From c5fbd00ddad37db01bc62f45f4711d140fb71d47 Mon Sep 17 00:00:00 2001 From: "arthur.breitman@gmail.com" Date: Sun, 16 Oct 2016 16:35:49 -0700 Subject: [PATCH] add tex sources for the papers --- docs/texsources/README.md | 6 + docs/texsources/pos_figure.eps | 1153 ++++++++++++++++++++++++++++ docs/texsources/position_paper.bbl | 98 +++ docs/texsources/position_paper.tex | 855 +++++++++++++++++++++ docs/texsources/white_paper.bbl | 31 + docs/texsources/white_paper.tex | 817 ++++++++++++++++++++ 6 files changed, 2960 insertions(+) create mode 100644 docs/texsources/README.md create mode 100644 docs/texsources/pos_figure.eps create mode 100644 docs/texsources/position_paper.bbl create mode 100644 docs/texsources/position_paper.tex create mode 100644 docs/texsources/white_paper.bbl create mode 100644 docs/texsources/white_paper.tex diff --git a/docs/texsources/README.md b/docs/texsources/README.md new file mode 100644 index 000000000..1c1fc6f12 --- /dev/null +++ b/docs/texsources/README.md @@ -0,0 +1,6 @@ +These are the sources of the original Tezos paper by L.M. Goodman with very minor edits and typo fixes. +They are being made available in order to facilitate translation of the papers. + +A word of caution, though the project is substantially similar to the protocol described in the paper, +some implementation details have changed. At this point, the protocol is defined by its reference +implementation in OCaml. diff --git a/docs/texsources/pos_figure.eps b/docs/texsources/pos_figure.eps new file mode 100644 index 000000000..5199838d0 --- /dev/null +++ b/docs/texsources/pos_figure.eps @@ -0,0 +1,1153 @@ +%!PS-Adobe-3.0 EPSF-3.0 +%%Creator: cairo 1.12.16 (http://cairographics.org) +%%CreationDate: Tue Aug 12 20:59:21 2014 +%%Pages: 1 +%%DocumentData: Clean7Bit +%%LanguageLevel: 3 +%%BoundingBox: 0 -1 431 157 +%%EndComments +%%BeginProlog +save +50 dict begin +/q { gsave } bind def +/Q { grestore } bind def +/cm { 6 array astore concat } bind def +/w { setlinewidth } bind def +/J { setlinecap } bind def +/j { setlinejoin } bind def +/M { setmiterlimit } bind def +/d { setdash } bind def +/m { moveto } bind def +/l { lineto } bind def +/c { curveto } bind def +/h { closepath } bind def +/re { exch dup neg 3 1 roll 5 3 roll moveto 0 rlineto + 0 exch rlineto 0 rlineto closepath } bind def +/S { stroke } bind def +/f { fill } bind def +/f* { eofill } bind def +/n { newpath } bind def +/W { clip } bind def +/W* { eoclip } bind def +/BT { } bind def +/ET { } bind def +/pdfmark where { pop globaldict /?pdfmark /exec load put } + { globaldict begin /?pdfmark /pop load def /pdfmark + /cleartomark load def end } ifelse +/BDC { mark 3 1 roll /BDC pdfmark } bind def +/EMC { mark /EMC pdfmark } bind def +/cairo_store_point { /cairo_point_y exch def /cairo_point_x exch def } def +/Tj { show currentpoint cairo_store_point } bind def +/TJ { + { + dup + type /stringtype eq + { show } { -0.001 mul 0 cairo_font_matrix dtransform rmoveto } ifelse + } forall + currentpoint cairo_store_point +} bind def +/cairo_selectfont { cairo_font_matrix aload pop pop pop 0 0 6 array astore + cairo_font exch selectfont cairo_point_x cairo_point_y moveto } bind def +/Tf { pop /cairo_font exch def /cairo_font_matrix where + { pop cairo_selectfont } if } bind def +/Td { matrix translate cairo_font_matrix matrix concatmatrix dup + /cairo_font_matrix exch def dup 4 get exch 5 get cairo_store_point + /cairo_font where { pop cairo_selectfont } if } bind def +/Tm { 2 copy 8 2 roll 6 array astore /cairo_font_matrix exch def + cairo_store_point /cairo_font where { pop cairo_selectfont } if } bind def +/g { setgray } bind def +/rg { setrgbcolor } bind def +/d1 { setcachedevice } bind def +%%EndProlog +%%Page: 1 1 +%%BeginPageSetup +%%PageBoundingBox: 0 -1 431 157 +%%EndPageSetup +q 0 -1 431 158 rectclip q +q +0 156.108 431 -157 re W n +% Fallback Image: x=0 y=0 w=431 h=157 res=300ppi size=3529140 +[ 0.24 0 0 0.24 0 -1.091586 ] concat +/DeviceGray setcolorspace +8 dict dup begin + /ImageType 1 def + /Width 1796 def + /Height 655 def + /Interpolate false def + /BitsPerComponent 8 def + /Decode [ 0 1 ] def + /DataSource currentfile /ASCII85Decode filter /FlateDecode filter def + /Interpolate false def + /ImageMatrix [ 1 0 0 -1 0 655 ] def +end +image +Gb",kG@4@g+2GW_>=R:m&'Ie2T`uBd"Jgpr&5cD+'L@V7.8iS\J10>@L4U..5nL+"`I\"*YI + gWi(22BtN#(-qQ9t=:mW\D3At,,Dm3PKkp[^oH+1-Zjc$Ri]3)`JMGhjA:p[_18 + j\?tAuCCD_%K@s=jUZ+oM2B:SYgb>i%#-2Qj3ugG&"@3S%W@Wt,bZ`lX$:(k$^SPHL2<'f_ + !M7c.*VTu0*;H!NGR],-^B3\S=pB]k6kBJeWY(0DY@.$riHKi>0=8+ehp@EA!8j7UgBE4g% + a8i$>u/qqK2&%teflei+G(^A;N3Z"YQ([+08^-+/`A-uiDJfJ/-ojrW>fVphuS?kikh#^Yn + hna!tbZ%OQqW?mMA+^!sFMiIf^TIm$n.#F,UV,"lPiZ&.Yqj+q3VLM#!gd/l1);0KN%>kLE + G)h@NA9hV(*fOYO%Ub@/R`#OYp',+3jK^&+>gpfBC#Er0h^Jfk>.K/#&^r7!u[WA.),(Tc' + Rq\T)CR2gGWi39`\'0r9\(t=-*.p-k\2UTqWK*)eaJquHTJ)h-bU^_t/MSXke'V;BAg" + nl3%Z`k#.8p/^$qDrn/BLtAe$)+*MJg3_ns^G2p!h:i;h?[B1b7Q,]:sjn87Y#@@t.4f!D.BA,W"llB6KC$)*Jbho1C11\0*[Sd@"Nis00CY3"t;TF><%^T + 4iaQP'm!%"pC)g#30t6%ogg7LA! + tPR4fFJQ7L`k6*F)><@rfp#mGXfI<0mJ4sjE?6lLkPrkmt-;ZVZtb)r`:Y')%OQ[KbT&%fV + dfG1B>0^gXh)KL)@rFo<2!rT'HaK9`=7GctnKmb8@$eis#uE([+*eWD6^`#Qnu0QNtCF`[1 + .th`OJf-3pD*!FOEdja9kf@bI&T\=pR5o9KlP*4XVILkbg8E/]7qK?qfW[K.;TJ7jj--+*` + O4`!OgY@!'p4ZRsaFk\!>XWZ6)]VJSfpcP$_%.lW/FoL^63urpQ9*0AOp5mPehGVeKs-HE'U1\:,j%eFs0H*aC!SAR1b-)Y3<=$ + O:!b;`/gVRpE=Rull2GUa/Um48cL5Q5i;J,Zl/1fb*`*=A9Pi`_P%LWs01 + \M:,"OTNC0.pkR!4LDqt*NeiApc/PXjPc"A0ZLU4`[#A+3d&G?$c`R+.V^`,J(t.d73\Yn+ + s-IfS]Q,s&[LP0G*konRcSfk&ak"hh[rmT4U'%/o6d)/DTG)ZPh + PB!PB[cienU4e__o@j,8&@KD">th_6ear:7(OPM3S`lRZHYLR+G*Q3;L1[uFQ;([BHo*B)o + **_+b2R(jZfJh:In"qQsgTTE7(-@]eB]N,>4-08Mr]0A0t2ZI4p09tas_MHQk[=&_&R^5\]6TpDE\, + #l&MWu(AeF6*ST>SU4f?:KqAc^^'DiLnfe_Qfab])BdAbUC9#:nFgp[mFp/:%Uo6@kT[>pi + @Z>`&X + OWHGk<71C#Z=s6>.$h`W4jiR]ogH"(7r(fIlZp78Umu2i.+*>s + FR4jM6ZR4/D7Z_326\t$$2clF!_2S&J> + =mYQA-f%s-Y9WR^Oh3ZbXZf+^-JQ%@Aak\W#s&BIe3XC'CunIS37:TI8YR\PB3H3@]u0(9T + cpGP$.!#>CPD8mRjTtYm>ZYV1K-@2eN%LeZ['#/bL565rn,J_#q;J./Ad(jS"cm)OX,mVnRSn2#&W;bnE^G^<_%(@+:W_S>*QF) + 48!VBE<4T#/WpKH,`e%:QsS'D8Pn:Vo9C_B??T]'CI.bJ.=u/l9S;C`uhX)'/Ji."5g$RfNTDkLKFuW7]CGS76uD54Z`t^_!bZ + c9A3LrJ_T^24'qk\31_V;#QHdX)4lM@0Z@m@pBj+SCSg>*sc + bMo&0J@VMkk`_f6:1YQ0<$SA$]aF56!EuZOrFq[3:ZI)*;D9[/SA*<#I]6(ij&/b-?YuZe6 + c5@+/jaOR;pn>8)F(RlbU3_VUF[ZMpR"\;E^BOd*tR[VmIbF.l<^$@9*KoIEVORP66a>!=\ + kpCJ?I4-S5E>%RW@+J).`>27/Za=7m%S)?@qE4*S?10RR<,#II\RptbgqqQi'X=D;cW@0#U + 8dCn(h+85]?[O8Gm6'*!NL=C.+A@GXQ^+]J#k"td*Gb4QC,W]lcC_N.Z0F)dM2mN2n(:#hQ + ipnYqNI@0SOQ6V)W"76*M>RQ@r:O;I;0WtEs!;15OEfhqP632Ms2<5@b^iLH/cDrd=IU/l# + g%W(MXEMD.;R]"l*3L'eDFdp^X!a&/JW%U9LloTh"q!se'Zo*2fOjW-l@NZ&3WP&TY+T0s&@F_Z>-q@]32Eo9(TP.c2q)cnY.o(QM$ + X\?(G_gB^l.iT9#s&<[?6/p*9rr/N;RLUqKhu!D2"&=`s=8#73)G/X5*e3S?0,FDfMDUsB( + V-Y&3,l:$\r4_Z%QklAO!,#h#L8$IflBq;f'Uta!sqPQ*[KXtbOigO$+#pu?].WR8Pshu"+ + QJg8^d9>%\*_R9Hf[Ai$OijLX`]s)>M@!ct7NRI2$lp#9jG*+Q^N!^qX8R&Ks.ZTsOnpmXU + pd3,KIS@'$XgX(PNc(@PcSppX@j*t1M>U!?_ee"#qM)u6]5EOK-MB*#PLY;Vm.jC9l(0XmJ + @!+>sJ0aG^EerO>\9E'.1N!"!E2gS/t2iUWlM%TK8kE;p$?4hk(!(R8<#_F2\_r/>cp<\0S + 9C9;".d]L,hb3dPs$YsnZ&eg0:iEB6#\_Fs.V0XQ_u#QtrMS.Hr^fYp)HslEp+$[(7XS!iZ"39(iVML\:^R + rn=("_YFff#_F2.5PYUG14)p%'Ur.O'CARnX1`i42#UI@=h+8D;[nYrUoS(`4!uDFc.Z0BW + B?pj'jNL%0j/;X:]s&q"@3S%5nF/b&-P91"@6jdAH*2D625NSrnB@76(H*Jmp>ppWm:]3C* + kB>h[tb5+,1noF!qaZ*MIqf_#AljJiJ>SC@tL+M,es>#Z;lr$.h;@VJNC"'1%_K9'UA]"CM + )pC/pl3K%)W?^71pa8?mXuJfmfsQBVXsHKRPerIY[biBtWYQdc3d>]G!c9=f^r?Db).3$hZ0+iQNUO&2=5)i#P,'sZRG.B9"FH.lE# + r[m@*VZ24)J%r&ekP?/45LG$Q[6f*4UW:jiK"*0]D9m/n_S=R#E\f)0Fl3W=,^uHiOm5?^= + 2V("OWt-@K3;:BVdmcHe#%0C7gC6I$e`/LW9Qd2+Gb03gn*Ye<56pY;:!R,-9:;alckJ4;? + [a)cNKMJb#,V9Lu6LJO448<9-NBja&NZM@es-Qrct8=rF_!D17*0Weup$Op%.deaW)/f>lV + X4jGDW45#nWf/kS&+ns<_QeTW*7,nL^_U.R:o9oua:msid"9n$nZ_"cOXW?0k=%Z#Q*_oE" + \SsT.C%ZG[EQqI=Og&)Kh;L)$>*H.8/hC1c&Ul+r>=]0Wh=gXAr`B:1&09p8XfacKBHhQe; + W-]OIqtF*8YaO3pJLS:GH8UI>Y0Vgqh3IK3nQYmambJCrJNEfB.h5N9L$gFU.YBeO$YAqd[ + :(VU-mGfM1`bi`XUZ9P=UK)TW84B5&`#R'B?rm#0LJ@)@@4R*W.e;&+mV6*?%t7h8+R$9"K + sGqqfonS[T@S/%SoM8hnJdL46Nml2&GZMcUJcbhRG=^S0/*s,1[X[iuK]I!%].Xd0hG>*8*9]+,K+pHL6WtS-j[2IX@jd8"J$:a*X*1fhgNB3Ll,JX*^gAqVDMh6 + RGCK,JCoe^a$6D"oM7+N,<$tgu8D$=$:IQJ^o`mTS7B>Vl7Z3>RK0LNu?a4n@j1?_l2"[LE + gGEA\aliWb`%-Ji<3lNXe;5MQor0')NTCm(&\dJ!3`$Io#M'R#"8;f#M^+WFgX\8X73%O>IhdtIhV;qlW7cCJS3V*-jsW7,H(7l1X?epAobO3^PT;[jWGgb#Zsa$,?mtg/J#g%Tj(5LqXk][apm`SsKID/CDG>(o89pX/\qt6#%gke@tC* + 3jT=GJAHeTY`EaJ:tjVEP,SQ@'US,D'gEIaYlRJE3t4KohmNX+ehG.4\9^KZ-B&/uXPpC[Y + _mkqKNdB,-D!o!,9_^T)Q=a]cf2QKLL^4R-Y&>FC,pR^;#E)E-h/dd2,MS_6OX83eIUh + 4XXhS2(RM94\k"mdHN*g*mSLICFCg#@&.k2M/a")#KDm4fD5^U3/hYnBuW?rqTt?XfM`Ybg + hHqq)7(om?U8$2K_6R6CVk#`44pL@+Nl-g8&eqL$:kZ-4W($]U_/9*n4#W=hLeJTEm6+p_W + _(C?1fEaTmZ&3"@i.!+Gi=B)J40)JmQIKp@6]qlt)47GIm2g]h0)WmVigdd\`5[2_"LEMb. + r6NTGWRq47Iukp + NCR5?%^s`\U\0 + TV9FVWHcG.BE'1!045q7Vc")lru4l;^Y!Ci@,Eo8K^11TGK*\UW>i$"rf*iY45aamtm/]C( + 5k>(4lY\Ps2SV5g/n)GPM-::W6$=N"A5)W;\Z%Vf7*5J=cf?UKU;]M + JBS!.Zs\95bEoWDr^qLU + qEla3>oqOWQ34&\d-if[PfWT.+:*QA24NSUanA5\dTpj?L@$2\J27 + l0XDZ?Z\7o&=9.IC*Q[eOOl,+)95nF/b&-P91S*]s^Wm:Z2&-P;!KKXIHAQJIa+:*QA8/8A + PX7`Hl4pM3V&-Ss6:k8n(+@lqF'o3tq4mB,[EF&HkB2f3q+!H-k#?Z(G&^,'@9C+ht#?lAOjk"@3U;AQVgf4&_fOT:\ + >RMOH8Ed$+WK>I*/?idan+DtSm5l$&PDB`6eaIu?3K5H+V'7H/-qM>ear:"X8?SFos4QfqJ + b%40moU)LMUD#A,mQ5jPDi,0B%s"$!N@*G/"pQ&UB83UNL0])A1;^3<-ot^YBetj9*G]VtK + e]?iTV#s0u"@3UR=DJL0UbgNknTfYH[7\EoI6CsMh0&i@p4YCV50tB,(1Pod0m"bXiT^:((/pq>O?sJ%lE_dY72u`j#(Fo]ULj9mtcrcn(WLLEjRukk,UO*15?$CN4#TP63a + 0(D]O%YN/0d2FVH*'_m\"Ii*-U(-qo/:[c)gSNX\<+lk^rY7dEC#!ie'\_WD4(T;Q9B\:Bi + IYHY&JIl75KXh2O^u'mk'At83;:l+B1gN)mO0'Jk>Pk+*9+3ni* + >F8;bL:u9YFFY031$GmWL%E^$0o<%@#h`P`H2k$Jfk>.(V-^=OopWU4n@9p[LFKZ#Bi!i_V + B],^efIRLZ80<$cIbNiD7@RH3^IgPrBsYl<1USjh];%eG?]rKg*N@Y(rFH-oo-1,cC + g#l*^A?^;:RM&-P;AJaDSSOoqmR4)&gcKMi$b2*\t;I3:,f[@Xl[LQH%C2A)njRghmQ*Vd. + SZ4OI/MCMHU,i.`Gr+79;U/G;?j?>Oha@]QBFqW;U*MAN3AUTqP^0cjB#_F0W#"XptGQkZN + X,k,HlG-9Z8!lB"'Q&<3.6rZ@,S?L@lT&W<;XZkBBOr2T-GftfkO9.t?s;4hmukRBQnBtC` + F^J`*S;9Bl_FC2r_Gup"@3TRNA3aG#NdN%keu!m&6IS:'0qf;AO?p+2Yq"K6ZSF!Mb8b9c[ + d1R4''ZN(`kN9j>:UWoI=Z'XJLlT\W,gg^(;U^.hDhL&B$W"23Z@1E\X + ?'SHoZ'P:f>q`LKU;)XWauN90S$H]d.r-M95De(_UtEI0M>]F8%J9$P++niTR-g';H3^&4n + dZFZ*4>cP&O@m4iUmS`iIVqISbs(q`Y2mK+N'52:FiA7d^D;AP2:aY6_O&;[sCBElnT'pC^ + 'e#:2TMXF5WiTUL3bffa3tlmF/muik3sj[Vfb@;U0j:TtBd3d@EQ@+EJ1+"/,T$s4;Tk&_D + bfihX)'eHbN4ks)k6Z&efPV=KaODb]X-nIAn0"L17!;LB`_AO2G5V_=oXh9%5relMH(+UCD + V`^$E`ce>\d + i-^!*i?ot3NCPE_`ls=!-S,iEV(FtLb-+Vk79?H*BKa]XfL`N5nHEg?-]jaLKVGInna$_O/ + V04109rmV-%?]eO3=BoQm6Gr0Q1H):f;,_QAJ!Ee3PeG0plAACtdC;O8u)h@s;1>0\N.U`< + p9$DiUEd"O"jHO)pm+77=28#QY[i\J[P_!3ha`g<=9=rdt;+,(i&VsmTK+G?=[/(;ES5nLN + %,lLEH+G;-'QfH``Vnh]#n)?1)4bD<5k>[6[*(dS;6%L/7gS%>u'nkMTS+_lCIL7>@62\lt]W=@FS^p[e1##mW,Lj2^CZmb5PA"2*.[$"L1FnH(+Q:5/61"GTtmCe1&lBjY`!RB5GParKgkTb#f9b.lNP&b + 0^id@l>8Vl1-ePOCDiJY/DI[-gV+q2IjAk.Gt0\-C]3jp=ju`b0fc#_&9:9q'NX4`E27ZD- + GVK:k8m]"l4kT+i[VkZ]CqQ7H]"t*4W$m99J7N'I[uKZRfS`9@GojnrkW+Z*nu%rl;=ZASZ + S@E[>j$--$.b11hJM(]5lWS/1f\B2LaEcQ:ef;Gbdun+Ik(_ + s$Hr6L_U8W$=VPFCU[JE"2:2E/*n:IBSs/\5FBM>1k0cC#d8tBBAT>u]d^_r_IAL:H$"b[= + 0t:hn5>6XWVi,#=uOseBjT&#Fk>G:jYj2k2P1.#^H\31b.c*#'2A#Y&4$T5-% + @flW3l]oeL6_"m9(30R0a?sCo=bio>/(ggm+-]\7ao1$UTu&OjoXTW9CDFnJPt0'OftDT7\fe#hCC]Y3(o0 + ]^W>iV@^gs80oDn46Y/&c*HN"B5#_\B5^hIG&*t">[tB;V(,[b.\b)FgT`%`4'VF;V' + q/'he5bh`^0$A,.E=b&-&#OqZHPK + QeHG&tHk-P#=h/tVg"Dlc2^lnqQ>P0E:3FeT;ARUjANP)hf4[L]`^[\oBEI;hX]DK0QJ5Iq + r_fePb6^@k-FjdpA':kUqC.;>70uKVnY-'sUb!h4KIG$&1QEg'351M;#4Rf2^8Yl?-GHbP< + NCQ0.a>geRP4HUVPV6<\]_rIFaFSs*TX"=aQAe6g"CbL7#G^#;JtAl5mZEg)[VdZA14=9)Q + 3DNp5_]7Xk^W$eES?-@lm7TQ74TdIK<8a*h9GB^rOl$d1P?Apne-.L`g7XL_aGlV7sjsJ`l + jKne?Ujam92=HAgRmM@i0r)n?q78>B>.2`@s8UPY,dPt)iCho_]\S@7t5N5#HfVuu-&-^"T + UN,NMX>S+'Zm)l49jEt%seS)[_gZPb@0BX;/H$WQ72.tVIi5IW5dMq*HrLu2VLs/9k,)A)` + %gp?M[j+9G3X.X,)sBP)QoU8l:'hMXW'CJ79?CW$<1,9I*U"@(5]34s\RFnk65"s:W5./Cq + jMJ!k;ATh,=6e2*"F"Q)!F5&TED`5ks2PjZe9?D0d'Ic(I/5r6$HRi[F3bK*U"@(5]34s\R + Fa)PLC + 32_ik`]g)(5+.48gr\CLT)kWm0R#BBnea:31qMToReULgV\;B=De<'K5e:I>;B'%%SDX_4ZTOXVs + \Ub7OL<5"d:(aHlUlC3d&3$MQb.-Z6")hcA*CB9S+[L8a*d"&bTED`U%ciAlJS+i^:C:?^5 + XepCnim-U;IcSqb4c>E84O[[(i2o=<`@*H$C@7("WceDkWj$Y"1_iZTR#/aP(SAa1gc%Xno + f(4'r7(ms/H=NosJ29L^rL^;*f*d6?JlQTED`U%ciB$JX3(KA-l+8.9;uV?%:LCK*05ljm" + l,:MS:.>Y#UjZ>F]VUS%_"JI^aqjM91GUrD)WJJiGhP"J7\QjGG7f?Wk13fjRm&OE_O!MBN + 8"81*k/0%4%Alq;h?a+A*)`4Zm2td&\akIK4M#t/G[GW;ZC8a$_8\;gkWm0R#BBnea:78s/&PmF$>2=gKK'd#"0__Wk%QV[2 + 'JaRJCtOg=28V0Y]_^]/D&47oad`L6R>pb;G)!kW + hX(#BBnea:7FMVl^AkXUVb)oF^i8i4u\Gp5(f9L+57A@"gnM?D]pW++oGbmI3=c[FQAXqqd + I>LQJJh.ZG"qrc#OQPFC##Om`)R#$/tZEA&rd:IS%*JW>@FNTgK_bM\>Bs6Zp^_b3b5tA1Ii#@>d4aHYj(?\iG + Crj(^'6cDg'H'% + mHPWn2+o2;g=>)6pY*\.;g12o@[O+fpD@AN:j8"YjI-/F3]rK+51*a9k2S%Ne%]$#!.hN@b + 5jM#EluVX_-OJ)mL:Qr+P,`XF$W#)fIsuC7_qY0@WT/(G9f[T!R=Cf[/8@I^MN4i9R_i[=k + U+5B6G[L@&$8kWhX(#BBnea8p!s(`NrY&?^#2$umcsqW^(Kl_p?JgB,lS4@3:U%aX>tVnLI + lT]p!51X,P-B1N:L;[4"R*t,%;ZUeC:P&2:k%Wi,$+?.YuPt+&(RLKL6fGZ1NWK-0tNS08o + ff3`cRCSX('kHD'?-`:VuKJ&J!JS!ZgJAkWj$Y""T4BV?gB94FoWuDc + >pg?-]qHm7=YsBBKPBTOXVs\Ub6l*+kB\flH"riB!%P&@WnS6B,pP;@_+YHT?p5*#Q@MeZe + 6=#8V`#S2AJ*%ZHB'`9ms;k$BfhcNOg.>r9j`km@[8*AaL*=#_mFCPlQJ'b4J$(oeiA3RE/ + f5jH/4!BU>bJ)@k^DtKGsM[>T1E6(kO#*UTC[^%dZ+-SNdiBZ4)?K6L"nnVeK&L.4]U63Ug_/YuE/.F[\;E=ZCY'MSp5>bZXf4*uDm0E(N(:J,#Nsda7opE8XLT] + L_D@bfPDO;s*cX9>'$Q*&MEY][abb-#:tKU_om3F&>K5[Wu'BH%rEN-$>n'dR]h@_:kft_L + X.XbO>]4$XH^JqCTsqf7i"%OTUe],b_-BLhdu4*$beUYpgtOWXIWX0BF*1`k+k`\<#Jo,:,)TLcZ&N?9?^`uo33%p)@S]l;<"0Yis + (G<]CI,p$'*-fEm;Z7eEau."<:3#3YQFFs_nMX7*=`i=W%fF=%&Tj>'FPlMgQ#tqkHV5m9p + cbo)1GeX>d0%.#?F=ItMrRcR'Life3fffEiNV*qEs0$Z3A714h0pG=(7o";o:=sXLTE\&!j + kcc`IS]Qt]Wb&lg2!tUp/@%3O!J%Y0-F6Z)%Y$5j:;UXN^>3D+P + 1G,Acb(1-Po:8ei4CNLa"3!q/dFS(TVj%:uZFin\'lT:E;`EeuV]>K4AKp=^eV-,,ZBB@(& + YNB88qAnTL#r]^8^YYPQTVB/U#Jh^hm'WnEgr.7;quC)VnWaQ%NP6YHN83-qnS,3bCoQT8% + I]/i7AmlLHA:s\EJA!AK&[a/$.^%/)CLHZ>/!4lpnVIIGji[b,p&-[e?U9e=6K&tII(M/\lLlS7q + Wms9$d+%@9EV`6U4;)bj3Y'6E8XmZq\>Ii&'Qk:8ltWq9JKjV=#_nMfRV-kr<"9;%#_9-i" + "e.X.09i8dVtr`;i^E308,CE,nl3orl.k-'6lOo0S2^m15*=kap/F$.d-g8uW!@G^:d]n'HWGJI^`F3j8[EUZln + pB^)Y-*1/<:KrB1`jE`Yi^0@h^"EOC&.&:&$]Z=l)TRM&uFJ*-:"1`smFI_u,0`#J9c*eUZ + ARbeXoQ>A7V+S*;Ek@KF24)Dm0_Lr+#F[e7nR*1/:(Q1aM8V0Tj9cAf^R`'(UZS@!>?3m]V.J_WKqEl41F03 + E]G@a=s:!4C_GHoE4)4&@1B[W;R4cnWmugcu*b_j1Db"I[-%)7mVD!'Of%SeH^c"^tu2OHf + kfkSWMKDP.*B@EX5L6AaJM1N'k.J9m\FSe?Xb#;Lh$8Q3ueNe%]$#!.hb2B8Y)MCMsMIl%7 + P^-]$PY>S?+\U'*O(1!kL,5R2fd74cnWmugcu*b6f*C7":&/A]En!oj\H.JgkR,_]?$]K*'%S#cnWm + ugcu*b6dC6/@DRu5E*3LOYL7':+R[--S#p/HJW>9kj9@Z,)fcE^[Ts2MSUt`5Up;A$+DsS5 + E4Cl."4;[[JI^`F3fk:9%b)L5E[hXS%Y2(3Se6Ra&Z:=Nq46_7a$9lM"!,Gl)$aI].Pql.E + BAEYOsbo*mR1JsY^AZ\FJ*-:"1`smjG%d^(52olU_lYD6>2;ujcS;SbJFS=IHWr:5R2<3*Q + S]U%Ql7@E,t_5JEY.H&;%D,\nE6SDBCpd1!kL,5R2>IWWTS[_JQ[d[t1\2XKLV%+c'?b+[g + *WG+f!Y"!,GlFQC39O6f` + "gM+-t*[__ml_Ht+[0XO3Q&fiL]bkhougp4sLffhngF40Y)5:i>/J5mZTl)[R+0X"q;'?02 + Lb[mot[gqLaB[ES8i($,R@i,tH9])WP8s)X_3#R?8;'AgndZ>q=G+Ds`t6,C^=oh>V + *G?j1U[KOsumT.(Kgs/\PRf-K$,9&M/?fh!0WE)gS)r!#\oa&**HDB_7B-c*];EY#/1 + g@^=K]cDd^gSq1EbC%JmRUZo[4HV(J>tBT-=th!PBa%]:7=*M^VDY6Rq't5cfK?4/E*.brh + @fAPeC8@"Qn5\l]!6Q#)C2-R9jm(pu]n,o>"9`]LZ9s>OrqW!4CDKDH`\[_ + +;`;:IO_XP^Q"[C&Rf)t(P@:A;R2&^ceuM;lR&tEKjjK\0+2\?:l5<G^SSK!aUFC69^O-r@Pap>sNA!0tZ)lm'PoO"^fX)dX5L.iD;"b^XJhj*5=4 + M6c*]m(nb@m`'>#pH$PP=:k[D[!Hs)$GQ$.trb36`$81`-:71*0hW"X:?fZLi6l]qhE?;I! + cg`N-&W_c.MT]q-"uYG0Ob&?NoTGN\*DYlYd/nCH!\^CEqG\SE6bnC16=co#cg*l"REgKlimnga$6c7<^[jYS`%="#*c#uRcKI3AF3A?*hIEbg.VmY + Vh"&jXHgEVLe6\0p-AeC*G3cM-ni.Q7DJT*c1]/d@HH':c!:A_u\c(QSHtW3Peu?,KE4[VJ + mBh'h1Zl.(QK/ssFO:Y9B"2fidbQO_h;F.4L4LIba0e9M^\C>nR9+uoP@^>B:]D0NK3uL.NK+j^k6-+fel:'m1hA>UV&QDq!ORcK2N@^K%G66T<;3q8 + ^H[/6B$8SE#!3H_\a66)Gq$%k^Fk=1#72XS/.qPZ[`>=doFY.NJeH\..+15Bq0m[lX/,Ytg + Ojj[OoBLi9IW"@9&V]GMeKXn'<(21nCL*t!V0%t!td?Bj=c[M6ai_T>E0,Cptn>>]Dn8;Q4 + Zr62KDT49el"E=O\CG?!=R!2ZB)C@jklCWSL8Y1D6Oc$F3#Mc*bO3h+7gd*>/.3XmFXHinO:Zl/cVR/8"/2%I=MG,>m5 + W,paj+XVp/LtN&c\.%3dj$?#M'i%?q7Xn6Nj:`5Z<'BClHbgP5Ng?d?" + (&VQge8kot,`c3*,r_j)#]h.dq"X@iBPA`a,&f]pfr:G-GZdBp%iZ,PNl=4% + Jat=?_')>aEg7P^\3mI.o983$Qj8["AtfPC`-p$F?&<(?P6Ap4iA7g)51gC2d.e]C!?t("E + G_"#W#]g3i^E8:8boNZ2\K-9T82D6:8+oVaoZ,tGmX.Z$32)IB34b_+@p(c> + L=(pCr&-H&-OF(ki=.5q5UFlA + j4DJE*;R#_Lj?AFKQfZ$K)oSg1`+RaFkQGbLJ-^bZ,;j#\lh>WXs$;EAI_g1]aDF + 1^5\FcD)P?.'"HaqlI/'l;Mk@Vr&P09Siq'[[4spKl5tSj4ct[\uPV1hZ9ahI6)_-M$AUpm(?B)-%=kMoQ1A()0+C3F1"RpE9bAgS@1G(HQY?21nQ,er.,Dd$lKn,(]&hth]!]$8T"Fe>R( + h(rcAl:u>T?3G6k]"gMV:m559V]ek+Q2&H#!l+PId2]EsC:(25+M//u(>Rs1(bI<]]B`L?7 + d`I-.A_aO"m]`CYob_=j\[h/]P(oA\Rn>,aNXQhRuFZ#bUC5ofd,4o,k5I^8MN"l8QFZP#_ + H##Fq4Rks6E[5(=p"(s8*=6+4m]UZDqtpkFj_2D&Y:1oJJYjI^H*L_;Y=:-/ZZFb=k7V%ZWdPu&9hR??u!L,W]gdude>:5gY1RKYDs,e + SFbEp+ib5c'a]I7#f;c-K;$Sl.oh!5An:m']o1`rm2gRjc$pO,HjGIU + 5N85:`=PWe&5%7Z&L5b+:-s`U4'l,mp]:hKomTuG8-O&gq-s<8l_JkJfk>>>B>T<0X7Y(_S + G8%h3\1(9\nZNNH5X66'0i[,@_E/IM]$\/G/.Lqm*pHGA;*P>m*G)`7`(*"&;$_eRtRG]DX + oC^a?D)Yk8BU+:-tC:/+\;-bE$69,Dgh2.3U>3+!h\+:-tKc:h1e-D%1$ZS2sV9+$oKfL5Zcms?Wqn7T'`*.Vgpbm<_d,>=SAXM^"K=#nd*KrF8?OiS+27?t(S2-L6I+T_Zj9QH\TKr8#Yi7C+ + Ms=9C;B^i]3XOV'W<,"1VD]MC;9t"KLCo:9u0tI_2DE^KCIlTIfm4$r>YoO + 4Ib='+**b7*c%j?rhIH:%G2p=jQYRM)-$4$E + eP6f*^_d*4]_8BBCZq\HB>ndZ%9V/&i7H1FXiPX2b3g8$mL1U!L2Z8JAeDAUo`P[^u4<-g5 + o92M@"[HoK'`;(La``=;+p#CF$N]:G4a"?8?iaDP4==ae''dmog + $g=mm]Is_!cAS@X'i[YiE3s^9m8.YgL5)fH%WgRdYB(W1d%6LeK9GIUK6Zt!Lbh/LhDpjUp + :-)/Z_95I>Is.qAKL;c0#[rGVSU6ma-OmU8k5%"Dt2b365U0VmM=t?MTR*5BBOs27&*# + jrian0D$i`!.-r3i\kPH7[TML95!