JP2004020984A - Method for probabilistic simultaneous order inspection of a plurality of elements and program for order inspecting - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To inspect whether the orders of all of inspected values as elements of a multiplication group are divisors of specified orders at a high speed. <P>SOLUTION: A variable (p) defining a group, an array g<SB>i</SB>(i=1, 2, ..., n) of a plurality of values to be inspected, a reference order (q), and a safe variable (s) are inputted (S101) and loops of steps S102 to S109 is executed. In each loop, a random number (r) is generated (S102), an inspection product Q as the product of inspected values, selected at random from the array g<SB>i</SB>of inspected values according to the random number, in the group is calculated (S103), and it is judged whether the order of the inspection product Q is a divisor of the order (q) (S104). When the order of the inspection product Q is not a divisor of the order (q), inspection failure is outputted and the process is ended. When the order of the inspection product Q is a divisor of the order (1) and the loop is repeated as many times as the safe variable (s), inspection success is outputted and the process is ended. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a method of checking that the order of a plurality of data has a specific value, and particularly to a method of determining a result at a high speed by treating a plurality of data collectively.
[0002]
[Prior art]
In many applications of the public key cryptosystem, the order of numerical values constituting a ciphertext may be checked in order to guarantee security. Here, the order of the numerical value is the order as a set of cyclic groups generated by the numerical value, and the inspection of the order of the numerical value is the value at which the order of the numerical value is assumed. Is to test. The order will be described with a simple example. Now, assuming (Z / 7Z) ^* with p = 7 as the multiplicative group (Z / pZ) ^* and 3 as the numerical value, the set of cyclic groups generated by the numerical value 3 is 3 ¹ mod 7 = 3,3 ^{2 mod 7 = 2,3 3 mod 7} = 6,3 4 mod 7 = 4,3 5 mod 7 = 5,3 6 mod 7 = 1,3 7 mod 7 = 3,3 8 mod 7 = 2,3 9 mod 7 = 6, 3 ¹⁰ mod 7 = 4, 3 ¹¹ mod 7 = 5,..., and is composed of 6, 2, 3, 4, 5, and 1 elements. It is said that the order as a set of cyclic groups generated by the numerical value 3 on the multiplicative group (Z / 7Z) ^* is 6.
[0003]
By the way, in recent years, an opportunity to handle a huge number of ciphertexts at a time, such as a cryptographic application such as electronic voting, has increased. For this reason, it is required that these applications complete the inspection of the numerical order quickly. A specific example that requires a rank check is an electronic voting system using a cryptographic protocol called “Verifiable Mix-net”. Here, the voting action is performed by sending a voting sentence encrypted using a public key encryption system to a tallying station. In the tallying, first, the sent voting cipher text is jointly decrypted by a plurality of tallyers, and then the decrypted voting texts are tallyed. After the end of the series of tallying operations, in the “Verifiable Mix-net”, the tallyer cooperates to generate and output data proving that the series of operations has been performed correctly. This data is hereinafter referred to as “certification data”. By the way, even if the tally result is incorrect, the fact is not easily understood from only the set of encrypted voting sentences and the set of decrypted voting sentences. However, if you have the key to decrypt it, it is easy to see if the results are correct. This is because all voting ciphertexts can be decrypted with this key and the two sets can be compared. The proof data is data that makes it possible to know whether the tally result is valid, but the correspondence between the voting cipher text and the decryption result is not known from the proof data, not the key itself (that is, voting data). Data). In the electronic voting using the “verifiable Mix-net”, it is determined from the voting cipher text, the decrypted voting text, and the proof data using a special algorithm that no tampering has been performed in counting the voting. This algorithm may include an operation for examining the order of the values constituting the ciphertext, the decrypted voting sentence, and the proof data, particularly when the “verifiable Mix-net” uses the ElGamal ciphertext. Many. This is because the ElGamal ciphertext can identify ciphertexts having different orders, and if only ciphertexts having the same order are not selected and used, the security of the electronic voting system is reduced.
[0004]
By the way, there are the following methods for the conventional order inspection. First, order of the numerical values g in order to check that it is a divisor of q is a number g on the group this value g is defined to calculate the g q ^{+ 1} is a q + 1 square of numerical g. In other words, the defined group is (Z / pZ) ^{Assuming *} , g ^{q + 1} mod p is calculated. If this calculation result is equal to g, it is determined that the order of the numerical value g is a divisor of q. In particular, when q is a prime number, its order is 1 or q.
