Deciphering interplay between Salmonella invasion effectors

Bacterial pathogens have evolved a specialized type III secretion system (T3SS) to translocate virulence effector proteins directly into eukaryotic target cells. Salmonellae deploy effectors that trigger localized actin reorganization to force their own entry into non-phagocytic host cells. Six effectors (SipC, SipA, SopE/2, SopB, SptP) can individually manipulate actin dynamics at the plasma membrane, which acts as a ‘signaling hub’ during Salmonella invasion. The extent of crosstalk between these spatially coincident effectors remains unknown. Here we describe trans and cis binary entry effector interplay (BENEFIT) screens that systematically examine functional associations between effectors following their delivery into the host cell. The results reveal extensive ordered synergistic and antagonistic relationships and their relative potency, and illuminate an unexpectedly sophisticated signaling network evolved through longstanding pathogen–host interaction

Online/Offline OR Composition of Sigma Protocols

Proofs of partial knowledge allow a prover to prove knowledge of witnesses for k out of n instances of NP languages. Cramer, Schoenmakers and Damgård [10] provided an efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge for any NP language, by cleverly combining n executions of Σ-protocols for that language. This transform assumes that all n instances are fully specified before the proof starts, and thus directly rules out the possibility of choosing some of the instances after the first round. Very recently, Ciampi et al. [6] provided an improved transform where one of the instances can be specified in the last round. They focus on (1, 2)-proofs of partial knowledge with the additional feature that one instance is defined in the last round, and could be adaptively chosen by the verifier. They left as an open question the existence of an efficient (1, 2)-proof of partial knowledge where no instance is known in the first round. More in general, they left open the question of constructing an efficient (k, n)-proof of partial knowledge where knowledge of all n instances can be postponed. Indeed, this property is achieved only by inefficient constructions requiring NP reductions [19]. In this paper we focus on the question of achieving adaptive-input proofs of partial knowledge. We provide through a transform the first efficient construction of a 3-round public-coin witness-indistinguishable (k, n)-proof of partial knowledge where all instances can be decided in the third round. Our construction enjoys adaptive-input witness indistinguishability. Additionally, the proof of knowledge property remains also if the adversarial prover selects instances adaptively at last round as long as our transform is applied to a proof of knowledge belonging to the widely used class of proofs of knowledge described in [9,21]. Since knowledge of instances and witnesses is not needed before the last round, we have that the first round can be precomputed and in the online/offline setting our performance is similar to the one of [10]. Our new transform relies on the DDH assumption (in contrast to the transforms of [6,10] that are unconditional)

Optimal Fair Computation

A computation scheme among n parties is fair if no party obtains the computation result unless all other n-1 parties obtain the same result. A fair computation scheme is optimistic if n honest parties can obtain the computation result without resorting to a trusted third party. We prove, for the first time, a tight lower bound on the message complexity of optimistic fair computation for n parties among which n-1 can be malicious in an asynchronous network. We do so by relating the optimal message complexity of optimistic fair computation to the length of the shortest permutation sequence in combinatorics

Role of the Endogenous Antioxidant System in the Protection of Schistosoma mansoni Primary Sporocysts against Exogenous Oxidative Stress

Antioxidants produced by the parasite Schistosoma mansoni are believed to be involved in the maintenance of cellular redox balance, thus contributing to larval survival in their intermediate snail host, Biomphalaria glabrata. Here, we focused on specific antioxidant enzymes, including glutathione-S-transferases 26 and 28 (GST26 and 28), glutathione peroxidase (GPx), peroxiredoxin 1 and 2 (Prx1 and 2) and Cu/Zn superoxide dismutase (SOD), known to be involved in cellular redox reactions, in an attempt to evaluate their endogenous antioxidant function in the early-developing primary sporocyst stage of S. mansoni. Previously we demonstrated a specific and consistent RNA interference (RNAi)-mediated knockdown of GST26 and 28, Prx1 and 2, and GPx transcripts, and an unexpected elevation of SOD transcripts in sporocysts treated with gene-specific double-stranded (ds)RNA. In the present followup study, in vitro transforming sporocysts were exposed to dsRNAs for GST26 and 28, combined Prx1/2, GPx, SOD or green-fluorescent protein (GFP, control) for 7 days in culture, followed by assessment of the effects of specific dsRNA treatments on protein levels using semi-quantitative Western blot analysis (GST26, Prx1/2 only), and larval susceptibility to exogenous oxidative stress in in vitro killing assays. Significant decreases (80% and 50%) in immunoreactive GST26 and Prx1/2, respectively, were observed in sporocysts treated with specific dsRNA, compared to control larvae treated with GFP dsRNA. Sporocysts cultured with dsRNAs for GST26, GST28, Prx1/2 and GPx, but not SOD dsRNA, were significantly increased in their susceptibility to H2O2 oxidative stress (60–80% mortalities at 48 hr) compared to GFP dsRNA controls (∼18% mortality). H2O2-mediated killing was abrogated by bovine catalase, further supporting a protective role for endogenous sporocyst antioxidants. Finally, in vitro killing of S. mansoni sporocysts by hemocytes of susceptible NMRI B. glabrata snails was increased in larvae treated with Prx1/2, GST26 and GST28 dsRNA, compared to those treated with GFP or SOD dsRNAs. Results of these experiments strongly support the hypothesis that endogenous expression and regulation of larval antioxidant enzymes serve a direct role in protection against external oxidative stress, including immune-mediated cytotoxic reactions. Moreover, these findings illustrate the efficacy of a RNAi-type approach in investigating gene function in larval schistosomes

