[US Patent & Trademark Office, Patent Full Text and Image Database]

                   [Home] [Boolean Search] [Manual Search] [Number Search] [Help]
                  [PREV_LIST] [HIT_LIST] [NEXT_LIST] [PREV_DOC] [NEXT_DOC] [Bottom]
                             [View Shopping Cart] [Add to Shopping Cart]
                                               [Image]

                                                                                     ( 1726 of 5545 )

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

United States Patent                                                                        8,218,760
Joye                                                                                    July 10, 2012

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Method and a device for generating compressed RSA moduli

                                              Abstract

Method and device for generating factors of a RSA modulus N with a predetermined portion N.sub.h, the
RSA modulus comprising at least two factors. A first prime p is generated; a value N.sub.h that forms
a part of modulus N is obtained; a second prime q is generated in an interval dependent from p and
N.sub.h so that pq is a RSA modulus that shares N.sub.h; and information enabling the calculation of
the modulus/V is outputted.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Inventors:     Joye; Marc (Cesson-Sevigne, FR)
Assignee:      Thomson Licensing (Boulogne, Billancourt, FR)
Appl. No.:     12/449,654
Filed:         February 19, 2008
PCT Filed:     February 19, 2008
PCT No.:       PCT/EP2008/052017
371(c)(1),(2), August 19, 2009
(4) Date:
PCT Pub. No.:  WO2008/104482
PCT Pub. Date: September 04, 2008

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                  Foreign Application Priority Data
                                   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

                        Feb 27, 2007 [EP]                            07300830

Current U.S. Class:                380/30 ; 380/28; 380/44; 380/45; 380/46; 380/47; 708/250; 708/251;
                                                          708/252; 708/253; 708/254; 708/255; 708/256
Current International Class:                                                    H04L 29/06 (20060101)
Field of Search:                                                                380/44-30 708/250-256

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                  References Cited [Referenced By]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                        U.S. Patent Documents

6134325                           October 2000                      Vanstone et al.
6928163                           August 2005                       Matyas et al.
2002/0154768                      October 2002                      Lenstra
2003/0021410                      January 2003                      Miyazaki et al.
2004/0049526                      March 2004                        Joye et al.
2004/0114757                      June 2004                         Joye et al.
2004/0264702                      December 2004                     Eastlake, III

Other References

What is Lossless Compression? Publisher: wiseGeek; Date: Dec. 25, 2004. cited by examiner
.
Encryption by SearchSecurity.com; Date: Jul. 31, 2000. cited by examiner .
Short RSA Keys and Their Generation by Vanstone et al; Publisher: International
Association for Cryptologic Research; Date: Jan. 4, 1994. cited by examiner .
A.K. Lenstra: "Generating RSA moduli with a predetermined portion" Lecture Notes in
Computer Science, Springer Erlag, Berlin, DE, No. 1514, Oct. 1, 1998, pp. 1-10
XP002108059. cited by other .
Marc Joye et al: "Fast Generation of Prime Numbers on Portable Devices: An Update"
Cryptographic Hardware and Embedded Systems-CHES 2008, Lecture Notes in Computer Science ,
Springer, Berlin, DE, vol. 4249, Jan. 1, 2006, pp. 160-173, XP019046817. cited by other .
Search Report Dated Sep. 30, 2008. cited by other.


Primary Examiner: Arani; Taghi
Assistant Examiner: Herzog; Madhuri
Attorney, Agent or Firm: Carter; Jeffrey D.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                               Claims
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━


The invention claimed is:

1. A method of generating factors of a RSA modulus N with a predetermined portion N.sub.h and a
non-predetermined portion N.sub.l, the RSA modulus N comprising at least two factors, the method
being performed by a device and comprising steps of: generating a first prime p; obtaining a value
N.sub.h that forms a part of the RSA modulus N; generating a second prime q; and outputting at least
a lossless compressed representation of the RSA modulus N that enables unambiguous recovery of the
RSA modulus N; wherein the second prime q is randomly generated in a predetermined interval dependent
from p and N.sub.h so that pq is a RSA modulus that shares N.sub.h; wherein the predetermined portion
N.sub.h heads the RSA modulus N; wherein the RSA modulus N is a n-bit modulus and the predetermined
portion N.sub.h comprises k bits; wherein the first prime p is generated in an interval p.epsilon.
[2.sup.n-n.sup.0.sup.-1/2,2.sup.n-n.sup.0-1] so that gcd(p-1,e)=1, wherein e is a public exponent and
wherein 1<n.sub.0<n; wherein the second prime q is generated in an interval q .epsilon.
.times..times. ##EQU00009## so that gcd(q-1,e)=1; and wherein N=N.sub.h.parallel.N.sub.l, where
N.sub.l=(pq)mod 2.sup.n-k.