[0005]
[Problems to be solved by the invention]
However, since the calculation of g ^{q + 1} in the above-described conventional technique often requires a large calculation cost, there is a problem that it takes an enormous amount of time to check the order of a large number of numerical values. In particular, when a large-scale electronic voting is performed by using the Mix-net, for example, the number of ciphertexts whose order needs to be checked is enormous, so that a large amount of time is required and the operation of the system may be difficult. .
[0006]
The present invention has been proposed in view of such circumstances, and an object of the present invention is to provide a method for inspecting the order of a large number of numerical values in a shorter time.
[0007]
[Means for Solving the Problems]
The first probabilistic simultaneous order inspection method for a plurality of elements according to the present invention is such that when a plurality of inspected values are given on a given group, all the orders of these values are all the given values. A method for confirming that the number is a divisor, wherein a variable defining a group, a plurality of inspected values that are elements of the group, a rank, and an input process in which a safety variable is input; In the case where at least one of the inspected values includes a value whose order is not a divisor of the given order, an inspection process of detecting this with a probability significantly different from 0; Until it is detected that at least one order is not a divisor of the given order, or until the value is executed the number of times specified by the safety variable, In the repetitive processing for repeatedly executing the inspection processing, If it is detected that at least one order is not a divisor of the given order among a plurality of values to be inspected, “Rejected” is detected. And an output process of outputting
[0008]
According to a second aspect of the present invention, there is provided a stochastic simultaneous order inspection method for a plurality of elements, wherein the inspection processing generates a random number by a random number generator. Processing, using the random numbers, determining whether to select or deselect each of the plurality of values to be inspected, and calculating an inspection product that is a product of all the selected values on the group, If the order of the test product is not a divisor of the given order, at least one of the plurality of inspected values includes one whose order is not a divisor of the given order. And a check stacking number judging process for judging that the number is to be determined.
[0009]
The third method of probabilistic simultaneous order inspection for a plurality of elements according to the present invention is a method for inspecting by computer that all orders of a plurality of inspected values are divisors of a reference order. It is characterized by including a step.
a) A variable defining a group, a plurality of test values which are elements of the group, a standard order and a safety variable are input, and the variables defining the input group are input to a first storage means. B) storing the inspected value in the second storage means, storing the input reference order in the third storage means, and storing the input safety variable in the fourth storage means. Step c) storing the generated random numbers in the fifth storage means. The variables defining the group from the first storage means, the plurality of test values from the second storage means, and the random numbers from the fifth storage means. Obtain and select a test value to be used for test product generation from a plurality of test values based on the value of the random number, and calculate a test product which is a product of the selected test value on the group. And d) storing the calculated check product in a sixth storage means. A variable defining the group from the column, a reference order from the third storage means, and a check product from the sixth storage means are respectively obtained, and the order of the test product is a divisor of the reference order. E) storing the determination result in the seventh storage means; e) retrieving the determination result from the seventh storage means; If the judgment result indicates that the test is not successful, the process is terminated, and if the judgment result indicates that the order of the inspection product is a divisor of the reference order, the safety is stored in the fourth storage means. The variable is taken out, and it is determined whether or not the value is equal to or more than a predetermined value. If the value is not equal to or more than the predetermined value, the result of the inspection is output and the process is terminated. Step 4 of reducing the safety variable stored in the storage means of Step 4 by a predetermined value and returning to Step b. 10]
A fourth method of probabilistic simultaneous order inspection for a plurality of elements according to the present invention is a method for inspecting with a computer that all orders of a plurality of inspected values are divisors of a reference order. It is characterized by including a step.
