Blindfold: Keeping Private Keys in PKIs and CDNs out of Sight

Public key infrastructure (PKI) is a certificate-based technology that helps in authenticating systems identities. HTTPS/TLS relies mainly on PKI to minimize fraud over the Internet. Nowadays, websites utilize CDNs to improve user experience, performance, and resilience against cyber attacks. However, combining HTTPS/TLS with CDNs has raised new security challenges. In any PKI system, keeping private keys private is of utmost importance. However, it has become the norm for CDN-powered websites to violate that fundamental assumption. Several solutions have been proposed to make HTTPS CDN-friendly. However, protection of private keys from the very instance of generation; and how they can be made secure against exposure by malicious (CDN) administrators and malware remain unexplored. We utilize trusted execution environments to protect private keys by never exposing them to human operators or untrusted software. We design Blindfold to protect private keys in HTTPS/TLS infrastructures, including CAs, website on-premise servers, and CDNs. We implemented a prototype to assess Blindfold's performance and performed several experiments on both the micro and macro levels. We found that Blindfold slightly outperforms SoftHSM in key generation by 1% while lagging by 0.01% for certificate issuance operations

Evaluation of the complications of the in situ versus uterine exteriorization repair of caesarean section uterine incision

Background: caesarean section is the most performed major operation around the world. In this study we aim to compare in situ repair of caesarean section uterine incision to repair with uterine exteriorization.Methods: The study was conducted on 200 patients at El-Shatby maternity university hospital during the period from June 2019 to June 2020 and after ethical committee approval and obtaining an informed consent. All cases were 37 weeks gestation or more with singleton fetus prepared to have caesarean section. They were randomly allocated into 2 groups each of 100 participants: group A: with exteriorization repair of the uterus, group B: with in situ repair. After history taking, examination and laboratory investigations, elective caesarean section was done under spinal anesthesia. After delivery of the fetus and placenta, the uterus was repaired either in situ or after exteriorization followed by closure of the abdomen in layers. We assessed: primary outcome: blood loss. secondary outcome: nausea or vomiting, hypotension, operative time and duration of uterine repair, tachycardia, uterine contractility and hematoma formation. Post-operative pain, febrile illness, time of ambulation, time of return of bowel function were also assessed. Data were collected and submitted to statistical analysis. Results: In situ repair had a statistically significant decrease in intra operative nausea, vomiting and tachycardia. Exteriorization resulted in significantly shorter duration of uterine repair; unlikely duration of the whole surgery was not statistically significant. Return of intestinal sounds was statistically significant in favour of in situ repair.Conclusions: There is no definite or absolute privilege of in-situ repair versus exteriorization.

Aegis: Privacy-Preserving Market for Non-Fungible Tokens

Non-fungible tokens (NFTs) are unique non-interchangeable digital assets verified and stored using blockchain technology. Quite recently, there has been a surging interest and adoption of NFTs, with sales exceeding \$10 billion in the third quarter of 2021. Given the public state of Blockchain, NFTs owners face a privacy problem. More precisely, an observer can trivially learn the whole NFT collections owned by an address. For some categories of NFTs like arts and game collectibles, owners can sell them for a profit. However, popular marketplaces trade NFTs using public auctions and direct offers. Hence, an observer can learn about the new owner and the NFT purchase price. To tackle those problems, we propose Aegis, a protocol that allows users to add privacy to their NFTs ownership. In Aegis, users can swap NFTs for payment amounts in fungible tokens while hiding the details (i.e., involved parties, the NFTs, and the payment amounts). One of the main properties of Aegis is its complete compatibility with existing NFT standards. We design Aegis by leveraging a zk-SNARK proof system and smart contracts. We build an open-source prototype and perform experiments to evaluate Aegis\u27s performance