=40aT+lYVFIpDR/rL_Nb2VRqGn'V#Go_Qp54RU@e]4T + L<*^1qn>G)$_0n+0\O!GOP@iDCISL-bYY;o)aX5pI%%mKDs5XP=b/3X)KcNlgJZQ1oRa!Nt + ^0Tu=\'Ic8^^n3H1=D5=Pe.K(Fd-s5ch46n@';&Rl()ohMU!\6;s1j&7k3I2*p`,tUL5%'/ + pgP_T4H;#'$>FbUs-[>2j=lVIm&b4m#aJ2.Io'kHkP+!D[bH1U3C<2/=#l;Qo#G^WqCVN,k + lai_?[f9!FU"cX&L8X3?ZSE,)GmZL"1/GTl["5%n.D"+8n*MDZK_9H%?M;,\W4t#AZH + r@^Jq!(NG!&r?YVFgDq/PVE;WG`]bOogQ)a3"d*FPjrPUM#j.65mUkK.qDYc6rEFXk.3^R' + F2B[)!1*47G*Ysc>q5)78)Xs;X770G,Ha/f%o7m3KA%PE%PV%'-X3pjd2)b#b7M@2ZO(okp + DgfJ;)PZ#`e59`GNQl'k`s(EMf@\/!)hO-GcPh2O_i1FQ6ZR)JMaset>Ihb>91.J`\+:nr] + =GpNScQ?^j<#"DYerT_&B+[@U!7>]T9!b1]ZD=]lj+ckg10,a!+-5PRh8=9F62[/A#QXlO7 + iC7NSNYPN@'g,CjS%.YN>JK(BjUU6Q@;*QBgML(hotS3'[0#AnT:N%n6pn,2_$*$%hM.LDJ + g_i#CEFC=Ps4qblZa)94\I=_dUZ\U=tiQP=:+!'hbq8ra2_q7UB*DLY7[mXS?=X2/a`;djY + ,"1]-nS?c>Eoq\^Yb6ehW*@TN?1PFmKS=`fZWR]nIm9?I8fP./L.,d'>kL5$%N,NNde:DXG + Y"NT]>ZQfrltk@8D;dCBYZ-9kJe0-8cdnj\`@.Sn4=.?&]WIXGMXc7$]i]10h#NB.`qC?GE + \pp5:C*)#s%&3\$RK#'5gpI\VdaTP>')pU73]j + em1+$.;jZHr:/5_lT(5^n,j77phN^dY[PW8S[7F.cWnI9m3"Os!XDZs.iCPNlRAl7[(;Du! + L!$6k031:tna%Y5,N#!.hb7L,)4[_%bJLkm[f(GoI7Xl$\sH)l>i%,FS_/;-8a#+6PFu>qnt4CJ1&4e"%Whtu+?.Yugb0d<$B]0.fsgc6_FOlJI^aq\H>Dh=AX:@DaGH+Ra70tHj1b`>X + cD2!=&fos/k]c%OAe=.fR&$6\90gqEtQL"?MV`kWj#f307YRKp?j':W-,5^n=V\NO'80JWha7W + 0"?MV`kWj$MEhN+;n,F,3J?&eP*7>h"iHWp=1],(-!1alsl0j['C4l8/?P;p^ch`_H$4%tI + C[V:;22c&Nn$IfF5!D/Gog.C&)4`e*)]Ht/K-Pd&,7W`/QqnJ@YPZ7edg<[Zb9Y+MWs@I(& + ^c/d:O#.:(#mCkh%(#EU%(cl5ikp.dk3ga$U,mbT4mNk?:0AqnaR/GC1@p^#8o + qVk/Qh"cn$(IVH/cr"sO'A_phYP>/KGK + 4>`lB$p3:Da5fb+,E+YPJ[W8TcYO%DYbS'_o-s8QKaq(6a'_`U%aR97`T9S3LZZmMctKgNo + K^07n?ehFKbWb(UX`;h0-^"]q.jp+%DA`N1SO\oXe(!A%W)*JejD*7Kt^=NQs)6[TVn;`jG + C:2F.i[V!Zf>kFJ/MN<,VnBKA935p=.k+m;1H5R2<3*QX3q%\so-o1W4COfdQdmeL(H4`X( + bH\Iid%HQ`gkqI(Se7S_^(m?)j?;[*U=j*1$IKcpZNu7(2m2cCCauHVbppl^810_nP]@lb9 + qY\$0>o$1:EB+2+Opjd#.EmXU!-\itLc`%4LGbC>gu,uFi`^\jr::3m:+!=ZQQMC'\I3$?\ + LP$ZGm'ek/-cB)].2I84[fT:"?MV`kWj$MFW`\RpZWL!b15Ca=S&.A/,*)+q>rhdn`0ra'p + lBhjM9G4LMZAa#Q>p;>nT,p+0&sa"D#$$'S(] + $"W5nAn[qT%J,1KkK#]OYZFWZAa!Yei%%j>,NLM&^p#o$N!&M\5:mk"[tOosM;'9\%[#cDo + $Ep-+%)DEe:FCfiLU!XHmA.YaV_b.Jc3Npg.LTfHPs7i#PJq"?0jgC11nr6;V^^TeGfl1 + I*FZbV^;")3[i+)UM-qlDr]"%o-!O9h$Y.gt>4,D(HTd.+AXCJhQ9Fdj4XbQ8`'h\f.J2@b + .)MG,3+dXa&CGOA%`qRKVj5\e+i$@kTpG4XHNiLmkOd")[Y%cdgTO;laj=:uNMH4s1_ZB^M]l+ + fs=ls + npUFX@afE7I2>,R*CG%,]Ka;9J_?#Y?$>F%OnCOC"c=ktS@/p_V[Dq$#NJUe.3] + *uB4':_7,a)+JCVm=+dJRfm>To7OWQojf@^0')oVh?,*pNZEh3D_X>TYn!\)iO1V-F + #Lq9CuXp309HTl431Hq*K"&#Q".p4a_cHqH]_?5c^UQ[t+0!#EFO.pQ"GIT#T%nV&W$U..h + kb*^#fojUS(F\:4m4+hYj3ad,.<.]==%VW^:#5R2<3*QS\j%a;r\&J\ms$m_Yh(fAIlIc1& + TpR4)r`7'']#0GN3Ju$uc,aS!:ZiBAmBXopg>[@B3hLXCS0^1.1Qk)PWV:V@&4OiE:#N*6F + Y5J05f.KFfCeS9\LSf7h))RnM\0Ck^k`:^nG,NZZ8S^!-`T#^Gq>9X0DpS*C`cR%Q[hLF+f + 4W/oh&$'9K`'a]hU?KDIu">WoF<%drnllj]?fY+I3iS)be&<"4nZogRMPk:'=UAC`q8d=1r + ZONlUHA)_Thd]BDB_IqtLU!RY`?:rsNhiGQ-S4391$S"YOoYaOtZ"HQHi_q=d#;#@n2seot + 5H%Whtu+?.Yugp$'/Ej.[P^k``.[K]bOC#M>JHP:^j7iaO0huiJ$@<%I_YJ$a,k7pnE:(^p + g9HEm9N"crj'+6f3;RnP7FJ)!o"1`smjG%d^-4&5)*/iGq]0Er? + ATQ_B?S1iVA8#h-`>8sC#obg>*#m(;Yji:PJ^;2Oil[>?n!s!OiP`H[Qe9Qfp#I2-9(+62j + (NP-6_FOlJI^aqFU-b7iqZ&B6c^;OYEUDGm=SiEQ(FShXJA?ZK3t+](_[qB)[?-o<74Un#_ + 1i84]YAN@.VDSs'pBBWXFikIXGmrq&2<@+jbeq5R2>I\c]?\3<3NH_U1'2>V0]7MfUc>=T_ + ==26Y;/2K7e?`iYs;I:0"W`)?"NM\miNHEY)=2"")iV_irP`BdCU39ph4h"g'-4$'.*h"3=Qe7dO2eTU + %ff\3pG:",qXUl7Om?.CR_ARq'-69JkWj$Y"1]T8_"0l2hfrl9H&oc4jijE=]Gd0Fb+B#jF + nK2s@,p3@A%E?p3!33%5"WZs(UhZ[D.=On[E`'=^:J^h^(Vr]]eaSOZCSZm&Vg?V##=^549-]C,id=e0+sZaGR3U + F;)9Q!n*dV_t].:VN*;Emnd=f6^-u=@sQqi?$VYT=au.8nhkO?!NFSfe'44YfI + a#'JHZ&95S=Po2jkNDlqHg]X,m\m.WYiR7dV$\0'Do5AIW+N(6%+-LH^Bk&9,BSWSEZhSi4 + s-*#[H<'HrC7a=#eP`*eGm^=CA-sGC]i(9f$:j_L\T;W*SAt,h%7gAI^QZ!Jn'Qro]V%rVU + d+Rn]]-rm+kIjoZ<^`;[LJ\BJ&%Z5h@i?c\42B&eD^iD4\uAl$<6Ht0/f-%be:0ptUG%hC? + 2Ygj,J>u;F7[VBrb[,_Q!SfPSk0Oha(*2j>A0j`b[eeJ\-(k#Pj.9AJ_0Dpd&,E44rJ`$KH + 9V7N\_L[3LYZ9S9g_C=3g1G)]re\KP%Krs^9q$1pn[WGnUX.0R?h*g74U80F#P3o[OXIVL4 + jLALUB<#p1!BRohB_dZ)ROrS8!0OFN:=o%a:-/5PHj)*FjSbZ9.5/0XfVc]30`%4B9` + ga+47;(2Th0W/&^t-eCp"e67s-@B;Y3h+8+#e6-aTDA#92B'>cG5g.fC=_tt&j<>s3d.1)s + /S:>ie_X7Q3AB=\5$>tpP=Lpl(H]`iQ>'a=BVk]De"#L7*SUVs!^9bl@e#s;j+lI>\Zr[Q4 + hFKl\G`A$F`BtJklGb,NTgi+K::r<*4[]mCk@Xn^.:,_36-R\=FVsjnBt]W3,kJC._["LEf + 'rVf%K]M!G=C]TO=&SZPh&-i)T*J"i^H''F-8"IOPBM/TQRJhmIp*N6r&SL'+?s1dcW&PAB + "[AtI\bo]9eJp2",qq9CGHS1$1M*Q!GY"8D;#9@tM]KHpc.'Lr!l$M&*RqXc[ECN* + O-Xg@+;HDr`_U:Qp%ltKBlIHOJ4]je?bL@Ri[@gS#@0Fre%C$J,OcQB-f$WUI]3Au[GN2cX + JD8d!.&Qm)c",DC'o))'PlCp%_V==TYSemQoNtcVfn(&Vi@pRWK[[(^& + "9ub(9$-[GW>[CE)[X[_sU)gg\+oqL!WY`)3Fs"&Hj=&?_AJW>eS]#GtYDG"D);kgWG,3,j + Z7[9On]b)\piE(W-0XlY!%P]WN[oYEae.0mS$R0HVg)GkP1g;@K=@U]I@$[Uj[eorM6n<2d + Lo]VIO3-n8`dCA'.SM57IZoh!gSNN`me:So4s#r-I'+A2$ + bo8hoXRm]2F5O2F+k[lE^oVh-[[Lt?4/N/iGjEVJb5]Ob&B$.r_[]$,GUjhA0]RUQcoY)$' + Jt5]G!EJme+h2]n9fl/VE@A%H8'TpV##t.KY.I-`*H`c9L;L^L-De8Bdo)<]rKA^l17@n4a + %Kk"&jP3QWId@Jr)W>hL`/EhGh + Jl/1@lD('_WHgHKFHqs_k-]OhU,i9@aTZtG;.=M&j"QPNHo[tS9N"Mk*; + rINm/S/?l+fXd"4rH,*Nj@SmKN9:%>j)=.i]sN55aZPpmYOI^g'/bF@FF+>iNOD6J+;ta+> + f](o:B@?#!p9$3t2>WaGU"X:TE/"%PY@=/G=fNo\Ts"%?&rc[Fi[*:LF2H + bMWiIB$l1@%NaW"\&Fp')!_:X981*`@#hbn,qN^"@fn8%LVAH>&&sF[s+@;jfZ(6[??G+N` + SG"sG957eFAe!QCc+8XPQTfjf9#m>_LW:lU'r\<>gYcTqa!SR"'7H9iOkkdQn'/DFlL!k;S + 'Yp76;\%bmI_7^hp,Jl^(l8^mMAk)7#b^FJ)/oTV'jl]^;fk9X9ZIUbPD!=q>A8&?2U.:qP + $+"NE8(A7i>m6R7emjSMRp\Y@3RDr@RkC!&VOE]YhEVg?XLMeS&nF]+4^]1WahLSC#IfTMG + /[T?:&D:5Q5S452'K%)E&4KH8JN3F)"N1=E5VR")Jq+tAL'TO[lobDT9D>)2:nY0)KascP/ + M5d'\_haX=Y71[Bj]:&^Rm`ZbIu)GfAu@Jmd33B8*@ZFn=^\-o4EB=Y1Lo5Vf8;_I\E$GKE + I5$n;_I\8ZTT.*,)&i7l\k_S0K"e'#+MgBTef/*,)u[*8s/HX3ttt4N0m6e0m=4i?$]4q:o + _T_U>-bF;9:f=,G0sML%oOp6St)o;cQ0/H?"F3X=rnAqdN+Po[sC\,g^L1scg,>HlGXID+T + f)P2SJa_#HF>kWaOrJeo>dg'sriE>DZ6O67IUHsYB^7p%.9KFi,Sut0tG<[qRD!0=]2X;>B + b8=[`.:$)`gs$]V=AmEA)!;:7$(NN*))t\91Sc!-a][g3)WsI\KC5KIfU`I[M3]dRn+763` + .9#Wbquq'V1[Q3\W'dZn=RNd?K]*gFi+^\_:.V`-I%5TrqSiaO=f$RrAO"#VDA:6nfP^YZI + K0g'nSIO5,qE(0W)Su#VSukEa8sAA+*,iJ33sQn^N+gFo)::MJb&]e*!Uu-4V#tO&-Jl0*s + @u\i>Hlpq.m+_Udp^`#gcS/K:3*^+,Q`g[d_,BF-KY9+Z3rl5`DHAU:I#K%Dr42r,)dGb]hFd"Q$NXV:XNKZn)2_1 + ?]Z?N"_d(nNLKqR&I*quG41eoG%G]RGfe%ldGZXE4sM>N[r-dafJ]NUEO-79I:E=[m(HY,6m"0FZfl9P[/"?MV^kWi`N33ZS/62=/7!Ap/lFdXCHBdmgiSkCg + [VI_[!"+sjJm%S]Eb]i\b70gR_2(a1sM'mO:6e%rKU>j9E^WR`_/;J[&IfL;KYeD#ta!%! + 3UJC:AY"_/GnF*WNsL&e:RGdg<0Q%ql/#PStR`YAOV_T'b,>RL&Ar#O!=IL^q)f&@d1CAiqp74fGiJ8K%)>2e_`uEuj3FI?WIm?5IfU[=NK'qmS;=Olq4Y5mM\ + m<^J00&Y0%"\9l$O;7Ta1Yq'Mk\Z3RVm93k1nA'SOh2#f$QI4E/*T^cU*mXcN=s8dh"q#Dqd02iT/_trcd$n'0s;t]5@ + tORhQQmj*ZVIj>jCErZ0dWlIJT^F&&7^[$"*&$&9aT7mcjDoLcNK0_8fchOhXl`ea(`l>K( + DdZM.>Srj)4#H1`$L^U:Oq^3j@=YJ*1ZGBcXIr#'G,GDFf:IeUQoc[W6Z:&nA,k[C[X=)'+ + 3c/e2j-)k.WDJO?e9qVTVJIZ4FKEKb0`pGk4F*8,1>mIJRLX_?M9c]JFA[a:N1YR.G?M+NE + UB>?7*QSY2+>Y8_(gXi;&.uZH+Suoj=gBgnF5['lH\q`'dJ-eD@jjCb-I@=f5R0'^]E>PhK + 5?Ai\KAWY\^lg/C4Tk7G[^A4RFa#\Uu^U,ii9=m(cp"jd"0D+#;X30"*;#Z2T8Sd5Ce3Af0 + VtWF&+/RU_;tGm]AlI,in;sY#_ER%^ZOa+>_AqbV8KN24&2j4L5$6?Y+:N#ZCEX<@^R/#MK + ;AO;[7IAsddMUb0iB,4"'X#EBKdmMJ:hX3nkF%^ZOa+>_AqbV8@uJniSs=Gc]+GS?F48+%( + SW`'^c%^ZOa+>_AqbV8@ujQ[27WkpjuV\n-A+:Q?SU9#Gi%^ZOa+>_AqbV83F9sDCnO(eX^ + gAj3.&@k_qk,b`rL(:QsF\))4N\B@/F"?f*83J5VMm. + 4PTEB$4*QSY2+>[nV?q#m$/Z+Gb!n^Z1;aM$CiO$!IK'5Ih5R0%H*QX2o*11!K:8']iK@.( + f*s?R)$N,P"/KTEPZjCgs1XL]sW9V0]P:(-']YOiafCFk3`+_cHdObYDBG9SpAtT6o;8n+? + =RJe`inFXB)Y^0r&19gYae`,I7gI`N3fk6C5\0Bi2&Ei"%(M9@4&05EtkWiaQ".<$.JYg1f+e3e6n7O + I=7\Ejbu6qK-oKD5K,kfGgjrNe/l4%aQpUbY&69N1!G. + 26Qn_Cfh5(u*P\M$&Y]_DK2^N/Q2>q>$0a-rCtNa>PpHFbNJBKdmeNC^$Fs*%3[M`(b8PL, + )J_s%G'F6Rlm`^dto5/HE:bger3e$l2#f%<0&TYoni9;%UgJc%iAEO,uq,e+s?CX5nO7Pfl + !>9eD=b?Y?2:[jVr?0[355(Fg-rV#iH0Z1;%p`[?qDP2uET==CT-#[4NulofKBj$K/_Q.g1 + PHKaW?@P!?D[YC;K.-=&,?Mfafm`RGpPS`EO_bu&L!*Z_B:7_H1RD*DL\DUg#nSJD1Wsd2q + 8H%O[TYt@<WR7_Bl(%2H&UZ@We?4l=1Sb(0^F0dH=;jAE^-](r1A!N9r'cq%fG3;djb + "gkWt,8^nI/?kc`oh6Sb<+$bXATU5^sQs+G_gN(s8C,Rq%I)2pc?aRX-f?2$IY=*SkF-C`= + /+.Q'D4/;\;WA8oLcKjs0NbEKou5Uf^kC?a0.RUk_=;K\>7P8VG]re6NOZnf"=g&K'-L]XE + R6@!Dnq<*p.4Y0U[mj_T=Wsg?4ZsP/\eG+s:OpaSPWk:A`/q<7:ZXRh'<,u"roBN#a2IiT>&C"pi+MNdArL&/&/M$f%!gR`"WMqpjC]R`F8pGZ>7Kfh+tOr* + Y8'*'EB0CG5R+8W:S&$TLcfEedI&Vt0EsolN!NDfn.ES`JeSeJtUP%3*6=_.31A?\,f`khO + ;;0k'3>MhOEY.u-$dB>Wf+4?Z^o,G60a+kC;A:\s$D)(ZS!"l$`7%p/;G@(P>ZFh)Na3RZ.HTR$gDf + b&>[%%1o^Qb&XG-G=DB!D^*GF`o8h/7Z*4L3&#i*\p?)L@ffmD&hZIaGVD08c*K]P\%&fXE + g]h48WF0>T?27;oVG5YYga)V*@nQ0WEA,@C#3$F`bSFd1$F>hjGo9jb=fVG + )$!f^'.8A40^`$XtAc!%J3\Z+c2,nKo@A)c%\=449`+p_*0>YVtrXM,5Z.a5m"+)rGUcRt9 + X('" + nQeL+@po':XL),.WOT,"@6k#o_5coNISr7+B!,,oPF^)UB(r0Z'g3?>le1o9<7CM5`hF4jP + (H]UB(r0Z'htUblD:l0@ofA+@o3Uo">G!>E:RI,7%a'g41nPL]LlGlM"k[ER=C%O+K%-0.^O)We+4J1b&HoYNaZ_\*E#\(,kiBDfT:_8B9829:cu'.BqhH:b + [7F:L)u!fg6%@hhbe0=S4s'p,"Vp?M5q?;!+G/)RnoH:%=`#Z*UMT(glC_%cb3q9]d=WP.c + iA0pI:M\bk0"5YLa1*6P'H + 8Q$oSf4NdH]O7]'XA*Fid@l`F2chJ_lY0lVj59^6Mjf=.'N?arFA\-J[a@bugHN:Y"';n51(6e + (FO31fn56,7%a[p-&qFI;[R-=]cgpmdRej@u%hk<3M`)F<%c5U.O4BD3)(;rr'Z]@S/3sYm]5h-U+:YqmlG=5(2P,==5s`JfmUti@+ + (;rC`tmX#>b/9!+hl$frb65NsZ + MYJHuDIQO@F3^*[4&17%%h,U@=ETnlkCgB,Af:]8,Db$5V!OZuV,W4NA>!ua?9(mYZSE`o$ + kOTE#3,L*r+:(><[_6OEdlL=D:(BBD#[G'6DLo"^_k4B5!c7JEHRs[!#qciK' + 9=X;?)8L>M9o,%:8XMK]9EQa\=\/V909ObI5P*.)^(`Mf(Y<&%P/,i*n@G>S"s!f$.X&7FX + g`>Uc_PR4-!6[,ru9s8*s0R.Q+G9h6oDei4sqsb+6D;n0r+S2KJ\$>nm4E*D2T7[e7;+*BX + 5aWTC-unjVhe13.]?1naW"EehBko#?\q(M_pEkTM_5;OH"aI?4&H + ;N!:/nDTM^N=h-0WC8Z?XeB?1%FlW+9;ja#tah^0g01n*Cg"Ii>OcH_Jg=C;?"o?'*7P4:E1C\Tcok@7TpTeBV>:t18hVfZU\2HNF*S@OF]3BHl"8n]1kTY#ME>_6\ok(,^9g + 9.UEUrsT4j1/d;NCfMDl3P>uqT)i6s$9e;:N$-1@%37>rmI&N27LkA!mNNSk=3L'!3GE!E; + b;W9K'N1p&-P;e!+#lIW,Jqu0r&TD;Q@.-oZ_E$91rTo[:iiZBFe>MhpRkKi@Fj32#p#.lZ + Y%OmN4tMk^J9LW<9tlChk,H,LfG[d=XmjESt9(17I3'P6Q+mon3P!JK`C(%\G0<,E&<,I#- + @YY(V6dIgEX59%tB5\W!-ha7LGhqh==h"#%0+VK8/>T7]DCXIUo"Spo-,3&#n%n;PU6ZSU4 + H8TD;IY8p+tPicO^\Tg.n.O$E'O@'STD@$^YMhm6R*Imm2DMcqnp\fT/[iqEeT(aAMi4p^* + /-gS(LCF_ECtX\H1Hkqr+qem'."+g6CL4jO#8Q&I^)O3d#J(4Q`EBF$k9#4B\p^/20G&t=D + TPenLUtE\"389)iQZ,)7ia"j.;]g%h\HQe5a#3&nPDnmFR^jC3 + \./5Qaf&G*%M$".>6c\Xk'H9hX3\2"P(K1Q&%UTOANe(!*"65)s=351LKh,X!1+_A$AFSsF + B]6e+Ooo'Gc\2mZ7EVK#i$Vsj5;kQ!9aj!,e>A9dK%-+f4FHKNNMJH[0oFh%raE(mJMXL:g + `D:p#Z;ni`TijFIsR/F-=ikV)5:8W*rt**L28K-2&\O7-f:h1Qem9Ri1chsEf&1pk@OU;r\ + H6gR+FSbEMG`dBqU5^A=:1$^$3Z+R + JHOhH?B[:e;Odq0MU*S3hu`?j'LaSHsajDEo7@u>tFkenC4PiG@3Hdi/>n5j2>"':&NX*8t + 1*\gf#T\Y2MNt+SC<6N,sR2R5Hl)97mZ+%Bo=!iF?<.\']d)r=Eg.W'Pdd``AJ2![\ce1a( + @NhXYV=i?+rAM.Bt;3+'dYHrh,XpWZ\lN0,cB!;&YIrds[WlWEGf%q(YWo'W`K^1b2N)T-! + IYjXGqM?4*e*V9j.+qk)6*deEhh$`ZXYLBQ>^oQ>[n3UM?%sB5PW;p8k]BBqU"`mp^!j8>L + +S?$-c(m%R$VIK]QPWO%.YPRYn0B(]YLCaK@,eud0O/BQXE,UlTs3nOQG$iGNH#L7NhNX@_ + je#l-?s/2gomjH^^3=L;>tq-5VZ:(`^%O;Uck"*_Y8"bsAL%aWU&fE".Cr&T(mIP + OOH1f"pA[Y9LnJPV.d>Yi4"3Vj9L2fCqhOgjbYV?="rC][D4Wcb88R0)k;o,1uBU,ajar(Y + bi+p_Y%EoTr9gaOUWbcSVKaCO^2B'9encJN@`qt[7AHgd3K222"?rS2=o.K/s2qTeJ]c?akG0p2Xj^ei0C1B9f85*N*TmbYt1 + `Gm(aFXecEDenW'btIR$:A+;LAUVFo"'^$uB5_\l>=cT8-bOXXk@b[!_t3>GH71L0G!+t,dO'RG.2A`:oO1(nJ22rZ + RmR)31IRf>Z4OcA92`ml,5V`6:5 + Mgu(2T?01>EKM"`?q.4r(:HgiD5gV`H%(UrY8@#!.%2q]l._f(k5!6U,ka^W?AjXQW^&?YZ + n""nKH-MreE:K#g'Yf'I=.=fPC6J"M%bk[70su"Y:]BLGaUc<7K-&bu#=mk + n1g0epo;ZCI[s"2KVZ8So=9qQ%ek[%nMTIT72SZac-Yoj5[L`gmAe:OT9eb*)CkEl_-*L7I + \T\\)<4Bf+>8K@:V[RU%OJ9S453Yi-1(*94@O<lf:; + Z+N!a2TtmDK=I!odiAVl:B"c`"5]Y(^D^m(B]I\BVI75l#29[U1uWF+&9A=9<6&sVr"Xg(5o6AGD + 1N(L)FR)rcT!6>OJ8CMc3/_Tj2!*o01(LEVp4F9,s:g]cC5=gBR(iAcpIjTGtd+,0Jq*s7e + @5*JKC5^lAHSILp5m#pZ)tt9Q%GN + 4b)00hmUnV\ID)br=<W$..EqH/1P7d%A;O0A\4`N-i?\[LnW]\ak% + lS7jFL;+m7.<7h2$%Fpj3H[EYacM=O^Uq2@4dk3_-*=]?3W`YGmk + a?,ULYGT'HoHT,dSKX0jEZ+A;-*)Yg'DH0j3lm:8Y3;]fso1pXX(L&dbuW#@uk0o/?VPRi4 + ,!!9hQC>/Tt4!:p4UW3pQJ2bi[A)\NlmqE7LL'ht/[9%0.-@aKs7[/BRCOfAuKggR,CZSGs + \A.Q9nR^I)nL@;8iBAW3P5Yd=dd7Nco`JlT0K?'6,lLf@!4FFfI$eS(DTF*7Yd-IMBd0"f= + \_]+R8qGj;o8%%#8m`;"G6`8&fYHXPj47aK'r'SS]hfC%jANAgM]:D>4l]B"Q%kTif0P5]$"-KjogJk]44]!6YZ]$U9iu? + ^&.%U1Fmql88^HHdB"aZ46?CdoS@XU^LdF%b5Jn\^OQ"c*[O(Ct + GBu$ID-iXC.,p^5coB-cdOAADXCe."5g_em&'16?-*Wn-7"bfs\t`_G[V6i!],IfhQTp@7d + Kh*#HKaX42fCSE,Bj9V+,;m9^M:.hqTOSkl`^b2m]4VKS),Q'.[bV?4,8\c>pQ"1gqFGtf7 + pb4:,W5L7lpVg.Z?'%7'R32rQTkG,'.$J=FTFl)YsT23#T4`L.YqJrk-#@R*nS0,tG].Fs@ + #LJf+j@6S?Vc'MZa0R%087@rjq5\Q3*iZrO$AITE&2pk!Ti`ZWG)>5rY;o/^?W*KE0J3S#J + lO+h$DT-e8S^^,.5abPKd[YLCceY&-!$:G>g4Ts-0&?MZsM>!?:b + LMDs2tO%-(3F[-;fbR6fnJ7o:d6\3rVE'DgJ#robLp*j"%I%f]']o+Pe"_6,i\ld#Mg7Mg[ + Sn^nSNF+Gbrj]hn5/^^(.,Rh/;C;5p/N!HRuDN&0nL(.sna'aeP)SK\*1A187:OlI;1iYN7 + 59$I?&95TW75SR?L=b^m#.biJ$3DOUOZD.b\+5>:;L]aKVas?+FB)E@RI%FL(fh&qIp%&+d3+8n^=F=]rFTMgJB9pG#*5t@a:BA?E+XI/3j<)l"5rFeGlDEh; + UtsdeioC_&2))KmPb/9ein+QieR]5MZ(TWncZj%`7$eV + k.#5cLZ-#$g?Cl:VSQe'l%1rR2;s"?+G.dYIu9npGh+Em)437gEdo%mnHcAO++'GdQ%AP_O0i++qs + l2Lu?K#!.h`PoRjmF!:7L?LkirR^upC[9DdbS>]DEc/IdL1qk/)WP?h:e`(hJADsKHY[-"E + lW1O-YtMXb["!J#\r_A%SZ`;q*]*EbFFus!J`O_\qN5td=)q^F%V6c>.p]8mW^mq):#*0?K + Kehf*E[PW\MN(,J#.H0)GeMS`kUtAlif@Mb:(LX,s!0A")S)[a:*/51FbJJ:ZTCX7rLU>kA + ao3Jqi>aI>Mk6TN1`#nC4^p.>;)Zb@5!p"T=JU/6Fq.fEalQ02*J<6 + `Y)j\NjKt/[LV^BWiX?W5^5i:UcmI+jbWlCgUP]/]B=Sj!/73b@<=N-3<6+goLLB>&Lrh8D + c;=giD"cQ5h>2#6V@L8gYkbJRTf^9=,Zi_#GiG?W[9[3p+YoSj4#d+Ol]/g.VonI,0c0\%7 + 0d.;G)*QZRn0VRA;7L+ADj+US*!tPHA1?N3 + lR-4@a@f:2\JPjdR%a:s:9?NHB,+?6mq0FVVTBdRI2%:<^cmI+jbWlCgUT+FlOs'#b#E\3q + 3q*F]TJ)"9i>U+.S*;kIlG.lX25J/g@_OW!%"eq1%W!as#nn8XEm%A/uYO96M:)sBP + !TECU%]*%jsmL7i,rf[Tt/-\o?h.Ns[3:I7'""Nu#$%B]*TZ)SRHi^a%l7e03e+\\2hCOCg + X/&_g'`;hA'TU(H`]#\]).21!$-Ut&WYAeKrXV>ZlJY + ZuSV:ecQ1R7ACfA?Eppme5sY9+VT$4_FlU29\Xl659X"2&McD&Z&'@@W%:g%9/PLQ + g"pE$kP&/(*<07Lt*"@Bss8T*sBZ:*9=d.]K.@fI0XZSYk7aQ_15R0'^S-/T^41&qi,kJ1C + $_d_N_'o/c*ZjCC3cKdT-2A!mT^EV@*3Se;i%=KUe/3(#.0o,b[OZ_:esemZ+^d&eirS?s' + BXMip7ucPL^4JQ#X*<-3VeR%[:1%>MlemeWq9hPV)hRtTM;']R=PiYL04bI"pWSUhT4B\X. + eS%&fm@n&q!T_2E%<4e>bJ^dC&M5X)[%(nfSF44D`(6S?)6eH>331DXceNe?m"o>mu"^PQT + P2rFL2+C>jTf9-TihgXoMgOE5m4&+kkD*e78-mR&U$QX7cpo8A'V]QPtk[QWl$`2`!&Xoda + -Ci0aP5?h4P8ME5#Vu_"59qVTVJIZ4F=U4Ma3EAdk3u*d"+4!B + -YAMq9+5p8j7?10igYs_H;#amr[SYCHpr(A1Tl@L^cTE&H-feTjD\$j@CM;HN-rGh@SG&8m + *8EVcN1CV@T,.68O/rfAR3]72Lu?K#!.h`jrLB,p1M"QUiYHb#9FBe?h=9jnbGnX=tWZP=o + KRb[a0hQhZ!_LT'$W!m$,Of([`Xl./o87L.WM3 + fk6C5\`!Ui>b(Nm7R8%Xbts[&eH@kDgm-DB!'$2\/uf%r + ;qmAZ\@BTM;']R=PiYL6McJrN#amm*'8G3'^h8L[!m'p*KM&3cL,RSCG,6#A9`PrI*b,Dsr + m+mD)%@d`N0c5at"D1'8Q<$n2GP1#+@h.63@"F&BO-N>peqqP%ig+\YpbbU*Q9n[<.gFeg' + UoZ)T+H,nl*/.Vcmb[%XoNXiE.F87cOOq1U:cuD5q@SR8?N98o;=Q`4_<#l2Lu?K#!.h`Oq'&),0]FtH5^oErlp+o`:%CB9 + VK)Xi$C+Z3B@^+E+@kEoPpkXd$55>HY*1bf&Aq"g&sHu)5CojGDjIV.^[\A;IX('-JC-I@=f5R0&3g4=#,)V_&-8dDqPXj2 + K/NEZZLO/cG$R^6(@K)COpC0f`3)f">d\[k.RP-2p0G@7trEgtUl&?2iYq=]$-)K^?&lV34 + 9Ju%#DeUn@=$$7:Gd"0E&G$m40TDR'GKo6-?o#"iaIJM7>JU*kE+TK%>Y?I*W\q'1p[et0'kMR1U9IeBUeabHlOL,1n%lb^Wm%GU)3Rm736"!,GkB + a9r,m259(Pl)pd!U:[Bj47o"NO5[E4cBk%GnQ_''t&DZPC/L*$_c`N,WnQ=JmDg;Th)$S0Y + IS?aBJTbFDMXR@sPd"Un3dUmXL;-M'?d0jQDG]d"*Hnk,/bdDs0)iRkD0;#MK;AO;[7IAk5 + "F&+sR_OZ8.gKDN(LpkW8SH3a$,gr[=qZ.!6T(ghNqN4r?>eVi#,/T:-R,72-CFh7e^AiFE + V<03)mN=Pn/O?0$gB^pl65Y(E06\\=h)/ZPS5F_k'IMkI2d=F3,%V,c)O;SfRGfFLEE9Cbf + -U@"dBa`j!Q+ht8npI(+aaAVY`*Z:ogi+'?:QiKgc'mheV2a7>R@`?PK7`/m_X(X[fBJIZ2p3fk3p*14fYYt`DM'Sd0M(G3pdD_eN'i4sQ1WMdgIFurdD3?d" + (nV%(gB705Ms8/::,k&!4'ck@(F#f/?,Y0INhb^Zb_'QL'U_BB5(li4n%=X[\=i@)Q,DqG$iHn;$8B^:l,qr7:8p@P + /N[!T[?e36%AS%,Y7tmgLOA5u*-!j'`t]aD]GTE#B#nr7/=F/Fjl-8ZFB#JBi]>cVAXOHf. + b7o\gB*HZOiBbD43[m1H6'G!n@[OCI0GE>58p*-dALLs$F\kE'^l3#@i0oXo693KR/j3$c) + V&IqK]@GoW8iLb0^3UeJBE.OC4I2l@CQM3N4ilBMLmLS,tJSeSN5W@*bX_tAtic1/jSFK=Z + 9CJ1<63j0Wn=+m)i4r!'/X")^GJJ6VLeT.6&q`N!kZuVO>U]'.I\E32A629no+%c.>sbj(Q + Y(tQ36$Lu,]cu\KbleK/i8gZ$;SfhO97.ueGRYLcoB$rRImOb&X)UU\km:CKXi/*PqVp:?%Se_Rm + Va'8;Ee9jD=9bdlXj=[,+>Hg&-1gl9s9?M(SqM'Lj$n_J90`XfYrCKo.8U9_B'3:8ZsTEB=%!a^oQTrj.[%:`I[ + X*J!Ic$prOQeS7;IY)>N=Bp2JsQ&m`l\FEV&aR%i4Z^;#Wkf0Yh48,l.Blb`k"=Z_-)nQ@$ + cZd&]uOWSue*S+6B_fP\1,s/#"=V=8snukQ?)SNDqBDTdI3Ia"d)l+HeH5G5SJOe$eU'JC3 + >b7C2dlqoJb:clT%j>R)r`d%+l9[9VECn6ZkAH=1g8?P[US&5sU6:[4m8Fg)=?3d"+gp8'> + W^JiAleaXdq7%3EmDZQNIC(Y_^]"@PD&8_e(#?0W=,8'q&WWh8>tpr.`_5j/`6bqU`lhKELDn2,Vs[g^t#iHYKLpY2-u- + %UAm$ODa-7,93'lFA\Bn,90g3o(7'1hWb@ODH[gKHY@JR"-3udN=jp`*T=fheh?rtqrJg_^ + jPQTjW,4c^(]\]J'aPP%pGli"E6G#f-c,/*KjnW9Q5XerQFh;Nc8BhZ1.(8nU\^(dh*)62, + "MA#R;+^qbT7]Hsis_dh*'PC\V6WiP:@Q%%@`L@%OpJP;8Du4K/P^/uc#fWSPQtn#9sbqA^ + (0UXC!)$#mUTS%s;YR"=kI0Z/JEV8gTC*<*Gsq,B0=H9?j%6*-2PNGJtCBG9SpAtT6o;7!g + ]9(iam/(""IbP#HX`-J<,>_2*(Rm736"!,IA)UFhB1A`]pd=K=i*.f=+Qs@r54A"a%Rm736 + "!,IA>-+8o]"T!Vn;GqbL>7oUEMolZK+>6pFP + >P!s6XtKqe`e!Zf>jF9N#re1ih$$7:Gd"0ENh1=00ebrSr)M%@CN&[2EPABm&UYa%kH"=/R*cnsB]RM + kiI#@YRj-pJG75g`>D(.F^+OrCb*G?,M5\?YkR;n\u$Vpu^W^V;H!5!#l8k@ddYaolM1# + r):3`6L#C\%_N!A8;A%n9H3m]5#J]p@a18B^/[:d$+[C\9L_On4u- + )>EE#Mt4/[)?g4%^ZOa+>_Aqbc'knm5Zf1VSaU"FFY[F4=.pCP_SSZIQUii^9L=VYXmEp4" + t6Xo!lC@YZR_aW93oF@F.NH(\967CKE2`!9J(p/G/t^S;.RW1i0Gu_.Y7;8pHI + O"neWWVCk4nbc8N(?$AE"B;'O%LZV@QP33Y + XlN&n2/:]"-@bg.r-$4Gm/4RIq-.3'-J'uh[:bLrbY:E1eU&#>;f16HEohob&D*T-\oI*4F + U2#tl0D_?+I7CA(M%:JM]]1Cb>m*Ya_^sF+^a:jnP+?]0iaI999P1M]J^F-[k$sDB.jTp,f + (@GJT3e5*CK.S3LZ?`K$rQ8jun+>+S-A-!m?X3H/NF2V4 + +A;F87B!Hbb3_(/<2C>^$^2oN22:h?/arhdYB&>Tc/Fjkg>4+0.PNn[! + CudOqY!2E&c"o.AjrErY<;nbZrA5Vdf!h6H>/3pZ2h/Q';6F5B + Dams5XHt4h0%kFE^<3lF[gi9)`I/le^Yk#>U'IqTUL<@QoHA_1Cend[hU:I5&\% + 8Fq5SJlfAer$SmdPjl_&Gr-Yaf,:hHj(gS1>JG4^4WT6dh()F5o35_REW&31Ak/DQlc.F,i + dkqK]_)ha6p?%4EUo8cN_*-TNf\[WQC5O9[Pd_R]r@8O8GHj/Q^p_G[f:EH5(Y`:2=c)^Lc + 2P75]O%F@D@`OlC[I0?3o36?;g$l@%DRcjk1[>tH1"K@C>iAn`]6:fj-2U@^FR!*/;%_Mk7 + _@GJ$?m#2=:[(*=G@1fG,m4a4q>:J:5hJ$PkeIatbHm+:KSL_'"(N^kfZhmoK+9"%$XWC?, + RcM'JX0b+rEq9uTNIsU&'E&2kblo7ZZpb@^=4uNkAU(.l5?m+7t`SR*Xqn + gKc\aZUpM$ISlDP&"G<3m_0pNq_u?