a) inputting a variable defining a group, a plurality of test values, reference orders and safety variables which are elements of the group; b) inputting a variable defining an input group to a first storage means; C) storing the plurality of tested values in the second storage means, storing the input reference order in the third storage means, and storing the input safety variables in the fourth storage means, respectively. D) storing the generated random numbers in a fifth storage means, e) storing a variable defining a group from the first storage means, a plurality of test values from the second storage means, and a fifth storage means. From the plurality of inspected values based on the value of the random number, select an inspected value to be used for generating an inspected product, and determine an inspected product that is a product of the selected inspected value on the group. F) storing the calculated check product in the sixth storage means. G) obtaining a variable defining a group from the first storage means, a reference order from the third storage means, and a check product from the sixth storage means, respectively. H) determining whether or not is a divisor of the reference order; i) storing the determination result in the seventh storage means; i) extracting the determination result from the seventh storage means; If the judgment result is that the order is not a divisor of the reference order, a message indicating that the test has failed is output and the process is terminated. Otherwise, the process is continued. Step j) The safety variable is stored in the fourth storage means. Take out and determine whether or not the value is equal to or greater than a predetermined value. If the value is not equal to or greater than the predetermined value, output that the inspection is successful and terminate the process. Otherwise, continue the process. The safety variable stored in the storage means is reduced by a predetermined value, and the Step to return the process to the c [0011]
[Action]
In the present invention, if the order is not a divisor of the given order in the inspected values, the probability is sufficiently close to 1 if the safety variable is made sufficiently large. Can be confirmed. Further, when the safety variable is sufficiently smaller than the number of bits of the order and the number of test values for inspecting the order is sufficiently larger than the number of bits of the order, The order can be inspected more efficiently than the inspection. For example, if the number of bits of the order is 160 or more, it is possible to perform a sufficiently accurate inspection with about 40 safety variables. In this case, if the numerical value sequence to be inspected is composed of 45 or more elements, And the computational cost is reduced compared to the prior art.
[0012]
BEST MODE FOR CARRYING OUT THE INVENTION
Next, embodiments of the present invention will be described in detail with reference to the drawings.
[0013]
Referring to FIG. 1, an example of a computer to which the present invention is applied includes an input device 100, an output device 200, a program storage device 300, a memory 400, and a central processing unit 500 connected thereto. The input device 100 includes a manual input device such as a keyboard, a file device for storing input data, a communication device for receiving data transmitted via a communication line, and the like. The output device 200 includes a display device, a printer, a file device for storing output data, a communication device for transmitting output data via a communication line, and the like. The program storage device 300 is configured by a magnetic disk or the like for storing software such as a basic program of the computer and an order inspection program. The memory 400 is a storage unit for storing various data required in the order inspection process, and is configured by a RAM or the like. In the case of the present embodiment, the memory 400 is provided with first to seventh storage units 401 to 407 each including a file, a table, and the like. The central processing unit 500 executes the program stored in the program storage device 300 to control the entire computer. In particular, the order inspection method according to the present invention is executed by executing the order inspection program stored in the program storage device 300.
[0014]
Next, the flow of processing by the order inspection program will be described with reference to FIG.
[0015]
[Premise]
Let p be an integer, let φ (p) be the total number of positive integers relatively prime to p among positive integers less than p, and let q be an integer q | φ (p), that is, an integer divisible by φ (p). To explain this meaning with a simple example, when p = 15, among the positive integers smaller than p, positive integers relatively prime to p are 1, 2, 4, 7, 8, 11, 13, and 14 Since there are a total of eight, φ (p) = 8, and q, which is an integer divisible by 8, is 1, 2, 4, and 8. The order test is performed using q of a specific value among the qs of the plurality of values as a reference order.
[0016]
[Input processing S101]
The central processing unit 500 from the input device 100, multiplicative group (Z / ^{pZ) *} define variables p, n pieces of inspection values _g 1 is an element of the _group, g 2, ..., _{g n,} the reference and The order q and the safety variable s are input and stored in the first storage unit 401, the second storage unit 402, the third storage unit 403, and the fourth storage unit 404. For example, when the present invention is applied to an electronic voting system using a cryptographic protocol called “Verifiable Mix-net” described in the section of the related art, a variable p corresponds to a variable defining a group used by public key cryptography. , The plurality of inspected values correspond to the encrypted voted vote, the decrypted vote, and the elements constituting the data proving that the tallying process was performed normally, and the reference order q is This corresponds to the order determined to be used in the electronic voting system. Further, the safety variable s is determined in advance according to the accuracy required for the inspection.
[0017]
[Random number generation processing S102]
The central processing unit 500 generates an n-bit random number r equal to the number n of the values to be inspected by using the random number generating unit, and stores the generated random number r in the fifth storage unit 405. Here, the value of each bit of the random number r is 1 or 0.
