**The Model**. 2.1. The Network Model by Goyal and Joshi (2006) Formally, an international agreement between countries i and j is described by a link, given by a binary variable gij {0,1} with gij = 1 if an agreement exists between countries i and j and gij = 0 otherwise. A network gij = {( gij)ijN } is a description of the international agreements that exist among a set N = {1,…,N} of identical countries, where N is the total number of countries. Networks gc and ge are the complete network (i.e. gij = 1 for all i, j N) and the empty network (i.e. gij = 0 for all i, j N). Let G denote the set of all possible networks, g + gij denote the network obtained by replacing gij = 0 in network g by gij = 1, and g − gij denote the network obtained by replacing gij = 1 in network g by gij = 0. Let Ni(g) = {j N: gij = 1} be the set of countries with whom country i has an international trade agreement in network g. Assume that i Ni(g) so that gii = 1. The cardinality of Ni(g) is denoted i(g). In this model i(g) is also the number of active firms in country i because of the assumption that each country has only one firm (note that the domestic firm in country i is included in i(g)). Let Li(g) = {(gij)ijN : j Ni(g)} be the set of links existing in country i in network g. Note that gii Li(g). Let hi Li(g) – {gii} be a link subset, and let i be the cardinality of hi. This latter notation is used in the definition of the alternative stability concept adopted in this research. Let (g) be a subset of countries in network g. (g) is said to be a complete component if: (i) gij = 1 for all i,j (g); and (ii) gik = 0 for all i (g) and all k (g). On the other hand, (g) is said to be an incomplete component if there exists at least two countries i,j (g) such that gij = 0.

**The Model**. The security model used to provide proof, models interaction of the real partic- ipants (modeled as oracles) and an adversary via queries which the adversary makes to the oracles. It is a kind of a “game” between the adversary and the participants, where the adversary makes some queries and finally tries to distinguish a group key from a random quantity for some session he chooses. The model is defined in details below: Participants. The set of all potential participants is denoted by P ={U1, P

**The Model**. In this section we refine the formal security model which has been widely used in the litera- ture [12, 8–10, 23, 6] to analyze group key agreement protocols. In particular, we incorporate strong corruption [4] into the security model in a different way than the previous approaches by allowing an adversary to ask one additional query, Dump, and we modify the definition of freshness according to the refined model. Section 5 shows that our approach leads to much simpler security proof of the compiler presented by Katz and Yung [23]. U { } Participants. Let = U1, . . . , Un be a set of n users who wish to participate in a group key agreement protocol P . The number of users, n, is polynomially bounded in the security parameter k. Users may execute the protocol multiple times concurrently and thus each user can have many instances called oracles. We use Πs to denote instance s of user Ui. In initialization phase, each user Ui ∈ U obtains a long-term public/private key pair (PKi, SKi) by running a key generation algorithm G(1k). The set of public keys of all users is assumed to be known a priori to all parties including the adversary A.

**The Model**. Sellers prepared for Buyers a set of financial projections with respect solely to the Acquired Business utilizing Sellers’ proprietary financial model. To the Knowledge of the Sellers, the data used in preparing such projections was compiled from and is consistent with the Books and Records of SRUS, SRLB and SRD, as applicable, as of the date so used. The assumptions used in preparing such projections were those provided by Buyers or as otherwise disclosed to Buyers. For the avoidance of doubt, no representation or warranty, express or implied, is made hereby with regard to the accuracy of such projections or whether actual results of the Acquired Business will be consistent with such projections.

