Note: Descriptions are shown in the official language in which they were submitted.
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
A KEY AGREEMENT PROTOCOL BASED ON NETWORK DYNAMICS
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to cryptographic systems and more particularly
to a method
of generating an unconditionally secure cipher key based on the time
differences recorded
between two parties communicating over a noiseless public channel. Thia
Application relates
to our corresponding Application filed on the same date and entitled "Hash
Functions based on Sylvester Matrices".
2. Discussion of the Related Art
An Achilles heel of classical cryptographic systems is that secret
communication can
only take place after a key is communicated in secret over a totally secure
communication
channel. Lomonaco describes [6,7] the matter as the "Catch 22" of
cryptography, as follows.
"Catch 22. Before Alice and Bob can communicate in secret, they must first
communicate in
secret."
Lomonaco goes on to describe further difficulties involving the public key
cryptographic
systems that are currently in use. For a discussion on several other
disadvantages of the Public
Key Infrastructure (PKI) see U.S. General Accounting Office Report [9].
Let x be a common key that has been created for Alice and Bob. That is, x is a
binary
vector of length n. Then x can be used as a one-time pad, as follows. Let m be
a message that
Alice wishes to transmit to Bob: m is some binary vector that is also of
length n. Alice encodes
m as m ~ x where ~ denotes bitwise addition, i.e., exclusive OR. Thus m ~ x,
not m, is
broadcast over the public channel. Bob then decodes in exactly the same way.
Thus Bob receives
the message (m ~ x) O x, which is m, because of the properties of bitwise
addition.
Alternatively, the key x can be used in a standard symmetric key cryptosystem
such as
that of Rijndael [13] or Data Encryption Standard (DES) [14]. The idea now is
to encode m as
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
denotes bitwise addition, i.e., exclusive OR. Thus m ~ x, not m, is broadcast
over the public
channel. Bob then decodes in exactly the same way. Thus Bob decodes the
message (m ~ x) ~ x,
which is m, because of the properties of bitwise addition.
Alternatively, the key x can be used in a standard symmetric key cryptosystem
such as that of
Rijndael [12] or Data Encryption Standard (DES) [13]. The idea now is to
encode m as fX(m) where
fx denotes the Rijndael permutation with the parameter x. Then, to get the
message, Bob decodes by
~'x~x(m)~ = m where gx is the inverse offx
To date, practical protocols for constructing such a common key x use for
their security
unproven mathematical assumptions concerning the complexity of various
mathematical problems
such as the factoring problem, the discrete log problem, and the Diffie-
Hellman problem. Another
serious difficulty concerning present systems involves the very long keys that
are needed for even
minimal security. In his monograph R. A. Mollin [17] points out that for
elliptic curves cryptography
an absolute minimum of 300 bits should be used for even the most modest
security requirements and
500 bits for more sensitive communication. Further, key lengths of 2048 bits
are recommended for
RSA in the same reference.
In [20] chapter 5, Julian Brown gives an example of a financial encryption
system depending
on RSA keys of 512-bit, namely the CREST system introduced in 1997 by the Bank
of England. He
quotes the noted cryptographer A. Lenstra concerning such codes as follows:
"Keys of 512 bits might
even be within the reach of cypherpunks. In principle they could crack such
numbers overnight".
Randomness in Arrival Times of Network Communications
Computer networks are very complex systems formed by the superposition of
several protocol
layers [14]. Figure 1 shows the layers in a typical network. The following
analysis of how the layers
work together serves to explain the randomness in networks.
The lowest layer connects two computers, i.e., creates a channel between them,
by some
physical means and is called the Physical Layer.
2
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
The second layer removes random physical errors (called "noise") from the
channel to create
an error-free communications path from one point to another. This layer, i.e.,
the Data Link Layer, is
primarily responsible for dealing with transmission errors generated as
electrical impulses
(representing bits) as sent over a physical connection. Error detection
techniques [15] are used to
identify the transmission errors in many protocols. Once an error is detected
the protocol requests a
resend. Random errors in the Data Link Layer can be observed by noting timing
delays.
