From 44e0e3256a95ff3f5c7f92e18af6457d9007edb4 Mon Sep 17 00:00:00 2001
From: Matthijs van den Bos <matthijs@vandenbos.org>
Date: Fri, 17 Apr 2020 17:14:07 +0200
Subject: [PATCH] Initial version of cleaned up PoC codebase

---
 .gitignore                                    | 100 ++++++
 README.md                                     |  36 +++
 bin/compile_contract.sh                       |  10 +
 bin/deploy_contract.sh                        |  47 +++
 bin/enter_docker.sh                           |   4 +
 bin/run_c_unit_tests.sh                       |   9 +
 bin/run_notary_test.sh                        |  21 ++
 bin/run_prove_verify_test-NOCOMPILE.sh        |  10 +
 bin/run_prove_verify_test.sh                  |  10 +
 bin/run_tests-NOCOMPILE.sh                    |   7 +
 bin/run_tests.sh                              |   8 +
 build.gradle                                  | 103 +++++++
 config/dev/log4j2.xml                         |  59 ++++
 config/test/log4j2.xml                        |  20 ++
 constants.properties                          |  13 +
 gradle.properties                             |   4 +
 gradle/wrapper/gradle-wrapper.jar             | Bin 0 -> 55190 bytes
 gradle/wrapper/gradle-wrapper.properties      |   5 +
 gradlew                                       | 172 +++++++++++
 notary/build.gradle                           |  42 +++
 .../zknotary/client/flows/ZKFinalityFlow.kt   | 176 +++++++++++
 .../ing/zknotary/client/flows/ZKNotaryFlow.kt | 123 ++++++++
 .../zknotary/common/contracts/TestContract.kt |  71 +++++
 .../serializer/JsonZKInputSerializer.kt       | 120 ++++++++
 .../serializer/NoopZKInputSerializer.kt       |   9 +
 .../serializer/VictorsZKInputSerializer.kt    | 109 +++++++
 .../common/serializer/ZKInputSerializer.kt    |  11 +
 .../NamedByAdditionalMerkleTree.kt            |  18 ++
 .../transactions/ZKFilteredTransaction.kt     |  30 ++
 .../common/transactions/ZKWireTransaction.kt  |  17 +
 .../ZKWireTransactionMerkleTree.kt            | 114 +++++++
 .../com/ing/zknotary/common/util/Native.kt    |  26 ++
 .../zknotary/common/zkp/NoopProverVerifier.kt |  14 +
 .../com/ing/zknotary/common/zkp/Proof.kt      |   8 +
 .../com/ing/zknotary/common/zkp/Prover.kt     |   5 +
 .../com/ing/zknotary/common/zkp/Verifier.kt   |  16 +
 .../com/ing/zknotary/common/zkp/ZKConfig.kt   |  12 +
 .../ing/zknotary/common/zkp/ZincProverCLI.kt  |  11 +
 .../zknotary/common/zkp/ZincProverNative.kt   |  39 +++
 .../zknotary/common/zkp/ZincVerifierCLI.kt    |  11 +
 .../zknotary/common/zkp/ZincVerifierNative.kt |  35 +++
 .../ing/zknotary/notary/ZKNotaryService.kt    |  45 +++
 .../notary/flows/ZKNotaryServiceFlow.kt       | 112 +++++++
 .../zknotary/flows/DenialOfStateFlowTest.kt   | 290 ++++++++++++++++++
 .../kotlin/com/ing/zknotary/flows/Util.kt     | 151 +++++++++
 .../ing/zknotary/flows/ZKNotaryFlowTest.kt    | 174 +++++++++++
 .../NotaryClientFlowRegistrationTest.kt       | 132 ++++++++
 .../NooPSerializeProveVerifyTest.kt           |  41 +++
 .../ing/zknotary/notary/transactions/Util.kt  |  34 ++
 .../VictorsSerializeProveVerifyTest.kt        |  42 +++
 repositories.gradle                           |   8 +
 settings.gradle                               |   1 +
 52 files changed, 2685 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100755 bin/compile_contract.sh
 create mode 100755 bin/deploy_contract.sh
 create mode 100644 bin/enter_docker.sh
 create mode 100755 bin/run_c_unit_tests.sh
 create mode 100755 bin/run_notary_test.sh
 create mode 100755 bin/run_prove_verify_test-NOCOMPILE.sh
 create mode 100755 bin/run_prove_verify_test.sh
 create mode 100644 bin/run_tests-NOCOMPILE.sh
 create mode 100755 bin/run_tests.sh
 create mode 100644 build.gradle
 create mode 100644 config/dev/log4j2.xml
 create mode 100644 config/test/log4j2.xml
 create mode 100644 constants.properties
 create mode 100644 gradle.properties
 create mode 100644 gradle/wrapper/gradle-wrapper.jar
 create mode 100644 gradle/wrapper/gradle-wrapper.properties
 create mode 100755 gradlew
 create mode 100644 notary/build.gradle
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKFinalityFlow.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKNotaryFlow.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/contracts/TestContract.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/serializer/JsonZKInputSerializer.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/serializer/NoopZKInputSerializer.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/serializer/VictorsZKInputSerializer.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/serializer/ZKInputSerializer.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/transactions/NamedByAdditionalMerkleTree.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKFilteredTransaction.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransaction.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransactionMerkleTree.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/util/Native.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/NoopProverVerifier.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/Proof.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/Prover.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/Verifier.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZKConfig.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverCLI.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverNative.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierCLI.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierNative.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/notary/ZKNotaryService.kt
 create mode 100644 notary/src/main/kotlin/com/ing/zknotary/notary/flows/ZKNotaryServiceFlow.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/flows/DenialOfStateFlowTest.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/flows/Util.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/flows/ZKNotaryFlowTest.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/notary/NotaryClientFlowRegistrationTest.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/notary/transactions/NooPSerializeProveVerifyTest.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/notary/transactions/Util.kt
 create mode 100644 notary/src/test/kotlin/com/ing/zknotary/notary/transactions/VictorsSerializeProveVerifyTest.kt
 create mode 100644 repositories.gradle
 create mode 100644 settings.gradle

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..703d3eacd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,100 @@
+*.dSYM
+.vscode
+**/proving_material
+**/verification_material
+**/prover_verifier_shared
+**/notary/bin/*
+**/workflows/bin/*
+#**/block_stores/**/LOCK
+**/libpv*.so
+
+.idea/*
+
+corda/
+
+.DS_Store
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Kotlin template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+**/logs/
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+!pepper/*.jar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+### Gradle template
+.gradle
+**/build/
+
+# Ignore Gradle GUI config
+gradle-app.setting
+
+# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
+!gradle-wrapper.jar
+
+# Cache of project
+.gradletasknamecache
+
+# # Work around https://youtrack.jetbrains.com/issue/IDEA-116898
+# gradle/wrapper/gradle-wrapper.properties
+
diff --git a/README.md b/README.md
new file mode 100644
index 000000000..78c8b43f5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,36 @@
+# For victor
+
+## Tests to use:
+
+`com.ing.zknotary.notary.transactions.VictorsSerializeProveVerifyTest`
+
+This test will give you: 
+
+* a proper transaction data structure
+* a place to test serialization logic 
+* an opportunity to test proving and verifying e2e between Kotlin and Zinc.
+
+Feel free to created dedicated unit tests for the serializer.
+
+## Serializer to implement:
+
+`com.ing.zknotary.common.serializer.VictorsZKInputSerializer`
+
+If you have a better name once you know how you will do it, please feel free to rename it. :-)
+
+I (Matthijs) will also implement a naive JSON/CordaSerialized serializer for inspiration/reference: `com.ing.zknotary.common.serializer.JsonZKInputSerializer`.
+If we can deserialize CordaSerialized components in Zinc into meaningful structures, this might even work.
+
+## Prover/Verifier to implement:
+
+Prover: `com.ing.zknotary.common.zkp.ZincProverCLI`
+
+Verifier: `com.ing.zknotary.common.zkp.ZincVerifierCLI`
+
+We have agreed to initially do it the CLI way, so that we can focus on the serialization/deserialization logic first.
+Once we have that in place, we will move to `ZincProverNative` and `ZincVerifierNative`.
+
+> Please note that the ZKId of a transaction (our custom Merkle root) is currently calculated based on the 
+> CordaSerialized form of transaction components. We may be able to change that to another format, but if not, we will have to
+> pass that format to Zinc as well to recalculate the ZKId. Then we will have to deserialize it to verify the validity of the contents.
+
diff --git a/bin/compile_contract.sh b/bin/compile_contract.sh
new file mode 100755
index 000000000..72c84ea38
--- /dev/null
+++ b/bin/compile_contract.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)/pepper
+
+contract_name=$1
+debug_flag=$2 # DEBUG=1, default is DEBUG=0
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+docker run -v "$(pwd)":/opt/pequin/pepper -it mvdbos/corda-zk-notary bash -c "export PEPPER_BIN_PATH=\"/opt/pequin/pepper/bin\" && cd /opt/pequin/pepper && ./compile_contract.sh ${contract_name} ${debug_flag}"
diff --git a/bin/deploy_contract.sh b/bin/deploy_contract.sh
new file mode 100755
index 000000000..4727f0435
--- /dev/null
+++ b/bin/deploy_contract.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)
+
+contract_name=$1
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+
+mkdir -p ./{workflows,notary}/proving_material
+mkdir -p ./{workflows,notary}/verification_material
+mkdir -p ./{workflows,notary}/prover_verifier_shared
+mkdir -p ./{workflows,notary}/src/test/resources
+
+rm -rf ./{workflows,notary}/proving_material/*
+rm -rf ./{workflows,notary}/verification_material/*
+rm -rf ./{workflows,notary}/prover_verifier_shared/*
+rm -f ./{workflows,notary}/src/test/resources/libpv.so
+
+cp -r ./pepper/prover_verifier_shared ./workflows/
+cp -r ./pepper/prover_verifier_shared ./notary/
+
+cp ./pepper/bin/${contract_name}.params ./workflows/prover_verifier_shared/
+cp ./pepper/bin/${contract_name}.params ./notary/prover_verifier_shared/
+
+cp ./pepper/bin/${contract_name}.pws ./workflows/proving_material/
+cp ./pepper/bin/${contract_name}.pws ./notary/proving_material/
+
+cp ./pepper/proving_material/${contract_name}.pkey ./workflows/proving_material/
+cp ./pepper/proving_material/${contract_name}.pkey ./notary/proving_material/
+
+cp ./pepper/verification_material/${contract_name}.vkey ./workflows/verification_material/
+cp ./pepper/verification_material/${contract_name}.vkey ./notary/verification_material/
+
+# This should also be dynamically named for the contract
+cp ./pepper/compiled_libs/libpv.so workflows/src/test/resources/
+cp ./pepper/compiled_libs/libpv.so notary/src/test/resources/
+
+## Copy Jsnark circuit files
+#cp ./pepper/*.arith ./workflows/bin/
+#cp ./pepper/*.arith ./notary/bin/
+#cp ./pepper/*.in ./workflows/bin/
+#cp ./pepper/*.in ./notary/bin/
+
+# Copy  executables
+cp ./pepper/bin/* ./notary/bin/
+cp ./pepper/bin/* ./workflows/bin/
diff --git a/bin/enter_docker.sh b/bin/enter_docker.sh
new file mode 100644
index 000000000..5cd454bad
--- /dev/null
+++ b/bin/enter_docker.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+cd $(git rev-parse --show-toplevel)/pepper
+
+docker run --rm -v /"$(pwd)":/opt/pequin/pepper -it mvdbos/corda-zk-notary bash
\ No newline at end of file
diff --git a/bin/run_c_unit_tests.sh b/bin/run_c_unit_tests.sh
new file mode 100755
index 000000000..d33ed5cb1
--- /dev/null
+++ b/bin/run_c_unit_tests.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)/pepper/apps
+
+if [ ! -f Makefile ]; then 
+    cmake . 
+fi
+make test
+#clang simple_contract_test.c -ldl -rdynamic -lcmocka -Ied25519 -std=c89 -o /tmp/simple_contract_test && /tmp/simple_contract_test && rm /tmp/simple_contract_test
diff --git a/bin/run_notary_test.sh b/bin/run_notary_test.sh
new file mode 100755
index 000000000..00b1f7c3c
--- /dev/null
+++ b/bin/run_notary_test.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)
+
+test_name=$1
+
+# if test_name is empty, set it to 'com.ing.zknotary.flows.SimpleZKNotaryFlowTest'
+if [[ -z "$test_name" ]]
+then
+      test_name="com.ing.zknotary.notary.transactions.ComplexZKProofTest"
+fi
+
+# Mounting pepper dir is necessary for our gadget to be able to find the .arith files.
+docker run \
+    --rm \
+    -v "$(pwd)":/src  \
+    -v "$(pwd)/pepper":/opt/pequin/pepper  \
+    -v ~/.gradle/caches:/root/.gradle/caches \
+    -v ~/.m2/repository:/root/.m2/repository \
+    mvdbos/corda-zk-notary \
+    bash -c "cd /src && export PEPPER_BIN_PATH=\"/src/notary/bin\" && gradle --no-daemon --info notary:cleanTest notary:test --tests \"${test_name}\""
diff --git a/bin/run_prove_verify_test-NOCOMPILE.sh b/bin/run_prove_verify_test-NOCOMPILE.sh
new file mode 100755
index 000000000..cad9335ef
--- /dev/null
+++ b/bin/run_prove_verify_test-NOCOMPILE.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)/pepper
+
+contract_name=$1
+debug_flag=$2 # DEBUG=1, default is DEBUG=0
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+docker run -v "$(pwd)":/opt/pequin/pepper -it mvdbos/corda-zk-notary bash -c "cd /opt/pequin/pepper && ./test_prove_verify-NOCOMPILE.sh ${contract_name} ${debug_flag}"
diff --git a/bin/run_prove_verify_test.sh b/bin/run_prove_verify_test.sh
new file mode 100755
index 000000000..8d2ef392c
--- /dev/null
+++ b/bin/run_prove_verify_test.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+cd $(git rev-parse --show-toplevel)/pepper
+
+contract_name=$1
+debug_flag=$2 # DEBUG=1, default is DEBUG=0
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+docker run -v "$(pwd)":/opt/pequin/pepper -it mvdbos/corda-zk-notary bash -c "cd /opt/pequin/pepper && ./test_prove_verify.sh ${contract_name} ${debug_flag}"
diff --git a/bin/run_tests-NOCOMPILE.sh b/bin/run_tests-NOCOMPILE.sh
new file mode 100644
index 000000000..c30b16d40
--- /dev/null
+++ b/bin/run_tests-NOCOMPILE.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+contract_name=$1
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+sh ./bin/deploy_contract.sh ${contract_name} && sh ./bin/run_notary_test.sh
diff --git a/bin/run_tests.sh b/bin/run_tests.sh
new file mode 100755
index 000000000..853984a6a
--- /dev/null
+++ b/bin/run_tests.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+contract_name=$1
+debug_flag=$2 # DEBUG=1, default is DEBUG=0
+
+if [[ -z "${contract_name}" ]]; then echo "Contract name is a required argument"; exit 1; fi
+
+sh ./bin/compile_contract.sh ${contract_name} ${debug_flag} && sh ./bin/deploy_contract.sh ${contract_name} && sh ./bin/run_notary_test.sh
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 000000000..4365e5bc7
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,103 @@
+buildscript {
+    Properties constants = new Properties()
+    file("$projectDir/./constants.properties").withInputStream { constants.load(it) }
+
+    ext {
+
+        //corda_gradle_plugins_version = '4.0.45'
+
+        corda_release_group = constants.getProperty("cordaReleaseGroup")
+        corda_core_release_group =  constants.getProperty("cordaCoreReleaseGroup")
+        corda_release_version = constants.getProperty("cordaVersion")
+        corda_core_release_version = constants.getProperty("cordaCoreVersion")
+        corda_gradle_plugins_version = constants.getProperty("gradlePluginsVersion")
+        kotlin_version = constants.getProperty("kotlinVersion")
+        junit_version = constants.getProperty("junitVersion")
+        quasar_version = constants.getProperty("quasarVersion")
+        log4j_version = constants.getProperty("log4jVersion")
+        slf4j_version = constants.getProperty("slf4jVersion")
+        corda_platform_version = constants.getProperty("platformVersion").toInteger()
+        //springboot
+        spring_boot_version = '2.0.2.RELEASE'
+        spring_boot_gradle_plugin_version = '2.0.2.RELEASE'
+
+        spotless_plugin_version = '3.23.1'
+    }
+
+
+    repositories {
+        mavenLocal()
+        mavenCentral()
+        jcenter()
+        maven { url 'https://ci-artifactory.corda.r3cev.com/artifactory/corda-releases' }
+        maven { url 'https://software.r3.com/artifactory/corda' }
+        maven { url 'https://repo.gradle.org/gradle/libs-releases' }
+        maven { url "https://plugins.gradle.org/m2/" }
+    }
+
+    dependencies {
+        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
+        classpath "net.corda.plugins:cordapp:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:cordformation:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:quasar-utils:$corda_gradle_plugins_version"
+        classpath "com.diffplug.spotless:spotless-plugin-gradle:$spotless_plugin_version"
+        classpath "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
+        classpath "org.springframework.boot:spring-boot-gradle-plugin:$spring_boot_gradle_plugin_version"
+    }
+}
+
+plugins {
+    id 'com.cosminpolifronie.gradle.plantuml' version '1.6.0'
+}
+
+allprojects {
+    apply from: "${rootProject.projectDir}/repositories.gradle"
+    apply plugin: 'kotlin'
+    apply plugin: 'com.diffplug.gradle.spotless'
+
+    repositories {
+        mavenLocal()
+        jcenter()
+        mavenCentral()
+        maven { url 'https://ci-artifactory.corda.r3cev.com/artifactory/corda-releases' }
+        maven { url 'https://jitpack.io' }
+        maven { url 'https://software.r3.com/artifactory/corda' }
+        maven { url 'https://repo.gradle.org/gradle/libs-releases' }
+    }
+
+    tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).all {
+        kotlinOptions {
+            languageVersion = "1.2"
+            apiVersion = "1.2"
+            jvmTarget = "1.8"
+            javaParameters = true   // Useful for reflection.
+        }
+    }
+
+    jar {
+        // This makes the JAR's SHA-256 hash repeatable.
+        preserveFileTimestamps = false
+        reproducibleFileOrder = true
+    }
+
+    spotless {
+        kotlin {
+            ktlint()
+        }
+    }
+
+    // below you can specify any env vars, for instance the path to the prover lib
+    test {
+        // environment "LD_LIBRARY_PATH", "~/pepper_deps/lib/"
+    }
+}
+
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.cordformation'
+apply plugin: 'net.corda.plugins.quasar-utils'
+
+
+plantUml {
+    render input: 'docs/**/*.puml', output: "docs/build", format: 'png', withMetadata: false
+}
+
diff --git a/config/dev/log4j2.xml b/config/dev/log4j2.xml
new file mode 100644
index 000000000..34ba4d45a
--- /dev/null
+++ b/config/dev/log4j2.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="info">
+
+    <Properties>
+        <Property name="log-path">logs</Property>
+        <Property name="log-name">node-${hostName}</Property>
+        <Property name="archive">${log-path}/archive</Property>
+    </Properties>
+
+    <ThresholdFilter level="trace"/>
+
+    <Appenders>
+        <Console name="Console-Appender" target="SYSTEM_OUT">
+            <PatternLayout>
+                <pattern>
+                    %highlight{%level{length=1} %d{HH:mm:ss} %T %c{1}.%M - %msg%n}{INFO=white,WARN=red,FATAL=bright red blink}
+                </pattern>>
+            </PatternLayout>
+        </Console>
+
+        <!-- Will generate up to 10 log files for a given day. During every rollover it will delete
+             those that are older than 60 days, but keep the most recent 10 GB -->
+        <RollingFile name="RollingFile-Appender"
+                     fileName="${log-path}/${log-name}.log"
+                     filePattern="${archive}/${log-name}.%d{yyyy-MM-dd}-%i.log.gz">
+
+            <PatternLayout pattern="[%-5level] %d{ISO8601}{GMT+0} [%t] %c{1} - %msg%n"/>
+
+            <Policies>
+                <TimeBasedTriggeringPolicy/>
+                <SizeBasedTriggeringPolicy size="10MB"/>
+            </Policies>
+
+            <DefaultRolloverStrategy min="1" max="10">
+                <Delete basePath="${archive}" maxDepth="1">
+                    <IfFileName glob="${log-name}*.log.gz"/>
+                    <IfLastModified age="60d">
+                        <IfAny>
+                            <IfAccumulatedFileSize exceeds="10 GB"/>
+                        </IfAny>
+                    </IfLastModified>
+                </Delete>
+            </DefaultRolloverStrategy>
+
+        </RollingFile>
+    </Appenders>
+
+    <Loggers>
+        <Root level="info">
+            <AppenderRef ref="Console-Appender"/>
+            <AppenderRef ref="RollingFile-Appender"/>
+        </Root>
+        <Logger name="net.corda" level="info" additivity="false">
+            <AppenderRef ref="Console-Appender"/>
+            <AppenderRef ref="RollingFile-Appender"/>
+        </Logger>
+    </Loggers>
+
+</Configuration>
diff --git a/config/test/log4j2.xml b/config/test/log4j2.xml
new file mode 100644
index 000000000..cd9926ca8
--- /dev/null
+++ b/config/test/log4j2.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="info">
+    <Appenders>
+        <Console name="Console-Appender" target="SYSTEM_OUT">
+            <PatternLayout>
+                <pattern>
+                    [%-5level] %d{HH:mm:ss.SSS} [%t] %c{1}.%M - %msg%n
+                </pattern>>
+            </PatternLayout>
+        </Console>
+    </Appenders>
+    <Loggers>
+        <Root level="info">
+            <AppenderRef ref="Console-Appender"/>
+        </Root>
+        <Logger name="net.corda" level="info" additivity="false">
+            <AppenderRef ref="Console-Appender"/>
+        </Logger>
+    </Loggers>
+</Configuration>
diff --git a/constants.properties b/constants.properties
new file mode 100644
index 000000000..d84cc091c
--- /dev/null
+++ b/constants.properties
@@ -0,0 +1,13 @@
+cordaReleaseGroup=net.corda
+cordaCoreReleaseGroup=net.corda
+cordaVersion=4.5-SNAPSHOT
+cordaCoreVersion=4.5-SNAPSHOT
+gradlePluginsVersion=5.0.4
+kotlinVersion=1.2.71
+junitVersion=4.12
+quasarVersion=0.7.10
+log4jVersion =2.11.2
+platformVersion=5
+slf4jVersion=1.7.25
+nettyVersion=4.1.22.Final
+
diff --git a/gradle.properties b/gradle.properties
new file mode 100644
index 000000000..1c8713807
--- /dev/null
+++ b/gradle.properties
@@ -0,0 +1,4 @@
+name=ZKNotary
+group=com.ing.zknotary
+version=0.1
+kotlin.incremental=false
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..87b738cbd051603d91cc39de6cb000dd98fe6b02
GIT binary patch
literal 55190
zcmafaW0WS*vSoFbZQHhO+s0S6%`V%vZQJa!ZQHKus_B{g-pt%P_q|ywBQt-*Stldc
z$+IJ3?^KWm27v+sf`9-50uuadKtMnL*BJ;1^6ynvR7H?hQcjE>7)art9Bu0Pcm@7C
z@c%WG|JzYkP)<@zR9S^iR_sA`azaL$mTnGKnwDyMa;8y<VUc<F=zfxROma$gidvH9
z2h@3pamrzl7G)bcX~|&`RS-HU8cGq`o#UP3kAIo*?<D{G(Lny*+c}#3KTq|4`#}GP
zkC`LD*xKa3bw&PXS2st1y}gO!|1+dw&2$wQ6bR`2@0+3h_d|s2?3|sP|BjahSlB8%
z100=A9O;a#0ZvZQYTD|^>L_0^>Ba^)phg0L5rOPTbm7g*YIRLg-2^{qe^`rb!2KqS
zk~5wEJtTdD?)3+}=eby3x6%i)sb+m?<ty?llF#BL{kH&8Kqbv`I`hZn#><t@^WlwI
zFF&X~6hB4Sen7wvnQ?dN5mC_YwxV688j7?5)p{9f2*N@Gutvl7W&aDIdspydV`Gyj
ziqnCvC{R$ddWwS)xuM&bC>?NHC^u=tcG8p$TzB<;FL(WrZGV&cDQb?O0GMe6PBV=V
z?tTO*5_HTW$xea!nkc~Cnx#cL_rrUGWP<s~^u=+(HO787UDBp%;XvHvsvM)P^JBp8
zg%{jzonyK80Gm$KR6SGY!SRlc14pwgLLEfy5To$oN!&j<IczSKY117s0Mt>Ra6l<N
zCK>+A{aiMY=<0@8y5OC#UcGeE#I>nWh}`#M#kIn-$A;q@u-p71b#hcSItS!IPw?>8
z<A6@do&-iJg_ZnJT`6G;Ia2=c8;qO!)lXslz<@z@nH;x;FHDPPHsqH&oH%qV7cX1$
zfJZk(^|wxD&o$-5dZB(gzOjb}t5r2ovG|HcLyh1lz2^JM&AZzta;-8eQeiE|phi{4
zl;%pg9B59(*%~QIK;=F}Oa({i3g)xTAadZkd%-{-E~cAm8pZEAl~sz$R{<LF-LbMV
zdqq_T_!ml(^YkSBf+Wq+gpSMZNF5cPKH+igTbVHJGNn60KEu;(6n*U;;ik%0j9i7`
zpO1+px_bfQsJZ**adz2g=N=0hXze~F`%d2Z`_kT`=6{OB0*l0yg<Hdr#=qkuYVTl|
zyqGU_mK>vzb|?@Ahb22L(O4#2Sre&l9H(@TGT>#Py)D&eW-LNb!=S;I`ZQ{w;MaHW
z#to!~TVLgho_Pm%zq@o{K3Xq?I|MVuVSl^QHnT~sHlrVxgsqD-+<D4Gv!i=e)TFN!
zq!Ui%q&R|JAyGTBf7I>YD?Nz9@HA<;x2AQjxP)r6Femg+LJ-*)k%EZ}TTRw->5xOY
z9#zKJqjZgC47@AFdk1$W+Kh<m?}P4f$*!-Q4Brhc1DZh%aJ3Y2*f&;bZ0aR@%x6Vl
zE^>TQJKn7e>A&?@-YOy!v_(}GyV@9G#I?bsuto4JEp;5|N{orxi_?vTI4UF0HYcA(
zKyGZ4<7Fk?&LZMQb6k10N%E*$gr#T&HsY4SPQ?yerqRz5c?5P$@6dlD6UQwZJ*Je9
z7n-@7!(OVdU-mg@5$D+R%gt82Lt%&n<SbTW5YaN30vC}dM!`o{0Y)#8gB<7a;~ewn
zum)H~8ZP3jPBny2(wg8%>6Yr4=|q>XT%&^z_D*f*ug8N6w$`woqeS-+#RAOfSY&Rz
z?1qYa5xi(7eTCrzCFJfCxc%j{J}6#)3^*VRKF;w+`|1n;Xaojr2DI{!<3CaP`#tXs
z*`pBQ5k@JLKuCmovFDqh<A*`BhNMxBSgK2Jnf%fC<PT8ixs*!>_`Q;+^@t_;SDm29
zCNSdWXbV?9;D4VcoV`FZ9Ggrr$i<&#Dx3W=8>bSQIU_%vf)#(M2Kd3=rN@^d=QAtC
zI-iQ;;GM<GK_*z9M&gz2?HY;f@9E=7UY4GG^YrKIH1Y3R;)br|{W(ikn_ZADhfHAk
z$tzVSKmP^OkLGM%RG5#A45DE!YlpymHP_Fh(23|7k`~2|!F@}AHplwRb@1u;&j@0!