2. A method of generating factors of a RSA modulus N with a predetermined portion N.sub.h and a
non-predetermined portion N.sub.l, the RSA modulus N comprising at least two factors, the method
being performed by a device and comprising steps of: obtaining, from a random seed s.sub.0, a value
N.sub.hthat forms a part of the RSA modulus N; wherein the RSA modulus N is a n-bit modulus and the
predetermined portion N.sub.hcomprises k bits; generating a first prime p in an interval p .epsilon.
[2.sup.n-n.sup.0.sup.-1/2,2.sup.n-n.sup.0-1] so that gcd(p-1,e)=1, wherein e is a public exponent and
wherein 1<n.sub.0<n; generating a second prime q by calculating q=C+q'2.sup.k, where C=N.sub.k/p mod
2.sup.k and q' is generated in the interval .times..times. ##EQU00010## so that gcd(q-1,e)=1;
defining the non-predetermined portion N.sub.l as ##EQU00011## and outputting at least a lossless
compressed representation N of the RSA modulus N that enables unambiguous recovery of the RSA modulus
N, wherein N={N.sub.l,s.sub.0[k,n]}; wherein the second prime q is randomly generated in a
predetermined interval dependent from p and N.sub.hso that pq is a RSA modulus that shares N.sub.h;
and wherein the predetermined portion N.sub.h trails the RSA modulus N.

3. The method of claim 1, wherein N.sub.h, is obtained by encryption of at least a part of the first
prime p.

4. A device for generating factors of a RSA modulus N with a predetermined portion N.sub.h and a
non-predetermined portion N.sub.l, the RSA modulus N comprising at least two factors, the device
comprising: a hardware processor configured to: generate a first prime p; obtain a value N.sub.h that
forms a part of the RSA modulus N; and randomly generate a second prime q in a predetermined interval
dependent from p and N.sub.h so that pq is a RSA modulus that shares N.sub.h; and an interface
configured to output at least a lossless compressed representation of the RSA modulus N that enables
unambiguous recovery of the RSA modulus N; wherein the predetermined portion N.sub.h heads the RSA
modulus N; wherein the RSA modulus N is a n-bit modulus and the predetermined portion N.sub.h
comprises k bits; wherein the first prime p is generated in an interval p.epsilon.
[2.sup.n-n.sup.0.sup.-1/2, 2.sup.n-n.sup.0-1] so that gcd(p-1,e)=1, wherein e is a public exponent
and wherein 1<n.sub.0<n; wherein the second prime q is generated in an interval q .epsilon.
.times..times. ##EQU00012## so that gcd(q-1,e)=1; and wherein N=N.sub.h.parallel.N.sub.l, where
N.sub.l=(pq)mod 2.sup.n-k.

5. The device of claim 4, wherein the device is a smartcard.

6. A device for generating factors of a RSA modulus N with a predetermined portion N.sub.hand a
non-predetermined portion N.sub.l, the RSA modulus Ncomprising at least two factors, the device
comprising: a hardware processor configured to: obtain from a random seed s.sub.0, a value
N.sub.hthat forms a part of the RSA modulus N; wherein the RSA modulus N is a n-bit modulus and the
predetermined portion N.sub.h comprises k bits; generate a first prime p in an interval p .epsilon.
[2.sup.n-n.sup.0.sup.-1/2, 2.sup.n-n.sup.0-1] so that gcd(p-1,e)=1, wherein e is a public exponent
and wherein 1<n.sub.0<n; generate a second prime q by calculating q=C+q'2.sup.k, where C=N.sub.k/p
mod2.sup.k and q' is generated in the interval .times..times. ##EQU00013## so that gcd(q-1,e)=1;
define the non-predetermined portion N.sub.las N.sub.l= ##EQU00014## and an interface configured to
output at least a lossless compressed representation N of the RSA modulus N that enables unambiguous
recovery of the RSA modulus N, wherein N={N.sub.l, s.sub.0[k,n]}; wherein the second prime q is
randomly generated in a predetermined interval dependent from p and N.sub.hso that pq is a RSA
modulus that shares N.sub.h; and wherein the predetermined portion N.sub.htrails the RSA modulus N.