Predicting surgical outcome of pediatric percutaneous nephrolithotomy

Purpose: The aim was to evaluate the outcome of pediatric percutaneous nephrolithotomy (PCNL) guided by Guy’s stone score grading system.Patients and methods: This was a prospective study of children with renal calculi more than 2 cm. They were younger than 18 years and were a candidate for PCNL at our University Hospitals from January 2013 until July 2016. All of them had a low-dose noncontrast enhanced computed tomography. The procedure was performed under general anesthesia with the patients in the prone position guided by fluoroscopy. The stone-free rate and the presence and type of complications were estimated. The demographic and clinical data, stone characteristics, radiologic anatomy as well the PCNL approach and methods of lithotripsy used were evaluated. Comparison was performed through using univariate and multivariate analyses, and factors predicting the PCNL outcome were determined.Results: A total of 110 children with kidney stones were accepted for PCNL. Overall, 95 (86.3%) of 110 children were stone free after one-stage PCNL. Grade 1 Guy’s stone score was 97.5% (40/41) (P<0.05). Mean hospital stay was 4.01 ± 2.0 days. Operative complications include bleeding in 12 (10.9%), extravasation in seven (6.4%), injury to the colon in one (0.9%), and renal pelvis perforation three (2.7%). In our study, larger Amplatz sheath, stone burden, and longer operative time are related to complications.Conclusion: Guy’s stone score correlated with both success and complications and can be used for decision making preoperatively in pediatric PCNL.Keywords: Guy’s stone score, minimally invasive, percutaneous nephrolithotomy, pediatric, urolithiasi

An Efficient Micropayment Channel on Ethereum

Blockchain protocols for cryptocurrencies offer secure payment transactions, yet their throughput pales in comparison to centralized payment systems such as VISA. Moreover, transactions incur fees that relatively hinder the adoption of cryptocurrencies for simple daily payments. Micropayment channels are second layer protocols that allow efficient and nearly unlimited number of payments between parties at the cost of only two transactions, one to initiate it and the other one to close it. Typically, the de-facto approach for micropayment channels on Ethereum is to utilize digital signatures which incur a constant gas cost but still relatively high due to expensive elliptic curve operations. Recently, ElSheikh et al. have proposed a protocol that utilizes hash chain which scales linearly with the channel capacity and has a lower cost compared to the digital signature based channel up to a capacity of 1000 micropayments. In this paper, we improve even more and propose a protocol that scales logarithmically with the channel capacity. Furthermore, by utilizing a variant of Merkle tree, our protocol does not require the payer to lock the entire balance at the channel creation which is an intrinsic limitation with the current alternatives. To assess the efficiency of our protocol, we carried out a number of experiments, and the results prove a positive efficiency and an overall low cost. Finally, we release the source code for prototype on GitHub

PASTRAMI: Privacy-preserving, Auditable, Scalable & Trustworthy Auctions for Multiple Items

Decentralised cloud computing platforms enable individuals to offer and rent resources in a peer-to-peer fashion. They must assign resources from multiple sellers to multiple buyers and derive prices that match the interests and capacities of both parties. The assignment process must be decentralised, fair and transparent, but also protect the privacy of buyers. We present PASTRAMI, a decentralised platform enabling trustworthy assignments of items and prices between a large number of sellers and bidders, through the support of multi-item auctions. PASTRAMI uses threshold blind signatures and commitment schemes to provide strong privacy guarantees while making bidders accountable. It leverages the Ethereum blockchain for auditability, combining efficient off-chain computations with novel, on-chain proofs of misbehaviour. Our evaluation of PASTRAMI using Filecoin workloads show its ability to efficiently produce trustworthy assignments between thousands of buyers and sellers

The Changing Landscape for Stroke\ua0Prevention in AF: Findings From the GLORIA-AF Registry Phase 2

