kAs7aZXxRjvCKcj1pfvYKPiQ7A/klqy
3y1RbU02zeDdxYneg/WZ2gq16B2Ick3f7cQoJl2AhEMgkXi2NDOyFBYuyKCS
bvCWFHs9LpaAprGM10FnCGtEhIJ35brc+H21JjIhIl0KoyE151AesJ/Ql+3U
RHscIFjkD8cD7MeexQoOGJY6c5cg9T4/g4mfCpD04HjhfB9tb/t4N8ZMnMaN
ZjJPBTtIU1yXTS4SRU3lK8V8zwym0YCkew3HQCpkmtX8kjJsGI/Q++6SFYGy
iNw5t3znNV4lmqB5+2tkSTHRSkYiI2VrP5xUZ1CBO5KfEA+5QCa7neZIL80M
bjdhiAvTk3g7eWm+uPJ1vSR7n4w7WgM0jwi+5McTNGhTbKLoku0Ndt0iCDA5
oelm/IJCZcQs6mJu2j3IvptpXMVLARBEi3FvrsNmNi0bwKz24AqKwCbFPDA7
cAqSd7AJOljswVQHI2RtsYGkUKDDBJWRfeV1izrwOpoKxD+MuJFdimO4KIn0
/Pu1BwccWGThvyS0iiuij/bIqipMCiK/rmL2laySzkuQB7Hoc23WDElZlku1
aDWKer+WWwDFqViVPf+dPmZjnCiZVuT1QvD2OyMhaGJQo0BdrCwrIgZF6Xr9
W28MllND0J9aSP/8+8pLlNRpYjsPfaQmwdNuchjOzdv5IJtPi9cguwoopXMP
WpDge2gXFbiuN8xnD7RmXR57QSgDH1wdd4YXtMQBexqYTYtsnD68YUF7UJHE
YlgJFnCJmQ1y74WFuCD/bsJMROOm+1hdYjMZywhvoWNzKiqwTYNI6EWiayj5
GEKY0kly992eOINSc7zUpj17MYFwwiXRIA7YDI3UzvhIeLJI4cl4JPQA6Su+
V6a5axgMLeq23Jj6scmxCj6u/LzBW/ZqRCg4VvXvsOkTG8IOCFcOxgTGprUI
t3ZjJZa1GVOfJ/qwe0M7s76oiOFlJGA7rELctDfSHF/qoT0MOJK7D6HZDWJk
BNizZPWg6gVmAWRTn5joOk93TM4lsUCcUrERhVm2432q9nxhWacAH7psqw1t
beNx2GRuuz+W3U51caY9Pn2jkmJCcyMyIQrHKTkwLDBDVpxryAORRu/Z/Oh9
ofDptvL15kxuJd1FGu8HGuLdhjgw7csfwE2g49HVZOsJmieJKH+4XoZCVEOv
OtB1cCsMhhftCwwJNkhr30PH7BZC5nsSUDvPsnxtk4hqWlXXckWItypshouo
y5why6rZ0H3dHKHt06H2ikfjfpEIEKIi3YkfBfMpG9ZrsAUwKounZbM70oSw
evCwmTNUQwFfXwQiqfU5EbMjs3bV0WUi8tG5gnnSjaD70tbt7hTIANZPndgr
SgsLBWfZdCibEz9rpkIJ3k0Db8s93YqyE+Lae9siWthjUD+8P2vSmmhd/+Tp
/KbL2urXRAoH+McormVxS7e29wtXnfkzmhbPektMVYBiGjespVKcGlt1bHjr
MXYHdb2C24uWN7SHai1gHIvARBeiDdweezNKSV+ErIkovU7O8ZxNUVvLwdAz
GZ+OcGPQrYwthnswI70wlJqhs9raSAUjSeXGbNsYxxTrNQuuPqk3QBRbvhGO
Nqsq7XlF4Wds+5u0WJfi9I+v3Rlb56b14hbBX0/gwcSLK95+OjH4kAWBenRJ
/KBu+QlbPbbE71ft5pQMLvxHxACcHOXAZh5Iq1Xt3zgcn4haMnwkqjO8tCmA
Z9tsiEhgZYvFCHXhBnxRQF7wGjg6Ktu4LmBc0A1TIdQTm+z8DdLmvJB9Gd8c
MTr6jwSzHIm/GsAgnTELGkPJwotNZVcYP5ogYy2QLU+Tf+HMBB/5CZeVWZrM
ZcKmcE0xqAoc5tv0IhL4ZDb3+x6+4cBjbI8m0pyogqVEet8jA8MQzKxSqWCu
Ip1e4tHB11jcNAbbsh879eQAHTLu31+UalD25d4nF4wmwfDFS30RxgRdwiHP
FBdUi1Llr3BXmPtkBVRttwjv5ZuZKFhMMookQxIuVyeRiNnYoH8MwToR8POu
+DNZrddrRSbxUgcSrxijYNETxShHT8OFCy4rxWPADWwiE+XMd10rsMOE2D+P
2zfA6X5JpMzWBjuXL/z6nZjlQuSNonWYqe0hdGSmodF9WdAdxu/03ZPCXA0I
wW92Il+EaYEUSiyaz6JiqCC7dlVzCS0Kev4KxuuFUtmmkrcMoEueOw+KUVQf
pEXxy0lyggUOnvmSf+87viSMJB/K4cIwVB2fAzFeA72s9l5lFv7XbMHliWPT
ys52JBgrZmWrBJstWRup1se67DCKTvgC/ilWrWicxu/qaifjwNzcXYiGRIYQ
JnhBdMemJT8q6wEtMvpIerqIE/ajkp3pvjgrHu0BnRYMItR4Vo1+EsK9PxIL
bzesNNp9LI2/YegRuh7ly6Ig9lNGYTqyMoJnOFxcpZm/2kph+wjUrwwyKlBR
2VNaDyQXXKLlOgXBea+CdsmXRRXg3CZ2X54pjnGSVQoAo6AlGSlgLTRh5ly1
eaPFOsT3lG3I94qelre3/ek5CsFguRTUxJ3hlyFsikEDvrGzE7yOS0QonR8d
