1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
|
Return-Path: <mbencun@gmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id D56F8C0177
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Feb 2020 17:42:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id C3ED886819
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Feb 2020 17:42:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id dRrSGaWkLKxF
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Feb 2020 17:42:19 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com
[209.85.221.68])
by whitealder.osuosl.org (Postfix) with ESMTPS id A41B986689
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Feb 2020 17:42:18 +0000 (UTC)
Received: by mail-wr1-f68.google.com with SMTP id y17so3921274wrn.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 28 Feb 2020 09:42:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=to:in-reply-to:from:autocrypt:subject:message-id:date:user-agent
:mime-version:content-language;
bh=6V7jucopqU/lus428DI0rL+PnH32yjahNAS4G5rOvGU=;
b=Yjllu3Pxv80Wnku8c4FT9sxhVHfqN3PQD8llwU5R8dGVIOS2bmNvVkzBdOnXX1yV8j
sLWCSkKHneb75qe2QPIY7PIaXfYkd5JAhA0K9WiaNnZx9dD8kVPPzhLDfSJ59J3I3TjI
AkEOmj6iQJfceFFDAeRqwtkot3uv5b6QckAncRPhmqtpw1ZIGS3tNMttKl30K0evAmwv
xyWYkMomk7+xQMXWit2jEgp6E092QAnzm9/t+TFhPcrVeUaVRrVhpLI3uQ48IjsAhuta
SnlLnCcVVIg0tVHUWlPMpccxDh8sWX8WXlU+4w5cEkky7ZWmv7oeZgQfaoDzojOgvghf
0ZNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:in-reply-to:from:autocrypt:subject:message-id
:date:user-agent:mime-version:content-language;
bh=6V7jucopqU/lus428DI0rL+PnH32yjahNAS4G5rOvGU=;
b=eT+mUFIZC9tUKwxIRoMqofUEDbYUnCCDbC32ed9IA0HFbxxpN/Lo1HGouq2pGpCofw
tk4qyhB52wgyewZw2I8uOsENP91i+cu8I4eEtgigRSiZtOYFEtbWzFtaTtRUjGubMxxi
RrozFtU9uTFmrisOEAl6rC11Ntt17r2fRR5OhIr0Y6O3/czYv8nv42Cuy0WGwfxc+xM0
fPL7daeXK6JSqNK8JXIgYj5TA9hRCvVcUD5E9veIuezN6yMvmgr7Sm9ytfhXlWHz8+w3
cO7znnBfVyhp8rYdqrZ32WMsKcY8YYM3zs4vkVR2FhBOWw6DIad0wyamFp6HTPnuxvPT
MtvQ==
X-Gm-Message-State: APjAAAXJKSdINNxQS5Bw3dejvyiLd7pr7O2v1DZWM1XQE65YgPNSjWu/
/AbAT7hBcPWT9Ci/uNiTskI1SG5N
X-Google-Smtp-Source: APXvYqw70EBv1wfMdugDe5YiaLcFx7zmkrc2CxyHnUPwoSHE8UxUc98X7/EvCy9ItVhVUE4HeG5XlQ==
X-Received: by 2002:a05:6000:1206:: with SMTP id
e6mr6117772wrx.410.1582911736851;
Fri, 28 Feb 2020 09:42:16 -0800 (PST)
Received: from ?IPv6:2a02:1205:5002:1be0:4ddf:f761:add3:be64?
([2a02:1205:5002:1be0:4ddf:f761:add3:be64])
by smtp.gmail.com with ESMTPSA id z4sm12641135wrt.47.2020.02.28.09.42.15
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Fri, 28 Feb 2020 09:42:15 -0800 (PST)
To: bitcoin-dev@lists.linuxfoundation.org
In-Reply-To: <CACL8y1vNEOfATJvkYTOV3pZQA5uac3hbTe9Onfz-38zJUzL_Ug@mail.gmail.com>
From: Marko <mbencun@gmail.com>