z_~ldZcNd-iYsCM4Hx;pSv$eJZ7?UvmV-NL-l7$*zKnUJ3XKki(r4N8!0qYLn-xbnv
z4_FOZMM_9e@nT2E>k|&A++W5#hK28W(YqN%?!yuW8(|<IG4pat-$d6!8qwasuo3N{
z8P-K0<4&}=fG&(_=vmJqB%G{L*5Qn|`i)IqA;tAIL8}%t*N<_=rsYo0OK4Nsh9-8m
zP@JSGoAzZPaYEpHn{BHBf}W4=8{|97p@W2B>Cf`@FOW5QbX|`97fxmV;uXvPCqxBD
zJ9iI37iV)5TW1R+fV16y;6}2tt~|0J3U4E=wQh@sx{c_eu)t=4Yoz|%Vp<#)Qlh1V
z0@C2ZtlT>5gdB6W)_bhXtcZS)`9A!uIOa`K04$5>3&8An+i9BD&GvZZ=7#^r=BN=k
za+=Go;qr(M)B~KYAz|<^O3LJON}$Q6Yuqn8qu~+UkUKK~&iM%pB!BO49L+?AL7N7o
z(OpM(C-EY753=G=<rr0LOB>WwJHE`h*lNLMNP^c^bBk@5MyP5{v7x>GNWH>QSgTe5
z!*GPkQ(lcbEs~)4ovCu!Zt&$${9$u(<4@9%@{U<-ksAqB?6F`bQ;o-m<d;uic*Fd_
zy}X3zP8jH~v4Kj`h2~~;<1}vYv0dx&mWqg{*~c6{In*e4bPJh;5zZV8GHfk&XxW9E
zjT8m8>vjr)Jn7F&j$@`il1Mf+-HdBs<-`1FahTxmPMMI)@OtI&^mtijW6z<m(I<n(
zjd{aVz`&%aq|iCtV1qv9FLTt9C#5gzu)W_1yZlPbrAEd=6OMtEti>GZ67O$UOv1Jj
z;a3gmw~t|LjPkW3!EZ=)lLUhFzvO;Yvj9g`<Mh2tVMAlS$G!yMJ3yN9@dEMa6tjlY
zIQraEM`Y++gCpH^9TJXoIn3~hoMY4B^u0L}ogl)llCQ}-f5{+y0MEA*Tl_3xTuSwo
zs$6;*4*3|z`|;j0dCgVg)r8Ia2~+bZrM>8hm%6u`;cuek_b-c$wS_0M4-N<@3l|88
z@V{Sd|M;4+H6guqMm4|v=C6B7mlpP(+It%0E;W`dxMOf9!jYwWj3*MRk`KpS_jx4c
z=hrKBkFK;gq@;wUV2eqE3R$M+iUc+UD0iEl#-rECK+XmH9hLKrC={j@uF=f3UiceB
zU5l$FF7#RKjx+6!JHMG5-!@zI-eG=a-!Bs^AFKqN_M26%cIIcSs61R$yuq@5a3c3&
z4%zLs!g}+C5%`ja?F`?5-og0lv-;(^e<`r~p$x%&*89_Aye1N)9LNVk?9BwY<LRp`
z=qpX-X1+!eY{&MhOzC63HoSkiAk6I91-xo|i?aHui(2^E?c)c$ihm~h`?1}5B4pmt
z`<D4V{R*!IyQ_U|wfyA%A`UaV%O(4gR{YYwdSn%S%kZzI_W2TL{jSXTR-R&4c?hxW
zDbKK@%(l%CYJ3-!DQ762N6<(3xYJbr{FM4dV_23W$u6mipo_#(%oS#3n66|bQBAaz
zu4FgP1T2q%1U2rc2^g1ZzMv9T!)_Q!s-v`m)ifJ_CkQbPq{NnO7rnyHCu{hfq%GS%
zl{8gi&3NRh+>$Y$$F^!JQAjBJvywXAesj7lTZ)rXuxv(FFNZVknJha99lN=^h`J2>
zl5=~(tKwvHHvh|9-41@OV`c;Ws--PE%{<c6mWHujUST0!rih1o4|eUY$w;a(ucfy4
zMdCZ({88sb(UvH#M(W5)&}DRYZ!q+IMzm87zXAkH0%|A`85!=V`a-S)*#^0W7tL**
zuKoG3>7d2sLNbDp<GQ{S=RLKXa8!0U0aEZ!Q)ZTZwn_ze%6(SQdTH?{A9!La(p?en
za_g^bZt&|EQp0UuLGeK(EE+Z+Mw5-WzLj*G!UUJC`k;lx94v>;A6_Ka6epzOSFdqb
zBa0m3j~<DP?|y?yRLaAL2^l`@$32?N%duq02le4i7c?@kSI^^M!z##6mvhkMmuFe5
z#~N}~yD1@;J&>bT*q1lslHsHqaHIP%DF&-XMpCRL(v;MV#*>mB^&)a=HfLI7efblG
z(@hzN`|n+oH9;qBklb=d^S0joHCsArnR1-h{*dIU<uIQTp58hpGQ;U`=ZO;XPux;3
zSnG0j9$RvT1DVD&51h;CGSq~VCq{=ve%n)U>Thik>ot^!6YCNjg;J_i3h6Rl0ji)*
zo(tQ~>xB!rUJ(nZjCA^%X;)H{@>uhR5|xBDA=d21p@iJ!cH?+%U|VSh2S4@gv`^)^
zNKD6YlVo$<R?AmU2i$F`v1^9K%KAXXp^ZXxIGd>%b4W^}Rw>P1YJ|fTb$_(7C;hH+
z1XAMPb6*p^h8)e5nNPKfeAO}Ik+ZN_<Gk07F`a(ETFcjllJ6!yX_pYyox8qtfnT%b
zDQQzfb3jF+oM|f!W6UF-m_9E+#bWAw0x4{eu8R`o&4}5^Vb-`Esy+f%vTS+Q5hBju
zoRXy{)zw0#T9Y%YG!PYD!wraFJ0uxF(NZ@9=hV<)<5$fCO(>`NrADeeJOq4Ak;sD~
zTe77no{Ztdox56Xi4UE6S7wRVxJzWxKj;B%v7|FZ3cV9MdfFp7lWCi+W{}UqekdpH
zdO#eoOuB3Fu<sP=XdFxErrDsrPP<0#rtKJe*?LRYH8>!DU`ErfeoZWJbWtRXUeBzi
zBTF-AI7yMC^ntG+8%mn(I6Dw}3xK8v#Ly{3w3_E?J4(Q5JBq~I>u3!CNp~Ekk&YH`
z#383VO4O42NNtcGkr*K<+wYZ>@|sP?`AQcs5oqX@-EIqgK@Pmp5~p6O6qy4ml~N{D
z{=jQ7k(9!CM3N3Vt|u@%ssTw~r~Z(}QvlROAkQQ?r8OQ3F0D$<ATD96PGMkQUucXO
zsO_rHNoz9EAqP;G!acq?KjDPKl%$!*7XkzOAVy=wE3Jl+&~w=i$ti3kF^?A#F~!0l
z(qsN6b_$9l5^n+~HsT4}T$RweYZ80khhr3`l^)hmjCU3^XiC;B8zS9W9psGD>aGLh
zny+uGnH5muJ<67Z=8uilKvGuANrg@s3Vu_lU2ajb?rIhuOd^E@l!Kl0hYIxOP1B~Q
zggUmXbh$bKL~YQ#!4fos9UUVG#}HN$lIkM<1OkU@r>$7DYYe37cXYwfK@vrHwm;pg
zbh(hEU|8{*d$q7LUm+x&`S@VbW*&p-sWrplWnRM|I{P;I;%U`WmYUCeJhYc|>5?&&
zj}@n}w~Oo=l}iwvi7K6)osqa;M8>fRe}>^;bLBrgA;r^ZGgY@IC^ioRmnE&H4)UV5
zO{7egQ7sBAdoqGsso5q4R(4$4Tjm&&C|7Huz&5B0wXoJzZzNc5Bt)=SOI|H}+fbit
z-PiF5(NHSy>4HPMrNc@SuEMDuKYMQ--G+qeUPqO_9mOsg%1EHpqoX^yNd~~kbo`cH
zlV0iAkBFTn;rVb>EK^V6?T~t~3vm;csx+lUh_%ROFPy0(omy7+_wYjN!VRDt<vxwt
zIO9O})17nB7$|)yQ#7<m9jdxGe+b?B45nvr0ni+mJT^bDK>wDu^h4n|xpAMsLepm%
zggvs;v8+isCW`>BckRz1MQ=l>K6k^DdT`~sDXTWQ<~+JtY;I~I>8XsAq3yXgxe>`O
zZdF*{9@Z|YtS$QrVaB!8&`&^W->_O&-JXn<ria(8@N5}Y(tQY(xf^bj&zBTTJTe(e
zswE7q9M`>1n&~}o3Z7FL1QE5R*W2W@=u|w~7%EeC1aRfGtJWxImfY-D3t!!nBkWM>
zafu>^Lz-ONgT6ExjV4WhN!v~u{lt2-QBN&UxwnvdH|I%LS|J-D;o>@@sA62@&yew0
z)58~JSZP!(lX;da!3`d)D1+;K9!lyNlkF|n(UduR-%g>#{`pvrD^ClddhJ<NQGO)5
zwcsRP-O=h9JSewTt|;2>yfL7C-(x+J+9&7EsC~^O`&}V%)Ut8^O_7YAXPDpzv8ir4
zl`d)(;imc6r16k_d^)PJZ+QPxxVJS5e<sPnrhPQbQDZc!)Ynl{bz0~N&PInz9BM4r
zr-a>^4wX9D=V2zH&wW0-p&OJe=}rX`*->XT=;_qI&)=WHkYnZx6bLoUh_)n-A}SF_
z9z7agNTM5W6}}ui=&Qs@pO5$zHsOWIbd_&%j^Ok5PJ3yUWQw*i4*iKO)_er2CDUME
ztt+{Egod~W-fn^aLe)aBz)MOc_?i-stTj}~iFk7u^-gGSbU;Iem06SDP=AEw9SzuF
zeZ|hKCG3MV(z_PJg0(JbqTRf4T{NUt%kz&}4S`)0I%}ZrG!jgW2GwP=WTtkWS?DOs
znI9LY!dK+1_H0h+i-_~URb^M;4&AMrEO_UlDV8o?E>^3x%ZJyh$JuDMrtYL8|G3If
zPf2_Qb_W+V?$#<tUuHE^NEEy(A1OK3T%6iS+j@b!?u`7y{nQhGnGhiB(iVWf*l>O;
zydKFv*%O;Y@o_T_UAY<b>uaqx1isMKZ^32JtgeceA$0Z@Ck0;lHbS%N5)zzAW9iz;
z8tTKeK7&qw!8XVz-+pz>z-BeIzr*#r0nB^cntjQ9@Y-N0=e&ZK72vlzX>f3RT@i7@
z=z`m7jNk!9%^xD0ug%<M1D6>ptZnM>F;Qu$rlwo}vRGBIymPL)L|x}nan3uFUw(&N
z24gdkcb7!Q<y9dGxhWvwlc5GyTUGH!lJV0VGBcUFlF8h6@3`|RBLzll@C%z^@C#;L
z%Qi1Q>56{0<+<bjAtVESrTeo$u4CrFrQ_1YTh*_T(1(5jYIWkx=ddmGdS?ctJ$3P8
zHVSw(9B$gVfj5i}M+`q^c2AsfXbvN${yl~{yCZ#@7e<;shhTJpBOJZ}AD{GOl<}9k
zLqvo80W?P-{T@wE6!<M_Rv}vHoy+`opC%#?fp1nK)v6&tq_i(qDO0N}!0kXBV=>zu
zEtc5<R;p*9oji>WzG2xf%1<@vo$ZsuOK{v9gx^0`gw>@h>ZMLy*h+6ueoie{D#}}`
zK2@6Xxq(uZaLFC%M!2}FX}ab%GQ8A0QJ?&!vaI8Gv=vMhd);6kGguDmtuOElru())
zuRk&Z{?Vp!G~F<1#s&6io1`poBqpRHyM^p;7!+L??_DzJ8s9mYFMQ0^%_3ft7g{PD
z<v(rlmGcLW1yr@NPOFTYY5j5lC-86AyBoQ$tK*#<%}tkPh1MV4yF!R?)&n#1#ScV$
z64UT|gPe%HX@M($qGcObHx}-(yy-*MGbyM8edGt{CB4}b+c=$PaGv33_P1w!FmcRD
zP~2`a1<5O&@M0TQ(~9sGoR@^1jiD;Toe&GQd55|^vbOd6;{Sl+ti_^Z7;r(l?VYf&
z_2?S84r7;@Mya7ht;&$~+%zgsIzYkNA3Jm$7=VS!v4p~z*^@Xo-7lPu?`p_9owi}Q
zeQ@B_z+{IdtX^9oPQMt>Zd}8E4EV}D!>F?bzcX=2hHR_P`Xy6?FOK)mCj)Ym4s2hh
z0OlOdQa@I;^-3bhB6mpw*X5=0kJv8?#XP~9){G-+0ST@1Roz1qi8PhIXp1D$XNqVG
zMl>WxwT+K`SdO1RCt4FWTNy3!i?N>*-lbnn#OxFJrswgD7HjuKpWh*o@QvgF&j+CT
z{55~ZsUeR1aB}lv#s_7~+9dCix!5(KR#c?K?e2B%P$fvrsZxy@GP#R#jwL{y#Ld$}
z7sF>QT6m|}?V;msb?Nlohj7a5W_D$y+4O6eI;Zt$jVGymlzLKscqer9#+p2$0It&u
zWY!dCeM6^B^Z;ddE<Od?APMqlOvPCDvMg3UADnMU$Bv%9@j@zw+xQ*1SgxUXv+Fs^
z>mhi?8`scl=Lhi7W%2|pT6X6^%-=q90DS(hQ-%c+E*ywPvmoF(KqDoW4!*gmQIklm
zk#!GLqv|cs(<jhkZ8Bksb6SVEhL5(U&v;AW-vpxt6k;rQKE56!Ox|ik2;|p{`Nlxd
zd+HM`;Q*CqFfaehTC_fZUSL|i`A~m2s7FlIK<8Uu7Ww>JRF3G?=AYY19{w@~`G3pa
z@xR9S-<Q9CTP<deCQeQ=7EaD4w*T3ncZu$Y3J^dMy`f&PL=~BM7M&H?ND+;L5LNn+
z#4iaWW;XiLj^xXWjbK@KMGx)d%v$-l1F0M63p~k}PaCSBb0j^OmC{b1l0}0Y4Z5Ql
zJJgK`sOHFhw%W<nhZs~)<=WTHU<P#jDHpFsni>Hquh*&5Yas*VI};(%9%PADn`kzm
zeWMJVW=>>wap*9|R7n#!&&J>gq04>DTCMtj{P^d12|2wXTEKvSf?$AvnE!peqV7i4
zE>0G%CSn%WCW1yre?yi9*aFP{GvZ|R4JT}M%x_%Hztz2qw?&28l&qW<6?c6ym{f$d
z5YCF+k#yEbjCN|AGi~-NcCG8MCF<y=a)yvLMQh8ff`NNJJPh-dOeKkX$Yc2=!yq<{
z-;Y?Iy<kiXhTcYM&K^=3-sd%^o`<d8otLY3`R_k}@PTmpYn^!_%(U_jG@B<a-Q~nl
z^cU^r#BpZI22&TWyF#F+-1Tf^MYEKp1!+Z_C1BAr8Eadhxws6@7F{I=4VkTRC5LlF
zB*pP!IviY*?v6~|rSyw2eSga5R~VtBy3p)N!JL;~4c&pH+@ZqiFWs{GKi~b%uZJdn
zyW4|SHWL@SpMi3Y(PyI1)ZB1BZdC3u<9zt@vs$=D`A&8;m+`6s#r&>1!MXBFL{#7q
z)HO+WW173?kuI}^Xat;Q^gb4Hi0RGyB}%|~j8>`6X4CPo+|okMbKy9PHkr58V4b<d
ztlTLZ;|ZO{@^?(<wzumxb7adTorh^VP50$(a)55NM(R<R$wa@9pc)l&iP5xlY|O~i
zF9L=%$b-7gs{IRidDWeUM$i>X6<&ERU)QlF8<YB8FWtpNr&Qy9_3^{xh9g?$A;k{k
z&R|jhEy6<K?qJXbhaz1_7={SZWQz7}ZZgwCbSkDsA=ZztSpJ_=<9cO9h4nu3_owNV
zI+iaorKc$aufi>%%huUz&f+dwTN|tk+C&&o@Q1RtG`}6&6;ncQuAcfHoxd5AgD7`s
zXynq41Y`zRSiOY@*;&1%1<c-z*IL8K2h7Ja++=#s6<>z>oNcWTV|)sjLg1X8ijg1Y
zbIGL0X*Sd}EXSQ2BXCKbJmlckY(@EWn~Ut2lYeuw1w<ks3|UL(JD{}LVdIH0AE|W<
zbuWKh$4v5(TIa#5!{Q7P0(Wze7*xSe^+CV3^Z{pf-iRzUM9wqc64hY3L+&7+{t?j?
zoP1gf76sl>g?hhj@K?XB@V_ZP`fyL~Yd3n3SyHU-RwMBr6t-QWE5TinN9VD4XVPU;
zonIIR!&pGqrLQK)=#kj40Im%V@ij0&Dh0*s!lnTw+D`Dt-xmk-jmpJv$1-E-vfYL4
zqKr#}Gm}~GPE+&$PI@4ag@=M}NYi7Y&HW82Q`@Y=W&PE31D110@yy(1vddLt`P%N^
z>Yz195A%tnt~tvsSR2{m!~7HUc@x<&`lGX1nYeQUE(%sphTi>JsVqSw8xql*Ys@9B
z>RIOH*rFi*C`ohwXj<mQHITbzb`K>yeRBDt8p)-u{O+KWP;$4gg||%*u{$~yEj+Al
zE(hAQRQ1k7MkCq9s4^N3ep*$h^L%2Vq?f?{+cicpS8lo)$Cb69b98au+m2J_e7n<e
zrPTQ&q)IyREnL-_a^f<1vaF$pJF!>YwID0@`M9XIo1H~|eZFc8Hl!qly612ADCVpU
zY8^*RTMX(CgehD{9v|^9vZ6Rab`VeZ2m*gOR)Mw~73QEBiktViBhR!_&3l$|be|d6
zupC`{g89Y|V3uxl2!6CM(RNpdtynaiJ~*DqSTq9Mh`ohZnb%^3G{k;6%n18$4nAqR
zjPOrP#-^Y9;iw{J@XH9=g5J+yEVh|e=4UeY<^65`%gWtdQ=-aqSgtywM(1nKXh`R4
zzPP&7r)kv_uC7X9n=h=!Zrf<>X=B5f<9~Q>h#jYRD#CT7D~@6@RGNyO-#0iq0uHV1
zPJr2O4d_xLmg2^TmG7|dpfJ?GGa`0|YE+`2Rata9!?$j#e9KfGYuLL(*^<Mto?WjG
zzIMUb;kJad2ue#OPN7idD+S1LyNn2mdo!i2XA;}8nU@){TGPLK4~*tUa9YCQo<tNy
zMBME8%5n}Bo;;Cb?R}D##z6!)ga~lVY^EEj$e{H})YBKCE}nl<KVn%ug2gy4`@r>z
z!SxFA`$qm)q-YKh)WRJZ<p}q?9lXo^<oZM(sf%zx>@S+-sD_1E$V?;(?^+F3tVcK6
z2fE=8hV*2mgiAbefU^uvcM?&+Y&E}vG=Iz!%jBF7iv){lyC`)*yyS~D8k+Mx|N3bm
zI~L~Z$=W9&`x)JnO;8c>3LSDw!fzN#X<H>3qi|0`sXY4?cz{*#xz!kvZ9bO=K3XbN
z5K<JvgJ0O!>rgN=&(JbXH{Wsu9EdmQ-W`i!JWEmfI;yVTT^a-8Ch#D8xf2dtyi?7p
z%#)W3n*a#ndFpd{qN|+9Jz++AJQO#-Y7Z6%*%oyE<V`3vwk}>P5zs}d&kKIr`FVEY
z;S}@d?UU=tCdw~EJ{b}=9x}S2iv!!8<$?d7VKDA8h{oeD#S-$DV)-vPdGY@x08n)@
zag?yLF_E#evvRTj4^CcrLvBL=fft&@HOhZ6Ng4`8ijt&h2y}fOTC~7GfJi4vpomA5
zOcOM)o_I9BKz}I`q)fu+Qn<Igg6kqkngIR~VETM`Imvmk#sBU5^^+kG6jU)v(w)pm
zrypb=2?<IlE$L3DN?&9)fD%#?6l%oyl&Cj}k@h|+NHgTi#K^>fy*W`|mY%LO>eF^a
z;$)?T4F-(X#Q-m}!-k8L_rNPf`Mr<9IWu)f&dvt=EL+ESYmCvErd@8B9hd)a<uCW=
z<~DlDIvOjd6=y=<z&x6~0meq!HlEG7m?qRtE%v#s)#!Rn=hPm$B%762y6VCpv)4`)
z1Br5l`iyjjW?kp|GX03@<#EZNU3+gk!)r*n#!G`X@o`!Scp4#^+!BpeUBBL1E-NO=
z4h@cd(vd-IfEvuB$6zIx3bXYbwQZMaC?i@j!k5Z(Zj`}6-h!lPL`n@({(1o)Nw3m9
zkQ3~wL}2cfcFr!hJi;wa`3?w6c;_nix!m$^hmujGX1&rKo{9S6_qqY<!>fc(ZL94S
z?rp#h&{7Ah5IJftK4VjATklo7@hm?8BX*~oBiz)jyc9FuRw!-V;Uo>p!CWpLaIQyt
zAs5WN)1CCeux-qiGdmbIk8LR`gM+Qg=&Ve}w?zA6+sTL)abU=-cvU`3E?p5$Hpkxw
znu0N659qR=IKnde*AEz_7z2pdi_Bh-sb3b=PdGO1Pdf_q2;+*Cx9YN7p_>rl``knY
zRn%aVkcv1(W;`Mtp_DNOIECtgq%ufk-mu_<+Fu3Q17Tq4Rr(oeq)Yqk_CHA7LR@7@
zIZIDxxhS&=F2IQfusQ+Nsr%*zFK7S4g!U0y@3H^Yln|i;0a5+?RPG;ZSp6Tul>ezM
z`40+516&719qT)mW|ArDSENle5hE2e8qY+zfeZoy12u&xoMgcP)4=&P-1Ib*-bAy`
zlT?>w&B|ei-rCXO;sxo7*G;!)_p#%PAM-?m$<NR0m&DeGo|o?LmEM;ecwWaNtY6hi
z#ZlyxtC8f?3ih!WIYc3)<L(&&NP=|z3no0mBi(vD3z24!1C6LW;4@GA9(q}+ciy0p
zAO}QU0yI4e{gL*$QP5B+T!-k??vQ#^2Kr<nsgZlAP;~pgn6;1ls(M{o{y{5a?$rUT
z?%4sBU3w$fC{@Tn=yzh6cK7>JP(R%x1Hf<dUOg)@w#h<Tz3$-Xx6AWTZjc__sM~@j
zptb{FsNC_lYYD=Wq9if#73!eXQDh9pBjF=p)w|os4mw^x<1{|&G(N)w_EyC27#Y2F
z`pIu4L30O6O?Zm(aC779s=7<tSyx@FdRwbcG{j%}Ta30s-?=(FNnQg=n;Nx*MIxhF
z9<@w4*yc$9fJnqhZLLYJ0#T%npp1a4Y8#)a?EaQz7&+C9BYQtHZT*lArckZAa$|W8
zw3cTn3aCZg_+1Oe5Xx#IjF>as@KeaG%LO?R=lmkXc_MKZW}3f%KZ*rAN?HYvbu2L$
zRt_uv7~-IejlD1x;_Ah<I|*mGhY@`*@<t7?FesZf*6uKkL8u)!(F{ls<I77&8pn;P
zo2%o;nQPbLGsV(r8t~LnAQ>wGXjB94Q=%+PbxuYzta*jw?S&%|qb=(JfJ?&6P=R7X
zV%HP_!@-zO*zS}46g=J}#AMJ}rtWBr21e6hOn&tEmaM%hALH7nlm2<p7#~P#9E-Gk
zXl~ppU#bm&h=rNt5C$gV`1T=Ma9;PA52}UKMi8Eq2H4w5#~u8kBV=o<Y>@LP4rZ>2
zebe5aH@k!e?ij4Zwak#30|}>;`bquDQK*xmR=zc6vj0yuyC6+U=LusGnO3ZKFRpen
z#pwzh!<+WBVp-!$MAc<0i~I%fW=8IO6K}bJ<-Scq>e+)951R~HKB?Mx2H}pxPHE@}
zvqpq5j81_jtb_WneAvp<5kgdPKm|u2BdQx9%EzcCN&U{l+kbkhmV<1}yCTDv%&K^>
zg;KCjwh*R1f_`6`si$h6`jyIKT7rTv5#k~x$mUyIw)_>Vr)D4fwIs@}{FSX|5GB1l
z4vv;@oS@>Bu7~{KgUa_8eg#Lk6IDT2IY$41$*06{>>V;Bwa(-@N;ex4;D`(QK*b}{
z{#4$Hmt)FLqERgKz=3zXiV<{YX6V)lvYBr3V>N6ajeI~~hGR5Oe>W9r@sg)Na(a4-
zxm%|1OKPN6^%JaD^^O~HbLSu=f`1px>RawOxLr+1b2^28U*2#h*W^=lSpSY4(@*^l
z{!@9RSLG8Me&RJYLi|?$c!B0fP=4xAM4rerxX{xy{&i6=AqXueQAIBqO+pmuxy8Ib
z4X^}r!NN3-upC6B#lt7&x0J;)nb9O~xjJMemm$_fHuP{DgtlU3xiW0UesTzS30L+U
zQzDI3p&3dpONhd5I8-fGk^}@unluzu%nJ$9pzoO~Kk!>dLxw@M)M9?pNH1CQhvA`z
zV;uacUtnBTdvT`M$1cm9`JrT3B<R+G=hP_REZ<tJ8PUQGtH)L`oH-RQq7tj=RG!k0
zYPRwFR${=orkdJZGk7GdN7p(x=b?Gz$$etobcO5VI?UFj_4#O_y8E^-ap9ys$mhYl
zL6gE7Le|B@2{LkPD2!WZz!D9%4}B~&4}N*lM`<4H_(kBW{Als%IpDxnPu#Ai-$Pss
zz_59v5_xZu==xICXZy$DJ<dUQ>MW!MNVBy%?@ZX%;(%(vqQAz<7I!hlDe|J3cn9=}
zF7B;V4xE{Ss76s$W~%*$JviK?w8^vqCp#_G^jN0j>~Xq#Zru26e#l3H^{GCLEXI#n
z?n~F-Lv#hU(bZS`EI9(xGV*jT=8R?CaK)t8oHc9XJ;UPY0Hz$XWt#QyLBaaz5+}xM
zXk(!L_*PTt7gwWH*HLWC$h3Ho!SQ-(I||nn_iEC{WT3S{3V{8IN6tZ1C+DiFM{xlI
zeMMk{o5;I6UvaC)@WKp9D+o?2Vd@4)Ue-nYci()hCCsKR`VD;hr9<Q<Qfjv=?OM2T
zG#VZ>=vA!cgGL%3k<O3uD?Il1tZG)Lu&P{qa{3b$o<E*0ooLM`JjMYb4qW{o73B6!
z*ATWLul!(r!2DbezheJzb7=o!nhw--N`45`e1MwnY&cH7z0Z6xj0u&r*sUGf*?&ht
z(`nK4<VaZ^S~@){<AOOA=J%6!00BPSH$CH{QWaZ&l0*Szml<%16LwfZkpfeW!{+ss
zN80|;Tlz{R1s>^b(jADGyPi2TKr(JNh8mzlIR>n(F_hgiV(3@Ds(tjbNM7GoZ;T|3
zWzs8S`5PrA!9){jBJuX4y`f<4;>9*&NY=2Sq2Bp`M2(fox7ZhIDe!BaQUb@P(ub9D
zlP8!p(AN&CwW!V&>H?yPFMJ)d5x#HKfwx;nS{Rr@oHqpktOg)%F+%1#tsPtq7zI$r
zBo-Kflhq-=7_eW9B2OQv=@?|y0CKN77)N;z@tcg;heyW{wlpJ1t`Ap!O0`Xz{YHqO
zI1${8Hag^r!kA<2_~bYtM=<1YzQ#GGP+q?3T7zYbIjN6Ee^V^b&9en$8FI*NIFg9G
zPG$OXjT0Ku?%L7fat8Mqbl1`azf1ltmKTa(HH$Dqlav|rU{zP;Tbnk-XkGFQ6d+gi
z-PXh?_kEJl+K98&OrmzgPIijB4!Pozbxd0H1;Usy!;V>Yn6&pu*zW8aYx`SC!$*ti
zSn+G9p=~w6V(fZZHc>m|PPfjK6IN4(o=IFu?pC?+`UZAUTw!e`052{P=8vqT^(VeG
z=psASIhCv28Y(;7;TuYAe>}BPk5Qg=8$?wZj9lj>h2kwEfF_CpK=+O6Rq9pLn4W)#
zeXCKCpi~jsfqw7Taa0;!B5_C;B}e56W1s8@p*)SPzA;Fd$Slsn^=!_&!mRHV*Lmt|
zBGIDPuR>CgS4%cQ4wKdEyO&Z>2aHmja;Pz+n|7(#l%^2ZLCix%>@_mbnyPEbyrHaz
z>j^4SIv;ZXF-Ftzz>*t4wyq)ng8%0d;(Z_ExZ-cxwei=8{(br-`JYO(f23Wae_MqE
z3@{<zlV`^$h+R;6Plo*$HB>Mlf^%M5<Es=`WeacCc-}zxQkN>G1SI<RCo>N&en1*|
zH~ANY1h3&WNsBy$G9{T=`kcxI#-X|>zLX2r*^-FUF+m0{k)n#GTG_mhG&fJfLj~K&
zU~~6othMlvMm9<*SUD2?RD+R17|Z4mgR$L*R3;nBbo&Vm@39&3xIg;^aSxHS>}gwR
zmzs?h8oPnNVgET&dx5<tBk;e<ZiN3jQd=iyfVK61D(<q?-~4b)aDBHg85gF4O8mi6
zTM&w8r&5f)W|vFAX(g%SWwjE>^7APYx6Vv6eou07Zveyd+^V6_LzI$>ic+pxD_8s~
zC<}ucul>UH<@<U5FnwvumT6=C2e9+t#dGuF)3f9D-0atTOY}?D-3k+1m`&UyF>$KM
zT4oI=62M%7qQO{}re-jTFqo9Z;rJKD5!X5$iwUsh*+kcHVhID08MB5cQD4TBWB(rI
zuWc%CA}}v|iH=9gQ?D$1#Gu!y3o~p7416n54&Hif`U-cV?VrUMJyEqo_NC4#{puzU
zzXEE@UppeeRlS9W*^N$zS`SBBi<@tT+<%3l@KhOy^%MWB9(A#*J~DQ;+MK*$rxo6f
zcx3$3mcx{tly!q(p2DQrxcih|)0do_ZY77pyHGE#Q(0k*t!HUmmMcYFq%l$-o6%lS
zDb49W-E?rQ#Hl``C3YTEdGZjFi3R<>t)+NAda(r~f1cT5jY}s7-2^&Kvo&2DLTPYP
zhVVo-HLwo*vl83mtQ9)PR#VBg)FN}+*8c-p8j`LnNUU*Olm1O1Qqe62D#$CF#?HrM
zy(zkX|1oF}Z=T#3XMLWDrm(|m+{1&BMxHY7X@hM_+cV$5-t!8HT(dJi6m9{ja53Yw
z3f^`yb6Q;(e|#JQIz~<H=pFu&JDu_VsBWml#ckXk_zrD@p&^*>B*=!-GbQ4nNL-NL
z@^NWF_#w-Cox@h62;r^;Y`NX8cs?l^LU;5IWE~yvU8TqIHij!X8ydbLlT0gwmzS9}
z@5BccG?vO;rvCs$mse1*ANi-cYE6Iauz$Fbn3#|ToAt5v7IlYnt6RMQEYLldva{~s
zvr>1L##zmeoYgvIXJ#>bbuCVuEv2ZvZ8I~PQUN3wjP0UC)!U+wn|&`V*8?<I?K;&#
zwzV$&4c144(2(raVgP)PymoU9%O}vEpXw`#7s~|}Ca~&*@OQ+p@_Q_U8&@(G?po6?
zyQ5gX0lAj$Vr=}0R{W!lP}An_a5K;%9S<EB7O%mZe36=-)gT!o+(p9)0Zv%Q_IiWR
zZF#$?SiZsNtX)B=te;rDbGJ~wm3waU1C?!=o2Se)gNf&dn6--z@^iB{ci^CYi?>)`
zMSCuvnuGec>QL+i1nCPGDAm@XSMIo?A9~C?g2&G8aNKjWd2pDX{q<hvPp}>Z?04+2
zeyLw}iEd4v<uv(M?{UyonoP&Z5=qoQDtCoqm_kp`-+2RF`W&dqAO0+6U1mfE5+^g&
z<a_z*L0a2sv|*)WiJsv}jb$t(Fn0xZ@JI{D1wRP-te440zwJ}mY{=Zzhy+r#n3qrT
zQdQ(2(?IIvnyZLjOaK}+Pb=dFLnktjSfPJR9}Ts;73^w=&Ty1@C3a!(CNe@*ePC<6
zEu`wsVdEHm)u^#Du<2i-Xr7AcBrdVn-wK{q`9T+I{`NA$yAlg;aloK9$L>kCAWwa$
zbrHlEf3hfN7^1g~a<k@)njRPP$ITAyk`&tZc#Hd>W^XwldSmx1v~1z(s=1az4-wl}
z`mM+G95*N*&1EP#u3}*KwNrPIgw8Kpp((rdEOO;bT1;6ea~>>sK+?!;{h<rmH-#jy
zas)*1?vk3eBPh1m)52=^$@5L6(IP?Prt>pJ3rR<6UJb`O8P4@{XGgV%63_fs%cG8L
zk9Fszbdo4tS$g0IWP1>t@0)E%-&9yj%Q!fiL2vcuL;90fPm}M==<>}Q)&sp@STFCY
z^p!RzmN+uXGdtPJj1Y-khNyCb6<WSA4^N~$6JEL~31;jxQ3enA5vLSeeyUB<dmq?i
zz0C<0tpPqC&@1s-cx{?@d7C)DtQ|4YpRiUs0p2X0$P%O!U4hG6P8M+H>Y$Vs>eZyW
zPaOV=HY_T@FwAlleZCFYl@5X<<7%5DoO(7S%Lbl55?{2vIr_;SXBCbPZ(up;pC<J`
zk3k1}NHutg%O|%v4d&WeKXplUg!7TqKr<_g-`rn$mV*%B!Ix`rEBi7AU3kCfa&K}Z
zcpUL=P}BP9I6ZUwCKS91T;ys>6Wx={AZL?shYOuFxLx1*>62;2rP}g`UT5+BHg(ju
z&7n5Q<PLIjB(l#)WWgYc?^>SvSyXbioB9CJTB#x;p<Al{?nME_LsQru7yh;G#&DDw
zTMTHiS^fy!h7wV?H=3(vq0y>exicV|9oaOpiJ9VK6EvKhl4^Vsa(p6cIi$*Zr0UxQ
z;$MPOZnNae2Duuce~7|2MCfhNg*hZ9{+8H3?ts9C8#xGaM&sN;2lriYkn9W>&Gry!
z3b(Xx1x*FhQkD-~V+s~KBfr4M_#0{`=Yrh90yj}Ph~)Nx;1Y^8<418tu!$1<3?T*~
z7Dl0P3Uok-7w0MPFQexNG1P5;y~E8zEvE49>$(f|XWtkW2Mj`ud<SnEL2>Pn)pb%}
zrA%wRFp*xvDgC767w!9`0vx1=q!)w!G+9(-w&p*a@WXg{?T&%;qaVcHo>7ca%KX$B
z^7|KBPo<2;kM{2mRnF8vKm`9qGV%|I{y!pKm8B(q^2V;;x2r!1VJ^Zz8bWa)!-7a8
zSRf@dqEPlsj!7}oNvFFAA)75})vTJUwQ03hD$I*j6_5xbtd_JkE2`IJD_fQ;a$EkO
z{fQ{~e%PKgPJsD&PyEvDmg+Qf&p*-qu!#;1k2r_(H72{^(Z)htgh@F?VIgK#_&eS-
z$~(qInec>)XIkv@+{o6^DJLpAb>!d}l1DK^(l%#OdD9tKK6#|_R?-%0V!`<9H<Y}a
zLr*5&E+*8B^8yH+{Q@3cQVx+t1S*}wg37du6J=_9dBVhzQwmFCaXNDp+`UflNxOT`
z0JQOl5c|}ja*<zrB=upt#;PunQE3NdY--0ViwE7rv6SBRF;$K0LABT(s;yR7H-l>j
z3w3chDwG*SFte@>Iqwq`J4M&{aHXzyigT620+Vf$X?3RFfeTcvx_e+(&Q*z)t>c0e
zpZH$1Z3X%{^_vylHVOWT6tno=l&$3<EtHk5t!XZcFMD+&-j=Lv*2O-WM~f8m=#&kP
z{hbHhHkCDaBj*qRk#2wA)gy<VM-(-ty<8P#eSC!BJ?&uLTDfgdR<I_yM48N$vP*Zb
zw)4z8ePbGZEWj?T3%%nExkrMJKA|;om<65kQ<kim4QIJfRgm_tl0YWsJOefP;(Xb*
zrp896v&8kSqq(^fi><asr!#@F^qR*eQw?u%p!z6Uj0M3~cao)x3MmFtYgMBb^q?b>
z9^eQ@TwU#%WMQaFvaYp_we%_2-9=o{+<Gy0&*g+bt@|Y*&Ve!aDWl9JTU9L=H9>ck
zF{cKJCOjpW&qKQquyp2BXCAP920dcrZ}T1@piukx_NY;%2W>@Wca%=Ch~x5Oj58Hv
z;D-_ALOZBF(Mqbcqjd}P3iDbek#Dwzu`WRs`;hRIr*n0PV7<UlDd>vT+%Io(t}8KZ
zpp?uc2eW!v28ipep0XNDPZt7H2HJ6oey|J3z!ng#1H~x_k%35P+Cp%mqXJ~cV0xdd
z^4m5^K_dQ^Sg?$P`))ccV=O>C{Ds(C2WxX$LMC5vy=*44pP&)X5DOPYfqE${)hDg<
z3hcG%U%HZ39=`#Ko4Uctg&@PQLf>?0^D|4J(_1*TFMOMB!Vv1_mnOq$BzXQdOGqgy
zOp#LBZ!c>bPjY1NTXksZmbAl0A^Y&(%a3W-k>bE&>K?px5Cm%AT2E<&)Y?O*?d80d
zgI5l~&Mve;iXm88Q+Fw7{+`PtN4G7<bQ=21EG5>~mJWR^z7XmYQ>uoiV!{tL)hp|=
zS(M)813PM`d<501>{NqaPo6BZ^T{<stnm<itX6Tm!bf-k<z3E&>KBaqEVH(2^Vjeq
zgeMeMpd*1tE<coi9DuzGse8@icLg5PVYY3|4@2pP9Bt4%Bj;!?m3*{}4B0+FhcJ1|
z`0qAJjWr-VR=!2Gp|L2&;YJP>@@);hGjuoVzF>Cj;5dNNwh40CnU+0DSKb~GEMb_#
zT8Z&gz%SkHq6!;_6dQFYE<kc%7L+V`vY><wgACXg^e+;~rSw^OSL_G{U+WiI`BGzz
z!1$5a77>`+b`v4NT7&@P>cA1Z1xmXy<2htaDhm<AD<=;8^F+fp(nnyj35ef;f@-DO
zxAv2gr%;;#)|k<)!p&#On`#gmn2`R{_7{azNKh7l*VG8qc=LfulrOkP>@XXMp!g($
zw(7iFoH2}WR`UjqjaqOQ$ecNt@c|K1H1<SLjgi!e6|l7eu3c_ZBe7cWGE~pV--z&b
z@B*LZn7U+JIB>kyBArTTjLp%-M`4nzOhkfE#}dOpcd;b#suq8cPJ&bf5`6Tq>ND(l
zib{VrPZ>{KuaIg}Y$W>A+nrvMg+l4)-@2jpAQ5h(Tii%Ni^-UPVg{<1KGU2EI<X<^
zwB(u3Rj03K^I0v^lypS3Q>UNGaXcEkOedJOusFT9X3%Pz$R+-+W+LlRaY-a$5r?4V
zbPzgQl22IPG+N*iBRDH%l{Zh$fv9$RN1sU@Hp3m=M}{rX%y#;4(<JDm;R868cFHC!