7. The method of claim 2, wherein N.sub.h, is obtained by encryption of at least a part of the first
prime p.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                             Description
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━


This application claims the benefit, under 35 U.S.C. .sctn.365 of International Application PCT/
EP2008/052017, filed Feb. 19, 2008, which was published in accordance with PCT Article 21(2) on Sep.
4, 2008 in English and which claims the benefit of European patent application No. 07300830.2, filed
on Feb. 27, 2007.

FIELD OF THE INVENTION

The present invention relates generally to public-key encryption algorithms, and in particular to
compressed representations of Rivest-Shamir-Adleman (RSA) moduli.

BACKGROUND OF THE INVENTION

This section is intended to introduce the reader to various aspects of art, which may be related to
various aspects of the present invention that are described and/or claimed below. This discussion is
believed to be helpful in providing the reader with background information to facilitate a better
understanding of the various aspects of the present invention. Accordingly, it should be understood
that these statements are to be read in this light, and not as admissions of prior art.

Let N=pq be the product of two large primes. We let e and d denote a pair of public and private
exponents, satisfying ed.ident.1(mod .lamda.(N)), with gcd(e, .lamda.(N))=1 and .lamda. being
Carmichael's function. As N=pq, we have .lamda.(N)=lcm(p-1, q-1). Given x<N, the public operation
(e.g., message encryption or signature verification) consists in raising x to the e-th power modulo
N, i.e., in computing y=X.sup.e mod N. Then, given y, the corresponding private operation (e.g.,
decryption of a ciphertext or signature generation) consists in computing y.sup.d mod N. From the
definition of e and d, we obviously have that y.sup.d.ident.x(mod N). The private operation can be
carried out at higher speed through Chinese remaindering (CRT mode). Computations are independently
performed modulo p and q and then recombined. In this case, private parameters are {p, q, d.sub.p,
d.sub.q, i.sub.q} with d.sub.p=d mod(p-1), d.sub.q=d mod(q-1), and i.sub.q=q.sup.-1 mod p. We then
obtain y.sup.d mod N as CRT(x.sub.p, x.sub.q)=x.sub.q+q [i.sub.q(x.sub.p-x.sub.q)mod p], where
x.sub.p=y.sup.dp mod p and x.sub.q=y.sup.dg mod q.

To sum up, a (two-factor) RSA modulus N=pq is the product of two large prime numbers p and q,
satisfying gcd(.lamda.(N), e)=1. If n denotes the bit-size of N then, for some 1<n.sub.0<n, p must
lie in the range [2.sup.n-n0-1/2, 2.sup.n-n0-1] and q in the range [2.sup.n0-1/2, 2.sup.n0-1] so that
2.sup.n-1<N=pq<2.sup.n. For security reasons, so-called balanced moduli are generally preferred,
which means n=2n.sub.0.

Typical RSA moduli range from 1024 to 4096 bits. It is now customary for applications to require
moduli of at least 2048 bits. However, the programs and/or devices running the RSA-enabled
applications may be designed to support only 1024-bit moduli. The idea is to compress the moduli so
that they can fit in shorter buffers or bandwidths: rather than storing/sending the whole RSA moduli,
a lossless compressed representation is used. This also solves compatibility problems between
different releases of programs and/or devices. Of independent interest, such techniques can be used
for improved efficiency: savings in memory and/or bandwidth.

Arjen K. Lenstra (Generating RSA moduli with a predetermined portion. Advances in
Cryptology--ASIACRYPT '98 volume 1514 of Lecture Notes in Computer Science, pages 1-10. Springer,
1998) proposes generation method, but Lenstra's method is not suited to constrained devices like
smart cards because second prime q is constructed incrementally, which may result in prohibitely too
long running times.

The present invention overcomes problems of the prior art in that it the compressed RSA moduli are
carried out through the generation of two primes in a prescribed interval. As a result, they can
benefit from efficient prime generation algorithms such as the one proposed by Marc Joye, Pascal
Paillier, and Serge Vaudenay (Efficient generation of prime numbers. Cryptographic Hardware and
Embedded Systems--CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 340-354.
Springer, 2000) and improved by Marc Joye and Pascal Paillier (Fast generation of prime numbers on
portable devices: An update. Cryptographic Hardware and Embedded Systems--CHES 2006, volume 4249 of
Lecture Notes in Computer Science, pages 160-173, Springer, 2006). In particular, they are very well
suited in situations where the goal is to generate a 2048-bit RSA modulus N (i.e., n=2048) with fixed
public exponent e=2.sup.16+1 so that (much) less than 2048 bits are needed to store N or a
representation of N.

