ࡱ> rqv% t>bjbjCC .f!xAd!xAdP6 %%44m4m4m444484T 5L4AY5p5555777wAyAyAyAyAyAyA$E>HAm4777"77A4455A===7l45485wA=7wA==V@@U4A5@ȤF/9@(cAA0A@ H9HAAHm4AL=777AA=777A7777H777777777% 2: PQC Candidate Submission Checklist Submission ID: 6 Name of submitted algorithm: Post Quantum RSA Principal submitters name: Dan Bernstein Name(s) of auxiliary submitter(s): Josh Fried, Nadia Heninger, Paul Lou, Luke Valenta Date submission received: 9/21/17 Date submission evaluated: 9/26/2017 10/12/2017 Technical Evaluation Team: Daniel, Stephen Optical Media Evaluation Team: Larry Cover Sheet & IP Statements Evaluation Team: Dustin Evaluator: Stephen Jordan Submission complete and proper? [DM will fill in at the completion of all evaluations] PQC Candidate Submission Checklist __YY__ Cover Sheet (separate checklist to follow) __YY__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html"Algorithm Specifications and Supporting Documentation (separate checklist to follow) __YY__ Does not incorporate major components believed to be insecure against quantum computers This submission is for RSA, which is popularly believed to be broken by quantum computers. However, the key sizes are sufficiently large that quantum attacks are likely impractical. __YY__ Provides at least one of: public-key encryption, KEM, or digital signature (bold which one(s)). NOTE if multiple functionalities are given in the same submission, a separate checklist should be completed for each functionality. If Public-Key Encryption: __YY__ algorithms for key generation, encryption and decryption are given. __YY__ if decryption failures are possible then the rate is given Probability of invalid (non-prime) key is conjectured to be less than 2^-128. __YY__ the scheme supports encryption and decryption of messages containing symmetric keys of length at least 256 bits If Key Encapsulation Mechanism (KEM): __YY__ algorithms for key generation, encapsulation and decapsulation are given __YY__ if decapsulation failures are possible then the rate is given __YY__ the scheme supports establishing shared keys of length at least 256 bits If Digital Signature: __YY__ algorithms for key generation, signature, and verification are given __YY__ the scheme can supporting messages of length up to 2^63 bits __YY__ Provides concrete values for parameters and settings required to achieve claimed security properties __YY__ Statement about Estimated Computational Efficiency and Memory Requirements for the NIST PQC Reference Platform (Intel x64 running Windows or Linux). Similar statement about performance in hardware and software across a variety of platforms may also be provided (separate checklist to follow) __YY__ Known Answer Tests (more details in the Optical Media Checklist to follow) __YY__ Statement of expected security strength of the algorithm, along with any supporting rationale (separate checklist to follow) __YY__ Cryptanalysis with respect to known attacks and their complexity ___YY_ Provide cryptanalysis on any known attacks and their results __YY__ Provide references to any published materials describing or analyzing the security of the submitted algorithm However, the reference list is somewhat sparse. In particular, there exist literatures on detailed resource estimates both for classical cryptanalysis, e.g. number field sieve, and quantum cryptanalysis, in particular the gate counts for optimized quantum circuits implementing modular exponentiation. These are not referenced or used. Instead, the constant prefactor in the modular arithmetic is taken to be 1024, which appears to be a guess. __N?