z4j`wfp|NMwZv^yYq^XlFsCZ`ND4yYZsu$~dY83A*;H!9M<tUsXy{AZ_FR-h6#^EWQ
zIrczd=PHy_M)s7>x1KR2yCO7Pzo>rw(67E{^{yUR`91nX^&MxY@FwmJJbyPAoWZ9Z
zcBS$r)&ogYBn{DOtD~tIVJUiq|1foX^*F~O4hlLp-g;Y2wKLLM=?(r3GDqsPmUo*?
zwKMEi*%f)C_@?(&&hk>;m07F$X7&i?DEK|jdRK=CaaNu-)pX>n3}@%byPKVkpLzBq
z{+Py&!`MZ^4@-;iY`I4#6G@aWMv{^2VTH7|WF^u?3vsB|jU3LgdX$}=v7#EHRN(im
zI(3q-eU$s~r=S#EWqa_2!G?<pIlS9wm1rN<hZRm`djh_~nR=__UbsvC$kse~W73jp
zml?Q@eSUvxNH`K~;Z=Sd{v<RLXe!D{NGr8fcB8~A(}nkvwMn6~$i_~*&zyP!J`>b~
z<&brq1vvUTJH380=gcNntZw%7UT8tLAr-W49;9y^=>TDaTC|cKA<(gah#2M|l~j)w
zY8goo28gj$n&zcNgqX1Qn6=<8?R0`FVO)g4&QtJAbW3G#D)uNeac-7cH5W#6i!%BH
z=}9}-f+FrtEkkrQ?nkoMQ1o-9_b+&=&C2^h!&mWFga#MCrm85hW;)1pDt;-uvQG^D
zntSB?XA*0%TIhtWDS!KcI}kp3LT>!(Nlc(l<EyLN=3pWUQETXv8TB{xTLc9Uts}En
z&1Ap7ov+mP&jChWVX@{B72g;?(jYkLhfkn<rK9w5`rGEQn*t&K@5tX4z!Nmd`Uw`w
zJzeukuO`WUQ?+HE6(F5m`SFDL0R<HjJg4m07|j$}#F|l_8y}U5cG4tTd&y;Y*uj34
z_g0@kNO$LXHNzlsdYqRL7yT{vRRWQa&2Y5VVGF~I;sz=9Q7+B5Zlp-m(1j7oZ!W&V
zdpqTyUSEOZeuw;kszIt(72m`irMH<+HmK<+(io|m2X3lfYKT|pZ&r&8LYK7h8_A-N
z%w3~-gNte`g}i8a__i})!?u^<7(ey1+(-Ik{@qHIuQ)sLTOQ9U@$k$`#9T2C_LHI5
zeo36PW9i5V<laMujF{}l4!fbgb>QN?k^bS8Q^GGMfo}^|%7s;#r+pybl@?KA++|FJ
zr%se9(B|g*ERQU96az%@4gYrxRRxaM2*b}jNsG|0dQi;Rw{0WM0E>rko!{QYAJJKY
z)|sX0N$!8d9E|kND~v|f>3YE|uiAnqbkMn)hu$if4kUkzKqoNoh8v|S>VY1EKmgO}
zR$0UU2o)4i4yc1inx3}brso+sio{)gfbL<Vqpt#WyL0U|m5>aEgLahj8(_Z#4R-v)
z<Y@rIT1ya$8K3-zov|IX8MFRi2(fI*oSBi<D}4G8h`T<|^7M1@NcQ(!@i@ztiAaJs
zg};Vu*;b$C!kXbR^aBn{(CSEj#?+XvEt%M13^Up)T?~{qOgyg%WvMUUzPB|(@}aAv
zP%GSV%7Gf&C{ce~ek3)FOq*^Q({47~Va+3U@X~I{w+;`PF#F;hoxWgu#5^}}i6AZT
z!9-NUnqw@n1`E9sROnC}z+c0q;T0G<1HXm)ZB^ZP)eyzFVtyc=VSFHubg?Y}1|7<@
z3^=Q>glqwI%`dsY+589a8$Mu7#7_%kN*ekHupQ#48DIN^uhDxblDg3R1yXMr^NmkR
z7J_NWCY~fhg}h!_aXJ#?wsZF$q`JH>JWQ9`jbZzOBpS`}-A$Vgkq7+|=lPx9H7QZG
z8i8guMN+yc4*H*ANr$Q-3I{FQ-^;8ezWS2b8rERp9TMOLB<Hzbyz?i<o5F&CLbn=A
z&IsV;j29<HXa>xiG9J*g5=?h)mIm3#CGi4JSq1ohFrcrxx@`**K5%T}qbaCGldV!t
zVeM)!U3vbf5FOy;(h08JnhSGxm)8Kqxr9PsMeWi=b8b|m_&^@#A3lL;bVKTBx+0v8
zLZe<WI4e`+aO=m&rM5hy2G>WAxJ~N27lsOT2b|qyp$(CqzqgW@tyy?CgwOe~^i;ZH
zlL``i4r!>i#EGBNxV_P@KpYFQLz4Bdq{#zA&sc)*@7Mxsh9u%e6Ke`?5Yz1jkTdND
zR8!u_yw_$weBOU}24(&^Bm<o(9^PVUz?&)yDF`(O(Gyc&<$bmtFSj2vk_krsGsruw
zhqa+{=-`P%I$X?~v>|(dSJ(v(cBct}87a^X(v>nVLIr%%D8r|&)mi+iBc;B;x;rKq
zd8*X`r?SZsTNCPQqoFOrUz8nZO?225Z#z(B!4mEp#ZJBzwd7jW1!`sg*?hPMJ$o`T
zR?K<ul33c4O2&fvGCKse@$=(U@v*LQ;D0do7O-(`OV)5=ikX?2xoyYH%n&oX&CJZq
z%n&m(W9*ojnVFd#<L@{3&CHuS@B1}UAE~8owbW<V*;Tdns<q-QCfkz8liYFFS<L)+
z7QLl5Dai0c=r9CjH|8I$CBDm)`X(x6xDRROE}^&BYvUj0a+xlep4_rKXge^h$x$d9
zdepU>rN6OZA1H{9pA;p0cSSu;@6->8aJm1rrO-yDJ7)lxuk#npUk7WNER1Wwnpy%u
zF=t6iHzWU(L&=vVSSc^&D_eYP3TM?HN!Tgq$SYC;<AtFx_d_2BEOEYBNMhL$V!W8^
zh++>pSIPWW;zeNm7Pgub#yZ@7WPw#f#Kl)W4%B>)+8%gpfoH1qZ;kZ*RqfXYeGXJ_
zk>2otbp+1By`x^1V!>6k5v8NAK@T;89$`hE0{Pc@Q$KhG0jOoKk--Qx!vS~lAiypV
zCIJ&6B<XEaN*;ayrZL{86d=PM`Yc9XKcTX~j<1_2oS@$ns%N+|Y<s4=w+Zw|vIx}J
z@+{+`UlWRf^VdV&Z#(ok)UKvoHY^2+vw8+$<IP_32IwkP1=c5i_7C~0tY{QG-=;{+
zhl(mlShRBklpsQvq!1{CJ)t;J$;~CRi^}ri@u{n8Qo=XK+TspC6zjk5jVVY=gyUqK
z9i^@=?NM4;+Pj|-s|NuY#!-YPnlFpNJrrxGm}@<u*wzGk_2z0rDe?Ofv92~-U4MdX
zszY>@24`!TxhJ4_QS*S5;;Pk#!f(qIR7*(c3dN*POKtQe)QvR{O2@QsM%ujEAWEm)
z+PM=G9hSR>gQ`Bv2(k}RAv2+$7qq(mU`fQ+&}*i%-RtSUAha>70?G!>?w%F(b4k!$
zvm;E!)2`I?etmSUFW7WflJ@8Nx`m_vE2HF#)_BiD#FaNT|IY@!uUbd4v$wTglIbIX
zblRy5=wp)VQzsn0_;KdM%g<8<zMk^A6j+j}uT)^(Be1$%zc**^BGHQKgMs;$cLWe;
zvLdi6vr=v{{TxyrM-A@QM}<Z*6JjNG!^!oy5aXr(9QyMo1NddNI|tBxGMIOFSq*t9
zDs1<PRtcWj(?TW>@>#;E?vypTf=F<c=4G}#GH&=}CXGQZG3B)x6Dz*1q<)4nz4YmZ
zaoQ28!Ut~+of&N6gUfKfT0{o*Gg2}+uCfyY*3apLurbyvb25h`dK1PSXMTaLzSH}2
zro7dKPEa{nQf{V~{!|yiI~M{YZ5V(H&>?3f@SSdZ;XpX~J@l1;p#}_veWHp>@Iq_T
z@^7|h;EivPYv1&u0~l9(a~>dV9Uw10QqB6Dzu1G~-l{*7IktljpK<_L8m0|7VV_!S
zR<YfG>iE{u97(%R-<8oYJ{mo<K39dP>lUd>vlGaE-C|^<`hppd<pb>Dz<7OS13$#J
zZ+)(*rZIDSt^Q$}CRk0?pqT5PN5TT`<rSYYOMyhET5=5=v;fBdw!C;8B@AKHo8mei
zm`V2{u_`sbzE@5&aqW`u(}{xPtlg?z2|p89_d=@X6F%_OVD~Gd!T@`Opdf6L=+vcj
zHEObUU@WH&`%ru~2y**H2r;fJJuMqg8Ej0l`|8Xv*^mqcTG|n98uz!WGotprMx0^&
z)nC2j8^NXZFY4*W2hh{6`j)TU{v$9o{SmfxDX}3xi#eu#*03Y2?gJMHj^z*yz<SE|
zuy7W}a=staDftFbanTm=WjG^#4Nf?Bz|Ngo<^BUe9FEUsL;mx}$dcaLNrs_O(%8CQ
z4==XD_NQUc7o8?%LX-wv%7%m+;TGgSkU|~S;lCMljtiaH=l{rn4!BdU2r(s6<F`9v
z;hP}z_jfm)=WQpKTisH|T%5GavYp4uru;du<7xXQXf2o?<=;+;bubH;BL(h)Rn|PJ
z2yOXg2{PGEh&4Y48X=J>Ya{q(BUg#&nAsg6apPMhLTno!SRq1e60fl6GvpnwDD4N>
z9B=RrufY8+g3_`@PRg+(+gs2(bd;5#{uTZk96CWz#{=&h9+!{_m60xJxC%r&gd_N!
z>h5UzVX%_7@CUeAA1XFg_AF%(uS&^1WD*VPS^jcC!M2v@RHZML;e(H-=(4(3O&bX-
zI6>usJOS+?W&^S&DL{l|>51ZvCXUKlH2XKJPXnHjs*oMkNM#ZDLx!oaM5(%^)5XaP
z<nJ@Vl9h$*>k6&+P16sA>vyFe9v`Cp5qnbE#r#ltR5E+O3!WnKn`56Grs2;sqr3r#
zp@Zp<^q`5iq8OqOlJ`p<!Pd3OJ4y`aXO?b9IF+!Xq&$N?TU8(RQ<mmb)4Hw3qA3$7
zbkygMKqgd1ntfqv7yl<DMr#gRj-Sk<MAz&9v-xzrxPcvp5{6!bLp!<wPg&Y3aWL9q
zbzdVLD{xX1N$O%Uv?Ie>IuyK@3zPz&iJ0Jcc`hDQ1bqos2;}O|$i#}e@ua*x5VCSx
zJAp}+?Hz++tm9dh3Fvm_bO6mQo38al#>^O0g)Lh<fGPkm%Nx#284)t<siIIS89gM3
z*z~^sJK<QY@8fS!<5d^ugUu&(lI2s<h~VEtjnXzI|1~WTlwe^qqlY^9fsmqX4UF98
zUm|y)#?b!W5y8YnDkXjuU!zy&GC7h^Ro_s78l~GWmn&+r1H<P_Fyi`C5i6QiYIgR}
ze&WN0{`iuQ&*!UY4we{fvq6jhD$@`7sQlnI7MFrnn(-zO<?d*I?ck%~B}95qE<H6@
zW3}LyOd>^&l82+&x)*<<btc+tb8dFj30^*yW5ZUU#oC$OV64Xn;|@L+NwC47v!k+$
z>n7^Sw-AJo9tEzZDwyJ7L^i7|BGqHu+ea<d*1~e_MJC!`RDL7;k)m3UkPh&$rB$Pi
zE)0LBDCouQ$|q|8<%^s<vZ|SpL4{$)P6s<dhjc<l#4AUEL<FdVQ;>6(&7jKpBq>~V
z8CJxurD)WZ{5D0?s|KMi=e7A^JVNM6sdwg@1Eg_+Bw=9j&=+KO1PG|y(mP1@5~x>d
z=@c{EWU_jTSjiJl)d(>`qEJ;@iOBm}alq8;OK;p(1AdH$)I9qHNmxxUArd<?Mt_8o
z*fa1!mhs%RH1q)XWzPdt7lzAsEotwS69-kw*-b=H*7OadW!Yz?yarkQILmZr56EfI
zJ`29z=KYtDUb)(kQid2v<Q`~974eezST=`l2^#2EDvC)1VQ71v<6gP|?U&#wioPyl
zEj|%p=n#{@2zmLu`{zhock0Zd1ZCtg4+ZH1&EKrqQ@2oQP((~b!kY`c*}%lGS_vXe
zK;&3rTrRGpNo2#I+AS9OJYKGibC0-$sM$Fx%xxmHLRo>zBW0t+Qeyl)m3?D09770g
z)hzXEOy>2_{?<u&vHU?RwVexP0h0VWx%I2=dh++xjK9O;Hr7~3O<%u!(F6VRh5g^h
zs=U6Vseprnk(Gg^kv*xj4N%`w_;bL=-ps(s(ah$bgvlgDO(`4!)b|PF`toCy-LhZH
zQhB_6_jMxA3yP58@{mnaJ3^b}!?Ds@F1?2NPt~Zff&|Z?&-s#*(t=DXkY1^P!-uTP
zjNaGhw_OTfFUzs~Pz*9xHNb`xQ0I^9Zoc5vs(GxBs#lL-KE;GcMctD)+09#lV+l+5
zXuEmMpX8d2AxDY}(`i{l&s>o%2B%k%z4d23!pZcoxyW1Ik{|m7Q1>fm4`wsRrl)~h
z_=Z*zYL+EG@DV1{6@5@(Ndu!Q$l_6Qlfoz@79q)Kmsf~J7t1)tl#`MD<;<w>1&CAA
zH8;i+oBm89dTTDl{aH`cmTPTt@^K-%*sV+t4X9q0Z{A~vEEa!&rRRr=0Rbz4NFCJr
zLg2u=0QK@w9XGE=6(-JgeP}G#WG|R&tfHRA3a9*zh5wNTBAD;@YYGx%#E4{C#Wlfo
z%-JuW9=FA_T6mR2-Vugk1uGZvJbFvVVWT@QOWz$;?u6+CbyQsbK$>O1APk|xgnh_8
zc)s@Mw7#0^wP6qTtyNq2G#s?5j~REyoU<dNb!sFzw-@5s#y4HwFV0tED~A<06|pTh
z>6^lT7dpX{T-rhZWHD%dik*=EA7bIJgOVf_Ga!yC8V^tkTOEHe+JK@Fh|$kfNxO^=
z#lpV^(ZQ-<vD~d`H?x4JiQ<OrRuC;324_SSo9sm;PnlRJw5)AfAP@RBVPnAMVobYS
zCB2H^e%V?4a>3!^_BhV>aXY~GC9{8%1lOJ}6vzXDvPhC>JrtXwFBC+!3a*Z-%#9}i
z#<5&0LLIa{q!rEIFSFc9)>{-_2^qbOg5;_A9<iIo$cxrpe4PgA=&4d*qU<SqFezq>
ztQ))C6#hxSA{f9R3Eh^`_f${pBJNe~pIQ`tZVR^wyp}=gLK}e5_vG@w+-mp#Fu>e|
z*?qBp5<z32V&~LWo4rji9<CjquLGjff@`eQ!Fmu^r$~xQbcaPa025}FXd-Tv9B5LE
z0ZKHtFb>CQ5zu+Fi}xAs)YY1;bKG!htqR~)DB$ILN6GaChoiy%Bq@i+1ZnANC0U&D
z_4k$=YP47ng+0NhuEt}6C;9-JDd8i5S>`Ml==9wHDQFOsAlmtrVwurYDw_)Ihfk35
zJDBbe!*LUpg%4n>BExW<PrJr}3W3^bbRj~dS5|u=>z>KIQ9vexUu^d!7rc_kg#Bf=
z7TLz|l*y*3d2vi@c|pX*@ybf!+Xk|2*z$@F4K#MT8Dt4zM_EcFmNp31#7qT6(@GG?
zdd;sSY9HHuDb=w&|K%sm`bYX#%UHKY%R`3aLMO?{T#EI@FNNFNO>p@?W*i0z(g2dt
z{=9Ofh80Oxv&)i35AQN>TPMjR^UID-T7H5A?GI{MD_VeXZ%;uo41dVm=uT&ne2h0i
zv*xI%9vPtdEK@~1&V%p1sFc2AA`9?H)gPnRdlO~URx!fiSV)j?Tf5=5F>hnO=$d$x
zzaIfr*wiIc!U1K*$JO@)gP4%xp!<*DvJSv7p}(uTLUb=MSb@7_yO+IsCj^`PsxEl&
zIxsi}s3L?t+p+3FXYqujGhGwTx^WXgJ1}a@Yq5mwP0PvGEr*qu7@R$9j>@-q1rz5T
zriz;B^(ex?=3Th6h;7U`8u2sDlfS<l+dE*>{0YyydK=*>-(NOm9>S_{U|eg(J~C7O
zIe{|LK=Y`hXiF_%jOM8Haw3UtaE<Zdb(u?n^01z%e5-Fky@Y9&Iyoy<m72uhWzsRF
zNB62Nn5)FJB)r`PjQ(>{hWdzo3BbD6ud7br4cODBtN(~Hl+o<R!FDDU$bZ5aRi@tc
zjGV^+NY&Ok^-`}9Z$`HP>dP0SSWPw;I&^m)yLw+nd#}3#z}?UIcX3=SssI}`QwY=%
zAEXTODk|MqTx}2DVG<|~(CxgLyi*A{m>M@1h^wiC)4Hy>1K7@|Z&_VPJsaQoS8=ex
zDL&+AZdQa>ylxhT_Q$q=60D5&%pi6+qlY3$3c(~rsITX?>b;({FhU!7HOO<HpF8%?
z!T}OY=N3=7U{0O4lUeu|r&V}wNV8elOsd0%A=Zw4q)I#5Rz+e4XQS*24_}n^xV0B<
z3qc<`>hSP7>bmTkC8KM%!LRGI^~y3Ug+gh!QM=+NZXznM)?L3G=4=IMvFgX3BAlyJ
z`~jjA;2z+65D$j5xbv9=IWQ^&-K3Yh`vC(1Qz2h2`o$>Cej@XRGff!it$n{@WEJ^N
z41qk%Wm=}mA*iwCqU_6}Id!SQd13aFER3unXaJJXIsSnxvG2(hSCP{i&QH$tL&TPx
zDYJsuk+%laN&OvKb-FHK$R4dy%M7hSB*yj#-nJy?S9tVoxAuDei{s}@+pNT!vLOIC
z8g`-QQW8FKp3cPsX%{)0B+x+OhZ1=L7F-jizt|{+f1Ga7%+!BXqjCjH&x|3%?UbN#
zh?$I1^YokvG$qFz5ySK+Ja5=mkR&p{F}ev**rWdKMko+Gj^?Or=UH?SCg#0F(&a_y
zXOh}dPv0D9l0RVedq1~jCNV=8?vZfU-Xi|nkeE->;ohG3U7z+^0+HV17~-_Mv#mV`
zzvwUJJ15v5wwKPv-)i@dsEo@#WEO9zie7mdRAbgL2kjbW4&lk$vxkbq=w5mGKZK6@
zjXWctDkCRx58NJD_Q7e}HX`SiV)TZMJ}~zY6P1(LWo`;yDynY_5_L?N-P`>ALfmyl
z8C$a~FDkcwtzK9m$to<?i={Q1<r!kWsi#PdacK&j_SHocDegj7ArB9}VXQngl5L{!
zUet3_v3Xz?zc35Mr~AQpff20WpTKY{cfUE^?cQPDF^PY$xGxE0=iTN0to(@`fX^L<
zW&k!FRJ<lR<JuZ1RX<t?KGKDxoC|~J-TvgLlY<4dX2{H`Ca^;mh*F(z#)T!*Ru12a
zGo9OxS!H0TS$CMC%+hafZ*l6?p0YER@h$XIzK}wEN216)NTlGhbv=P~Ct+v-S%hA!
z?Wt=U{g|~#Yb5cKyc%_N>f>(`Vu3#6r#+v8RGy#1D2)F;vnsiL&P-c<PEdaeq&k`z
zIf(09f2yngm&WP35{@$Jhjx4o5iQ*m2;2;M1l=~EGW>^PO)^B-4VeJteLlT@25sPa
z%W~q5>YMjj!mhN})p$47VA^v$Jo6_s{!y?}`+h+VM_SN`!11`|;C;B};B&Z<@%FOG
z_YQVN+zFF|q5zKab&e4GH|B;sBbKimHt;K@tCH+S{7Ry~88`si7}S)1E{21nldiu5
z_4>;XTJa~Yd$m4A9{Qbd)KUAm7XNbZ4xHbg3a8-+1uf*$1PegabbmCzgC~1WB2F(W
zYj5XhVos!X!QHuZXCatkRsdEsSCc+D2?*S7a+(v%toqyxhjz|`zdrUvsxQS{J>?c&
zvx*rHw^8b|v^7wq8KWVofj&VUitbm*a&RU_ln#ZFA^3AKEf<#T%8I!Lg3XEsdH(A5
zlgh&M_XEoal)<U`gmj7KapY)Hr{WnJTjn2>i#0tcq8c%Gs6`xu;vvP2u)D9p!&XNt
z!TdF_H~;`g@fNXkO-*t<9~;iEv?)Nee%hVe!aW`N%$cFJ(Dy9+Xk*odyFj72T<KE!
zw4cE@GhinXp>!(b%Vo5zvCGZ%3tkt$@Wcx8BWEkefI1-~C_3y*LjlQ5%WEz9WD8i^
z2MV$BHD$gdPJV4IaV)G9CIFwiV=ca0cfXdTdK7oRf@lgyPx;_7*RRFk=?@EOb9Gcz
zg~VZrzo*Snp&EE{$C<No4d70xXPB?!sNc{{H_P35O*jXFJ13V_S_`E(NPd;Af@mwO
zHl0n3Ct5of(OD&RPW%dX)-j>Wr)JZW)Gr;{B2ka6B!&?aknM-FENcl%45#y?oq9QY
z3^1Y5yn&^D67Da4lI}ljDcphaEZw2;tlYuzq?uB4b9Mt6!KTW&ptxd^vF;NbX=00T
z@nE1lIBGgjqs?ES#P{ZfRb6f!At51vk%<0X%d_~NL5b8UyfQMPDtfU@>ijA0NP3UU
zh{lCf`Wu7cX!go`kUG`1K=7NN@SRGjUKuo<^;@GS!%iDXbJs`o6e`v3O8-+7vRkFm
z)nEa$sD#-v)*Jb>&Me+YIW3PsR1)h=-Su)))>-`aRcFJG-8ic<nNwp$kflaU1~0be
zc)Ee+Km%o{Yf__YllPD#MI(G?wJlGyCji;+TgV$-xUJS)?{FZ739IR$+>omO4J@60
zw10l}BYxi{eL+Uu0xJYk-Vc~BcR49Qyyq!7)PR27D`cqGrik=?k1Of>gY7q@&d&Ds
zt7&<zUob{#X>WixP`9~jjHO`Cog~RA4<DQ?K)Za3%QXL8?m@2`3$ut4{y6BP?Vh&}
zzL?7tF(aTRK*f)%MY>Q%uMg+$z^<Z|C+6@Xr;FuyX!j|U;VAzBMdR6@chSjz126MV
z&+KJdc2nDRNbEa=`V-+q8xXM<Q-G(L<U3zXe&XQvAQbL^1WT)>Gt&vn+d3&>Ux{_c
zm|bc;k|GKbhZLr-%p_f%dq$eiZ;n^NxoS-Nu*^Nx5vm46)*)=-Bf<;X#?`YC4tLK;
z?;u?shFbXeks+dJ?^o$l#tg*1NA?(1iFff@I&j^<74S!o;SWR^Xi);DM%8XiWpLi0
zQE2dL9^a36|L5qC5+&Pf0%>l&qQ&)OU4vjd)%I6{|H+pw<0(a``9w(gKD&+o$8hOC
zNAiShtc}e~ob2`gyVZ<Ju=*74L>x59y<6Fpl*$J41VJ-H*e-yECWaDMmPQi-N8XI3
z%iI@ljc+d}_okL1CGWffeaejlxWFVDWu%e=>H)XeZ|4{HlbgC-Uvof4ISYQzZ0Um>
z#Ov{k1c*VoN^f(gfiueuag)`TbjL$XVq$)aCUBL_M`5>0>6Ska^*Knk__pw{0I>jA
zzh}Kzg{@PNi)fcAk7jMAdi-_RO%x#LQszDMS@_>iFoB+zJ0Q#CQJzFGa8;pHFdi`^
zxnTC`G$7Rctm3G8t8!SY`GwFi4gF|+dAk7rh^rA{NXzc%39+xSYM~($L(pJ(8Zjs*
zYdN_R^%~LiGHm9|ElV4kVZGA*T$o@YY4qpJOxGHlUi*S*A(MrgQ{&xoZQo+#PuYRs
zv3a$*qoe9gBqbN|y|eaH=w^LE{>kpL!;$wRahY(hhzRY;d33W)m*dfem@)>pR54Qy
z<RWGy4Svu;#dD`u<mBP@eAkMGcD3?j)9HNWuf+_TatK4c)b3Qlw(aMyHjS7C6U=u>
ze;^F?mwdU?K+=fBabokSls^6_6At#1Sh7W*y?r6Ss*dmZP{n;VB^LDxM1QWh;@H0J
z!4S*_5j_;+@-NpO1KfQd&;C7T`9ak;X8DTRz$hDNcjG}xAfg%gwZSb^zhE~O);NMO
zn2$fl7Evn%=Lk!*xsM#(y$mjukN?A&mzEw3W5>_o+6oh62kq=4-`e3B^$rG=XG}Kd
zK$blh(<uxJb^6!T0Lqdb8Yy{zG_}A*4-cBSGz3-tz}Z(p1R)$bY5^83Ls2MuUAVkq
zLWh#lyD!7gu~cM3Ik3#tU{s|75Js^gbF}wghM{8XkV%OGxK;gA&0_;$>%!9;@d@3&
zGFO60j1Vf54S}+XD?%*uk7wW$f`4U3F*p7@I4Jg7f`Il}2H<{j5h?$DDe%wG7jZQL
zI{mj?t?Hu>$|2UrPr5&QyK2l3mas?zzOk0DV30HgOQ|~xLXDQ8M3o#;CNKO8RK+M;
zsOi%)js-MU>9H4%Q)#K_me}8OQC1u;f4!LO%|5toa1|u5Q@#mYy8nE9IXmR}b#sZK
z3sD395q}*TDJJA9Er7N`y=w*S&tA;mv-)Sx4(k$fJBxXva0_;$G6!9bGBw13c_Uws
zXks4u(8JA@0O9g5f?#V~qR5*u5aIe2HQO^)RW9TTcJk28l`Syl>Q#Z<CsLIFVH<_p
zCq6_j=n8i-`(PWu%!|`=sOASV_U;DmvI|qOgW+~hrsKsCSY7ix3Fw7kE^_n!IV?BS
zQliJzIkHzxCBBOsprgVVpboBjb&sf%I91cd#lb$c&cw2`zWJS*WeO0Fc_ilu2MaF+
z`S_`{Vt$TA$F=dZfsTZ$Q?ut)7Ld{0Sm7l;is}dzW%LE_C0-jp(B8mcb4vih&JByn
z&31Dr*=kiRUg#HcGTyOlB<Z)8Z*9~_Jc-ckWF~1G>veEE4Em+{?%iz6=V3b>rCm9F
zPQQm@-(hfNdo2%n?B)u_&Qh7^^@U>0qMBngH8}H|v+Ejg*Dd(Y#<Kj2^~{>|jgJ-A
zQ_bQscil%eY}8oN7ZL+2r|qv+iJY?*l)&3W_55T3GU;?@Om*(M`u0DXAsQ7HSl56>
z4P!*(%&wRCb?a4HH&n;lAmr4rS=kMZb74Akha2U~Ktni>>cD$6jpugjULq)D?ea%b
zk;UW0pAI~TH59P+o}*c5Ei5L-9OE;OIBt>^(;xw`>cN2`({Rzg71qrNaE=cAH^$wP
zNrK9Glp^3a%m+ilQj0SnGq`okjzmE7<3I{JLD6Jn^+oas=h*4>Wvy=KXqVBa;K&ri
z4(SVmMXPG}0-UTwa2-MJ=MTfM3K)b~DzSVq8+v-a0&Dsv>4B65{dBhD;(d44CaHSM
zb!0ne(*<^Q%|nuaL`Gb3D4AvyO8wyygm=1;9#u5x*k0$UOwx?QxR*6Od8>+ujfyo0
zJ}>2FgW_iv(dBK2OWC-Y=Tw!UwIeOAOUUC;h95&S1hn$G#if+d;*dWL#j#YWswrz_
zMlV=z+zjZJ%SlDhxf)vv@`%~$Afd)T+MS1>ZE7V$Rj#;J*<9Ld=PrK0?qrazRJWx)
z(BTLF@Wk279nh|G%ZY7_lK7=&j;x`bMND=zgh_>>-o@6%8_#Bz!FnF*onB@_k|YCF
z?vu!s6#h9bL3@tPn$1;#k5=7#s*L;FLK#=M89K^|$3LICYWIbd^qguQp02w5>8p-H
z+@J&+pP_^iF4Xu>`D>DcCnl8BUwwOlq6`XkjHNpi@B?OOd`4{dL?kH%lt<Bl*-ZC`
zMquBbFr=TzP)<DC$lPjXX$@z3q}K9?i#>78(-L}eah8?36zw9d-dI6D{$s{f=M7)1
zRH1M*-82}DoFF^Mi$r}bTB5r6y9>8hjL54%KfyHxn$LkW=AZ(WkHWR;tIWWr@+;^^
zVomjAWT<dVCi7X?5R}(Qm@98_aU_$FoLFQ<HPv_ffO!2N)!e-w3k$LyuZoAW38S9u
z?D}cNnUCdttCs?5Kh!Ib7oIw8jMn|#jhzw)vEv%tY75({at|F9>)$+rn%g<U&NrP;
z-Z=4wHBzfR_0Yveb=eQf%3XumZ%e}SJM&I%yvLFdGxNXSau$!$xJESc7rfF*K(BKe
z?BUu;ZnWD`!na7-vDL0NZyFQ?VVFaar=?H*0Z*O$MCZ8-t%^a>`LHB6ZSO@M3KBA?