^Es/,#Su:IrRG.SHUGC4s[SQ(923]OfZm\5;e3&Q]K + E:d93Ejbp>dts79A^9ZU!WQJeJh4HG\X@")OPL(37`q3Ds:PKDJ\?HQjNcfJI?j=E2C?CsU + !l@1JB@.M3H7/ohf>9R9JXVjd7UQN0PQs>oUTlUI[jT@*9h=j"A7iG1oB6)%l_r_N,_B^;a + U.F\dKC\A/)6KDql37.tPFoV/[fq.C(ml[30ZLV8$f;+CoH2I@Yeh7T,QG>MO`O7n`;E7ao + 6.m5)]cH*`V%oF-MT\h$BE&UmdR=Icl?h[BX;,``%5"Z[\"1BH57\n#HlR!#&(<@?]q]J5$.a#Ng9<&c,Oh'HQtd + )t4JWN_+bm`fHKJ0EJbC4+"hid=LUlU9K9F%NJpRW&<($:>jH142shO,oNdTIqK\!(>,1:9NWja&Lq+]AIY=RKXn:%DrncQuco.M + I;?q84X^>&G/%T#gQ(*.6Q4=/g.KHHU_3+3,nWF!n.o9X^B(["@g!i^"R(NRf`X6o66]#H. + _t)nQrZA_o9O-PQ=`YE(u2+o"R`LsVKgNfcQhdYZO[r(=Fun:C"[JcgKPHOjH((Xb$=?CEp + Z`8+^4M9>L10,>QFVAg>]N5!Sh+,oG$*D"NeLNPM("h%5=_1bs),"nEPOk&:?@%c&1R,tro + G_&k$1MWK2DBW)ib[Zp!qX2G/QKFW + ul6ARODrgd+Vu:^W>]?*3m_&8$$bV>Htd$RLBpW2WRAK@C>M7.^0OjE!b?H`ab+I:PTP%*C + @NfpL1(1a1ou.Ih-5J]S+o40Z7qVLVWl\&bs"3<7od;`'r,11jZD4-1F^U_4)rj:i,mX!*K3dZif#2Y/nPra%Zr^$lZ/@t + AH;,)Y]#]K!lIFNdj=k<28^FMF?_5^D>:_2$?EKNZ;0u^Dq>k>hRJ_!4MQ<(K_)3Q(>XnCt + ]9HQ4E`FGgWcU*rOi$1>Mc'r_>^:ocGE0pERG@N*2Nrq.#;G87S`b'sc?"7rbMTrCL50)2$ + _5hL7-?hCVeg`SAhl=,)03D"Jjl.@!sBR`Q=O22EmS,o5k]PL:]0plZc2&d+1O/Dut.=Odm;qA`P1j",!1N)4?Vn^OqH8(GOu&^#C*m5lToh_Ig\)4F`01UDh,CC&Q!.]CU=I + #45UsYKSd`:tK8IR.02V=.o0'XD^AuI/T&@JNWB'O5AejH&9RBFWeGmO\f%D%bE^;q^((GB + t*$9nul;OO1?>d3&"<5T4mu0qD=N?\5RS;Iu5A)_oRbpr0(7-c4K7BdhtT.fH9M65CC24[9 + [S]de_;gEq6MDH79gM8"c.i:j>c=WU!jX5PpA\X+]=J`Grpt_W[N*H!c$pH_=1c=L.q,YI@ + M:p[cX(8OPV9da9_,OE.?&r$UfYP@C + `5D>^+[r_Z+%pps2.9)-]TB\YT*q-_!2BB`9`1$Vi>81HDi)dO%:T?on%*->["VIQEPBWJU + :,/6P+JT>:ZKiWE"E>3_:8%h'Un0p_(s-Z)L5M=jJ`KMe#]b]_)p<6[=7Dmo60]h/=2INHO + QC;/P5lFqpe&Z#Dg)h4"fOQfkV+2FS$aFB/cUgT2j9upbU$4h_2G!p[5.? + *;=&o0]r[OH7u?=5bs/V5r.KaE<7IsLMCIroV:R:lH^R,r+.nKUSQTJV9r'h_>),p-@h + Vg<"[(%3:g%oB&WfL2ba'GCN:%T30"B*ZH8$B'^t4WT%JH>\SQ-9 + /Xq$D@2Y4%516B*cF0La"kW4f[>lBTMR,9]+o#'nAKM/7eBWW=K>;UD?+MJkQQ9/k71c8$Om1[5T^S;[ + 4q5F3'l%1Vl"mc3gg5`H<,c6nXr[A?]YIklB_i9]9:`t5n(UWj.ftq9@S':8B"sMXGPj$VY + s$[r5Y^UJrKW^Vc3rL.4BH5-Y0;>"u%4[:a[O'2J,@"SbEfRe-2p)fK?[Hrk;pkj'@o>`gGHf2,Tg:'2TP+?D3X2a)%$e + WBo6IHq*qnuZll%WY-mS'XIe_@o7HDs<.\S]&#_C@Du+m116OPH>m\+NT%hMr%0"7]Be(kQ + G?BL-cS'$FKjV`jk9eO4K$YlF'eTgVY>-K[,f19%g6f6#VNikQ9UZ&I%IfDJ`:8q3)m=gUS:JQK:qFIc62Yc7P + Y/0kD;[5cKG+Z-WpQmMgDc-i6\9kc$h>Q8!:WM",JSN@q0SU8o]j/95U=qWf6_+>R]aYWGg + soW)g'"PK&SO!U`TF?E6'+0rn5%-S^=rmLFaY.>=:]NBe'#_U3*3G]mhMn2cj'X[D'D.L;gZ"ZuYXr0 + 2/f'<""!H5ltL_9SR:Pk\NFM>#C:2WDOls'80clQ<:`IfdC=E\lj6S7UPpmFVN/.`&$*fqD + =qrYbVe:BC7GlClFf4;V."8J)Im.TKdM(\EN,$*ILW'.@orBnq:O^\+l&HoXcM4I0fQ + t2f=&O$j00#27&;@T:R'o@Z(D`adSGeF3'_['[X$9Vtf'/Kk/OhX!:?2Z.n)E/Iuak]<)(^ + L4tSbXlK:^=]Y]GV4fp_2"]f`%-M"QSGerFhiB40X,2K@!N4DKRZ:60^\VIloA/#4/oD\$" + $[W>=4]ND'$_gM>oAH2[j=6L)?O]"])pGlAr?-lh:QTBhPF"dA1D5'.@mIS.#in,IW?D_Eb + faQ3rME++5!(!AQ*L+d*JF>p">laOA#hs])u1b#9^?F]b,@q#bKk`9qZlf$A/T&fPSS.71[ + ;>fe/hWVbU%=2cgIT?5(0#1E&lZML.`UKtu&`4oEW<6c=+WFf7ru6>9Ce#)NQhQ.ch]3:IX + )$q7OsTih/)OR>I0`-#4.'5EmsA`gJlWP[lM=JAC,6M#M`aIlZ;l:`9[4Ts7[1a&FShGEbQ + /QX5C=1O;m@%QrPI;DE1#7+!0%5ErmmtfAF`?[.-sa)@egl5[+Bdi\I3M)pO>A:i$H8I>Su + Z+d/8e1T$QU,m>$\sINg@ql5Ve/&4JC=Yn?GV5G-rhbqQ=g3:5Hed(4MNUCm"*.oD + Fq\N]<3csKZ`)g1ERXTFfL(5bq,"e%E48869Ig-M?/r`f/hG + 2GE#ikW[C*Dhg5JL^GVT;aUbjU=7)]\]IG^n5=&TH49\&RMr`#i6Ap#hs@g!.DsgIaK3_(> + $KUKtcrIP98'OO!"_M//._1)Y9V[nD)ji1F:>0;9qdaB;S!F?f'e5:Z*L*fn%U;+WU(obgd + eQ`dp@3WlpY>#:AZS"`C'oFV#S."0,#pTTUW<;m^`i[U9IKo^cNt>_a'!RQTn[(Jc*Q-J0.>&C%0gm9cTPJaSg_LQkci%\$ZcRLA + +A*4\.Q"+$gp7hb"a:+ejLAFS'uYH\gUd)nFBW5rF_>3dpL"fWK;R10@epY:IYk3V6E\m2UpMuujBX1apX^Nd+2%O?b0%f:=17Q(pu + U4COYPB&8sHuGGPj(%&e1KdSY[l$3ch6;=t3B+B(D4\X@LF4=QA)D3?i]qqn[,6t4PB^X!! + hMUW4h%@h['s&$#J^Y0ruo1Sq516X8W@G2+MS[qqo.`sO+0?QSjB]<6?:?[J6.#"XM%DpPO + L1e>fpu1F8(BYXPGHHBBU>6JmK^?X4@!s-8pKHpY'2,'a2o]@5LVPZ;E2dNFiJSEJfTGr\@ + +,GG@:_RqUhTUFo"R`UL]D$gLa+#;a*N^s_>F-R` + 4op"r5^M7$Pd>S1L+$u_sO&?5Re*-C#WuZdoZp0GU":[9S5G!=Uh\uqFEEPOI\DT*Qh3X-M/0?>-m + n&D2s,*d6frFKSU\U:sD.T<+[#%N8n\+X"@Kj"YVH-8I>"'HAe4R6-(fJ!uToAs + nHdS5Cj;1F[@WBk!BW7^G3h1lGF>UKSSh3Oa0DRX8)3S_%^@Ea*hUl.ZSc_lT+*hn-Sg=G7 + 'jPrGa!bBKYPhnR=ITpL]&qSG^(:nU\mPI;H0$$1d>W.\e%XX].@BF[c2?+0f>t + =iU(n*Oc/ph@dO#'5"m90ObHIJ].g!R'deU3pjFr9rcXJ[FEr@a47Vd6!gRaWO\:2KnG[Dj + FVJ3Xcf>C]\&?T>WcTKDe(9!=j]pni@65]5/-ka0%+V(5cHPpPH^R+W0>,D35ABKNc#f+G" + fs0/4E9@-?0be7gp'*1'^@EVr&qrEg,dr`W'=9#\&EAqMK_GOVm:E_SVO1+.$rGKLlJE&@- + ("aK9[t"[T9Bq>#;c0CPGD-o7\nhqU?ejHJNsgj^F@3ZFrgnl;H5:]>J>l<[.:+B]B9V2`S + bN`P-8bJF?5(H39(!IQ3PKoUta+%Q%Js0d`7.NL[$,Ep_oL?OuV_V1&eG< + ^k&7.p$jVA0R:i7]F%4,*gRBj6r@#TsD)Y\0L#bj'@=hWl1]lf>pt+E`<;q(OZ!\aIg$D_C1fXZE&>WLBh`&"_7g6N8Ho-=Ha4DVhs6RA8\1rWWPJb(,m&=8b;9lTA/'7(0pc&CBlB_4'lJsJ[=*"^g#6$]D%q$j^>B\0S + JJMYX5hl,/5%m+B-F;p96dAdmJ0(3H[3AOPp>tnn+oWI5+APEto_IQ!>`[Cf\>@L0ZhNpdm + 9p_WQ2\Xq8ufISkO[6WI/Y:c@FCAjqfc%X^61j8RJ;Y7mG&FIB;!CEMrh"_HhM%A2q=_Z;k + VFq$P"[]Um\V$?Jt#%f[`.Pr6i2 + #SKPp-T-\_&)2#])]DlmIEB+dkbn&jQ.1$#ZA.mkN1L?9M\< + =M[C0dcd90P\N'8_'nIk-Nhs+*4MBbRfF^7_q0BB\3mc^Vkb6 + Pr>?odk7D=h=0%QY<]!joAh1Z01>f&Rp+F**E$#4+M-pFZ`Uhi7T<4^6V';.JB\DXiS-d7. + )]-W/K8FiVYG:igc7r?V?1^+EqSIq+SFsSV8rJVhnmSbU0Qjc%g(957&QZK*2!qI(sZ(2u& + j.8a@K<^%K/L%o8C`?ZKZ.K2lF9"^V%*H[gNTVr!!"iN^Y-7BIUD*Vb`nUlEQE^mFo8@t0' + D8u;)8ET"`oVJTMb'n.ET0=>ruhmWJI%IZ%^fNTY;3of_4fajVr%eT*MGh(]hTM%#cVr.+% + g*8]:KANspVfUe6/SB"tjXsY9p!i8ul]2-1(r\\qMJK-3D&%":2%LWG&B*8LjJAD18T*25F + OZs^YQe?!aNFpPI77K5>IrWG3"Y:uKp7"8*es6PYrtoCMZhWi>.UTEd%b[bN7&eke\0@E@AAE6&B<)!JZt]X'ecAY#/^NO^)OLcoE(BJV8nbKPaj]W^i20^Xrp9K6(=p8+<$3^_V;Ne=TbkUQV.=qqR3>`YP + N=HpZ]KQHII&a9[YcVcs69fd(&U\.L@2T>.T1`V(@Fmf4^`+9gRBW`obh8j744OPj\$1n", + *gqTJI.>WgOUJBk=;\,Tf"cM%V%D>eDa/k!"p^/'p:LL$r"6GG>dV``oY!t>>; + T.7(IBWM5.fqMYWfJti;2GRYoQVZi%R,C]GW@`;"W3Ai3,B%keP4.s'M==;HI0[I + KErtnL5el$bG/nct`_-?lMHZb!cH%Q4Z*_"H\i9sS.&4!8noV+0"<^;]uWUWgC_/qq7%,d7PPI*% + 0PQ,41g06f]1O97FGf)s0C-YKrd6*8ce93no@2]S:8eUs-;EX0;Z>/#-H$P$EQWt=`&4i06_s2Z=>+q!.$+PW_P;C+UZlgJ'J^CQ + aY?of+1*da:]ke6QDYH;GRWYAAum"t#b'm=a`#!N(9"VCX*a@p-F4b<#=a!S32$r@5)9D2O + GF(KDol`lR3\Drm4bXTmu3E8NLEm5f9EhXT8'b.9P9gh/cF;Lag + E4I"^Q--g1\P5,DXEVcgKm7?CQSnR)h&>S60-QB+6*'?"+pSe!Fh;R#UQ + U=/4Jof:YEO@u)QiS(K*B1+IT+QBddM^)4jXFVf\o?dlT$-9M7mc[e0&%ACQMZA.kTe\4NT + ?Z=O\Xq91A?DHXc>"*g2R&]Pa:0@OkOVZCqBDbPE:haQU0(&Z;M68$lL,'[+N9HG%ECnEg + i5hkjfsYoJ%2*jh3HUK&:@QZo@Ct7I$O/XIcT#N5"RgYmD%[(ks%3j0^A2"s2@d)?6)U/>7o/g9JV9qt0;[e\LUl + YXP+'gSmdF8iPPs!aL=X'@/k0WmfRl"]08CB\Qbq:dFd4\-Q^(hR2,R5*)Q/!r$s*E?an&k + )&[Q9?1XB'hPpt*^^M?(%[.YYH/;JQ8.hQZKiW)TuMDiitr14[g0!'NsHBO5Ji92J<%;HVd + 6e9e."Q3`A>P?J@P'r=15lY?*+Tm`?kW7;n'muDlTR]/UmNLuiAd3r$\hP&(a'UbD]joc2F + L8Ht/?RE0k1*cRT0rd-l7haOKhi24F>uTd+5';!=F>Io<9"Ri7=Y. + tGc>!PZaqQNA#Af5?@:B4GYS\*LE(#kL$Vc + U#Q_Yiu@>AMS:cZ9r(f&G:TMgV3H3^i]\`fbAA9CtS="=IJ"_]8?2=`pr96lM/YE(ja2)kj + c%LGBgp-O8Q?=DCbi2pGl6;JD^W[/jg!sSF/H;gqH*(";,7O*/`.BQ)2Ro3@IK9poC\4^n/ + 8h.o)P\Vch1hWdi+Lo``Y,uZi58b/*^tn$!f2a:tVurg5AR*C^>Z%iNt!2Vrd3L(dILSMse,JG8VQ]bc]*#G+p$gT=M#&=XRUXB$uP$Ce!AS. + M/nQpqaf'R!*3"K.PW*N2ra>6GF0G>Q*m/kHkE_?pOmj=6H$ma,V]J(2>t8KFa/3dHTD:iP + U/n'pXE8n!\[VM\)b4alBb,nN(lV5$!Y54Xfo%r^9F*/9YTPeEeIFJ):"",2:9'Sa!tM>ja + >?7-"Vr!7gnpKT]k,OMsEf7OQT$$;god"0'#BJ1B:A>Ddn^U + hDN_)i@63k(+3`$[W5[i_p+ONbNY[,I9P&k=&k+crY_FqHk'"_l4Lm + $Z%t;p\IG8#5sCjK6A+#jdc8gG+-G`]s)@k^.a!afedTtj&LSFe),PURtMpr8>A+,hPn(sP + -QZ1IU+8bpj$NIU'abW3@JM`a,r/_t8arLY5/L.^;AoQ + O7HGKJ8,!ft3Zgm0?/<%M9D#J(%!:`/C]@H;X*i@n:=hBSfkoL!d#Aa;!:jI7WL12JQfP5> + PkopoRP_!MTacF$g8O^H89iF$<'XZ[fn53WORe<<;S+SpT]j)H;cWEQ@> + HVoaR`&!E[qPs7.#DuO`m*;MEaMXT^lcZ?W2:(5dOjSR-V2EG%kmCkk[9e]OJ*XF8 + YMUP"L)cn$e>YZ?inUj3o@rVWD[!f34:^)os#k*=CW;*V^6L_"';33S_Ap)D96q5NO^)o3> + Hs"fqc(*b-nZti*W(Pa6qUNKE!8b(-qNrg;S2B3ai + M7p%U2@#!e_*jhG"?:`7h=#<".s@T?efR+\M"YKQgYj*KC0V\_[pTV*Ff5`FBHfi*ZNIP3.+ks]QID9pB + 47GQpg%l&7U=#G7Nr/u_Qi:T>?sWPnjE7,&SQ?X-nMIm;YfZ5h_`c-h0aG/VS#]gqT9%$:\ + =Ck])n1dqBU$@RfV7BWX(TA1JS,ed>5ps*_1QF^j&cI5qetF'NKu1F#GM<+!Z`ZtFJ(>S30 + 7AZ4gnWf6[f`8nZ:Eed#@ol0b&jMEn[98;p!p)ET$4VhJrfHQeX.X_eufj;Ebna!unN#7q_ + =!_`;Uhm`^7O.pWYjp>n`kPPhVcBg-AHp.eTbNV`2MbS$EqT2 + 4mNhkF(N'lFXok_PdfN8&!8i`9Q:+5Xl!!^"u8Z#q2jJ\V+3m]2"J\jYW$H&G;8W'kca%X) + MoRFU(rp^1%4A-@M5i,652EXH"5M3rm5INOjW+C)Sbi?khG`C;[ZLnt%$/\dg4EI/HP_R!B + \3QGGd",J]M+qFS/t!NLp6X`#j7Ol1>KG/V=0gKD2;T)C//)C,CHQi*eB@;GH(L.biHSZ6Q + KJ8NjSA6gTHA752gj@pkYL>nR`DtCP)#Vi:rn(u + U71"*+eiGE'!H;ia=2!2'j:E2@`=^to6=XgFGdd,`ijkeQ#ne.='6Y=2[oW'7 + u-h:hE31@$F$kISYf'%Qpo#[suPd&7@\ks95\\m.>n:6J$.KF_$%rpR_/MpV*7J\nY[^l73bQk:l+9;!e^)"bOf*S:VX\_;dB*;D]K2Q[I?Km^EGHAQU6g + 6gMd(i9Sk[UGnN5.N?.2L4gb<*\ho;i742RMU'"[&*@M>$_>o_pJi0Qp@W%A + LLDCeuPX!@F\$JXX!"#%R@f#]iR?JP@=0sPq^C,M.0PUSD;o[f^`ank/\:n]?GlY3q@2A/,P2e#[FJ):"",2:9'S_2A + ;^J^?`9:uB@JIWBKJcj+lLX"d_+sfkLrUh0^',B + V]bo3Om48[elAP2-.TV3A780Xa%b$/$1$[>@7PBB>^?1nK8Gau]oKs&?O#LY2&GA&LEHRPU^L//U-W@rAq;d;&.6#t%2-k0jt]G)[F2ff&hC*msP9W68B?c3pLU\ZM-dl0m0nD + Lr\3nV!FZo'or4UN]r5JOFuGR&?8Af;D!Um'TIMdV@#ST?f9QKQlR6+X`UC55fK7S.3%L@EAa\eB0"basX.F4T*Y3\'q`^FFAA3HoYA:K##_+SG$Fcg6"c%0Qr + ,aZ#JnSP?,#*5A0lu;R]@@0k/:S(VX)ckh!+;gV!DtSW$Kn=]0S69qVSo!Z`ZtFJ(=P*(Y1 + gIPbgF)No224?bNP'S*,*/FVpa0Z[,CLD/)f#GDQJTM(p[Kn0^JL8"cKSM^X#..l3foG4,//nl7ia6l8%Cu^%Yrm'Q%K`%Hp'D5R.Vu*@M>-#G.6!Le5H](@ + &_*mog,?`PdZWpWS2l)t6lg2$PZrRJ/^$n,0kQ%Wi#!TJ4`D_GGF6Aa,_P,V0FQRk8YRQ$2 + -EkTE0(JKXZCT$t"cpL&]8he]S>_Y]"NC2a,kX0PZGTM(p[Kn0^JL9^p1n$tc(9YZY@_W&A + aI+\d1R%@,a)+tB(MMUV\mp;);K0ZQAUDNSt#H0Xll#p%!8-r* + '!GlFAMLt?LmE<%Rc0j8K5EmXbis$Jr<-jl1`_u<;ZK,:%'UA+[E;/hoHWp`$'oDSP&Gq)m06BCe(;%$G6G + Ra:,iG=kYM3&rO"P@^]?P/rL;(=)cXGK]7mTFB(#%MYB^3`$[W5[fmV#@<_A(I$]6'ji7V# + @:`H+L + nE.HX^&3uiLs;O?GK#A.-PE/+NkQnQ`*%Qn6hqo5`J]HP6/52P.]/t!\MhIj$L5^NuG#qbt + "js2+RaA]g%%We$4]!0$hbL>6JUP8Mr?#%]>K2fTuX;QhlZ=f#HjL3Os7*?_h#FG9 + K*G4i=6+Lo]s$2Gb;LrJLQa[R>d8Lb)T`IjomG!OR2oj+Q+@K%?U&K702OTjXE)fT$2?p5l + ]03;Yh`^WGJ!nN]V2?I*=hQAXm>?KTi+iIlL]\nTT)<:/Cn$PNs0]RnflnaW5VAgLd#$0fR + #Lg0ldu+ELrGVOb^EZ>pFlh0dG6hpA"pHi7h?W?H=jgJ]h1]&'&aj5HLB;;X=Xq#>i + +@R(lpb`dqR'2DjPRO)8Ob/fFsI\7id-2<2rR@uJEZ2f2+40W)!7@43$!?;J$R8n(17A/C4 + -dqhrUi2K/8]j4#99XaaH02H+cjchVmoL7fU.,4X[$\"^q\F`8<3,jK:1CttDe,D&R]ah\" + STJoA0D*ZY]\LfRqZD9!mHi>RkP1j!7]+!Q6952Hj(9,"1iMIcls[&EH,@Z@PmgiCcp&>LW + Lt6=gi54W4*0?=+5j]&TV)tJJZVS)?Tl"*9JR]/VSQ>,G:e4Lg0#KoT$Y(JS@)k>4P5liD; + LcVcX3=@PW;)7>HZK->B_WIG8,++9CL2.rR)73hM5mZs!TnsLoTE%;^T+i*8&8[".ZY[gD5 + JF5?HU9rJ47-_L]$Np6i=#:Jj)jT4F:M'/tidJP#Q6P7Ht.&dM1>s&I@30qg!8pl57LUsl5 + YMSaod.^VNXWeU>"9O>VHkQ\ZCRsIDLQA;(6K + B`DV7W/T\aCafK0^Z.P=?>Mp:FR(ap3CmZEo=6"bKI5**;Id62H6$8rbAbu'hLT.dW?F_bH + J@@-_)]MI,LMH2JeUbgCo&sF.u4rJS/eUParL0T3`f=^`0_]*An2uG\YXe"95Y)/gneKjkQ + ("'M1K-WU5*h5e^$?/_jPUq7ok9cbR`p1Z6`%Dc,Tup%Cr4F562,.ipXl\`o?'Roo"Q0e.d + tcS*+#i`ThTXPU*uJM[j=%uGQ+T6VZ*i5bu-ngHM7@l^lV4njP_]nKte3Ns$$2MSkgjuTPt + [69)-K#W>UGuL#)"*R%ZDYh!PT&r['*%I,pGed0-$amhlomsXg=ZQ0M1N'3'S4-e!>p`#*h + ,>D?T"VR^hk0&.^(JS?HfOP(WBTekcZ*8M\>MO[)Z)"6NO\#G^(DI8qkWuA1N'3'SBe,:HM + j1.AG(N>'_7ftn9Db!]Q$"b$RL4(dhrf3]MYF4n!;iD[&/i%6Vh^B<)G'3EpqMD)/i + _#J_C)>h+JHf`I*Ei=6*1LGJ=5H!-+g*16])HMCOO>eh?igod'Q9-4#J*=f_6KgahVl>qjc + pIe@"jYjR8E1j"p^-d(+3uiL=IAcV/r8QMk^o*mf9KA4?fR\LD7-0E_\H@ofPZpKk8c0A\4 + 9k:=hn0,-Yda&RFf,.h*M=57X-bm2?a3[>>\OELk@gH)OS>:O(e!pT:sLqB!HXa-Qo`Uhc( + SYE>BT-fp5R,pReP!R%4]'^_]5Z<'*IW>\"]!^J=cb(lt"V94-6Nm%5n+MH9KP<"9M!6S#:Ns4oa4cF!(3NcN)I/ + >m15kT]a[?AJ*1WXb?(?Gc+2I%dX52Z,M"m#;1dLX:8mHO#IT,?hR5Teh!eR4&B"/#rHY7: + m\t;@YBK>huoqV + 5XPE]taFW\b`r4UH'XVJN'E-Vu*+h>ll#p%!8-r*'!GXjCG]nPJ91t4C2DBFS5gQ5MSWM9R + n@@Fcq9_lm$]s=l9D%EFS],-6_uS1ZA&r5S$OJ`D\`SG&3BqS73pl%lA'5hA + 7+$3M:s$jR9$QJ=JierU*^s6dnfME*W&>4r)3BXRasMUM'EQDqp31`r*`NT^0YdTT-0\M@[ + iW-)7b>0EiL8)tof>4s6'X;Wm2k%,12RuJE!@,-jKMc`orCKe8i7C:Wk"3H<06V+$%IF*Nt + JIW@u3`$Y'*-a^]=3cXF`Jt%d=c8M0#J(%!:`/C]@4436?[t@n&`hp4N:RO2kWkJ"#7:PR- + k'YlVDoSO)aPNWP,*>8]:]73!Z`ZtFJ(=P*I'l]@!=\aPRK;mVrOSI"'ksK-k(3j0U*T&e? + )GS&EJCP?a-jD6$/bmTEBn!%MXYl"8*ga`MS;2`JbYuMN^3MJM)K`'F$Tp(lAg9/tK8V)*p + k'.?_"lOO/P2JIW@u3`$ZN%ZH^:`MS;2`=,+%8@IPAd"*g#%MT+.:`)e7bR"^pI#B+V:+`,S6X*U"."5 + [g;fKjiki2k5qjJKQ7heDS$#qT5K7>ll#p%!8-rloIrb.1)L^&4)1,B-a%#:ir@'TEBn!%M + XY'#:AAJfa,I:$4BF(%RgW6"?K?rkWiS/F'qI.W8`kp+=2s;NWtD-#J(%!:`/C]@G#YZ8a2 + bt6kH0HU>IUM.0cLK>ll#p%!8-rlo=L?'T!LE,D_JoTco;QUsX`GJIW@u3`$[h*I&r"q2n1 + /P/ek_T2OE?FJ):"",2:9'Lk7kl46FB@Zs'=ilt'63E4@V/qFKH#!,Qtq&C7;FM8Rp.9Y`u + ;]7_:*U"."5[g;fKosu<8Q(5*l!b4"UliAmTl:,TkS!)E@A!^VOiN$>V6IR@'0qXg:"n9M< + rJR-)LTe9+?Ijqd"0&!#7AB"JN&0JDMa>p6&I+(kC#FjbN"lO"&eS3\K2`"Ds4"2!,mciF[ + &SR5p7dIX_of%anE>]ol?n5.2pH.Z)InB2"QsK:.s"iZ)OQu#:_V"F0brn,gi_F&g_7q;V3 + U]Atdl,d\m853m>Q@#@7t2gfUt1RSqeu!#i,AXTn8Qh[B([?,om_+@q>4GEN:mAIm3b=/6B + hcc.X=J$GuU"AgP\8rqH1NKZq^>pQJO>5aL[i,"BbO3lCt#*!5_;OC4Bp5)N2#'F=>6C=?* + ;"1(jGOOW.&F-RN@)HtUp,R9!d10lJe6'6H<3QC9oTQXX++1XlNf10C + hal=s-_GVKKA<+N$'F+n$rM#a[MC0K7ic^pai,Y&j+9=(P!lt_U:KGeUIj!m9f_h;Of<8:Q + =LLTs)o:Bc;t3.I]AUQIo&l:J-f@]D8U^>[*oCEFdV+1tO'R\[d&58ZBe$,Z%u"[:Cm0Ilj + m7Tq>LO8SDidkZo(''K?l$_G-/ljYR0d_mk.I6kZ#d7?HM%md_,eJQ5FP<6:j0LX3\8$K-1 + 7j,(@k;OX=h< + +ZL][8@rq5\LBtQj?Qk%JP&p7I0O;eKq[p+F%hMFP'E3BVl,edi&0$0ER2"bnKAL!#+Cb%6pB-^W + sT]#41"U4m/@1S\Z+LR#afdVh0Cg&E[f)_jdVRB2qQ](*(0h._S;Zs;_F+F7+l<"A@k+1^g + V0(/9Q)I6#88/ZMIW6cM2JeVQI!p`/F^so\e0#DAhh$E7ASjtrgTB-elFr!E"1,LW0m1.EW + "arP4qhu<.Rk1ke%U+Tlq2rBa-SJdYK\n0*aCZj.e"l2gckj=$s/6c$=_(SRI$NAYJp5\_^ + ^PH8h*Gf?iUh5D%u\!,_c6)&\:`iNC[$&FR4IET>9:R(45f&VG.4A.;YMi_gm.?5]5j-g5: + ;WZd&4hB=YYtB4)Z$?R3O9>bTkPB*$GbW)!QVOK3EhMWUreU2?>fcV9h=VA$.p'67MN(_c- + G"/XC;qrqW/$?[q(&FidKq3F%0q#^0I\PBBAHkmlI9VX>1GE=i]Pk?4k)rc"&F*2Q-5Fqf: + )NcaKZe+L[DEYWf(=KdEMa0BDBJl'ksWkkGKBD@]\q'j#Z<4aV5Xf]QRgZ4V='Nko!B%EZ[0h,+c + Q3dPk,PFS6.OnV@\46?\"TagQC7"$=RRH!SS%JYJm%I6;0^3l7qs7R:=5e87S6mMm6_D0(u + %1rFmVAN)n.5pJ6@OpZki_MRb5RKG:*5o_QEX`&r&bkO???S,9"0=:U32oN<#8!LbTaph+9 + c)+clGF%dh"_a;p'8NMReTEmk:N@Y<1D0=S#3otl+H9l?hA->3d%u-!NdXK/a-4!Li\2^cF + 4L;FS09F8W&9ub_ + n,9`3aEr6RLeVYJ[CKp9K)1V,Fk\luN?mAd-+4DOl9ZP_Y#kFX^:J\]HmPl;qFmkaafWPTI + LgfTW:jSqAC"Y;Fl&LM?@l[!u4rSk7Cn(u$OS_c-fi-9g%nFcp[>#`Z_r;R;@H9%Z"_G\[F + hXVDUg6cT4`N/Lgt9[RJdZ+a1pS\-4.d]<5nF/b*\n@`pqh( + USfeh8&-P9?(1ILE5UVmFa@-XC6'-kQdk4E.O!"^[+:e]eTYl9Rq]$.M5nN++E&IQBT)jNd + #_F0)Jfk>N+:*QA#_F0)Jfk>N+:*S/cBX*;kQ%g`Hf:"%,on + ><7Ah!"k?]j*WG,:\F$Qc"&LP=#la5nF;!$Qg/XcpB_]8*IKF.b;";:-r$r6jFnAJfnNBY6 + 4[<;4!J4#9jG*+9`lVG:CG>R]b,9S$ubOh(c*?d:Lc+ZZWiYrm?`.;g$4UUX(uNKeG+Fpk6 + 04JN&PX;"Wpm2m(Ef2Z5ibrk]\V(tsPOjRj#?3Cd^BSfO$7(7F?LXH'Q*i)Q?4!_J^&Ta65 + m8;ZJq)?A^Ei@8-H3k,S`W=MnZB)VZ(FF0dNF9fPa)k$fo,Bq.,!q>KE8B?m5i9TRhpTlT3 + ,epL=I6GF<2_I + Y3Z\>OI=JCX7,-.LJqDClNqWY6G4=Kl\Ft'5X<,6@iU?PZsJZoa#Aa>l%cHM%H#e + TB\ocpFKINEo(2AC*oGff5PB\:k.mlFG569,"6aTp)7hHIE88,*WlhT"m";2d[2V>Jbn7-7 + 6g)]7h/o>Fp4!20_RP,HC[pmr/cW*5rG(O(NMca0#o['Dp4XjdTD[hE5?RE(N?M6S5dMHj6 + ,B=i0g3G1e:AWf\nX^"LB+nCV$/u\RGAl%.V)Zo"@8+^`A:g_;j.48FI$.-)"-l[QQA$Xe%%tY=<.jC^%]l\*Ogg#79B`6uX;Ebqi+'?ig&u)(E?k_Rl1\3V'@dD4q,JL9b7HVB5N!In->,s + *mfa380"/"ZU5u;9;GaA"_RN,FrJ#WK2LJ$:!akrN8l>1>n2OWZ%:f4B + b%6qBjkfF9?9YIce&3$uiDgq,pne`jR3%M;IZjkZ.ToSShE$H>P[sDu7l\[-)e#Q,R(Rhl? + @r>jPpNu)p[k:*#_F00$1U4jWXe-#a:&n"AL'4SR'U;HK\:1H!P4YMdgP0NHAW4!`7NI;AP + !Rm2oU'#3q*SgI(,DirYVS7S)ZFfn4!%:YO^XH4@qd4b=)Z=KC5$u5S+&a&4Y5i(dS>Rc+G + 4;f/MHkDKOeKBP'84(C[`5gr=nDiAVgSQ_FTJnb$D=K&#uHRqn&'i]tL%BPq.cE?M4_nU0" + .%QSLd.HnX8edagXl6?lD5nLthIIIS80'aHhhTu^tRT>CXeCT7JF7KuPWEG[F1:pO01]fOt$@iRB:N)Na/98HQBPb + J8n)kE`!4C?t_\sm@.Q$Pc7Y8_A!i3u@^'9]s-eE1hZFl6-cdd(U2Y;&*jAHs,'Q.i(`h6: + lA=U__a%).$.>IKeX + uVScQSP3KtGC`Gu8dMT%#AE>^(IClHC<ZC/7X@e3fko_ + K'N#.n:BGY"6CjnUMLrAIUndA*h^!`Y7Nu2"=^57SbcNZ[KD#Ga4!.1Wl$WrHn"SH]#712r + -Nlgo4eL39Jc1/*S\QJk@aha6-^Yj=iQ:i%?O4>UB4O]d]h^gs&]4I$Nk'+1+7Zs*'>)]nJ + q[D;/HJQcCWe\ftiI*A!885n:,^SclEn+M/S7HjkZ8pHXl>Pb;l^6@(d^]!`g1'TD7clkMO + t8f'WYlk?HLAn?.IX"0CW34M$K2'6>??KR_\m^j@8srgI-0>"emB"@3S%5nF/b&-P91"@3S + %5nF/b&-P91"@3S%5nF/b&-P91"@3S%5nF/b&>V:kBY!%,2_U>((:2CW)*ePR@;Gnt.%dX?hMVr:^"@8+^#s&V`&-TPYA + =lZ%Hq9=5aqe'#(R,G$fBMYQiu'K6DWkrGjQI5^lpd)(_j4m>-L.bpfd0dFam.>4*LkVCpR + Ei^DcE,2I)#!YKY/Iu'\te@*5(D^bmqCedq+t7YNjOM*(]*Jn.dGYdOWDHZR^VM#Z?Tui"u + &RAUqhsjL8,1]/m`obtk-`)??4EVL!&\lRq'Jb-(mj2&`aMeDXs>b)^.7A#oO)n^.8a`sB4 + =ba0CDaHr46PdrU+QCP\M# + c;jp,8`k]+oWYg+h#)D^gI'.N4$k.FW;mj>UmmsU,0qSJn(3GClZ@%uJ/U69jsZ_%Aq?\^0o!:6iP!37 + u\MU)uLt[VkfXUab@`O&@(FqmreB4s@gO);jm=#W1*;VYe9[56nQM[[CsO=Ubo/%>WUFI4n + @qD.9^3b].!+!<+d')-QE4niMfh>6<_u64R(J:-[&F;Jh94JR:\(;=fO/p=X.DEb=,0\ + +a*n^*Db(g9?P6?[r,VoTn2)g:]]+ + 2I;,-her-@VIZ/AXWBEhL#r@6PHXbVXWPk)-2@E_C($7#SZI"f7;t]Qif!-:&2l!E7)[V=Z,0G%G!P7(%AYWrA`+u%Y2;"dD0tgc.ml!YaHj + t`2I!3lE[VMlJ/p&Ch=1TJ8L-tqKsr5)_O-GD+KmiT?9O`_^qY7W!N&Zuf&H!i?qZ^m.gGAB'$W6&2D*. + (VkLYKA1KW*r?UQ^\haSSD!a/r?YFBC*V$I@*@S6,7[$*/!urUg#BH16F&]jYN6*@`2eQ1_ + ?,L]Y6Y$F:fX;?9`jf+"D:@IO4nta'/2rFtc!s'te,g9ifg)b@C@j63k]Y?Y"K+%\.%AC'6g + 6Uj1?Y0&!s@f(5WhJb,P4eK/E>arN=)J+>KPD4)uDRU.9#!5-P,%sjT`84LKHj'$1$?`SYA + @pjs0D2_!0<7=>)^e\Y[d?ZIh:C03c%]&pGNHn=VkeOUq]N'ISgtH()]]uic/dJ)1\bV1YP + h^gkI*5]>=nmW8/O&>-bci!-?irN^A,bu3m.\u/>3:&A"@8./9-S=-n')!)>i9"AlY=D2u9/eVbJ@%"l$V[-F(`e-9*!ZIMk + cp&'>0%%1)"ba4@j[ZR:SUl.gSS>`>Rgo`%+V4cB&@^*nAsTFK^_^22+D(kAfG4HECO:S:o + G7SebI]&;a3=Mui6b%\o`JE*!)U31][Md"n4s&Q](K%lNB(nT0S&G2IH3:nb$&gpM)`9trHr1r@stjH!3s>LsBZD/tHcJ`Pg3!7bbAEb=_bJ4D`ZT)& + eE+$BX*hJ8)@1Q)?V4om(`TG6n,cAt7kYI\Ha+"&BL>$/M395OYM@<#6--e)O`@kpVZ&,?R + :O$&":8?o$&6q%W8Y/:r[\G)2dX[i)Jr\(X,B,[rV,_h]f`o>72F87$T__u?q2NDU^]siLC + `J2,/Y)q.-,C;W1Fgts&qsKO"4oa6>aaF%k2N3P6iVIb*B_1pIC:pAD>^L\WoR41HT\lk4< + rDXAZX&%%h@i.1B?('I'o_=jn)iMEfLAL]r:rPp=7g84[V=3?g0*Iu!-A+sG'X4.9K87ab1 + H^)+].64l=]s@*Qf;j(fpA(n%44rB&,7T=gctWENc-W^HI_Bq,0-SZ>j?0+c'F?l?%V##_E + b#Vutk>:j-.5,j0M;&G3&H?Y9"#&-P;SN8#=3$O40iTmK8dqR??M$4)5+Lc]R>"1patWY"K + VKFe8P&>YtXp-7Z!A=i=@-.3gu+:*QA#_F0)Jfk>N+:*QA#_F0)Jfk>N4>?