__ Provide copies of references, as well as applicable copyright release [encouraged] Very small set of references. Are they all accessible to us? ___YY_ Statement on the advantages and limitations of the algorithm, with supporting rationale And well done, I might add. __YY__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html"Optical Media (separate detailed checklist to follow) __YY__ Provided electronically in a zip file, or on a single CD-ROM, DVD, or USB flash drive (circle media type submitted), labelled with the name of submitter and cryptosystem __YY__ Reference Implementation in ANSI C __YY__ Optimized Implementations in ANSI C __YY__ Known Answer Tests __YY__ Supporting Documentation __YY__ Additional Implementations (optional) An older version is included. __OK(Yup)__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/intell_prop.html"Intellectual Property Statements / Agreements / Disclosures Signatures are not included at this time. Blank documents are attached. The call for submissions allows these to be submitted later. ____ Statement(s) signed by each Submitter ____ Statement(s) signed by all Patent (and Patent Application) Owner(s) (if applicable) ____ Statement(s) signed by all Reference/Optimized Implementations' Owner(s). __YY__ Submission package in English [Optional supporting materials in another language is acceptable] __YY__ Cover Sheet containing __YY__ Name of the submitted algorithm __YY__ Principal submitters name, e-mail address, telephone, organization, and postal address __NANA__ Name(s) of auxiliary submitter(s) __YY__ Name of the algorithm inventor(s)/developer(s) __YY__ Name of the owner, if any, of the algorithm (Normally expected to be the same as the submitter) __NN__ Signature of the submitter __NN__ (optional) Backup point of contact (with telephone, fax, postal address, e-mail address) __YY__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html"Algorithm Specifications and Supporting Documentation *Note to reviewer: When checking the submissions for completeness, just check if the submitters have attempted to address the NIST-specified issues, at a minimum, and include the required documents and implementations. We dont need to evaluate whether the security properties have been met or anything else that would take a lot of thought at this stage. A complete written specification of the algorithm consisting of all necessary mathematical operations, equations, tables, diagrams, and parameters that are needed to implement the algorithm. Must include: Design rationale Explanation of design decisions Algorithms for either public-key encryption, KEMs, or digital signatures Specify any padding mechanisms and/or any uses of NIST-approved crypto primitives needed. If a non NIST-approved primitive is used, an explanation must be provided. An explanation of the provenance of any constants or tables used May include: Tunable security parameter(s) If provided, the submission document must specify concrete values for each parameter, with justification. The submission should also provide several parameter sets that allow the selection of a range of possible security/performance tradeoffs, as well as an analysis of how the security and performance depend on these parameters. Submitters are encouraged to give parameter sets with lower security levels to facilitate analysis. __YY__ Statement about Estimated Computational Efficiency and Memory Requirements on the NIST PQC Reference Platform (Intel x64 running Windows or Linux) __YY__ Estimates (memory requirements