8QrG7AJsxqKm3Nd0ZWvx86gFaDtVV+9IBbmAmgq3QpP6BBSMVHzFBCCzkTP3
d2fFw+Db7fvj/hA57cYfcFYkhnyygbBjWAg2Jz7q5CGJgwjPQHvx72kNDRvX
dpZpCAtr8nzNR1hml1GXkXWwMhScFdSobYT6kzdjPxQDxU2m+7chPbQ57lfA
8xgSIdaYnU12CqBl2eaInI8omdGC9wMrZWwdn9rjdCkaEmHYI5kCET+vEcUU
FwwODwXi5ZzG0gdxMHL4CSHwjDIiGOOGUW6AOlQIrcUkh/L2IHx2cm6Mte2P
/RB8/g0z4ijIJHJK+XRZ92TfE1NsokJJX70UXVJgIlpGXSbgCRuzQSzCZGGw
yHSPy3ZdrsCFT4vcZsswGmc3ImyPne6aHsVuwSjtZ6yooO8nPmThSraDf51W
F3f3pH6vHnFCVX8hCIUtNLEn7xcPBQA2T6lpgPpdJiuBFUU5C+ZllTihYHqz
aQmbcLjoII8MAsUF0f2OGAabGP2paZuTKHyMFhyAS/BbzDkKXU34MZ9Jbv6Z
nhnsP9MvZfhy3fHw8LlelSe+Zia9xMjfHmnae18yVz4eYNdWdAr0PB20BflI
pIKMpVPRvQFDJHHbXZXdhlXIZ2UlcWQlvO1g88SzTmqcDcSDfgknKPMXjJ5m
vSNh46baslUlmJMQimlSCivOsK4xzZNVtDdPt8SPBnl9ODb0o6GRIA4JjFHp
hDu4ZQ6EeFTaSg1GoFEu2DUja2AQm55HPBQvhBTsDH+eka+fi2FSkhW5E3+A
Tet+8ULe5eXNY10vPsPqbNk0gJB6IHd4F/MH2jSoP8F5zxog0ccu+miYjo2I
E29BECepojPWa54BiZLtlUu0tvC04yr+wq4MiKKwOFqnr33wSwoqdjxEzaQJ
RuMI7KJvN6TZ7CC0zT3PACQ8CdhJokjQquPY4WJVrt/hV6Ij1gZYqCt8qOOo
Psd+ogCMMHPqWGk0pT8hKFFusM33LW4j2GJhXVGnmogt7A9CI2kuwDVoi7bE
VIUSoyLKKtafjhakAG2g8/Zuv8kuaYoPCr+0i0Pm6/od3Rrz/vM4zWYkb2nj
wsSZ/fhToJOUSCKbg2b4w9TiSqURxjYlu7+fsC0h2CSy0b61kJfSPWWYVsUR
bQsdpVBQMr5sCXtrGFDNmFbOoFPunO+TMEx/qQ6uBGPjIJYUWA0hDwnbId3H
dCy2RzZ0ygcNh4z+/rAJrBG+MlKM6luCHiWL0C1j0tUAS1anp08xAtwTl+CA
KyMu2bFXjx/0i+i6wl5ilBC3I572BITIQZuAxqxNm0rsGd5GLxE4yU7V7dru
p0YODRboK3PE7OARhl321VkEYBkXllM27Y8oYXO/eNOd2OmzaQ9DBDgSGW9k
ndGfbYGhrSlEaRNWxBjPB8gYlJwZ5ZO43QhymnNZbBS4KRkxzqIZFiFOesOB
FrSDiULIgrfn/QxRc2xGa3j8EKIKiSC96AwrBbaPDK6SjBe2OQ5eSvx6qX0i
8mwqoOVQgxEpkaiw041BEi2x3ebZYGX4O9lvRqODzRE32ww3fnAKTicaHb7K
wu56N+QCX3BMeCYaPhZmZrfsf8U3CHJf8DKOXbOQl18fYiD6NaNAGqetCnUW
qOFGUK0GkgUCmsp8KPK/ENEuyIhGQVYWPaACOo8l5wikXuBndqSkcv28Zyay
SP1/UEldYHviB+0LvSMhW0LsnU+JySWPPkvf/CJEsWfrSWPpLTjhuvB3iyRy
8SObUUCkmRmwsh+SN4LmNPJrk0XGVg00n9yCG+bFFGvlPTF4nHF9ysLNMntw
dOqCfm3Lqoawp/f+5S+aFPThAx0Dmdq9Bl/Fi5tNYLQUFXJO1lklmRBsCdIT
ZbA67I6HNRgKjhhzp8ii5ulU4vzY1uUVQJH7uGRsenIswtv/eMsMkVHBf3nx
amE+o2dEHLt274lX1+VmA3VUY3BZl6xMv2aO8Pbef9z78stiWdz95u3C4kmc
xAsRMfUXqjDvg2YvXPtd1TAKI0cPvQBOwlZjcGkWYYEhgWflIcmrPuNsKvSV
Xj8tnttjman+IOdNmEAYXwzBNh7KdeTqMi8NI1zma8hVjoCvzzvLeRwJyE64
GmIXcpd67uv3qX3MccJhBcJ0ohdx5XdV0wj8JHZhNVynVrlcG5QcpjhyCBY0
qoToY5MkjRm49HnQcgc0KahHEuWBILB3DZzl43kHU9HdbCpqNE1yNkSSbAEJ
L3lMYsGg9RG1GqAczhjY6gmhh/QmnjdbGSTD3bqk415wdBSj0ie+IIG+fhIj
1MIRc574+rRfEd9z7g8IgzoxArKD6bfJ593L9woJWPYBfMmhKneTU+V3pENc
sqUIp7gNyKFeETJVvKBX1cT0McEgq34NftJYBtdIiZCjdzy17SmHpQ2HAHeC
kqqvV/cGHEYlh/JwTGDK3aEIJnzsMr+G/JI7Y04ngzvR0EU9x/fe6x+YvBip
idiKHdYj9Y/RUTw0RPvBsR/onqTi69n8fc8MHw0wfo8dsKgyU8Zdqj2ZAAu+