[0018]
[Check product generation processing S103]
The central processing unit 500 stores the variable p defining the group, n inspected values g ₁ , g ₂ ,..., G _n , n bits from the first, second, and fifth storage means 401, 402, and 405. Are obtained, and when the n inspected values g ₁ , g ₂ ,..., G _n and each bit of the random number are associated with each other on a one-to-one basis, the value of the corresponding bit of the random number r is Only inspection values that are predetermined values (for example, 1) are selected, and an inspection product Q that is a product of the inspection values on the group is calculated and stored in the sixth storage unit 406. To explain the calculation of the check product Q by a simple example, if the group is (Z / 7Z) ^* and the two selected test values g ₁ and g ₂ are 3 and 4, the group of the test values will be described. The check product Q, which is the product above, is calculated as 3 * 4 mod 7 = 5.
[0019]
[Test Stack Number Determination Process S104]
The central processing unit 500 acquires the variable p defining the group, the order q serving as a reference, and the check product Q from the first, third, and sixth storage means 401, 403, and 406, respectively. Is determined by calculating whether or not the following expression is satisfied, and the determination result is stored in the seventh storage means 407.
Q ^{q + 1} mod p = Q
When the above equation is satisfied, the order of all the inspected values from which the check product Q is calculated is a divisor of the order q. The process branches to step S107. On the other hand, when the above formula is not satisfied, the test value from which the check product Q is calculated includes a test value whose order is at least a divisor of the order q. The determination result is “not accepted”, and the process branches to unaccepted output processing S105.
[0020]
[Rejected output processing S105]
The central processing unit 500 takes out the result of the determination of “not accepted” from the seventh storage unit 407 and outputs it from the output unit 200. Then, the order inspection processing for the inspected value ends (S106).
[0021]
[Safety variable determination processing S107]
The central processing unit 500 fetches the safety variable s from the fourth storage unit 404, determines whether or not the value is greater than a predetermined value (1 in this example). If not greater, the flow branches to acceptance output processing S108.
[0022]
[Reception output processing S108]
The central processing unit 500 retrieves the result of the determination of “acceptance” from the seventh storage unit 407 and outputs it from the output device 200. Then, the order inspection processing for the inspected value ends (S106).
[0023]
[Repeat processing S109]
The central processing unit 500 reduces the safety variable s stored in the fourth storage unit 404 by a predetermined value (1 in this example), and branches to the random number generation processing S102. Thereby, the above-described processing is repeated. This repetition is continued until it is determined that the order of the check product Q generated in step S103 is not a divisor of the order q, or until it is determined in step S107 that the value of the safety variable s is not greater than 1. .
[0024]
Next, effects of the present embodiment will be described.
[0025]
All inspected numerical sequence _{g i; (i = 1,2,} ..., n) with respect _to, if ^{g i q + 1 mod p =} g i is satisfied, always outputs "acceptance" in the present embodiment. This is obvious. If one in even ^{_{g i q + 1 mod p ≠}} g i becomes _{g i} is present, the probability that the test product Q comprises a _{g i} is 1/2. This is because it is impossible that Q ^{q + 1} mod p = Q is satisfied both when the check product Q includes g _i and when it does not include g _i , assuming that the other elements constituting the check product are the same. Therefore, _{if g} ⁱ q + 1 mod p ≠ _{g i} becomes _{g i} even one is present, with respect to the random number r which is chosen at ^random, the probability that Q q + 1 mod p = Q is satisfied, 1/2 because of less is there.
[0026]
When “accept” is output in this embodiment, it means that all the check products Q generated for the s random numbers satisfy Q ^{q + 1} mod p = Q, and therefore at least one g _i ^{q + 1} mod p ≠ probability _{that g i} becomes _{g i} is present is less than or equal to 1/2 ^s. Thus, taking a sufficiently large safety variables _s, the probability of missing the presence of ^{g i q + 1 mod p ≠} g i becomes _{g i} becomes negligibly small.
[0027]
In order to check g _i ^{q + 1} mod p = g _i for n g _i in the conventional method, modular exponentiation had to be performed n times. One modular exponentiation operation requires a modular multiplication of about 3/2 times the number of bits of q. Assuming that the number of bits of q is | q |, (3/2) | q | n multiplication remainders are required in total.
