Skip to main content
SpringerLink
Log in
Book cover

Annual International Cryptology Conference

CRYPTO 2021: Advances in Cryptology – CRYPTO 2021 pp 278–308Cite as

Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12827))

Abstract

At EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based framework for finding exploitable MITM characteristics in the context of key-recovery and collision attacks by taking the subtle peculiarities of both scenarios into account. Moreover, to perform attacks based on MITM characteristics with nonlinear constrained neutral words, which have not been seen before, we present a procedure for deriving the solution spaces of neutral words without solving the corresponding nonlinear equations or increasing the overall time complexities of the attack. We apply our method to concrete symmetric-key primitives, including SKINNY, ForkSkinny, Romulus-H, Saturnin, Grøstl, WHIRLPOOL, and hashing modes with AES-256. As a result, we identify the first 23-round key-recovery attack on SKINNY-n-3n and the first 24-round key-recovery attack on ForkSkinny-n-3n in the single-key model. Moreover, improved (pseudo) preimage or collision attacks on round-reduced WHIRLPOOL, Grøstl, and hashing modes with AES-256 are obtained. In particular, employing the new representation of the AES key schedule due to Leurent and Pernot (EUROCRYPT 2021), we identify the first preimage attack on 10-round AES-256 hashing.

The full version of the paper is available at https://eprint.iacr.org/2021/427.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    We do not consider the Demirci-Selçuk MITM attacks [16, 17, 24, 54] in this paper, which is a quite different technique.

References

  1. AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 109–125. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06734-6_7

    Chapter  Google Scholar 

  2. Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Yu., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_34

    Chapter  Google Scholar 

  3. Aoki, K., Sasaki, Yu.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04159-4_7

    Chapter  Google Scholar 

  4. Aoki, K., Sasaki, Yu.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_5

    Chapter  Google Scholar 

  5. Banik, Subhadeep, Pandey, Sumit Kumar, Peyrin, Thomas, Sasaki, Yu., Sim, Siang Meng, Todo, Yosuke: GIFT: a small Present - towards reaching the limit of lightweight encryption. In: Fischer, Wieland, Homma, Naofumi (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16

    Chapter  Google Scholar 

  6. Bao, Z., et al.: Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. Cryptology ePrint Archive, Report 2020/467 (2020)

    Google Scholar 

  7. Bariant, A., David, N., Leurent, G.: Cryptanalysis of Forkciphers. IACR Trans. Symmetric Cryptol. 2020(1), 233–265 (2020)

    Article  Google Scholar 

  8. Barreto, P.S.L.M., Rijmen, V.: The WHIRLPOOL Hashing Function (2000). Revised in 2003

    Google Scholar 

  9. Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5

    Chapter  Google Scholar 

  10. Biham, E., Dunkelman, O., Keller, N., Shamir, A.: New attacks on IDEA with at least 6 rounds. J. Cryptol. 28(2), 209–239 (2015)

    Article  MathSciNet  Google Scholar 

  11. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_19

    Chapter  Google Scholar 

  12. Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_16

    Chapter  MATH  Google Scholar 

  13. Boura, C., Canteaut, A., De Cannière, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252–269. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_15

    Chapter  Google Scholar 

  14. Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. IACR Trans. Symmetric Cryptol. 2020(S1), 160–207 (2020)

    Article  Google Scholar 

  15. Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_13

    Chapter  MATH  Google Scholar 

  16. Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71039-4_7

    Chapter  Google Scholar 

  17. Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round, in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_23

    Chapter  MATH  Google Scholar 

  18. Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74–84 (1977)

    Article  Google Scholar 

  19. Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on 3-round even-mansour, 8-step LED-128, and full AES2. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 337–356. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_18

    Chapter  Google Scholar 

  20. Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Cryptanalysis of iterated even-mansour schemes with two keys. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 439–457. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_23

    Chapter  Google Scholar 

  21. Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: New attacks on feistel structures with improved memory complexities. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 433–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_21

    Chapter  Google Scholar 

  22. Dong, X., Hua, J., Sun, S., Li, Z., Wang, X., Hu, L.: Meet-in-the-middle attacks revisited: Key-recovery, collision, and preimage attacks. Cryptology ePrint Archive, Report 2021/427 (2021). https://eprint.iacr.org/2021/427

  23. Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on AES-like hashing with low quantum random access memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 727–757. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_25

    Chapter  Google Scholar 

  24. Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_10

    Chapter  Google Scholar 

  25. Dunkelman, O., Sekar, G., Preneel, B.: Improved meet-in-the-middle attacks on reduced-round DES. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 86–100. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77026-8_8

    Chapter  MATH  Google Scholar 

  26. Espitau, T., Fouque, P.-A., Karpman, P.: Higher-order differential meet-in-the-middle preimage attacks on SHA-1 and BLAKE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 683–701. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_33

    Chapter  MATH  Google Scholar 

  27. Fuhr, T., Minaud, B.: Match box meet-in-the-middle attack against KATAN. FSE 2014, 61–81 (2014)

    MATH  Google Scholar 

  28. Gauravaram, P., et al.: Grøstl - a SHA-3 candidate. In: Symmetric Cryptography (2009)

    Google Scholar 

  29. Gilbert, H., Peyrin, T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. FSE 2010, 365–383 (2010)

    MATH  Google Scholar 

  30. Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56–75. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_4

    Chapter  Google Scholar 

  31. Hong, D., Koo, B., Sasaki, Yu.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332–348. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14423-3_22

    Chapter  Google Scholar 

  32. Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 249–279. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_9

    Chapter  Google Scholar 

  33. Isobe, T.: A single-key attack on the full GOST block cipher. J. Cryptol. 26(1), 172–189 (2013)

    Article  MathSciNet  Google Scholar 

  34. Isobe, T., Shibutani, K.: Security analysis of the lightweight block ciphers XTEA, LED and piccolo. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 71–86. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31448-3_6