[Tntned~> +Q +Q Q +showpage +%%Trailer +end restore +%%EOF diff --git a/docs/texsources/position_paper.bbl b/docs/texsources/position_paper.bbl new file mode 100644 index 000000000..988247164 --- /dev/null +++ b/docs/texsources/position_paper.bbl @@ -0,0 +1,98 @@ +\begin{thebibliography}{10} + +\bibitem{Nomic} +Peter Suber. +\newblock Nomic: A game of self-amendment. +\newblock {\url{http://legacy.earlham.edu/~peters/writing/nomic.htm}}, 1982. + +\bibitem{Bitcoin} +Satoshi Nakamoto. +\newblock Bitcoin: A peer-to-peer electronic cash system. +\newblock {\url{https://bitcoin.org/bitcoin.pdf}}, 2008. + +\bibitem{Ethereum} +Vitalik~Buterin et~al. +\newblock A next-generation smart contract and decentralized application + platform. +\newblock + {\url{https://github.com/ethereum/wiki/wiki/%5BEnglish%5D-White-Paper}}, + 2014. + +\bibitem{CryptoNote} +Nicolas van Saberhagen. +\newblock Cryptonote v 2.0. +\newblock {\url{https://cryptonote.org/whitepaper.pdf}}, 2013. + +\bibitem{Zerocash} +Matthew~Green et~al. +\newblock Zerocash: Decentralized anonymous payments from bitcoin. +\newblock + {\url{http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf}}, + 2014. + +\bibitem{schelling} +Thomas Schelling. +\newblock {\em The Strategy of conflict}. +\newblock Cambridge: Harvard University Press, 1960. + +\bibitem{51pct} +Bitcoin Wiki. +\newblock Weaknesses. +\newblock + {\url{https://en.bitcoin.it/wiki/Attacks#Attacker_has_a_lot_of_computing_power}}, + 2014. + +\bibitem{centralized} +Gaving Andresen. +\newblock Centralized mining. +\newblock {\url{https://bitcoinfoundation.org/2014/06/13/centralized-mining/}}, + 2014. + +\bibitem{btccommons} +Bitcoin Wiki. +\newblock Tragedy of the commons. +\newblock {\url{https://en.bitcoin.it/wiki/Tragedy_of_the_Commons}}, 2014. + +\bibitem{dominantassurance} +Bitcoin Wiki. +\newblock Dominant assurance contracts. +\newblock {\url{https://en.bitcoin.it/wiki/Dominant_Assurance_Contracts}}, + 2014. + +\bibitem{doge} +Simon de~la Rouviere. +\newblock Not actually capped at 100 billion? +\newblock {\url{https://github.com/dogecoin/dogecoin/issues/23}}, 2013. + +\bibitem{shootout} +Debian project. +\newblock Computer language benchmarks game. +\newblock + {\url{http://benchmarksgame.alioth.debian.org/u32/benchmark.php?test=all&lang=all&data=u32}}, + 2014. + +\bibitem{semantic} +Scott Owens. +\newblock A sound semantics for ocaml light. +\newblock {\url{http://www.cl.cam.ac.uk/~so294/ocaml/paper.pdf}}, 2008. + +\bibitem{distrib_impossible} +Ben Laurie. +\newblock Decentralised currencies are probably impossible, but let's at least + make them efficient. +\newblock {\url{http://www.links.org/files/decentralised-currencies.pdf}}, + 2011. + +\bibitem{Slasher} +Vitalik Buterin. +\newblock Slasher: A punitive proof-of-stake algorithm. +\newblock + {\url{https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/}}, + 2014. + +\bibitem{Futarchy} +Robin Hanson. +\newblock Shall we vote on values, but bet on beliefs? +\newblock {\url{http://hanson.gmu.edu/futarchy3.pdf}}, 2013. + +\end{thebibliography} diff --git a/docs/texsources/position_paper.tex b/docs/texsources/position_paper.tex new file mode 100644 index 000000000..a3c12041a --- /dev/null +++ b/docs/texsources/position_paper.tex @@ -0,0 +1,855 @@ +\documentclass[letterpaper]{article} +\author{L.M Goodman} +\date{August 3, 2014} +\title{Tezos: A Self-Amending Crypto-Ledger \\ Position Paper} +\usepackage[utf8]{inputenc} + +%%\setlength{\parskip}{\baselineskip} +\usepackage{amsfonts} +\usepackage{url} +\usepackage[hidelinks]{hyperref} +%\usepackage{hyperref} +\usepackage{listings} +\usepackage{color} +\usepackage{epigraph} +%\epigraphfontsize{\small\itshape} +\setlength\epigraphwidth{4.6cm} +\setlength\epigraphrule{0pt} + + +\begin{document} + + +\maketitle +%\epigraphfontsize{\small\itshape} + + +%\renewcommand{\abstractname}{Introduction} + +\epigraph{\emph{``Laissez faire les propri\'{e}taires.''}} +{--- \textup{Pierre-Joseph Proudhon}} + +\begin{abstract} +The popularization of Bitcoin, a decentralized crypto-currency has inspired the +production of several alternative, or ``alt'', currencies. Ethereum, CryptoNote, +and Zerocash all represent unique contributions to the crypto-currency space. +Although most alt currencies harbor their own source of innovation, they have +no means of adopting the innovations of other currencies which may succeed them. +We aim to remedy the potential for atrophied evolution in the crypto-currency +space by presenting Tezos, a generic and self-amending crypto-ledger. + +Tezos can instanciate any blockchain based protocol. Its seed protocol specifies +a procedure for stakeholders to approve amendments to the protocol, +\emph{including} amendments to the amendment procedure itself. +Upgrades to Tezos are staged through a testing environment to allow +stakeholders to recall potentially problematic amendments. + +The philosophy of Tezos is inspired by Peter Suber's Nomic\cite{Nomic}, +a game built around a fully introspective set of rules. + +In this paper, we hope to elucidate the potential benefits of Tezos, +our choice to implement as a proof-of-stake system, and our choice to write it +in OCaml. + +\end{abstract} +\newpage +\tableofcontents + +\section{Motivation} +In our development of Tezos, we aspire to address four problems we perceive with +Bitcoin\cite{Bitcoin}: +\begin{itemize} +\item[-] The ``hard fork'' problem, or the inability for Bitcoin to dynamically +innovate due to coordination issues. +\item[-] Cost and centralization issues raised by Bitcoin's proof-of-work +system. +\item[-] The limited expressiveness of Bitcoin's transaction language, which has +pushed smart contracts onto other chains. +\item[-] Security concerns regarding the implementation of a crypto-currency. +\end{itemize} + +\subsection{The Protocol Fork Problem} + +\subsubsection{Keeping Up With Innovation} +In the wake of Bitcoin's success, many developers and entrepreneurs have +released alternative crypto-currencies (``altcoins''). While some of these +altcoins did not diverge dramatically from Bitcoin's original +code\footnote{wow, such unoriginal}, some presented interesting improvements. +For example, Litecoin introduced a memory hard proof of work +function\footnote{scrypt mining ASICs are now available} and a shorter block +confirmation time. Similarly, Ethereum has designed +stateful contracts and a Turing-complete transaction language\cite{Ethereum}. +More important contributions include privacy-preserving ring signatures +(CryptoNote)\cite{CryptoNote} and untraceable transactions using SNARK +(Zerocash)\cite{Zerocash}. + +The rise of altcoins has inspired a vast competition in software innovation. +Cheerleaders for this Hayekian growth, however, miss a fundamental point: for a +cryptocurrency to be an effective form of money, it needs to be a stable store +of value. Innovation within a ledger preserves value through protecting +the network effect giving the currency its value. + +To illustrate the problem of many competing altcoins, let us compare a +crypto-currency and a smart phone. When purchasing a smart phone, the consumer +is paying for certain features, such as the ability to play music, check email, +message his friends, and conduct phone calls. + +Every few weeks, a newer smartphone model is released on the market which often +contains enhanced features. Though consumers who have the older model may be +jealous of those with the latest model, the introduction of newer smartphones +does not render older smartphones dysfunctional. + +This dynamic would change, however, if the newest phones could not communicate +with older models. If the many models and styles of smartphone could not be used +together seamlessly, the value of each smartphone would be reduced to the number +of people with the same model. + +Crypto-currencies suffer from the same fate as smartphones which are +incompatible with one another; they derive their value from a network effect, +or the number of users who have given it value. To this end, any innovation that +occurs outside of a crypto-currency will either fail to build enough network +effect to be noticed, or it will succeed but undermine the value of the savings +in the old currency. If smartphones were incompatible with older models, there +would be either very little innovation or extremely disruptive innovation +forcing older phones into obsolescence. + +Side-chains are an attempt to allow innovations which will retain +compatibility with Bitcoin by pegging the value of a new currency to Bitcoin and + creating a two-way convertibility. Unfortunately, it's unclear whether they +will be flexible enough to accommodate protocols substantially different fro +Bitcoin. The only alternative so far is to fork the protocol. + +\subsubsection{Economics of Forks} + +To understand the economics of forks, one must first understand that monetary +value is primarily a social consensus. It is tempting to equate a +cryptocurrency with its rules and its ledger, but currencies are actually focal +points: they draw their value from the common knowledge that they are accepted +as money. While this may seem circular, there is nothing paradoxical about it. +From a game theoretic perspective, the perception of a token as a store of value +is stable so long as it is widespread. Note that, as a ledger, Bitcoin is +a series of 1s and 0s. The choice to treat the amounts encoded within unspent +outputs as balances is a purely \emph{social} consensus, not a property of the +protocol itself. + +Changes in the protocol are referred to as ``forks''\footnote{not to be confused +with blockchain forks which happen \emph{within} a protocol}. They are so called +because, in principle, users have the option to keep using the old protocol. +Thus, during a fork, the currency splits in two: an old version and a new +version. + +A successful fork does not merely require software engineering, but +the coordination of a critical mass of users. This coordination is hard +to achieve in practice. Indeed, after a fork, two ledgers exist and users +are confronted with a dilemma. How should they value each branch of the fork? + +This is a coordination game where the answer is to primarily value the branch +other users are expected to primarily value. Of course, said users are likely +to follow the same strategy and value the branch for the same reason. These +games were analyzed by economist Thomas Schelling and focal points are +sometimes referred to as ``Schelling points''\cite{schelling}. + +Unfortunately, there is no guarantee that this Schelling point will be the most +desirable choice for the stakeholders, it will merely the ``default'' choice. +A ``default'' could be to follow the lead of a core development team or the +decrees of a government regardless of their merit. + +An attacker capable of changing social consensus +controls the currency for all intents and purposes. +The option to stick with the original protocol is widely irrelevant +if the value of its tokens is annihilated by a consensus shift.% +\footnote{The argument that there can never be more than 21 million bitcoin +because ``if a fork raised the cap, then it wouldn't be Bitcoin anymore'' +isn't very substantive, for Bitcoin is what the consensus says it is.} + +Core development teams are a potentially a dangerous source of centralization. +Though users can fork any open source project, +that ability offers no protection against an attacker +with enough clout to alter the social consensus. +Even assuming the likely benevolence of a core development team, +it represents a weak point on which an attacker could exercise leverage. + +Tezos guards against the vulnerabilities wrought by the source of centralization +through radically decentralized protocol forks. +It uses its own cryptoledger to let stakeholders coordinate on forks. +This allows coordination and enshrines the principle that +forks are not valid unless they are endogenous, +making it much harder to attack the protocol by moving the consensus. + +Suppose for instance that a popular developer announces his intention to fork +Tezos without making use of the protocol's internal procedure. ``Why would he +attempt to bypass this process?'' might ask stakeholders. Most certainly, +because he knew that he wouldn't be able to build consensus around his proposed +fork \emph{within} Tezos. + +This signals to the stakeholders that their preferred consensus would be to +reject this fork, and the Schelling point is thus to refuse it, no matter the +clout of that developer. + + +\subsection{Shortcomings of Proof-of-Work} + +The proof-of-work mechanism used by Bitcoin is a careful balance +of incentives meant to prevent the double spending problem. +While it has nice theoretical properties in the absence of miner +collusion, it suffers in practice from severe shortcomings. + +\subsubsection{Mining Power Concentration} +There are several problems with proof-of-work as a foundation for +crypto-currencies. The most salient problem, which is all too relevant +as of 2014, is the existence of centralized mining pools, which concentrate +power in the hands of a few individuals. + +The proof-of-work mechanism is decentralized, which means that users do not +need to \emph{explicitely} trust anyone to secure the currency. However, +\emph{implicitely}, Bitcoin has yielded a system where all users have to trust +the benevolence of one or two pool operators to secure the currency. + +A conspiracy of miners holding more than 50\% of the hashing power +is known as 51\% attack\cite{51pct}. It allows the attackers +to prevent transactions from being made, to undo transactions, +to steal recently minted coins and to to double spend\cite{centralized}. + +A centralized mint signing blocks would be just as secure, +and far less wasteful, as a miner controlling 51\% of the hashing power. +If a centralized mint is unacceptable to Bitcoin users, +they should not tolerate \textit{de facto} centralization of mining power. + +The concentration of mining power is no coincidence: +large mining pools face less variance in their returns than their competitors +and can thus afford to grow their operation more. +In turn, this growth increases their market share and lowers their variance. + +To make things worse, the large mining pool ghash.io +has hinted at a business model where they would prioritize ``premium'' +transactions submitted directly to them. This means that large miners would earn +proportionally more than smaller miners. Sadly, p2pool has had trouble +attracting hashing power as most miners selfishly prefer the convenience of +centralized mining-pools. + +Many have argued that fears of market concentration are +overblown. They are generalizing hastily from the real world economy. +Real businesses compete in a rapidly changing landscape +where Schumpeterian creative destruction exercises +constant evolutionary pressure on incumbents. +Real businesses need local knowledge, face organizational issues +and principal agent problems. Bitcoin mining is a purely synthetic economic +sector centered around hashing power, a purely fungible commodity. +It would be mistaken to hastily generalize and think that such a sterile +environment is endowed with the same organic robustness that characterizes a +complex, fertile, economy.\footnote{It is possible that a new technology +will supplant ASICs who themselves replaced FPGA boards. However, the pace of +this type of innovation is nowhere fast enough to prevent miners from forming +dominating positions for long period of times; and such innovation would benefit +but a new (or the same) small clique of people who initially possess the new +technology or eventually amass the capital to repeat the same pattern.