and speed) on NIST Reference Platform (64 bit) Platform/processor used: Intel XEON E3-1220 v5 Clock speed: 3 GHz Memory: 64 GB Operating system: Ubuntu 16.04 Gate count or estimated gate count (for hardware estimates) N Speed estimate. At a minimum, the number of clock cycles (or milliseconds) required to: generate keys, encrypt, decrypt, encapsulate, decapsulate, sign, verify (as applicable to algorithm functionality) 120 billion cycles for pqrsa20 Memory estimate. The size of all inputs and outputs (e.g., keys, ciphertexts, signatures) 2^20 bytes for pqrsa20 Empirical testing appears only to be documented for the pqrsa20 parameter set, which is a scaled down version for cryptanalysis. The estimates for pqrsa30 parameter set, targeted at NIST's security category 2, appear to be extrapolations. The access memory will probably be an issue for this scheme. It doesnt seem to be explicitly stated in the CFP (which it shouldnt) but probably this is something to think of in the future. __YY__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html"Statement on Expected Security Strength *Note to reviewer: When checking the submissions for completeness, just check if the submitters have attempted to address the NIST-specified issues, at a minimum, and include the required documents and implementations. We dont need to evaluate whether the security properties have been met or anything else that would take a lot of thought at this stage. Must include: Statement of expected security strength Supporting rationale For each parameter set given, a security definition from 4.A.2 (IND-CCA2), 4.A.3 (IND-CPA), or 4.A.4 (EUF-CMA). These must be given along with an estimated security strength according to the categories described in 4.A.5 (see below) May include: Quantitative estimates for any additional security which are above and beyond the minimum security strength provided by the relevant security category. At a minimum, this should include a claimed classical security strength. The statement should address additional attack scenarios (perfect forward secrecy, side-channel attacks, resistance to multi-key attacks, misuse-resistance). Security Strength Categories 1) Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 128-bit key (e.g. AES128) 2) Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for collision search on a 256-bit hash function (e.g. SHA256/ SHA3-256) 3) Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 192-bit key (e.g. AES192) 4) Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for collision search on a 384-bit hash function (e.g. SHA384/ SHA3-384) 5) Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 256-bit key (e.g. AES 256) __Y__  HYPERLINK "http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html"Optical Media __N__ Reference Implementation in ANSI C Needs a Makefile in the Reference_Implementation directory (as well as the Optimized). Include the genKAT program with this. Has two files enc.c and dec.c. The API specifies a single file encrypt.c (similar issue in sign and kem) __Y__ Include comments, and stress clarity __Y__ Fully demonstrate operation of the proposed algorithm __N__ Adheres to the NIST API __Y__ Separate source code included for required KATs __Y__ provided in directory labeled: Reference_Implementation _Y___ Optimized Implementations in ANSI C with comments Same as Ref_Implementation ____ Demonstrate performance ____ Fully demonstrate operation of the proposed algorithm ____ Adheres to the NIST API ____ Separate source code included for required KATs ____ provided