more efficient almost tightly secure structure preserving
play

More Efficient (Almost) Tightly Secure Structure-Preserving - PowerPoint PPT Presentation

Sep 11, 2023 •362 likes •827 views

More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis Hofheinz 2 Lisa Kohl 2 Jiaxin Pan 2 1 ENS Paris, France 2 Karlsruhe Institute of Technology, Germany R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient

  1. More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis Hofheinz 2 Lisa Kohl 2 Jiaxin Pan 2 1 ENS Paris, France 2 Karlsruhe Institute of Technology, Germany R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 1 / 33

  2. This talk A structure-preserving signature scheme with Tighter security (Significantly) shorter signatures: 25 → 14 elements The core technique can be presented in a simple, algebraic and modular way. R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 2 / 33

  3. Signature $ ( pk,sk ) ← Gen ( par ) $ ← Sign ( sk, m ) σ 0 / 1 ← Ver ( pk, m ,σ ) R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 3 / 33

  4. Structure-Preserving Signatures (SPS) [AFGHO10] Pairing groups G 1 , G 2 , G T cyclic groups of prime order q : e ∶ G 1 × G 2 → G T (Type III) ( pk,sk ) ← Gen ( par ) : pk ∈ G s ( s ∈ { 1 , 2 ,T } ) $ ← Sign ( sk, m ) : m ∈ G s and σ ∈ G s $ σ 0 / 1 ← Ver ( pk, m ,σ ) : Only pairing product equations are allowed. R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 3 / 33

  5. Applications of SPS Composition with: Groth-Sahai NIZK proofs, ElGamal Encryption, ... Efficient modular design for: Group signatures, blind signatures, anonymous credentials, ... R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 4 / 33

  6. Applications of SPS Composition with: Groth-Sahai NIZK proofs, ElGamal Encryption, ... Efficient modular design for: Group signatures, blind signatures, anonymous credentials, ... Goal Construct simple and efficient SPS under standard assumptions. R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 4 / 33

  7. Applications of SPS Composition with: Groth-Sahai NIZK proofs, ElGamal Encryption, ... Efficient modular design for: Group signatures, blind signatures, anonymous credentials, ... Goal Construct simple and efficient SPS under standard assumptions. Standard assumptions (e.g. DDH/SXDH, DLIN, k -LIN): non-interactive and static assumptions R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 4 / 33

  8. Important measures of efficiency for SPS Size of public keys, ∣ pk ∣ Size of signatures, ∣ σ ∣ Number of pairing product equations, # PPEs Tightness of security reductions R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 5 / 33

  9. Important measures of efficiency for SPS Size of public keys, ∣ pk ∣ Size of signatures, ∣ σ ∣ Number of pairing product equations, # PPEs Tightness of security reductions Affects the key length recommendation R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 5 / 33

  10. Tight security [BBM00,Coron00] Adversary Reduction Adversary Reduction Adversary Reduction with success ratio with success ratio ρ ′ ∶ = ε ′ ρ ∶ = ε t ′ = ρ / L t R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 6 / 33

  11. Tight security [BBM00,Coron00] Adversary Reduction Adversary Reduction Adversary Reduction with success ratio with success ratio ρ ′ ∶ = ε ′ ρ ∶ = ε t ′ = ρ / L t This work: t ′ = O ( t ) R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 6 / 33

  12. Tight security [BBM00,Coron00] Adversary Reduction Adversary Reduction Adversary Reduction with success ratio with success ratio ρ ′ ∶ = ε ′ ρ ∶ = ε t ′ = ρ / L t This work: t ′ = O ( t ) Tight security: L = “small” (e.g. L = O ( λ ) , or O ( log Q ) , or O ( 1 ) ) Non-tight security: L = Ω ( Q ) λ : security parameter Q ∶ = poly ( λ ) < 2 λ ⇒ log Q < λ R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 6 / 33

  13. Example: Why tightness? Adversary Reduction Adversary Reduction Adversary Reduction with success ratio with success ratio ρ ′ ∶ = ε ′ ρ ∶ = ε t ′ = ρ / L < 2 − 110 t < 2 − 80 Tight security: L = 1 Non-tight security: for example, L = # signing queries = 2 30 R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 7 / 33

  14. State-of-the-Art: Tightness and Efficiency Schemes Security loss Signature size O ( 1 ) O ( λ ) text [HJ12] O ( λ ) Tight text [AHNOP17] 25 O ( Q log Q ) [JR17] 6 O ( Q 2 ) [KPW15] 7 O ( Q ) [LPY15] 11 Non-tight O ( Q ) [ACDKNO12] 11 ⋮ ⋮ ⋮ R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 8 / 33

  15. State-of-the-Art: Tightness, and Efficiency Schemes Security loss Signature size O ( 1 ) O ( λ ) text [HJ12] O ( λ ) Tight text [AHNOP17] 25 O ( λ ) text [JOR18] 17 O ( log Q ) This work 14 O ( Q log Q ) [JR17] 6 O ( Q 2 ) [KPW15] 7 O ( Q ) Non-tight [LPY15] 11 O ( Q ) [ACDKNO12] 11 ⋮ ⋮ ⋮ R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 9 / 33