uRSBEtuK2XzmD4QzK/Bu5/4phHdpqLjOfS1zj1O875bRsJ0dtojDLkVBb0iP
D6syP97cJi6Fh0K5jlh0WezqliN6mAMGLKxpm6XtRyri9SRe5vbwuYERpC48
TJDr0Vkk91t1IlgbqtAiblhVQOVJ0eh27H6I70jRcUEqKjjlQEe78hDSAej3
tjvNBJQSZScriFzRvGwM4wh6xL5NMJk9IAFws3reGmbrYa/mYnLLGA06g8gi
jpsASX0wCOsWIc4q+MUriHQnndYR4e5R80kIeN6UJm7FcFJcX9AKMQwslyUc
g9GHTMyse6dgOmmcBmG7tw9ePH/95m0xlLuRp1O+8+DZi9/fek+aP7Hn24W5
pln0QiMvJMOt8O774i4v771+UHxffHbfuf9O/7g/F98tRyMVnxb85vvqQ1xu
O+/l2wxJJ/MK6SkYodgCL2RZu2oRns0RNAWZBUdW4CDX4tUWRWGc67dgKVEm
CU4+Mo1vSZ7kXFXMTZi/jDcqyI/9pFumSXOqyAMsC/wLacEVuAHJz6DiKDQH
zYEpowkAhcTRCcMevhUcSEKSneT77HvPLma2vdLIdxWX6cGPNZOQH8K6ZEhH
Ef8OhzWLFUPTo4NdhHy4cbyIMBw5MrEhF6K3b/x7jsojTZpu4+q00KGWFiot
Lwls/vdVj7i4V5lWTbzkYVXi2vUJcnkpXy2rjfoj+HxPFnWb51GZdyVkPARs
zVw9Giwn6U819GVSUgEUjILlgpdnpPvQyDr5bjT5yN34OYjt7BzxQI2MlAo3
mPOGUqepLrzzHH1ce3a/W7oosYDDcQi+3STiluz9N//yZlH87s2zp6L1v3z4
mP0Fjy1M2Ctt7eHJacRrKi5lUtFoMMjx89cPnjyJs7BwD1I5aM6n4CSdnQ5j
6SyooN/oli4Y0mZ8CnUm1PMs8t+wBsVeR26J6c7HawwZQgbesRGjg7bYxFUm
hZ6nptZPTcUCZmTzjox4vcl8u+ZNTxBIkFC5fDIzkDcHUA2jTiGacXJoHMbK
0x8fXCa1UqtJ8lrHF1JnfWDVXU87g3KX7DEOa2DmzAQXPqp6B6ybfZ9yN7ZR
DBRv37fdrZKU69tkK74lmxP/wS0rh/jxzz+/Xbi3+3bzVhbyFn5pVO641dx+
Swf0nDQNIbBZnfrZ+b8G914FY0MzTfKrDfOgr4K1Mn8Quj5/CsUWQLR7IKze
qc5OvImG7FV2rzk9oOL4ClaJZKLrixKBG5y91xSCFnzzzVcfPiycZSBEQ7DU
kOdM407y9F8nGndhydzOlix+rOOK7O/hOFjZBdUfB841UN1MVhb4DrId+cJh
2u3qUvMi8RpEtntmn7IcGlKvwUImsPImzaHFMpYC1ilqEU0fxEtzGwsu3voh
ODK95K+Ius/jauaKjeiD4THSZcaxJE8aF8OSYpSrbRbzqDH8MYNxmGpU2nID
y5FolsUM9hrukIYeNbJnUEhN21iKoggliwQZA/TJJgjR6zA7jpOnlxjb4Vkc
2qphgzXQFXNFXg6AHo33WKi0kzgE0upLDsEiK3nTQiyESkgj+y0obW//83/+
r7dmOicAANEYbZi7xX9fFD/9+t69b768LZf1P//H/7nmEbnnXmyT4hbu+W2O
4jYnXDyfVdBBVT2UKhps/0fTs2zixT1zr6MtD0dcC0fQRVuxGVqfDheIqjzw
8mk8XLbUt8O+DIHvLTIqTIY2udlBm9mTQlStGVdVgtJTslor9CQRHBKRA9dd
BNcgA9ciokz6aIgN0iTBwpcjFu6IhatwpNntStjVOZcZMZOUcixziijmcPrN
oSRpmCjwgpYrkkm/Isa9MeRF59pyhivnZmpoR8LlE75KR6tm0E18Qi8EGVaM
Syq7IHWhKQ20DZUCGPwXxGJG9AE/R5hmTRJeUDg5DTIQlmLm+yTJJZo/mopx
KSfvJ7zOkEjHHme96UymCzAL+tedO/i3SCaVXj2uCsaLrk/FhWkYvVaLwD7s
FfSRH9Znt2FjA1BKWVyYMAtOzj9POPY1JtyyeI4FqTPnI1jbt2Bbontprpor
xP2q+RBlsM9GbMvWcMbQA2sKorCMv9fdoDlwBG3iwlnCDYPEhOTiJH67K47E
MGBQqiAdTuqTVw8jB9dsvG2pbfmsjhCqqYgMVJEeYLgtE8G8/E0Al0Dk1zJ2
CQ7KhUdQh7MwOs6vVGwD4ZJ2RTHAglfLnIus0qav1bSDF9mW/CNuor0oCol+
KiVkTsdmLCN4sFRKFNdJiWQLSHDR2fdCQ3CJ+gA4GWAmsce9XriUen7vA+bx
C5ywSDjht0nYBs2ZLTHYQxM2PQ5HC6mnweWAYDFmCH2uGSFRsR/Gnr1cw8dh
fcuhiuXGIJg4smpFzu6QMvznOTNa+S1cnlH/ce5nYG4wOouflb5YeN3qb9MH
j3Rnf8ZAtKU/09eX8k8Rfpp8YD/x1891ssVvoCQOGk5MX3n7azC15Vv8WBa/
Llb4CU88y9FY+4e+doe//L64U5zwk7JeMe348PENS83/DWfkjbFdvOBRjtQn
LyA2RnsJtovfdv/xDlO8d+dOcDjRxw8uWgTag/6UZV/j8/iWK7XxoBXrLziU