in directory labeled: Optimized_Implementation __Y__ Known Answer Tests (as specified in 2.B.3) __Y__ Provided in directory labeled: KAT __Y__ If random values are used, the KAT should specify a fixed value for input __Y__ Separate KATs should be provided to test ALL the different aspects of the algorithm (e.g., key generation, encryption, decryption, sign, verify, etc) __Y__ Each KAT shall be submitted electronically in separate files, __Y__ Each file should have a header listing 1) Algorithm name, 2) test name, 3) description of the test, and 4) other parameters __Y__ The header listing should be followed by a set of tuples clearly labeled (Plaintext, PublicKey, RandomBits, Ciphertext, etc) __Y__ A set of KATs shall be included for each security strength __Y_ If the execution produces intermediate results that are informative, the submitter shall include known answers for these intermediate values for each security strength __N__ If tables are used in the algorithm, a set of KAT vectors shall be included to make use of the table entries __Y__ Supporting Documentation __Y__ copies of all written materials in PDF __Y__ contained in directory labeled: Supporting_Documentation __Y__ Additional Implementations (optional) __Y__ Directories on the Optical Media \README (plain text file with brief description of the other files) \Reference Implementation \Optimized_Implementation \KAT \Supporting Documentation \Additional Implementation (optional) __Y__ Optical media is free of viruses Whats missing: The reference list is somewhat sparse. In particular, there exist literature on detailed resource estimates both for classical cryptanalysis, e.g. number field sieve, and quantum cryptanalysis, in particular the gate counts for optimized quantum circuits implementing modular exponentiation. These are not referenced or used. Instead, the constant prefactor in the modular arithmetic is taken to be 1024, which appears to be a guess. Empirical testing appears only to be documented for the pqrsa20 parameter set, which is a scaled down version for cryptanalysis. The estimates for pqrsa30 parameter set, targeted at NIST's security category 2, appear to be extrapolations. Needs a Makefile in the Reference_Implementation directory (as well as the Optimized). Include the genKAT program with this. Has two files enc.c and dec.c. The API specifies a single file encrypt.c (similar issue in sign and kem).       PAGE 9 "( 3 4 P V / R V W $ % I J f j k }kZZZ h5CJPJ\aJmH sH #hB*CJPJaJmH ph#sH h0JCJPJaJmH sH jhUhjhU#hSB* CJPJaJmH phpsH hCJPJaJmH sH h$hB*CJaJphpGhShB* CJaJphphSB* CJaJphphCJaJh5CJaJ##4b 4 5 ` a . / 0 S E g 0^`0 ^`$a$g W s TGB!s? ^` ^` ` w x SXYKLFG$%vwz >CDp򭣕܉hB*CJaJph#hSB* CJPJaJphphCJPJaJhCJaJ)hShSB* CJPJaJmH phpsH #hB*CJPJaJmH ph#sH h#hSB* CJPJaJmH phpsH hCJPJaJmH sH 1Pp$Ny1\klm $^^ ` ^ ^` ^`OPTUW789FGtu'(QRx|}ͻͳͻͫͻͻͻ́ririͻhCJ\aJhS5B* CJ\aJphph5CJ\aJh0JCJPJaJmH sH jhUhjhUhCJaJ#hSB* CJPJaJmH phpsH hCJPJaJmH sH )hShSB* CJPJaJmH phpsH hShSB* CJaJphp"  lmn06[almpqu>BC¾£혐~o~f~ߐ~ߐ~ߐ~h5CJaJhCJPJ\aJmH sH #hSB* CJPJaJmH phpsH hCJaJh5CJ\aJh0JCJPJaJmH sH j8hUhjhU)hShSB* CJPJaJmH phpsH hCJPJaJmH sH #hB*CJPJaJmH ph#sH (?v_d# $ 2 C c R!!!!!!8^8^ & F ^^$ 8^8` ^CFuyz}^bcfgc$ 0 1 !!")"q#r#u#v#y# $аСvvkh5CJ\aJhCJaJnHtHh5CJaJnHtHhCJ\aJh5CJaJh5CJPJaJmH sH !h0J5CJPJaJmH sH jShUhjhU#hSB* CJPJaJmH phpsH hCJaJhCJPJaJmH sH '!p#q#r# $a$$$$$%%%%&&d&e&|&}&l',( 8h^8`h h^h ^`$^`^^ $$$`$k$%%&e&{&}&l'+(,(/(0(3(4((((((("*$*0*1*ĸveVVMh5CJaJh5CJPJaJmH sH !h0J5CJPJaJmH sH jlhUjhU#h*B* CJPJaJmH phpsH hCJPJaJmH sH h:h:B* CJaJphph:B* CJaJphphB*CJaJph#hhCJaJhCJaJmH sH hSB* CJPJaJphphCJPJaJ,((#*$*2*Z*o*Y+Z+g+I,,,,----..