[0028]
On the other hand, in this embodiment, n / 2 multiplication remainders are required to generate the check product Q, and (3/2) | q | multiplication remainders are required to calculate Q ^{q + 1.} , {(1/2) n + (3/2) | q |} s multiplication remainders are required.
[0029]
Therefore, when n is sufficiently larger than | q |, that is, when many order tests need to be performed, and s <3 | q |, the present embodiment is more efficient than the conventional method. In reality, in the case of the electronic voting system described above, the number of order bits | q | is often 160 or more, and the safety variable s of about 40 is often sufficient. Under such conditions, the present embodiment is more effective when the numerical value sequence to be inspected includes 45 or more elements.
[0030]
【The invention's effect】
As described above, according to the present invention, it is possible to inspect the order of a large number of numerical values in a shorter time. The reason is that a plurality of data are treated collectively and inspected stochastically.
[Brief description of the drawings]
FIG. 1 is a block diagram illustrating an example of a computer to which the present invention has been applied.
FIG. 2 is a flowchart illustrating a flow of a process performed by an order inspection program.
[Explanation of symbols]
100 input device 200 output device 300 program storage device 400 memories 401 to 407 first to seventh storage means 500 central processing unit

Claims (6)

A method of verifying that when a plurality of test values are given on a given group, the order of all of these values is all a divisor of the given value,
Variables defining a group, a plurality of test values that are elements of the group, an order, and a safety variable are input, input processing,
In the case where at least one order is not a divisor of the given order in the plurality of inspected values, an inspection process of detecting this with a probability significantly different from 0,
It is detected that at least one of the plurality of values to be inspected includes a value which is not a divisor of the given order, or the number of times specified by the safety variable is executed. Up to, a repetitive process of repeatedly executing the inspection process,
In the iterative process, if it is detected that at least one of the plurality of values to be inspected includes an order that is not a divisor of the given order, a “rejection” is not detected. Output processing to output "acceptance" in the case,
A stochastic simultaneous order inspection method for a plurality of elements, comprising: The inspection processing is
Random number generation processing for generating random numbers by a random number generator;
Using the random number, determine the selection or non-selection for each of the plurality of values to be inspected, calculate the inspection product which is the product of all the selected values on the group, inspection product generation processing,
If the order of the test product is not a divisor of the given order, and if any of the plurality of inspected values includes one whose order is not a divisor of the given order, Inspection stack number judgment processing to judge,
2. The method of claim 1, further comprising the step of: In a method of checking by computer that all orders of a plurality of inspected values are divisors of a reference order,
a) A variable defining a group, a plurality of test values which are elements of the group, a standard order and a safety variable are input, and the variables defining the input group are input to a first storage means. Storing the inspected value in the second storage means, the input reference order in the third storage means, and the input safety variable in the fourth storage means.
b) generating a random number and storing the generated random number in a fifth storage unit;
c) A variable defining a group is obtained from the first storage means, a plurality of test values are obtained from the second storage means, and a random number is obtained from the fifth storage means, respectively. A test value to be used for test product generation is selected from the values, a test product which is a product of the selected test value on the group is calculated, and the calculated test product is stored in the sixth storage means. Memorizing step,
d) A variable defining a group is obtained from the first storage means, a reference order is obtained from the third storage means, and a check product is obtained from the sixth storage means. Determining whether the order is a divisor of the order, and storing the determination result in a seventh storage means;
e) The judgment result is taken out from the seventh storage means, and if the judgment result indicates that the order of the inspection product is not a divisor of the reference order, the result of the inspection is rejected and the processing is terminated. If the result of the determination is that the product order is a divisor of the reference order, the safety variable is retrieved from the fourth storage means, and it is determined whether or not the safety variable is equal to or greater than a predetermined value. If the value is not equal to or more than the predetermined value, the inspection is passed and the process is terminated, and if the value is equal to or greater than the predetermined value, the safety variable stored in the fourth storage means is reduced by a predetermined value and the process proceeds to step b. The step of returning,
A stochastic simultaneous order inspection method for a plurality of elements, comprising: In a method of checking by computer that all orders of a plurality of inspected values are divisors of a reference order,
a) inputting a variable defining a group, a plurality of test values which are elements of the group, a reference order and a safety variable;