SUMMARY OF THE INVENTION

In a first aspect, the invention is directed to a method of generating factors of a RSA modulus N
with a predetermined portion N.sub.h. The RSA modulus comprises at least two factors. First, a first
prime p is generated, obtaining a value N.sub.h that forms a part of modulus N is obtained, a second
prime q is generated, and at least a lossless compressed representation of the modulus N is output,
the lossless compressed representation enabling unambiguous recovery of the modulus N. The second
prime q is generated in an interval dependent from p and N.sub.h so that pq is a RSA modulus that
shares N.sub.h.

In a first preferred embodiment, the predetermined portion N.sub.h heads the RSA modulus. It is
advantageous that the RSA modulus is a n-bit modulus and the predetermined portion N.sub.h comprises
.kappa. bits and the first prime p is generated in the interval p.epsilon.[2.sup.n-n.sup.0.sup.-1/
2,2.sup.n-n.sup.0-1] so that gcd(p-1,e)=1; the second prime q is generated in the interval

.di-elect cons..kappa..times..kappa..times. ##EQU00001## so that such that gcd(q-1,e)=1; and N=
N.sub.h.parallel.N.sub.l, where N.sub.l=(pq)mod 2.sup.n-.kappa..

In a second preferred embodiment, the predetermined portion N.sub.h trails the RSA modulus. It is
advantageous that the first prime p is generated in the interval p.epsilon.[2.sup.n-n.sup.0.sup.-1/
2,2.sup.n-n0-1] so that gcd(p-1,e)=1; the second prime q is generated by calculating q=
C+q'2.sup..kappa., where

.times..times..times..kappa. ##EQU00002## and q' is generated in the interval

'.di-elect cons..kappa..times..kappa..times. ##EQU00003## so that gcd(q-1,e)=1,

.kappa. ##EQU00004## is defined, and N={N.sub.l, s.sub.0[.kappa.,n]} is output.

In a third preferred embodiment, N.sub.h is obtained by the encryption of at least a part of the
first prime p.

In a second aspect, the invention is directed to a device for generating factors of a RSA modulus N
with a predetermined portion N.sub.h, the RSA modulus comprising at least two factors. The device
comprises a processor for generating a first prime p; obtaining a value N.sub.h that forms a part of
modulus N; and generating a second prime q in an interval dependant from p and N.sub.h so that pq is
a RSA modulus that shares N.sub.h. The device further comprises an interface for outputting at least
a lossless compressed representation of the modulus N that enables unambiguous recovery of the
modulus N.

In a first preferred embodiment, the device is a smartcard.

"Sharing" is to be interpreted as having the same value for the part that is shared, e.g. hexadecimal
1234567890abcdef and 123456789abcdef0 share 123456789 in the leading part of the numbers.

BRIEF DESCRIPTION OF THE DRAWINGS

The various features and advantages of the present invention and its preferred embodiments will now
be described with reference to the accompanying drawings which are intended to illustrate and not to
limit the scope of the present invention and in which

FIG. 1 illustrates a device for RSA moduli generation according to a preferred embodiment of the
invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

General Idea

The general inventive idea consists in fixing a large part of an RSA modulus N (e.g., up to its top
half in the preferred embodiment) so that the primes forming N can be drawn arbitrarily from an
interval (and not tried incrementally as was suggested in previous proposals). The large part of the
RSA modulus is either evaluated from a random short seed using a (public) pseudo-random number
generator or shared amongst users.

This results in faster (and much easier to implement) compression techniques for RSA moduli.
Furthermore, the so-produced RSA moduli are indistinguishable from regular RSA moduli (i.e., there is
no difference in the output distribution). Finally, they are compatible with state-of-the-art prime
generation techniques (in which case there is no extra cost).

Preferred Embodiment

Let 1<.kappa..ltoreq.n.sub.0. An n-bit RSA modulus N, being a product of two large primes p and q,
can be generated as follows. 1. Using a pseudo-random number generator, produce a .kappa.-bit integer
N.sub.h from a random seed s.sub.0: N.sub.h=(2.sup..kappa.-1PRNG(s.sub.O)).epsilon.
[2.sup..kappa.-1,2.sup..ka- ppa.-1] Note that OR-ing with 2.sup..kappa.-1 ensures that the most
significant bit of N.sub.h is 1. The skilled person will appreciate that it is naturally also
possible to choose the value of N.sub.h. 2. Generate a random prime p.epsilon.[2.sup.n-n.sup.0.sup.-1
/2,2.sup.n-n.sup.0-1] such that gcd(p-1,e)=1. 3. Generate a random prime q:

.di-elect cons..kappa..times..kappa..times. ##EQU00005## such that gcd(q-1,e)=1. If no such prime is
found, the process is reiterated. 4. Define N.sub.l=(pq)mod 2.sup.n-.kappa. and output N={N.sub.l,
s.sub.0, [.kappa., n]}.