    Chapter  MATH  Google Scholar 

  35. Isobe, T., Shibutani, K.: Generic key recovery attack on feistel scheme. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_24

    Chapter  Google Scholar 

  36. Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Romulus for Round 3. NIST Lightweight Crypto Standardization process (Round 2) (2020)

    Google Scholar 

  37. Jean, J., Naya-Plasencia, M., Peyrin, T.: Improved rebound attack on the finalist Grøstl. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 110–126. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34047-5_7

    Chapter  Google Scholar 

  38. Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15

    Chapter  Google Scholar 

  39. Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. IACR Cryptol. ePrint Arch. 2011, 286 (2011)

    MATH  Google Scholar 

  40. Knellwolf, S., Khovratovich, D.: New preimage attacks against reduced SHA-1. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 367–383. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_22

    Chapter  Google Scholar 

  41. Kölbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1–29 (2016)

    Google Scholar 

  42. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_8

    Chapter  Google Scholar 

  43. Li, J., Isobe, T., Shibutani, K.: Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 264–286. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34047-5_16

    Chapter  Google Scholar 

  44. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced WHIRLPOOL and Grøstl. FSE 2009, 260–276 (2009)

    MATH  Google Scholar 

  45. Mendel, F., Rijmen, V., Schläffer, M.: Collision attack on 5 rounds of Grøstl. FSE 2014, 509–521 (2014)

    MATH  Google Scholar 

  46. Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378–396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_22

    Chapter  Google Scholar 

  47. Sasaki, Yu.: Integer linear programming for three-subset meet-in-the-middle attacks: application to GIFT. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 227–243. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97916-8_15

    Chapter  Google Scholar 

  48. Sasaki, Yu., Aoki, K.: Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253–271. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_16

    Chapter  Google Scholar 

  49. Sasaki, Yu., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_8

    Chapter  Google Scholar 

  50. Sasaki, Y., Li, Y., Wang, L., Sakiyama, K., Ohta,K.: Non-full-active super-sbox analysis: applications to ECHO and Grøstl. In: ASIACRYPT 2010, Proceedings, pp. 38–55 (2010)

    Google Scholar 

  51. Sasaki, Yu., Wang, L., Sakai, Y., Sakiyama, K., Ohta, K.: Three-subset meet-in-the-middle attack on reduced XTEA. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 138–154. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31410-0_9

    Chapter  MATH  Google Scholar 

  52. Sasaki, Yu., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_34

    Chapter  Google Scholar 

  53. Schläffer, M.: Updated differential analysis of Grøstl. In: Grøstl Website (2011)

    Google Scholar 

  54. Shi, D., Sun, S., Derbez, P., Todo, Y., Sun, B., Hu, L.: Programming the Demirci-Selçuk meet-in-the-middle attack with constraints. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 3–34. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_1

    Chapter  MATH  Google Scholar 

  55. Tolba, M., Abdelkhalek, A., Youssef, A.M.: Impossible differential cryptanalysis of reduced-round SKINNY. In: AFRICACRYPT 2017, Proceedings, vol. 10239, pp. 117–134 (2017)

    Google Scholar 

  56. Wang, L., Sasaki, Yu.: Finding preimages of tiger Up to 23 Steps. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 116–133. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_7

    Chapter  Google Scholar 

  57. Wang, L., Sasaki, Yu., Komatsubara, W., Ohta, K., Sakiyama, K.: (Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 197–212. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_14

    Chapter  Google Scholar 

  58. Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 433–438. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22497-3_31

    Chapter  Google Scholar 

  59. Shuang, W., Feng, D., Wenling, W., Guo, J., Dong, L., Zou, J.: (pseudo) Preimage attack on round-reduced Grøstl hash function and others. FSE 2012, 127–145 (2012)

    MATH  Google Scholar 

Download references

Acknowledgment

We thank the reviewers for their valuable comments. This work is supported by National Key R&D Program of China (2018YFA0704701, 2018YFA0704704), the Major Program of Guangdong Basic and Applied Research (2019B030302008), Major Scientific and Techological Innovation Project of Shandong Province, China (2019JZZY010133), Natural Science Foundation of China (61902207, 61772519) and the Chinese Major Program of National Cryptography Development Foundation (MMJJ20180101, MMJJ20180102).

Author information

Authors and Affiliations

  1. Institute for Advanced Study, BNRist, Tsinghua University, Beijing, China

    Xiaoyang Dong, Jialiang Hua & Xiaoyun Wang

  2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Siwei Sun & Lei Hu

  3. University of Chinese Academy of Sciences, Beijing, China

    Siwei Sun & Lei Hu

  4. Faculty of Information Technology, Beijing University of Technology, Beijing, China

    Zheng Li

  5. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

    Xiaoyun Wang

  6. School of Cyber Science and Technology, Shandong University, Qingdao, China

    Xiaoyun Wang

  7. Beijing Key Laboratory of Trusted Computing, Beijing University of Technology, Beijing, China

    Zheng Li

Authors
  1. Xiaoyang Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jialiang Hua
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siwei Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zheng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaoyun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Jialiang Hua or Siwei Sun .

Editor information

Editors and Affiliations

  1. Columbia University, New York City, NY, USA

    Tal Malkin

  2. University of Michigan, Ann Arbor, MI, USA

    Chris Peikert

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dong, X., Hua, J., Sun, S., Li, Z., Wang, X., Hu, L. (2021). Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12827. Springer, Cham. https://doi.org/10.1007/978-3-030-84252-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-84252-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-84251-2

  • Online ISBN: 978-3-030-84252-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation