Helping the Blockchain Ecosystem Grow by Developing some Fundamental Cybersecurity Building Blocks
Projects
BLS Hardware Security Module
BLS signatures will become one of the fundamental building BLS signatures will become one of the fundamental building blocks for ETH 2.0. However, this particular scheme is not yet supported by commercial HSM. By developing an open source BLS HSM, we give ETH 2.0 node operators the opportunity to easily incorporate higher security measures. We base our solution in ARM TrustZone technology to protect validators’ private keys.
For our PoC, we have selected the nrf9160 Development Board, that, in addition to an ARM Cortex M33, includes an LTE modem that could allow us to implement the remote signer server completely inside the board.
Gasless Policies for NuCypher
The gas’ cost incurred for policy issuance is a limiting factor for the success of the NuCypher network. Ultimately, NuCypher nodes can ignore the policies, as they own all the pieces needed to perform the cryptographic operations of the network. Hence, moving re-encryption policies to a private NuCypher blockchain formed by all its nodes (NUChain) does not lessen the security of the NuCypher network. The main advantage of moving policies to NUChain is that users do not need to own and spend any ETH gas to issue and manage new policies.
We are working on a PoC for a NUChain that can run and manage NuCypher policies. Moreover, we will also implement in this PoC, a mechanism to report node availability and apply the corresponding slashing policies.
Faillapop – A Hands-On Security Learning Resource
Security vulnerabilities in smart contracts have led to billions of dollars in losses. Yet, most security training resources focus on isolated contracts, leaving a gap between theoretical knowledge and real-world auditing. Faillapop is designed to bridge that gap.
Initiated by José Carlos Ramírez and developed together with Marco, Faillapop is a vulnerable-by-design decentralized marketplace, allowing security researchers, developers, and auditors to practice identifying and mitigating security risks in a realistic multi-contract environment. Inspired by real-world incidents, the protocol integrates a DAO-based dispute resolution, proxy contracts, and commit-reveal voting.
Built with Foundry, it includes comprehensive documentation, a testing suite, and realistic deployment scripts. It was Marco’s final engineering project at the University of Málaga (awarded Honors and Distinction). It is now part of our initiative to advance Ethereum security education through workshops, courses, and advanced hands-on challenges.
Test your auditing skills with Faillapop—because security is learned by doing.
Measuring Workers in PoS Networks
Proof of Stake (PoS) networks usually require worker nodes to do some work in order to keep or increase their stake. Measuring the amount of work performed by each node in a secured and truly decentralized way is a huge challenge. We have implemented a proof of concept (PoC) side chain to report the worker nodes that are actively participating in the NuCypher network, using the same principles of Optimistic Rollups. We use Ethermint (now Evmos) and BLS signatures to implement a NuCypher private blockchain that aggregates workers’ commitment. This aggregated commitment can then be sent to the Ethereum smart contract for verification of all workers’ commitment using a single Ethereum transaction.
Research
Digital Asset Custody Using Secure Multi-Party Computation
One of the main advantages of cryptocurrencies is that, by using non-custodial wallets, the holders retain full control over their assets. However, there is also an associated risk of losing all the assets. One alternative is to use a custodial web wallet, at the cost of relying completely on the wallet provider for the management of the assets (e.g. Coinbase Custody). There are other alternatives that involve multiple custodians, implementing some kind of multi-party computation protocol to move assets (e.g. tBTC).
We believe SMPC is essential to the development of the blockchain ecosystem and there will be more and more situations where SMPC is used as a building block to enable new exciting features. For this reason, we are investigating how SMPC can be applied to blockchain use cases, analyzing the suitability of different protocols beyond threshold ECDSA signatures.
Privacy and Traceability in Blockchain
Transparency is a fundamental property of blockchain. Every transaction is recorded in the blockchain, and anyone can inspect it. This is a nice feature to have in many situations, but for some use cases, privacy is also a requirement. Finding the proper trade-off between privacy and transparency is complicated and will highly depend on the particular application. If we think about crypto payments, from a government perspective it could be useful to be able to track every transaction back to its source, but from the individual perspective, it seems reasonable to assume some kind of privacy, allowing individuals to decide who should be able to trace back their payment. There are already solutions in place such as TornadoCash or Zcash in the Ethereum ecosystem, but most crypto payments remain completely traceable.
This situation is not exclusive to crypto payments. Recently, the Ethereum Name Service (ENS) and the Ethereum Foundation awarded a development RFP to login.xyz, an initiative to use an Ethereum wallet to easily login to web2 applications. This raises some privacy concerns too, because it can lead to linking the blockchain history associated to a ethreum address, particularly its balance, with some personal data. Proposals such as Verifiable Credentials, a W3C standard promoted by companies such as Evernym, could help alleviate those concerns.
Understanding Precision Loss in Solidity
When dealing with Solidity, precision loss is one of those subtle yet devastating issues that can sneak into your code unnoticed—until it’s too late. A tiny miscalculation can cascade into major financial discrepancies, potentially draining funds, misallocating rewards, or even opening doors to exploits. Understanding how and why this happens is critical for writing secure and reliable smart contracts.
But why does Solidity even have precision issues in the first place?
Securing Ethereum’s Clients: Our Open-Source Approach to BLS-HSMs
In August 2022, we shared our initial efforts to develop a modular, open-source Hardware Security Module (HSM) platform tailored for blockchain environments. Today, we are excited to update the community on the progress we’ve made, and why this work is more relevant than ever.
EIP-7702: Ethereum’s Next Step Toward a More Flexible Account Model
Externally Owned Accounts (EOAs) and smart contracts in Ethereum have traditionally been distinct: EOAs are controlled by private keys and can initiate transactions, while smart contracts can execute code when triggered but cannot initiate transactions. EIP-7702 bridges this gap by allowing EOAs to execute code, effectively blurring the lines between them and smart contracts.
Team
About
Decentralized Security was born in 2021. We are a young university startup, led by Isaac Agudo, who is also a member of the Network, Information and Computer Security Lab (NICS) at the University of Malaga in Spain
CEO