The Medium Access Layer deals with allocating and scheduling all
communications over a
single channel. In a networked environment, including the Internet, many
computers communicate
over a single channel. Bursts in packet traffic is a well-known characteristic
and is due to the
uncontrollable behavior of many individual computers communicating over a
single channel [ 16]
leading to random fluctuations in transmission times.
The Network Layer deals with routing information to create a true or virtual
connection
1 S between two computers. The routing is dependent on the variety of routing
algorithms and the load
placed on each router. These two factors makes the transmission times
fluctuate randomly.
The Transport Layer interfaces with the final Application Layer to provide an
end-to-end,
reliable, connection-oriented byte stream from sender to receiver. To do so,
the Transport Layer
provides connection establishment and connection management. The times
associated with Transport
layer activities depend on all devices in the network and the algorithms being
used. Thus,
fluctuations in transmission times in the Transport Layer also occur,
contributing to timing delays.
However, not only the network influences timing fluctuations. The transmitting
and receiving
computers have internal delays resulting from servicing network packets. Thus,
even the act of
observing the timings will also introduce random fluctuations. (See appendix B
for an analysis of the
effects of perturbations on arrival timing).
SUMMARY OF THE INVENTION
The present invention provides an efficient, practical system and method for a
key agreement
protocol based on network dynamics that has the strongest possible security,
namely, unconditional
3
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
security, and that does not require any additional hardware. Previous work in
this area is either
theoretical [ 11 ] or practically infeasible due the requirement for
additional channels based on
expensive and complicated hardware such as satellites, radio transmitter
arrays and accompanying
additional computer hardware to communicate with these devices [7]. All
previous cryptographic
keys only satisfy the weaker criterion of computational security.
The present invention introduces relative time sequences based on round-trip
timings of
packets between two communicating parties. These packets form the basic
building blocks for
creating an efficient and unconditionally secure key agreement protocol that
can be used as a
replacement for current symmetric and asymmetric key cryptosystems. The
present invention is an
unconditionally secure cryptographic system and method based on ideas that can
be used in the
domain of quantum encryption [1, 5 and 20 Chapter 6].. Moreover, the present
invention for the first
time provides a cryptographic protocol that exploits fundamental results (and
their
interconnectedness) in the fields of information theory, error-correction
codes, block design and
1 S classical statistics. The system and method of ~he present invention is
computationally faster, simpler
and more secure than existing cryptosystems. In addition, due to the
unconditional security provided
by the present invention, the system and method of the present invention are
invulnerable to all
attacks from super-computers and even quantum computers. This is in sharp
contrast to all previous
protocols.
The present invention provides a protocol that uses two characteristics of
network transit time:
namely, its randomness, and the fact that, despite this, the average timing
measured by two
communicating parties will converge over a large number of repetitions. The
result is that two
correlated random variables are obtained by measuring the relative time a
packet takes to complete a
round trip with respect to a first party, Alice or A, and a round trip with
respect to a second party,
Bob or B.
In a preferred embodiment, A and B engage in rallying packets back and forth
and
calculateround-trip times individually. The packets may be used for any
additional purpose since the
contents of the packets are irrelevant. Only the round-trip times are of
interest. Figure 2 shows one
round of a relative round-trip time generator of the present invention. Figure
2 diagrammatically
describes the process.
4
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
PHASE 1-Alice and Bob employ the system and method of the present invention to
construct
a permuted remnant bit string from a seguence of observed packet round-trip
times:
Alice and Bob exchange packets over a network, record round-trip times, and
each
form a bit string by concatenating a pre-arranged number of low order bits of
successive
packet round-trip times. Once sufficient bits are concatenated, the process is
stopped and
both Alice and Bob apply a pre-determined permutation to their respective
concatenated bit
strings to form permuted remnant raw keys K,, and KB, respectively of equal
lenght.
PHASE 2- Alice and Bob employ these remnant raw keys to create a reconciled
key:
Alice and Bob systematically partition their respective permuted remnant raw
keys, KA
and KB, into sub-blocks, compute, exchange and compare parities for each sub-
block, and,
discarding the low order bit of the sub-block, re-concatenate the modified sub-
blocks in their
original order. In the case of blocks with mismatched parities the partition
process is iterated
until mismatched bits are located and deleted.