z+W7ThSBgpk`jZHZUrp`F;*%6M5kL<hi<rq*=Uh)s5-g>Wy6AW<g;&;&7rSNHo}5Ix
zOp@<LR(smeH)Fz~g=*8^iN^AM1RG6%>#T{jFHTiKXP9<P*6WJCz)yOEpL6lNC^u|g
zE`Oix9Ie-lU~IO~2x$dIq`9+?-%2<mxQErpIA@jQqD?V=GjoMk?ya@Grv-6<grCea
zM!#wBJuRNr*9rlPDszCcL7ZyDqy&i;LT^}Df)$)J_=9U6(kr<|HilCbO;*jH)&E*f
zORGYkuQ8;?4?rY|WKW+uh?_r2k3;QHM3K4E;}k4>ITrMlEdti7@&AT_a-BA!jc(Kt
zWk>IdY-2Zbz?U1)tk#n_Lsl?W;0q`;z|t9*g-xE!(}#$fScX2VkjSiboKWE~afu5d
z2B@9mvT=o2fB_>Mnie=TDJB+l`GMKCy%2+NcFsbpv<9jS@$X37K_-Y!cvF5NEY`#p
z3sWEc<7$E*X*fp+MqsOyMXO=<2>o8)E(T?#4KVQgt=qa%5FfU<FZy9nKLTy_eIKOk
zAVY$rijO}P<yFqaB`Vm3$^xZQ@=o}`6lJ;-6v$?~RMPVuN2<A_K1(FVa#L%f!+wvU
z{K`cR8%h)UTx$p`$GSLs6NvNKYen&1V&<&C7J^r(Y3Uo3XyF0-d*~f{Zr|_mIu$aI
zGv%hq!x!JD>G_LE`n)PihCz2=iNUt7im)s@;mOc9SR&{`4s9Q6)U31mn?}Y?$k3kU
z#h??JEgH-HGt`~%)1ZBhT9~uRi8br&;a5Y3K_Bl1G)-y(ytx?ok9S*Tz#5Vb=P~xH
z^5*t_R2It95=!XDE6X{MjLYn4Eszj9Y91T2SF<xlHh|@ey9xc6B-(iz5_br_OV4Wq
z-sLlVYld&08e0g;{IRC2J~+sY57~+z%lNhT*XG3r!p+;r=<d(a?w$Qz_U&hCAqa4e
zhsx-?^>z@eYlx9Z9*hWaS$^5r7=W5|>sY8}mS(>e9Ez2qI1~wtlA$yv2e-Hjn&K*P
z2zWSrC~_8Wrxxf#%QAL&f8iH2%R)E~IrQLgWFg8>`Vnyo?E=uiALoRP&qT{V2{$79
z%9R?*kW-7b#|}*~P#cA@q=V|+RC9=I;aK7Pju$K-n`EoGV^-8Mk=-?@$?O37evGKn
z3NEgpo_4{s>=FB}sqx21d3*=gKq-Zk<UD%1D*BFeVz37w$%eGa*EmDyGF=h1fiyij
zyDU0)fPmRpbGk4|`}ZTZy6rEE?@>)U+bM%Q_}0`XGkYh*+jRaP+aDnRv#Zz*n$pGp
zEU9omuYVXH{AEx>=kk}h2i<?T#n^rxX3^XJ7s^6IIWj3JLr>Kt!yqX=EHN)LF}z1j
zJx((`CesN1HxTFZ7yrvA2jTPmKYVij>45{ZH2YtsHuGzIRotIFj?(8T@ZWUv{_%AI
zgMZlB03C&FtgJqv9%(acqt9N)`4jy4PtYgnhqev!r$GTIOvLF5aZ{tW5MN@9BDGu*
zBJzwW3sEJ~Oy8is`l6Ly3an7RPtRr^1Iu(D!B!0O241Xua>Jee;Rc7tWvj!%#yX#m
z&pU*?=rTVD7pF6va1D@u@b<R{lB+r%2c8=qc(CjIy_PyK)YzdIb|r4J7E1-E%7g&H
z!%DNkwOvZQY+JL#V<ZUYj3S4euN^elpcg}S7^!2nQA%ZzZhjS%s)a1(RVT(H%lB;P
zal(qoN<n|AW$eE3BfHuYCC|KExfChGItnSc*K#*9`&Kc<L-rUi2&^Ir>#V@bShFr3
zMyMbNCZwT)E-%L-{%$3?n}>EN>ai7b$zR_>=l59mW;tfKj^oG)>_TGCJ#HbLBsNy$
zqAqPagZ3uQ(Gsv_-VrZmG&hHaOD#RB#6J8&sL=^iMFB=gH5AIJ+w@sTf7xa&Cnl}@
zxrtzoNq>t?=(+8bS)s2p3>jW}tye0z2aY_Dh@(18-vdfvn;D?sv<>UgL{Ti08$1Q+
zZI3q}yMA^LK=d?YVg<lfqr+QS{}eWIHZD1u*bJ5o%1=)BrW5iB0uzUP<03XJ<!DH6
zC{Hjl1pa}kA=neP3t4CZQBupD$Ni><CQ;|YKtxp+$=NLG_I3Sx9rp6LZm4Gm{~fz7
zuD~b;3`yUEXsA!NiW(8jh?HK|15TNucP3XUs_W@pFx4e54^p`7&R2XzYuo6Cou$l7
zAnu1L_DAYYc5F4$4eDg#9SaYTA%M=P`R_f)VnAcP+9&*Y2L0s=*Z+>({|v?d1|R?5
zL0S3fw)BZazRNNX|7P4rh7!+3tC<Td=#!Falu(c?jS7w^@?XN{k`87>G~O8l+m?H}
z(CB>8(9LtKY<oWYxE4rh_L8MXL^c~?R_8c8^Lp4g<a%+wIo*`=`Fh3HslXWdXylor
z2YKt+lCSsG1&wwGpMr0%`~`aENxXY-=uQu6lqa<xnn0!fDhz~x_gt{)TY&5Du*s(y
za$we}4?R$500Xu=(JXBPH-HaW8yJgz*3mtc!bAsb?PxY*M`#!)wiCqCTnx8J2ims{
zBz9QM8nvX=W(nqPnf}R(n~E?t@SeTLm3dUbYd2*7Y1RVsu<_G)zjYaWb%mm6n-mKI
zT2%YUws0@4sh<%u%-FfXi%wy#LXh~Bqez)>Iu3ohJ-9ecgk+L&!FX~Wuim&;v$>M4
zUfvn<=Eok(63Ubc>mZrd8d7(>8bG>J?PtOHih_xRYFu1Hg{t;%+hXu2#x%a%qzcab
zv$X!ccoj)exoOnaco_jbGw7KryOtuf(SaR-VJ0nAe(1*AA}#Q<CV{nZUjZss;^Bl{
z7XRFXJ$Bl8ls(aU(=s$k8k1;Pogw%1PATl3=*SQ-{cHa3WjRLNc{#@8{)KMDC7YcM
zI9$TWJQVLQc%aDXG#OmM7i9UBw85`FXsYe;l36eeViktxb@@1t()dkkCg9w?R;8|J
zB(QJA=Vh*NyVT^2^t)1MHiQ(rG-xpb*a@B{C~cA4o4H?XN-6a;gG&v*wNr;LDd~3?
zb#zwd1y*C_^!Szc2&EysB$CObC?oZ=6t1<pBdz}-Tay-X@^nncOgCv}vJ-ULph|p%
z9kn23>V1lMhGtzD>RoUZ;WA?~!K{8%chYn?ttlz17UpDLlhTkGcVfHY6R<2r4E{mU
zq<M!;p>-}D?+*2gAkQYAKrk*rB%4WFC-B!eZZLg4(tR#@kUQHIzEqV48$9=Q(~J_0
zy1%LSCbkoOhRO!J+Oh#;bGuXe;~(bIE*!J@i<%_IcB7wjhB5iF#jBn5+u~fEECN2*
z!QFh!m<(>%49H12Y33+?$JxKV3xW{xSs=gxkxW-@Xds^|O1`AmorDKrE8N2-@ospk
z=Au%h=f!`_X|G^A;XWL}-_L@D6A~*4Yf!5RTTm$!t8y&fp5_oqvBjW{FufS`!)5m%
z2g(=9Ap6Y2y(9OYOWuUVGp-K=6kqQ)kM0P^TQT{X{V$*sN$wbFb-DaUuJF*!?EJPl
zJev!UsOB^UHZ2KppYTELh+kqDw+5dPFv&&;;C~=u$Mt+Ywga!8YkL2~@g67}3wAQP
zrx^RaXb1(c7vwU8a2se75X(cX^$M{FH4AHS7d2}heq<qhyLy1#Jfgt3f!aB-P4|p)
zOd{oU=`i86vxcY;_ul6lx!e^SyAA9DJ|V2MQGHSH-{#q#(tNvhbd6WR0RPfuo5ze7
z!8fP}zD;2QrdjI8*>qg4F0<W~diW0hKQp;k<%FBqCo4tjGk^Y@-1#rtlYqU6lhvoQ
z&!;4-k?ntDgh_GZlAuheL2}Q4{Kh7YPu2RKiw5OyYbwyh&^=o{$rrO`siMZn!(%1Y
z`(;}_->!1|Na>UtAdT%3JnS!B<c3}bPjP$!EK-zuqk&c!P8e_?hnX-xA0SUc-g&$V
zbc98Y?v?sQmUys{QR(+nk$!m5FIl0-q+(Ag6eOiHfMUay?vQ6k1UdGg_@n5SO~Ihy
ziH*S!Uuci87a3R*Vo;A6kk6DK`tlTLh12`t)RX4s7QWjHOzG^LXE3Ky{xLkz?Ctk8
z4kMpWQ9(?6W>)&zelTEj$^b0>Oyfw=P-y-Wd^#dEFRUN*C{!`aJIHi<_YA2?piC%^
zj!p}+ZnBrM?ErAM+D97B<cgKKBrdi2;(-duQ;X!CoJgl}#)^?lr+kyW`->*7L8U$K
zo(IR-&LF(85p+fuct9~VTSdRjs`d-m|6G;&PoWvC&s8z`TotPSoksp;RsL4VL@CHf
z_3|Tn%`ObgRhLmr60<;ya<df@iYP!*lDcjdoz{`9f3jhpSGk`+Uln%Pf{>-5wbh&t
z#ycN_)3P_KZN5CRyG%LRO4`Ot)3vY#dNX9!f!`_>1%4Q`81E*2BRg~A-VcN7pcX#j
zrbl@<Gb}oQpMbO`4Kg5K%(PXd;HK1%n^p|d!|b!$T9$IX2uefmoU)9!=aVS>7`V%n
z6J53(m?KRzKb)v?iCuYWbH*l6M77dY4keS!%>}*8n!@ROE4!|7mQ+YS4dff1JJC(t
z6Fnuf^=dajqHpH1=|pb(po9Fr8it^;2dEk|R<Z)g^_w?qf|O~nY%-}&?q9XFocryq
zU}r&%r^)eKAE`Qy1Q+9S_;0AVk}>o=$fxqK$^Yix{G($0m-{RCFQJ~LqUnO7jJcjr
zl*N*!6WU;wtF=dLCWzD6kW;y)LEo=4wSXQDIcq5WttgE#%@*m><@H;~Q&GniA-$in
z`sjWFLgychS1kIJmPtd-w6%iKkj&dGhtB%0)pyy0M<4HZ@ZY0P<dIhF6uX|7Uo$O4
z2$D7IzS_VX=V5MyZ6VT&TtU-E2qe|w3SeVlrANB-nlh}9K%0q(yF;q>WLAd<A@!88
z4~KQ53hAtMl0!&|3Ix*$u-!IUA3!5>7FCrj&i|NRh?>hZj*&FYnyu%Ur`JdiTu&+n
z78d3n)Rl6q&NwVj_jcr#s5G^d?VtV8bkkYco5lV<C+J6=QT{l9ykkt7k2aHh!A?S?
z0mDF4aX8a&G=CuJ-yr-^m#jX<aPklym}~waO_MRAVLmXWXeJ~Vl~G=9P7f$NY)~Hz
z-L+xQ->0LiT+t8}98LW>d)|v|V3++zLbHC(NC@X#Hx?21J0M*gP2V`Yd^DYvVIr{C
zSc4V)hZKf|OMSm%FVqSRC!phWSyuUAu%0fredf#TDR$|hMZihJ__F!)Nkh6z)d=NC
z3q4V*K3JTetxCPgB2_)rhOSWhuXzu+%&>}*ARxUaDeRy{$xK(AC0<!8#Zg0UxyKHU
zqLQaK^Pckn-*)lI!M!WZ@QQ(1P+s?tyM=5Fh7(D?dLE%UZ}mR&tVV8*vHIwbj@%o?
zN+gBoWMq&RS0}uJEO=E{cEyOcT38XRQ>I=<n<tbh)Jv07tLx|@tiqq)S+c|PX8r7S
z?KqB4wSrXTl5kvFk{NK!*G)UZ-HGu?u0Q<tr`#uKHO$Tn=rzjPMJ?oWsFz}JNWGSO
z%o=M1X`q{cA(0u-*80u<+6G61@Zgu*P5zHe`CFi#l)3e7u*|%QS4_P6(<3=b?tTqn
ztc3plzgz{nNqLoHg)@&k<h^_8so8^Op&ydqM=r?_czXl=C$EEAUJCuIuNwWidhRAn
z3QKyfm-lHj(%(faHY4w4D4<Pd+2}$TVNSntKEo8rs(>9%X7dmc6?lZNqe-iM(<?P%
zb{B1zDDTb$C_iWolTFK_H5MDO3JGanYiJ8>`?Xn3x2Ov>sej6YVQJ9Q42>?4lil?X
zew-S>tm{=@QC-zLtg*nh5mQojY<tw2>nvVzf3!4TpXPuobW_*xYJs;9AokrXcs!Ay
z;HK>#;G$*TPN2M!WxdH>oDY6k4A6S>BM0Nimf#LfboKxJXVBC=RBuO&g-=+@O-#0m
zh*aPG16zY^tzQLNAF7L(IpGPa+mDs<EA58I^C4&+c-&443{muIYj`dw&(VO&^Dof+
zyJONq3G)u|sH{8vPgx}4kBmTuS9EL;Tr)2CsZIS6=);)_$ijfcc0|{a*mT3YVRq8n
z2uL5K3e>CeAK3k=IL6^LcE8l0o&)k@?dz!79yxUquQIe($zm5<TrkD7V!yM0V;>DG
z5RdXTv)AjHaOPv6z%99mPsa#8OD@9=URvHoJ1hYnV2bG*2XYBgB!-GEoP&8fLmWGg
z9NG^xl5D&3L^io&3iYweV*qhc=m+r7C#Jppo$Ygg;jO2yaFU8+F*RmPL<OdIt%FNv
zq1w~d;lpB~NlNuW!N02)5X)z~^X?dn+p*3F1L%v*hgb=S#pGgf3ZH`s-=gr-2+F=*
zN4Hw9A4oDbHDA&juq@ot^$bsB#Z0xQ;v!n}Tt&Ln6YFsc_=`f~kclHuk-}0)66!>`
zYxfGKla_--I}YUT353k}nF1zt2NO?+kofR8Efl$Bb^&llgq+HV_UYJUH7M5IoN0sT
z4;wDA0gs55ZI|FmJ0}^Pc}{Ji-|#jdR$`!s)Di4^g3b_Qr<*Qu2<e{?xu}s=ar+7e
z%k(i6WWflCHBhdRFSV|6hw)1v=0lFk{91%VN1cc!-0l8&aJYAsr2w4V)eR08+Sio5
z+zKa*;%?llL$%(*G2wLMI1cSnT?ANC*qFZdh&jPz%Mg(-)Fc_C{W_ljrcyXm#|b9K
zNHR?}r@j=+d#m@!_IRjo<TY%GNBkWHc|8xWF8s{S`=8g}4w(LyMdbDEKec=RQ;{kt
zQs5sRkRl(Zjg6nKqHUoT0Xn&qkm3Fmq380NGhp#2+gh$)5Xg#J9JgU_Ll7=M{zIpK
zfL$2VKsa>rz}R6!B^;`Lj3sKWzjMYjexX)-;f5Y+HfkctE{PstO-BZan0zdXPQ=V8
zS8cBhnQyy4oN?J~oK0zl!#S|v6h-nx5to7WkdEk0HKBm;?kcNO*A+u=%f~l&aY*+J
z>%^Dz`EQ6!+SEX$>?d(~|MNWU-}JTrk}&`IR|Ske(G^iMdk04)Cxd@}{1=P0U*%L5
zMFH_$R+HUGGv|ju2Z>5x(-aIbVJLcH1S+(E#MNe9g;VZX{5f%_|Kv7|UY-CM(>vf=
z!4m?QS+AL+rUyfGJ;~u<eBkM@oVI*>JGp4{WhOOc%2ybVP68@QTwI(8kDuYf?#^xv
zBmOHCZU8O<doURoBe6gaN%W_pXRyX;qe>(x)=GVFn%tg@TVW1)qJJ_bU}4e7i>&<k
zB-0XI*&(zcgjKs<6qB5Deg0#<W|_vwT}V3uwv!1cVq}UMxjcSvH1A2zfDwu^fgP@;
zmiVcqAtjw{o3d?ikW`qyo37q~&Xyt-3)@YltvX)ouSHu{Fn@Uh+@r(|2jt+I;>V?r
zh-03>d3DFj&@}6t1y3*yOzllYQ++BO-q!)zsk`D(z||)y&}o%sZ-tUF>0KsiYKFg6
zTONq)P+uL5Vm0w{D5Gms^>H1qa&Z##*X31=58*r%Z@Ko=IMXX{;aiMUp-!$As3{sq
z0EEk02MOsgGm7$}E%H1ys2$yftNbB%1rdo@?6~0!a8Ym*1f;jIgfcYEF(I_^+;Xdr
z2a>&oc^dF3pm(UNpazXgVzuF<2|zdPGjrNUKpdb$HOgNp*V56XqH`~$c~oSiqx;8_
zEz3fHoU*aJUbFJ&?W)sZB3qOSS;OIZ=n-*#q{?PCXi?Mq4aY@=XvlNQdA;yVC0Vy+
z{Zk6OO!lMYWd`T#bS8FV(`%flEA9El;~WjZKU1YmZpG#49`ku`oV{Bdtvzyz3{k&7
zlG>ik<flcuUPaw;YvjdYS@JrrLjOQKTg{loPw1=!OfONm=G8vIcMu$%2>>eL1P93F
zd&!aXluU_qV1~sBQf$F%sM4kTfGx5MxO0zJy<#5Z&qzNfull=k1_CZivd-WAuIQf>
zBT3&WR|VD|=nKeln<IWJ(#lroJ^rlmUUgP$K}PqrgpjdBAEyn0%xGQ@;|zXSAKpS=
z8HN*BCm#_Kpg`)z>p3Q@A~^d_jN3@$x2$f@E~e<$dk$L@06Paw$);l*ewndzL~LuU
zq`>vfKb*+=uw`}NsM}~oY}gW%XFwy&A>bi{7s>@(cu4NM;!%ieP$8r6&6jfoq756W
z$Y<`<BA(NP_rKw?g;>J*d7nK4`6t`sZ;l%Oen<L`$Mmln*Ws_nvoh%~&c}xb-7kB(
zh7v+vRWLsqTi<Zv0pTkmQZ$)ZQCI!C1{0277is6YPe`xyow34X(|rhAA<PpxllC+5
zpuqIAiLr@yV`CTVm)pf=f-lB)tG>|+pk|Ry2`p9lri5V<ph`84(x<8VLq9s)vm(rg
zk=T0WhZ9)K$=&7~E5lFK<XSD4<_o>D!Gq`U#Ms}pgX3ylAFr8(?1#&dxr<?GR_|pr
zd3Q7D)nyYqpj}3_I3*FHBz#8A7!5Cf-C6zFi@J0bEFBeGvLD`$3YIBzVzehUjt#_(
zz9_D^b$a)n)wyrI%McBIubrWJPu8TzV6~V}i7ugwv|%J|sVLoBLC13EMiMwmH9E2w
z882x#Qi8+58^SZ_$Cw^aIlK(|W5Qj#6UH}h_&%ant7LV3ofqe*1ytkh!5ajc`14LV
z7tQl)fA>tJgB>VqrlWZf61(r`&zMXsV~l{UGjI7R@*NiMJLUoK*kY&gY9kC@^}Fj*
zd^l6_t}%Ku<0PY71%zQL`@}L}48M!@=r)Q^Ie5AWhv%#l+Rhu6fRpvv$28TH;N7Cl
z%I^4ffBqx@Pxpq|rTJV)$CnxUPOIn`u278s9#ukn>PL25VMv2mff<X5bknzST5kb^
zlpk=vSRRN4xU%yjDtq;ChT^Ppj-$C{LHr78BE5^J2m}vJRdh6VfDuW=I7<<bLKaLc
zb(!#(0qhve__Ofg(Q7WGixCGVq(6eSv*Ewce65*swEF5mBrkC&F(cmTD@EkaRIw~S
zx1(Ax=2e!fvV=Y}7FJ;1FeI9gsT!mU@Afz>)-RXV&r`Dwid7}TEZxXX1q(h{R6v6X
z&x{S_tW%f)BHc!jHNbnrDRjGB@cam{i#zZK*_*xlW@-R3VDmp)<$}S%t*@VmYX;1h
zFWmpXt@1xJlc15Yjs2&e%)d`fimRfi?+fS^BoTcrsew%e@T^}wyVv6NGDyMGHSKIQ
zC>qFr4GY?#S#pq!%IM_AOf`#}tPoMn7JP8dHXm(v3UTq!aOfEXNRtEJ^4ED@jx%le
zvUoUs-d|2(zBsrN0wE(Pj^g5wx{1YPg9FL1)V1JupsVaXNzq4fX+R!oVX+q3tG?L=
z>=s38J_!$eSzy0m?om6Wv|ZCbYVHDH*J1_Ndajoh&?L7h&(CVii&rmLu+FcI;1qd_
zHDb3Vk=(`WV?Uq;<0NccEh0s`mBXcEtmwt6oN99RQt7MNER3`{snV$qBTp={Hn!zz
z1gkYi#^;P8s!tQl(Y>|lvz{5$uiXsitTD^1YgCp+1<Tfm$i>%IMIRLiSP`s<WKPsG
z!p@E7RcbhI$63wEL{DNutheGsuvy(Sa-{i`cvlydm#Ir&SdB8$w91Yqe!qv`?CY-9
zKqJx);d^#=`X)!*isBNG90WS*Snc<Si_j#YY}(IGouL(p7^!Bl+B`2dF}P33Y}u96
zal_kFk>Jru0oY-p!FPbI)!6{XM%)(_Dolh1;$HlghB-&e><;zU&pc=ujpa-(+S&Jj
zX1n4T#DJDuG7NP;F5TkoG#qjjZ8NdXxF0l58RK?XO7?faM5*Z17stidTP|a<XfxCG
z$UCm&W?!_&vf39flWZx;@SP639_V8cGUZc;*$-(mcJM6c7f~0U!=!h^H#?67g>%_N
z^e$D?@~q#Pf+708cLSWCK|toT1YSHfXVIs9Dnh5R(}(I;7KhKB7RD>f%;H2X?Z9eR
z{lUMuO~ffT!<lD6169C;$1EvRcFfrJ<dXTWr1NXldc`Cb33k9kzh+p#9Ri``Md-Wo
zhTyRo!_qHvZ1*gvBnQdybjdoywyO@G21SoTu9<ypq|3|il)d;LP?rQfA7s`y>^ew=
z7u13>STI4tZpCQ?yb9;tSM-(EGb?iW$a1eBy4-PVejgMXFIV_Ha^XB|F}zK_gzdhM
z!)($XfrFHPf&uyFQf$EpcAfk83}91Y`JFJOiQ;v5ca?)a!IxOi36tGkPk4S6EW~eq
z>WiK`Vu3D1DaZ}515nl6>;3#xo{G<K#ggwouCWBUFg;r%Y$ZD4u;X-yHr-BeC8u~`
zWE}y*tPu*yy_lMU@!F!%+Jy&p{kdIR$gBC)K#&As&9NfW10lqWP!b7VF^Qk3MWs$M
zT;J~B0&qk6kT9YBgfp%1n)%hjL@$m8AMQ^vqL(vK*e?VhKpe~y<+%Jf4)DPHEx%%9
zGB{3O+d&abwFsKSD>Qp1(=uTXl1<B)#N`yZiMBw46Sf^Ihw5-dtOiC*J(ceDs<L>~
z4gdWxr-8a$L*_G^UVd&bqW_nzMM&SlNW$8|$lAfo@zb+P>2q?=+T^qNwblP*RsN?N
zdZE%^Zs;yAwero1qaoqMp~|KL=&npffh981>2om!fseU(CtJ=bW7c6l{U5(07*e0~
zJRb<Ku6HLcAOb`zc7zTm);@{l9<nBUJ|9;|zscEPY80sS#%MX#SVwtqq{x3+<{N){
zpi>id6?&psp)ilmYYR3ZIg;t;6?*>hoZ3uq7dvyyq-yq$zH$yyImjfhpQb@WKENSP
zl;KPCE+KXzU5!)mu12~;2trrLfs&nlEVOndh9&!SAOdeYd}ugwpE-9OF|yQs(w@C9
zoXVX`LP~V<Uk{Vx9+<H|<;R6uMDd=KiM`*JZX9Oq)-M3@={>>%$<(%~tE*bsq(EFm
zU5z{H@Fs^>nm%m%wZs*hRl=KD%4W3|(@j!nJr{Mmkl`e_uR9fZ-E{JY7#s6i(<j{+
zk!td7e`%p+%c_XFA;9lqsCYy?1IxVGI2;$%cDNf`>)WX<RN-bRuC&1j#LM%M&&RUE
zSr}o@oJcriME*LlbkU_Dh3Ug9ztn6tqgQtZ6NBL^tc)6_$fWhsYmgn9kAu3}00l3H
zr#%Pqpw>B0g-b`R{2r@K{2h3T+a>82>722+$RM*?W5;Bmo6$X3+Ieg9&^TU(*F$Q3
zT572!;vJeBr-)x?cP;^w1zoAM`nWYVz^<6N>SkgG3s<Yx=^#ypoO6F?26*8^a{l3a
z$&4G(m?Sq;d2<Q&XSXYqlKfm!@7sZ5d<bsk+}E}xzcesgHVgRAg5VL0w(n_GEpiu6
zE9|g&>4MrNtzQO|A?odKurb6DGZffo>DP_)<qOaMC19njZCtGXD*yh<j!KUDjz<4q
zWnTeQSF&|Ykl^kfG`PD4cXxLS?(T4LcXti$?(XgqEJ*MWAVA1}=grKQ8D`$R`A^lY
zOBM85O`qL;_SxNg?Oz?iP4!1tv_<?M8^#H%R<EJ_!BNpfWyI^;Q7-)r*HQz(*<jhQ
zaISi5xNTmuG25H6L3gcdT7Q02cn{)_k@(&M!V*O>S0$#gGQ_vw@a9JDXs2}hV&c>$
zUT0;1@cY5kozKOcbN6)n<KnXKcU(VN>5v)l#>nLFL_x?2NQgurQH(KH@gGe>F|$&@
zq<!TDnL-VqMWLGe-~@)Cgkm5KlKKJt!evM}3}fqz&>@2A!EXcIsDdzf@cWqElI5~t
z4cL9gg7{%~4<p^X@DM*@c67Yi5#f6#Bm7a0*FE$FMb~gCg{*^kN9ENjp1srjkt@xn
zxVT#u1Gkxh`MM=m`eK5zwN^dE8cA`Ixt#iYp0dW_cn{AQPM!*!t56&BcIEM<ini4!
z;6Y~(9B`Xfgb%|)3kS6{Oo$O5i1{Mo)FrLNoLPXUi<->@`ANXnVAi=JvSsj95-7V&
zME3o-%9~2?cvlH#twW~99=-<UaZyHqFHdrBot`C>$C=+<Y!2>b5^Yv}Zh4;Mg-!LS
zw>gqc=}CzS9>v5C?#re>JsRY!w|Mtv#%O3%Ydn=S9cQarqkZwaM4z(gL~1&oJZ;t;
zA5+g3O6itCsu93!G1J_J%Icku>b3O<OIxMzdv#_!e@|S;{>6qBW$1Ej_oUWc@MI)|
zQ~eyS-EAAnVZp}CQnvG0N>Kc$h^1DRJkE7xZqJ0>p<>9*apXgBMI-v87E0+PeJ-K&
z#(8>P_W^h_kBkI;&e_{~!M+TXt@z8Po*!L^8XBn{of)knd-xp{heZh~@EunB2W)gd
zAVTw6ZZasTi>((qpBFh<tTS1e+AhJcGwczCx{=l6&S*B1iwJga`@}*_Ho|0>(r4)k
zz&@Mc@ZcI-4d639AfcOgHOU+YtpZ)rC%Bc5gw5o~+E-i+bMm(A6!uE>=>1M;V!Wl4
z<#~muol$FsY_qQC{JDc8b=$l6Y_@_!$av^08`czSm!Xan{l$@GO-zPq1s>WF)G=wv
zDD8j~Ht1pFj)*-b7h>W)@O&m&VyYci&}K|0_Z*w`L>1jnGfCf@6p}Ef*?wdficVe_
zmPRUZ(C+YJU+hIj@_#IiM7+$4<aZ!#dr*`REAf~JZAxOCoWr1bqIo9WoA!E)v9pO@
z?(B=R&&Gddd?wyOeN`lnJ(@a@*n_`a>kH#VS5tM!Ksz01siPc-WUe9Y3|pb4u2qnn
zRavJiR<AtVU@nPS_1+)QXFYR4w2)~*TcnQoVc`S&K^m7Q$rsr0*9zGNib=MHwU>pa
zq?tr&YV?yKt<@-kAFl3s&Kq#jag$hN+Y%%kX_ytvpCsElgFoN3SsZLC>0f|m#&Jhu
zp7c1dV$55$+k78FI2q!FT}r|}cIV;zp~#6X2&}22$t6cHx_95FL~T~1XW21VFuatb
zpM@6w>c^SJ>Pq6{L&f9()uy)TAWf;6LyHH3BUiJ8A4}od)9sriz~e7}l7Vr0<HqyY
z6Dx7%ot%cVTHu&Yn?us6X9OT~L>e%(=>KG1Ja<x!+0@YeI(Mczi{X1Zl?Yi3M*x-k
zSgRh6(|L+%)?*PTlz%%EUEd};IuDP|6mfQu)3wkVz9^%CU$Wg7((pb*oWY$4C^*>y
zW0azuWC`(|B?<6;R)2}aU`r@mt_#W2VrO{LcX$Hg9f4H#XpOsAOX02x^w9+xnLVAt
z^~hv2guE-DElBG+`+`>PwXn5kuP_ZiOO3QuwoEr)ky;o$n7hFoh}Aq0@Ar<8`H!n}
zspCC^EB=6>$q*gf&M2wj@zzfBl(w_@0;h^*fC#PW9!-kT-dt*e7^)OIU{Uw%U4d#g
zL&o>6`hKQUps|G4F_5AuFU4wI)(%9(av7-u40(IaI|%ir@~w9-rLs&efOR@oQy)}{
z&T#Qf`!|52W0d+>G!h~5A}7VJky`C3^fkJzt3|M&xW~x-8rSi-uz=qBs<f3Pwp@5!
zKtR`<-s#sddZqhXw~y$zXW%%dX(ya@<kckOZoaP?vzHc;W6nf9bYynOF;_4-vRr!8
zo#dB3A&$Z6V0qIrx1=qqBHKmul(ev}ZEyv*F>gODqbl(W#f{Ew#ui(K)(Hr&xqZs`
zfrK^2)tF#|U=K|_U@|r=M_Hb;qj1GJG=O=d`~#AFAccecIaq3U`(Ds1*f*TIs=IGL
zp_vlaRUtFNK8(k;JEu&|i_m39<q7M%4@O1tL|ZsMii@5|S`g%O%-V-oosY#Z<Xd|o
z<M}n>c(HblQkF8g#l|?hPaUzH2kAAF1>>Yykva0;U@&oRV8w?5yEK??A0SBgh?@Pd
zJg{O~4xURt7!a;$rz9%IMHQeEZHR8KgFQixarg+MfmM_OeX#~#&?mx44qe!wt`~dd
zqyt^~ML>V>2Do$huU<7}EF2wy9^kJJSm6HoAD*sRz%a|aJWz_n6?bz99h)jNMp}3k
ztPVbos1$lC1nX_OK0~h>=F&v^IfgBF{#BIi&HTL}O7H-t4+wwa)kf3AE2-Dx@#mTA
z!0f`>vz+d3AF$NH_-JqkuK1C+5>yn<nqn~Qi>s0G;r5ApsU|a-w9^j4c+FS<z58n^
zIvu4dj}2z*$P&TSy7!LDtU7?!bQ0V_z`pZ3jm?^B?FmbU_JU<H16cPcNi12o!!k;;
zYffJL8Dy-MQK(85*8y`OoSNn&yi(ULE?ZV+6=%kV?%tfDha1+HEzQL95yx?7+F7XB
z@j7JH#u@I2s%&M+wo!hY)ItgR7BPjoMpv&4OlvxvK^3|9bw!&jqA?Sp1J`}>{#+7-
zH%skr+TJ~W_8CK_j$T1b;$ql_+;q6W|D^BNK*A+W5XQBbJy|)(IDA=L9d>t1`KX2b
zO<pmDsej*I8|y};gp7T1IC(98mV}MD9Q!pORyAe)wNoY&LkuGrIt^A!sMPCoeV%9$
zz_;h*P=g23?<T3d?qJyD9?gLUCs_T^I9W9t-y!C{TiC7^!zhhqyJ<OfqgNJF@&Kgi
z&5V!Ek_zu|cqQKBkXnS6LeGveSjdS-%=l7G-y)4-`VhAXy$_lY_@r>X(Ffv*m?e>!
