A greater proportion of participants with type 2 diabetes achieve treatment targets with insulin degludec/liraglutide versus insulin glargine 100 units/mL at 26 weeks. DUAL VIII, a randomized trial designed to resemble clinical practice

This report presents the efficacy and safety of insulin degludec/liraglutide (IDegLira) versus insulin glargine 100 units/mL (IGlar U100) as initial injectable therapy at 26 weeks in the 104-week DUAL VIII durability trial (NCT02501161). Participants (N = 1012) with type 2 diabetes (T2D) uncontrolled on oral antidiabetic drugs (OADs) were randomized 1:1 to open-label IDegLira or IGlar U100. Visits were scheduled at weeks 1, 2, 4 and 12, and every 3 months thereafter. After 26 weeks, glycated haemoglobin (HbA1c) reductions were greater with IDegLira versus IGlar U100 (−21.5 vs. –16.4 mmol/mol [−2.0 vs. –1.5%]), as was the percentage of participants achieving HbA1c <53 mmol/mol (78.7% vs. 55.7%) and HbA1c targets without weight gain and/or hypoglycaemia. Estimated treatment differences for insulin dose (−13.01 U) and body weight change (−1.57 kg) significantly favoured IDegLira. The hypoglycaemia rate was 44% lower with IDegLira versus IGlar U100. Safety results were similar. In a trial resembling clinical practice, more participants receiving IDegLira than IGlar U100 met treatment targets, supporting use of IDegLira as an initial injectable therapy for people with T2D uncontrolled on OADs and eligible for insulin initiation

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25182-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysi

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any so-called sigma-protocol, into a non-interactive proof in the random-oracle model. We study this transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition. Our main result is a generic reduction that transforms any quantum dishonest prover attacking the Fiat-Shamir transformation in the quantum random-oracle model into a similarly successful quantum dishonest prover attacking the underlying sigma-protocol (in the standard model). Applied to the standard soundness and proof-of-knowledge definitions, our reduction implies that both these security properties, in both the computational and the statistical variant, are preserved under the Fiat-Shamir transformation even when allowing quantum attacks. Our result improves and completes the partial results that have been known so far, but it also proves wrong certain claims made in the literature. In the context of post-quantum secure signature schemes, our results imply that for any sigma-protocol that is a proof-of-knowledge against quantum dishonest provers (and that satisfies some additional natural properties), the corresponding Fiat-Shamir signature scheme is secure in the quantum random-oracle model. For example, we can conclude that the non-optimized version of Fish, which is the bare Fiat-Shamir variant of the NIST candidate Picnic, is secure in the quantum random-oracle model.Comment: 20 page

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2

In this paper, we present a strong, formal, and general-purpose cryptographic model for privacy-preserving authenticated key exchange (PPAKE) protocols. PPAKE protocols are secure in the traditional AKE sense but additionally guarantee the confidentiality of the identities used in communication sessions. Our model has several useful and novel features, among others: it is a proper extension of classical AKE models, guarantees in a strong sense that the confidentiality of session keys is independent from the secrecy of the used identities, and it is the first to support what we call dynamic modes, where the responsibility of selecting the identities of the communication partners may vary over several protocol runs. To the best of our knowlegde, this implements the first technical approach to deal with protocol options in AKE security models. We show the validity of our model by applying it to the cryptographic core of IPsec IKEv2 with signature-based authentication where the need for dynamic modes is practically well-motivated. In our analysis, we not only show that this protocol provides strong classical AKE security guarantees but also that the identities that are used by the parties remain hidden in successful protocol runs. Historically, the Internet Key Exchange (IKE) protocol was the first real-world AKE to incorporate privacy-preserving techniques. However, lately privacy-preserving techniques have gained renewed interest in the design process of important protocols like TLS 1.3 (with encrypted SNI) and NOISE. We believe that our new model can be a solid foundation to analyze these and other practical protocols with respect to their privacy guarantees, in particular, in the now so wide-spread scenario where multiple virtual servers are hosted on a single machine

Acute effects of caffeine and cigarette smoking on ventricular long-axis function in healthy subjects