PHASE 3- Alice and Bob create an unconditionally secure~ad or keX from their
common
reconciled key:
Privacy amplification to eliminate any partial information that an
eavesdropper, Eve,
might have is applied by both Alice and Bob using a pre-determined proprietary
hash function
[4] to produce a final unconditionally secure key of a pre-determined length
from the
reconciled key.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates a typical multi-layer computer network protocol.
FIG. 2 illustrates one rallying round between two communicating parties for
generating a
permuted remnant bit string by each party.
FIG. 3 illustrates mean arrival time as a function of channel noise (noise
parameter).
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
DETAILED DESCRIPTION OF THE INVENTION
In a preferred embodiment, the key agreement scheme of the present invention
comprises
three phases. The first phase is construction of a permuted remnant bit string
wherein the iwo
communicating parties, Alice and Bob, rally packets back and forth recording
round-trip times.
Some of the bits may still be different after the initial bit string
construction so Alice and Bob then
participate in a second phase called Information Reconciliation. The second
phase results in Alice
and Bob holding exactly the same key. However, Eve may have partial knowledge
of the reconciled
strings, in the form of Shannon bits. Therefore, a third and final phase
called Privacy Amplification is
performed to eliminate any partial information collected by Eve.
PHASE I - Alice and Bob rally packets back and forth to generate a bit string
from truncated
round-trip timings. This string is then systematically permuted. The procedure
is as follows:
(i) Alice sends Bob a network packet and logs the time tAO.
(ii) Bob records the time of reception as tBO and responds immediately to
Alice with
another network packet.
(iii) Alice records the time of reception as tA~, and responds immediately
with a network
packet.
(iv) Bob records the time of reception as tBl and responds immediately to
Alice with
another network packet.
(v) Alice and Bob respectively calculate
etA = tA, - tAo
and
~tB = tB1 - tB0
Depending on the quality of the network connection, only some bits of OtA and
OtB are kept.
The higher order bits are dropped. Typical experimental data and criteria for
the truncation
can be found in [18].
By taking a suitable probability distribution it can be shown that the average
of OtA equals the
average of OtB.
6
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
(vi) Repeat steps (i) through (v) in order to create enough bits which are
then concatenated
as a string of bits of a pre-determined length.
PHASE II - Once sufficient bits are created, the process is stopped. Alice and
Bob must now
use the relative time series to create an unconditionally secure pad or key.
One skilled in the art can
deduce, from a study of various papers in the list of references that there
are many ways to proceed.
The present invention uses an approach which, very loosely speaking, is
initially related to that of
Bennett et al.[1]. However in [3, 4 and 10], several changes and improvements
have been indicated.
These changes, based on fundamental results in algebraic coding theory,
information theory, block
design and classical statistics together achieve the following results:
(a) an a-priori bound on key-lengths;
(b) a method for estimating the initial and subsequent bit correlations and
key-lengths;
(c) a precise procedure on how to proceed optimally at each stage;
(d) a formal proof that KA converges to KB;
(e) a stopping rule;
(f) a verification procedure for equality; and
(g) a new systematic hash function for Privacy Amplification.
After PHASE I, Alice and Bob have their respective binary arrays KA and KB and
both
perform the following steps of PHASE II:
(vii) Shuffle and partition. Alice and Bob apply a permutation to KA and KB .
They then
partition the remnant raw keys into sub-blocks of length t = 4.
(viii) Parity exchange and bisective search with l = 4: Parities are computed
and exchanged
for each sub-block of length 4 by Alice and Bob. Simultaneously they discard
the bottom bit
of each sub-block so that no new information is revealed to Eve. If the
parities agree Alice
and Bob retain the three top bits of each sub-block. If the parities disagree
Alice and Bob
perform a bisective search discarding the bottom element in each sub-block
exactly as
described in [1] and [S] (see also [4]). The procedure in steps (vii) and
(viii) is denoted by
KAP4 .