//Y0Z0+1^ & F ^^$1*X+Z+e+f+,,,-*1-1.11121111111111222222&3̙̾sdYKssh3xHCJPJaJmH sH h$h3xHB*phpGh5CJPJaJmH sH )h$h3xHB*CJPJaJmH phpGsH !h0J5CJPJaJmH sH jhUjhU#h*B* CJPJaJmH phpsH hCJPJaJmH sH h h>*hCJaJnHtHh5CJaJnHtHhCJaJhCJ\aJ+111222$3B3x333 4'4b4444"5K55:6 ^` ` ^` ^`gd3xH ^$^`&3'3D3E3z3{333333 4444!5$5%5(5J5M5N5Q555<6=666777777x8y8ܲܣ܉zoo\o\o\o\o\o\o\$h$h@;B*CJPJ\aJphpGhCJPJ\aJh*5B* CJ\aJphph5CJ\aJh@;5CJPJaJmH sH h5CJPJaJmH sH )h*h*B* CJPJaJmH phpsH )h$h@;B*CJPJaJmH phpGsH hCJPJaJmH sH )h$h3xHB*CJPJaJmH phpGsH $:66777v88 969u999 :':A:F:`::::::q<gd2^^ & F ^` ` ^`y8888 9 99/9598999<9t9w9x9{999999_:::::::p<q<_=`=ŷ}}u}kcWcWch2B*CJaJph#h2B*ph#h2PJmH sH h*B* phph#h*B* CJPJaJmH phpsH h5CJPJaJmH sH )h*h*B* CJPJaJmH phpsH hCJPJaJmH sH hCJ\aJ h\] h]h*5B* CJ\aJphph5CJ\aJhCJPJ\aJq<`=O>P>R>S>U>V>X>Y>[>\>]>^>`>a>b>c>d>e>f>q>r>s>t>$a$^gd2`=K>N>O>P>Q>S>T>V>W>Y>Z>\>]>^>_>e>f>g>m>n>o>p>r>s>t>ļвh20JmHnHu h0Jjh0JUjhUhhCJaJhf?jhf?Uh2h2B*CJaJph#h2B*phpGh$h2B*phpG,1h/ =!"#$% DyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.htmlDyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.htmlDyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/intell_prop.htmlDyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.htmlDyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.htmlDyK yK http://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.htmlw666666666vvvvvvvvv66666686666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666p66866666662&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv(8HXf~8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@_HmH nH sH tH H`H Normal*$CJ_HaJmH nHsH tHDA D Default Paragraph FontViV 0 Table Normal :V 44 la (k ( 0No List */* WW8Num1z0*/* WW8Num1z1*/* WW8Num1z2*/!* WW8Num1z3*/1* WW8Num1z4*/A* WW8Num1z5*/Q* WW8Num1z6*/a* WW8Num1z7*/q* WW8Num1z8*/* WW8Num2z0*/* WW8Num2z1*/* WW8Num2z2*/* WW8Num2z3*/* WW8Num2z4*/* WW8Num2z5*/* WW8Num2z6*/* WW8Num2z7*/* WW8Num2z8./. WW8Num3z0o(*/!* WW8Num3z1*/1* WW8Num3z2*/A* WW8Num3z3*/Q* WW8Num3z4*/a* WW8Num3z5*/q* WW8Num3z6*/* WW8Num3z7*/* WW8Num3z84/4 WW8Num4z0 56o(@/@ WW8Num4z156OJQJ^Jo(*/* WW8Num4z2*/* WW8Num4z3*/* WW8Num4z4*/* WW8Num4z5*/* WW8Num4z6*/* WW8Num4z7*/!* WW8Num4z8:/1: WW8Num5z0OJQJ^Jo(:/A: WW8Num5z1OJQJ^Jo(:/Q: WW8Num5z2OJQJ^Jo(*/a* WW8Num6z0*/q* WW8Num6z1*/* WW8Num6z2*/* WW8Num6z3*/* WW8Num6z4*/* WW8Num6z5*/* WW8Num6z6*/* WW8Num6z7*/* WW8Num6z8*/* WW8Num7z0*/* WW8Num7z1*/* WW8Num7z2*/!* WW8Num7z3*/1* WW8Num7z4*/A* WW8Num7z5*/Q* WW8Num7z6*/a* WW8Num7z7*/q* WW8Num7z8^/^ WW8Num8z04B*CJOJPJQJ^JaJmH nHo(phsH tH:/: WW8Num8z1OJQJ^Jo(:/: WW8Num8z2OJQJ^Jo(:/: WW8Num8z3OJQJ^Jo(J/J WW8Num9z0 B*CJOJQJ^JaJo(ph:/: WW8Num9z1OJQJ^Jo(:/: WW8Num9z2OJQJ^Jo(:/: WW8Num9z3OJQJ^Jo(,/, WW8Num10z0,/, WW8Num10z1,/!, WW8Num10z2,/1, WW8Num10z3,/A, WW8Num10z4,/Q, WW8Num10z5,/a, WW8Num10z6,/q, WW8Num10z7,/, WW8Num10z8D/D WW8Num11z0B*OJQJ^Jo(ph</< WW8Num11z1OJQJ^Jo(</< WW8Num11z2OJQJ^Jo(</< WW8Num11z3OJQJ^Jo(,/, WW8Num12z0,/, WW8Num12z1,/, WW8Num12z2,/, WW8Num12z3,/, WW8Num12z4,/!, WW8Num12z5,/1, WW8Num12z6,/A, WW8Num12z7,/Q, WW8Num12z88/a8 WW8Num13z0 B*o(ph</q< WW8Num13z1OJQJ^Jo(</< WW8Num13z2OJQJ^Jo(</< WW8Num13z3OJQJ^Jo(,/, WW8Num14z0,/, WW8Num14z1,/, WW8Num14z2,/, WW8Num14z3,/, WW8Num14z4,/, WW8Num14z5,/, WW8Num14z6,/, WW8Num14z7,/!, WW8Num14z8,/1, WW8Num15z0,/A, WW8Num15z1,/Q, WW8Num15z2,/a, WW8Num15z3,/q, WW8Num15z4,/, WW8Num15z5,/, WW8Num15z6,/, WW8Num15z7,/, WW8Num15z8,/, WW8Num16z0,/, WW8Num16z1,/, WW8Num16z2,/, WW8Num16z3,/, WW8Num16z4,/, WW8Num16z5,/!, WW8Num16z6,/1, WW8Num16z7,/A, WW8Num16z8,/Q, WW8Num17z0,/a, WW8Num17z1,/q, WW8Num17z2,/, WW8Num17z3,/, WW8Num17z4,/, WW8Num17z5,/, WW8Num17z6,/, WW8Num17z7,/, WW8Num17z8,/, WW8Num18z0,/, WW8Num18z1,/ , WW8Num18z2,/ , WW8Num18z3,/! , WW8Num18z4,/1 , WW8Num18z5,/A , WW8Num18z6,/Q , WW8Num18z7,/a , WW8Num18z8,/q , WW8Num19z0,/ , WW8Num19z1,/ , WW8Num19z2,/ , WW8Num19z3,/ , WW8Num19z4,/ , WW8Num19z5,/ , WW8Num19z6,/ , WW8Num19z7,/ , WW8Num19z8DA` D Default Paragraph Font6U` 6 Hyperlink >*B*ph.)