Autocrypt: addr=mbencun@gmail.com; keydata=
xsFNBFykyRABEADKl77HiQdiSp+F01Je5IPynLe93woyfKUoEVQQFvgjfFd2ZnYB1mXtV3X6
Y2tEKCaVilw73mCfCJEu5AGGddN3mEnkDygHB70ZGOvK1KHzA9SrQRi+M/qgN0e2eDFxLOgZ
Vjexa4VxNA+bRomg/eOeSq4lDWM+Sxk70aPlLUzG2U6ww7QcG3gam0/qyOKeIYqHiPnlj2MW
DD03DwTE6wrim/SQODRGyFjgpBQiJoxzaTzG+uLr3GI/7wmpTd/zuk6o9ixg9n1xfqzcStoW
miv5szfVsvej77LS6cb1aB1VvvjgcYEzBp3ZDafg+INU9PcePNYpoJCy4riqv6573allnN3S
GLBkAmtyJJjsDDKMy9Ql5T1sQSYnQd9wFk9NPf/pW4gIeXEGi+tQ/u+9PdP5Slp67gEQqYI3
rvUl1CnKDYgcayCjcyl9c7ScstKoODsoC80Fxy20IdZsfdd5Nd0+Kf6YpR1xTDy4x12/UL+8
+DTx2wtUqjwkW3gLvzcn9Vr1fqAgdFWe85830wj5Uxbpvlb+SJbSXNXzzRAL2XwOk21qKtug
DJ9sqTsiVFxjd2z8oiZ/EhqR5bePdSwrHVsTQUX77XV2WVSOm7fMtWfeoEUz0cN49LqYNK02
pFNQwZqJf86dI1AKseXQ4w7NeuhPH4F74/RQkl7g3J3kw0WJkwARAQABzSNNYXJrbyBCZW5j
dW4gPG1hcmtvQHNoaWZ0Y3J5cHRvLmNoPsLBpQQTAQoAOBYhBCJg5IKIiCx2r6oxnWeisWD3
TbJ1BQJcquSmAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAACEJEGeisWD3TbJ1FiEEImDk
goiILHavqjGdZ6KxYPdNsnUFnw/6AjH+dor9uaKAV6jqz7+3I3SnjxNPtYaFOtht+NarmBsR
My/LK65jabhoIX7/L1Asec8BwT0hrIPO00iN2SdQglIP+jgxh+Ngk2g7VJaZcREeEdTWkFCt
TlllyQnP72QRsLzi8Ti3xvwWSv3RPjkCpdNrFJCvF7q7eIGe4LKHsqdI7rgseQykV2tG2wcH
WipXe7sGKehSZwyCTftgvBUEKYO5vM8XhsTMdZAIV9s3n6qggSuLvhHApZz2i8BtDLjTR772
e2HtK/2t7nCBlecJ0v0vKFBpRZ0I4KIupkQHxnpVPHWFaUdytwc+1aA2VpDpwg0lol0Gyydh
DsxbvBc327EBulwr/H+d5buzHtN1EokiJAcEoUmH8U/fQeWT63kwL7Nqf2vK0qe6RYfEWy9s
0wvGAAhYSd1BI/+67kLDxUl4w2XOiOzkuxqqto6qwyeqWOQyogdik3ejRlISjg+JxHe8pRbS
42gH/qEa3+ZmqYn4ax8fshOGwKmvYgYfhIMO3I47shPQVwA3Hj2CdrOMLt7p9rxZVShgjn6t
jl441uOjFVQlzgQeJ+B3ibEDRGEXMENge1ekfiJ+YdB7J5VfgKH8K4Rw05D6TzUtmBPlNRxH
E00cklkDGjXE8gUiQuT26j9HHvPk9RqD5USr6qPHla5CaDlH250OREir2G1sFYfOwU0EXKTM
AAEQANGTuUanrvxyVw5v88V5822q67yPabbv0iC2KYEl/tOvKeqYdqOQvgrI7iTV6J8IPjuX
N3FIn8wmgpLaTK4NTqC9WU0zL3wdtyFqfPCZHdnEvOyV3RK0KVMmrE88UASdp4ptht5DVzBU
9UMIJe2GURPAR03WxK3l4ug1YF94qlVo01d5hzSKZVgldmzU8ri09XcAxQH2gv+W/Sqo4DIe
Fk0w0JNSp4wX0ITACxdvEVkoMoSM+heBgYigPGz/lnhlbmDEt3KEWI83Qa750Vcqs6MMh7oc
1Y4XPjJ+FWaCD8u9Dv/BaWqsCyHt4u5xx+8CqtqvC/BkKhLBZ4RS/Y83CrZ1gwDCf2BSvEmZ
pkAQBvnSnYjf7OadKn0HUEsJIofA6d5hE0FSyRuOEclygZyGc7yjyamVgYWfJSNEDZNJQbJ2
bWJIdhIosytBljQAGXulMabjEvUA4BdrZ1NbSfMMxAZ27fC03jJ/MiBm1szZwFXLuEQJ6+aQ
vy6oYAVY8aIYg587Gse/jx0Ftxj3jg4iqbBgwcaZWf3n4MCAK2kEgwKZvCeflWEFJw9594Ad
xoxBSsFWrIHeFrOwrY+e6KJIxGR1Iqg5E1yTpdX7WqOhdFz+v0JUOTOI2oBxDo15wnVCNlD/
/TtEU2yWlfUnuppe7URKRJuoz1pE1zpPQ+516vf/ABEBAAHCw+AEGAEKACYWIQQiYOSCiIgs
dq+qMZ1norFg902ydQUCXKTMAAIbAgUJA8JnAAJuCRBnorFg902ydcGLIAQZAQoAHRYhBC2I
doEKsJLkUdyolIBFOJKMN+roBQJcpMwAACEJEIBFOJKMN+roFiEELYh2gQqwkuRR3KiUgEU4
kow36ugcBA/+KBa16v736VS5UJnImLSMByvOAPFQUm85kQiG6sATQiC0RN9r4X9Tc5nGCNj4
IzZxa/b5rlmsfLOpdW40r9pzt5TXLuHkU3o1OMwJDIejnm2Bb7grSC27ICejuyvNcXeyouB0