(ix) Estimate Correlation From the length of the new key, we can calculate the
expected
initial bit correlation x0 between KA and KB [4]. Using xo we can calculate
the present
7
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
expected correlation x = cp4( xo ).
(x) Shuffle, parity exchange, bisective search with the optimal l : To the
remnant keys KA,
KB we apply a permutation f in order to separate adjacent keys. As a non-
restrictive example,
one such f can be implemented by shuffling the bit order from (1,2,3,. . ..,n)
into the order (1, p
+1,2p+1,...,q~p+1,2,p+2,2p+2,...,q2p+2,...,p-1,2p-1,3p-1,...,qp_lp+p-l,p,
2 p, 3 p, qP p + p), where g; _ (n - i) l p.
Given the present correlation x we choose the optimal value for I = l(x) by
using the tables in
(4]. Similar to (viii), (ix) for the case l = 4, we carry out the procedure
KAP~ . From x, or
from the new common length of the remnant keys, we calculate the expected
present
correlation after KAP~ has been applied. We repeat (xi) until the stopping
condition holds.
(xi) Stopping Condition : For key length n and correlation x we have n(1-x) <
s ,a pre-
determined small positive number. We then proceed to the verification
procedure, an example
of which is as follows.
(xii) Verification Procedure : Let KA , KB both be of length n. Let t be the
smallest integer
for which 2' _< n . Construct a binary matrix M= m;;, (1 <_ i 5 t+1 , 1 <_ j
<_ 2' ) as follows:
a. The entries m;;, (1 <_ ij <_ t ) are the entries of the t x t identity
matrix I~ .
b. The (t +1 )u' row of M is the all-ones vector, that is mt+-y = 1 ( 1 <_ j
<_ 2t ).
c. Denote the top t entries in the j''' column by the binary vector v~ ( 1 <_
j <_ 2' )
Thus, vj = {m~ ~ 1 <_ i <_ t}. Then we impose the condition that the vectors
v~ are all
distinct. Thus, the set { v~ } equals the set of all 2l distinct binary
vectors of length t.
d. Denote the rows of M by Rl, R2, ..., R'+~ . Let x, y denote the remnant
keys KA,
KB written as row vectors of length n. Let x, y denote the vectors that result
when a
row of zeros of length 2'-n is adjoined, on the right of x, y respectively.
Thus
x = (x,000..0), y = (y,000..0).
e. Our verification criterion is to check that x . R; =y . R;, (1 <_ i <_ t+1
).
If the verification criterion is not satisfied we remove the first t+1 bits
from KA , KB
and repeat steps (x), (xi) and check again if the verification criterion is
satisfied.
Eventually, it will be satisfied.
At this stage Alice and Bob have confirmed that they now share the same key.
Once
confirmed, the final remnant raw key as transformed by Phase 2 is modified by
removing the first t+1 bits from KA = KB . Our new key is re-named the
'reconciled
8
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
key" and phase 3, Privacy amplification is performed.
PHASE III- At this stage Alice and Bob now have a common reconciled key. In
certain cases
it is possible that the key is only partially secret to eavesdropper, Eve, in
the sense that Eve may have
some information on the reconciled key in the form of Shannon bits. Alice and
Bob now begin the
process of PrivacyAmplification that is the extraction of a final secret key
from a partially secret one
(see [1] and [2]). A well-known result of Bennett, Brassard and Robert (see
[19]) shows that Eve's
average information about the final secret key is less than 2-Slln 2 Shannon
bits as explained below
(See also Shannon [9]).
(xiii) Pn'vacy Amplification - Let the upper-bound on Eve's number of Shannon
Bits be k
and let s > 0 be some security parameter that Alice and Bob may adjust as
desired. Alice and
Bob now apply a hash function described in "Method For The Construction Of
Hash
Functions Based On Sylvester Matrices, Balanced Incomplete Block Designs And
Error-
1 S Correcting Codes", co-pending Irish Patent Application, (the entire
contents of which is
hereby included by reference as if fully set forth herein [3]) which produces
a final secret key
of length n - k- s from the reconciled key of length n.
