Primary-Secondary-Resolver Membership Proof Systems

We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) and show different constructions of that primitive. A PSR system is a 3-party protocol, where we have a primary, which is a trusted party which commits to a set of members and their values, then generates a public and secret keys in order for secondaries (provers with knowledge of both keys) and resolvers (verifiers who only know the public key) to engage in interactive proof sessions regarding elements in the universe and their values. The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients. We require our systems to be complete, so honest executions will result in correct conclusions by the resolvers, sound, so malicious secondaries cannot cheat resolvers, and zero-knowledge, so resolvers will not learn additional information about elements they did not query explicitly. Providing proofs of membership is easy, as the primary can simply precompute signatures over all the members of the set. Providing proofs of non-membership, i.e. a denial-of-existence mechanism, is trickier and is the main issue in constructing PSR systems. We provide three different strategies to construct a denial of existence mechanism. The first uses a set of cryptographic keys for all elements of the universe which are not members, which we implement using hierarchical identity based encryption and a tree based signature scheme. The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of the cuckoo hashing scheme. The third uses a verifiable ``random looking\u27\u27 function which the primary evaluates over the set of members, then signs the values lexicographically and secondaries then use those signatures to prove to resolvers that the value of the non-member was not signed by the primary. We implement this function using a weaker variant of verifiable random/unpredictable functions and pseudorandom functions with interactive zero knowledge proofs. For all three constructions we suggest fairly efficient implementations, of order comparable to other public-key operations such as signatures and encryption. The first approach offers perfect ZK and does not reveal the size of the set in question, the second can be implemented based on very solid cryptographic assumptions and uses the unique structure of cuckoo hashing, while the last technique has the potential to be highly efficient, if one could construct an efficient and secure VRF/VUF or if one is willing to live in the random oracle model

Fault Rerupture during the July 2019 Ridgecrest Earthquake Pair from Joint Slip Inversion of InSAR, Optical Imagery, and GPS

International audienceThe Ridgecrest earthquake pair ruptured a previously unknown orthogonal fault system in the eastern California shear zone. The stronger of the two, an Mw 7.1 earthquake that occurred on 6 July 2019, was preceded by an Mw 6.4 foreshock that occurred 34 hr earlier. In this study, distinct final slip distributions for the two earthquakes are obtained via joint inversion of Interferometric Synthetic Aperture Radar (InSAR), optical imagery, and Global Positioning System (GPS) measurements. Special attention is paid to the merging of dense (e.g., InSAR and optical imagery) and sparse geodetic (e.g., GPS) datasets. In addition, a new approach is introduced for data and model discretization through intermittent model‐ and data‐space reconditioning that stabilizes the inversion, thus ensuring that small changes in the data space do not cause disproportionate large changes to the model space. Although the coseismic slip of the Mw 6.4 earthquake was complex, involving three distinct asperities distributed among an intersecting orthogonal set of faults, the coseismic slip of the Mw 7.1 earthquake was limited to the main northwest‐striking fault. In addition to the Mw 7.1 earthquake, that northwest‐striking fault plane also hosted one of the Mw 6.4 asperities. Slip on this coplanar foreshock asperity increased the shear stress at the future site of the Mw 7.1 hypocenter, and triggered a vigorous aftershock activity on the main northwest fault that culminated in its rupture. This, in turn, reactivated the coplanar foreshock asperity. In addition to failing twice within 34 hr, we find that the reruptured asperity slipped about six times more durin

NSEC5: Provably Preventing DNSSEC Zone Enumeration

DNSSEC is designed to prevent network attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability—-zone enumeration, where an adversary launches a small number of online DNSSEC queries and then uses offline dictionary attacks to learn which domain names are present or absent in a DNS zone. We explain why the current DNSSEC standard (with NSEC and NSEC3) suffers from zone enumeration; we do this via cryptographic lower bounds that prove that DNSSEC’s design goals — security against network attackers, and privacy against zone enumeration — cannot be satisfied without online signing of DNSSEC responses. We then introduce NSEC5, a new cryptographic construction that solves the problem of DNSSEC zone enumeration while matching our lower bounds and remaining faithful to the operational realities of DNSSEC. NSEC5 can be thought of as a variant of NSEC3, where the hash function is replaced with an RSA-based keyed-hashing scheme. 1 Zone enumeration issues in DNSSEC To understand the zone enumeration problem, we can partition the functionalities of DNSSE

Age-Dependent Biomarkers for Prediction of In-Hospital Mortality in COVID-19 Patients

Background: Several biomarkers and models have been proposed to predict in-hospital mortality among COVID-19 patients. However, these studies have not examined the association in sub-populations. The present study aimed to identify the association between the two most common inflammatory biomarkers in the emergency department and in-hospital mortality in subgroups of patients. Methods: A historical cohort study of adult patients who were admitted to acute-care hospital between March and December 2020 and had a diagnosis of COVID-19 infection. Data on age, sex, Charlson comorbidity index, white blood cell (WBC) count, C-reactive protein (CRP), and in-hospital mortality were collected. Discrimination ability of each biomarker was observed and the CHAID method was used to identify the association in subgroups of patients. Results: Overall, 762 patients (median age 70.9 years, 59.7% males) were included in the study. Of them, 25.1% died during hospitalization. In-hospital mortality was associated with higher CRP (median 138 mg/L vs. 85 mg/L, p < 0.001), higher WBC count (median 8.5 vs. 6.6 K/µL, p < 0.001), and higher neutrophil-to-lymphocyte ratio (NLR) (median 9.2 vs. 5.4, p < 0.001). The area under the ROC curve was similar among all biomarkers (WBC 0.643, NLR 0.677, CRP 0.646, p > 0.1 for all comparisons). The CHAID method revealed that WBC count was associated with in-hospital mortality in patients aged 43.1–66.0 years (<11 K/µL: 10.1% vs. 11+ K/µL: 27.9%), NLR in patients aged 66.1–80 years (≤8: 15.7%, >8: 43.3%), and CRP in patients aged 80.1+ years (≤47 mg/L: 18.8%, 47.1–149 mg/L: 43.1%, and 149.1+: 71.7% mortality). Conclusions: WBC, NLR, and CRP present similar discrimination abilities. However, each biomarker should be considered as a predictor for in-hospital mortality in different age groups

Lactate released by inflammatory bone marrow neutrophils induces their mobilization via endothelial GPR81 signaling.

Neutrophils provide first line of host defense against bacterial infections utilizing glycolysis for their effector functions. How glycolysis and its major byproduct lactate are triggered in bone marrow (BM) neutrophils and their contribution to neutrophil mobilization in acute inflammation is not clear. Here we report that bacterial lipopolysaccharides (LPS) or Salmonella Typhimurium triggers lactate release by increasing glycolysis, NADPH-oxidase-mediated reactive oxygen species and HIF-1α levels in BM neutrophils. Increased release of BM lactate preferentially promotes neutrophil mobilization by reducing endothelial VE-Cadherin expression, increasing BM vascular permeability via endothelial lactate-receptor GPR81 signaling. GPR81-/- mice mobilize reduced levels of neutrophils in response to LPS, unless rescued by VE-Cadherin disrupting antibodies. Lactate administration also induces release of the BM neutrophil mobilizers G-CSF, CXCL1 and CXCL2, indicating that this metabolite drives neutrophil mobilization via multiple pathways. Our study reveals a metabolic crosstalk between lactate-producing neutrophils and BM endothelium, which controls neutrophil mobilization under bacterial infection