61 research outputs found

    Online/Offline OR Composition of Sigma Protocols

    Get PDF
    Proofs of partial knowledge allow a prover to prove knowledge of witnesses for k out of n instances of NP languages. Cramer, Schoenmakers and Damgård [10] provided an efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge for any NP language, by cleverly combining n executions of Σ-protocols for that language. This transform assumes that all n instances are fully specified before the proof starts, and thus directly rules out the possibility of choosing some of the instances after the first round. Very recently, Ciampi et al. [6] provided an improved transform where one of the instances can be specified in the last round. They focus on (1, 2)-proofs of partial knowledge with the additional feature that one instance is defined in the last round, and could be adaptively chosen by the verifier. They left as an open question the existence of an efficient (1, 2)-proof of partial knowledge where no instance is known in the first round. More in general, they left open the question of constructing an efficient (k, n)-proof of partial knowledge where knowledge of all n instances can be postponed. Indeed, this property is achieved only by inefficient constructions requiring NP reductions [19]. In this paper we focus on the question of achieving adaptive-input proofs of partial knowledge. We provide through a transform the first efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge where all instances can be decided in the third round. Our construction enjoys adaptive-input witness indistinguishability. Additionally, the proof of knowledge property remains also if the adversarial prover selects instances adaptively at last round as long as our transform is applied to a proof of knowledge belonging to the widely used class of proofs of knowledge described in [9,21]. Since knowledge of instances and witnesses is not needed before the last round, we have that the first round can be precomputed and in the online/offline setting our performance is similar to the one of [10]. Our new transform relies on the DDH assumption (in contrast to the transforms of [6,10] that are unconditional)

    Convergence of gut microbiotas in the adaptive radiations of African cichlid fishes

    Get PDF
    Ecoevolutionary dynamics of the gut microbiota at the macroscale level, that is, in across-species comparisons, are largely driven by ecological variables and host genotype. The repeated explosive radiations of African cichlid fishes in distinct lakes, following a dietary diversification in a context of reduced genetic diversity, provide a natural setup to explore convergence, divergence and repeatability in patterns of microbiota dynamics as a function of the host diet, phylogeny and environment. Here we characterized by 16S rRNA amplicon sequencing the gut microbiota of 29 cichlid species from two distinct lakes/radiations (Tanganyika and Barombi Mbo) and across a broad dietary and phylogenetic range. Within each lake, a significant deviation between a carnivorous and herbivorous lifestyle was found. Herbivore species were characterized by an increased bacterial taxonomic and functional diversity and converged in key compositional and functional community aspects. Despite a significant lake effect on the microbiota structure, this process has occurred with remarkable parallels in the two lakes. A metabolic signature most likely explains this trend, as indicated by a significant enrichment in herbivores/omnivores of bacterial taxa and functions associated with fiber degradation and detoxification of plant chemical compounds. Overall, compositional and functional aspects of the gut microbiota individually and altogether validate and predict main cichlid dietary habits, suggesting a fundamental role of gut bacteria in cichlid niche expansion and adaptation

    Non-Interactive Zero-Knowledge Proofs for Composite Statements

    Get PDF
    The two most common ways to design non-interactive zero-knowledge (NIZK) proofs are based on Sigma protocols and QAP-based SNARKs. The former is highly efficient for proving algebraic statements while the latter is superior for arithmetic representations. Motivated by applications such as privacy-preserving credentials and privacy-preserving audits in cryptocurrencies, we study the design of NIZKs for composite statements that compose algebraic and arithmetic statements in arbitrary ways. Specifically, we provide a framework for proving statements that consist of ANDs, ORs and function compositions of a mix of algebraic and arithmetic components. This allows us to explore the full spectrum of trade-offs between proof size, prover cost, and CRS size/generation cost. This leads to proofs for statements of the form: knowledge of xx such that SHA(gx)=ySHA(g^x)=y for some public yy where the prover\u27s work is 500 times fewer exponentiations compared to a QAP-based SNARK at the cost of increasing the proof size to 2404 group and field elements. In application to anonymous credentials, our techniques result in 8 times fewer exponentiations for the prover at the cost of increasing the proof size to 298 elements