The system and method of the present invention provide an unconditionally
secure key
agreement scheme based on network dynamics as follows. In PHASE I, Alice and
Bob permute the
bits of what remains of their respective raw keys, which keys incorporate
delay occasioned by
network noise. In PHASE II, the key from PHASE I undergoes the treatment of
Lomonaco [5]. That
is, in PHASE II Alice and Bob partition the remnant raw key into blocks of
length 1. An upper bound
on the length of the final key has been estimated and the sequence of values
of 1 that yield key lengths
arbitrarily close to this upper bound has also been estimated [4]. In PHASE
II, for each of these
blocks, Alice and Bob publicly compare overall parity checks, making sure each
time to discard the
last bit of the compared block. Each time an overall parity check does not
agree, Alice and Bob
initiate a binary search for the error, i.e., bisecting the mismatched block
into two sub-blocks,
publicly comparing the parities for each of these sub-blocks, while discarding
the bottom bit of each
sub-block. They continue their bisective search on the sub-block for which
their parities are not in
agreement. This bisective search continues until the erroneous bit is located
and deleted. They then
proceed to the next I-block..
9
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
PHASE I is then repeated, i.e., a suitable permutation is chosen and applied
to obtain the
permuted remnant raw key. PHASE II is then repeated, i.e., the remnant raw key
is partitioned into
blocks of length 1, parities are compared, etc. Precise expressions for the
expected bit correlation (see
below) following each step have been obtained in [4], where it is also shown
that this correlation
converges to 1. Moreover in [4] the expected number of steps to convergence as
well as the expected
length of the reconciled key are tabulated.
The probability that corresponding bits agree in the arrays KA , KB is known
as the bit
correlation probability or, simply, as the bit correlation. It can be shown
(see [4]) that each round can
be used to increase the bit-correlation. For example, if we start with a bit-
correlation of 0.7 then after
one round with t = 3 the bit-correlation increases to about 0.77 and then to
0.87. For 1 = 2 the
corresponding numbers are 0.84 and 0.97. Estimates are also available for the
key lengths after a
round of the protocol of the present invention, for various values of 1 [4J.
The final secret key can now be used for a one-time pad to create perfect
secrecy or can be
used as a key for a symmetric key cryptosystem such as Rijndael [12] or Triple
DES [19].
A simplified version of the algorithm for the values 1= 2 and 3 is described
in Appendix A.
It will be understood by those skilled in the art, that the above-described
embodiments are but
examples from which it is possible to deviate without departing from the scope
of the invention as
defined in the appended claims.
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
REFERENCE AND BIBLIOGRAPHY
The following references are hereby incorporated by reference as if fully set
forth herein.
[ 1 ] Charles Bennett, Fran~ois Bessette, Gilles Brassard, Louis Salvail, and
John Smolin,
Experimental quantum cryptography, EUROPCRYPT '90 (Arhus, Denmark),1990, pp.
253-
265.
[2] Charles H. Bennett, Gilles Brassard, and Jean-Marc Robert, Privacy
Amplification by
Public Discussion, Siam J. of Computing, 17, no.2 (1988), pp. 210-229.
[3] Aiden Bruen and David Wehlau, Method for the Construction o. f Hash
Functions Based on
Sylvester Matrices, Balanced Incomplete Block Designs, and Error-Correcting
Codes, Irish
Patent Co-pending Irish Patent Application.
[4J Aiden Bruen and David Wehlau, A Note On Bit-Reconciliation Algorithms, Non-
Elephant
Encryption Systems Technical Note Ol .xx NE2, 2001.
[5] Samuel J. Lomonaco, A guick glance at quantum cryptography, Cryptologia 23
( 1999),
no. 1, pp. 1-41.
[6] , A Rosetta Stone for Quantum Mechanics With An Introduction to Quantum
Computation, quant-ph/0007045 (2000).
[7] Ueli M. Maurer, Secret Key Agreement By Public Discussion From Common
Information,
IEEE Transactions on Information Theory 39 no.3 (1993), pp. 733-742.