  16. This Work Algebraic MAC � → SPS The core component: an efficient tightly secure message authentication code (MAC) R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 10 / 33

  17. This Work Algebraic MAC � → SPS The core component: an efficient tightly secure message authentication code (MAC) The resulting SPS has better performance: shorter signatures shorter public keys less pairing product equations tighter security R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 10 / 33

  18. Our Technique One-time MAC (private-key, information-theoretically secure, SP) Motivated by the adaptive partioning technique ([Hof17], [GHK17]) Many-time MAC (SP) private-key ↦ public-key via pairings SPS R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 11 / 33

  19. Our Technique One-time MAC (private-key, information-theoretically secure, SP) This talk Many-time MAC (SP) private-key ↦ public-key via pairings (Similar to [BKP14,KPW15]) SPS R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 12 / 33

  20. Signature vs. MAC Signature MAC ▷ ( pk , sk ) ← Gen MAC ( par ) ▷ ( pk,sk ) ← Gen ( par ) $ $ ▷ τ ← Tag ( sk, m ) ▷ σ ← Sign ( sk, m ) $ $ ▷ 0 / 1 ← Ver ( pk , sk, m ,τ ) ▷ 0 / 1 ← Ver ( pk, m ,σ ) R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 13 / 33

  21. Security of Signature Challenger Adversary ( pk,sk ) $ pk ← Gen m i ← Sign ( sk, m i ) $ Q queries σ i σ i ( m ∗ ,σ ∗ ) Adversary wins: Ver ( pk, m ∗ ,σ ∗ ) = 1 ∧ m ∗ ∉ { m 1 ,..., m Q } R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 14 / 33

  22. Security of MAC Challenger Adversary ( pk , sk ) $ pk ← Gen MAC m i ← Tag ( sk, m i ) $ Q queries τ i τ i ( m ∗ ,τ ∗ ) Adversary wins: Ver ( sk, m ∗ ,τ ∗ ) = 1 ∧ m ∗ ∉ { m 1 ,..., m Q } R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 15 / 33

  23. For our MAC Challenger Adversary ( pk , sk ) $ pk ← Gen MAC m i ← Tag ( sk, m i ) $ Q queries τ i $ ( m ∗ ,τ ∗ ) Adversary wins: Ver ( sk, m ∗ ,τ ∗ ) = 1 ∧ m ∗ ∉ { m 1 ,..., m Q } R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 15 / 33

  24. Implicit Notation Let a ∈ Z p , [ a ] s ∶ = a P s ∈ G s R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 16 / 33

  25. Implicit Notation Let a ∈ Z p , [ a ] s ∶ = a P s ∈ G s ⎛ ⎞ a 11 ... a 1 m ⎜ ⋱ ⎟ ∈ Z n × m Let A = , p ⎝ ⎠ a n 1 ... a nm a 11 P s a 1 m P s ⎛ ⎞ ... [ A ] s ∶ = ⎜ ⋱ ⎟ ∈ G n × m , s ⎝ ⎠ a n 1 P s a nm P s ... where s ∈ { 1 , 2 ,T } . R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 16 / 33

  26. One-time MAC ▸ Gen MAC ∶ sk ∶ = x 0 $ ← Z 1 + n x 0 p ▸ Tag ( sk, [ m ] 1 ) ∶ τ ∶ = 1 ∣ m [( 1 , m ⊺ ) x 0 ] 1 �ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ�ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ� x 0 2-wise independent hash ▸ Ver ( sk, [ m ] 1 ,σ ) ∶ τ ? = [( 1 , m )] 1 x 0 R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 17 / 33

  27. One-time ↝ Many-time MAC ▸ Gen MAC ∶ sk ∶ = ( x 0 p ) $ $ ← Z 1 + n x 0 ← Z 2 k , x p ▸ Tag ( sk, [ m ] 1 ) ∶ 1 ∣ τ ∶ = m [( 1 , m ⊺ ) x 0 ] 1 + Random �ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ�ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ� x 0 2-wise independent hash ▸ Ver ( sk, [ m ] 1 ,σ ) ∶ τ ? = [( 1 , m )] 1 x 0 R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 18 / 33

  28. The Core Idea (Simplified Version) r A 0 t = t ⊺ x u = where A 0 ∈ Z 2 k × k . p R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 19 / 33

  29. The Core Idea (Simplified Version) r A 0 t = ([ t 0 ] , [ u 0 ]) ,..., ([ t Q − 1 ] , [ u Q − 1 ]) ≈ c t ⊺ x u = ([ t 0 ] , [ $ 0 ]) ,..., ([ t Q − 1 ] , [ $ Q − 1 ]) . where A 0 ∈ Z 2 k × k . p R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 19 / 33