B0sOFjhFVE7WTFpLzS5H88P9LHxfFkw/FU/x8+vgN97jiWOsftIxMaq7XVKh
eGS892cRHrLT+ID3mqMNGQnsL8Rqpal+CxtwuS4PvQBMPTPsn5VMojb1M5tN
+M+zu8XPtIB7yYnQOgNmK4/uSTuuennuO2zqd9/j37+Vf/M4ffHb72WRHBy2
4qIF3Skijr1ILR7x9UW1HYikupY3BKPysL/9Lf796sWbp7pz+LG4+3fJ5PjK
NABwN4NUmbuiC8clIJg4rIwZPf69DvK90BuTcw/vPqMkeOlSv/HdUr4SjBMr
XxBcZN7GFd1QdzQBO4lX+HD0AAvf2g8Bd8Qnrxi57AN0WcxBlzz8E2L0O+LB
vylWp8GjHoI6DsF/9D1P7r14/RJb9uL1vScv34aP8MrP791Ot00wE5Q00W3D
qHRdSEKSbPdeFEMUtfzwgd//VL5KQ9JDb/W/t57djnRsyltCslxosy9WlUgS
vENuyJvu2OgdJk4CkBIHRuT3b+XZ2erfhRT/7bOzs7tf/vv0DUhmXStKiPSh
pYRL8DJAaBr/Ccciv+2VRKYHZYvP+m/DYf9t8TrZGolR0cp/VS/leVjlsUDX
Y8NWEuNYG37BY9HZeMOf//786ZOHPLji0slHOUWxg1uqG4KwRMRxdRY7oJ9/
ob7EqLYtiJBDmd2TJggWjhu+XhZl3kMLn2HF3lnEXxZtIOJzkYW/tdMsJIC7
KJNaHzXcEhJSyxhJ7Yp2JvbIXIknett7aJX5xC1cJbUMQzkr9nGSIuglxREe
Yw1idFflKaYQ8Eyk8k7VR//IRhQbyX1FPGFMmKx6F6OwJM/6r09FddcWVAHg
UKTFLsgQ8lbrFBFGIcHMSQibwTvJ9k92Mi30RVMDq0U2vp6Asi9NS3jlobbJ
md8YXJSWDEHN2UP7DiDoapklujsOUFtyen2aXsS+T3G+rWDx1Vaq8bKaFENz
Vd8fxbXcWmqx39JMKnaaZDFUouNdic+cnSNkJ87GVXEtkqpXiLIMxQGObETJ
nUxm7NgIsTK4NJdkoyQwtA9xfxLyKMWzOCVHRuNCzwvRBAxCYwGhcXlEVBlW
oUtt/NWk5IPkx2JXu3LHNqiFdPjNdaXUnOTMxgJPBp3FSrrDpARvl6ySLK0b
66dyFM4Wqw9xNlsNnuoOHINIe5AOSPvZIHCAYQyl41ERnySGTjPNLZzsB9ve
R3ZYI8+SAG46wqTWyySGUKih3FzSxSbtDWY8mUVyiJwkYce4kACUbMdHWdXh
Pi8009zoRs1PK9wokY+bVkq3jXLoLd/AxwDjutYQsFikQpP30lJ7kd8FOh7l
TXMNxvyOSV0wrc/I0jMrI200w5V9gCQk+XAxw8rJecc0ZwQIjNJm9Z5nKVFC
z0nRvUmEnLnVk4ppoY4rk4Pp2Q85SNO5R/vDRdlXf2bvn/xNM/qHWIgt58uT
ItF6rbGoHd9Fss9RT8duPYfYBHKWYjicuCAFA664NiX7AhOemNf3IN1wu9Q6
zH6TckjinTxvDt+eKxw0jjcV1mUVBl0yVJXuWxq4k4o2Rsx1p3R/HHtlpWTB
trLDjnUHj4cNX2oBQuFDZFrTybpRNinMjVKCGM1/oBJIjhKxALxzaWqHi9yD
OWEMUt9W7GvjdXA2fWv5MnyH16Eg4Hlj8TCim+RrtCBC3FG/ZKVXC8BZ3XVG
78/jAbLgkxAjXIj4LXrxHmGR4zfIncctlYFHDnKGMJNavqQ9+UPZpQU0EscH
bcmQl4dTpj2qWcZQCF43vrkuOU9G9UbPZtWEkjILfMukAMyToF1JBE7cgp7L
DVks2r7qjxLjX0kYl0i62u+gPKGqWlANZKv6xY0SRmMF8toIVTYZl5xHzKdL
KFHUrcCPxQ2u2w8nDVh7hFrC0JrRkEv4cfqiJlW7JKpRCgYZ+QPp0cKwiF8s
RidZiTrLqRzjqCENpwz8N+FNcvnZhS/B5h0oMKuumugxPDmL1Qra4Mx9DAnd
x47RjFFMu+O8Z5qsoGWj6kSFFtjXUEnxJwoOH2MKU/ajehsnSKX1BR/MKv3D
6YCrTjoe+/VKS9Y0+BSZHn27RgG6TciL1YpT7EmXzLJ4wt9mdVbwpzgUXbkt
8vZAGkl5IkHCVcBmZCep56Eg1R/bFcyXYyiBaBZHk9+BREgo/8Mr2L6kHeFE
SHHabY5h38LFZEFD4pS+LWhlAkEm0OFNOlAMRlO5NVi01bj0R9FKREHVAEad
JFpyqLsjstjUFjkcC1eo5XXFr+JImit1rhg1glOGvfhVPy2vr0rtGZu2qXf2
SjQ+qyMgSh+jGYKRLDSmOVuFS76Q1jQNfqUYsThdgBYyZEPdmYNN2S9nfJBd
JDEheXEDoy6WurbbowAvISMJbRoxaQ5hMbEtAUXxI5eXjbsm12CBcMU+KFZa
ASPUcgYvRcDhkoyWOhYyZDT/hmJzwW0WNtnKNwit5NmRgnKYNixfgbNrTey2
q1pWyNcMHIlJnp5FUgqF3voIJFcYyeEtJDg7U42YIFO80dp8hEuCzME+A5Yi