Subversion-Resistant Commitment Schemes: Definitions and Constructions

A commitment scheme allows a committer to create a commitment to a secret value, and later may open and reveal the secret value in a verifiable manner. In the common reference string model, (equivocal) commitment schemes require a setup phase which is supposed to be done by a third trusted party. Recently, various news is reported about the subversion of $\textit{trusted}$ setup phase in mass-surveillance activities; strictly speaking about commitment schemes, recently it was discovered that the SwissPost-Scytl mix-net uses a trapdoor commitment scheme, that allows undetectably altering the votes and breaking users\u27 privacy, given the trapdoor [Hae19, LPT19]. Motivated by such news and recent studies on subversion-resistance of various cryptographic primitives, this research studies the security of commitment schemes in the presence of a maliciously chosen commitment key. To attain a clear understanding of achievable security, we define a variety of current definitions called subversion hiding, subversion equivocality, and subversion binding. Then we provide both negative and positive results on constructing subversion-resistant commitment schemes, by showing that some combinations of notions are not compatible while presenting subversion-resistant constructions that can achieve other combinations

The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants

The Fiat-Shamir paradigm encompasses many different ways of turning a given identification scheme into a signature scheme. Security proofs pertain sometimes to one variant, sometimes to another. We systematically study three variants that we call the challenge (signature is challenge and response), commit (signature is commitment and response) and transcript (signature is challenge, commitment and response) variants. Our framework captures the variants via transforms that determine the signature scheme as a function of not only the identification scheme and hash function (to cover both standard and random oracle model hashing), but also what we call a signing algorithm, to cover both classical and with-abort signing. We relate the security of the signature schemes produced by these transforms, giving minimal conditions under which uf-security of one transfers to the other. To apply this comprehensively, we formalize linear identification schemes, show that many schemes in the literature are linear, and show that any linear scheme meets our conditions for the signature schemes given by the three transforms to have equivalent uf-security. Our results give a comprehensive picture of the Fiat-Shamir zoo and allow proofs of security in the literature to be transferred automatically from one variant to another

Generic Double-Authentication Preventing Signatures and a Post-Quantum Instantiation

Double-authentication preventing signatures (DAPS) are a variant of digital signatures which have received considerable attention recently (Derler et al. EuroS&P 2018, Poettering AfricaCrypt 2018). They are unforgeable signatures in the usual sense and sign messages that are composed of an address and a payload. Their distinguishing feature is the property that signing two different payloads with respect to the same address allows to publicly extract the secret signing key from two such signatures. DAPS are known in the factoring, the discrete logarithm and the lattice setting. The majority of the constructions are ad-hoc. Only recently, Derler et al. (EuroS&P 2018) presented the first generic construction that allows to extend any discrete logarithm based secure signatures scheme to DAPS. However, their scheme has the drawback that the number of potential addresses (the address space) used for signing is polynomially bounded (and in fact small) as the size of secret and the public keys of the resulting DAPS are linear in the address space. In this paper we overcome this limitation and present a generic construction of DAPS with constant size keys and signatures. Our techniques are not tailored to a specific algebraic setting and in particular allow us to construct the first DAPS without structured hardness assumptions, i.e., from symmetric key primitives, yielding a candidate for post-quantum secure DAPS

Phenotypic Screen of Early-Developing Larvae of the Blood Fluke, Schistosoma mansoni, using RNA Interference