Background GLORIA-AF (Global Registry on Long-Term Oral Antithrombotic Treatment in Patients with Atrial Fibrillation) is a prospective, global registry program describing antithrombotic treatment patterns in patients with newly diagnosed nonvalvular atrial fibrillation at risk of stroke. Phase 2 began when dabigatran, the first non\u2013vitamin K antagonist oral anticoagulant (NOAC), became available. Objectives This study sought to describe phase 2 baseline data and compare these with the pre-NOAC era collected during phase 1. Methods During phase 2, 15,641 consenting patients were enrolled (November 2011 to December 2014); 15,092 were eligible. This pre-specified cross-sectional analysis describes eligible patients\u2019 baseline characteristics. Atrial fibrillation disease characteristics, medical outcomes, and concomitant diseases and medications were collected. Data were analyzed using descriptive statistics. Results Of the total patients, 45.5% were female; median age was 71 (interquartile range: 64, 78) years. Patients were from Europe (47.1%), North America (22.5%), Asia (20.3%), Latin America (6.0%), and the Middle East/Africa (4.0%). Most had high stroke risk (CHA2DS2-VASc [Congestive heart failure, Hypertension, Age  6575 years, Diabetes mellitus, previous Stroke, Vascular disease, Age 65 to 74 years, Sex category] score  652; 86.1%); 13.9% had moderate risk (CHA2DS2-VASc = 1). Overall, 79.9% received oral anticoagulants, of whom 47.6% received NOAC and 32.3% vitamin K antagonists (VKA); 12.1% received antiplatelet agents; 7.8% received no antithrombotic treatment. For comparison, the proportion of phase 1 patients (of N = 1,063 all eligible) prescribed VKA was 32.8%, acetylsalicylic acid 41.7%, and no therapy 20.2%. In Europe in phase 2, treatment with NOAC was more common than VKA (52.3% and 37.8%, respectively); 6.0% of patients received antiplatelet treatment; and 3.8% received no antithrombotic treatment. In North America, 52.1%, 26.2%, and 14.0% of patients received NOAC, VKA, and antiplatelet drugs, respectively; 7.5% received no antithrombotic treatment. NOAC use was less common in Asia (27.7%), where 27.5% of patients received VKA, 25.0% antiplatelet drugs, and 19.8% no antithrombotic treatment. Conclusions The baseline data from GLORIA-AF phase 2 demonstrate that in newly diagnosed nonvalvular atrial fibrillation patients, NOAC have been highly adopted into practice, becoming more frequently prescribed than VKA in Europe and North America. Worldwide, however, a large proportion of patients remain undertreated, particularly in Asia and North America. (Global Registry on Long-Term Oral Antithrombotic Treatment in Patients With Atrial Fibrillation [GLORIA-AF]; NCT01468701

Privacy-Preserving Protocols on Blockchain

Blockchain is an evolving technology with the potential to reshape various industries. It is an immutable append-only distributed ledger that maintains the integrity and availability of its transactions. With blockchain, mutually distrusting parties can finally make transactions without relying on a trusted third party. Nevertheless, many organizations are reluctant to adopt it due to several issues such as privacy. More precisely, the inherent transparency of transactions in blockchain comes at the cost of privacy despite the use of pseudonymous identities. We design cryptographic protocols to improve the privacy of a set of decentralized applications utilizing blockchain. The rapidly growing number of digital assets deployed over blockchain requires a convenient trading mechanism. Sealed-bid auctions are powerful trading tools due to their privacy advantages compared to their open-cry counterparts. However, the inherent transparency on the blockchain makes designing a sealed-bid auction a challenging task. We propose three protocols utilizing zero-knowledge proofs, trusted execution environments, and smart contracts to publicly verify the correctness of the auction winner while maintaining users' privacy. In the first protocol, the auctioneer utilizes zero-knowledge proof of interval membership to prove the correctness of the auction winner without revealing the losing bids. However, this protocol is expensive in verification cost and scales linearly with the number of users. To reduce the verification cost, we design a second protocol where the auctioneer utilizes an advanced zero-knowledge proving system with a constant verification complexity. Both protocols offer partial privacy as the auctioneer gets to know the actual values of bids. The third protocol provides complete privacy by utilizing a trusted execution environment to determine the auction winner without revealing the losing bids to any party. Furthermore, since this protocol relies on simple cryptographic primitives, it achieves the lowest verification cost with a constant complexity regardless of the number of bids. Extending the work on sealed-bid auctions, we tackle a privacy problem in lit markets where all the information about bids and offers in the order book is visible to the public. While transparency helps the price discovery, it hurts financial institutions that trade large bulk orders. Therefore, we design a privacy-preserving periodic auction that hides limit-orders during the submission phase while preventing front-running and ensuring the correctness of market-clearing prices. Next, we target a privacy problem in inter-bank payment systems. Banks transfer money and securities instantaneously on a gross basis by utilizing Real-Time Gross Settlement (RTGS) system. Central banks operate RTGS systems and require access to payment instructions of each local inter-bank. Accordingly, RTGS systems assume unconditional trust given to central banks, and they suffer from a single point of failure. Hence, we propose a decentralized netting protocol that ensures balance correctness while hiding the transferred amounts and recipients. Finally, we switch gears to the booming Non-Fungible Tokens (NFTs) technology and tackle privacy issues with existing systems. NFTs are unique non-interchangeable digital assets verified and secured by blockchain technology. Current NFT standards lack privacy guarantees; hence any observer can trivially learn the whole NFT collection of an arbitrary user. Furthermore, popular marketplaces use public exchanges and auctions for trades which leak information about the trade parties and the payment amount for an NFT. We design Aegis as a protocol that adds privacy to NFTs ownership. More importantly, Aegis allows users to atomically swap NFTs for payment amounts while hiding the details of the transactions