9+g8wHTvilE2Wx/nRPJe+SIKGmVJrz/XW/dATjPupJiU7vc+ZIJD/JEZFR2Fwhvf+v6uRO8z
pD1OSw0DjkTwf7HADTSbeeJOVV24paVOHecwZrz3VatdXTHk2ZX7p1ZfJ6EL8dA7Gs3V3B8g
gDTvSqDsoHKy5SIJJuKqwmUcNnvUd/D0kBIuuohVGGrakUg9CA8e2B7a9iKXXEN+z48Jh8vE
0qnBbBInvbM8EXdI7o3MTR8ULfhQdIdgFsp+KWxnpVwZ8RnnqQavVmB2wyMfhx4dXKB8myBt
YZasMxEopTlWAWei3zauY4D+2T8oIwfZRXbLolGlVTI3pNza5oM4KlNkWVd4wfakIFahCoCJ
AchtB0kYYI+UI44jntii6Q+cYRRAWkDZ+GL5Uv+8n7DH0vcjMNSdg6DD9LwlzirBdEdCYsFs
phMISMiUD4QUg5L7fFWCMK4zGMSuAZttRrA1KyfW6hDsCGD70G/bb8C85aXY+LQw2iPLGoQO
MWtBc1X5XkS76AFytMJdI8ywLqJgVNZviypNLCdPfuPz7DsWIQQiYOSCiIgsdq+qMZ1norFg
902ydSj0EAC3Z3NWNxpdeQG9Fxhzwt14iH8bOX28uLkPzfsH4NUPILdjeRVx1YhHAJVX/jV3
Lf1sJeDtmFZXza0k064tK6NSHIyINMlFKLepuLeMaH9vvQ5p7FkF4ja8NClAlIq7op6eMyAC
ffE52T4Q8hnn0l2k1ivxGQcFbtMGeHDfVF0XCpDjC+hQWcwanrFTgBESgzZObcy+fv8lhcAT
dgLN23WNgvpKgVr0uTBRM61reMEL9sOpgWQlOdx9RWgp2HGt/RgMRFM5AKsYPoRH4k+G4ceW
gGPtmsBTV3iEOTdTdQxMsi2lWCqhnI8vMF3HUnjsL2wXHZ47Dh7Up4QMhhAhZxKSpyI7Ho11
65Jvtz7KyqYbbXBV2O9CecV/1cndI6fFaB6fTcS/eY+7C8aNyKUfX1TUfoSzEUaZDLMhf47d
8zw1SHd3u8Js9KpgnfZ2kOerjagXlvU8JwNpjlusLe9omgcWzirtGc94EaYjWZqTYbEVkXSH
iFMaqve0A53IDlFTP9cTGhTyNsqlYuaaD5FzcuLdKNmxqjTatd9zqtTHTv+gRq6Sc6jr6yf3
IHEejEni2x72F23tR7C5mfpEEL4mtTtaCK4AUgvOMcwNOQQFOR6PedHBxDQ4WDFLtxuB9Mvj
NpW6VNloJp3qyLAwQmMdfWF2GafkZO8RiWHINNZxaC1Ans7BTQRcpMz8ARAAvUfK6kyj7Zwa
0x3qSjavXqOqSF3jyaEkC8kRXII5gfta23+d6CQqpiiu0u3ppTfWYEtKpv26MQ9kZfAPmZMu
MDeJxm5vP0HRwyQorsS9DTL9tB0f+4ryCzIlMEXc55q+tX4yoVNp/wTaM/ASOQzsa2AMhjMU
ESRBjUz63Gtm8L2q7mv8RB9FVYtom7KD5LNIMM0sWQB4BaLDKy7o7GVQTdUrozes/wXQxdxo
l0tyDeKuYOl99JXISjTf18vS4JDT2q7o5hyhPo8XMP/HWLaqLHuQtgN+R6yaRLeyffGP4wQk
hYwnIDsdlTfCXsfGvoL+HjOAlwiMhKOnzKhr0DPJacnAfItQKyg5pCPNr3jJQGLKV0uVpWbV
QBp8egal/ibBGIGiEmOUBvqq5ywfq7UIbmz2GbQB50xfEoMn36kz1EzR6dUFJqsXrpUbubtF
TDiu1wbCJ+hb6bmg2oxKFAz00bMkCG7AkGtgjD/3/H2gfl69aGTb8cbD6B6feuQ6qNDtEQ5K
4M8w33+IninFs4YQ3+hNstiWDjHoYLy1Nv5ThFvJIN0Qlw8wOj7Sho1IbAiRBVWN4YjZnhE2
KyKxh5JR5zi3Rw37WrZiS728y4erMRBZPX/UNOWroQKELMQ9RMyOkZ7XN3LZ4qEOuYz6rjiJ
T3qK8C68/UfTzGnKFhlVQTcAEQEAAcLBkwQYAQoAJhYhBCJg5IKIiCx2r6oxnWeisWD3TbJ1
BQJcpMz8AhsMBQkDwmcAACEJEGeisWD3TbJ1FiEEImDkgoiILHavqjGdZ6KxYPdNsnX2WQ//
cXeouBmjkUZb0HS3Yc6BBgmtNGvIU37sfcfVvdE+Ij8T3SVPmgJxfHR3lR/d9JPTxYV7Uyg+
ZHSdPNOjOv/sXJVXTTKxCloPaIMUiKpq8qwAlU3y22kIbjbItt56fWLFgtUKnqZ+LC7yrD2D
OAdyfH9fxI5m8Czhw91WmpSMnIJEVoLRN/UhvJ5e8D4Vu+VmfO6TQZrMCSH3Pp2gAsBYs2vJ
ywpwZVLRQ5uwdILjw1PX+KM/S/sPuhTGLu+WoXqhcVd5g+iwFDfJI5kzEXmWW1dhopAClGa0
4ATdKU9OmxqAHk0stC/bzgp4a74/hOs7rO/qJikqsIXza/xfEFhPuDdPd51t5T/JXG51y0tq
2Adwmygq/ostNuBGaLqanG7V0O/pZmYalU1NFdTZFX2xw3QhBy2KqcBCSuv2/wwT8quoeC7T
GpFFxSmnZFwoWGkF9OsyJesu/ekNBWRKyeSAtbBoP/dklpI5oqBTOaZ1d3mbbCJd5LpzEVm9
HjQyufq9EorSHcC8vrQprtX4YMBcPULIBTGzNr4i0i5UP7cSrKvytnU3+Ewd2hXVFJnJYKUm
e5VpP0+91Jg6kk/hdjzxDl6iSk2KTX9vpYtXQCGWcDAKwbFBDhPb5vBo7lpplPK+O/kyVuQu