  30. The Core Idea (Simplified Version) Real: {([ t i ] , [ t ⊺ i x ])} 1 ≤ i ≤ Q r A 0 t = ≈ c t ⊺ Rand: {([ t i ] , [ t ⊺ i x i ])} 1 ≤ i ≤ Q x u = $ ← Z 2 k where x i p . where A 0 ∈ Z 2 k × k . p R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient Tightly Secure SPS 20 / 33

Recommend

Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE

Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE

Efficient Scheme for Secure and Privacy-Preserving Electric Vehicle Dynamic Charging System IEEE ICC 2017 Paris, France May 21 - 25, 2017 Presenter: Outline I ntroduction Proposed Scheme Evaluations Conclusion W hat is EV

560 views • 20 slides
Tightly Secure Signatures and Public-Key Encryp8on Dennis

Tightly Secure Signatures and Public-Key Encryp8on Dennis

Tightly Secure Signatures and Public-Key Encryp8on Dennis Ho&lt;einz and Tibor Jager Karlsruhe Ins,tute of Technology CRYPTO 2012 1 Tight

477 views • 15 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan

Efficient Privacy-Preserving Biometric Identification Yan Huang Lior Malka David Evans Jonathan Katz http://www.mightbeevil.org/secure-biometrics/ Feb 9, 2011 Motivating Scenario: Private No-Fly Checking Threat Models Semi-honest adversary

1.4k views • 40 slides
Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota Advances and Challenges in Computational Relativity September 14, 2020 ICERM Structure-preserving discretization Structure-preserving

502 views • 49 slides
Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1 , Saqib A. Kakvi 2 , Eike Kiltz 2 , Jiaxin Pan 2 1 University of Limoges, France 2 Ruhr University Bochum, Germany Keywords 1. Signatures 2. Tight

725 views • 44 slides
Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen 1 Tibor Jager 2 NTNU - Norwegian University of Science and Technology, Trondheim, Norway, kristian.gjosteen@ntnu.no Paderborn University, Paderborn,

360 views • 34 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload &amp; download confidential

202 views • 9 slides
Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model Giovanni Di Crescenzo 1 Brian Coan 1 John Schultz 3 Simon Tsang 1 Rebecca N.

338 views • 14 slides
Describing Secure Interfaces with Interface Automata Matias Lee Pedro R. DArgenio FaMAF -

Describing Secure Interfaces with Interface Automata Matias Lee Pedro R. DArgenio FaMAF -

Interfaces Structure for Security Deriving secure ISS Preserving BSNNI after Composition Contribution and future works Describing Secure Interfaces with Interface Automata Matias Lee Pedro R. DArgenio FaMAF - UNC CONICET FESCA Workshop

517 views • 51 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt)

On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt)

On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt) Dennis Hofheinz (Karlsruhe Institute of Technology) Lisa Kohl (Karlsruhe Institute of Technology) 1 Non-Interactive Key Exchange (NIKE) pk 1 , pk

884 views • 59 slides
Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li

Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li

Towards Tightly Secure Lattice Short Signature and Id-Based Encryption Xavier Boyen Qinyi Li QUT Asiacrypt16 2016-12-06 1 / 19 Motivations 1. Short lattice signature with tight security reduction w/o ROs. Techniques Short Sig? Tight

712 views • 47 slides
Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment pain The vision The Octomizer: TVM for everyone 2 Simple, secure, and efficient Drive TVM adoption Expand the set of users who can deployment of

370 views • 14 slides
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei Networked Systems Security Group (NSS) November 1, 2016 July 2, 2018

1.03k views • 38 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving application FOSDEM20 Martin Schanzenbach 2/2/2020 The Internet is under attack The Internet HTTP, Facebook, Google, Libra ... DNS / X.509 TCP /

631 views • 34 slides
Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation

Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation

Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation One approach Lightweight Security Secure and Efficient Metering Motivation Advertising Webpage popularity Cost Measure

993 views • 49 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
Fast &amp; Faster Privacy-Preserving ML in Secure Hardware Enclaves Nick Hynes, Raymond

Fast &amp; Faster Privacy-Preserving ML in Secure Hardware Enclaves Nick Hynes, Raymond

Fast &amp; Faster Privacy-Preserving ML in Secure Hardware Enclaves Nick Hynes, Raymond Cheng, Dawn Song | UC Berkeley &amp; Oasis Labs with support from the TVM team and community! Ideal: data providers pool data to train a large, complex

1.41k views • 58 slides
Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim)

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim)

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25 Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25 Global

940 views • 46 slides
Efficient Outsourcing GWAS using FHE Wenjie Lu*, Jun Sakuma * * Dept. of CS, University of

Efficient Outsourcing GWAS using FHE Wenjie Lu*, Jun Sakuma * * Dept. of CS, University of

Efficient Outsourcing GWAS using FHE Wenjie Lu*, Jun Sakuma * * Dept. of CS, University of Tsukuba, Japan JST CREST Secure Outsourcing GWAS Secure computation [Cloud] Outline of our solution [data holder] Secure

381 views • 19 slides

More recommend