b) The variables defining the input group are stored in the first storage means, the plurality of test values which are input are stored in the second storage means, and the input reference order is stored in the third storage means. Storing each of the variables in the fourth storage means;
c) generating a random number;
d) storing the generated random number in fifth storage means;
e) A variable defining a group is obtained from the first storage means, a plurality of test values are obtained from the second storage means, and a random number is obtained from the fifth storage means. Selecting a test value to be used for test product generation from the values, and calculating a test product that is a product of the selected test value on the group;
f) storing the calculated check product in a sixth storage means;
g) A variable defining a group is obtained from the first storage means, a reference order is obtained from the third storage means, and a check product is obtained from the sixth storage means. Determining whether the order is a divisor of
h) storing the determination result in a seventh storage means;
i) Retrieving the determination result from the seventh storage means, and if the determination result indicates that the order of the test product is not a divisor of the reference order, outputs a test failure and ends the processing; Otherwise, continue processing,
j) The safety variable is taken out from the fourth storage means, and it is determined whether or not the safety variable is equal to or more than a predetermined value. Steps to continue processing except for
k) reducing the safety variable stored in the fourth storage means by a predetermined value and returning to step c;
A stochastic simultaneous order inspection method for a plurality of elements, comprising: A program for inspecting that the order of all of a plurality of inspected values is a divisor of a reference order.
a) A variable defining a group, a plurality of test values which are elements of the group, a standard order and a safety variable are input, and the variables defining the input group are input to a first storage means. Storing the inspected value in the second storage means, the input reference order in the third storage means, and the input safety variable in the fourth storage means.
b) generating a random number and storing the generated random number in a fifth storage unit;
c) A variable defining a group is obtained from the first storage means, a plurality of test values are obtained from the second storage means, and a random number is obtained from the fifth storage means, respectively. A test value to be used for test product generation is selected from the values, a test product which is a product of the selected test value on the group is calculated, and the calculated test product is stored in the sixth storage means. Memorizing step,
d) A variable defining a group is obtained from the first storage means, a reference order is obtained from the third storage means, and a check product is obtained from the sixth storage means. Determining whether the order is a divisor of the order, and storing the determination result in a seventh storage means;
e) The judgment result is taken out from the seventh storage means, and if the judgment result indicates that the order of the inspection product is not a divisor of the reference order, the result of the inspection is rejected and the processing is terminated. If the result of the determination is that the product order is a divisor of the reference order, the safety variable is retrieved from the fourth storage means, and it is determined whether or not the safety variable is equal to or greater than a predetermined value. If the value is not equal to or more than the predetermined value, the inspection is passed and the process is terminated, and if the value is equal to or greater than the predetermined value, the safety variable stored in the fourth storage means is reduced by a predetermined value and the process proceeds to step b. The step of returning,
Order check program to run. A program for inspecting that the order of all of a plurality of inspected values is a divisor of a reference order.
a) inputting a variable defining a group, a plurality of test values which are elements of the group, a reference order and a safety variable;
b) The variables defining the input group are stored in the first storage means, the plurality of test values which are input are stored in the second storage means, and the input reference order is stored in the third storage means. Storing each of the variables in the fourth storage means;
c) generating a random number;
d) storing the generated random number in fifth storage means;
e) A variable defining a group is obtained from the first storage means, a plurality of test values are obtained from the second storage means, and a random number is obtained from the fifth storage means. Selecting a test value to be used for test product generation from the values, and calculating a test product that is a product of the selected test value on the group;
f) storing the calculated check product in a sixth storage means;
g) A variable defining a group is obtained from the first storage means, a reference order is obtained from the third storage means, and a check product is obtained from the sixth storage means. Determining whether the order is a divisor of
h) storing the determination result in a seventh storage means;
i) Retrieving the determination result from the seventh storage means, and if the determination result indicates that the order of the test product is not a divisor of the reference order, outputs a test failure and ends the processing; Otherwise, continue processing,
j) The safety variable is taken out from the fourth storage means, and it is determined whether or not the safety variable is equal to or more than a predetermined value. Steps to continue processing except for
k) reducing the safety variable stored in the fourth storage means by a predetermined value and returning to step c;
Order check program to run.

Images