} + +Furthermore, the economic argument generally holds that natural monopolies have +few incentives to abuse their position. The same could be said about a Bitcoin +miner --- after all, why would a dominant miner destroy the value of their +investments by compromising the currency? +Unfortunately, this still creates a huge systemic risk as such miners can be +compromised by a dishonest attacker. The cost of executing a double spending +attack against the network is \emph{no more} than the cost of subverting a few +large mining pool. + +There have been proposals intended to address this issue by tweaking the +protocol so it would be impossible for pool organizers to trust their members +not to cheat. However, these proposals only prevent pools from gathering mining +force from anonymous participants with whom there is no possibility of +retaliation. Pooling is still possible between non-anonymous people: +organizers may operate all the mining hardware while participants hold shares, +or organizers may track cheaters by requiring inclusion of an identifying nonce +in the blocks they are supposed to hash. The result of such proposals would thus +be to increase variance for anonymous mining operations and to push towards +further concentration in the hands of mining cartels. + +Proof-of-stake, as used by Tezos, does not suffer from this problem: +inasmuch as it is possible to hold 51\% of the mining power, +this implies holding 51\% of the currency, +which is not only much more onerous than controlling 51\% of hashing power but +implies fundamentally better \emph{incentives}. + +\subsubsection{Bad incentives} +There is an even deeper problem with proof-of-work, one that is much harder to +mitigate than the concentration of mining power: a misalignment of incentives +between miners and stakeholders. + +Indeed, in the long run, the total mining revenues will be the sum of the all +transaction fees paid to the miners. Since miners compete to produce hashes, +the amount of money spent on mining will be slightly smaller than the revenues. +In turn, the amount spent on transactions depends on the supply and demand for +transactions. The supply of transactions on the blockchain is determined by the +block size and is fixed. + +Unfortunately, there is reason to expect that the demand for transactions will +fall to very low levels. People are likely to make use of off-chain transaction +mechanisms via trusted third parties, particularly for small amounts, in order +to alleviate the need to wait for confirmations. Payment processors may only +need to clear with each other infrequently. + +This scenario is not only economically likely, it seems necessary given the +relatively low transaction rate supported by Bitcoin. Since blockchain +transaction will have to compete with off-chain transaction, the amount spent on +transactions will approach its cost, which, given modern infrastructure, should +be close to zero. + +Attempting to impose minimum transaction fees may only exacerbate the problem +and cause users to rely on off-chain transaction more. As the amount paid in +transaction fees collapses, so will the miner's revenues, and so will the cost +of executing a 51\% attack. To put it in a nutshell, the security of a +proof-of-work blockchain suffers from a commons problem\cite{btccommons}. +Core developer Mike Hearn has suggested the use of special transactions to +subsidize mining using a pledge type of fund raising\cite{dominantassurance}. +A robust currency should not need to rely on charity to operate securely. + +Proof-of-stake fixes these bad incentives by aligning the incentives of the +miners and stakeholders: by very definition, the miners \emph{are} the +stakeholders, and are thus interested in keeping the transaction costs low. +At the same time, because proof-of-stake mining is not based on destruction of +resources, the transaction cost (whether direct fees or indirect inflation) +are entirely captured by miners, who can cover their operating costs +without having to compete through wealth destruction. + +\subsubsection{Cost} +An alternative is to keep permanent mining rewards, as Dogecoin\cite{doge} has +considered. Unfortunately, proof-of-work arbitrarily increases the costs to the +users without increasing the profits of the miners, incurring a deadweight loss. +Indeed, since miners compete to produce hashes, the amount of money they spend +on mining will be slightly smaller than the revenues, and in the long run, +the profits they make will be commensurate with the value of their transaction +services, while the cost of mining is lost to everyone. + +This is not simply a nominal effect: real economic goods (time in fabs, +electricity, engineering efforts) are being removed from the economy for the +sake of proof-of-work mining. As of June 2014, Bitcoin's annual inflation stands +at a little over 10\% and about \$2.16M dollars are being burned daily for the +sake of maintaining a system that provides little to no security over a +centralized system in the hands of ghash.io. + +The very security of a proof-of-work scheme rests on this actual cost being +higher than what an attacker is willing to pay, which is bound to increase +with the success of the currency. + +Proof-of-stake eliminates this source of waste without lowering the cost of +attacks --- indeed, it automatically scales up the cost of an attack as the +currency appreciates. Because the thing you must prove to mine is not +destruction of existing resources but provision of existing resources, +a proof-of-stake currency does not rely on destroying massive resources +as it gains in popularity. + +\subsubsection{Control} +Last but not least, the proof-of-work system puts the miners, +not the stakeholders, in charge. Forks for instance require the consent of a +majority of the miners. This poses a potential conflict of interest: a majority +of miners could decide to hold the blockchain hostage until stakeholders consent +to a protocol fork increasing the mining rewards; more generally, they will hold +onto the hugely wasteful system that empowers them longer than is economically +beneficial for users. + +\subsection{Smart Contracts} +Though Bitcoin does allow for smart contracts, most of its opcodes +have been historically disabled and the possibilities are limited. +Ethereum introduced a smart contract system with some critical differences: +their scripting language is Turing complete and they substitute +stateful accounts to Bitcoin's unspent outputs. + +While emphasis has been put on the Turing complete aspect of the language, +the second property is by far the most interesting and powerful of the two. +In Bitcoin, an output can be thought of as having only two states: spent and +unspent. In Ethereum, accounts (protected by a key) hold a balance, a contract +code and a data store. The state of an account's storage can be mutated +by making a transaction towards this account. The transaction specifies an +amount and the parameters passed to the contract code. + +A downside of a Turing complete scripting language for the contracts +is that the number of steps needed to execute a script is potentially unbounded, +a property which is generally uncomputable. + +To address this problem, Ethereum has devised a system by which the miner +validating the transaction requires a fee proportional to the complexity +and number of steps needed to execute the contract. + +Yet, for the blockchain to be secure, \emph{all} the active nodes need to +validate the transaction. A malicious miner could include in his block a +transaction that he crafted specially to run into an infinite loop and pay +himself an exorbitant fee for validating this transaction. Other miners could +waste a very long time validating this transaction. Worse, they could just +slack and fail to validate it. In practice though, most of the interesting +smart contracts can be implemented with very simple business logic and do not +need to perform complex calculations. + +Our solution is to cap the maximum number of steps that a program is allowed to +run for in a single transaction. Since blocks have a size limit that caps the +number of transactions per block, there is also a cap on the number of +computation steps per block. This rate limitation foils CPU-usage +denial-of-service attacks. Meanwhile, legitimate users can issue multiple +transactions to compute more steps than allowed in a single transaction, +though at a limited rate. Miners may decide to exclude too long of an execution +if they feel the included fee is too small. Since the Tezos protocol is +amendable, the cap can be increased in future revisions and new cryptographic +primitives included in the scripting language as the need develops. + +\subsection{Correctness} +Bitcoin underpins a \$8B valuation with a modest code base. As security +researcher Dan Kaminsky explains, Bitcoin looks like a security nightmare on +paper. A \verb!C++! code base with a custom binary protocol powers nodes +connected to the Internet while holding e-cash, sounds like a recipe for +disaster. \verb!C++! programs are often riddled with memory corruption bugs. +When they are connecting to the Internet, this creates vulnerabilities +exploitable by remote attackers. E-cash gives an immediate payoff to any +attacker clever enough to discover and exploit such a vulnerability. + +Fortunately, Bitcoin's implementation has proven very resilient to attacks +thus far, with some exceptions. In August 2010, a bug where the sum of two +outputs overflowed to a negative number allowed attackers to create two +outputs of $92233720368.54$ coins from an input of $0.50$ coins. +More recently, massive vulnerabilities such as the heartbleed bug +have been discovered in the OpenSSL libraries. These vulnerabilities have +one thing in common, they happened because languages like \verb!C! and +\verb!C++! do not perform any checks on the operations they perform. For the +sake of efficiency, they may access random parts of the memory, add integers +larger than natively supported, etc. While these vulnerabilities have spared +Bitcoin, they do no not bode well for the security of the system. + +Other languages do not exhibit those problems. OCaml is a functional programming +language developed by the INRIA since 1996 (and itself based on earlier +efforts). Its speed is comparable to that of \verb!C++! and it generally +features among the fastest programming languages in benchmarks\cite{shootout}. +More importantly, OCaml is strongly typed and offers a powerful type inference +system. Its expressive syntax and semantics, including powerful pattern matching +and higher-order modules, make it easy to concisely and correctly describe the +type of logic underpinning blockchain based protocols. + +OCaml's semantic is fairly rigorous and a very large subset has been +formalized\cite{semantic}, which removes any ambiguity as to what is the +intended behavior of amendments. + +In addition, Coq, one of the most advanced proof checking software +is able to extract OCaml code from proofs. As Tezos matures, it will be +possible to automatically extract key parts of the protocol's code from +mathematical proofs of correctness. + +Examples of spectacular software failure abound. The heartbleed bug caused +millions of dollars in damages. In 2013, a single bug at high-frequency trading +firm Knight capital caused half a billion dollars worth of losses. In 1996, an +arithmetic overflow bug caused the crash of Ariane 5, a rocket that had cost +\$7B to develop; the cost of the rocket and the cargo was estimated at \$500M. + +All of these bugs could have been prevented with the use of formal verification. +Formal verification has progressed by leaps and bounds in recent years, +it is time to use it in real systems. + +\section{Abstract Blockchains} + +Tezos attempts to represent a blockchain protocol in the most general way +possible while attempting to remain as efficient as a native protocol. +The goal of a blockchain is to represent a single state being concurrently +edited. In order to avoid conflicts between concurrent edits, it represents the +state as a ledger, that is as a series of transformations applied to an initial +state. These transformations are the ``blocks'' of the blockchain, and --- in +the case of Bitcoin --- the state is mostly the set of unspent outputs. Since +the blocks are created asynchronously by many concurrent nodes, a block tree is +formed. Each leaf of the tree represents a possible state and the end of a +different blockchain. Bitcoin specifies that only one branch should be +considered the valid branch: the one with the greatest total difficulty. +Blocks, as their name suggests, actually bundle together +multiple operations (known as transactions in the case of Bitcoin). +These operations are sequentially applied to the state. + +\subsection{Three Protocols} + +It is important to distinguish three protocols in cryptoledgers: +the network protocol, the transaction protocol, and the consensus protocol. + +The role of the meta shell is to handle the network protocol +in as agnostic a way as possible while delegating the transaction and consensus +protocol to an abstracted implementation. + +\subsubsection{Network Protocol} + +The network protocol in Bitcoin is essentially the gossip network that allows +the broadcasting of transactions, the downloading and publishing of blocks, +the discovery of peers, etc. It is where most development occurs. For instance, +bloom filters were introduced in 2012 through BIP0037 to speed up the simple +payment verification for clients which do not download the whole blockchain. + +Changes to the network protocol are relatively uncontroversial. There +may be initial disagreements on the desirability of these changes, but all +parties interests are fundamentally aligned overall. + +These changes do not need to happen in concert either. One could devise a way to +integrate Bitcoin transactions steganographically into pictures of cats posted +on the Internet. If enough people started publishing transactions this way, +miners would start parsing cat pictures to find transactions to include in the +blockchain. + +While a healthy network requires compatibility, competing innovation in the +network protocol generally strengthens a cryptocurrency. + +\subsubsection{Transaction Protocol} +The transaction protocol describes what makes transactions valid. It is defined +in Bitcoin, for instance, through a scripting language. First, coins are created +by miners when they find a block. The miner then attaches a script to the coins +that he mined. + +Such a script is known as an ``unspent output''. Transactions combine outputs +by providing arguments for which their scripts evaluate to true. These arguments +can be thought of keys and the scripts as padlocks. + +In simple transactions, such scripts are merely signature-checking scripts but +more complex scripts can be formed. These outputs are added up and allocated +among a set of new outputs. If the amount of output spent is greater than the +amount allocated, the difference can be claimed by the miner. + +Changes to the transaction protocol are more controversial than changes to +the network protocol. While a small group of people could unilaterally start +using the cat-picture broadcast algorithm, changing the transaction protocol +is trickier. Such changes typically do not affect the block validity +and thus only require the cooperation of a majority of the miners. +These are generally referred to as ``soft-fork''. + +Some relatively uncontroversial changes still stand a chance to be implemented +there. For instance a fix to the transaction malleability issue would be a +transaction protocol level change. The introduction of Zerocash, also a +transaction protocol level change, risks being too controversial to be +undertaken. + +\subsubsection{Consensus Protocol} +The consensus protocol of Bitcoin describes the way consensus is built +around the most difficult chain and the miner reward schedules. +It allows miners to draw transactions from the coin base, +it dictates how difficulty changes over time, +it indicates which blocks are valid +and which are part of the ``official'' chain. + +This is by far the most central and most difficult to change protocol, +often requiring a ``hard-fork'', that is a fork invalidating old blocks. +For instance, the proof of work system, as is the reliance on SHA256 as a +proof-of-work system, etc. + +\subsection{Network Shell} +Tezos separates those three protocols. +The transaction protocol and the consensus protocol +are implemented in an isolated module plugged +into a generic network shell responsible for maintaining the blockchain. + +In order for the protocol to remain generic, we define the following interface. +We want our blockchain to represent the current ``state'' of the economy, +which we call in Tezos the \textbf{Context}. +This could include the balances of the various accounts +and other informations such as the current block number. +Blocks are seen as operators that transform an old state into a new state. + +In this respect, a protocol can be described by only two functions: +\begin{itemize} +\item[-] \textbf{apply} which takes a Context and a block and returns +either a valid Context or an invalid result (should the block be invalid) +\item[-] \textbf{score} which takes a Context and returns a score +allowing us to compare various leafs of the blockchain +to determine the canonical one. +In Bitcoin, we would simply record the total difficulty +or the chain inside the Context and return this value. +\end{itemize} + +Strikingly, these two functions alone can implement \emph{any} blockchain based +crypto-ledger. In addition, we attach those functions to the context itself +and expose the following two functions to the protocol: + +\begin{itemize} +\item[-] \textbf{set\_test\_protocol} which replaces the protocol used in the +test-net with a new protocol (typically one that has been adopted through a +stakeholder voter). +\item[-] \textbf{promote\_test\_protocol} which replaces the current protocol +with the protocol currently being tested +\end{itemize} + +These two procedures allow the protocol to validate its own replacement. +While the seed protocol relies on a simple super-majority rule with a quorum, +more complex rules can be adopted in the future. +For instance, the stakeholders could vote +to require certain properties to be respected by any future protocol. +This could be achieved by integrating a proof checker within the protocol +and requiring that every amendment include a proof of constitutionality. + +\section{Proof-of-Stake} +Tezos can implement any type of blockchain algorithm: +proof-of-work, proof-of-stake, or even centralized. +Due to the shortcomings of the proof-of-work mechanism, +the Tezos seed protocol implements a proof-of-stake system. +There are considerable theoretical hurdles to designing a working +proof-of-stake systems, we will explain our way of dealing with +them.