AwmrMztlKLGt3w+MOOhrGbH254B+kjLZHO4=
Message-ID: <c6709c19-a6b2-37a8-0d58-4800126f145f@gmail.com>
Date: Fri, 28 Feb 2020 18:42:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.4.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------49506797E3AF558C692BD907"
Content-Language: en-US
X-Mailman-Approved-At: Fri, 28 Feb 2020 17:51:08 +0000
Subject: Re: [bitcoin-dev] Nonce blinding protocol for hardware wallets and
airgapped signers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 17:42:20 -0000
This is a multi-part message in MIME format.
--------------49506797E3AF558C692BD907
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Thanks for starting this initiative; it has been a long standing goal of
mine to implement and release this protocol. Your blog post on the topic
actually inspired me to pick up this work again a few months ago.
Jonas Nick has implemented the protocol in the secp256k1 library for
Schnorr sigs here: https://github.com/bitcoin-core/secp256k1/pull/590
I have backported the same scheme to ECDSA in the secp256k1 library
here, so it can be used also for current transactions:
https://github.com/bitcoin-core/secp256k1/pull/669
I also made proof of concepts for the BitBox02 hw wallet firmware and
BitBoxApp wallet to verify that the protocol also works well in practice.=
The actual scheme used in those implementations is a generalized
sign-to-contract scheme, where the final nonce is computed as `k' =3D k +=
H(k*G, n)` instead of `k'=3Dk+n`, but otherwise it works mostly the same
for the anti nonce covert channel protocol. I suggest to use this scheme
in PSBT as well.
> We can either use proprietary fields [4] or define key-value pairs and =
add
> them to the BIP-174. Depends if anyone else is interested in using this=
> protocol or not.
I'd definitely be interested in seeing widespread support for this, and
standardizing it would help with that.
With PSBT used with an air-gapped signer, there is increased danger in
implementing the protocol wrongly by relying on the contents of the PSBT
alone in the final verification step of a signature. The PSBT must be
verified carefully against state stored by the host for the PSBT.
Otherwise the signer can for example change or pre-fill the relevant
NONCE fields and leak the private keys anyway. Is there a current best
practice for how a PSBT can be identified by the host to store/retrieve
the state?
Are there other examples in PSBT where the host can't trust the contents
of the PSBT the signer returns (except of course for the parts the user
can verify themselves, like recipients, amounts, etc.)? In any case,
guidelines or conventions on how to avoid the pitfalls would be good.