0KcbJqldI7AGZhqrcr0k0R24rvKtCaZjY6iBS/rMGibvgNLC/e20fBkGafth
qY+knlaN2bQZMuWXIeip4iQZD/gLOyIp5yGoVqAkGww9d9I8hh5lIL9VWqMx
Ls0jok+P9QurP3Hw4EDyqhAact1T4eVYBM+HiPepviw81MbQ2sytJQk27Joj
IaOBVrHC5X0HhRsdgMr9pJJD4hEj9rGtak1vD7E6+AOaJYH1CCAAG1ymIoej
hZIFQ4PrLcTttQ374o0cSPAQe3K+4jMCgRqPtrofUc9SLwxz7Fbwtc3kS2kM
aQjBLjj6Ddz8yMlWXUv2k4hONaEmlkmsDp+lW+Rh3iSnJlb4r/Ls7wxbU7WH
HZtW+460uH42/WSmSuFNClVSsHuKDGg6Hec5P4lMwbYHVXvbq9QEUV2EPlmx
LDPzR+RiqN6urIc0q2OHE9SsBbV+OHXOqiTkulFlLvPU2nJmbREN5Mf/pjr0
aPa0jFXIppUS+e+yOj9PB/yN31kTpXgEosbbYiYJljmsc5MRnJdilThXwaUs
jzGB4vjgNuVBAyTmYDeXKoacpqmJOSCjHTtuF1znVixiGZMNTfwSKgE6rQRI
hL/CRZyifqPCzJ/GtI3XJr4eJukUGOCN9Ml5xn1yrk9F5Nhurq0hcXKqtZYh
R5nNTE1cdqpMX3ERryA5gRpLwZ6yyauyBe2hPETMJGt5IFJD8lDPm1gYNkkP
YeoOhYIQk65lSbJWQJJOFfJbcSgSxB0/k2hruhfllimbLpPRNE3bPi2n+AIC
RjXvMs1a4QT7tMgP2GWvVWJsc2KdWJKEMByuKdy4UBx0VHI2X6NabuNKQ2GU
pJjWtFRq3HQuFiQKeVpFaIZdjuHV67o+mbx0c42bFLFPF8L7DO9F7F0Wanpz
LXWnxeWkQ1vMHA/yZ3IBuLfNqBHMJFkwJj71AWsKU95xdxz2R1x3ZElpKWuo
YqV7gvLKwyS9IjIJtYihVlLakMylkstncVpTUIwci+KNHJi2bgNPCeWO8ReD
exGuRUYz7VEZhLwrL0npCqB+xFETBCNVS1SVr8urkFDjECm3hEncSF+3xyJG
wKsmNZctVYcL1nbELZbtdssbltCYi5ZsjEDP938xkyY6JgJ3bV24staUWDEE
EuzHMh3U7URiXTVQ7SchTgKElgnwOIEszvP1Mpzog2YeDnLOYWEL4dQHKxoZ
q7AaBgSLj8PVyvGKtXcc6TZHsIWTY37I5LuPujSCah+dPwx8DmOTKrwEnl4N
Bm4ivWbXcA1fJxXrNDnCpkPSuqOVeEleY3BXyejbWZzLQbvn0CBNRluxSDip
eC5XvXo8zNSVoop63VBIV9ns0qqwDffHJM3WUxOTBxHLtLROVfQEey1d7qoo
shtQpUBLadMJ/DnJeDApl2ZWshTMdYD0LKWi9h5xzhk7EqXoQX6VVRHS28y/
nWcXmj96nm+AfC1ZEH/wKrvL2XVVPslhxAofzOkKGmis35jl3pP07lTkDa3r
qh30fSkuKM2yMoNk5BbOAeJhXIz5l/K9Y5F0zYIMk3bZpJuiNBwg1n2znj/T
LEBwzFGN7tF9X3NZxCbU15zPX3XXJpqmdd33cyX/U6nu5ot1QPNKe05kJV1s
YlprEk3RBi+Vz+2M/SwNKJVKxNhk1/iP0/ZdtnP853GurVmCKqr5vA0wTBVT
FAu8SlHqVEuIykZa58v0qeCmKzeIFCq7tMmWKDiMh0OEm2YxVsoiibpUsP8S
CYbePyybkhlDkRcIPAV3xgrwIi1mxDXAyMi9jEpYsiBuP2lhlPW00UFIMuSA
y1hM0+1LRKGaplyEIUEevLca+jzRhvahGg9r2CPBe21B1h615mc0yun9/lWf
CHyTNJz0y7STq4k8ES1l4dQDg4zPJm3KkpilSBB/kLgdwbVTehNKP9fdOGXH
YgxVToZ/exYPRh5Ma5zy5k421oj+PDYK+ieu7vD7Gc/xuUBmv6C0WsCMVImY
80Ar9OaCEqL0/ksabGikK2/AbTbCUjtdZa4yNEUiZhAM64cmrl6a2Y7rvLD3
tpCQl8yZD3qFIsqNG+y2cgwOzOUzpxi89kMS+c89xKxl7qTY6pRZuptMIKGz
XlM6xjItseScGOVW8HoOUAr0TDpwFb34LwNG9WPstSwM2BdPpo7Kh6EdLzse
J01tMw52s3kFpSpt+gbwmzOwGVUz9HtEZ6aGpp2hZ2PAFOBNmwd/lIlr5BZe
kHRKm+v0bWVknMTkF4dq2BIbZAY6aY809qwQZyFBCMzCIlYXWi+c83+SB2WN
CWpjpXbGJSlZ57AglBCx8cNpWh76o63gm1zEeQhNEiBRwr7B0maxluuaT84w
5mtOLDVx9+2oHn5eVOwaPSW0V5ndiFCQ8LqOFhw1uvI4estXrRrrTx25/R3S
a27s1jYhE4zLAcBoWv/hg9ZuVgxQ0bd4m3NSsYKf9FpzUObqSuSiWTiLnNUE
F3MfcU70qpf8x/l9VDQolDDMepey5HbRZEa87QNO1xWf/RsR7efxC3/Ie4nN