zS3lc>XC@IqPf1g-%^4XyGl*1v0NWnwZTW?z4Y6sncXkaA{?NYna3(n@(+n+#sYm}A
zGQS;*Li$4R(Ff{obl3#6pUsA0fKuWurQo$mWXMNPV5K66V!XYOyc})^>889<muPHl
zcm;GlM1{n?&p*!QleixPz#mWcB6}EmiUgEeFa!zWO<2rV2v(-@jMMSaUD&MVY&+ts
z_5gabi5F=_>Hg3I<{V^Lj9($B4Zu$xRr=89-lDz9x`+I8q(vEAimx1K{sTbs|5x7S
zZ+7o$;9&9>@3K;5-DVzGw=kp7ez%1*kxhGytdLS>Q)=xUWv3k_x(IsS8we39Tijvr
z`GKk>gkZTHSht;5q%fh9z?vk%sWO}KR04G9^jleJ^@ovWrob7{1xy7V=;S~dDVt%S
za$Q#Th%6g1(hiP>hDe}7lcuI94K-2~Q0R3A1nsb7Y*Z!DtQ(Ic<0;TDKvc6%1kBdJ
z$hF!{uALB0pa?B^TC}#N5gZ|CKjy|BnT$7eaKj;f>Alqdb_FA3yjZ4CCvm)D&ibL)
zZRi91HC!TIAUl<|`rK_6avGh`!)TKk=j|8*W|!vb9>HLv^E%t$`@r@piI(6V8pqDG
zBON7~=cf1ZWF6jc{qkKm;oYBtUpIdau6s+<-o^5qNi-p%L%xAtn9OktFd{@EjVAT%
z#?-MJ5}Q9QiK_jYYWs+;I4&!N^(mb!%4zx7qO6oCED<oDIzJPmgkxi<-rE7tQkSnO
zHGm$6bM#NE=(v=wHHBWLZZ7vpHK<9^D&I6s<svxr=`8ivETQByzx^b)q68TAEvpP@
zhcoJR%+9c$wx4i7Y|Dhk@jAh&UL@$a0<XRl9e)}(R%t71TPWMvV31y(oSdAYCEy+E
zOhj$}s&{^2Z&|-p<l<0e#XuLIH(ex3IEVE5zzeJ_G1Kij2sw`k2c#dnPBI8;K7H=3
zORv){I+3>n=8oL6#*9XIJ&iJ30O`0vsFy|fEVkw}*jd&B6!IYi+~Y)qv6QlM&V9g0
zh)@^BVDB|P&#X{31>G*nAT}Mz-j~zd>L{v{9AxrxKFw8j;ccQ$NE0PZCc(7fEt1xd
z`(oR2!gX6}R+Z77VkDz^{I)@%&HQT5q+1xlf*3R^U8q%;IT8-B53&}dNA7GW`Ki&=
z$lrd<GKz$9R5Ft~6zD{(ya+d@l6{<L2Tp==;3Q!GH?LT~PJ)*~fF$MrEdM^|OS1}G
zc-1gnesG&GflTj^!lCG9X*7C_0Ru56EcJz!66?sm0RA9)pI0PdJM}+?O7)@+o8V>H
zDCu;j$GxW<&v_4Te7=AE2J0u1NM_7Hl9$u{z(8#%8vvrx2P#R7AwnY|?#LbWmROa;
zOJzU_*^+n(+k;Jd{e~So9>OF>fPx$Hb$?~K1ul2xr>>o@**n^6IMu8+o3rDp(X$cC
z`wQt9qIS>yjA$K~bg{M%kJ00A)U4L+#*@$8UlS#lN3YA{R{7{-zu#n1>0@(#^eb_%
zY|q}2)jOEM8t~9p$X5fpT7BZQ1bND#^Uyaa{mNcFWL|MoYb@>y`d{VwmsF&hao<n6
z%CzSNTY`^bu3@;|Ax5=TJ9{LCL(zf^FBKMEWs`2vGe~cPPtIsD<2Ic)yUmvWSd$rN
zr~N8d#J&q#E3u$BY0>JuS2W7azZU0{tu#Jj_-^QRc35tjW~ae&zhKk!wD}#xR1WHu
z_7Fys#bp&R?VXy<MB^?p{0zIv?BP@GY?>$WYa$~!dMxt2@*(>@xS}5f-@6eoT%rwH
zv_6}M?+piNE;BqaKzm1kK@?fTy$4k5cqYdN8x-<(o6KelwvkTqC3VW5HEnr+WGQlF
zs`lcYEm=HPpmM4;Ich7A3a5Mb3YyQs7(Tuz-k4O0*-YGvl+2&V<Ie8wBfwzp0Lc$|
zgJ{$(BL5?za58Z#lV|uoXHfGgT$$Wat6z)Ksa+-Pp}1qatBo{Au#-btC7}fIb2QN{
znENgBNE;rLm`1A$=3PKm#Ya919;Oh;)Z7&we5-gCqIQ{fPpmVWB-K#Nw6s;&8}wse
zm~Z>(B&L1F8qfR0@vQM-rF<2h-l9T12eL}3LnNAVyY_z51xVr$%@VQ-lS~wf3mnHc
z<He&&13ar1@#9!8>oM({3Z<3+PpTFCRn_Y6cbxu9v>_>eTN0>hHPl_NQQuaK^Mhrv
zX{q#80ot;ptt3#js3<r$Se&jSgS4NkE-h&_>>kD&uNs{G0mQp>jyc0GG?=9wb33hm
z`y2jL=J)T1JD7eX3xa4h$bG}2ev=?7f>-JmCj6){Upo<cZHv8uid2-eav_0LEQk3S
zcBZXKx59JCqOD&zj@PA<kdvpXDkZ-n8ZcR`sj5FKKU6icObQ#P8IKREzTc%_%g-4p
zO(`u+LwGHCr<0?gbB0|gpf1iDGL${0^*A{2stM|g+ymay9eF{HV81f6B}eQUitI@x
zwLM9`@Day*tpcZw)bti4sYe;(80D^shz?{m-M4dNAnQS!55|`v0Ifh*Pw~?4F&XU*
z^LfXk)nnF$*AtE(ho}u+4}x$96&&Baqu|$_)wq+qb?dvE*G4w*yru{`Ax+Rb_^}+~
z8GgAT{RZ4CTs_R$^asHfJ|uyuBkJ4Zx1TuZqTryeKrh|R)W@8$savadO{&mS=(!Kq
zu%5#far=+AFULk00uE=nbPr8z9e!xpAWos(dxyC54-i|XeNC!QF?)FcB7f*k<O6Uq
zYyu`;{HyK8UvK`eanWC+Oi9W=WPvH>&$k{2WA=%f;KB;X5e;JF3IjQBa4e-Gp~xv-
z|In&Rad7LjJVz*q*+splCj|{7=kvQLw0F@$vPuw4m^z=B^7=A4asK_`%lEf_oIJ-O
z{L)zi4bd#&g0w{p1$#I&@bz3QXu%Y)j46HAJKWVfRRB*oXo4lIy7BcVl4hRs<%&iQ
zr|)Z^LUJ>qn>{6y`JdabfNNFPX7#3`x|uw+z@h<`x{J4&NlDjnknMf(VW_nKWT!Jh
zo1iWBqT6^BR-{T=4Ybe+?6zxP_;A5Uo{}Xel%*=|zRGm1)pR43K<Cu=a`CJ5kT}#&
zvO`L*j?+>39SZ=%{MDCS2d$~}PE-xPw4ZK6)H;Zc&0D5p!vjCn0wCe&r<Gk@eN0wy
z59TY7Oo%>VIhchR9ql!p2`g0b@JsC^J#n_r*4lZ~u0UHKwo(HaHUJDHf^gdJhTdTW
z3i7Zp_`xyKC&AI^#~JMVZj^9WsW}UR#nc#o<Ql@l;?(O+1q{O#IbNBLJoW2sZn&J@
zCmxSj=6fO@R~?Exex>+ifY<4`M+?Y9NTBT~p`ONtAFf8(ltr*ER-Ig!yRs2xke#NN
zkyFcaQKYv>L8mQdrL+#rjgVY>Z2_$bIUz(kaqL}cYENh-2S6BQK-a(VNDa_UewSW`
zMgHi<3`f!eH<BgZzb{LwXf8KzUKCb{K$E_mYnlLg^ev#4aE1*b4&^=lDmE?TOt<09
zQSQY;FWul<(h>syL6*^e^W7#l?V|42CfAjsgyiJsA`yNfAMB*lAsJj^K3EcCzm1KT
zDU2+A5~X%ax-JJ@&7>m`T;;}(-e%gcYQtj}?ic<*gkv)X2-QJI5I0tA2`*zZRX(;6
zJ0dYfMbQ+{9Rn3T@Iu4+imx3Y%bcf2{uT4j-msZ~eO)5Z_T7NC|Nr3)|NWjomhv=E
zXaVin)MY)`1QtDyO7mUCjG{5+o1jD_anyKn73uflH*ASA8rm+S=gIfgJ);>Zx*hNG
z!)8DDCNOrbR#9M7Ud_1kf6BP)x^p(|_VWCJ+(WGDbYmnMLWc?O4zz#eiP3{NfP1UV
z(n3vc-axE&vko^f+4nkF=XK-mnHHQ7>w05$Q}iv(kJc4O3TEvuIDM<=U9@`~WdKN*
zp4e4R1ncR_kghW}>aE$@OOc~*aH5OOwB5U*Z)%{LRlhtHuigxH8KuDwvq5{3Zg{Vr
zrd@)KPwVKFP2{rXho(>MTZZfkr$*alm_lltPob4N4MmhEkv`J(9NZFzA>q0Ch;!Ut
zi@jS_=0%HAlN+$-IZGPi_6$)ap>Z{XQGt&@ZaJ(es!Po5*3}>R4x66WZNsjE4BVgn
z>}xm=V?F#tx#e+pimNPH?Md5hV7>0pAg$K!?mpt@pXg6UW9c?gvzlNe0<O9UPs3g#
z^f++Rg^bFJRJT{?uV9Qd*Zsv*{rfbmQ<1tD4Iu9Gf??{(cexoddzxl!0^w<Z&6;sF
zvwE&;NuYtBZW#<+aFKZ|aRLoVMrtRBuNcBGQl&)NKFr)cE<T8jeh^K<^*{)}P##Z>
z3QtIWmw$0raJkjQcbv-7Ri&eX6Ks@@EZ&53N|g7HU<;V1pkc&$3D#8k!coJ=^{=vf
z-pCP;vr2#A+i#6VA?!hs6A4P@mN62XYY$#W9;MwNia~89i`=1GoFESI+%Mbrmwg*0
zbBq4^bA^XT#1MAOum)L&ARDXJ6S#G>&*72f50M1r5JAnM1p7GFIv$Kf9eVR(u$KLt
z9&hQ{t^i16zL1c(tRa~?qr?lbSN;1k;%;p*#gw_BwHJRjcYPTj6>y-rw*dFTnEs95
z`<FMqB&BWJIeB0{6D1m~qu=@hCpt1a7Vcsvb|g89jP!_Uz-s>%-AoPL!P16{=#RI0
zUb6#`KR|v^?6uNnY`zglZ#Wd|{*rZ(x&Hk8<qM`CScA2(LVcVNZOky+iJPIpuwY=U
z=Z*xuhr|d=`Y?DsZlreK`{{)9oo~h;%MlGfIu_5t0{Zwd#^$eBEJRCm#VI;4shm{!
zQIOw8TogK~EMpoRU5~ra%Nv<h42-yD<y~-Y>N6ob6mpX~e^qu5kxvh$2TLJA$M=rx
zc!#ot+sS+-!O<0KR6<B87tKA1D!2tp{{}m6Nb>+Lx&~zgEhCsbFY{i_DQCihspM?e
z-V}HemMAvFzXR#fV~a=Xf-;tJ1edd}Mry@^=9Bx<teCZzk7Vf&#B}|;Ku1=mZI6cq
zc2fpxUKwPJYw!<OR95HBS{Rxlr+HQeIW^4_Ry=FnXL#^a8wSE0>ON;dYr8vDEK<<{
zW~rg(ZspxuC&aJo$GTM!9_sXu(EaQJNkV9AC(ob#uA=b4*!Uf}B*@TK=*dBvKKPAF
z%14J$S)s-ws9~qKsf>DseEW(ssVQ9__YNg}r9GGx3AJiZR@w_QBlGP>yYh0lQCBtf
zx+G;mP+cMAg&b^7J!`SiBwC81M_r0X9kAr2y$0(Lf1gZK#>i!cbww(hn$;fLIxRf?
z!AtkSZc-h76KGSGz%48Oe`8ZBHkSXeVb!TJt_VC>$m<#}(Z}!(3h631ltKb3C<PI`
zHg;}~3Z_y}qo$oy$=-=cNQQij{+^z$FkCDNmcJ(nR}YrmX5)xn-9@fgFi4(=Zo_GN
zy?Oe$tHhT4!nfNSQXi(7bs%<e22jhU8C5@8oAxnKB1*Bipao};^;P4k#B}H`;N2t1
zaWcGX5*X+M*gD$=nN;$)sD{4Rs(nOjJ~eD|+_;vh%_wD3p^iG6bwN08Rp2yqP@xu@
zI1PUSz427M3uE(1Yq3sY!R^y4RsAD|`e~)oy|?1VTMaU{0zKmRCRVaDnqQ7t{V(H{
zazC|km=r0lF>DMw^fTRy%Ia!b&at`^g7<GJB?zDR8uB-1rQG(*Ogo)+@AC-24*MTJ
zWQp{*(~n2k)G9Jr#Vp7aEmNMZB<^@n4<$E`ILH;wRZdAbo`S7$!!KB;F_K$)3Cpf#
zB=^c$seWAaP1XH!D&gBVwgjFb!KP$Y3;~b>Ew-%WLT9(#V0OP9CE?uj62s>`GI3NA
z!`$U+i<`;IQyNBkou4|-7^9^ylac-Xu!M+V5p5l0Ve?J0wTSV<A{(ZpKB@DZ0UVnr
zI4FLdd`tU5tAmUt`q~|<#|QY*=){3H-Vp0YQrLn4kb)n;V@B>+$gYtoc=+Ve*OJUJ
z$+uIGALW?}+M!J9+M&#bT=Hz@{R2o>NtNGu1yS({pyteyb>*sg4N`KAD?`u3F#C1y
z2K4FKOAPASGZTep54PqyCG(h3?kqQQAxDSW@>T2d!n;9C8NGS;3A8YMRcL>b=<<%M
zMiWf$jY;`Ojq5S{kA!?28o)v$;)5bTL<4eM-_^h4)F#eeC2Dj*S`$jl^yn#NjJOYT
zx%yC5<d&2~J{P#-XPJdY>Ww@eX*zsM)P(5#wRd=0+3~&3pdIH7CxF_2iZSw@>kCyd
z%M}$1p((Bi<Ts-52Gj(CPu=6#nZ<PUj2f9alW<ibjr@OJjg2)k7BEmiK&*htLFE5p
z=KShwXK7gIYY)afOQxr>dw4XNtk&`BTkU{-PG)SXIZ)yQ!Iol6u8l*SQ1^%zC72FP
zLvG>_Z0SReMvB%)1@+et0S{<3hV@^SY3V~5IY(KUtTR{*<n@CmvH}?%_W8b*F*|XD
z9rh&eD(9-=tm3@5yeL<V?|F;lr*W-Jz;#vo{#lK+d$|@P$NWAJfu3*nit@SC@qros
zN6C)dw|jWL<-9#ueD{0Begj}S#Gw~n@2uD9FykWLauAwY#66kVFxKeeK!H(*+xK0i
zZq~(nbdl_6o%}~Ky-BQc>^xJ^2NN{sIMD9Mr9$~(C$GLNlSpzS=fsbw-DtHb_T|{s
z9OR|sx!{?F``H!gVUltY7l~dx^a(2;OUV<Q7sPAHOHNX$l~~fsM_KT{n6yP}a>^)7
z%@hg`8+r&xIxmzZ;Q&v0X%9P)U0SE@r@(lKP%TO(>6I_iF{?PX(bez6v8Gp!W_nd5
z<8)`1jcT)ImNZp-9rr4_1MQ|!?#8sJQx{`~7)QZ75I=DPAFD9Mt{zqFrcrXCU9MG8
zEuGcy;nZ?J#M3!3DWW?Zqv~dnN6ijlIjPfJx<BA)Y*9@h_g5ecORY88(dV%lg4k1a
zB@>(#S0cs;Z=jDjKY|$w2s4*Xa1Iz953sN2Lt!Vmk|%ZwOOqj`sA--5Hiaq8!C%LV
zvWZ=bxeRV(&%BffMJ_F~<T&goSJNcGux9cADxe@lL2$Tq`(CGFQ!}5|*&3SJbb5%@
z0wc1~bP8s0H>~*FdcjhRVNUXu)MS(S#6<eCvC-HoXYN2oW}|JHfTzf?$qj~0tpLUk
z%M~B=Hd`8Ns|*I0Se-vFRjRL3KvkT;>7rDe%Ler=GS+WysC1I2=Bmbh3s6wdS}o$0
zz%H08#SPFY9JPdL6blGD$D-AaYi;X!#zqib`(XX*i<*eh+2UEPzU4}V4RlC3{<>-~
zadGA8lSm>b7Z!q;D_f9DT4i)Q_}ByElGl*Cy~zX%IzHp)<!gDK7Fw&hur7!^af({;
zSS`gd#~Yf6rgTZ)^M#d8qYP}V5-5n^5Bapcmk;_hg+AN~*}`I>@g-itZB6xM70psn
z;AY8II99e6P2drgtTG5>`^|7qg`9MTp%T<Cjj5wEtHh~V@uDizUlhX;ZMpjuSFS4b
zZ(~JeanTMFcbQ2lBdrOfc>~|1N3tBqV}2zgow3TFAH{XPor0%=HrkXnKyxyozHlJ6
zd3}OWkl?H$l#yZqOzZbMI+lDLoH48;s10!m1!K87g;t}^+A3f3e&w{EYhV<NQZUpG
zltLF1TRhc*ED*dkxY`C<bMna&*9NXV40|&^Yg8|bPqwKfKL7?30R?#)Jd>PR0Km*-
zh5-ku$Z|Ss{2?4pGm(Rz!0OQb^_*N`)rW{z)^Cw_`a(_L9j=&HEJl(!4rQy1IS)>-
zeTIr>hOii`gc(fgYF(cs$R8l<wPR=hnjR-C{ax4KP9!asb2433d-gmiTtp2%&938(
zi#kUZ<!;43(A_enkU8iucnI=7kN!y4yI{rNCVJgK6Da$RZF>@q{mJzpoB5`5r>|sG
zBpsY}RkY(g5`bj~D>(;F8v*DyjX(#nVLSs>)XneWI&%Wo>a0u<MBCDcxLQavzUXBR
z%P3RqZ?0^wl);}062PTxR9$efJ_(ra@P`DaqfpA$IJJq>#4A?N<1SK4D}&V1oN)76
z%S>a2n3n>G`YY<ra<-cy*iETqn!$xQ%4@`-G0KHq(!a^@&iE`dd#(;^NfJD=_gbP{
z(E)BFTnlc)4;Ox;LUg<LOt{pab_#lkyCsU87SIrG@zJwIPM!zt6d}I1fw53#tu@f8
z6ws_a8M_>1>0Hvn&AMtMuI_?`5?4y3<G_ea_IL>w2Hnq4Qa2YH<OE9<vccGSsf?>5
zxKdfM;k467djL31Y$0kd9FCPbU=pHBp@zaIi`Xkd80;%&66zvSqsq6%aY)jZacfvw
ztkWE{ZV6V2WL9e}Dvz|!d96KqVkJU@5ryp#rReeWu>mSrOJxY^tWC9wd0)$+lZc%{
zY=c4#%OSyQJvQUuy^u}s8DN8|8T%TajOuaY^<W)Q^SG;qdTUQ%coZhnlryj-r+Zbv
ze24}HJkQ%i%M1C*EWiet>)R-&8s@r9D`(Ic4NmEu)fg<HuD5r_sfw5p5T0mE%%oJ|
z@Ew7^493mc^nOI1`?^A1^mpbCIsWVikbsSx!E8`VAp-fGPiX`>1f!u`xUb;9<!M`u
z1YRTErP<)m#$btD?HUg1kMvUw4z(I(0V@D}=Til@AVaFH;Kee9UhNEYH7xHiu`tTe
z<uUT`61At$#e*B3(6^Mcr@mMVUDYgVxUY5iLIQXaE)qPe(<eodL4(xNiYTz?5V#hN
zXQpM7;X#fh3wH&e;14oWnJHu6V^l5gmjHOEVl1wilMoboiwz`cqDA|72We-;iLt`v
zXRD(1gFX!i(hkz%^VDJh)HAQjZtL1AnajJF^w0X2_w9vlsYS?>t#rM<eX1Hi=}Yt+
zEM6#e_?%p)D3l%h_IQEFD2(hbo+u39#W#(sI1r{g*B|D3=h~#dwCtM&2N@)HDVoE~
zLxX=~OlZSr#=il9u6O9pgjX}|b(4~lx<&RC2GXzBBVYZHkGMeAnDJCK!8BF_iJht5
z4tVqp#GKL5ySJs2jkiG3KD=tKcd%ias$i5eukc3LS^XopN^be*;dcIv);e!2ld&1Z
z`aHsn60LT0grxuzS&D-%_Sm1urUiLZxB{+39o70Cs(L-fQEPo7X(^qlHDO)AJ)6o>
z>}cY=648@d5(9A;J)d{a^*ORdVtJrZ77!g~^lZ9@)|-ojvW#>)Jhe8$7W3mhmQh@S
zU=CSO+1gSsQ+Tv=x-BD}*py_Ox@;%#hPb&tqXqyUW9jV+fonnuCyVw=?HR>dAB~Fg
z^vl*~y*4|)WUW*9RC%~O1gHW~*tJb^a-j;ae2LRNo|0S2`RX>MYqGKB^_ng7YRc@!
zFxg1X!VsvXkNuv^3mI`F2=x6$(pZdw=jfYt1ja3FY7a41T07FPdCqFhU6%o|Yb6Z4
zpBGa=(ao3vvhUv#*S{li|EyujXQPUV;0sa5!0Ut)>tPWyC9e0_9(=v*z`TV5OUCcx
zT=w=^8#5u~7<}8Mepqln4lDv*-~g^VoV{(+*4w(q{At6d^E-Usa2`JXty++Oh~on^
z;;WHkJsk2jvh#N|?(2P<SJC@}aR)qGe*JJVhpRjnmdEMX^;I8-QI{&~7;MB8H5aq5
z1b85{7(Xj;zcI&_>Ll+g!M0#z_A;(#Uy=TzL&{Ei5G9#V{JbhKV$Qmkm%5tn!CMA?
z@hM=b@2DZWTQ6>&F6WCq6;~~WALiS#@{|I+ucCmD<d#p?&sVKhQMM}Hz2IN#_AZbM
zcW~3sT)$Z&J8<qgtiEy^d)Tq&1KDOCaqrvh2&|kUNCiXuv@078mqFmVV{@x^)#{B%
znOG5gif*l|@lC+I^YTIt`btBZn&#D>6|tBf&e;$_)%JL8$oIQ%!|Xih1v4A$=7xNO
zZVz$G8;G5)rxyD+M0$20L$4yukA_D+)xmK3DMTH3Q+$N&L%qB)XwYx&s1gkh=<Z9^
zv^D8jkEm@wsP${EDaG7#Daa+<%Rv7eH013-SOV6`VZkm-Y|<mOo8ZY<yM%f9br%gq
zTQ)!fLqMfRtEL7s!P1M(1er1%y%J*v^y#2=WS2Kd+AP5$e9);}<nt9*AsX)GgQ8PH
z&cFgM1@TuF#R~x+{^BnbvY!4lq~%{J>%qGCCPwnwhbT4p%*3R)I}S#w7HK3W^E%4w
z2+7ctHPx3Q97MFYB48HfD!xKKb(U^K_4)Bz(5dvwyl*R?)k;uHEYVi|{^rvh)w7}t
z`tnH{v9nlVHj2ign|1an_wz0vO)*`3RaJc#;(W-Q6!P&>+@#fptCgt<y=?W0tw?Bi
z$y<fqTOMhB6loFElNtnSd%pFrP=;Vld!RSD*lLC(^ZKYp*31M$7(7w1SIaBmdV9nj
zQe$^D@Hqt#!?RQ*`eSYlqm<?;hEC#?TnExtDda&Ws4n7f^XG!;T0t?#WkN@F2M!dT
zeO_}PaNdlJw<vE7u<r|LQ~LI>USn4!@b7tW0&pE2Qj@7}f#ugu4*C)8_}AMRuz^WG
zc)XDcOPQjRaGptRD^57B83B-2NKRo!j6TBAJntJPHNQG;^Oz}zt5F^kId~miK3J@l
ztc-IKp6qL!?u~q?qfGP0I~$5gvq#-0;R(oLU@sYayr*QH95fnrYA*E|n%&FP@Cz`a
zSdJ~(c@O^>qaO`m9IQ8s<PSiJj?T}n1n7vB&Kl5gO_)ESlzhSi#Pm1NH2a@GN9PPE
zA>d8!L<+)GPJDrL7{4{ko2gWOZel^3!($Gjt|B&$4dtfTmBmC>V`R&&6$wpgvdmns
zxcmfS%9_ZoN>F~azvLFtA(9Q5HYT#A(byGkESnt{$Tu<73$W~reB4&KF^JBsoqJ6b
zS?$D7DoUgzLO-?P`V?5_ub$nf1p0mF?I)StvPomT{uYjy!w&z$t~j&en=F~hw|O(1
zlV9$arQmKTc$L)Kupwz_zA~deT+-0WX6NzFPh&d+ly*3$<ZmpF7A`XZhpRA~R}jVc
z3iXeOM#O0dI}qz+t<!egeKk+zgpL{Gi24Nf&B<;&-D#JtA3-qKREzyu5hIQwd}xX<
zk{3LvXk8ajp726|6DnHFt0|R>%#?Ca9Z9lOJsGVoQ&1HNg+)tJ_sw)%oo*DK)iU~n
zvL``LqTe=r=7SwZ@LB)9|3QB5`0(B9r(iR}0nUwJss-v=dXnw<PDsriNm(~g_g9^W
zho7h((juXp`zsXLsL#BpaA?lR%i;>MRQFYSRK1blS#^g(3@z{`=8_CGDm!LESTWig
zzm1{?AG&7`uYJ;PoFO$o8RWuYsV26V{>D-iYTnvq7igWx9@w$EC*FV^vpvDl@i9yp
zPIqiX@hEZF4VqzI3Y)CHhR`xKN8poL&~ak|wgbE4zR%Dm(a@?bw%(7(!^>CM!^4@J
z6Z)KhoQP;WBq_Z_&<@i2t2&xq>N>b;Np2rX?yK|-!14iE2T}E|jC+=wYe~`y38g3J
z8QGZquvqBaG!vw&VtdXWX5<zk13bM0D^PnYAcdxlwQzMD@6w*IUr;=%T{|=-EHE8r
z$ynF!Myg{-ekuX;irp<s11YxTiu(G{FnJ?_U7gFl^y-USg2rKEo#;VE<!H51`V%eV
z<krpwhuQd%+~~chhmy%MJeE6NqpVA3kwI0Gez$?9zgq|B!$$~s)}?#vh$AQr6d}Yt
zW8zN=(hZkR(&zSEqZxxRcqWrZWHijKLBYfOI^I~0Xlo}YsC7!&-a}i%J|_I>*i5*%
zJP~7h{?&E|<#l{klGPaun`IgAJ4;RlbRqgJz5rmHF>MtJHbfqyyZi53?Lhj=(Ku#&
z__ubmZIxzSq3F90Xur!1)Vqe6b@!ueHA!93H~jdHmaS5Q^CULso}^poy)0Op6!{^9
zW<pc4>yCyyIrdBP4fkliZ%*g+J-A!6VFSRF6Liu6G^^=W>cn81>4&7(c7(6vCGSAJ
zQZ|S3mb|^Wf=yJ(h~rq`iiW~|n#$+KcblIR<@|lDtm!&NBzSG-1;7#YaU+-@=xIm4
zE}edTYd~e&_%+`<Mrb}x#<4QQbuj9CsfFs|^{XHpDw-9kZZ2|_;&%f^#|LHNhSQ#^
ztcjNH-2f5ZOQNA&k}Yz=difu`ym!!+xpK1r{#}PEohW|BaXzzXUxEE^@$Q}+&M-!^
z2Afp6Rnaxq;+s?<ip^t0hpMefW@Xp3?jh#GADii-NlH!qWceb?^m;teL{wRrNlP&9
zuP*Kp4^68~s}W>dIqqgFntL-FxL3!m4yTNt<(^Vt9c6F(`?9`u>$oNxoKB29<}9FE
zgf)VK!*F}nW?}l95%RRk8N4^Rf8)Xf;drT4<|lUDLPj^NPMrBPL;MX&0oGCsS<awL
zeb`JJGsh0IKBhKjns17)w<}|p&Y(LXvwh{x&FR`@muV`-%$M_#dc`;JGs&vn=yS$t
z_4WQ`1Ghc=akYsr{;?`5rS8?i_ZN{RoQMOyQD8h41Q=cVo5<3CqWZ?a<#Yd{r1#q{
zu9}4_t{J+I==#X@K*R}|OM<eDkyi2nRy@d+VsmsxEJu^l?$8h=t#n0Lh4K<bK^$sx
zBAvYXYMzzFDmxf-ELyz2gL+r*4)^x`P)=@UX6m808L8A#3!~WK#Kzr}ch23`AszF>
za3}vWcF(IPx&W6{s%zwX{UxHX2&xLGfT{d9bWP!g;Lg#etpuno$}tHoG<4Kd*=kpU
z;4%y(<^yj(UlG%l-7E9z_Kh2K<nJy*HG6XfV0eiRS|U63!R^)WKDRRHV&1U_4IU0o
z(J$;pw2&t2p@8VAUL`Sf;Rs-Msm4_A$ryZrxBph$(owdn1%or$k;Uj3OhV1vlr&mY
zme!F={~1h#I{`m+?n^(+i7C@@rVS>oQ19qT3CR@Ghr>BAgr3Vniz3Lm<m@pVFxb_J
zo`g0P2F1NkbMe_yGNukgl<vEi6mhuM$qEb(O$AiSgnULTEbfJxd-l2Db-<VLRq-T$
zoXGK}q8N?iU6iXb^YWgw2{iDVE}3%L8X=N2?I8k{8G>pC4g=g|A3968yD2KD$P7v$
zx9Q8`2&qH3&y-iv0#0+<GxhatNywIJ8i#gMBtZg`X)p~P`xDTj0$%Njb87RO^{!tC
z=s){)rc%1CEPb3;WtCcJa;weFt>jur@}k`6C%7fKbCr|tHX2&O%r?rBpg`YNy~2m+
z*L7dP$RANzVUsG_Lb>=__``6vA*xpUecuGsL+AW?BeSwyoQfDlXe8R1*R1M{0#M?M
zF+m19`3<`gM{+GpgW^=UmuK*yMh3}x)7P738wL8r@(Na6%ULPgbPVTa6gh5Q(SR0f
znr6kdRpe^(LVM;6Rt(Z@Lsz3EX*ry6(WZ?w>#ZRelx)N%sE+MN>5G|Z8{%@b&D+Ov
zPU{shc9}%;G7l;<N!KWc2oRT}vP9v`#d;AV*awZOUXw$2{4=Q_{?7)UKdyi9_bq1H
zYjRb8Fa>qbonIb_1m^Qc8ez}gTC-k02G8Rl?7={9zBz8uRX2{XJQ{vZhs67avlRn|
zgRtWl0Lhjet&!YC47GIm%1gdq%T24_^@<mMdl(UI;QWx$v5}XL<q3&j@ye*F&vZ%U
zNw{C`iWvfO^NIuQGZm@PB0Zs)+IIj-8&!|eAze)nYi3^pj!(2omrYYDCXCl;DnRdJ
z3LYjePBBBJ0o)<W6O5XQ_B=yOJ&sS*wq1joG~}(g=5%rgmxp_=o%_o1J=*7Es+$3a
zVtgs=Lu~K&-6QBmPnCerE#*6}vu7_6s+Qul`tjNeT<DS#nY<M(G9rfvQ;ay3R2x*j
z%8$xNN=#*0I8fi!l!0-!mJ;kC#5F|Mn2jryw8G4PYgkbzD%Gqfa1YH~57}${*oY&C
zD0nDiDe-nFSFE4!`_>!W3pCywc89X4I5pnBCZDn(%!$lOGvS*`0!AoMtqxNPFgaMR
zwoW$p;8l6v%a)vaNsesED3f}$%(>zICnoE|5JwP&+0XI}JxPccd+D^gx`g`=GsUc0
z9Uad|C+_@_0%JmcObGnS@3+J^0P!tg+fUZ_w#4rk#TlJYPXJiO>SBxzs9(J;XV9d{
zmTQE1(K8EYaz9p^XLbdWudyIPJlGPo0U*)fAh-jnbfm@SYD_2+?|DJ-^P+ojG{2{6
z>HJtedEjO@j_tqZ4;Zq1t5*5cWm~W?HGP!@_f6m#btM@46cEMhhK{(yI&jG)fwL1W
z^n_?o@G8a-jYt!}$H*;{0#z8lANlo!9b@!c5K8<(#<?#BV>lPlpE!z86Yq#>WT&2}
z;;G1$pD%iNoj#Z=&kij5&V1KHIhN-h<;{HC5wD)PvkF>CzlQOEx_0;-TJ*!#&{Wzt
zKcvq^SZIdop}y~iouNqtU7K7+?eIz-v_rfNM>t#i+dD$s_`M;sjGubTdP)<L^87w3
zUwey-({1-|+7iV_p0@>WI*uL@xPOLHt#~T<@Yz>xt50ZoTw;a(a}lNiDN-J${gOdE
zx?8LOA|tv{Mb}=TTR=LcqMqbCJkKj+@;4Mu)Cu0{`~ohix6E$g&tff)aHeUAQQ%M?