Best, Marko
--------------49506797E3AF558C692BD907
Content-Type: application/pgp-keys;
name="0x67A2B160F74DB275.asc"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="0x67A2B160F74DB275.asc"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFykyRABEADKl77HiQdiSp+F01Je5IPynLe93woyfKUoEVQQFvgjfFd2ZnYB
1mXtV3X6Y2tEKCaVilw73mCfCJEu5AGGddN3mEnkDygHB70ZGOvK1KHzA9SrQRi+
M/qgN0e2eDFxLOgZVjexa4VxNA+bRomg/eOeSq4lDWM+Sxk70aPlLUzG2U6ww7Qc
G3gam0/qyOKeIYqHiPnlj2MWDD03DwTE6wrim/SQODRGyFjgpBQiJoxzaTzG+uLr
3GI/7wmpTd/zuk6o9ixg9n1xfqzcStoWmiv5szfVsvej77LS6cb1aB1VvvjgcYEz
Bp3ZDafg+INU9PcePNYpoJCy4riqv6573allnN3SGLBkAmtyJJjsDDKMy9Ql5T1s
QSYnQd9wFk9NPf/pW4gIeXEGi+tQ/u+9PdP5Slp67gEQqYI3rvUl1CnKDYgcayCj
cyl9c7ScstKoODsoC80Fxy20IdZsfdd5Nd0+Kf6YpR1xTDy4x12/UL+8+DTx2wtU
qjwkW3gLvzcn9Vr1fqAgdFWe85830wj5Uxbpvlb+SJbSXNXzzRAL2XwOk21qKtug
DJ9sqTsiVFxjd2z8oiZ/EhqR5bePdSwrHVsTQUX77XV2WVSOm7fMtWfeoEUz0cN4
9LqYNK02pFNQwZqJf86dI1AKseXQ4w7NeuhPH4F74/RQkl7g3J3kw0WJkwARAQAB
tCRNYXJrbyBCZW5jdW4gPG1iZW5jdW4rcGdwQGdtYWlsLmNvbT6JAk4EEwEKADgW
IQQiYOSCiIgsdq+qMZ1norFg902ydQUCXKTJEAIbAwULCQgHAwUVCgkICwUWAgMB
AAIeAQIXgAAKCRBnorFg902ydcVTEADCl9VzrFoLkhI/KX0J2QDrZV7eVcbLPGMI
ZYpsVl+VAga3Zw9Gpb8cbn73b5yWp2cYrdgcFOrz4EZPuC4SazIKf77z7EF01xQc
k27PWm3WV7cD8+knldYJUiw9jv5M8162ns5li0DlVFHGFvCWMSDnPU53fu0JelsQ
9qFnohKT2/3Tn5C+YgXJaIidKhc82/Tq3VL6b3jgJQPCRsDLcx9IpXUb2OBIVTwc
lmwDGmtRQHYIgOR7VD+RM6cmmpsudDMCre2L+GbxrdPWc5HRJm7Iq0WEN2mGuTg0
nxuKOoVaKBHs3zFJJPBuSP9hAS0iolUTG8oiDAFYI6keOO/CJHIEBj1ruDWwk939
xWrZuu5DnueR/kKlNCviN5/MAOKIRMBI5s1v4OpXK+PiTQGCKW9od+la2QPqh+2B
WX08CdgB/23dWxEYLPvq/MYkBfOG6Mw9cip01IG2hmucf/Y/d37WxdNwsvFIknhe
n0xfJkOcG7coEhAtJsxwZYOwSfy95e6ZcxNL2Kow6lw2pMnm3N09eTHpo3zoA/hT
N0tS4PWGmzG9VTM4brR11dmUKcrycI/q8ClD7y5hvpkhhW/XCTVprz6yer1sETAp
1igpRaDSnKdKymUy5QNVSDhKFaKJeyfS4Kih4zicbKWIHcPvfqIJO2xTclMT0cm6
FN1pNTJ244kCMwQTAQoAHRYhBEPB8+16Yktsdfed3U81WIqvDnKKBQJcpuEkAAoJ
EE81WIqvDnKKM6sQAL3Hxpbvyc6dUZg/7g38yA4UDuus9WrGlgrF2fc8z70BmK5+
nJ/0cdXWTYSbkiO10Ld6l0QHdcsXbX0P+SjUe5nT54z9MqiT4TF4Ix3GkeSWyWtN
qloz3lSqHtwab0KF1GkRnqZwmoBdu4wEGibKR5WL83qYr8IKHcKsvrtpvZEQ8KJ2
ZqIX98ArKfZoWDyAKvhixWMXnkMDWrgxmzKVBjL61X+N+N7wTcO690bPwBRo//0L
1o0qq38Qn0qbgMvCtS61H1VJpGIILYhsQiO8a/M50kh0FmJHij+stgXZ+ig8seP0
y+AyAehAgh3+oUqDHF2qKgcHJvbUVQATD5ZPpDTQVYdxUfd7HnbUr0QxQ6INs9vO