\footnote{A full, technical, description of our proof-of-stake system is +given in the Tezos white paper.} + +\subsection{Is Proof-of-Stake Impossible?} + +There are very serious theoretical hurdles to any proof-of-stake system. +The main argument against the very possibility of a proof-of-stake system +is the following: +a new user downloads a client and connects for the first time to the network. +He receives a tree of blocks with two larges branches +starting from the genesis hash. +Both branches display a thriving economic activity, +but they represent two fundamentally different histories. +One has clearly been crafted by an attacker, but which one is the real chain? + +In the case of Bitcoin, the canonical blockchain is the one representing the +largest amount of work. This does not mean that rewriting history is impossible, +but it is costly to do so, especially as one's hashing power could be used +towards mining blocks on the real blockchain. +In a proof-of-stake system where blocks are signed by stakeholders, +a former stakeholder (who has since cashed out) could use his old signatures +to costlessly fork the blockchain +--- this is known as the nothing-at-stake problem. + + +\subsection{Mitigations} + +While this theoretical objection seems ironclad, there are effective mitigations. +An important insight is to consider that there are roughly two kind of forks: +very deep ones that rewrite a substantial fraction of the history +and short ones that attempt to double spend. +On the surface there is only a quantitative difference between the two +but in practice the incentives, motivations, +and mitigation strategies are different. + +No system is unconditionally safe, not Bitcoin, not even public key +cryptography. Systems are designed to be safe for a given \emph{threat model}. How well +that model captures reality is, \emph{in fine}, an empirical question. + +\subsubsection{Checkpoints} +Occasional checkpoints can be an effective way to prevent very long blockchain reorganizations. +Checkpoints are a hack. As Ben Laurie points out, Bitcoin's use of checkpoints +taints its status as a fully decentralized currency\cite{distrib_impossible}. + +Yet, in practice, annual or even semi-annual checkpoints hardly seem problematic. +Forming a consensus over a single hash value over a period of months is +something that human institutions are perfectly capable of safely accomplishing. +This hash can be published in major newspapers around the world, +carved on the tables of freshmen students, spray painted under bridges, +included in songs, impressed on fresh concrete, tattooed on pet ferrets... +there are countless ways to record occasional checkpoints +in a way that makes forgery impossible. +In contrast, the problem of forming a consensus over a period of minutes +is more safely solved by a decentralized protocol. + +\subsubsection{Statistical Detection} +Transactions can reference blocks belonging to the canonical blockchain, +thus implicitely signing the chain. An attacker attempting to forge a +long reorganization can only produce transactions involving coins he +controlled as off the last checkpoint. A long, legitimate, chain would +typically show activity in a larger fraction of the coins and can thus +be distinguished, statistically, from the forgery. + +This family of techniques (often called TAPOS, for +``transactions as proof of stake'') does not work well for short forks where the sample +is too small to perform a reliable statistical test. However, they can be combined +with a technique dealing with short term forks to form a composite selection +algorithm robust to both type of forks. + +%% \paragraph{Cementing} +%% Cementing --- a technique which consists in refusing to +%% consider and relay blocks causing medium to large reorganizations --- +%% can be quite effective. +%% The main theoretical weakness of cementing is that +%% it prevents a node from ever converging to the right blockchain +%% if it first accepts the wrong fork. +%% However, this requires the ability to isolate a node on the network. +%% Given this ability, it is possible to trick the node into accepting +%% a transaction that will be double spent on the main chain --- +%% this is true of Bitcoin and almost all blockchain based systems. +%% Such attacks can generally be detected statistically. +%% If the attack is detected, it suffices to stop accepting payments and to deactivate cementing +%% until convergence with the main chain has been achieved. +%% In the case of a new node bootstrapping on the network, +%% the cementing can be activated once the user is convinced +%% that his client has found the main chain (either by waiting long enough +%% or by requesting hashes from a few trusted sources). +%% Note that this bootstrapping procedure does not involve any more trust +%% or centralization than is already involved +%% in the process of merely downloading the client. + +\subsection{The Nothing-At-Stake Problem} +An interesting approach to solving the nothing-at-stake problem was +outlined by Vitalik Buterin in the algorithm Slasher\cite{Slasher}. +However, Slasher still relies on a proof of work mechanism to mine blocks +and assumes a bound on the length of feasible forks. + +We retain the main idea which consists in punishing double signers. +If signing rewards are delayed, they can be withheld +if any attempt at double spending is detected. +This is enough to prevent a selfish stakeholder +from opportunistically attempting to sign a fork +for the sake of collecting a reward should the fork succeed. +However, once rewards have been paid, +this incentive to behave honestly disappears; +thus, we use a delay long enough for TAPOS to become +statistically significant or for checkpointing to take place. + +In order to incentivize stakeholders to behave honestly, +we introduce a ticker system. A prospective miner must +burn a certain amount of coins in order to exercise his +mining right. This amount is automatically returned to +him if he fails to mine, or after a long delay. + +In order to allow stakeholders not to be permanently connected +to the Internet and not to expose private keys, a different, +signature key is used. + +\subsection{Threat Models} +No system is unconditionally safe, not Bitcoin, not even public key +cryptography. Systems are designed to be safe for a given \emph{threat model}. How well +that model captures reality is, \emph{in fine}, an empirical question. + +Bitcoin does offer an interesting guarantee: it attempts to tolerate amoral +but selfish participants. As long as miners do not collude, it is not necessary +to assume that any participant is honest, merely than they prefer making money +to destroying the network. However, non collusion, a key condition, is too +often forgotten, and the claim of Bitcoin's +``trustlessness'' is zealously repeated without much thought. + +With checkpointing (be it yearly), the same properties can be achieved by +a proof-of-stake system. + +Without checkpointing proof-of-stake systems cannot make this claim. Indeed, +it would be theoretically possible for an attacker to purchase old keys from +a large number of former stakeholders, with no consequence to them. In this case, +a stronger assumption is needed about participants, namely that a majority of current or +former stakeholders cannot be cheaply corrupted into participating in an +attack on the network. In this case, the role ``stake'' in the proof-of-stake is +only to avoid adverse selection by malicious actors in the consensus group. + + + +\section{Potential Developments} + +In this section, we explore some ideas +that we're specifically interested in integrating to the Tezos protocol. + +\subsection{Privacy Preserving Transactions} +One of the most pressing protocol updates will be +the introduction of privacy preserving transactions. +We know of two ways to achieve this: +ring signatures and non-interactive zero-knowledge proofs of knowledge +(NIZKPK). + +\subsubsection{Ring Signatures} +CryptoNote has built a protocol using ring signatures to preserve privacy. +Users are able to spend coins +without revealing which of $N$ addresses spent the coins. +Double spenders are revealed and the transaction deemed invalid. +This works similarly to the coin-join protocol +\emph{without} requiring the cooperation of the addresses involved in +obfuscating the transaction. + +One of the main advantage of ring signatures is that they are comparatively +simpler to implement than NIZKPK and rely on more mature cryptographic +primitives which have stood the test of time. + +\subsubsection{Non Interactive Zero-knowledge Proofs of Knowledge} +Matthew Green et al. proposed the use of NIZKPK +to achieve transaction untraceability in a blockchain based cryptocurrency. +The latest proposition, Zerocash, maintains +a set of coins with attached secrets in a Merkle tree. +Committed coins are redeemed by providing a NIZKPK +of the secret attached to a coin in the tree. +It uses a relatively new primitive, SNARKs, +to build very small proofs which can be efficiently checked. + +This technique is attractive but suffers from drawbacks. +The cryptographic primitives involved are fairly new +and have not been scrutinized as heavily +as the relatively simple elliptic curve cryptography involved in Bitcoin. + +Secondly, the construction of these proofs relies on the CRS model. +This effectively means that a trusted setup is required, +though the use of secure multi-party computation +can reduce the risk that such a setup be compromised. + +\subsection{Amendment Rules} + +\subsubsection{Constitutionalism} + +While this is more advanced, it is possible to integrate a proof checker +within the protocol so that only amendments carrying a formal proof that +they respect particular properties can be adopted. In effect this enforces +a form of constitutionality. + +\subsubsection{Futarchy} +Robin Hanson has proposed that we vote on values and bet on beliefs. +He calls such a system ``Futarchy''\cite{Futarchy}. The main idea +is that values are best captured by a majoritarian consensus while the choice +of policies conducive to realizing those values is best left to a prediction +market. + +This system can quite litteraly be implemented in Tezos. Stakeholders would +first vote on a trusted datafeed representing the satisfaction of a value. +This might be for example the exchange rate of coins against a basket +of international currencies. An internal prediction market would be formed +to estimate the change in this indicator conditional on various code +amendments being adopted. The market-making in those contracts can be +subsidized by issuing coins to market makers in order to improve price discovery +and liquidity. In the end, the amendment deemed most likely to improve the +indicator would be automatically adopted. + +\subsection{Solving Collective Action Problems} +The collective action problem arises when multiple parties would benefit from +taking an action but none benefit from individually undertaking the action. +This is also known as the free-rider problem. +There are several actions that the holders of a cryptocurrency could undertake +to raise its profile or defend it against legal challenges. + +\subsubsection{Raising Awareness} + +As of July 2014, the market capitalization of Bitcoin was around \$8B. +By spending about 0.05\% of the Bitcoin monetary mass every month, +Bitcoin could make highly visible +charitable donations of \$1M \emph{every single week}. +Would, as of 2014, an entire year of weekly charitable donations +raise the value of Bitcoin by more than 0.6\%? +We think the answer is clearly, and resoundingly ``yes''. +Bitcoin stakeholders would be doing well while doing good. + +However, Bitcoin stakeholders are unable to undertake such an operation +because of the difficulty of forming large binding contracts. This type +of collective action problem is solved in Tezos. +A protocol amendment can set up a procedure by which +stakeholders may vote every month on a few addresses +where 0.05\% of the monetary mass would be spent. +The stakeholder's consensus might be to avoid dilution +by voting on an invalid address, +but it could also be that the money would be better spent as a charitable gift. + +\subsubsection{Funding Innovation} + +Financing of innovation would also be facilitated +by incorporating bounties directly within the protocol. +A protocol could define unit tests and automatically award a reward +to any code proposal that passes these tests. + +Conversely, an innovator designing a new protocol +could include a reward to himself within the protocol. +While his protocol could be copied and the reward stripped, +the stakeholder's consensus would likely be to reward the original creator. +Stakeholders are playing a repeated game +and it would be foolish to defect by refusing a reasonable reward. + + +\section*{Conclusion} + +We've presented issues with the existing cryptocurrencies +and offered Tezos as a solution. +While the irony of preventing the fragmentation of cryptocurrencies +by releasing a new one does not escape us,%\cite{xkcd_standards} +Tezos truly aims to be the \emph{last} cryptocurrency. + +No matter what innovations other protocols produce, +it will be possible for Tezos stakeholders to adopt these innovations. +Furthermore, the ability to solve collective action problems +and easily implement protocols in OCaml will make Tezos one of the most reactive cryptocurrency. + +\bibliographystyle{unsrt} +\bibliography{biblio} + +\end{document} diff --git a/docs/texsources/white_paper.bbl b/docs/texsources/white_paper.bbl new file mode 100644 index 000000000..b958c6b27 --- /dev/null +++ b/docs/texsources/white_paper.bbl @@ -0,0 +1,31 @@ +\begin{thebibliography}{1} + +\bibitem{Slasher} +Vitalik Buterin. +\newblock Slasher: A punitive proof-of-stake algorithm. +\newblock + {\url{https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/}}, + 2014. + +\bibitem{CoA} +Ariel~Gabizon Iddo~Bentov and Alex Mizrahi. +\newblock Cryptocurrencies without proof of work. +\newblock {\url{http://www.cs.technion.ac.il/~idddo/CoA.pdf}}, 2014. + +\bibitem{Nomic} +Peter Suber. +\newblock Nomic: A game of self-amendment. +\newblock {\url{http://legacy.earlham.edu/~peters/writing/nomic.htm}}, 1982. + +\bibitem{LWT} +J\'er\^ome Vouillon. +\newblock Lwt: a cooperative thread library. +\newblock 2008. + +\bibitem{language} +Tezos project. +\newblock Formal specification of the tezos smart contract language. +\newblock {\url{http://www.tezos.com/language.txt}}, 2014. + + +\end{thebibliography} diff --git a/docs/texsources/white_paper.tex b/docs/texsources/white_paper.tex new file mode 100644 index 000000000..1c311bc3f --- /dev/null +++ b/docs/texsources/white_paper.tex @@ -0,0 +1,817 @@ +%%% COMPILE WITH XELATEX, NOT PDFLATEX +\documentclass[letterpaper]{article} +\author{L.M Goodman} +\date{September 2, 2014} +\title{Tezos --- a self-amending crypto-ledger \\ White paper} +%\usepackage[utf8]{inputenc} +%%\setlength{\parskip}{\baselineskip} +\usepackage{amsfonts} +\usepackage{listings} +\usepackage{color} +\usepackage{courier} +\usepackage{epigraph} +\usepackage{fontspec} +\usepackage{newunicodechar} +\usepackage{graphicx} +\usepackage{siunitx} +\usepackage{url} +\usepackage[hidelinks]{hyperref} + + + +%\epigraphfontsize{\small\itshape} +\setlength\epigraphwidth{4.6cm} +\setlength\epigraphrule{0pt} +%\DeclareUnicodeCharacter{42793}{\tz{}} +%\newunicodechar{⚓}{\anchor} +%Ꜩ + +\usepackage{url} +\lstset{basicstyle=\footnotesize\ttfamily,breaklines=true} + +\newcommand{\tz}{{\fontspec{DejaVu Sans} \small{ꜩ}}} +\begin{document} + +\maketitle + +\epigraph{\emph{``Our argument is not flatly circular, +but something like it.''