zIN4uSUTzC1i<AhqT@V-NALux>MEWL*W-in1y)C`E+R8j?4_?X4&2Zv5?QdkNMz(k}
zw##^Ikx`#_s>i&CO_mu@vJJ*|3ePRDl5pq$9V^>D;g0R%l>lw;ttyM6Sy`NBF{)Lr
zSk)V>mZr96+aHY%vTLLt%vO-<joqU~xMBz%sH3CfMrFB35pKpOk}{75>+juw6^SO_
zYG<?FUkH*7x3j@$9x`{~>JaGeWX6W(TOQx=5oTGXOFqMMU*uZyt>MR-Y`vxW#^&)H
zk0!F8f*@v6NO@Z*@Qo)+hlX40EWcj~j9dGrLaq%1;DE_%#lffXCcJ;!ZyyyZTz74Q
zb2WSly6sX{`gQeToQsi1-()5EJ1nJ*kXGD`xpXr~?F#V^sxE3qSOwRSaC9x9oa~jJ
z<?87egQ<yoH7Q~@w)g9AD3SKcN8*}jrX@I_4jgYs6pF<q;1~!iGe`vtFB~J6I3L43
zZ}s&oE|Wh{=_;r=75TzL6E4E%r?(z`3A=in#yyDSB)jE#dkX7xDAFaUyDPPK;IQQ4
zh`@i6yrRE4D{!nUA|RqJ53L{%lWaWF`Z595eH+4Q4Y)xo0zBhF^Ve;rzc>TG9`E|q
zC5Qs1xh}jz<K3)27xOpyCJ%0a9%Q0WUV8tEIMiHRl~E(Gx7ol|@pb!I@fpfa$)(k9
z1Y&9_xWs~)Z{n4#mc9n*Ro;Bsy5}_S;RdkW>b5UPYF`3N9YuMnI7xsZ41P;?@c|%w
zl=OxLr6sMGR+`LStLvh)g?fA5p|xbUD;yFAMQg&!PEDYxVYDfA>oTY;CFt`cg?Li1
z0b})!9Rvw&j#*&+D2))kXLL<u8Yh*+1dNoMBTRnql?p_yNW0`9KAFK)O4J&ct8Tq>
z0&#1+j=?7?#~_}N-qdEIP>DQaZh#F(#e0WNLzwUAj@r694VJ8?Dr5_io2X49XYsG^
zREt0$HiNI~6VV!ycvao+0v7uT$_ilKCvsC+VDNg7yG1X+eNe^3D^S==F3ByiW0T^F
zH6EsH^}Uj^VPIE&m)xlmOScYR(w750>hclqH~~dM2+;%GDXT`u4zG!p((*`Hwx41M
z4KB+`hfT(YA%W)Ve(n+Gu9kuXWKzxg{1ff^xNQw>w%L-)RySTk9kAS92(X0Shg^Q?
zx1YXg_TLC^?h6!4mBqZ9pKhXByu|u~gF%`%`vdoaGBN3^j4l!4x?Bw4Jd)Z4^di}!
zXlG1;hFvc>H?bmmu1E7Vx=%vahd!P1#ZGJOJYNbaek^$DHt`EOE|Hlij<Zn*O?r7_
z1ckL%tGj%OyF|p6kD)#yr}a7BajM_+0;mj?=f${bM~2C69`C_g@C?s_)aM6nLof2r
zkir@>+hX>ocQFSLVu|wz`|KVl@Oa;m2k6b*mNK2Vo{~l9>Qa3@B7G7#k?)aLx;w6U
ze8bBq%vF?5v>#TspEoaII!N}sRT~>bh-VWJ7Q*1qsz%|G)CFmnttbq$Ogb{~YK_=!
z{{0vhlW@g!$>|}$&4E3@k`KPElW6x#tSX&dfle>o!irek$NAbDzdd2pVeNzk4&qgJ
zXvNF0$R96~g0x+R1igR<U}1p=V7dNgjyTx9H!*VhH-f)e@ltYq@6dv$A;5*b_~rZa
zPkX@Av7Glv6e6kfNwMyPxRV*JL*T%me@Lp4(>=X<rr1L(XIv59qd7m$<lMe-DYm_!
zuLilT)q014>u&X_Hc5;!<P6URY84e3##>Ze&C)eUTB$9wW&?$&o8Yxhm5s(S`;?{>
z*F?9Gr0|!OiKA>Rq-ae=_okB6&yMR?!JDer{@iQgIn=cGxs-u^!8Q$+N&pfg2WM&Z
zulHu=Uh~U>fS{=Nm0x>ACvG*4R`Dx^kJ65&Vvfj`rSCV$5>c04N26Rt2S?*kh3JKq
z9(3}5T?*x*AP(X2Ukftym0XOvg~r6Ms$2<ox;Fi+OC@#JvWO3}-B=8-uCjHBquPld
zS+HTjK)~obVhP{Z>x&R&#}Sz23aMGU&7sU-cFvE3Eq`NBJe84VoftWF#v7PDAp`@V
zRFCS24_k~;@~R*L)eCx@Q9EYmM)Sn}HLbVMyxx%{XnMBDc-YZ<(DXDBYUt8$u5Zh}
zBK~=M9cG$?_m_M61YG+#|9Vef7LfbH>(C21&aC)x$^Lg}fa#SF){RX|?-xZjSOrn#
z2ZAwUF)$VB<&S;R3FhNSQOV~8w<Og9U<rFdP~KV~l?e=JWHNu5{xO-^+Tq*L^{VHU
zRmvO0C}JzLJdL19P%HFYkvG0$Jmk~R#%m9;@0!Mk#dFup2)3j*k;6T?91;~T93!}d
zsMJ|x2P!ga{CX5}VAmTU@VU)35ttzj-pqEQZio?Kzt%Z#Tfh~IaA{>%A`V9dWyLiy
zgt7G=Z4t|zU3!dh5|s(@XyS|waBr$>@=^Dspmem8)@L`Ns{xl%rGdX!R(BiC5C7Vo
zXetb$oC_iXS}2x_Hy}T(hUUNbO47Q@+^4Q`h>(R-;OxCyW#eoOeC51jzxnM1yxBrp
zz6}z`(=cn<x=t>gs6X05e79o_B<I(U3ge(*Q~A4fIB8U<Nsf>7@3K|Qpe3n38Py_~
zpi?^rj!`pq!7PHGliC$`-8A^Ib?2qgJJCW+(&TfOnFGJ+@-<<~`7BR0f4oSINBq&R
z2CM`0%WLg_Duw^1SPwj-{?BUl2Y=M4e+7yL1{C&&f&zjF06#xf>VdLozg<WmXaD(?
zjEJ%Tt%R&7y}Z<)n_1WL@xBB8@h>Nye(BNgSD`=fFbBy0HIosLl@JwCQl^s;eTnc(
z3!r8G=K>zb`|bLLI0N|eFJk%s)B>oJ^M@AQzqR;HUjLsOqW<0v<QJ-wKR5hM`u{J?
z<*TMEU_kfb1UN#!)F1o(D)h$(POv`+`~MCgXlv`_2-NGhlQFQc0VYiTROx@&H*<w&
z?|dNM9Psl?5rW^ZLVrtOa?amC3j@UttZWU8f7juA2{?RkUWN-CSZUy(viyz){4VsD
z1x7^v2@trvySWQEJDCIZku8jVYJI$9U~S^b=mBcZX5xc@5dDdv9XLM!!0@Y2^%BnA
zUphYz2r~x!{371``&H=QhV_qd!2X&!m^eC01FMUh*!*4w;Uzo~rx#Qca43V|em&m*
z6TTe#Z{dN`&{oclK;;ur3o8==BO@S#jDd}T*?%L5Jq@C92M#y@IN*Oaj@mbWOCaW8
z04&w10@P9zx3xBrwzai%w)^{`=^?V(VF!*WF**nc)$bh#ei!;X18wDRM*3Ii-wJ~L
zVtap&`>>1ksT_#24*U@R3HJu*A^#1o#P3%3_jq>icD@<`tqU6ICEgZrME(xX#?i^Z
z%Id$_uyQGlFD-CcaiRtRdGn|K`Lq5L-rx7`vYYGH7I=eLfHRozPiUtSe~Tt<YxZC7
zwyg~|auaaU>;IN2^gCXmf2#D~g2@9bhzK}3nphhG%d?V7+Zq{I2?Gt*!NSn_r~dd$
zqkUOg{U=MI?Ehx@`(X%rQB?LP=CjJ*V!rec{#0W2WshH$X#9zep!K)tzZoge*LYd5
z@g?-j5_mtMp>_WW`p*UNUZTFN{_+#m*bJzt{hvAdkF{W40{#L3w6gzPztnsA_4?&0
z(+>pv!zB16rR-(nm(^c>Z(its{ny677vT8sF564^mlZvJ!h65}OW%Hn|2OXbOQM%b
z{6C54Z2v;^hyMQ;UH+HwFD2!F!VlQ}6Z{L0_9g5~CH0@Mqz?ZC`^QkhOU#$Lx<4`B
zyZsa9uPF!rZDo8ZVfzzR#r<EP{&zv!m)(CU!ugZv$?M+|{W?6qNpij<cqw`Kli<Sl
zUl9C*0OCugmkMY<nIwb$1=GLMLwm{jQpD;f=Of@>aQ>5|)k~_Ef*wDqG^76o)j!C4
zykvT*o$!-MBko@?{b~*Zf2*YMlImrK`cEp|#D7f%Twm<|C|dWD<Yn6LPZFDye@*i1
zeEowc%1f4)`K3QuEYtoq%dZ)CfB#^AnZ);#z%29sli+`i*vkZ}pH!+j|AOj&j@8R#
znxFXPz*mG9&(J?SK7Ly?|2ehh<&AlnfAEuRzwm#P{r$aox%2!Jldt(NnE&bZU-zM3
z_VZ-``zNLp@WuDVp!@~%pPo@K!+t-JZTtR;{O^N+FaLv=p{SocLIZ!{dFgik;Wqz|
p$N0<e$WI!Kq5pH~{#&p_UJ3&EmiWsnC?g0qP<qe|*aQUR{{c1Y6LtUq

literal 0
HcmV?d00001

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 000000000..7c4388a92
--- /dev/null
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
new file mode 100755
index 000000000..cccdd3d51
--- /dev/null
+++ b/gradlew
@@ -0,0 +1,172 @@
+#!/usr/bin/env sh
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"
diff --git a/notary/build.gradle b/notary/build.gradle
new file mode 100644
index 000000000..e77fffe17
--- /dev/null
+++ b/notary/build.gradle
@@ -0,0 +1,42 @@
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.quasar-utils'
+
+cordapp {
+    targetPlatformVersion corda_platform_version.toInteger()
+    minimumPlatformVersion corda_platform_version.toInteger()
+    workflow {
+        name "Zk Notary App"
+        vendor "ING Bank NV"
+        licence "Apache License, Version 2.0"
+        versionId 1
+    }
+}
+
+sourceSets {
+    main {
+        resources {
+            srcDir rootProject.file("config/dev")
+        }
+    }
+    test {
+        resources {
+            srcDir rootProject.file("config/test")
+        }
+    }
+}
+
+dependencies {
+    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+    testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
+    testCompile "junit:junit:$junit_version"
+
+    // Corda dependencies.
+    cordaCompile "$corda_release_group:corda-core:$corda_release_version"
+    cordaRuntime "$corda_release_group:corda:$corda_release_version"
+    cordaCompile "$corda_release_group:corda-node:$corda_release_version"
+    testCompile "$corda_release_group:corda-node-driver:$corda_release_version"
+    testCompile "$corda_release_group:corda-test-utils:$corda_release_version"
+
+    compile group: 'net.java.dev.jna', name: 'jna', version: '5.3.1'
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKFinalityFlow.kt b/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKFinalityFlow.kt
new file mode 100644
index 000000000..39f51f4bd
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKFinalityFlow.kt
@@ -0,0 +1,176 @@
+package com.ing.zknotary.client.flows
+
+import co.paralleluniverse.fibers.Suspendable
+import com.ing.zknotary.common.zkp.ZKConfig
+import com.ing.zknotary.common.zkp.DefaultZKConfig
+import net.corda.core.crypto.isFulfilledBy
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatingFlow
+import net.corda.core.flows.NotaryException
+import net.corda.core.flows.NotaryFlow
+import net.corda.core.flows.SendTransactionFlow
+import net.corda.core.flows.UnexpectedFlowEndException
+import net.corda.core.identity.Party
+import net.corda.core.identity.groupAbstractPartyByWellKnownParty
+import net.corda.core.node.StatesToRecord
+import net.corda.core.transactions.LedgerTransaction
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.utilities.ProgressTracker
+
+/**
+ * Verifies the given transaction, then sends it to the named notary. If the notary agrees that the transaction
+ * is acceptable then it is from that point onwards committed to the ledger, and will be written through to the
+ * vault. Additionally it will be distributed to the parties reflected in the participants list of the states.
+ *
+ * The transaction is expected to have already been resolved: if its dependencies are not available in local
+ * storage, verification will fail. It must have signatures from all necessary parties other than the notary.
+ *
+ * A list of [FlowSession]s is required for each non-local participant of the transaction. These participants will receive
+ * the final notarised transaction by calling [ReceiveFinalityFlow] in their counterpart com.ing.zknotary.flows. Sessions with non-participants
+ * can also be included, but they must specify [StatesToRecord.ALL_VISIBLE] for statesToRecord if they wish to record the
+ * contract states into their vaults.
+ *
+ * The flow returns the same transaction but with the additional signatures from the notary.
+ *
+ * NOTE: This is an inlined flow but for backwards compatibility is annotated with [InitiatingFlow].
+ */
+// To maintain backwards compatibility with the old API, FinalityFlow can act both as an initiating flow and as an inlined flow.
+// This is only possible because a flow is only truly initiating when the first call to initiateFlow is made (where the
+// presence of @InitiatingFlow is checked). So the new API is inlined simply because that code path doesn't call initiateFlow.
+@InitiatingFlow
+class ZKFinalityFlow private constructor(
+    val transaction: SignedTransaction,
+    override val progressTracker: ProgressTracker,
+    private val sessions: Collection<FlowSession>,
+    private val zkConfig: ZKConfig = DefaultZKConfig
+) : FlowLogic<SignedTransaction>() {
+
+    /**
+     * Notarise the given transaction and broadcast it to all the participants.
+     *
+     * @param transaction What to commit.
+     * @param sessions A collection of [FlowSession]s for each non-local participant of the transaction. Sessions to non-participants can
+     * also be provided.
+     */
+    @JvmOverloads
+    constructor(
+        transaction: SignedTransaction,
+        sessions: Collection<FlowSession>,
+        progressTracker: ProgressTracker = tracker(),
+        zkConfig: ZKConfig = DefaultZKConfig
+    ) : this(transaction, progressTracker, sessions, zkConfig)
+
+    companion object {
+        object NOTARISING : ProgressTracker.Step("Requesting signature by notary service") {
+            override fun childProgressTracker() = NotaryFlow.Client.tracker()
+        }
+
+        object BROADCASTING : ProgressTracker.Step("Broadcasting transaction to participants")
+
+        @JvmStatic
+        fun tracker() = ProgressTracker(
+            NOTARISING,
+            BROADCASTING
+        )
+    }
+
+    @Suspendable
+    @Throws(NotaryException::class)
+    override fun call(): SignedTransaction {
+        require(sessions.none { serviceHub.myInfo.isLegalIdentity(it.counterparty) }) {
+            "Do not provide flow sessions for the local node. ZKFinalityFlow will record the notarised transaction locally."
+        }
+
+        // Note: this method is carefully broken up to minimize the amount of data reachable from the stack at
+        // the point where subFlow is invoked, as that minimizes the checkpointing work to be done.
+        //
+        // Lookup the resolved transactions and use them to map each signed transaction to the list of participants.
+        // Then send to the notary if needed, record locally and distribute.
+
+        logCommandData()
+        val ledgerTransaction = verifyTx()
+        val externalTxParticipants = extractExternalParticipants(ledgerTransaction)
+
+        val sessionParties = sessions.map { it.counterparty }
+        val missingRecipients = externalTxParticipants - sessionParties
+        require(missingRecipients.isEmpty()) {
+            "Flow sessions were not provided for the following transaction participants: $missingRecipients"
+        }
+
+        val notarised = notariseAndRecord()
+
+        progressTracker.currentStep =
+            BROADCASTING
+
+        for (session in sessions) {
+            try {
+                subFlow(SendTransactionFlow(session, notarised))
+                logger.info("Party ${session.counterparty} received the transaction.")
+            } catch (e: UnexpectedFlowEndException) {
+                throw UnexpectedFlowEndException(
+                    "${session.counterparty} has finished prematurely and we're trying to send them the finalised transaction. " +
+                        "Did they forget to call ReceiveFinalityFlow? (${e.message})",
+                    e.cause,
+                    e.originalErrorId
+                )
+            }
+        }
+
+        logger.info("All parties received the transaction successfully.")
+
+        return notarised
+    }
+
+    private fun logCommandData() {
+        if (logger.isDebugEnabled) {
+            val commandDataTypes =
+                transaction.tx.commands.asSequence().mapNotNull { it.value::class.qualifiedName }.distinct()
+            logger.debug("Started finalization, commands are ${commandDataTypes.joinToString(", ", "[", "]")}.")
+        }
+    }
+
+    @Suspendable
+    private fun notariseAndRecord(): SignedTransaction {
+        val notarised = if (needsNotarySignature(transaction)) {
+            progressTracker.currentStep =
+                NOTARISING
+            val notarySignatures = subFlow(ZKNotaryFlow(transaction, zkConfig))
+            transaction + notarySignatures
+        } else {
+            logger.info("No need to notarise this transaction.")
+            transaction
+        }
+        logger.info("Recording transaction locally.")
+        serviceHub.recordTransactions(notarised)
+        logger.info("Recorded transaction locally successfully.")
+        return notarised
+    }
+
+    private fun needsNotarySignature(stx: SignedTransaction): Boolean {
+        val wtx = stx.tx
+        val needsNotarisation = wtx.inputs.isNotEmpty() || wtx.references.isNotEmpty() || wtx.timeWindow != null
+        return needsNotarisation && hasNoNotarySignature(stx)
+    }
+
+    private fun hasNoNotarySignature(stx: SignedTransaction): Boolean {
+        val notaryKey = stx.tx.notary?.owningKey
+        val signers = stx.sigs.asSequence().map { it.by }.toSet()
+        return notaryKey?.isFulfilledBy(signers) != true
+    }
+
+    private fun extractExternalParticipants(ltx: LedgerTransaction): Set<Party> {
+        val participants = ltx.outputStates.flatMap { it.participants } + ltx.inputStates.flatMap { it.participants }
+        return groupAbstractPartyByWellKnownParty(serviceHub, participants).keys - serviceHub.myInfo.legalIdentities
+    }
+
+    // For this first version, we still resolve the entire plaintext history of the transaction
+    private fun verifyTx(): LedgerTransaction {
+        val notary = transaction.tx.notary
+        // The notary signature(s) are allowed to be missing but no others.
+        if (notary != null) transaction.verifySignaturesExcept(notary.owningKey) else transaction.verifyRequiredSignatures()
+        val ltx = transaction.toLedgerTransaction(serviceHub, false)
+        ltx.verify()
+        return ltx
+    }
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKNotaryFlow.kt b/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKNotaryFlow.kt
new file mode 100644
index 000000000..ddd03e83c
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/client/flows/ZKNotaryFlow.kt
@@ -0,0 +1,123 @@
+package com.ing.zknotary.client.flows
+
+import co.paralleluniverse.fibers.Suspendable
+import com.ing.zknotary.common.transactions.ZKFilteredTransaction
+import com.ing.zknotary.common.zkp.ZKConfig
+import com.ing.zknotary.common.zkp.DefaultZKConfig
+import net.corda.core.contracts.StateRef
+import net.corda.core.contracts.TimeWindow
+import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.TransactionSignature
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.NotarisationPayload
+import net.corda.core.flows.NotarisationRequest
+import net.corda.core.flows.NotarisationRequestSignature
+import net.corda.core.flows.NotarisationResponse
+import net.corda.core.flows.NotaryError
+import net.corda.core.flows.NotaryException
+import net.corda.core.flows.NotaryFlow
+import net.corda.core.identity.Party
+import net.corda.core.internal.NetworkParametersStorage
+import net.corda.core.internal.notary.generateSignature
+import net.corda.core.transactions.ContractUpgradeWireTransaction
+import net.corda.core.transactions.NetworkParametersHash
+import net.corda.core.transactions.NotaryChangeWireTransaction
+import net.corda.core.transactions.ReferenceStateRef
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.transactions.WireTransaction
+import net.corda.core.utilities.UntrustworthyData
+import java.util.function.Predicate
+
+open class ZKNotaryFlow(
+    private val stx: SignedTransaction,
+    private val zkConfig: ZKConfig = DefaultZKConfig
+) : NotaryFlow.Client(stx) {
+
+    @Suspendable
+    @Throws(NotaryException::class)
+    override fun call(): List<TransactionSignature> {
+        val notaryParty = checkTransaction()
+        val response = zkNotarise(notaryParty)
+        return validateResponse(response, notaryParty)
+    }
+
+    /** Notarises the transaction with the [notaryParty], obtains the notary's signature(s). */
+    @Throws(NotaryException::class)
+    @Suspendable
+    protected fun zkNotarise(notaryParty: Party): UntrustworthyData<NotarisationResponse> {
+        val session = initiateFlow(notaryParty)
+        val requestSignature = generateRequestSignature()
+        return if (isValidating(notaryParty)) {
+            throw NotaryException(NotaryError.TransactionInvalid(Throwable("Validating notaries can never handle ZKTransactions")))
+        } else {
+            // TODO: find a way to check that this notary is actually running ZKNotaryServiceFlow (className property?)
+            sendAndReceiveNonValidatingWithZKProof(notaryParty, session, requestSignature)
+        }
+    }
+
+    @Suspendable
+    private fun sendAndReceiveNonValidatingWithZKProof(
+        notaryParty: Party,
+        session: FlowSession,
+        signature: NotarisationRequestSignature
+    ): UntrustworthyData<NotarisationResponse> {
+        val ctx = stx.coreTransaction
+        val tx = when (ctx) {
+            is ContractUpgradeWireTransaction -> ctx.buildFilteredTransaction()
+            is WireTransaction -> buildZKFilteredTransaction(stx, notaryParty)
+            else -> ctx
+        }
+        session.send(NotarisationPayload(tx, signature))
+        return receiveResultOrTiming(session)
+    }
+
+    private fun buildZKFilteredTransaction(stx: SignedTransaction, notaryParty: Party): ZKFilteredTransaction {
+        val wtx = stx.coreTransaction as WireTransaction
+
+        val ftx = wtx.buildFilteredTransaction(Predicate {
+            it is StateRef || it is ReferenceStateRef || it is TimeWindow || it == notaryParty || it is NetworkParametersHash
+        })
+
+        // TODO: create custom sigs, because we need a different scheme, and also it sigs of the additional merkle root and not of SignableData
+        val signatures = stx.sigs.map { it.bytes }
+
+        val witness = zkConfig.serializer.serializeWitness(wtx.toLedgerTransaction(serviceHub), signatures)
+        val instance = zkConfig.serializer.serializeInstance(wtx.id)
+
+        // TODO: inject the prover
+        val proof = zkConfig.prover.prove(witness, instance)
+        return ZKFilteredTransaction(proof, ftx)
+    }
+
+    /****************************************************
+     * Copies of private methods from NotaryFlow.Client *
+     ****************************************************/
+    private fun isValidating(notaryParty: Party): Boolean {
+        val onTheCurrentWhitelist = serviceHub.networkMapCache.isNotary(notaryParty)
+        return if (!onTheCurrentWhitelist) {
+            /*
+                Note that the only scenario where it's acceptable to use a notary not in the current network parameter whitelist is
+                when performing a notary change transaction after a network merge – the old notary won't be on the whitelist of the new network,
+                and can't be used for regular transactions.
+            */
+            check(stx.coreTransaction is NotaryChangeWireTransaction) {
+                "Notary $notaryParty is not on the network parameter whitelist. A non-whitelisted notary can only be used for notary change transactions"
+            }
+            val historicNotary =
+                (serviceHub.networkParametersService as NetworkParametersStorage).getHistoricNotary(notaryParty)
+                    ?: throw IllegalStateException("The notary party $notaryParty specified by transaction ${stx.id}, is not recognised as a current or historic notary.")
+            historicNotary.validating
+        } else serviceHub.networkMapCache.isValidatingNotary(notaryParty)
+    }
+
+    /**
+     * Ensure that transaction ID instances are not referenced in the serialized form in case several input states are outputs of the
+     * same transaction.
+     */
+    private fun generateRequestSignature(): NotarisationRequestSignature {
+        // TODO: This is not required any more once our AMQP serialization supports turning off object referencing.
+        val notarisationRequest =
+            NotarisationRequest(stx.inputs.map { it.copy(txhash = SecureHash.parse(it.txhash.toString())) }, stx.id)
+        return notarisationRequest.generateSignature(serviceHub)
+    }
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/contracts/TestContract.kt b/notary/src/main/kotlin/com/ing/zknotary/common/contracts/TestContract.kt
new file mode 100644
index 000000000..ca7d20873
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/contracts/TestContract.kt
@@ -0,0 +1,71 @@
+package com.ing.zknotary.common.contracts
+
+import net.corda.core.contracts.BelongsToContract
+import net.corda.core.contracts.CommandAndState
+import net.corda.core.contracts.CommandData
+import net.corda.core.contracts.Contract
+import net.corda.core.contracts.ContractClassName
+import net.corda.core.contracts.OwnableState
+import net.corda.core.identity.AbstractParty
+import net.corda.core.transactions.LedgerTransaction
+import java.util.Random
+
+class TestContract : Contract {
+    companion object {
+        const val PROGRAM_ID: ContractClassName = "com.ing.zknotary.common.contracts.TestContract"
+    }
+
+    @BelongsToContract(TestContract::class)
+    data class TestState(override val owner: AbstractParty, val value: Int = Random().nextInt()) : OwnableState {
+        override val participants = listOf(owner)
+        override fun withNewOwner(newOwner: AbstractParty) = CommandAndState(Move(), copy(owner = newOwner))
+    }
+
+    // Commands
+    class Create : CommandData
+    class Move : CommandData
+
+    override fun verify(tx: LedgerTransaction) {
+        // The transaction may have only one command, of a type defined above
+        if (tx.commands.size != 1) throw IllegalArgumentException("Failed requirement: the tx has only one command")
+        val command = tx.commands[0]
+
+        when (command.value) {
+            is Create -> {
+                // Transaction structure
+                if (tx.outputs.size != 1) throw IllegalArgumentException("Failed requirement: the tx has only one output")
+                if (tx.inputs.isNotEmpty()) throw IllegalArgumentException("Failed requirement: the tx has no inputs")
+
+                // Transaction contents
+                val output = tx.getOutput(0) as TestState
+                if (output.owner.owningKey !in command.signers) throw IllegalArgumentException("Failed requirement: the output state is owned by the command signer")
+            }
+            is Move -> {
+                // Transaction structure
+                if (tx.outputs.size != 1) throw IllegalArgumentException("Failed requirement: the tx has only one output")
+                if (tx.inputs.size != 1) throw IllegalArgumentException("Failed requirement: the tx has only one output")
+
+                // Transaction contents
+                val output = tx.getOutput(0) as TestState
+                val input = tx.getInput(0) as TestState
+
+                /*
+                // Note: the fact that command.signers contains a certain required key, does not mean we can assume it has been
+                // verified that this signature is present. The validating notary does check this directly after the contract verification,
+                // but the non-validating notary never checks signatures. In that case, this check only means that we
+                // can enforce that the owner of e.g. the output is set as one of the required signers by the tx creator,
+                // but not that these signatures are actually present.
+                // Counterparties also do contract verification, and like a validating notary, do check signatures.
+                // In that case, this check equals saying that we require a signature to be present on the tx of the
+                // owner of the input and of the owner of the output.
+
+                 */
+                if (input.owner.owningKey !in command.signers) throw IllegalArgumentException("Failed requirement: the input state is owned by a required command signer")
+                if (input.value != output.value) throw IllegalArgumentException("Failed requirement: the value of the input and out put should be equal")
+            }
+            else -> {
+                throw IllegalStateException("No valid command found")
+            }
+        }
+    }
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/serializer/JsonZKInputSerializer.kt b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/JsonZKInputSerializer.kt
new file mode 100644
index 000000000..2111dc355
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/JsonZKInputSerializer.kt
@@ -0,0 +1,120 @@
+package com.ing.zknotary.common.serializer
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.serialization.serialize
+import net.corda.core.transactions.LedgerTransaction
+
+/**
+ * This ZKInputSerializer puts CordaSerialized componentents in a JSON structure like so:
+ * {
+ *    "inputs": [
+ *          "t43t43fg4rfgeg45tgr4vdffvdgfdgs3234534",    <---- This is some encoded form of CordaSerialized binary data
+ *          "fsd9nkfdshy789uj89fud9cndks"
+ *    ],
+ *    "outputs": [
+ *          ...
+ *    ],
+ *    ...
+ *    "privacySalt": "89r5uy43hinf4389h439",
+ *    ...
+ * }
+ */
+object JsonZKInputSerializer : ZKInputSerializer {
+    // FIXME: should be turned into proper serialization of any tx generic data structure
+    override fun serializeWitness(tx: LedgerTransaction, signatures: List<ByteArray>): ByteArray {
+        var witness = ByteArray(0) // Or perhaps this should be JSON?
+
+        /**
+         * We keep the same order as [ComponentGroupEnum]
+         * INPUTS_GROUP, // ordinal = 0.
+         * OUTPUTS_GROUP, // ordinal = 1.
+         * COMMANDS_GROUP, // ordinal = 2.
+         * ATTACHMENTS_GROUP, // ordinal = 3.
+         * NOTARY_GROUP, // ordinal = 4.
+         * TIMEWINDOW_GROUP, // ordinal = 5.
+         * SIGNERS_GROUP, // ordinal = 6.
+         * REFERENCES_GROUP, // ordinal = 7.
+         * PARAMETERS_GROUP // ordinal = 8.
+         */
+        witness += serializeInputs(tx)
+        witness += serializeOutputs(tx)
+        witness += serializeCommandData(tx) // Note that the Commands in a tx are made up out of two component groups in the Merkle tree: CommandData and commandSigners. They are serialized serparately.
+        // We will skip the attachments and only use its component group hash for merkle root recalculation
+        witness += serializeNotary(tx) // We don't need to validate that this is the correct notary as the NotaryServiceFlow already does this. But we might need it for other checks
+        witness += serializeTimeWindow(tx) // The TimeWindow is committed by the FilteredTransaction.verify, but we may still need it for business logic.
+        witness += serializeSigners(tx) // // Note that the Commands in a tx are made up out of two component groups in the Merkle tree: CommandData and commandSigners. They are serialized serparately.
+        witness += serializeReferenceStates(
+            tx
+        )
+        // We will skip the network parameters group and only use its component group hash for merkle root calculation
+
+        // Other components we need
+        witness += serializeSignatures(
+            signatures
+        )
+        witness += serializePrivacySalt(tx)
+        witness += serializeComponentGroupHashes(
+            tx
+        )
+
+        return witness
+    }
+
+    private fun serializeSigners(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeTimeWindow(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeNotary(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeComponentGroupHashes(tx: LedgerTransaction): ByteArray {
+        // FIXME: This is impossible with a LedgerTransaction, unless we recalculate them here. We need a TraversableTransaction for this
+        return ByteArray(0)
+    }
+
+    private fun serializePrivacySalt(tx: LedgerTransaction): ByteArray {
+        // return tx.privacySalt.bytes
+        return ByteArray(0)
+    }
+
+    private fun serializeReferenceStates(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeSignatures(signatures: List<ByteArray>): ByteArray {
+        // return signatures.reduce { acc, sig -> acc + sig // 64 bytes per sig } }
+        return ByteArray(0)
+    }
+
+    private fun serializeCommandData(tx: LedgerTransaction): ByteArray {
+        // As an example if not using Corda serialization: how to extract meaningful data from a Corda data structure:
+        // val commandSigners = tx.commands.flatMap { command -> command.signers }
+        // commandSigners.forEach { pubkey ->
+        //     pubkey as EdDSAPublicKey
+        //     witness += pubkey.abyte // 32 bytes
+        // }
+        return ByteArray(0)
+    }
+
+    private fun serializeOutputs(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeInputs(tx: LedgerTransaction): ByteArray {
+        // return ByteArray(0)
+        // For testing, only serialize one input and nothing else for the entire tx. Lets see if we can deserialize that in Zinc
+        return tx.inputStates[0].serialize().bytes
+    }
+
+    /**
+     * This seems overkill now, but later we will add more things to the instance
+     */
+    override fun serializeInstance(zkTransactionId: SecureHash): ByteArray {
+        return zkTransactionId.bytes // These are the raw bytes of the the transaction id hash (merkle root)
+    }
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/serializer/NoopZKInputSerializer.kt b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/NoopZKInputSerializer.kt
new file mode 100644
index 000000000..18262118d
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/NoopZKInputSerializer.kt
@@ -0,0 +1,9 @@
+package com.ing.zknotary.common.serializer
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.transactions.LedgerTransaction
+
+object NoopZKInputSerializer : ZKInputSerializer {
+    override fun serializeWitness(tx: LedgerTransaction, signatures: List<ByteArray>) = ByteArray(0)
+    override fun serializeInstance(zkTransactionId: SecureHash) = ByteArray(0)
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/serializer/VictorsZKInputSerializer.kt b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/VictorsZKInputSerializer.kt
new file mode 100644
index 000000000..75a382db1
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/VictorsZKInputSerializer.kt
@@ -0,0 +1,109 @@
+package com.ing.zknotary.common.serializer
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.serialization.serialize
+import net.corda.core.transactions.LedgerTransaction
+
+object VictorsZKInputSerializer : ZKInputSerializer {
+    // FIXME: should be turned into proper serialization of any tx generic data structure
+    override fun serializeWitness(tx: LedgerTransaction, signatures: List<ByteArray>): ByteArray {
+        var witness = ByteArray(0) // Or perhaps this should be JSON?