<p>Abstract</p> <p>Background</p> <p>Few data exist regarding the direct effects of caffeine and smoking on cardiac function. We sought to explore the acute effects of caffeine assumption, cigarette smoking, or both on left ventricular (LV) and right ventricular (RV) function in a population of young normal subjects.</p> <p>Methods</p> <p>Forty-five healthy subjects aged 25 ± 2 years underwent echocardiography. Fifteen of them were non-smokers and habitual coffee consumers (group 1), 15 were smokers and not habitual coffee consumers (group 2), and 15 were smokers and habitual coffee consumers (group 3). Peak systolic (S_a), early diastolic E_a, and late diastolic (A_a) velocity of mitral annulus were measured by pulsed Tissue Doppler, and left atrioventricular plane displacement was determined by M-mode. Tricuspid annular velocities and systolic excursion (TAPSE) were also determined. Measurements were performed at baseline and after oral assumption of caffeine 100 mg in group 1, one cigarette smoking in group 2, and both in group 3.</p> <p>Results</p> <p>No changes in ventricular function were observed in group 1 after caffeine administration. In group 2, cigarette smoking yielded an acute increase in mitral A_a(+12.1%, p = 0.0026), tricuspid S_a(+9.8%, p = 0.012) and TAPSE (+7.9%, p = 0.017), and a decrease in the mitral E_a/A_aratio (-8.5%, p = 0.0084). Sequential caffeine assumption and cigarette smoking in group 3 was associated with an acute increase in mitral A_a(+13.0%, p = 0.015) and tricuspid A_a(+11.6%, p < 0.0001) and a reduction in mitral E_a/A_aratio (-8.5%, p = 0.0084) tricuspid E_a(-6.6%, p = 0.048) and tricuspid E_a/A_aratio (-9.6%, p = 0.0003). In a two-way ANOVA model controlling for hemodynamic confounding factors, changes in the overall population remained significant for mitral A_aand E_a/A_aratio, and for tricuspid A_aand E_a/A_aratio.</p> <p>Conclusion</p> <p>In young healthy subjects, one cigarette smoking is associated to an acute impairment in LV diastolic function and a hyperdynamic RV systolic response. Caffeine assumption alone does not exert any acute effect on ventricular long-axis function, but potentiates the negative effect of cigarette smoking by abolishing RV supernormal response and leading to a simultaneous impairment in both LV and RV diastolic function.</p

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary\u27s queries, a crucial feature of many classical ROM proofs, including all proofs of indifferentiability for hash function domain extension. In this work, we give a new QROM proof technique that overcomes this ``recording barrier\u27\u27. Our central observation is that when viewing the adversary\u27s query and the oracle itself in the Fourier domain, an oracle query switches from writing to the adversary\u27s space to writing to the oracle itself. This allows a reduction to simulate the oracle by simply recording information about the adversary\u27s query in the Fourier domain. We then use this new technique to show the indifferentiability of the Merkle-Damgard domain extender for hash functions. We also give a proof of security for the Fujisaki-Okamoto transformation; previous proofs required modifying the scheme to include an additional hash term. Given the threat posed by quantum computers and the push toward quantum-resistant cryptosystems, our work represents an important tool for efficient post-quantum cryptosystems

Efficient KEA-Style Lattice-Based Authenticated Key Exchange

Lattice-based cryptographic primitives are believed to have the property against attacks by quantum computers. In this work, we present a KEA-style authenticated key exchange protocol based on the ring learning with errors problem whose security is proven in the BR model with weak perfect forward secrecy. With properties of KEA such as implicit key authentication and simplicity, our protocol also enjoys many properties of lattice-based cryptography, namely asymptotic efficiency, conceptual simplicity, worst-case hardness assumption, and resistance to attacks by quantum computers. Our lattice-based authenticated key exchange protocol is more efficient than the protocol of Zhang et al. (EUROCRYPT 2015) with more concise structure, smaller key size and lower bandwidth. Also, our protocol enjoys the advantage of optimal online efficiency and we improve our protocol with pre-computation

Supersingular Isogeny Diffie-Hellman Authenticated Key Exchange

We propose two authenticated key exchange protocols from supersingular isogenies. Our protocols are the first post-quantum one-round Diffie-Hellman type authenticated key exchange ones in the following points: one is secure under the quantum random oracle model and the other resists against maximum exposure where a non-trivial combination of secret keys is revealed. The security of the former and the latter is proven under isogeny versions of the decisional and gap Diffie-Hellman assumptions, respectively. We also propose a new approach for invalidating the Galbraith-Vercauteren-type attack for the gap problem