@ ! . Page NumberNB N Heading x$OJQJCJPJ^J aJ<BB < Body Textd (/A R ( List^J H"b H Caption xx $CJ6^J aJ].r . Index $^J :: TOC 3  CJ5aJ@@ @ Comment Text PJnHtHH H Balloon TextOJQJCJ^JaJ4@ 4 Header !4 @ 4 Footer !8 8 Frame Contents8O 8 3xHp1*$CJOJ QJ aJtH PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VGRU1a$N% ʣꂣKЛjVkUDRKQj/dR*SxMPsʧJ5$4vq^WCʽ D{>̳`3REB=꽻Ut Qy@֐\.X7<:+& 0h @>nƭBVqu ѡ{5kP?O&Cנ Aw0kPo۵(h[5($=CVs]mY2zw`nKDC]j%KXK 'P@$I=Y%C%gx'$!V(ekڤք'Qt!x7xbJ7 o߼W_y|nʒ;Fido/_1z/L?>o_;9:33`=—S,FĔ觑@)R8elmEv|!ո/,Ә%qh|'1:`ij.̳u'k CZ^WcK0'E8S߱sˮdΙ`K}A"NșM1I/AeހQתGF@A~eh-QR9C 5 ~d"9 0exp<^!͸~J7䒜t L䈝c\)Ic8E&]Sf~@Aw?'r3Ȱ&2@7k}̬naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n| .qc:?7/N<Z*`]u-]e|aѸ¾|mH{m3CԚ .ÕnAr)[;-ݑ$$`:Ʊ>NVl%kv:Ns _OuCX=mO4m's߸d|0n;pt2e}:zOrgI( 'B='8\L`"Ǚ 4F+8JI$rՑVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)sֻڙӇiE4(=U\.O. +x"aMB[F7x"ytѫиK-zz>F>75eo5C9Z%c7ܼ%6M2ˊ 9B" N "1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lוDA=eX)Ly5ot e㈮bW3gp : j$/g*QjZTa!e9#i5*j5ö fE`514g{7vnO(^ ,j~V9;kvv"adV݊oTAn7jah+y^@ARhW.GMuO "/e5[s󿬅`Z'WfPt~f}kA'0z|>ܙ|Uw{@՘tAm'`4T֠2j ۣhvWwA9 ZNU+Awvhv36V`^PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] t6 t6f  C $1*&3y8`=t> #%&(*,.02g !,(+1:6q<t>!"$')+-/1$8F mf3 1)))t6XXXXXX !@ @ (    B3"? 0(  0 # T` i )))*3*9*\*a*h*m*****+++ ,,,5.8.^/g/i/s///\1t1(2@24$44,6G6J6P6R6S6U6V6X6Y6[6\6e6f6p6r6u6Yc* >  rzU^ 3 1))/112O6f6p6u633333333(3VW%IJjkwxXYKLFG$ % v w C D OTUGtu'(QR|} pqBCyzbcfuvk, / 0 3 -).)1)))))*****&+'+D+E+z+{++++ ,,,$-%-M-N---<.=...//////x0y000 1 18191w1x111222O6u60^`OJQJB*phCJmH sH nHtH^JaJo( ^`OJQJB*phCJ^JaJo(P^`P@@^@`0^`0``^``^`^`^``^``00^0`WW8Num8WW8Num9]   @;$f?3xHvDs :*.2SP6R6@O6O6O6O6t6@UnknownG*Ax Times New Roman5Symbol3. *Cx ArialC (PMingLiUe0}fԚ;(SimSun[SO?= *Cx Courier New;WingdingsS&Liberation SansArial5. .[`)TahomaYLohit DevanagariCalibri;. *Cx HelveticaC.,{ @Calibri Light7.@CalibriA$BCambria Math"hYgZ'{¦5. b5. b!05656JqP v! xxw4) Cryptographic Hash Competition Shu-jen ChangMoody, Dustin (Fed)   Oh+'0 4@ ` l x  Cryptographic Hash CompetitionShu-jen Chang Normal.dotmMoody, Dustin (Fed)7Microsoft Office Word@[@l' p@7@J@F 5.՜.+,D՜.+,L hp|  b56 Cryptographic Hash Competition Title 8@ _PID_HLINKSA@$TMWhttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html=3 Thttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html=3 Thttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.htmlUhttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/intell_prop.htmlTMWhttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/optical_media.html=3Thttp://robin.csd.ncsl.nist.gov/groups/ST/hash/sha-3/Submission_Reqs/algo_specs.html  !"#$%&'()*+,-./012356789:;=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`bcdefghjklmnopstuxyz{|}~Root Entry FɤFData 41Table<HWordDocument .fSummaryInformation(aDocumentSummaryInformation8iMsoDataStore +ƤF@ȤFAUCP4MIFH==2  +ƤF0ȤFItem  w%Properties}GT3VJM5SEI3U4==2 +ƤF@ȤFItem  PropertiesOCompObjr This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision.   DocumentLibraryFormDocumentLibraryFormDocumentLibraryForm   F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q