+
+        /**
+         * We keep the same order as [ComponentGroupEnum]
+         * INPUTS_GROUP, // ordinal = 0.
+         * OUTPUTS_GROUP, // ordinal = 1.
+         * COMMANDS_GROUP, // ordinal = 2.
+         * ATTACHMENTS_GROUP, // ordinal = 3.
+         * NOTARY_GROUP, // ordinal = 4.
+         * TIMEWINDOW_GROUP, // ordinal = 5.
+         * SIGNERS_GROUP, // ordinal = 6.
+         * REFERENCES_GROUP, // ordinal = 7.
+         * PARAMETERS_GROUP // ordinal = 8.
+         */
+        witness += serializeInputs(tx)
+        witness += serializeOutputs(tx)
+        witness += serializeCommandData(
+            tx
+        ) // Note that the Commands in a tx are made up out of two component groups in the Merkle tree: CommandData and commandSigners. They are serialized serparately.
+        // We will skip the attachments and only use its component group hash for merkle root recalculation
+        witness += serializeNotary(tx) // We don't need to validate that this is the correct notary as the NotaryServiceFlow already does this. But we might need it for other checks
+        witness += serializeTimeWindow(tx) // The TimeWindow is committed by the FilteredTransaction.verify, but we may still need it for business logic.
+        witness += serializeSigners(tx) // // Note that the Commands in a tx are made up out of two component groups in the Merkle tree: CommandData and commandSigners. They are serialized serparately.
+        witness += serializeReferenceStates(
+            tx
+        )
+        // We will skip the network parameters group and only use its component group hash for merkle root calculation
+
+        // Other components we need
+        witness += serializeSignatures(
+            signatures
+        )
+        witness += serializePrivacySalt(
+            tx
+        )
+        witness += serializeComponentGroupHashes(
+            tx
+        )
+
+        return witness
+    }
+
+    private fun serializeSigners(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeTimeWindow(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeNotary(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeComponentGroupHashes(tx: LedgerTransaction): ByteArray {
+        // FIXME: This is impossible with a LedgerTransaction, unless we recalculate them here. We need a TraversableTransaction for this
+        return ByteArray(0)
+    }
+
+    private fun serializePrivacySalt(tx: LedgerTransaction): ByteArray {
+        // return tx.privacySalt.bytes
+        return ByteArray(0)
+    }
+
+    private fun serializeReferenceStates(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeSignatures(signatures: List<ByteArray>): ByteArray {
+        // return signatures.reduce { acc, sig -> acc + sig // 64 bytes per sig } }
+        return ByteArray(0)
+    }
+
+    private fun serializeCommandData(tx: LedgerTransaction): ByteArray {
+        // As an example if not using Corda serialization: how to extract meaningful data from a Corda data structure:
+        // val commandSigners = tx.commands.flatMap { command -> command.signers }
+        // commandSigners.forEach { pubkey ->
+        //     pubkey as EdDSAPublicKey
+        //     witness += pubkey.abyte // 32 bytes
+        // }
+        return ByteArray(0)
+    }
+
+    private fun serializeOutputs(tx: LedgerTransaction): ByteArray {
+        return ByteArray(0)
+    }
+
+    private fun serializeInputs(tx: LedgerTransaction): ByteArray {
+        // return ByteArray(0)
+        // For testing, only serialize one input and nothing else for the entire tx. Lets see if we can deserialize that in Zinc
+        return tx.inputStates[0].serialize().bytes
+    }
+
+    /**
+     * This seems overkill now, but later we will add more things to the instance
+     */
+    override fun serializeInstance(zkTransactionId: SecureHash): ByteArray {
+        return zkTransactionId.bytes // These are the raw bytes of the the transaction id hash (merkle root)
+    }
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/serializer/ZKInputSerializer.kt b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/ZKInputSerializer.kt
new file mode 100644
index 000000000..5853b5ef0
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/serializer/ZKInputSerializer.kt
@@ -0,0 +1,11 @@
+package com.ing.zknotary.common.serializer
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.transactions.LedgerTransaction
+
+interface ZKInputSerializer {
+    fun serializeWitness(tx: LedgerTransaction, signatures: List<ByteArray>): ByteArray
+
+    fun serializeInstance(zkTransactionId: SecureHash): ByteArray
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/transactions/NamedByAdditionalMerkleTree.kt b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/NamedByAdditionalMerkleTree.kt
new file mode 100644
index 000000000..cb3ffc1a2
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/NamedByAdditionalMerkleTree.kt
@@ -0,0 +1,18 @@
+package com.ing.zknotary.common.transactions
+
+import net.corda.core.KeepForDJVM
+
+/**
+ * Implemented by all transactions. This merkle root is an additional identifier to [NamedByHash.id].
+ *
+ */
+@KeepForDJVM
+interface NamedByAdditionalMerkleTree {
+    /**
+     * A [WireTransactionMerkleTree] that identifies this transaction.
+     *
+     * This identifier is an additional merkle root of this transaction.
+     * This enables flexibility in using additional, potentially less trusted algorithms for calculating this root.
+     */
+    val additionalMerkleTree: ZKWireTransactionMerkleTree
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKFilteredTransaction.kt b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKFilteredTransaction.kt
new file mode 100644
index 000000000..9ce7635ee
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKFilteredTransaction.kt
@@ -0,0 +1,30 @@
+package com.ing.zknotary.common.transactions
+
+import com.ing.zknotary.common.serializer.VictorsZKInputSerializer
+import com.ing.zknotary.common.zkp.Proof
+import com.ing.zknotary.common.zkp.ZincVerifierNative
+import net.corda.core.KeepForDJVM
+import net.corda.core.contracts.ComponentGroupEnum
+import net.corda.core.crypto.SecureHash
+import net.corda.core.serialization.CordaSerializable
+import net.corda.core.transactions.FilteredTransaction
+import net.corda.core.transactions.TraversableTransaction
+
+@KeepForDJVM
+@CordaSerializable
+class ZKFilteredTransaction(val proof: Proof, private val ftx: FilteredTransaction) :
+    TraversableTransaction(ftx.filteredComponentGroups) {
+    override val id: SecureHash = ftx.id
+
+    fun verify() {
+        // Check that the merkle tree of the ftx is correct
+        ftx.verify()
+
+        // If the merkle tree is correct, confirm that the required components are visible
+        ftx.checkAllComponentsVisible(ComponentGroupEnum.INPUTS_GROUP)
+        ftx.checkAllComponentsVisible(ComponentGroupEnum.TIMEWINDOW_GROUP)
+        ftx.checkAllComponentsVisible(ComponentGroupEnum.REFERENCES_GROUP)
+        ftx.checkAllComponentsVisible(ComponentGroupEnum.PARAMETERS_GROUP)
+
+    }
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransaction.kt b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransaction.kt
new file mode 100644
index 000000000..2537b6392
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransaction.kt
@@ -0,0 +1,17 @@
+package com.ing.zknotary.common.transactions
+
+import net.corda.core.crypto.Algorithm
+import net.corda.core.crypto.DefaultDigestServiceFactory
+import net.corda.core.transactions.WireTransaction
+
+class ZKWireTransaction(val wtx: WireTransaction) :
+    NamedByAdditionalMerkleTree {
+    /** This additional merkle root is represented by the root hash of a Merkle tree over the transaction components. */
+    override val additionalMerkleTree: ZKWireTransactionMerkleTree by lazy {
+        ZKWireTransactionMerkleTree(
+            this,
+            componentGroupLeafDigestService = DefaultDigestServiceFactory.getService(Algorithm.BLAKE2s256()),
+            nodeDigestService = DefaultDigestServiceFactory.getService(Algorithm.BLAKE2s256())
+        )
+    }
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransactionMerkleTree.kt b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransactionMerkleTree.kt
new file mode 100644
index 000000000..2f2d77e2e
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/transactions/ZKWireTransactionMerkleTree.kt
@@ -0,0 +1,114 @@
+package com.ing.zknotary.common.transactions
+
+import net.corda.core.contracts.ComponentGroupEnum
+import net.corda.core.contracts.PrivacySalt
+import net.corda.core.crypto.DigestService
+import net.corda.core.crypto.MerkleTree
+import net.corda.core.crypto.SecureHash
+import net.corda.core.transactions.ComponentGroup
+import net.corda.core.utilities.OpaqueBytes
+import java.nio.ByteBuffer
+
+interface TransactionMerkleTree {
+    val root: SecureHash
+
+    /**
+     * The full Merkle tree for a transaction.
+     * Each transaction component group has its own sub Merkle tree.
+     * All of the roots of these trees are used as leaves in the top level Merkle tree.
+     *
+     * Note that ordering of elements inside a [ComponentGroup] matters when computing the Merkle root.
+     * On the other hand, insertion group ordering does not affect the top level Merkle tree construction, as it is
+     * actually an ordered Merkle tree, where its leaves are ordered based on the group ordinal in [ComponentGroupEnum].
+     * If any of the groups is an empty list or a null object, then [SecureHash.allOnesHash] is used as its hash.
+     * Also, [privacySalt] is not a Merkle tree leaf, because it is already "inherently" included via the component nonces.
+     *
+     * It is possible to have the leafs of ComponentGroups use a different hash function than the nodes of the merkle trees.
+     * This allows optimisation in choosing a leaf hash function that is better suited to arbitrary length inputs and a node function
+     * that is suited to fixed length inputs.
+     */
+    val tree: MerkleTree
+}
+
+class ZKWireTransactionMerkleTree(
+    zkwtx: ZKWireTransaction,
+    val componentGroupLeafDigestService: DigestService,
+    val nodeDigestService: DigestService
+) : TransactionMerkleTree {
+    private val componentGroups: List<ComponentGroup> = zkwtx.wtx.componentGroups
+    private val privacySalt: PrivacySalt = zkwtx.wtx.privacySalt
+
+    constructor(wtx: ZKWireTransaction, digestService: DigestService) : this(wtx, digestService, digestService)
+
+    override val root: SecureHash get() = tree.hash
+
+    override val tree: MerkleTree by lazy { MerkleTree.getMerkleTree(groupHashes, nodeDigestService) }
+
+    /**
+     * For each component group: the root hashes of the sub Merkle tree for that component group
+     *
+     * If a group's Merkle root is allOnesHash, it is a flag that denotes this group is empty (if list) or null (if single object)
+     * in the wire transaction.
+     */
+    internal val groupHashes: List<SecureHash> by lazy {
+        val componentGroupHashes = mutableListOf<SecureHash>()
+        // Even if empty and not used, we should at least send oneHashes for each known
+        // or received but unknown (thus, bigger than known ordinal) component groups.
+        for (i in 0..componentGroups.map { it.groupIndex }.max()!!) {
+            val root = groupsMerkleRoots[i] ?: nodeDigestService.allOnesHash
+            componentGroupHashes.add(root)
+        }
+        componentGroupHashes
+    }
+
+    /**
+     * Calculate the root hashes of the component groups that are used to build the transaction's Merkle tree.
+     * Each group has its own sub Merkle tree and the hash of the root of this sub tree works as a leaf of the top
+     * level Merkle tree. The root of the latter is the transaction identifier.
+     */
+    private val groupsMerkleRoots: Map<Int, SecureHash> by lazy {
+        componentHashes.map { (groupIndex: Int, componentHashesInGroup: List<SecureHash>) ->
+            groupIndex to MerkleTree.getMerkleTree(componentHashesInGroup, nodeDigestService, componentGroupLeafDigestService).hash
+        }.toMap()
+    }
+
+    /**
+     * Nonces for every transaction component in [componentGroups], including new fields (due to backwards compatibility support) we cannot process.
+     * Nonce are computed in the following way:
+     * nonce1 = H(salt || path_for_1st_component)
+     * nonce2 = H(salt || path_for_2nd_component)
+     * etc.
+     * Thus, all of the nonces are "independent" in the sense that knowing one or some of them, you can learn nothing about the rest.
+     */
+    private val componentNonces: Map<Int, List<SecureHash>> by lazy {
+        componentGroups.map { group ->
+            group.groupIndex to group.components.mapIndexed { componentIndex, _ ->
+                computeNonce(privacySalt, group.groupIndex, componentIndex)
+            }
+        }.toMap()
+    }
+
+    /**
+     * The hash for every transaction component, per component group. These will be used to build the full Merkle tree.
+     */
+    private val componentHashes: Map<Int, List<SecureHash>> by lazy {
+        componentGroups.map { group ->
+            group.groupIndex to group.components.mapIndexed { componentIndex, component ->
+                computeHash(componentNonces[group.groupIndex]!![componentIndex], component)
+            }
+        }.toMap()
+    }
+
+    private fun computeHash(nonce: SecureHash, opaqueBytes: OpaqueBytes): SecureHash =
+        componentGroupLeafDigestService.hash(nonce.bytes + opaqueBytes.bytes)
+
+    /**
+     * Method to compute a nonce based on privacySalt, component group index and component internal index.
+     * @param privacySalt a [PrivacySalt].
+     * @param groupIndex the fixed index (ordinal) of this component group.
+     * @param internalIndex the internal index of this object in its corresponding components list.
+     * @return H(privacySalt || groupIndex || internalIndex))
+     */
+    private fun computeNonce(privacySalt: PrivacySalt, groupIndex: Int, internalIndex: Int) = componentGroupLeafDigestService.hash(privacySalt.bytes + ByteBuffer.allocate(8)
+            .putInt(groupIndex).putInt(internalIndex).array())
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/util/Native.kt b/notary/src/main/kotlin/com/ing/zknotary/common/util/Native.kt
new file mode 100644
index 000000000..958ac1bca
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/util/Native.kt
@@ -0,0 +1,26 @@
+package com.ing.zknotary.common.util
+
+import com.sun.jna.Memory
+import com.sun.jna.Native
+
+fun ArrayList<Int>.toNative(): Memory {
+    val arrayListAsNativeMemory = Memory(this.size.toLong() * Native.getNativeSize(Int::class.javaObjectType))
+    this.forEachIndexed { index, element ->
+        arrayListAsNativeMemory.setInt(
+            index.toLong() * Native.getNativeSize(Int::class.javaObjectType),
+            element
+        )
+    }
+    return arrayListAsNativeMemory
+}
+
+fun ByteArray.toNative(): Memory {
+    val byteArrayAsNativeMemory = Memory(this.size.toLong() * Native.getNativeSize(Byte::class.javaObjectType))
+    this.forEachIndexed { index, element ->
+        byteArrayAsNativeMemory.setByte(
+            index.toLong() * Native.getNativeSize(Byte::class.javaObjectType),
+            element
+        )
+    }
+    return byteArrayAsNativeMemory
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/NoopProverVerifier.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/NoopProverVerifier.kt
new file mode 100644
index 000000000..2441a8bff
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/NoopProverVerifier.kt
@@ -0,0 +1,14 @@
+package com.ing.zknotary.common.zkp
+
+internal class NoopProver : Prover {
+    override fun prove(witness: ByteArray, instance: ByteArray): Proof {
+        return Proof(ByteArray(0))
+    }
+}
+
+internal class NoopVerifier : Verifier {
+    override fun verify(proof: Proof, instance: ByteArray) {
+        // No exception is success
+    }
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Proof.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Proof.kt
new file mode 100644
index 000000000..b58567b1b
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Proof.kt
@@ -0,0 +1,8 @@
+package com.ing.zknotary.common.zkp
+
+import net.corda.core.KeepForDJVM
+import net.corda.core.serialization.CordaSerializable
+
+@CordaSerializable
+@KeepForDJVM
+class Proof(val bytes: ByteArray)
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Prover.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Prover.kt
new file mode 100644
index 000000000..6032344a4
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Prover.kt
@@ -0,0 +1,5 @@
+package com.ing.zknotary.common.zkp
+
+interface Prover {
+    fun prove(witness: ByteArray, instance: ByteArray): Proof
+}
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Verifier.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Verifier.kt
new file mode 100644
index 000000000..096fb72c6
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/Verifier.kt
@@ -0,0 +1,16 @@
+package com.ing.zknotary.common.zkp
+
+import net.corda.core.CordaException
+import net.corda.core.KeepForDJVM
+import net.corda.core.serialization.CordaSerializable
+
+interface Verifier {
+    @Throws(ZKProofVerificationException::class)
+    fun verify(proof: Proof, instance: ByteArray)
+}
+
+@KeepForDJVM
+@CordaSerializable
+class ZKProofVerificationException(reason: String) :
+    CordaException("Transaction cannot be verified. Reason: $reason")
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZKConfig.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZKConfig.kt
new file mode 100644
index 000000000..ff2272bc6
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZKConfig.kt
@@ -0,0 +1,12 @@
+package com.ing.zknotary.common.zkp
+
+import com.ing.zknotary.common.serializer.NoopZKInputSerializer
+import com.ing.zknotary.common.serializer.ZKInputSerializer
+
+object DefaultZKConfig : ZKConfig()
+
+open class ZKConfig(
+    val prover: Prover = NoopProver(),
+    val verifier: Verifier = NoopVerifier(),
+    val serializer: ZKInputSerializer = NoopZKInputSerializer
+)
\ No newline at end of file
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverCLI.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverCLI.kt
new file mode 100644
index 000000000..24d566724
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverCLI.kt
@@ -0,0 +1,11 @@
+package com.ing.zknotary.common.zkp
+
+class ZincProverCLI(private val proverKeyPath: String) : Prover {
+    override fun prove(witness: ByteArray, instance: ByteArray): Proof {
+        // write witness to file
+        // write instance to file
+        // call zargo prove with arguments for witness, instance and prover key location and save result as proof ByteArray
+        return Proof(ByteArray(0))
+    }
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverNative.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverNative.kt
new file mode 100644
index 000000000..4fba39738
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincProverNative.kt
@@ -0,0 +1,39 @@
+package com.ing.zknotary.common.zkp
+
+import com.ing.zknotary.common.util.toNative
+import com.sun.jna.Library
+import com.sun.jna.Native
+import com.sun.jna.Pointer
+import com.sun.jna.ptr.IntByReference
+import com.sun.jna.ptr.PointerByReference
+
+class ZincProverNative(private val proverKeyPath: String) : Prover {
+    override fun prove(witness: ByteArray, instance: ByteArray): Proof {
+        val proofRef = PointerByReference()
+        val proofSizeRef = IntByReference()
+        ZincProverLibrary.INSTANCE.prove(proverKeyPath, proofRef, proofSizeRef, witness.toNative(), witness.size, instance.toNative(), instance.size)
+
+        val proofSize = proofSizeRef.value
+        val proofBytes = proofRef.value.getByteArray(0, proofSize)
+
+        return Proof(proofBytes)
+        // return Proof(ByteArray(0))
+    }
+
+    private interface ZincProverLibrary : Library {
+        fun prove(
+            proverKeyPath: String,
+            proofRef: PointerByReference,
+            proofSizeRef: IntByReference,
+            witness: Pointer,
+            witnessSize: Int,
+            instance: Pointer,
+            instanceSize: Int
+        ): Int
+
+        companion object {
+            val INSTANCE = Native.load("zinc_prover", ZincProverLibrary::class.java) as ZincProverLibrary
+        }
+    }
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierCLI.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierCLI.kt
new file mode 100644
index 000000000..502bdb357
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierCLI.kt
@@ -0,0 +1,11 @@
+package com.ing.zknotary.common.zkp
+
+class ZincVerifierCLI(private val verifierKeyPath: String) : Verifier {
+    override fun verify(proof: Proof, instance: ByteArray) {
+        // write proof to file
+        // write instance to file
+        // call zargo verify with arguments for proof, instance and verifier key location and save result
+        // if (result != 1) throw ZKProofVerificationException("ZK Proof verification failed: reason understandably not given. ;-)")
+    }
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierNative.kt b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierNative.kt
new file mode 100644
index 000000000..d1c6839be
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/common/zkp/ZincVerifierNative.kt
@@ -0,0 +1,35 @@
+package com.ing.zknotary.common.zkp
+
+import com.ing.zknotary.common.util.toNative
+import com.sun.jna.Library
+import com.sun.jna.Native
+import com.sun.jna.Pointer
+
+class ZincVerifierNative(private val verifierKeyPath: String) :
+    Verifier {
+    override fun verify(proof: Proof, instance: ByteArray) {
+        val result = ZincVerifierLibrary.INSTANCE.verify(
+            verifierKeyPath,
+            proof.bytes.toNative(),
+            proof.bytes.size,
+            instance.toNative(),
+            instance.size
+        )
+        if (result != 1) throw ZKProofVerificationException("ZK Proof verification failed: reason understandably not given. ;-)")
+    }
+
+    interface ZincVerifierLibrary : Library {
+        fun verify(
+            verifierKeyPath: String,
+            proof: Pointer,
+            proofSize: Int,
+            instance: Pointer,
+            instanceSize: Int
+        ): Int
+
+        companion object {
+            val INSTANCE = Native.load("zinc_verifier", ZincVerifierLibrary::class.java) as ZincVerifierLibrary
+        }
+    }
+}
+
diff --git a/notary/src/main/kotlin/com/ing/zknotary/notary/ZKNotaryService.kt b/notary/src/main/kotlin/com/ing/zknotary/notary/ZKNotaryService.kt
new file mode 100644
index 000000000..b3b441685
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/notary/ZKNotaryService.kt
@@ -0,0 +1,45 @@
+package com.ing.zknotary.notary
+
+import com.ing.zknotary.notary.flows.ZKNotaryServiceFlow
+import java.security.PublicKey
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.internal.notary.SinglePartyNotaryService
+import net.corda.core.schemas.MappedSchema
+import net.corda.core.utilities.seconds
+import net.corda.node.services.api.ServiceHubInternal
+import net.corda.node.services.transactions.NodeNotarySchema
+import net.corda.node.services.transactions.PersistentUniquenessProvider
+
+class ZKNotaryService(override val services: ServiceHubInternal, override val notaryIdentityKey: PublicKey) :
+    SinglePartyNotaryService() {
+    override val uniquenessProvider =
+        PersistentUniquenessProvider(services.clock, services.database, services.cacheFactory, ::signTransaction)
+
+    init {
+        if (services.networkParameters.minimumPlatformVersion < 5) {
+            throw IllegalStateException("The ZKNotaryService is compatible with Corda version 5 or greater")
+        }
+    }
+
+    override fun createServiceFlow(otherPartySession: FlowSession): FlowLogic<Void?> = ZKNotaryServiceFlow(
+        otherPartySession,
+        this,
+        5.seconds // in the real world, this should come from configuration
+    )
+
+    override fun start() {}
+    override fun stop() {}
+}
+
+object PersistentUniquenessProviderSchema : MappedSchema(
+    schemaFamily = NodeNotarySchema.javaClass, version = 1,
+    mappedTypes = listOf(
+        PersistentUniquenessProvider.BaseComittedState::class.java,
+        PersistentUniquenessProvider.Request::class.java,
+        PersistentUniquenessProvider.CommittedState::class.java,
+        PersistentUniquenessProvider.CommittedTransaction::class.java
+    )
+) {
+    override val migrationResource = "node-notary.changelog-master"
+}
diff --git a/notary/src/main/kotlin/com/ing/zknotary/notary/flows/ZKNotaryServiceFlow.kt b/notary/src/main/kotlin/com/ing/zknotary/notary/flows/ZKNotaryServiceFlow.kt
new file mode 100644
index 000000000..b815ef003
--- /dev/null
+++ b/notary/src/main/kotlin/com/ing/zknotary/notary/flows/ZKNotaryServiceFlow.kt
@@ -0,0 +1,112 @@
+package com.ing.zknotary.notary.flows
+
+import com.ing.zknotary.common.transactions.ZKFilteredTransaction
+import com.ing.zknotary.common.zkp.DefaultZKConfig
+import com.ing.zknotary.common.zkp.ZKConfig
+import net.corda.core.KeepForDJVM
+import net.corda.core.crypto.SecureHash
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.NotarisationPayload
+import net.corda.core.flows.NotaryError
+import net.corda.core.identity.Party
+import net.corda.core.internal.notary.NotaryInternalException
+import net.corda.core.internal.notary.NotaryServiceFlow
+import net.corda.core.internal.notary.SinglePartyNotaryService
+import net.corda.core.node.NetworkParameters
+import net.corda.core.serialization.CordaSerializable
+import net.corda.core.transactions.ContractUpgradeFilteredTransaction
+import net.corda.core.transactions.NotaryChangeWireTransaction
+import java.time.Duration
+
+// TODO: find out how to inject the ZKConfig
+class ZKNotaryServiceFlow(
+    otherSideSession: FlowSession,
+    service: SinglePartyNotaryService,
+    etaThreshold: Duration,
+    private val zkConfig: ZKConfig = DefaultZKConfig
+) :
+    NotaryServiceFlow(otherSideSession, service, etaThreshold) {
+    init {
+        if (service.services.networkParameters.minimumPlatformVersion < 5) {
+            throw IllegalStateException("The ZKNotaryService is compatible with Corda version 5 or greater")
+        }
+    }
+
+    override fun extractParts(requestPayload: NotarisationPayload): TransactionParts {
+        val tx = requestPayload.coreTransaction
+        return when (tx) {
+            is ZKFilteredTransaction -> TransactionParts(
+                tx.id,
+                tx.inputs,
+                tx.timeWindow,
+                tx.notary,
+                tx.references,
+                networkParametersHash = tx.networkParametersHash
+            )
+            is ContractUpgradeFilteredTransaction,
+            is NotaryChangeWireTransaction -> TransactionParts(
+                tx.id,
+                tx.inputs,
+                null,
+                tx.notary,
+                networkParametersHash = tx.networkParametersHash
+            )
+            else -> throw UnexpectedTransactionTypeException(tx)
+        }
+    }
+
+    override fun verifyTransaction(requestPayload: NotarisationPayload) {
+        val tx = requestPayload.coreTransaction
+        try {
+            when (tx) {
+                is ZKFilteredTransaction -> {
+                    tx.verify()
+                    // TODO: the instance should be the additional Merkle root
+                    val instance = zkConfig.serializer.serializeInstance(tx.id)
+                    zkConfig.verifier.verify(tx.proof, instance)
+
+                    val notary = tx.notary
+                        ?: throw IllegalArgumentException("Transaction does not specify a notary.")
+                    checkNotaryWhitelisted(notary, tx.networkParametersHash)
+                }
+                is ContractUpgradeFilteredTransaction -> {
+                    checkNotaryWhitelisted(tx.notary, tx.networkParametersHash)
+                }
+                is NotaryChangeWireTransaction -> {
+                    checkNotaryWhitelisted(tx.newNotary, tx.networkParametersHash)
+                }
+                else -> throw UnexpectedTransactionTypeException(tx)
+            }
+        } catch (e: Exception) {
+            throw NotaryInternalException(NotaryError.TransactionInvalid(e))
+        }
+    }
+
+    /** Make sure the transaction notary is part of the network parameter whitelist. */
+    private fun checkNotaryWhitelisted(notary: Party, attachedParameterHash: SecureHash?) {
+        // Expecting network parameters to be attached for platform version 4 or later.
+        if (attachedParameterHash == null) {
+            throw IllegalArgumentException("Transaction must contain network parameters.")
+        }
+        val attachedParameters = serviceHub.networkParametersService.lookup(attachedParameterHash)
+            ?: throw IllegalStateException("Unable to resolve network parameters from hash: $attachedParameterHash")
+
+        checkInWhitelist(attachedParameters, notary)
+    }
+
+    private fun checkInWhitelist(networkParameters: NetworkParameters, notary: Party) {
+        val notaryWhitelist = networkParameters.notaries.map { it.identity }
+
+        check(notary in notaryWhitelist) {
+            "Notary specified by the transaction ($notary) is not on the network parameter whitelist: ${notaryWhitelist.joinToString()}"
+        }
+    }
+
+    @KeepForDJVM
+    @CordaSerializable
+    class UnexpectedTransactionTypeException(tx: Any) : IllegalArgumentException(
+        "Received unexpected transaction type: " +
+            "${tx::class.java.simpleName}, expected ${ZKFilteredTransaction::class.java.simpleName}, " +
+            "${ContractUpgradeFilteredTransaction::class.java.simpleName} or ${NotaryChangeWireTransaction::class.java.simpleName}"
+    )
+}
diff --git a/notary/src/test/kotlin/com/ing/zknotary/flows/DenialOfStateFlowTest.kt b/notary/src/test/kotlin/com/ing/zknotary/flows/DenialOfStateFlowTest.kt
new file mode 100644
index 000000000..f63f35923
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/flows/DenialOfStateFlowTest.kt
@@ -0,0 +1,290 @@
+package com.ing.zknotary.flows
+
+import com.ing.zknotary.common.contracts.TestContract
+import com.ing.zknotary.common.contracts.TestContract.Companion.PROGRAM_ID
+import net.corda.core.contracts.Command
+import net.corda.core.contracts.PrivacySalt
+import net.corda.core.contracts.StateAndRef
+import net.corda.core.contracts.StateRef
+import net.corda.core.contracts.TransactionVerificationException
+import net.corda.core.crypto.Crypto
+import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.SignableData
+import net.corda.core.crypto.SignatureMetadata
+import net.corda.core.flows.FinalityFlow
+import net.corda.core.flows.NotaryError
+import net.corda.core.flows.NotaryException
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.identity.Party
+import net.corda.core.internal.createComponentGroups
+import net.corda.core.serialization.SerializationFactory
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.transactions.TransactionBuilder
+import net.corda.core.transactions.WireTransaction
+import net.corda.core.utilities.getOrThrow
+import net.corda.testing.common.internal.testNetworkParameters
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.CHARLIE_NAME
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkNotarySpec
+import net.corda.testing.node.MockNetworkParameters
+import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.findCordapp
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.After
+import org.junit.Before
+import org.junit.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
+import kotlin.test.assertTrue
+
+class DenialOfStateFlowTest {
+    private lateinit var mockNet: MockNetwork
+    private lateinit var notaryNode: StartedMockNode
+    private lateinit var notary: Party
+    private lateinit var aliceNode: StartedMockNode
+    private lateinit var alice: Party
+    private lateinit var bobNode: StartedMockNode
+    private lateinit var bob: Party
+    private lateinit var charlieNode: StartedMockNode
+    private lateinit var charlie: Party
+
+    @Before
+    fun setup() {
+        mockNet = MockNetwork(
+            MockNetworkParameters(
+                cordappsForAllNodes = listOf(
+                    findCordapp("com.ing.zknotary.notary"),
+                    findCordapp("com.ing.zknotary.common.contracts")
+                ),
+                notarySpecs = listOf(
+                    MockNetworkNotarySpec(
+                        name = CordaX500Name("Custom Notary", "Amsterdam", "NL"),
+                        validating = false
+                    )
+                ),
+                networkParameters = testNetworkParameters(minimumPlatformVersion = 5)
+            )
+        )
+        aliceNode = mockNet.createPartyNode(ALICE_NAME)
+        alice = aliceNode.info.singleIdentity()
+        bobNode = mockNet.createPartyNode(BOB_NAME)
+        bob = bobNode.info.singleIdentity()
+        charlieNode = mockNet.createPartyNode(CHARLIE_NAME)
+        charlie = charlieNode.info.singleIdentity()
+        notaryNode = mockNet.defaultNotaryNode
+        notary = mockNet.defaultNotaryIdentity
+
+        bobNode.registerInitiatedFlow(MoveReplyFlow::class.java)
+        charlieNode.registerInitiatedFlow(MoveReplyFlow::class.java)
+    }
+
+    @After
+    fun tearDown() {
+        mockNet.stopNodes()
+    }
+
+    @Test
+        /*
+         * In this version of the attack, Alice was no partiipant in any earlier tx.
+         * Therefore she has no knowledge of the contents of any of these transactions or states.
+         * Alice wants to maliciously prevent Bob from using his assets on the ledger.
+         * Alice manages to discover the identifier of one of Bob's UTXO's.
+         * Alice handcrafts a tx that consumes the UTXO.
+         * This tx will of course not be signed by Bob, who is not aware of the attack.
+         * Alice request notarisation for this malicious tx from a non-validating notary.
+         * The notary signs the tx, because it does not check contract and sigs and it is not a double spend.
+         * Bob is now blocked from using the state. When he tries to do that, the notary will reject the tx
+         * as a double spend.
+         */
+    fun `only knowing state id is enough for denial of state attack`() {
+        // Bob has a state
+        val bobsState = runCreateTx(bobNode, bob).coreTransaction.outRef<TestContract.TestState>(0)
+
+        // Alice finds out the id of Bob's state.
+        val bobsStateRef = bobsState.ref
+
+        // Alice executes a malicious tx to consume Bob's state, the notary signs it.
+        val aliceConsumesTransaction = runDenialOfStateConsumeTx(aliceNode, bobsStateRef)
+        val signers = aliceConsumesTransaction.sigs.map { it.by }
+        assertTrue { notary.owningKey in signers }
+
+        // Bob tries to spend it (use it as input) and it will fail
+        // Charlie will accept this, as it is a valid tx chain from his perspective, but
+        // the notary will not sign it, as it has already seen the input in Alice's malicious tx.