hpRlRftCF7KA2hiGhH2JLWXCJO5/bFF4l5an42ajEm2CcrRa/i1rtolnFT1Q
Vu+u8QbnpUkCAhXll6DfSdwPTbwLuGu6g09Sfd2lv4ViN+UIDFcEOOb2jSpg
cbk6qeV8CMXOljvAKWmzY4SOcgTXyGrg3r6mi1/frCKTn4JEpVGuhYVF+QkY
I5CVRnWKE3RhCUiCOkl9xW7vN6yb9WyBSB1J1vClvnMnjfcOotgqyt+Cjhec
YcbwcjgyJKhs8guNfCr4QZfBMS9v0upMBR5DknATPCrjthYqYDM94jJkXnHW
V9bpIkQcjzsbPzRrYEaCdWmZwHWmmMpLJlWPJccvaTM53SfZ5slWBIexHN9G
WzUkOlesnDT38ljxs4ITBGkOKXlFJ1Vxi7te0AASDJbCDqaKKmC1iuGht7FX
D0KFCwkBYz2wteVpZ6l+kfj/F9IjZgB6qkVxZdon5fppGPg0QCANAJMiFsUb
HNPvhQzQqTIhCusTImnV3NtEm2/Mqn4SUILIgr4VVhwOKylTG4aQjgIgcjHX
Y/8Pl3YPYYXeMNhO4OOj0JsUWgjtR6w6H2cMnIErJGInFOWmBbJzIY3V5R7W
SVRQDJYx9qihMgKJVP3eatVKUH8ap8KRg0g/V+g8iTXCgnV61kUhMIsAWsZq
Q/y4fr+3B0JtGWbYk8jGRYLP0NY7eYovLRdiRDABi4T0nA1K0s4fvIL4oBMo
VZ5VSyoJcXk9G8dnDRacxbxxKAXzGUnevaaLRF/cevnq+Y/97UIKyaDuEStV
XmN+fXoKwOArhQLm4wlDoBZJnEadNoqGjx3Z410R8GZ1SqALQwickZmFCwu3
1R7Xyv/YMkwHvPLM97WNK0kW6dB3bX5MZWwD1CSJuipqk7KJ41KkTKgT8cZz
odtxRHmoRRK1GssvTiNX51WDqjf9frZy0biGrdQXDWFA0uxS5E8L7I77+aU8
p5noWk47mqJ4KXP8EDqb5LVtvP0V+d8xOEJhSzcy6mZ6OoHJscbwRnDxpHdS
kSUpM7OwgGT0SWJ3sXmKgQAGBYJGO5dEKAToHEEdlsOcjqxpdJVWkhW/CwQD
wl8k6T6tYkGjPgqcdRSNScqhFK00TzJHoHdILzAVhR5/0siU5INiru4WM9u8
vMYfpcaxesMKdkrQi1vp+Jr0B6p0+JhcLvqqMS/TjSSUlfPmA+AvZQ+g42qV
rEhbyGNYD0HAy67Ran6wrFOtKsYlETj8bB1zWPEAZ9tK865Qq38kwsgAkwgs
bSHKA1Z7VeA4BOGP5doHUAm6lb6efQdpk9Csl0KaAp9QX5EjTC5TF+X1UTgc
UGUcb1OAkj3Nwk/64+qdP+G7rZv0m5LeIu1aMO8NPUDGTsNSKPHpNGyyDxy+
OoSrC2g9tGfN7m96hRhxiAQNwIV7G/WDupi4eMLKAqkAFnfVbue50TfM32tI
1jGFLmKhbNAB247iUBvZzBGQHPdQq7gQjAYLlozCyYr5yvC8OMLUWkXZEXDN
MqZjVNRWxYXrTi/Jmttp3sEFsrEl3VG6x5QmQekNoWrBwmliAzyaCQmAkmQ3
7DL3XmNQzXJi1FqFDYcKQwny9uYwm6T788bT6cO4CuoRgztHi+gh/k1CAnAG
DxHUFFiYEx1bPaJMDByVnR5+4ttPIHSxUjQnZ7ZyFpHYU7oR1wtvY9bjbh5c
UW4pfJ60xYwQb2kLuqb4x9cvnmsW623VvZBCjYAi9PDstWnOxN2WdBiTmEkV
Xic1sSRem9hKL9lMzqptmHoZLwXwlZIrjxzHvd/50FnAtHzrOdh6alS/ipCA
c8kvIeZx3JZaMmoZxtUTLevo4nGTeGtBqtIEyKQnT8UtKqLdFzIN/yx/m8Fs
NJPTzPEE0mDZ+iCFBv34NmdVWKysIi8mlKx0WV2+UV/FiXEeSusE8hbRY2UC
x30k65AebS330lLQnHXHlUd4Ck7hRT7Oj6mAf5bAEeIXSzM6EyhrkaM3CUa6
cNc70uZgzRlvYMVdEdRCDLhwrGQgJo22up+g4hLnycHcGeQUzOU8g/qa2C+j
ujwCZF++R+aKFQWEceH9/V8O7nNZcF8GQowcgcXIEZjQXpI4BNU8Qr56s/54
JFkWWZQuDtpgJnRQds+lbxx5kHJeNtPcha2+1KXaXz/NBJkWlT7xAy6c1i8Y
5C+dz5MCzHE1N3Y6tNMqdrwReMgqc1nUgq2hPqWQhhXJxwGkbKLdMlkLMqtl
1pIdccGjUCMRUlprM21pjbGcosTDNOtYDV1P5hY/47ETxxeRn0uipGyaCqeX
h36Mwy1Emoi62CksoSXqlWRUZcDTMxz+pd2Gh8FR515OIx2M41ljH2vxQtM8
Tvsb5v331PpDRGd9ChXUP0IUOEu6oUmI2pIFPOWRpBKtxHGv1ZCLgZmAzOuk
QRqBfv7yiZBIxFC4IKcYOOqxmc56YXgapqxkfkrOLVAzum5OokCnEXlVp9mO
plOWbI2yXsp6OAuCjBuiTQ07T0op+hn8aqK/0azqTVTruWzx+oQbCyy/4Z7r
XH1LCpFELCaWzgujcWqIphjjuFT7bzRtJPHIg68CStashyt8L0l9qAJOv3Fa