**The Model**. The security of an IB-B-MS scheme is modeled via the following game between a challenger C and an adversary A. Initial: C first runs BM.Setup to obtain a master-secret and the system parameter list params, then sends params to the adversary A while keeping the master-secret secret. A

**The Model**. As mentioned in the Introduction, we follow Brulhart and Thorpe (2000) and estimate the following two specifications of an equation designed to account for changes in employment in 3-digit ISIC (Rev. 2) manufacturing industries: LDEMPLit = β0 + β1 LDCONSit + β2 LDPRODit + β3 LTREXit + β4 IITit + uit (5) and LDEMPLit = β0 + β1 LDCONSit + β2 LDPRODit + β3 LTREXit + β4 IITit (6) + β5 (IITxLTREX)it + uit where uit = μi + εit and εit ∼iid(0, σ2). We assume the cross-section component μi to be fixed since the 3- digit industries that make-up the panel have not been chosen at random. Hence, both specifications are estimated using a fixed effects estimator that is, basically, OLS with cross-section dummies. The variables used may be defined as follows: LDEMPL = The natural log of the absolute value of the change in employment (L) between t and t-n. LDCONS = The natural log of the absolute value of the change in aparent consumption (C = Q + M - X) between t, t-n, Q being output. LDPROD = The natural log of the absolute value of the change in labour productivity, measured as output per worker, between t and t-n. LTREX = The natural log of trade exposure [(X+M)/Q]. IIT = May be GL, ∆GL or A. IITxLTREX = The interaction between IIT and trade exposure. LDEMPL is a proxy for the costs of adjustment in the labour market. The assumption is that the costs of moving labour across industries is proportional to the size of net changes in wage payments and, furthermore, that this proportion is the same for all industries and over time. The expected sign for the coefficient of LDCONS is positive. One would expect the coefficient of LDPROD to be negative since increases in productivity would tend to reduce the labour requirement to produce the same level of output. This expectation is supported by evidence from the accounting measure of employment change found in, e.g., Tharakan and Calfat (1999) for Belgium, Sarris et al. (1999) for Greece and Erlat (2000) for Turkey. The prior expectation for the coefficient of LTREX is that it should be positive since trade exposure is expected to increase inter-industry specialization pressures (Brulhart and Thorpe, 2000: 730). Finally, the coefficients of both IIT and IITxLTREX are expected to be negative given the smooth adjustment hypothesis. The reason for the introduction of IITxLTREX in the second specification is the expectation that IIT should matter more in sectors where the level of trade is high.

**The Model**. Each County is allotted a maximum annual performance incentive amount of $30,770, except for Collin County which is allotted a maximum annual performance amount of $50,770. Performance incentives amounts are calculated quarterly based on the percent of critical* errors of all site/structure addressing points (SSAPs) in the 9-1-1 Addressing Authority’s area of responsibility. *Critical errors are defined as errors that cause, or have a potential of causing, a critical fault in the routing of an 9-1-1 emergency service request call to the correct PSAP. The following GIS features are considered “critical”: • Duplicate SSAP (Site Structure Address Point) • SSAP No Value (no attribution in feature) • Road Centerline (RCL) Range Overlaps • RCL No Value (no attribution in feature) • Boundary Topology Overlaps (Emergency Service Boundaries and jurisdictional boundaries) • Boundary Topology Gaps (Emergency service boundaries and jurisdictional boundaries) There are five performance tiers that allow for different levels of performance equating to different amounts of incentive the 9-1-1 Addressing Authority will receive for that quarter. A formula is used to determine the “workload” of Addressing Authorities and is defined as the total number of critical errors divided by the total number of Site Structure Address Points. The outcome of the formula places the Addressing Authority in the respective tier. Performance incentive amounts are calculated each quarter using the following method: Tier 1 = (# of critical errors / # SSAPs) ≤ .2% or .002 – Receive full annual incentive amount 2 NCT9-1-1 routes landline and VoIP calls using geospatial data. Future standards require all calls, including wireless, to use geospatial data to route emergency calls. Tier 2 = (# of critical errors / # SSAPs) ≤ .4% or .004 – Receive 90% of annual incentive amount Tier 3 = (# of critical errors / # SSAPs) ≤ .6% or .006 – Receive 80% of annual incentive amount Tier 4 = (# of critical errors / # SSAPs) ≤ .8% or .008 – Receive 70% of annual incentive amount Tier 5 = (# of critical errors / # SSAPs) > .8% or .008 – Receive no incentive amount The aggregate of the incentive is divided by four to equate to a quarterly distribution.