+        val ex = assertFailsWith<NotaryException> {
+            runMoveTx(bobNode, bobsState, charlie)
+        }
+        assertThat(ex.error).isInstanceOf(NotaryError.Conflict::class.java)
+    }
+
+    @Test
+        /*
+         * In this version of the attack, Alice is a participant in a transaction with Bob.
+         * Therefore she has knowledge of the output state that was the result of that transaction.
+         * Alice will try to maliciously regain ownership of the state she gave to bob.
+         * Alice handcrafts a tx that assigns ownership back to her, resulting in a new output state in her name.
+         * This tx will of course not be signed by Bob, who is not aware of the attack.
+         * Alice request notarisation for this malicious tx from a non-validating notary.
+         * The notary signs the tx, because it does not check contract and sigs and it is not a double spend.
+         * Bob is now blocked from using the state. When he tries to do that, the notary will reject the tx
+         * as a double spend.
+         * Now Alice tries to sell the maliciously created output state to Charlie in a next tx.
+         * Charlie rejects this, because even though the tx creating the state was notarised, unlike the
+         * non-validating notary, Charlie **will** check the smart contract rules and sigs for all txs leading to
+         * the existence of this state. Those checks will fail, because Bobs signature is missing.
+         * End result: Bob is denied the usage of his state, and Alice will not be able to use it either.
+         */
+    fun `denial of state is successful with non-validating notary`() {
+        // Alice issues a state. This is normal and notarised
+        val aliceCreated = runCreateTx(aliceNode, alice)
+
+        // Alice: execute a valid move tx to move alice's state to Bob
+        // According to the contract
+        val aliceMovedToBob = runMoveTx(aliceNode, aliceCreated.coreTransaction.outRef(0), bob)
+        val signers = aliceMovedToBob.sigs.map { it.by }
+        assertTrue {
+            notary.owningKey in signers &&
+                bob.owningKey in signers
+        }
+
+        // Alice: determine the stateref of the output state now owned by Bob.
+        // Alice can know this in a normal situation, because she created the move tx to move her state to Bob.
+        val bobsState = aliceMovedToBob.coreTransaction.outRef<TestContract.TestState>(0)
+
+        // Alice: execute another, malicious, tx to move Bob's stateRef state back to Alice.
+        // We handcraft a tx that we send directly to the notary, that transfers the state back to Alice.
+        // Charlie will not accept this, but the state will be "spent" because the notary *will* sign it and commit the
+        // input stateRef to its list of spent states.
+        val aliceMovedToAlice = runDenialOfStateMoveTx(aliceNode, bobsState, alice)
+        val signers2 = aliceMovedToAlice.sigs.map { it.by }
+        assertTrue { notary.owningKey in signers2 }
+
+        val aliceMaliciousState = aliceMovedToAlice.coreTransaction.outRef<TestContract.TestState>(0)
+
+        // Bob tries to spend it (use it as input) and it will fail
+        // Charlie will accept this, as it is a valid tx chain from his perspective, but
+        // the notary will not sign it, as it has already seen the input in Alice's malicious tx.
+        val ex = assertFailsWith<NotaryException> {
+            runMoveTx(bobNode, bobsState, charlie)
+        }
+        assertThat(ex.error).isInstanceOf(NotaryError.Conflict::class.java)
+
+        // To show that the damage is limited to only the 'locking' of Bob's state in the notary,
+        // and to show that it does not include the ability for Alice to use the state for other purposes:
+        // Future tx counterparties of Alice will not accept the chain of txs leading to this state, because it
+        // never was a valid tx: Bob should have signed it and didn't.
+        // It is only the non-validating notary that does not check for that.
+        val charlieException = assertFailsWith<TransactionVerificationException.ContractRejection> {
+            runMoveTx(aliceNode, aliceMaliciousState, charlie)
+        }
+        assertEquals(
+            aliceMovedToAlice.id,
+            charlieException.txId,
+            "Expected Alice's malicious transaction to fail verification by Charlie"
+        )
+    }
+    private fun runDenialOfStateConsumeTx(
+        attackerNode: StartedMockNode,
+        stateRefToDeny: StateRef
+    ): SignedTransaction {
+        val attackerPubKey = attackerNode.info.singleIdentity().owningKey
+        val wireTx = SerializationFactory.defaultFactory.withCurrentContext(null) {
+            WireTransaction(
+                createComponentGroups(
+                    inputs = listOf(stateRefToDeny),
+                    outputs = emptyList(),
+                    notary = notary,
+                    attachments = listOf(SecureHash.zeroHash),
+                    commands = listOf(Command(TestContract.Move(), attackerPubKey)),
+                    networkParametersHash = attackerNode.services.networkParametersService.currentHash,
+                    timeWindow = null,
+                    references = emptyList()
+                ),
+                PrivacySalt()
+            )
+        }
+        val signatureMetadata = SignatureMetadata(
+            5,
+            Crypto.findSignatureScheme(attackerPubKey).schemeNumberID
+        )
+        val signableData = SignableData(wireTx.id, signatureMetadata)
+        val sig = attackerNode.services.keyManagementService.sign(signableData, attackerPubKey)
+        val stx = SignedTransaction(wireTx, listOf(sig))
+
+        val notaryFuture = attackerNode.startFlow(NonTxCheckingNotaryClientFlow(stx))
+        mockNet.runNetwork()
+        return stx + notaryFuture.getOrThrow()
+    }
+
+    private fun runDenialOfStateMoveTx(
+        attackerNode: StartedMockNode,
+        inputOwnedBySomeoneElse: StateAndRef<TestContract.TestState>,
+        newOwner: Party
+    ): SignedTransaction {
+        val stx =
+            attackerNode.services.signInitialTransaction(buildMoveTxForDenialOfState(inputOwnedBySomeoneElse, newOwner))
+
+        // We skip collecting signatures from the counterparty, and directly notarise, because the non-validating does not check signatures anyway.
+        // Also, the counterparty (if it is not the attacker) would reject this, because they do resolve the tx chain, verify the contract and the signatures.
+        // That would fail, because the input state for the dos-transaction tx was not owned by us and the tx was not signed by the owner (bob).
+        val notaryFuture = attackerNode.startFlow(NonTxCheckingNotaryClientFlow(stx))
+        mockNet.runNetwork()
+        val notarySignedTx = stx + notaryFuture.getOrThrow()
+
+        // Alice needs to store the malicious tx to allow counterparties to fetch later when resolving the chain.
+        // A counterparty will then reject this tx, because it was not signed by the owner of the input state.
+        // But if we don't store it, the counterparty will fail even faster when trying to fetch the tx from us.
+        attackerNode.services.recordTransactions(notarySignedTx)
+
+        return notarySignedTx
+    }
+
+    private fun buildMoveTxForDenialOfState(
+        inputOwnedBySomeoneElse: StateAndRef<TestContract.TestState>,
+        attacker: Party
+    ): TransactionBuilder {
+        return TransactionBuilder(inputOwnedBySomeoneElse.state.notary)
+            .addInputState(inputOwnedBySomeoneElse)
+            .addOutputState(inputOwnedBySomeoneElse.state.data.copy(owner = attacker), PROGRAM_ID)
+            // Even though the contract and required sigs are not verified by the non-validating notary,
+            // we set only our key as required to prevent some annoying local exceptions during tx creation that
+            // are caused by us verifying our own tx during txbuilder->signedtx transition.
+            .addCommand(TestContract.Move(), attacker.owningKey)
+    }
+
+    private fun runMoveTx(
+        node: StartedMockNode,
+        input: StateAndRef<TestContract.TestState>,
+        newOwner: Party
+    ): SignedTransaction {
+        val tx = buildMoveTx(input, newOwner)
+        val stx = node.services.signInitialTransaction(tx)
+        val moveFuture = node.startFlow(MoveFlow(stx, newOwner, FinalityFlow::class))
+        mockNet.runNetwork()
+        return moveFuture.getOrThrow()
+    }
+
+    private fun buildMoveTx(input: StateAndRef<TestContract.TestState>, newOwner: Party): TransactionBuilder {
+        return TransactionBuilder(input.state.notary)
+            .addInputState(input)
+            .addOutputState(input.state.data.copy(owner = newOwner), PROGRAM_ID)
+            .addCommand(TestContract.Move(), input.state.data.owner.owningKey, newOwner.owningKey)
+    }
+
+    private fun runCreateTx(ownerNode: StartedMockNode, owner: Party): SignedTransaction {
+        val tx = buildCreateTx(owner)
+        val stx = ownerNode.services.signInitialTransaction(tx)
+        val future = ownerNode.startFlow(FinalityFlow(stx, emptyList()))
+        mockNet.runNetwork()
+        return future.getOrThrow()
+    }
+
+    private fun buildCreateTx(owner: Party): TransactionBuilder {
+        return TransactionBuilder(notary)
+            .addOutputState(TestContract.TestState(owner), PROGRAM_ID)
+            .addCommand(TestContract.Create(), owner.owningKey)
+    }
+}
diff --git a/notary/src/test/kotlin/com/ing/zknotary/flows/Util.kt b/notary/src/test/kotlin/com/ing/zknotary/flows/Util.kt
new file mode 100644
index 000000000..293834667
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/flows/Util.kt
@@ -0,0 +1,151 @@
+package com.ing.zknotary.flows
+
+import co.paralleluniverse.fibers.Suspendable
+import com.ing.zknotary.client.flows.ZKFinalityFlow
+import com.ing.zknotary.client.flows.ZKNotaryFlow
+import com.ing.zknotary.common.zkp.DefaultZKConfig
+import com.ing.zknotary.common.zkp.ZKConfig
+import net.corda.core.contracts.ContractState
+import net.corda.core.crypto.TransactionSignature
+import net.corda.core.flows.CollectSignatureFlow
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatedBy
+import net.corda.core.flows.InitiatingFlow
+import net.corda.core.flows.NotaryException
+import net.corda.core.flows.NotaryFlow
+import net.corda.core.flows.ReceiveFinalityFlow
+import net.corda.core.flows.SignTransactionFlow
+import net.corda.core.identity.Party
+import net.corda.core.transactions.SignedTransaction
+import kotlin.reflect.KClass
+import kotlin.reflect.KVisibility
+import kotlin.reflect.jvm.javaConstructor
+
+// This custom ZK notary client flow does not check the validity the transaction here as normal in NotaryFlow.Client,
+// because that would fail: the tx is invalid on purpose, so that we can confirm that the notary rejects or doesn't reject an invalid tx.
+// Other than that, it is an unmodified copy of NotaryFlow.Client.
+class ZKNonTxCheckingNotaryClientFlow(private val stx: SignedTransaction) : ZKNotaryFlow(stx) {
+    @Suspendable
+    @Throws(NotaryException::class)
+    override fun call(): List<TransactionSignature> {
+        // We don't check the transaction here as normal in ZKNotaryFlow, because that would fail:
+        // the tx is invalid on purpose, so that we can confirm that the notary rejects or doesn't reject an invalid tx.
+        val notaryParty = stx.notary ?: throw IllegalStateException("Transaction does not specify a Notary")
+        val response = zkNotarise(notaryParty)
+        return validateResponse(response, notaryParty)
+    }
+}
+
+// This custom notary client flow does not check the validity the transaction here as normal in NotaryFlow.Client,
+// because that would fail: the tx is invalid on purpose, so that we can confirm that the notary rejects or doesn't reject an invalid tx.
+// Other than that, it is an unmodified copy of NotaryFlow.Client.
+class NonTxCheckingNotaryClientFlow(private val stx: SignedTransaction) : NotaryFlow.Client(stx) {
+    @Suspendable
+    @Throws(NotaryException::class)
+    override fun call(): List<TransactionSignature> {
+        // We don't check the transaction here as normal in NotaryFlow.Client, because that would fail:
+        // the tx is invalid on purpose, so that we can confirm that the notary rejects or doesn't reject an invalid tx.
+        val notaryParty = stx.notary ?: throw IllegalStateException("Transaction does not specify a Notary")
+        val response = notarise(notaryParty)
+        return validateResponse(response, notaryParty)
+    }
+}
+
+@InitiatingFlow
+class ZKMoveFlow(
+    private val stx: SignedTransaction,
+    private val newOwner: Party,
+    private val zkConfig: ZKConfig = DefaultZKConfig
+) : FlowLogic<SignedTransaction>() {
+
+    @Suspendable
+    override fun call(): SignedTransaction {
+        val newOwnerSession = initiateFlow(newOwner)
+        val allSignedTx =
+            stx + subFlow(CollectSignatureFlow(stx, newOwnerSession, newOwnerSession.counterparty.owningKey))
+        val flow = ZKFinalityFlow(
+            allSignedTx,
+            listOf(newOwnerSession),
+            zkConfig = zkConfig
+        )
+        return subFlow(flow)
+    }
+}
+
+@InitiatingFlow
+class MoveFlow<T : FlowLogic<SignedTransaction>>(
+    private val stx: SignedTransaction,
+    private val newOwner: Party,
+    finalityFlow: KClass<T>
+) : FlowLogic<SignedTransaction>() {
+
+    private val finalityFlowConstructor = finalityFlow.constructors.single {
+        it.visibility == KVisibility.PUBLIC &&
+            it.parameters.size == 3 &&
+            it.parameters[0].type.classifier == SignedTransaction::class &&
+            it.parameters[1].type.classifier == FlowSession::class &&
+            it.parameters[2].type.classifier == Array<out FlowSession>::class
+    }.javaConstructor!!
+
+    @Suspendable
+    override fun call(): SignedTransaction {
+        val newOwnerSession = initiateFlow(newOwner)
+        val allSignedTx =
+            stx + subFlow(CollectSignatureFlow(stx, newOwnerSession, newOwnerSession.counterparty.owningKey))
+        val flow = finalityFlowConstructor.newInstance(
+            allSignedTx,
+            newOwnerSession,
+            emptyList<FlowSession>().toTypedArray()
+        )
+        return subFlow(flow)
+    }
+}
+
+@InitiatedBy(ZKMoveFlow::class)
+class ZKMoveReplyFlow(val otherSideSession: FlowSession) : FlowLogic<SignedTransaction>() {
+    @Suspendable
+    override fun call(): SignedTransaction {
+        val signTransactionFlow = object : SignTransactionFlow(otherSideSession) {
+            override fun checkTransaction(stx: SignedTransaction) {
+                // Verify that we know who all the participants in the transaction are
+                val states: Iterable<ContractState> =
+                    serviceHub.loadStates(stx.tx.inputs.toSet()).map { it.state.data } + stx.tx.outputs.map { it.data }
+                states.forEach { state ->
+                    state.participants.forEach { anon ->
+                        require(serviceHub.identityService.wellKnownPartyFromAnonymous(anon) != null) {
+                            "Transaction state $state involves unknown participant $anon"
+                        }
+                    }
+                }
+            }
+        }
+
+        val txId = subFlow(signTransactionFlow).id
+        return subFlow(ReceiveFinalityFlow(otherSideSession, expectedTxId = txId))
+    }
+}
+
+@InitiatedBy(MoveFlow::class)
+class MoveReplyFlow(val otherSideSession: FlowSession) : FlowLogic<SignedTransaction>() {
+    @Suspendable
+    override fun call(): SignedTransaction {
+        val signTransactionFlow = object : SignTransactionFlow(otherSideSession) {
+            override fun checkTransaction(stx: SignedTransaction) {
+                // Verify that we know who all the participants in the transaction are
+                val states: Iterable<ContractState> =
+                    serviceHub.loadStates(stx.tx.inputs.toSet()).map { it.state.data } + stx.tx.outputs.map { it.data }
+                states.forEach { state ->
+                    state.participants.forEach { anon ->
+                        require(serviceHub.identityService.wellKnownPartyFromAnonymous(anon) != null) {
+                            "Transaction state $state involves unknown participant $anon"
+                        }
+                    }
+                }
+            }
+        }
+
+        val txId = subFlow(signTransactionFlow).id
+        return subFlow(ReceiveFinalityFlow(otherSideSession, expectedTxId = txId))
+    }
+}
diff --git a/notary/src/test/kotlin/com/ing/zknotary/flows/ZKNotaryFlowTest.kt b/notary/src/test/kotlin/com/ing/zknotary/flows/ZKNotaryFlowTest.kt
new file mode 100644
index 000000000..c3337aa35
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/flows/ZKNotaryFlowTest.kt
@@ -0,0 +1,174 @@
+package com.ing.zknotary.flows
+
+import com.ing.zknotary.client.flows.ZKFinalityFlow
+import com.ing.zknotary.common.contracts.TestContract
+import com.ing.zknotary.common.contracts.TestContract.Companion.PROGRAM_ID
+import net.corda.core.contracts.StateAndRef
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.identity.Party
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.transactions.TransactionBuilder
+import net.corda.core.utilities.getOrThrow
+import net.corda.testing.common.internal.testNetworkParameters
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkNotarySpec
+import net.corda.testing.node.MockNetworkParameters
+import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.findCordapp
+import org.junit.After
+import org.junit.Before
+import org.junit.Ignore
+import org.junit.Test
+import java.time.Duration
+import java.time.Instant
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+
+class ZKNotaryFlowTest {
+    private lateinit var mockNet: MockNetwork
+    private lateinit var notaryNode: StartedMockNode
+    private lateinit var notary: Party
+    private lateinit var aliceNode: StartedMockNode
+    private lateinit var alice: Party
+    private lateinit var bobNode: StartedMockNode
+    private lateinit var bob: Party
+
+    @Before
+    fun setup() {
+        mockNet = MockNetwork(
+            MockNetworkParameters(
+                cordappsForAllNodes = listOf(
+                    findCordapp("com.ing.zknotary.notary"),
+                    findCordapp("com.ing.zknotary.common.contracts")
+                ),
+                notarySpecs = listOf(
+                    MockNetworkNotarySpec(
+                        name = CordaX500Name("Custom Notary", "Amsterdam", "NL"),
+                        className = "com.ing.zknotary.notary.ZKNotaryService",
+                        validating = false
+                    )
+                ),
+                networkParameters = testNetworkParameters(minimumPlatformVersion = 5)
+            )
+        )
+        aliceNode = mockNet.createPartyNode(ALICE_NAME)
+        bobNode = mockNet.createPartyNode(BOB_NAME)
+        notaryNode = mockNet.defaultNotaryNode
+        notary = mockNet.defaultNotaryIdentity
+        alice = aliceNode.info.singleIdentity()
+        bob = bobNode.info.singleIdentity()
+
+        bobNode.registerInitiatedFlow(MoveReplyFlow::class.java)
+        bobNode.registerInitiatedFlow(ZKMoveReplyFlow::class.java)
+    }
+
+    @After
+    fun tearDown() {
+        mockNet.stopNodes()
+    }
+
+    @Test
+    fun `valid zk create tx is notarised and persisted by creator`() {
+        val stx = runCreateTx(aliceNode, alice)
+        assertTrue("custom notary should sign a valid tx") {
+            stx.sigs.any { it.by == notary.owningKey }
+        }
+        aliceNode.transaction {
+            assertEquals(stx, aliceNode.services.validatedTransactions.getTransaction(stx.id))
+        }
+    }
+
+    @Test
+    fun `valid zk move tx is notarised and persisted by all participants`() {
+        val createdStateAndRef = runCreateTx(aliceNode, alice).coreTransaction.outRef<TestContract.TestState>(0)
+
+        val stx = runMoveTx(aliceNode, buildValidMoveTx(createdStateAndRef, bob), bob)
+
+        val signers = stx.sigs.map { it.by }
+        assertTrue {
+            notary.owningKey in signers &&
+                bob.owningKey in signers
+        }
+
+        aliceNode.transaction {
+            assertEquals(stx, aliceNode.services.validatedTransactions.getTransaction(stx.id))
+        }
+        bobNode.transaction {
+            assertEquals(stx, bobNode.services.validatedTransactions.getTransaction(stx.id))
+        }
+    }
+
+    @Test
+    @Ignore("This tx is now successful because the non-validating notary does not validate the tx. This should fail when it verifies the ZK proof.")
+    fun `invalid zk move tx (contract violation) is rejected by the notary`() {
+        val createdStateAndRef = runCreateTx(aliceNode, alice).coreTransaction.outRef<TestContract.TestState>(0)
+        val stx = aliceNode.services.signInitialTransaction(buildContractViolatingMoveTx(createdStateAndRef, bob))
+
+        val notaryFuture = aliceNode.startFlow(ZKNonTxCheckingNotaryClientFlow(stx))
+        mockNet.runNetwork()
+        val notarySignedTx = notaryFuture.getOrThrow()
+        val signers = notarySignedTx.map { it.by }
+        assertTrue {
+            notary.owningKey in signers
+        }
+    }
+
+    private fun runMoveTx(
+        node: StartedMockNode,
+        tx: TransactionBuilder,
+        newOwner: Party
+    ): SignedTransaction {
+        val stx = node.services.signInitialTransaction(tx)
+        val moveFuture = node.startFlow(ZKMoveFlow(stx, newOwner))
+        mockNet.runNetwork()
+        return moveFuture.getOrThrow()
+    }
+
+    /**
+     * This tx violates the contract rule that the value of the input and output must be identical.
+     */
+    private fun buildContractViolatingMoveTx(
+        input: StateAndRef<TestContract.TestState>,
+        newOwner: Party
+    ): TransactionBuilder {
+        val oldValue = input.state.data.value
+        val newValue = if (oldValue == Int.MAX_VALUE) oldValue - 1 else oldValue + 1
+        return TransactionBuilder(input.state.notary)
+            .addInputState(input)
+            .addOutputState(input.state.data.copy(owner = newOwner, value = newValue), PROGRAM_ID)
+            .addCommand(TestContract.Move(), input.state.data.owner.owningKey, newOwner.owningKey)
+    }
+
+    private fun buildValidMoveTx(
+        input: StateAndRef<TestContract.TestState>,
+        newOwner: Party
+    ): TransactionBuilder {
+        return TransactionBuilder(input.state.notary)
+            .addInputState(input)
+            .addOutputState(input.state.data.copy(owner = newOwner), PROGRAM_ID)
+            .addCommand(TestContract.Move(), input.state.data.owner.owningKey, newOwner.owningKey)
+    }
+
+    private fun runCreateTx(ownerNode: StartedMockNode, owner: Party): SignedTransaction {
+        val tx = buildCreateTx(owner)
+        val stx = ownerNode.services.signInitialTransaction(tx)
+        val future = ownerNode.startFlow(
+            ZKFinalityFlow(
+                stx,
+                emptyList()
+            )
+        )
+        mockNet.runNetwork()
+        return future.getOrThrow()
+    }
+
+    private fun buildCreateTx(owner: Party): TransactionBuilder {
+        return TransactionBuilder(notary)
+            .addOutputState(TestContract.TestState(owner), PROGRAM_ID)
+            .addCommand(TestContract.Create(), owner.owningKey)
+            .setTimeWindow(Instant.now(), Duration.ofSeconds(30))
+    }
+}
diff --git a/notary/src/test/kotlin/com/ing/zknotary/notary/NotaryClientFlowRegistrationTest.kt b/notary/src/test/kotlin/com/ing/zknotary/notary/NotaryClientFlowRegistrationTest.kt
new file mode 100644
index 000000000..2884b27e4
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/notary/NotaryClientFlowRegistrationTest.kt
@@ -0,0 +1,132 @@
+package com.ing.zknotary.notary
+
+import co.paralleluniverse.fibers.Suspendable
+import java.security.PublicKey
+import java.util.Random
+import kotlin.test.assertFailsWith
+import kotlin.test.assertTrue
+import net.corda.core.crypto.Crypto
+import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.SignableData
+import net.corda.core.crypto.SignatureMetadata
+import net.corda.core.crypto.TransactionSignature
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.NotarisationResponse
+import net.corda.core.flows.NotaryError
+import net.corda.core.flows.NotaryException
+import net.corda.core.flows.NotaryFlow
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.identity.Party
+import net.corda.core.internal.notary.NotaryService
+import net.corda.core.transactions.SignedTransaction
+import net.corda.core.utilities.getOrThrow
+import net.corda.core.utilities.unwrap
+import net.corda.node.services.api.ServiceHubInternal
+import net.corda.testing.contracts.DummyContract
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkNotarySpec
+import net.corda.testing.node.MockNetworkParameters
+import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.DUMMY_CONTRACTS_CORDAPP
+import net.corda.testing.node.internal.enclosedCordapp
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.After
+import org.junit.Before
+import org.junit.Test
+
+class NotaryClientFlowRegistrationTest {
+    private lateinit var mockNet: MockNetwork
+    private lateinit var notaryNode: StartedMockNode
+    private lateinit var aliceNode: StartedMockNode
+    private lateinit var notary: Party
+    private lateinit var alice: Party
+
+    @Before
+    fun setup() {
+        mockNet = MockNetwork(
+            MockNetworkParameters(
+                cordappsForAllNodes = listOf(DUMMY_CONTRACTS_CORDAPP, enclosedCordapp()),
+                notarySpecs = listOf(
+                    MockNetworkNotarySpec(
+                        name = CordaX500Name("Custom Notary", "Amsterdam", "NL"),
+                        className = "com.ing.zknotary.notary.NotaryClientFlowRegistrationTest\$CustomClientFlowNotaryService",
+                        validating = false
+                    )
+                )
+            )
+        )
+        aliceNode = mockNet.createPartyNode(ALICE_NAME)
+        notaryNode = mockNet.defaultNotaryNode
+        notary = mockNet.defaultNotaryIdentity
+        alice = aliceNode.info.singleIdentity()
+    }
+
+    @After
+    fun tearDown() {
+        mockNet.stopNodes()
+    }
+
+    @Test
+    fun `custom notary client flow with valid payload is successful`() {
+        val tx = DummyContract.generateInitial(Random().nextInt(), notary, alice.ref(0))
+        val stx = aliceNode.services.signInitialTransaction(tx)
+        val future = aliceNode.startFlow(CustomClientFlow("VALID", stx, notary))
+        mockNet.runNetwork()
+        val sigs = future.getOrThrow()
+        assertTrue("custom notary should sign a valid tx from a custom flow") { sigs.any { it.by == notary.owningKey } }
+    }
+
+    @Test
+    fun `custom notary client flow with invalid payload fails`() {
+        val tx = DummyContract.generateInitial(Random().nextInt(), notary, alice.ref(0))
+        val stx = aliceNode.services.signInitialTransaction(tx)
+        val future = aliceNode.startFlow(CustomClientFlow("NOT VALID", stx, notary))
+        mockNet.runNetwork()
+        val ex = assertFailsWith<NotaryException> { future.getOrThrow() }
+        val notaryError = ex.error as NotaryError.TransactionInvalid
+        assertThat(notaryError.cause).hasMessageContaining("Payload should be 'VALID'")
+    }
+
+    class CustomClientFlowNotaryService(
+        override val services: ServiceHubInternal,
+        override val notaryIdentityKey: PublicKey
+    ) : NotaryService() {
+        override fun createServiceFlow(otherPartySession: FlowSession): FlowLogic<Void?> =
+            object : FlowLogic<Void?>() {
+                @Suspendable
+                override fun call(): Void? {
+                    otherPartySession.receive<String>().unwrap {
+                        if (it != "VALID") {
+                            throw NotaryException(NotaryError.TransactionInvalid(Exception("Payload should be 'VALID'")))
+                        }
+                    }
+
+                    val signableData = SignableData(
+                        SecureHash.zeroHash,
+                        SignatureMetadata(
+                            services.myInfo.platformVersion,
+                            Crypto.findSignatureScheme(notaryIdentityKey).schemeNumberID
+                        )
+                    )
+                    val signature = services.keyManagementService.sign(signableData, notaryIdentityKey)
+                    otherPartySession.send(NotarisationResponse(listOf(signature)))
+                    return null
+                }
+            }
+
+        override fun start() {}
+        override fun stop() {}
+    }
+
+    class CustomClientFlow(private val payload: Any, stx: SignedTransaction, private val notary: Party) : NotaryFlow.Client(stx) {
+        @Suspendable
+        override fun call(): List<TransactionSignature> {
+            val session = initiateFlow(notary)
+            session.send(payload)
+            return session.receive<NotarisationResponse>().unwrap { it }.signatures
+        }
+    }
+}
diff --git a/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/NooPSerializeProveVerifyTest.kt b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/NooPSerializeProveVerifyTest.kt
new file mode 100644
index 000000000..b7b5c3354
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/NooPSerializeProveVerifyTest.kt
@@ -0,0 +1,41 @@
+package com.ing.zknotary.notary.transactions
+
+import com.ing.zknotary.common.serializer.NoopZKInputSerializer
+import com.ing.zknotary.common.zkp.NoopProver
+import com.ing.zknotary.common.zkp.NoopVerifier
+import net.corda.core.crypto.sign
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.node.MockServices
+import net.corda.testing.node.ledger
+import org.junit.Test
+
+class NooPSerializeProveVerifyTest {
+
+    private val alice = TestIdentity.fresh("alice")
+    private val bob = TestIdentity.fresh("bob")
+
+    private val services = MockServices(
+        listOf("com.ing.zknotary.common.contracts"),
+        alice
+    )
+
+    @Test
+    fun `Noop - prove and verify with valid tx is successful`() {
+        services.ledger {
+            val wtx = moveTestsState(createTestsState(owner = alice), newOwner = bob)
+            verifies()
+
+            val ltx = wtx.toLedgerTransaction(services)
+
+            val sigAlice = alice.keyPair.sign(wtx.id).bytes
+
+            val witness = NoopZKInputSerializer.serializeWitness(ltx, listOf(sigAlice))
+            val instance = NoopZKInputSerializer.serializeInstance(wtx.id)
+
+            val proof = NoopProver().prove(witness, instance)
+
+            NoopVerifier().verify(proof, instance)
+        }
+    }
+}
+
diff --git a/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/Util.kt b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/Util.kt
new file mode 100644
index 000000000..8c77f141b
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/Util.kt
@@ -0,0 +1,34 @@
+package com.ing.zknotary.notary.transactions
+
+import com.ing.zknotary.common.contracts.TestContract
+import net.corda.core.contracts.StateAndRef
+import net.corda.core.transactions.WireTransaction
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.dsl.LedgerDSL
+import net.corda.testing.dsl.TestLedgerDSLInterpreter
+import net.corda.testing.dsl.TestTransactionDSLInterpreter
+
+fun LedgerDSL<TestTransactionDSLInterpreter, TestLedgerDSLInterpreter>.createTestsState(owner: TestIdentity): StateAndRef<TestContract.TestState> {
+    val createdState = TestContract.TestState(owner.party)
+    val wtx = unverifiedTransaction {
+        command(listOf(owner.publicKey), TestContract.Create())
+        output(TestContract.PROGRAM_ID, "Alice's asset", createdState)
+    }
+
+    return wtx.outRef(createdState)
+}
+
+fun LedgerDSL<TestTransactionDSLInterpreter, TestLedgerDSLInterpreter>.moveTestsState(
+    input: StateAndRef<TestContract.TestState>,
+    newOwner: TestIdentity
+): WireTransaction {
+    val wtx = transaction {
+        input(input.ref)
+        output(TestContract.PROGRAM_ID, input.state.data.withNewOwner(newOwner.party).ownableState)
+        command(listOf(input.state.data.owner.owningKey), TestContract.Move())
+        verifies()
+    }
+
+    return wtx
+}
+
diff --git a/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/VictorsSerializeProveVerifyTest.kt b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/VictorsSerializeProveVerifyTest.kt
new file mode 100644
index 000000000..0fe10c337
--- /dev/null
+++ b/notary/src/test/kotlin/com/ing/zknotary/notary/transactions/VictorsSerializeProveVerifyTest.kt
@@ -0,0 +1,42 @@
+package com.ing.zknotary.notary.transactions
+
+import com.ing.zknotary.common.serializer.VictorsZKInputSerializer
+import com.ing.zknotary.common.zkp.ZincProverCLI
+import com.ing.zknotary.common.zkp.ZincVerifierCLI
+import net.corda.core.crypto.sign
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.node.MockServices
+import net.corda.testing.node.ledger
+import org.junit.Test
+
+class VictorsSerializeProveVerifyTest {
+
+    private val alice = TestIdentity.fresh("alice")
+    private val bob = TestIdentity.fresh("bob")
+
+    private val services = MockServices(
+        listOf("com.ing.zknotary.common.contracts"),
+        alice
+    )
+
+    @Test
+    fun `Victor - prove and verify with valid tx is successful`() {
+        services.ledger {
+            val wtx = moveTestsState(createTestsState(owner = alice), newOwner = bob)
+            verifies()
+
+            val ltx = wtx.toLedgerTransaction(services)
+            val sigAlice = alice.keyPair.sign(wtx.id).bytes
+
+            // Check out JsonZKInputSerializer for reference
+            val witness = VictorsZKInputSerializer.serializeWitness(ltx, listOf(sigAlice))
+            val instance = VictorsZKInputSerializer.serializeInstance(wtx.id)
+
+            val proof = ZincProverCLI("/path/to/prover/key").prove(witness, instance)
+
+            // No assertions required: this throws an exception on verification failure
+            ZincVerifierCLI("/path/to/verifier/key").verify(proof, instance)
+        }
+    }
+}
+
diff --git a/repositories.gradle b/repositories.gradle
new file mode 100644
index 000000000..de8e12412
--- /dev/null
+++ b/repositories.gradle
@@ -0,0 +1,8 @@
+repositories {
+    mavenLocal()
+    mavenCentral()
+    jcenter()
+    maven { url 'https://jitpack.io' }
+    maven { url 'https://ci-artifactory.corda.r3cev.com/artifactory/corda' }
+    maven { url 'https://repo.gradle.org/gradle/libs-releases' }
+}
\ No newline at end of file
diff --git a/settings.gradle b/settings.gradle
new file mode 100644
index 000000000..16885d9bf
--- /dev/null
+++ b/settings.gradle
@@ -0,0 +1 @@
+include 'notary'
\ No newline at end of file