corW/K2hJ8TRFEy1kxQYJiRNqS3JEdSqyLvM9gyVqaOvdMKrSdtovJkSDAFp
oz6VMOwiFellO7BwMfsh8dUa1YsOB8NM3fDjwF9rcBVT3PI4EBO145bGiUHO
OUBwz22OCnFodZeYp8dAJ9/5W3bsZIcBKl6dlihuc1szdkWt0Ng8MQXESQKM
73qj/oxBAanxi43Me8d2IYE1xmdJ/GeMEUxKGUgmmIT9pekhF5aMwJQQtjFt
kHty9rIUd9YqH4n+k55USLMRNW5GJ1loO1wLCBj5IgNpSA76SOvo8pjWbc45
Ki5oablwIa1ikvg4SCo2601bLtwBBycHL5uBdOVJOWryt2ctfbcK2fIuYzek
3pH15dH8E1bh+ogUWjGqGbnUi7bBf2bt6biHj/ooUQhsu6LCsICsnNSLBrDq
dqaP3vmT8gKPpq/0K9s0kROwJRXImM4aIse0vRm2wPmJq+OGw6SkFinW+cQC
s4aL4LJertQYDiCUz4JIldcnMeAJb8bSFhwRY9mdKLJZK7Qk0FH/bUj7w2zd
DBOr+ggqAZaoJOepDaFf1odWihw6zd6vuGZ/gGGMJwOAYTJUSTtJjx7HPP+q
z1hEl17MCB5JUEXiA0u1l+Bo/gVf8owIXkyKOWWpOzFexsXM6KS2iCXwqEFI
vyGNT7UaHkJDFDjdKy3kk9X3KH4US4MsqCw6wbmHsbxL0tnuhhoCEm5tbSlc
3iDPVL+QjEhn985DECfq1SjAL7W2fLMjYTfvp49dHTQuLGkbq0Eh9LhU89Fs
ojC1y1h2Y66tOaQ3cSv690F2wKJorUhMMGA3AqaFNKoiT6NyaRqVJOfzUeTN
0W4qHxSKY621qfS4/yBndrT7SqISr63245JqQnORS9u2V/V4vFG+uay6ttF+
JNCkH1meHszshjulxL7seM9juh5oC+vco6Q7YjrzmK6FlNe8daISOP1xh0I+
ZJ1o/VDct40vNWBO3yG5mBw+w9ikhp6zrycbNqp+e1EcClQp5s7EGlHguYZz
x3mxt4j1ZUHiUrPv66+++PDhtppQOy5Ksvd+EF44Hyrlkpic4FUvLKZDaHkn
kHCILhRNkoWQJlK69OYALtQzkHoA6SGpVWr7w04lX9NW+I3TxNsjLWlK91P7
bEVcYgvRwzOxe5FcA7sUaV4U8IN3pBapkf3Ivo3iApdtfSk+Pf2rjJWg7WkM
JNR+YwA8BRez4vLbzlsusRQm9KKmZKGfqKtLK3CoekMyEipVDPmRkrmhO2py
9w0AHznZHhlvYfGh64hNhzl8RBnck1dvHmthQWK4HEH+siQidYikz9uCcTfl
XSeFFhF+CP8aZ9eHTV+XUgBQUv9m1ssW8xxYhwGDNqlDM7E4zc2NxYAA2Eue
buhbGrrJalk7bZ8mQcRK1cgyISbHN5GL2sDxj7yU9O6LxKiYGMBZo4xdJ49X
9jiQIQgkAZ44FnB0F8RnEvNDWIVApHLttZNU711WTr6RJrH0zSu2681FsD8O
UpS/3HVeSrAkWa/iHS5PwUGg9ZUiC9Y2wZdVL4EPiDLkNGg0LWYO4EbN16eH
BH7SZ+FsWu6B92sj3RMY8/3hFBJ7hXFLMS0t/QfGukS4BFQhrXITeBRURkYD
pOobZBlmZRusVz0X1+qc6wy2gqaEmHVx4q8vxCOZSk2xNCWWrMzSi2c7L1n4
WzQNxo72UdAvMfsa7mhlPSH9H3vGhYf+oN70cSU7qalkd34+ONJsWa4Oxvdm
qZUdbw6YvfLSs9kw+1ij21twALsoHCedmL9ffWb3iwcXJf3v3me81pdtfbr7
+Wdfsoh+8ojYiKFUvbslEumLz78hiWQY10c+XNxC7xo8e1s7pMo4DF7MHY6J
QiHMWBctvNFppQjpzR0A3DCHPXyZyPPPssykHLrNL4vSfjLk7Vqz00hiGrO8
VtG5JUt6VONNEpsTDDDy3Eli75O0zSuW8kIzf6QSUNYFNqgGsoFZGLb5LY8d
ZwBhdjHPJkL1YwQ1ZGOGrpChoFRXkczhxOTZo14EwJjht7Lz1kJVHexDIPxx
cq/cLRivIcnXylwEF0ts3SDmxTY0mki3ZK71Sm88rUctSFu6Cw6ZyD/ydoCg
PSkTb2cTCseNmhO+mbwzbGJ4i8h6S6JP3qP4xPz1SSMKommStkOwlmxqdtzU
UjnR82PGeWZFuknusRXlQio6iwULDEiTU0J90zRCSAwEKWYwDhuVasDX9dMt
pU0mc2QrdMWxWePg4T307c584KJVAlRzk+yYVLUbeVCT4F/hxnbaeaBkxqkC
RjQOiWBIb/56JKhlwH/SEicGp6peyxCFFaEymk0wgoK7BqzgTMcqYjiVFhi5
IazEReapgEa5hRSiGYv2t5CKdNUo9QHnHIJKSvdxYSUjwmOELc1kGnVsL5OE
BgZkQkyy0OM0BlkzqIXQzCoFOln7BF4J/DX4FK2JaXntJbZCjZJ6TWyoi+5f
uFcs7zYHJxcZp8/KY8znioDrumh4j2uDpAWfFdKW18yY0q7h/loMK4ZUgNmM