Given the representation N, it is now easy to publicly recover the corresponding n-bit RSA modulus N,
namely N=N.sub.h.parallel.N.sub.l where N.sub.h is the .kappa.-bit integer obtained as N.sub.h=
2.sup..kappa.-1v PRNG(s.sub.0).

It should be noted that if 2.sup.n-.kappa..ltoreq.p then the range q is chosen from may be empty.
This explains why .kappa. should be at most n.sub.0. Therefore, the previous method compresses at
best n-bit RSA moduli up to n.sub.0 bits. The worst case is for balanced RSA moduli (i.e., n=
2n.sub.0), yielding (at best) a compression ratio of 1/2.

First Alternative Embodiment

In an alternative embodiment, the trailing bits of modulus N are fixed. 1. Produce N.sub.h=(1PRNG
(s.sub.0)).epsilon.[1,2.sup..kappa.-1] from the seed s.sub.0. N.sub.h may naturally also be chosen.
2. Generate a first prime p.epsilon..left brkt-bot.2.sup.n-n.sup.0.sup.-1/2,2.sup.n-n.sup.0-1.right
brkt-bot. and gcd(p-1,e)=1. 3. Let

.times..times..times..kappa. ##EQU00006## generate a second prime q q=C+q'2.sup..kappa. with

'.di-elect cons..kappa..times..kappa..times. ##EQU00007## and gcd(q-1,e)=1, if any. 4. Define

.kappa. ##EQU00008## and output N={N.sub.l, s.sub.0, [.kappa.,n]}.

It will be appreciated that it is not necessary to include the most significant bit of N.sub.l in N,
as it is sure to be a 1.

More generally, it is also possible to fix some leading bits and some trailing bits of N.

Second Alternative Embodiment

The proposed methods can be adapted to accommodate RSA moduli that are made of more than 2 factors,
for example, 3-prime RSA moduli or RSA moduli of the form N=p.sup.rq. For a further description of
this, one may advantageously turn to Tsuyoshi Takagi's paper (Fast RSA-type cryptosystem modulo
p.sup.kq. Advances in Cryptology--CRYPTO'98, volume 1462 of Lecture Notes in Computer Science, pages
318-326. Springer, 1998).

Third Alternative Embodiment

The proposed methods also apply when the common part of RSA modulus N, say N.sub.h, is shared amongst
users or is common to all users for a given application. In such a case, there is no need to transmit
random seed s.sub.0 (as well as the values of .kappa. and n).

Device

FIG. 1 illustrates a device for RSA moduli generation according to a preferred embodiment of the
invention. The generating device 100 comprises at least one processor 110, at least one memory 120,
communication means 130 that may comprise separate input and output units, and possibly a user
interface 140. The processing means is adapted to perform the method of any of the methods described
hereinbefore.

Key Escrow

It will be appreciated that the present invention may advantageously be used for key escrow purposes.
In the case of a RSA modulus N=pq, knowledge of about half of the bits of p (or q) suffices to
recover the private key using for example lattice reduction techniques. Therefore, if about half (or
more) of the bits of p are encrypted using a secret key K and embedded in the representation of
public RSA modulus N, then an `authority` that knows K will be able to reconstruct p from N and thus
compute the corresponding private RSA key. The encrypted bits of p may be comprised in the
predetermined part of the RSA modulus.

It will further be appreciated that the method according to the invention is particularly
advantageous for use in smartcards and other resource constrained devices, as the method uses
relatively little resources.

Each feature disclosed in the description and (where appropriate) the claims and drawings may be
provided independently or in any appropriate combination. Features may, where appropriate be
implemented in hardware, software, or a combination of the two.

Reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure,
or characteristic described in connection with the embodiment can be included in at least one
implementation of the invention. Any appearances of the phrase "in one embodiment" in various places
in the specification are not necessarily all referring to the same embodiment, nor are separate or
alternative embodiments necessarily mutually exclusive of other embodiments.

Reference numerals appearing in the claims are by way of illustration only and shall have no limiting
effect on the scope of the claims.

                                              * * * * *
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                                               [Image]

                            [View Shopping Cart] [Add to Shopping Cart]
                   [PREV_LIST] [HIT_LIST] [NEXT_LIST] [PREV_DOC] [NEXT_DOC] [Top]

                   [Home] [Boolean Search] [Manual Search] [Number Search] [Help]