}} +{--- \textup{Willard van Orman Quine}} + + +\begin{abstract} +We present Tezos, a generic and self-amending crypto-ledger. Tezos can +instantiate any blockchain based ledger. The operations of a regular blockchain +are implemented as a purely functional module abstracted into a shell +responsible for network operations. Bitcoin, Ethereum, Cryptonote, etc. can all +be represented within Tezos by implementing the proper interface to the network +layer. + +Most importantly, Tezos supports meta upgrades: the protocols can evolve by +amending their own code. To achieve this, Tezos begins with a seed protocol +defining a procedure for stakeholders to approve amendments to the protocol, +\emph{including} amendments to the voting procedure itself. This is not unlike +philosopher Peter Suber's Nomic\cite{Nomic}, a game built around a fully +introspective set of rules. + +In addition, Tezos's seed protocol is based on a pure proof-of-stake system +and supports Turing complete smart contracts. Tezos is implemented in OCaml, +a powerful functional programming language offering speed, an unambiguous +syntax and semantic, and an ecosystem making Tezos a good candidate for formal +proofs of correctness. + +Familiarity with the Bitcoin protocol and basic cryptographic primitives are +assumed in the rest of this paper. + +\end{abstract} +\newpage + +\tableofcontents +\newpage + +\section{Introduction} +In the first part of this paper, we will discuss the concept of abstract +blockchains and the implementation of a self-amending crypto-ledger. +In the second part, we will describe our proposed seed protocol. + +\section{Self-amending cryptoledger} + +A blockchain protocol can be decomposed into three distinct protocols: +\begin{itemize} +\item[-] The network protocol discovers blocks and broadcasts transactions. +\item[-] The transaction protocol specifies what makes a transaction valid. +\item[-] The consensus protocol forms consensus around a unique chain. +\end{itemize} + +Tezos implements a generic network shell. This shell is agnostic to the +transaction protocol and to the consensus protocol. We refer to the transaction +protocol and the consensus protocol together as a ``blockchain protocol''. We +will first give a mathematical representation of a blockchain protocol and then +describe some of the implementation choices +in Tezos. + +\subsection{Mathematical representation} + +A blockchain protocol is fundamentally a monadic implementation of concurrent +mutations of a global state. This is achieved by defining ``blocks'' as +operators acting on this global state. The free monoid of blocks acting on the +genesis state forms a tree structure. A global, canonical, state is defined as +the minimal leaf for a specified ordering. + +This suggests the following abstract representation: + +\begin{itemize} +\item[-]Let $(\mathbf{S},\leq)$ be a totally ordered, countable, set of possible +states. +\item[-]Let $\oslash \notin \mathbf{S}$ represent a special, invalid, state. +\item[-]Let $\mathbf{B} \subset \mathbf{S}^{\mathbf{S} \cup \{\oslash\}}$ be the +set of blocks. The set of \emph{valid} blocks is +$\mathbf{B} \cap \mathbf{S}^{\mathbf{S}}$. +\end{itemize} + +The total order on $\mathbf{S}$ is extended so that +$\forall s \in \mathbf{S}, \oslash < s$. +This order determines which leaf in the block tree is considered to be the +canonical one. Blocks in $\mathbf{B}$ are seen as operators acting on the state. + +All in all, any blockchain protocol\footnote{GHOST is an approach which orders +the leafs based on properties of the tree. Such an approach is problematic for +both theoretical and practical reasons. It is almost always better to emulate it +by inserting proofs of mining in the main chain.} (be it Bitcoin, Litecoin, +Peercoin, Ethereum, Cryptonote, etc) can be fully determined by the tuple: + +$$\left(\mathbf{S},\leq,\oslash, +\mathbf{B} \subset \mathbf{S}^{\mathbf{S} \cup \{\oslash\}}\right)$$ + +The networking protocol is fundamentally identical for these blockchains. +``Mining'' algorithms are but an emergent property of the network, +given the incentives for block creation. + +In Tezos, we make a blockchain protocol introspective +by letting blocks act on the protocol itself. +We can then express the set of protocols recursively as +$$\mathcal{P} = \left\{\left(\mathbf{S},\leq,\oslash,\mathbf{B} \subset +\mathbf{S}^{(\mathbf{S} \times \mathcal{P})\cup \{\oslash\}} \right)\right\}$$ + + +\subsection{The network shell} +This formal mathematical description doesn't tell us \emph{how} to build the +block tree. This is the role of the network shell, which acts as an interface +between a gossip network and the protocol. + +The network shell works by maintaining the best chain known to the client. It is +aware of three type of objects. The first two are transactions and blocks, which +are only propagated through the network if deemed valid. The third are +protocols, OCaml modules used to amend the existing protocol. They will be +described in more details later on. For now we will focus on transaction and +blocks. + +The most arduous part of the network shell is to protect nodes against +denial-of-service attacks. + +\subsubsection{Clock} +Every block carries a timestamp visible to the network shell. Blocks that appear +to come from the future are buffered if their timestamps are within a few +minutes of the system time and rejected otherwise. The protocol design must +tolerate reasonable clock drifts in the clients and must assume that timestamps +can be falsified. + +\subsubsection{Chain selection algorithm} +The shell maintains a single chain rather than a full tree of blocks. This chain +is only overwritten if the client becomes aware of a strictly better chain. + +Maintaining a tree would be more parsimonious in terms of network communications +but would be susceptible to denial-of-service attacks where an attacker produces +a large number of low-scoring but valid forks. + +Yet, it remains possible for a node to lie about the score of a given +chain, a lie that the client may only uncover after having processed a +potentially large number of blocks. However, such a node can be subsequently +ignored. + +Fortunately, a protocol can have the property that low scoring chains exhibit a +low rate of block creation. Thus, the client would only consider a few blocks of +a ``weak'' fork before concluding that the announced score was a lie. + +\subsubsection{Network level defense} +In addition, the shell is ``defensive''. +It attempts to connect to many peers across various IP ranges. It detects +disconnected peers and bans malicious nodes. + +To protect against certain denial of service attacks, the protocol provides the +shell with context dependent bounds on the size of blocks and transactions. + +\subsection{Functional representation} + +\subsubsection{Validating the chain} + +We can efficiently capture almost all the genericity +of our abstract blockchain structure with the following OCaml types. +To begin with, a block header is defined as: + +\lstset{ + language=[Objective]Caml +} +\begin{lstlisting} +type raw_block_header = { + pred: Block_hash.t; + header: Bytes.t; + operations: Operation_hash.t list; + timestamp: float; +} +\end{lstlisting} + +We are purposefully not typing the header field more strongly so it can +represent arbitrary content. However, we do type the fields necessary for the +operation of the shell. These include the hash of the preceding block, a list of +operation hashes and a timestamp. In practice, the operations included in a +block are transmitted along with the blocks at the network level. Operations +themselves are represented as arbitrary blobs. + +\begin{lstlisting} +type raw_operation = Bytes.t +\end{lstlisting} + +The state is represented with the help of a \textbf{Context} module which +encapsulates a disk-based immutable key-value store. The structure of a +key-value store is versatile and allows us to efficiently represent a wide +variety of states. + +\begin{lstlisting} +module Context = sig + type t + type key = string list + + val get: t -> key -> Bytes.t option Lwt.t + val set: t -> key -> Bytes.t -> t Lwt.t + val del: t -> key -> t Lwt.t + (*...*) +end +\end{lstlisting} + +To avoid blocking on disk operations, the functions use the asynchronous monad +Lwt\cite{LWT}. Note that the operations on the context are purely functional: +\textbf{get} uses the \textbf{option} monad rather than throwing an exception +while \textbf{set} and \textbf{del} both return a new \textbf{Context}. +The \textbf{Context} module uses a combination of memory caching and disk +storage to efficiently provide the appearance of an immutable store. + +We can now define the module type of an arbitrary blockchain protocol: + +\begin{lstlisting} +type score = Bytes.t list +module type PROTOCOL = sig + type operation + val parse_block_header : raw_block_header -> block_header option + val parse_operation : Bytes.t -> operation option + + val apply : + Context.t -> + block_header option -> + (Operation_hash.t * operation) list -> + Context.t option Lwt.t + + val score : Context.t -> score Lwt.t + (*...*) +end +\end{lstlisting} + +We no longer compare states directly as in the mathematical model, instead we +project the \textbf{Context} onto a list of bytes using the \textbf{score} +function. List of bytes are ordered first by length, then by +lexicographic order. This is a fairly generic structure, similar to the one used +in software versioning, which is quite versatile in representing various +orderings. + +Why not define a comparison function within the protocol modules? First off it +would be hard to enforce the requirement that such a function represent a +\emph{total} order. The score projection always verifies this (ties can be +broken based on the hash of the last block). Second, in principle we need +the ability to compare states across distinct protocols. Specific protocol +amendment rules are likely to make this extremely unlikely to ever happen, +but the network shell does not know that. + +The operations \textbf{parse\_block\_header} and \textbf{parse\_operation} are +exposed to the shell and allow it to pass fully typed operations and blocks to +the protocol but also to check whether these operations and blocks are +well-formed, before deciding to relay operations or to add blocks to the local +block tree database. + +The apply function is the heart of the protocol: +\begin{itemize} +\item[-]When it is passed a block header and the associated list of operations, +it computes the changes made to the context and returns a modified copy. +Internally, only the difference is stored, as in a versioning system, +using the block's hash as a version handle. +\item[-]When it is only passed a list of operations, it greedily attempts +to apply as many operations as possible. This function is not necessary for the +protocol itself but is of great use to miners attempting to form valid blocks. +\end{itemize} + +\subsubsection{Amending the protocol} + +Tezos's most powerful feature is its ability to implement protocol capable +of self-amendment. This is achieved by exposing two procedures functions to the +protocol: + +\begin{itemize} +\item[-] \textbf{set\_test\_protocol} which replaces the protocol +used in the testnet with a new protocol (typically one that has been adopted +through a stakeholder voter). +\item[-] \textbf{promote\_test\_protocol} which replaces the current +protocol with the protocol currently being tested +\end{itemize} + +These functions transform a Context by changing the associated protocol. +The new protocol takes effect when the following block is applied to the chain. + +\begin{lstlisting} +module Context = sig + type t + (*...*) + val set_test_protocol: t -> Protocol_hash.t Lwt.t + val promote_test_protocol: t -> Protocol_hash.t -> t Lwt.t +end +\end{lstlisting} + +The \textbf{protocol\_hash} is the \textbf{sha256} hash of a tarball of +\textbf{.ml} and \textbf{.mli} files. These files are compiled on the +fly. They have access to a small standard library but are sandboxed +and may not make any system call. + +These functions are called through the \textbf{apply} function of the protocol +which returns the new \textbf{Context}. + +Many conditions can trigger a change of protocol. In its simplest version, +a stakeholder vote triggers a change of protocol. More complicated rules +can be progressively voted in. For instance, if the stakeholder desire they +may pass an amendment that will require further amendments to provide a +computer checkable proof that the new amendment respects certain properties. +This is effectively and algorithmic check of ``constitutionality''. + +\subsubsection{RPC} +In order to make the GUI building job's easier, the protocol exposes a JSON-RPC +API. The API itself is described by a json schema indicating the types of the +various procedures. Typically, functions such as \textbf{get\_balance} can +be implemented in the RPC. + +\begin{lstlisting} +type service = { + name : string list ; + input : json_schema option ; + output : json_schema option ; + implementation : Context.t -> json -> json option Lwt.t +} +\end{lstlisting} + +The name is a list of string to allow namespaces in the procedures. Input and +output are optionally described by a json schema. + +Note that the call is made on a given context which is typically a recent ancestor +of the highest scoring leaf. For instance, querying the context six blocks above +the highest scoring leaf displays the state of the ledger with six confirmations. + +The UI itself can be tailored to a specific version of the protocol, or generically +derived from the JSON specification. + +\section{Seed protocol} +Much like blockchains start from a genesis hash, Tezos starts with a seed +protocol. This protocol can be amended to reflect virtually any blockchain based +algorithm. + +\subsection{Economy} + +\subsubsection{Coins} +There are initially $\num{10000000000}$ (ten billion) coins, divisible up to two +decimal places. We suggest that a single coin be referred to as a ``tez'' +and that the smallest unit simply as a cent. We also suggest to use the +symbol \tz~(\verb!\ua729!, ``Latin small letter tz'') to represent a tez. +Therefore 1 cent = \tz\num{0.01} = one hundreth of a tez. + +\subsubsection{Mining and signing rewards} + +\paragraph{Principle} +We conjecture that the security of any decentralised currency requires +to incentivize the participants with a pecuniary reward. As explained in the +position paper, relying on transaction costs alone suffers from a tragedy of the +commons. In Tezos, we rely on the combination of a bond and a reward. + +Bonds are one year security deposits purchased by miners. +In the event of a double signing, these bonds are forfeited. + +After a year, the miners receive a reward along with their bond to compensate +for their opportunity cost. The security is primarily being provided by the +value of the bond and the reward need only be a small percentage of that value. + +The purpose of the bonds is to diminish the amount of reward needed, and perhaps +to use the loss aversion effect to the network's advantage. + + +\paragraph{Specifics} +In the seed protocol, mining a block offers a reward of \tz\num{512} and +requires a bond of \tz\num{1536}. Signing a block offers a reward of +$32\Delta T^{-1}$ tez where $\Delta T$ is the time interval in minutes between +the block being signed and its predecessor. There are up to 16 signatures per block +and signing requires no bond. + +Thus, assuming a mining rate of one block per minute, about 8\% of the initial +money mass should be held in the form of safety bonds after the first year. + +The reward schedule implies at most a 5.4\% \emph{nominal} inflation +rate. \emph{Nominal} inflation is neutral, it neither enrishes nor +impoverishes anyone\footnote{In contrast, Bitcoin's mining inflation impoverishes +Bitcoin holders as a whole, and central banking enrishes the financial +sector at the expense of savers}. + +Note that the period of a year is determined from the block's timestamps, not +from the number of blocks. This is to remove uncertainty as to the length of +the commitment made by miners. + +\paragraph{Looking forward} +The proposed reward gives miners a 33\% return on their bond. +This return needs to be high in the early days as miners and signers commit +to hold a potentially volatile asset for an entire year. + +However, as Tezos mature, this return could be gradually lowered to the +prevailing interest rate. A nominal rate of inflation below 1\% could safely be +achieved, though it's not clear there would be any point in doing so. + +\subsubsection{Lost coins} +In order to reduce uncertainty regarding the monetary mass, addresses +showing no activity for over a year (as determined by timestamps) +are destroyed along with the coins they contain. + +\subsubsection{Amendment rules} +Amendments are adopted over election cycles lasting $N = 2^{17} = \num{131072}$ +blocks each. Given the a one minute block interval, this is about three +calendar months. The election cycle is itself divided in four quarters of +$2^{15} = \num{32768}$ blocks. This cycle is relatively short to encourage early +improvements, but it is expected that further amendments will increase the +length of the cycle. Adoption requires a certain quorum to be met. This quorum +starts at $Q = 80\%$ but dynamically adapts to reflect the average +participation. This is necessary if only to deal with lost coins. + +\paragraph{First quarter} +Protocol amendments are suggested by submitting the hash of a tarball of +\verb!.ml! and \verb!.mli! files representing a new protocol. Stakeholders may +approve of any number of these protocols. This is known as ``approval voting'', +a particularly robust voting procedure. + +\paragraph{Second quarter} +The amendment receiving the most approval in the first quarter is now subject to +a vote. Stakeholders may cast a vote for, against or can choose to explicitely +abstain. Abstentions count towards the quorum. + +\paragraph{Third quarter} If the quorum is met (including explicit abstentions), +and the amendment received $80\%$ of yays, the amendment is approved and +replaces the test protocol. Otherwise, it is rejected. +Assuming the quorum reached was $q$, the minimum quorum $Q$ is updated as such: +$$Q \leftarrow 0.8 Q + 0.2 q.