mEkGqKHitkBW8wMby72Y5ZoMlT1nGR1sYbzLLmR2imEfVHvGiRaSsSEFjbJ0
sw26TiKChYZzsXxwxFTTyG07pSxvJ4jP8+fno6Pl6b0KC8ivMq6i3GWmFX58
PX28ZIMdkXlxJ+YqNYzi2SX4fBnL4UjEdPB5smYUsg0yaMmY5NyM9Iymjcev
yZi22JHO78CcOynlK6FuDFW0HZ0PI5tiUOr05Ptd5dOcPrpXzLOLczkV5DCj
81S1Rpg0H1HSB1VKssJBlVRYEDehb7hIFurCpkymaqYPqL8QMZ8nrYLTh+aq
NerYBEr4llSi10rD986+xoTiaUdVMhmKGZaM57kSZmqucWH2ECRjz3DJ8EjB
eRq6gr7crUUK6GfqaSZ+WL2Ni5JCVOFXYmyiJUFAAmHLBkqB5V46kw9mJWp+
vIjN0Q4rYcnIXPC8FwelBsgF3XD0ts7fd1xfI5kxOz3LJEU7ySEZ69tosyt+
Rie17QQ/OklvH2ntg8axIQqxPxF7I/JbK1nG7edikf1xj/SqRaYD96Qs+16r
gSAdoeZOelnR4NT4ucGesuZkLLGtoauPaUx5o/tUHxon6N6Q6ZXc1BK9sM4A
/ffDcXMK1TbRPC44JUNbA51CaBQwKnfNfbWSjRnVI5eMv9SwnGsJ4EJYF15t
hnmABkQmzVYoyszhUcbAG1D9A3bO/8CJwGiytTG2/Nnn9z7aFny0YQhlSWKC
TuAh2ScDXZTXVt4l0ddvPdo8fH1+O2gjeW3OElFZXC/X+a7jprWis2tzvUpi
m1TJCEIB2Xh41ngddydQRqgt6riiPN0q4l5qJo/Sby78OByexVEC+8qGcC4B
886s3h8bTtXGyV8sa0cCxThyflRrJErM3HEQSzaiAlnQn2b1dpoIz0baPDPA
GRnfATECAySdBF9zaLYGigsBh9PpiauVQXunuyoLZwWetBqNJeeIFDoADedg
ayRsEiuJgifQNqFwKA7vycPiy2/+7mtU4nTsTx/Gu0xbxptpEf56Nj810b75
wfpPO8fVekLuBlNSIesUXEnVXi+8L5iApBPb4lBurz/U1ZwlhAiTR5t7X355
95tFduQ7KWp91VoZzfvu6zuv7/xQfF98fedV8Wv697s7578qbgnofgd1gLj/
l2zsqKfWovhV+ALp7upr5k0WjvR9+LM1QeKcHHkhXoeXWZEv7uYb0wZ4L0N7
u/uFWI6k0zKWCQQhHLvgCgIboqGIJjOlUQdEVnW16sroaF9LbZYIm4TXu/Ql
stnJqzA3K046n7fE0SJSCyvk4YWMtZK9w6QxlTCsoWhzeWqaeT1z2JCz79Cg
emygZL5QQ8vSEAp+0bPQ2MA5oTFmghy5GosMvEZx/K7LrhFqWIn852vYg1y5
KYGLeYQWMiFFO7NLnvigpQ3Nxt7ixm+ZRkmUxSfrmlg97cknSUdKhkAANqHG
Fqgxz4brOZXEwp30G4Ko1RbIxRTRa5UmzZoR6FufQ7CuJJWFAaILhE4fKk2h
kWwL+OodbA8xRJh9VzRbksmsXb3j0vGd4mOqIrG3YLmuBs5LyKJegntZry6P
+C/yo6CjX331xdcfPtyWIAF2f+OaOAZgbcuMPzBsACftSc6RvyREwJNiJg0X
j6xG9xRBcYjljwFLvONo8wWCf8bJpdpTQNj0XMEpjTuJYSdbqds9a9Fcxa6u
IHfOkBBNS02GEWieAgOqxGftedXo5AgYvwlaYwimT+uc5vs/pVoXYyVFw4rR
TZmPnGvWAT6yICUuDdBKZzGyqtw/q0aEbpJqkdzUZ0szTUMxGdUG3HW1Ii0z
9aNiHBbOJ81PNCYpdcrfjCqn/eD/ao10kWRiaYEBWMDBiGf1EfFOHc9mtEeW
rs9AbnKO2rNizZUcRaFm8RSbyJwWaU3bRe6+F6A9ur2ua6iSqLl5rDULBala
nFfISUJdskAX7iRhMGjfhhgJLbXlsy5qdCTXwppWNCo/wL+ydoqTvIBQbTPk
B3NcCKufYizm4MS4G44KbTb4AgAOO9iKaYAN8XK5FeEpR3/dCP0VYInN6GkF
2Bx1+sjeaUmi75UPDd/3HPWaW3CxL3lm7hB3Snw45pfIa6Ro+FNSOjopDtQg
6NhlEZBTd5rBHeO8eJ0yyaCrxuHd/wXrq0itL/fx1teTRlGtPjhEkj4/xn1u
iqsijiwSCRjEoABYv5ZOxyIak12M+TJVk4M/lijGRrkmu3PuZLCSdVtE6lUT
X7qTelgSqEMbEQJLxPhNPfuBVVkYRYiXP8v7cl1JGAO00KqR8F2rOSKegtgt
Mr8z0isI7OJQJUGfXh/TzoF5OJEGvvF5tZvyFJjA9gi1SmTPDZB0iqRFiHim
0kaoWwPEYMM/3+QqVifnuAIrNIas3xtrC9o62dAGpb52koVAq3nZtt3EFWbz
TFtZoIMG138xEH3cfqIozoOfZzab0MIhNJPa3WS4ajmH2G9sJo+Nj2IGPh4f
A6z+ppVvanw1nkUnZYk7++5v6MdPi/MQBsL82f3lvoTl+s33n2yJs/pPPhTL
5W/d/wOSnncq9coAAA==

-->

</rfc>
