Red Blood Cells from Individuals with Abdominal Obesity or Metabolic Abnormalities Exhibit Less Deformability upon Entering a Constriction.

Abdominal obesity and metabolic syndrome (MS) are multifactorial conditions associated with increased risk of cardiovascular disease and type II diabetes mellitus. Previous work has demonstrated that the hemorheological profile is altered in patients with abdominal obesity and MS, as evidenced for example by increased whole blood viscosity. To date, however, no studies have examined red blood cell (RBC) deformability of blood from individuals with obesity or metabolic abnormalities under typical physiological flow conditions. In this study, we pumped RBCs through a constriction in a microfluidic device and used high speed video to visualize and track the mechanical behavior of ~8,000 RBCs obtained from either healthy individuals (n = 5) or obese participants with metabolic abnormalities (OMA) (n = 4). We demonstrate that the OMA+ cells stretched on average about 25% less than the healthy controls. Furthermore, we examined the effects of ingesting a high-fat meal on RBC mechanical dynamics, and found that the postprandial period has only a weak effect on the stretching dynamics exhibited by OMA+ cells. The results suggest that chronic rigidification of RBCs plays a key role in the increased blood pressure and increased whole blood viscosity observed in OMA individuals and was independent of an acute response triggered by consumption of a high-fat meal

Efficient computation of hashes

The sequential computation of hashes at the core of many distributed storage systems and found, for example, in grid services can hinder efficiency in service quality and even pose security challenges that can only be addressed by the use of parallel hash tree modes. The main contributions of this paper are, first, the identification of several efficiency and security challenges posed by the use of sequential hash computation based on the Merkle-Damgard engine. In addition, alternatives for the parallel computation of hash trees are discussed, and a prototype for a new parallel implementation of the Keccak function, the SHA-3 winner, is introduced

Key Rotation for Authenticated Encryption

A common requirement in practice is to periodically rotate the keys used to encrypt stored data. Systems used by Amazon and Google do so using a hybrid encryption technique which is eminently practical but has questionable security in the face of key compromises and does not provide full key rotation. Meanwhile, symmetric updatable encryption schemes (introduced by Boneh et al. CRYPTO 2013) support full key rotation without performing decryption: ciphertexts created under one key can be rotated to ciphertexts created under a different key with the help of a re-encryption token. By design, the tokens do not leak information about keys or plaintexts and so can be given to storage providers without compromising security. But the prior work of Boneh et al. addresses relatively weak confidentiality goals and does not consider integrity at all. Moreover, as we show, a subtle issue with their concrete scheme obviates a security proof even for confidentiality against passive attacks. This paper presents a systematic study of updatable Authenticated Encryption (AE). We provide a set of security notions that strengthen those in prior work. These notions enable us to tease out real-world security requirements of different strengths and build schemes that satisfy them efficiently. We show that the hybrid approach currently used in industry achieves relatively weak forms of confidentiality and integrity, but can be modified at low cost to meet our stronger confidentiality and integrity goals. This leads to a practical scheme that has negligible overhead beyond conventional AE. We then introduce re-encryption indistinguishability, a security notion that formally captures the idea of fully refreshing keys upon rotation. We show how to repair the scheme of Boneh et al., attaining our stronger confidentiality notion. We also show how to extend the scheme to provide integrity, and we prove that it meets our re- encryption indistinguishability notion. Finally, we discuss how to instantiate our scheme efficiently using off-the-shelf cryptographic components (AE, hashing, elliptic curves). We report on the performance of a prototype implementation, showing that fully secure key rotations can be performed at a throughput of approximately 116 kB/s

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary\u27s queries, a crucial feature of many classical ROM proofs, including all proofs of indifferentiability for hash function domain extension. In this work, we give a new QROM proof technique that overcomes this ``recording barrier\u27\u27. Our central observation is that when viewing the adversary\u27s query and the oracle itself in the Fourier domain, an oracle query switches from writing to the adversary\u27s space to writing to the oracle itself. This allows a reduction to simulate the oracle by simply recording information about the adversary\u27s query in the Fourier domain. We then use this new technique to show the indifferentiability of the Merkle-Damgard domain extender for hash functions. We also give a proof of security for the Fujisaki-Okamoto transformation; previous proofs required modifying the scheme to include an additional hash term. Given the threat posed by quantum computers and the push toward quantum-resistant cryptosystems, our work represents an important tool for efficient post-quantum cryptosystems

Intranasal Delivery of MVA Vector Vaccine Induces Effective Pulmonary Immunity Against SARS-CoV-2 in Rodents