[8] United States General Accounting Office, Advances and Remaining Challenges
to
Adoption of Ppublic Key Infrastructure Technology, GAO Ol -227 Report,
February 2001,
Report to the Chairman, Subcommittee on Government Efficiency, Financial
Management
and Intergovernmental Relations, Committee on Government Reform, House of
Representatives.
[9] Claude E. Shannon, Communication Theory of Secrecy Systems, Bell System
Technical
Journal 28(1949), 656-715.
[1 OJ David Wehlau, Report for Non-Elephant Encryption, Non-Elephant
Encryption
Technical Note 01.08.2001.
[ 11 ] A. D. Wyner, The Wire-Tap Channel, Bell System Technical Journal 54 no.
8(1975),
1355-1387.
[12] Joan Daemon and Vincent Rijnmeien, The Rijndael Block Cypher, June 1998,
htt~://csrc.nist.~ov/encr~tion/aes/riindael/ri'ndael.pdf
[13) Bruce Schneier, Applied Cryptography, 2°d Edition, John Wiley &
Sons, New York,
11
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
1996, Chapter 12.
(14] Andrew Tanenbaum, Computer Networks, Prentice Hall, 1996.
[15] Claude E. Shannon, A Mathematical theory of Communication, Bell System
Technical
Journal 27(1948), pp. 379-423 and 623-656.
[16] Will E. Leland, Murad S. Taqq, Walter Willinger, and Daniel V. Wilson, On
the Self
Similar Nature of Ethernet Traffic, Proc. SIGCOMM (San Francisco, CA;
Deepinder P.
Sidhu, Ed.), 1993, pp. 183-193.
[17] R. A. Mollin, An Introduction to Cryptography, Chapman & Hall/CRC, 2000.
Chapter 6.
[18] Gerald Staruiala and Mario Forcinito, A Novel Application of The Entropic
Transformation Concept to Cryptography, Non-Elephant Encryption, Inc. White
Paper,
November 2000.
[ 19] Douglas R. Stinson, Cryptography: Theory and Practice, CRC Press, 1995.
[20] Julian R. Brown, The Quest for the Quantum Computer, Simon 8r. Schuster,
New York,
2001.
12
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
Appendix A - Procedure for l = 2 and l = 3
Let us describe in more detail the procedures for l = 2 and 1= 3 in the
extraction of the reconciled key
described earlier.
Procedure for 1 = 2. Alice and Bob divide their bit strings KA and K$ into
pairs (a0, a~)...and (b0,
b~)... If KA and KB have odd lengths the last bit is dropped. Working on the
blocks (ag a,) and (bo,
b~) we proceed as follows.
Alice announces the parity of the block namely the number a0 + a~ (module2).
Bob compares the parity of his block. Then, if ao + al (module2) equals bo+b~
(module2) we cancel
the elements al, b1 and retain the elements a0, b0. However, if ao + a~
(module2) is different than
bo+b~ (module2) we cancel the four elements ag al, bo, bl.
Procedure for 1= 3. We divide the bit strings KA, KB into blocks of size 3
namely (ag al, a2). . .and
(bo, b~,b2)...respectively. If the size of KA is not divisible by 3 we discard
the last one or two
elements of KA and KB as appropriate. Working on each block of size 3, say the
blocks (ao, al, az)
and (b0, bl, b2) we again examine the parities and proceed as follows.
Case 1: If the parities agree, then cancel the elements a2, b2.
Case 2: If the parities disagree, then cancel the elements a2, b2 . Then, if
al= b1, we cancel both
blocks of size 3. However, if a~ ~ b1, then cancel al, b~.
As 1 increases, the number of rounds needed for convergence increases, but the
key-length will be
longer. Optimal procedures are described in [4].