$$ + +The goal of this update is to avoid lost coins causing the voting procedure to +become stuck over time. The minimum quorum is an exponential moving average of +the quorum reached over each previous election. + +\paragraph{Fourth quarter} Assuming the amendment was approved, it will have +been running in the testnet since the beginning of the third quarter. +The stakeholders vote a second time to confirm they wish to promote the test +protocol to the main protocol. This also requires the quorum to be met and an +$80\%$ supermajority. + +We deliberately chose a conservative approach to amendments. However, +stakeholders are free to adopt amendments loosening or tightening this policy +should they deem it beneficial + +\subsection{Proof-of-stake mechanism} + +\subsubsection{Overview} + +Our proof-of-stake mechanism is a mix of several ideas, including +Slasher\cite{Slasher}, chain-of-activity\cite{CoA}, and proof-of-burn. +The following is a brief overview of the algorithm, the components of which +are explained in more details below. + +Each block is mined by a random stakeholder (the miner) and includes +multiple signatures of the previous block provided by random +stakeholders (the signers). Mining and signing both offer a small reward but +also require making a one year safety deposit to be +forfeited in the event of a double mining or double signing. + +The protocol unfolds in cycles of \num{2048} blocks. At the beginning of each +cycle, a random seed is derived from numbers that block miners chose and committed +to in the penultimate cycle, and revealed in the last. Using this random seed, +a follow the coin strategy is used to allocate migning rights and signing rights +to a specific addresses for the next cycle. See figure \ref{fig:pos_figure}. + +\begin{figure}[b!] + \centering + \includegraphics[width=0.8\textwidth]{pos_figure.eps} + \caption{Four cycles of the proof-of-stake mechanism} + \label{fig:pos_figure} +\end{figure} + + +\subsubsection{Clock} + +The protocol imposes minimum delays between blocks. In principle, each block +can be mined by any stakeholder. However, for a given block, each stakeholder +is subject to a random minimum delay. The stakeholder receiving the highest +priority may mine the block one minute after the previous block. The +stakeholder receiving the second highest priority may mine the block two +minutes after the previous block, the third, three minutes, and so on. + +This guarantees that a fork where only a small fraction of stakeholder +contribute will exhibit a low rate of block creation. If this weren't +the case, a CPU denial of service attacks would be possible by +tricking nodes into verifying a very long chain claimed to have a very high +score. + +\subsubsection{Generating the random seed} + +Every block mined carries a hash commitment to a random number chosen by the +miner. These numbers must be revealed in the next cycle under penalty of +forfeiting the safety bond. This harsh penalty is meant to prevent selective +whitholding of the numbers which could be sued to attack the entropy of the seed. + +Malicious miners in the next cycle could attempt to censor such reveals, however +since multiple numbers may be revealed in a single block, they are very unlikely +to succeed. + +All the revealed numbers in a cycle are combined in a hash list and the seed is +derived from the root using the \verb!scrypt! key derivation function. The key +derivation should be tuned so that deriving the seed takes on the order of a +fraction of a percent of the average validation time for a block on a typical +desktop PC. + +\subsubsection{Follow-the-coin procedure} + +In order to randomly select a stakeholder, we use a follow the coin procedure. + +\paragraph{Principle} +The idea is known in bitcoin as follow-the-satoshi. The procedures works +``as-if'' every satoshi ever minted had a unique serial number. Satoshis are +implicitly ordered by creation time, a random satoshi is drawn and tracked +through the blockchain. Of course, individual cents are not tracked directly. +Instead, rules are applied to describe what happens when inputs are combined and +spent over multiple output. + +In the end, the algorithm keeps track of a set of intervals associated with each +key. Each intervals represents a ``range'' of satoshis. +Unfortunately, over time, the database becomes more and more fragmented, +increasing bloat on the client side. + +\paragraph{Coin Rolls} +We optimize the previous algorithm by constructing large ``coin rolls'' made up +of \num{10000} tez. There are thus about one million rolls in existence. A +database maps every roll to its current owner. + +Each address holds a certain set of specific rolls as well as some loose change. +When we desire to spend a fraction of a full roll, the roll is broken and +its serial number is sent in a LIFO queue of rolls, a sort of ``limbo''. Every +transaction is processed in a way that minimizes the number of broken rolls. +Whenever an address holds enough coins to form a roll, a serial number is pulled +from the queue and the roll is formed again. + +The LIFO priority ensures that an attacker working on a secret fork cannot +change the coins he holds by shuffling change between accounts. + +A slight drawback of this approach is that stake is rounded down to the +nearest integer number of rolls. However, this provides a massive improvement +in efficiency over the follow-the-satoshi approach. + +While the rolls are numbered, this approach does not preclude the use of +fungibility preserving protocols like Zerocash. Such protocols can use +the same ``limbo'' queue technique. + +\paragraph{Motivation} +This procedure is functionally different from merely drawing a random address +weighted by balance. + +Indeed, in a secretive fork, a miner could attempt to control the generation of +the random seed and to assign itself signing and minting rights by creating the +appropriate addresses ahead of time. This is much harder to achieve if rolls +are randomly selected, as the secretive fork cannot fake ownership of certain +rolls and must thus try to preimage the hash function applied to the seed to +assign itself signing and minting rights. + +Indeed, in a cycle of length $N=\num{2048}$, someone holding a fraction $f$ of +the rolls will receive on average $f N$ mining rights, and the effective +fraction received, $f_0$ will have a standard deviation of +$$\sqrt{\frac{1}{N}}\sqrt{\frac{1-f}{f}}.$$ + +If an attacker can perform a brute-force search through $W$ different seeds, +then his expected advantage is at most\footnote{this is a standard bound +on the expectation of the maximum of W normally distributed variable} +$$\left(\sqrt{\frac{2\log(W)}{N}}\sqrt{\frac{1-f}{f}}\right)fN$$ + +blocks. For instance, an attacker controlling $f = 10\%$ of the rolls should +expect to mine about $205$ blocks per cycle. In a secret fork where he attempts +to control the seed, assuming he computed over a trillion hashes, he could +assign itself about $302$ blocks, or about $14.7\%$ of the blocks. Note that: +\begin{itemize} +\item[-] The hash from which the seed is derived is an expensive key derivation +function, rendering brute-force search impractical. +\item[-] To make linear gains in blocks mined, the attacked needs to expend a +quadratically exponential effort. +\end{itemize} + + +\subsubsection{Mining blocks} +The random seed is used to repeatedly select a roll. The first roll selected +allows its stakeholder to mine a block after one minute, the second one after +two minutes --- and so on. + +When a stakeholder observes the seed and realizes he can mint a high priority +block in the next cycle, he can make a security deposit. + +To avoid a potentially problematic situation were no stakeholder made a +safety deposit to mine a particular block, after a 16 minutes delay, the +block may be mined without a deposit. + +Bonds are implicitely returned to their buyers immediately in any chain +where they do not mine the block. + +\subsubsection{Signing blocks} +As it is, we almost have a working proof of stake system. +We could define a chain's weight to be the number of blocks. +However, this would open the door to a form of selfish mining. + +We thus introduce a signing scheme. While a block is being minted, the random +seed is used to randomly assign 16 signing rights to 16 rolls. + +The stakeholders who received signing rights observe the blocks being minted and +then submit signatures of that blocks. Those signatures are then included in +the next block, by miners attempting to secure their parent's inclusion in the +blockchain. + +The signing reward received by signers is inversely proportional to the time +interval between the block and its predecessor. + +Signer thus have a strong incentive to sign what they genuinely believe to be +the best block produced at one point. They also have a strong incentive to agree +on which block they will sign as signing rewards are only paid if the block ends +up included in the blockchain. + +If the highest priority block isn't mined (perhaps because the miner isn't +on line), there could be an incentive for signers to wait for a while, just +in case the miner is late. However, other signers may then decide to sign the +best priority block, and a new block could include those signatures, leaving out +the holdouts. Thus, miners are unlikely to follow this strategy. + +Conversely, we could imagine an equilibrium where signers panic and start +signing the first block they see, for fear that other signers will do so and +that a new block will be built immediately. This is however a very contrived +situation which benefits no one. There is no incentive for signers to think this +equilibrium is likely, let alone to modify the code of their program to act +this way. A malicious stakeholder attempting to disrupt the operations would only +hurt itself by attempting to follow this strategy, as others would be unlikely +to follow suit. + +\subsubsection{Weight of the chain} + +The weight is the number of signatures. + + +\subsubsection{Denunciations} +In order to avoid the double minting of a block or the double signing of a +block, a miner may include in his block a denunciation. + +This denunciation takes the form of two signatures. Each minting signature +or block signature signs the height of the block, making the proof of malfeasance quite concise. + +While we could allow anyone to denounce malfeasance, there is really no point to +allow anyone else beyond the block miner. Indeed, a miner can +simply copy any proof of malfeasance and pass it off as its own +discovery.\footnote{A zero-knowledge proof would allow anyone to benefit from +denouncing malfeasances, but it's not particularly clear this carries much +benefit.} + +Once a party has been found guilty of double minting or double signing, +the safety bond is forfeited. + + +\subsection{Smart contracts} + + +\subsubsection{Contract type} +In lieu of unspent outputs, Tezos uses stateful accounts. When those +accounts specify executable code, they are known more generally as +contracts. Since an account is a type of contract (one with no +executable code), we refer to both as "contracts" in full generality. + +Each contract has a ``manager", which in the case of an account is +simply the owner. If the contract is flagged as spendable, the manager +may spend the funds associated with the contract. In addition, each +contract may specify the hash of a public key used to sign or +mine blocks in the proof-of-stake protocol. The private key may or +may not be controlled by the manager. + +Formally, a contract is represented as: + +\begin{lstlisting} +type contract = { + counter: int; (* counter to prevent repeat attacks *) + manager: id; (* hash of the contract's manager public key *) + balance: Int64.t; (* balance held *) + signer: id option; (* id of the signer *) + code: opcode list; (* contract code as a list of opcodes *) + storage: data list; (* storage of the contract *) + spendable: bool; (* may the money be spent by the manager? *) + delegatable: bool; (* may the manager change the signing key? *) +} +\end{lstlisting} + +The handle of a contract is the hash of its initial content. Attempting +to create a contract whose hash would collide with an existing contract +is an invalid operation and cannot be included in a valid block. + +Note that data is represented as the union type. + +\begin{lstlisting} +type data = + | STRING of string + | INT of int +\end{lstlisting} + +where \verb!INT! is a signed 64-bit integer and string is an array of +up to \num{1024} bytes. The storage capacity is limited to \num{16384} bytes, +counting the integers as eight bytes and the strings as their length. + +\subsubsection{Origination} + +The origination operation may be used to create a new contract, it specifies +the code of the contract and the initial content of the contract's storage. If +the handle is already the handle of an existing contract, the origination is +rejected (there is no reason for this to ever happen, unless by mistake or +malice). + +A contract needs a minimum balance of $\tz~\num{1}$ to remain active. If the +balance falls below this number, the contract is destroyed. + +\subsubsection{Transactions} + +A transaction is a message sent from one contract to another contract, this +messages is represented as: + +\begin{lstlisting} +type transaction = { + amount: amount; (* amount being sent *) + parameters: data list; (* parameters passed to the script *) + (* counter (invoice id) to avoid repeat attacks *) + counter: int; + destination: contract hash; +} +\end{lstlisting} + +Such a transaction can be sent from a contract if signed using the manager's key +or can be sent programmatically by code executing in the contract. When the +transaction is received, the amount is added to the destination contract's +balance and the destination contract's code is executed. This code can make use +of the parameters passed to it, it can read and write the contract's storage, +change the signature key and post transactions to other contracts. + +The role of the counter is to prevent replay attacks. A transaction is only +valid if the contract's counter is equal to the transaction's counter. Once a +transaction is applied, the counter increases by one, preventing the transaction +from being reused. + +The transaction also includes the block hash of a recent block that the client +considers valid. If an attacker ever succeeds in forcing a long reorganization +with a fork, he will be unable to include such transactions, making the fork +obviously fake. This is a last line of defense, TAPOS is a great system to +prevent long reorganizations but not a very good system to prevent short term +double spending. + +The pair (account\_handle, counter) is roughly the equivalent of an unspent +output in Bitcoin. + +\subsubsection{Storage fees} + +Since storage imposes a cost on the network, a minimum fee of \tz~1 is assessed +for each byte increase in the storage. For instance, if after the execution of +a transaction, an integer has been added to the storage and ten characters have +been appended to an existing string in the storage, then \tz~18 will be withdrawn +from the contract's balance and destroyed. + + +\subsubsection{Code} + + +The language is stack based, with high level data types and primitives and strict +static type checking. Its design is insipired by Forth, Scheme, ML and Cat. +A full specification of the instruction set is available in\cite{language}. +This specification gives the complete instruction set, type system and semantics +of the language. It is meant as a precise reference manual, not an easy introduction. + + +\subsubsection{Fees} + +So far, this system is similar to the way Ethereum handles transaction. However, + we differ in the way we handle fees. Ethereum allows arbitrarily long programs +to execute by requiring a fee that increases linearly with the program's +executing time. Unfortunately, while this does provide an incentive for one +miner to verify the transaction, it does not provide such an incentive to other +miners, who must also verify this transaction. In practice, most of the +interesting programs that can be used for smart contracts are very short. +Thus, we simplify the construction by imposing a hard cap on the number of steps +we allow the programs to run for. + +If the hard cap proves too tight for some programs, they can break the execution +in multiple steps and use multiple transactions to execute fully. Since Tezos is +amendable, this cap can be changed in the future, or advanced primitives can be +introduced as new opcodes. + +If the account permits, the signature key may be changed by issuing a signed +message requesting the change. + + +\section{Conclusion} +We feel we've built an appealing seed protocol. However, Tezos's true potential +lies in putting the stakeholders in charge of deciding on a protocol that they +feel best serves them. + + +\bibliographystyle{plain} +\bibliography{biblio} + +\end{document}