Antigen-specific tissue-resident memory T cells (Trms) and neutralizing IgA antibodies provide the most effective protection of the lungs from viral infections. To induce those essential components of lung immunity against SARS-CoV-2, we tested various immunization protocols involving intranasal delivery of a novel Modified Vaccinia virus Ankara (MVA)-SARS-2-spike vaccine candidate. We show that a single intranasal MVA-SARS-CoV-2-S application in mice strongly induced pulmonary spike-specific CD8+ T cells, albeit restricted production of neutralizing antibodies. In prime-boost protocols, intranasal booster vaccine delivery proved to be crucial for a massive expansion of systemic and lung tissue-resident spike-specific CD8+ T cells and the development of Th1 - but not Th2 - CD4+ T cells. Likewise, very high titers of IgG and IgA anti-spike antibodies were present in serum and broncho-alveolar lavages that possessed high virus neutralization capacities to all current SARS-CoV-2 variants of concern. Importantly, the MVA-SARS-2-spike vaccine applied in intramuscular priming and intranasal boosting treatment regimen completely protected hamsters from developing SARS-CoV-2 lung infection and pathology. Together, these results identify intramuscular priming followed by respiratory tract boosting with MVA-SARS-2-S as a promising approach for the induction of local, respiratory as well as systemic immune responses suited to protect from SARS-CoV-2 infections

Indistinguishability Obfuscation and UCEs : The Case of Computationally Unpredictable Sources

Random oracles are powerful cryptographic objects. They facilitate the security proofs of an impressive number of practical cryptosystems ranging from KDM-secure and deterministic encryption to point-function obfuscation and many more. However, due to an uninstantiability result of Canetti, Goldreich, and Halevi (STOC 1998) random oracles have become somewhat controversial. Recently, Bellare, Hoang, and Keelveedhi (BHK; CRYPTO 2013 and ePrint 2013/424, August 2013) introduced a new abstraction called Universal Computational Extractors (UCEs), and showed that they suffice to securely replace random oracles in a number of prominent applications, including all those mentioned above, without suffering from the aforementioned uninstantiability result. This, however, leaves open the question of constructing UCEs in the standard model. We show that the existence of indistinguishability obfuscation (iO) implies (non-black-box) attacks on all the definitions that BHK proposed within their UCE framework in the original version of their paper, in the sense that no concrete hash function can satisfy them. We also show that this limitation can be overcome, to some extent, by restraining the class of admissible adversaries via a statistical notion of unpredictability. Following our attack, BHK (ePrint 2013/424, September 2013), independently adopted this approach in their work. In the updated version of their paper, BHK (ePrint 2013/424, September 2013) also introduce two other novel source classes, called bounded parallel sources and split sources, which aim at recovering the computational applications of UCEs that fall outside the statistical fix. These notions keep to a computational notion of unpredictability, but impose structural restrictions on the adversary so that our original iO attack no longer applies. We extend our attack to show that indistinguishability obfuscation is sufficient to also break the UCE security of any hash function against bounded parallel sources. Towards this goal, we use the randomized encodings paradigm of Applebaum, Ishai, and Kushilevitz (STOC 2004) to parallelize the obfuscated circuit used in our attack, so that it can be computed by a bounded parallel source whose second stage consists of constant-depth circuits. BHK, in the latest version of their paper (ePrint 2013/424, May 2014), have subsequently replace bounded parallel sources with new source classes. We conclude by discussing the composability and feasibility of hash functions secure against split sources

Topology-aware Quality-of-Service Support in Highly Integrated Chip Multiprocessors

Current design complexity trends, poor wire scalability, and power limitations argue in favor of highly modular onchip systems. Today’s state-of-the-art CMPs already feature up to a hundred discrete cores. With increasing levels of integration, CMPs with hundreds of cores, cache tiles, and specialized accelerators are anticipated in the near future. Meanwhile, server consolidation and cloud computing paradigms have emerged as profit vehicles for exploiting abundant resources of chip-multiprocessors. As multiple, potentially malevolent, users begin to share virtualized resources of a single chip, CMP-level quality-of-service (QOS) support becomes necessary to provide performance isolation, service guarantees, and security. This work takes a topology-aware approach to on-chip QOS. We propose to segregate shared resources, such as memory controllers and accelerators, into dedicated islands (shared regions) of the chip with full hardware QOS support. We rely on a richly connected Multidrop Express Channel (MECS) topology to connect individual nodes to shared regions, foregoing QOS support in much of the substrate and eliminating its respective overheads. We evaluate several topologies for the QOSenabled shared regions, focusing on the interaction between network-on-chip (NOC) and QOS metrics. We explore a new topology called Destination Partitioned Subnets (DPS), which uses a light-weight dedicated network for each destination node. On synthetic workloads, DPS nearly matches or outperforms other topologies with comparable bisection bandwidth in terms of performance, area overhead, energyefficiency, fairness, and preemption resilience.

Indifferentiability for Public Key Cryptosystems

We initiate the study of indifferentiability for public key encryption and other public key primitives. Our main results are definitions and constructions of public key cryptosystems that are indifferentiable from ideal cryptosystems, in the random oracle model. Cryptosystems include Public key encryption, Digital signatures, Non-interactive key agreement. Our schemes are based on standard public key assumptions. By being indifferentiable from an ideal object, our schemes satisfy any security property that can be represented as a single-stage game and can be composed to operate in higher-level protocols