13
CA 02462384 2004-03-19
WO 03/026197 PCT/IE02/00135
A~p~nd~ I~ - Pt~rbed l~t~l R~t~~I~I
r~zza~:lift;r~t;t~~. n~d~l shh~tv~ the izy. ~ ~..h~nI ~it~ ~~i~~ ~ P
t~~xtrc~rn i~txuc.l ~~ a~n tik~rrr~r ct~z~ lay ~,l~tt.~d '~n~l~r t~~~rt~u
~n~.i-
t~ac:~n.~: ~r~~i' h~~~s ~~ ~lz~ il~ili~r 1~~ ~;l~~~in~ ~ zn~rh,~aa~~ sy~G~m.
t~l»~ n>3nai~~~ ~h9 d;~ni~; ~' . n~~twc~rk_
'~'h~ ~~ ~k~ ~ f~ll~~_ A i~~ i~ r:~~~, ~~ the t~ A, ~h~
portico i~ ~riu ~.~ ~ ~t~~~.1 F~ to~~rr~ zip F3 0a ~axta~l ø~x,, ~j
B~c~ : try ~s ~t~rm:~l zu~j~~ ~r~h~ p~,~~ p~rrf~rrn. ~ ran~l~xn- u~;lk tea.
~r~~ Gh~ ~itr~n~i~l t~xt~r~rd~ B., ~hh~~~'i~~ i~t: ~c~ill r~Ih B in ;~ 8n3.:
~,n~un~ ~f
tdrzt~. 'L"6:~ ~wY,t~ t~riv.l rirz~: i~ ~.'L:xi~ 1~y ~:h~ L"~~~i~ ~.~'a:
~'x
~a~h~~r~ ~ a~ ~ "ier ~r~ ~~-~a .i~ ~ ~l~si~.n iai~~ ~i~~ ~ ~ i~ ifh~
st~r~z~!~h ~r~ ~ n. "The ;~t~,y~~an : 1 i~ ~ ~~i~rk~t~ pry x~(~) w~.iic~h
f~lc~ ~ k~r-Pi~.t~9c: ~r.~~t;~m: 1~'~ ~~ ~h~ l~t.~m fir ~.h~
-~.rril ti~$ t~' ~~3 ~axti~Z~ B
~r~~, = izif{~t ?~ ~,~~~~j ~ ,8 ~~at~ :~,(lj = :~~
~a,g i~ c'~tl~t,~ti ~nc~ ~r ~:h,e: c~ri~ina~ t~nia~l ~ø;~t~, Ch~r~ ~~r ~lz~
';x=
t~u#~3" ~~ut~ia;l r~~xj act ~ ~if~~:ae l:~tzx ~h~ i,~u~ i~ ~~t,~in~. ~l
p~x~~rl,~v~r~i~n ~f ~-.ia~: ~a.i~l i~ ~"u~r~ ~.~
~fxj ~ ~ ( ~~ ~ _ ~~
f~ j + ~ ~.~ -~- ~ -.a ~j ~ ~ t~ ~.. ~~,
~rf~,~~
~I:~j + ~' ~ x~ + .~ + ~j x ~ ~~, r. + ~~
x ~ (~: -~- ; .J
v~h~ ~ .y tlr~ .i~i~h~t; eel' the ~z~i~,l b~:rri~r ~t: ink ~ ~ [.~.,.~] ~ i~
hue'
t~~ l~~tih. r x~~hi~z rln~ ~ff~G ~f the r.~~,~,rl»~i~-xn i~. ~~r~. In the
limix
~+ t~, ~h~ ~+~riGt~rh~~~n i~ ~. ~:r~~ x~' i~ir~~tti~:~zz x~> jinx ~r.
'~~Sc~l~If~i~~lli; t~'.'~ ~~ ll~in~ ~! ~ixzz.~l~? a:~rt;~rzt,ir~~ '~c j --
~~,~..~ ~lr~u~ ~h~tt
~.rarit~z~ ~-fz~n~in~~r~~~ pith ~~~a r~tu=ta~C~e~ txnc~ ~iuc~,e i~
zz~~ n,~~~~~, ~h~ ric~i~ ,~ :..~ p ~F'i~.zr~ ~j. 'IYh~ ~;~~~i~:iOx~~ fir
whir~h ~h~
~z~lu~tic~n fr~tm ~hi,~ n~c~~l. ~:~;~. ~~ a~~~~.cl ~n ~. mmvni~,~. ~..l~n~
~:r~
t~~.tt~ ~~;iv~ly r~,rd ~,~; IY~.
14