kbewCTZ8NEIzbBZc/O8/+6Yv2i2mPWHQS0SPqZQ+3GpmpdZZzUFgkNg5H+D9xT4u
Y8+m1cgkRZ6IwYgyT7VJZmFfXC32qTVSUGVhSo4nw79x2OwCgJbYwozS1FgHeg+6
qGUXCVghkXkLMJX4rgPjMUZh0Cs8Plv57yrKEwBiXuq/xlvLWlodFLpgcNOlMHrq
dXaWlegBY3ERy0tcGKc/DxmT7nuT9uHo/DxOrpWSq0SJAeOoVENcmbpM+5SBGiBb
AYIoqK/GpdlipNC2YI4T8tVUuQt9hNJKGDtS0xvCbkSMoT6BN/kU9pVNCXPuiQJq
BBMBCABUFiEEk4ai+y2p0NMfrwgYwMB2Ey/6dpUFAl4OIk02Gmh0dHBzOi8vam9u
YXRoYW5jcm9zcy5jb20vQzBDMDc2MTMyRkZBNzY5NS5wb2xpY3kudHh0AAoJEMDA
dhMv+naV1IQQAIErlosd1VxjI2g4c9n8XBD8xFMbtVr/fUZLX7eMoqM9jp08gaxY
prVcRJFXXt2Waa0faqKFUmQlvW0EO4Bw2MLU7kqcHtkN+lW1kuv9Ls1CHf+5Bw2u
dh/hve2Uf3VaIM5P6i415yqICDi2Hga4FzX8NCf21mIt8i1DwIFYvO4LlM/PyBn9
XUzZLIe+514l23ZdZW59rRR5ltmEiivyJScBQBYWtFfULHw09lAZab+X+jm+XQGB
7aVjtSDurmDwYuWasawlpO8eGt6w3Gmqe5iKeoI6ED9iLf2cg2Upvq+wEjd0veq7
ilXiHFTqTNAejPUt7+1z33pbVSqoaOrUPrj9JSxd222/YLZMmN64Xyx7/4tUBivG
TscRT6Bj6bikbP6+T3ujg1/8uZ5M8OG4uAphquQMrOvrEVb9uBLTouLcbn7WHGcp
CRU75j/S2fZxuueNjmVYezVxJLKD0Kleh0Qp+oYXBJMdGMvOkN5zkjd+vRdXBBbE
loh9f/pmOLXSL/LihM76tqnf8mpGIdOnmYe7XEqVPMgNuGcjmosHCGuVsJ2ozmpm
c3Rqm1+J4rjlRzQzHM+qGzD4dzBd+rF1tSx5fnSzWwlE06FvDtjz43+gMTgjj2YG
U8U653rvwv3kjDHwNwNP3J1ykbxHugarZDxjxqZuUjRwmUYAxNb7jcnZtCNNYXJr
byBCZW5jdW4gPG1hcmtvQHNoaWZ0Y3J5cHRvLmNoPokCTgQTAQoAOBYhBCJg5IKI
iCx2r6oxnWeisWD3TbJ1BQJcquSmAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA
AAoJEGeisWD3TbJ1BZ8P+gIx/naK/bmigFeo6s+/tyN0p48TT7WGhTrYbfjWq5gb
ETMvyyuuY2m4aCF+/y9QLHnPAcE9IayDztNIjdknUIJSD/o4MYfjYJNoO1SWmXER
HhHU1pBQrU5ZZckJz+9kEbC84vE4t8b8Fkr90T45AqXTaxSQrxe6u3iBnuCyh7Kn
SO64LHkMpFdrRtsHB1oqV3u7BinoUmcMgk37YLwVBCmDubzPF4bEzHWQCFfbN5+q
oIEri74RwKWc9ovAbQy400e+9nth7Sv9re5wgZXnCdL9LyhQaUWdCOCiLqZEB8Z6
VTx1hWlHcrcHPtWgNlaQ6cINJaJdBssnYQ7MW7wXN9uxAbpcK/x/neW7sx7TdRKJ
IiQHBKFJh/FP30Hlk+t5MC+zan9rytKnukWHxFsvbNMLxgAIWEndQSP/uu5Cw8VJ
eMNlzojs5LsaqraOqsMnqljkMqIHYpN3o0ZSEo4PicR3vKUW0uNoB/6hGt/mZqmJ
+GsfH7IThsCpr2IGH4SDDtyOO7IT0FcANx49gnazjC7e6fa8WVUoYI5+rY5eONbj
oxVUJc4EHifgd4mxA0RhFzBDYHtXpH4ifmHQeyeVX4Ch/CuEcNOQ+k81LZgT5TUc
RxNNHJJZAxo1xPIFIkLk9uo/Rx7z5PUag+VEq+qjx5WuQmg5R9udDkRIq9htbBWH
iQJqBBMBCABUFiEEk4ai+y2p0NMfrwgYwMB2Ey/6dpUFAl4OIk02Gmh0dHBzOi8v
am9uYXRoYW5jcm9zcy5jb20vQzBDMDc2MTMyRkZBNzY5NS5wb2xpY3kudHh0AAoJ
EMDAdhMv+naVW4QP/2/gC1cMxC8r7E9nPnIFlv/W9CxhBZjuwW+UeDoANeN6BC9J