RNA interference (RNAi) represents the only method currently available for manipulating gene-specific expression in Schistosoma spp., although application of this technology as a functional genomic profiling tool has yet to be explored. In the present study 32 genes, including antioxidants, transcription factors, cell signaling molecules and metabolic enzymes, were selected to determine if gene knockdown by RNAi was associated with morphologically definable phenotypic changes in early intramolluscan larval development. Transcript selection was based on their high expression in in vitro cultured S. mansoni primary sporocysts and/or their potential involvement in developmental processes. Miracidia were allowed to transform to sporocysts in the presence of synthesized double-stranded RNAs (dsRNAs) and cultivated for 7 days, during which time developing larvae were closely observed for phenotypic changes including failure/delay in transformation, loss of motility, altered growth and death. Of the phenotypes evaluated, only one was consistently detected; namely a reduction in sporocyst size based on length measurements. The size-reducing phenotype was observed in 11 of the 33 (33%) dsRNA treatment groups, and of these 11 phenotype-associated genes (superoxide dismutase, Smad1, RHO2, Smad2, Cav2A, ring box, GST26, calcineurin B, Smad4, lactate dehydrogenase and EF1α), only 6 demonstrated a significant and consistent knockdown of specific transcript expression. Unexpectedly one phenotype-linked gene, superoxide dismutase (SOD), was highly induced (∼1600-fold) upon dsRNA exposure. Variation in dsRNA-mediated silencing effects also was evident in the group of sporocysts that lacked any definable phenotype. Out of 22 nonphenotype-expressing dsRNA treatments (myosin, PKCB, HEXBP, calcium channel, Sma2, RHO1, PKC receptor, DHHC, PepcK, calreticulin, calpain, Smeg, 14.3.3, K5, SPO1, SmZF1, fibrillarin, GST28, GPx, TPx1, TPx2 and TPx2/TPx1), 12 were assessed for the transcript levels. Of those, 6 genes exhibited consistent reductions in steady-state transcript levels, while expression level for the rest remained unchanged. Results demonstrate that the efficacy of dsRNA-treatment in producing consistent phenotypic changes and/or altered gene expression levels in S. mansoni sporocysts is highly dependent on the selected gene (or the specific dsRNA sequence used) and the timing of evaluation after treatment. Although RNAi holds great promise as a functional genomics tool for larval schistosomes, our finding of potential off-target or nonspecific effects of some dsRNA treatments and variable efficiencies in specific gene knockdown indicate a critical need for gene-specific testing and optimization as an essential part of experimental design, execution and data interpretation

Non-Interactive Zero-Knowledge Proofs for Composite Statements

The two most common ways to design non-interactive zero-knowledge (NIZK) proofs are based on Sigma protocols and QAP-based SNARKs. The former is highly efficient for proving algebraic statements while the latter is superior for arithmetic representations. Motivated by applications such as privacy-preserving credentials and privacy-preserving audits in cryptocurrencies, we study the design of NIZKs for composite statements that compose algebraic and arithmetic statements in arbitrary ways. Specifically, we provide a framework for proving statements that consist of ANDs, ORs and function compositions of a mix of algebraic and arithmetic components. This allows us to explore the full spectrum of trade-offs between proof size, prover cost, and CRS size/generation cost. This leads to proofs for statements of the form: knowledge of $x$ such that $SHA(g^x)=y$ for some public $y$ where the prover\u27s work is 500 times fewer exponentiations compared to a QAP-based SNARK at the cost of increasing the proof size to 2404 group and field elements. In application to anonymous credentials, our techniques result in 8 times fewer exponentiations for the prover at the cost of increasing the proof size to 298 elements

Linear-Time Zero-Knowledge Proofs for Arithmetic Circuit Satisfiability

We give computationally efficient zero-knowledge proofs of knowledge for arithmetic circuit satisfiability over a large field. For a circuit with N addition and multiplication gates, the prover only uses O(N) multiplications and the verifier only uses O(N) additions in the field. If the commitments we use are statistically binding, our zero-knowledge proofs have unconditional soundness, while if the commitments are statistically hiding we get computational soundness. Our zero-knowledge proofs also have sub-linear communication if the commitment scheme is compact. Our construction proceeds in three steps. First, we give a zero-knowledge proof for arithmetic circuit satisfiability in an ideal linear commitment model where the prover may commit to secret vectors of field elements, and the verifier can receive certified linear combinations of those vectors. Second, we show that the ideal linear commitment proof can be instantiated using error-correcting codes and non-interactive commitments. Finally, by choosing efficient instantiations of the primitives we obtain linear-time zero-knowledge proofs