    The Magnitude and Kinetics of the Mucosal HIV-Specific CD8+ T Lymphocyte Response and Virus RNA Load in Breast Milk

    Get PDF
    BACKGROUND: The risk of postnatal HIV transmission is associated with the magnitude of the milk virus load. While HIV-specific cellular immune responses control systemic virus load and are detectable in milk, the contribution of these responses to the control of virus load in milk is unknown. METHODS: We assessed the magnitude of the immunodominant GagRY11 and subdominant EnvKY9-specific CD8+ T lymphocyte response in blood and milk of 10 A*3002+, HIV-infected Malawian women throughout the period of lactation and correlated this response to milk virus RNA load and markers of breast inflammation. RESULTS: The magnitude and kinetics of the HIV-specific CD8+ T lymphocyte responses were discordant in blood and milk of the right and left breast, indicating independent regulation of these responses in each breast. However, there was no correlation between the magnitude of the HIV-specific CD8+ T lymphocyte response and the milk virus RNA load. Further, there was no correlation between the magnitude of this response and markers of breast inflammation. CONCLUSIONS: The magnitude of the HIV-specific CD8+ T lymphocyte response in milk does not appear to be solely determined by the milk virus RNA load and is likely only one of the factors contributing to maintenance of low virus load in milk

    Gene expression patterns associated with blood-feeding in the malaria mosquito Anopheles gambiae

    Get PDF
    BACKGROUND: Blood feeding, or hematophagy, is a behavior exhibited by female mosquitoes required both for reproduction and for transmission of pathogens. We determined the expression patterns of 3,068 ESTs, representing ~2,000 unique gene transcripts using cDNA microarrays in adult female Anopheles gambiae at selected times during the first two days following blood ingestion, at 5 and 30 min during a 40 minute blood meal and at 0, 1, 3, 5, 12, 16, 24 and 48 hours after completion of the blood meal and compared their expression to transcript levels in mosquitoes with access only to a sugar solution. RESULTS: In blood-fed mosquitoes, 413 unique transcripts, approximately 25% of the total, were expressed at least two-fold above or below their levels in the sugar-fed mosquitoes, at one or more time points. These differentially expressed gene products were clustered using k-means clustering into Early Genes, Middle Genes, and Late Genes, containing 144, 130, and 139 unique transcripts, respectively. Several genes from each group were analyzed by quantitative real-time PCR in order to validate the microarray results. CONCLUSION: The expression patterns and annotation of the genes in these three groups (Early, Middle, and Late genes) are discussed in the context of female mosquitoes' physiological responses to blood feeding, including blood digestion, peritrophic matrix formation, egg development, and immunity

    Height and timing of growth spurt during puberty in young people living with vertically acquired HIV in Europe and Thailand

    Get PDF
    Objective: The aim of this study was to describe growth during puberty in young people with vertically acquired HIV. Design: Pooled data from 12 paediatric HIV cohorts in Europe and Thailand. Methods: One thousand and ninety-four children initiating a nonnucleoside reverse transcriptase inhibitor or boosted protease inhibitor based regimen aged 1-10 years were included. Super Imposition by Translation And Rotation (SITAR) models described growth from age 8 years using three parameters (average height, timing and shape of the growth spurt), dependent on age and height-for-age z-score (HAZ) (WHO references) at antiretroviral therapy (ART) initiation. Multivariate regression explored characteristics associated with these three parameters. Results: At ART initiation, median age and HAZ was 6.4 [interquartile range (IQR): 2.8, 9.0] years and -1.2 (IQR: -2.3 to -0.2), respectively. Median follow-up was 9.1 (IQR: 6.9, 11.4) years. In girls, older age and lower HAZ at ART initiation were independently associated with a growth spurt which occurred 0.41 (95% confidence interval 0.20-0.62) years later in children starting ART age 6 to 10 years compared with 1 to 2 years and 1.50 (1.21-1.78) years later in those starting with HAZ less than -3 compared with HAZ at least -1. Later growth spurts in girls resulted in continued height growth into later adolescence. In boys starting ART with HAZ less than -1, growth spurts were later in children starting ART in the oldest age group, but for HAZ at least -1, there was no association with age. Girls and boys who initiated ART with HAZ at least -1 maintained a similar height to the WHO reference mean. Conclusion: Stunting at ART initiation was associated with later growth spurts in girls. Children with HAZ at least -1 at ART initiation grew in height at the level expected in HIV negative children of a comparable age