CJxMJwHPOwvFohSh8FKF5MBuOcveR7pKmXRddsczJ1bb1yMf0RwC2+9G7udvqu74
AsM1tNNRXLIM3i2bdz+Yze6D90O7FBOTpGKOPPG0UidO6hdQ5ilz8Q/e8EI909I6
a6KzXqC8O9X44e9WAP4OwLqis2y22FykaOmGzH9xXF0LF934aLhbxnf4B1Gh8H5I
ih5bzJtThXr/U0yezbiQkYq1inlNnSrzo/sw6Yb3TN+8mkO3q/1vixNLkx3JGUhy
AEb5gui1mMpIMROAQKGNCbY//7iEbqL6HHU8jdI9EUmobwdqfpTXgXmdVajAHylt
MkMiZrwvK/nXli9XBrNwrBFUeLmrmBOf2h2x3odJ0M97kM5I9Str3ofKZnEN4ITj
cy7XWBXkWdPLj1uS2jbREFPIoXfSPYrYOC5Wv2oQbRJzsQ9yePIJfkTpdJckCTxX
KacWt8+/WPingH85yBZ/+P6s/+h+Bu4CnlAXVtsy3WLngqaHE73cDjYFSHUVeWLj
IyeWXxNkVgz3I7dXIYMToSkRf24o12KZHmWbikvrAMzN11f732sgNGS5+bT7YQEg
kprW1tBDQXOC1jfR1ljfpaU6SpQkyMfpZ2wjQYtLidGndoMkbO1o5gzRLpOBuQIN
BFykzAABEADRk7lGp678clcOb/PFefNtquu8j2m279IgtimBJf7TrynqmHajkL4K
yO4k1eifCD47lzdxSJ/MJoKS2kyuDU6gvVlNMy98HbchanzwmR3ZxLzsld0StClT
JqxPPFAEnaeKbYbeQ1cwVPVDCCXthlETwEdN1sSt5eLoNWBfeKpVaNNXeYc0imVY
JXZs1PK4tPV3AMUB9oL/lv0qqOAyHhZNMNCTUqeMF9CEwAsXbxFZKDKEjPoXgYGI
oDxs/5Z4ZW5gxLdyhFiPN0Gu+dFXKrOjDIe6HNWOFz4yfhVmgg/LvQ7/wWlqrAsh
7eLuccfvAqrarwvwZCoSwWeEUv2PNwq2dYMAwn9gUrxJmaZAEAb50p2I3+zmnSp9
B1BLCSKHwOneYRNBUskbjhHJcoGchnO8o8mplYGFnyUjRA2TSUGydm1iSHYSKLMr
QZY0ABl7pTGm4xL1AOAXa2dTW0nzDMQGdu3wtN4yfzIgZtbM2cBVy7hECevmkL8u
qGAFWPGiGIOfOxrHv48dBbcY944OIqmwYMHGmVn95+DAgCtpBIMCmbwnn5VhBScP
efeAHcaMQUrBVqyB3hazsK2PnuiiSMRkdSKoORNck6XV+1qjoXRc/r9CVDkziNqA
cQ6NecJ1QjZQ//07RFNslpX1J7qaXu1ESkSbqM9aRNc6T0Puder3/wARAQABiQRy
BBgBCgAmFiEEImDkgoiILHavqjGdZ6KxYPdNsnUFAlykzAACGwIFCQPCZwACQAkQ
Z6KxYPdNsnXBdCAEGQEKAB0WIQQtiHaBCrCS5FHcqJSARTiSjDfq6AUCXKTMAAAK
CRCARTiSjDfq6BwED/4oFrXq/vfpVLlQmciYtIwHK84A8VBSbzmRCIbqwBNCILRE
32vhf1NzmcYI2PgjNnFr9vmuWax8s6l1bjSv2nO3lNcu4eRTejU4zAkMh6OebYFv
uCtILbsgJ6O7K81xd7Ki4HT36DzAdO+KUTZbH+dE8l75IgoaZUmvP9db90BOM+6k
mJTu9z5kgkP8kRkVHYXCG9/6/q5E7zOkPU5LDQOORPB/scANNJt54k5VXbilpU4d
5zBmvPdVq11dMeTZlfunVl8noQvx0DsazdXcHyCANO9KoOygcrLlIgkm4qrCZRw2
e9R38PSQEi66iFUYatqRSD0IDx7YHtr2IpdcQ37PjwmHy8TSqcFsEie9szwRd0ju
jcxNHxQt+FB0h2AWyn4pbGelXBnxGeepBq9WYHbDIx+HHh1coHybIG1hlqwzESil
OVYBZ6LfNq5jgP7ZPygjB9lFdsuiUaVVMjek3NrmgzgqU2RZV3jB9qQgVqEKgIkB
yG0HSRhgj5QjjiOe2KLpD5xhFEBaQNn4YvlS/7yfsMfS9yMw1J2DoMP0vCXOKsF0
R0JiwWymEwhIyJQPhBSDkvt8VYIwrjMYxK4Bm21GsDUrJ9bqEOwIYPvQb9tvwLzl
pdj4tDDaI8sahA4xa0FzVfleRLvoAXK0wl0jzLAuomBU1m+LKk0sJ09+4/PsOyj0