    The influence of different concentrations of flavanol chocolate bars under acute supplement conditions on exercise and performance

    Get PDF
    The purpose of this study was to assess the effects and acute dosage of different flavanol concentrations in a dark chocolate bar on physiological parameters during steady state (SS) and incremental exercise. In a double-blind, randomised, crossover study, 15 healthy participants with a mean ± SD age of 30 ± 7 years; stature 176.8 ± 8.6 cm and body mass 80.3 ± 8.4 kg supplemented with high flavanol (HF) (1060 mg), moderate flavanol (MF) (746 mg), low flavanol (LF) (406 mg), or a control (CON) (88 mg) chocolate bar (~ 34 g), 2 h prior to 40 min of SS cycling (80% gas-exchange threshold) followed by an incremental test to volitional fatigue. During the SS cycle oxygen consumption ([Formula: see text]), respiratory exchange ratio (RER) and heart rate (HR) were continuously monitored. Plasma samples were collected prior to commencing exercise to determine nitrate (NO ) and nitrite (NO ) levels under each condition. There was no observed effect between flavanol concentrations on [Formula: see text], RER, and HR during SS cycling (P > 0.05). [Formula: see text], peak power, HR peak, and RER peak also did not significantly differ between conditions (P > 0.05). There was a small trend for higher plasma NO levels following higher flavanol concentration; however, this did not reach statistical significance (P > 0.05). Acute supplementation with cocoa of differing flavanol concentrations does not appear to have any effect on exercise and performance. It is plausible that longer flavanol supplementation periods might have greater accumulative effects and thus may potentially elicit a larger effect

    Nutritional psychiatry research: an emerging discipline and its intersection with global urbanization, environmental challenges and the evolutionary mismatch

    Full text link

    Very-efficient simulatable flipping of many coins into a well

    Get PDF
    Secure two-party parallel coin-flipping is a cryptographic functionality that allows two mutually distrustful parties to agree on a common random bit-string of a certain target length. In coin-flipping into-a-well, one party learns the bit-string and then decides whether to abort or to allow the other party to learn it. It is well known that this functionality can be securely achieved in the ideal/real simulation paradigm, using commitment schemes that are simultaneously extractable (X) and equivocable (Q). This paper presents two new constant-round simulatable coin-flipping protocols, based explicitly on one or a few X-commitments of short seeds and a Q-commitment of a short hash, independently of the large target length. A pseudo-random generator and a collision-resistant hash function are used to combine the separate X and Q properties (associated with short bit-strings) into a unified X&Q property amplified to the target length, thus amortizing the cost of the base commitments. In this way, the new protocols are significantly more efficient than an obvious batching or extension of coin-flippings designed (in the same security setting) for short bit-strings and based on inefficient X&Q commitments. The first protocol, simulatable with rewinding, deviates from the traditional coin-flipping template in order to improve simulatability in case of unknown adversarial probabilities of abort, without having to use a X&Q commitment scheme. The second protocol, one-pass simulatable, derives from a new construction of a universally composable X&Q commitment scheme for large bit-strings, achieving communication-rate asymptotically close to 1. Besides the base X and Q commitments, the new commitment scheme only requires corresponding collision-resistant hashing, pseudo-random generation and application of a threshold erasure code. Alternative constructions found in recent work with comparable communication complexity require explicit use of oblivious transfer and use different encodings of the committed value
    corecore