EAC3Z3NWNxpdeQG9Fxhzwt14iH8bOX28uLkPzfsH4NUPILdjeRVx1YhHAJVX/jV3
Lf1sJeDtmFZXza0k064tK6NSHIyINMlFKLepuLeMaH9vvQ5p7FkF4ja8NClAlIq7
op6eMyACffE52T4Q8hnn0l2k1ivxGQcFbtMGeHDfVF0XCpDjC+hQWcwanrFTgBES
gzZObcy+fv8lhcATdgLN23WNgvpKgVr0uTBRM61reMEL9sOpgWQlOdx9RWgp2HGt
/RgMRFM5AKsYPoRH4k+G4ceWgGPtmsBTV3iEOTdTdQxMsi2lWCqhnI8vMF3HUnjs
L2wXHZ47Dh7Up4QMhhAhZxKSpyI7Ho1165Jvtz7KyqYbbXBV2O9CecV/1cndI6fF
aB6fTcS/eY+7C8aNyKUfX1TUfoSzEUaZDLMhf47d8zw1SHd3u8Js9KpgnfZ2kOer
jagXlvU8JwNpjlusLe9omgcWzirtGc94EaYjWZqTYbEVkXSHiFMaqve0A53IDlFT
P9cTGhTyNsqlYuaaD5FzcuLdKNmxqjTatd9zqtTHTv+gRq6Sc6jr6yf3IHEejEni
2x72F23tR7C5mfpEEL4mtTtaCK4AUgvOMcwNOQQFOR6PedHBxDQ4WDFLtxuB9Mvj
NpW6VNloJp3qyLAwQmMdfWF2GafkZO8RiWHINNZxaC1AnrkCDQRcpMz8ARAAvUfK
6kyj7Zwa0x3qSjavXqOqSF3jyaEkC8kRXII5gfta23+d6CQqpiiu0u3ppTfWYEtK
pv26MQ9kZfAPmZMuMDeJxm5vP0HRwyQorsS9DTL9tB0f+4ryCzIlMEXc55q+tX4y
oVNp/wTaM/ASOQzsa2AMhjMUESRBjUz63Gtm8L2q7mv8RB9FVYtom7KD5LNIMM0s
WQB4BaLDKy7o7GVQTdUrozes/wXQxdxol0tyDeKuYOl99JXISjTf18vS4JDT2q7o
5hyhPo8XMP/HWLaqLHuQtgN+R6yaRLeyffGP4wQkhYwnIDsdlTfCXsfGvoL+HjOA
lwiMhKOnzKhr0DPJacnAfItQKyg5pCPNr3jJQGLKV0uVpWbVQBp8egal/ibBGIGi
EmOUBvqq5ywfq7UIbmz2GbQB50xfEoMn36kz1EzR6dUFJqsXrpUbubtFTDiu1wbC
J+hb6bmg2oxKFAz00bMkCG7AkGtgjD/3/H2gfl69aGTb8cbD6B6feuQ6qNDtEQ5K
4M8w33+IninFs4YQ3+hNstiWDjHoYLy1Nv5ThFvJIN0Qlw8wOj7Sho1IbAiRBVWN
4YjZnhE2KyKxh5JR5zi3Rw37WrZiS728y4erMRBZPX/UNOWroQKELMQ9RMyOkZ7X
N3LZ4qEOuYz6rjiJT3qK8C68/UfTzGnKFhlVQTcAEQEAAYkCPAQYAQoAJhYhBCJg
5IKIiCx2r6oxnWeisWD3TbJ1BQJcpMz8AhsMBQkDwmcAAAoJEGeisWD3TbJ19lkP
/3F3qLgZo5FGW9B0t2HOgQYJrTRryFN+7H3H1b3RPiI/E90lT5oCcXx0d5Uf3fST
08WFe1MoPmR0nTzTozr/7FyVV00ysQpaD2iDFIiqavKsAJVN8ttpCG42yLbeen1i
xYLVCp6mfiwu8qw9gzgHcnx/X8SOZvAs4cPdVpqUjJyCRFaC0Tf1IbyeXvA+Fbvl
Znzuk0GazAkh9z6doALAWLNrycsKcGVS0UObsHSC48NT1/ijP0v7D7oUxi7vlqF6
oXFXeYPosBQ3ySOZMxF5lltXYaKQApRmtOAE3SlPTpsagB5NLLQv284KeGu+P4Tr
O6zv6iYpKrCF82v8XxBYT7g3T3edbeU/yVxudctLatgHcJsoKv6LLTbgRmi6mpxu
1dDv6WZmGpVNTRXU2RV9scN0IQctiqnAQkrr9v8ME/KrqHgu0xqRRcUpp2RcKFhp
BfTrMiXrLv3pDQVkSsnkgLWwaD/3ZJaSOaKgUzmmdXd5m2wiXeS6cxFZvR40Mrn6
vRKK0h3AvL60Ka7V+GDAXD1CyAUxsza+ItIuVD+3Eqyr8rZ1N/hMHdoV1RSZyWCl
JnuVaT9PvdSYOpJP4XY88Q5eokpNik1/b6WLV0AhlnAwCsGxQQ4T2+bwaO5aaZTy
vjv5MlbkLgMJqzM7ZSixrd8PjDjoaxmx9ueAfpIy2Rzu
=3D7iU3
-----END PGP PUBLIC KEY BLOCK-----
--------------49506797E3AF558C692BD907--
|