Helping the Blockchain Ecosystem Grow by Developing some Fundamental Cybersecurity Building Blocks

Projects

BLS Hardware Security Module

BLS signatures will become one of the fundamental building BLS signatures will become one of the fundamental building blocks for ETH 2.0. However, this particular scheme is not yet supported by commercial HSM. By developing an open source BLS HSM, we give ETH 2.0 node operators the opportunity to easily incorporate higher security measures. We base our solution in ARM TrustZone technology to protect validators’ private keys.

For our PoC, we have selected the nrf9160 Development Board, that, in addition to an ARM Cortex M33, includes an LTE modem that could allow us to implement the remote signer server completely inside the board.

Code: Funded by: More info …
Gasless policies for NuCypher

Gasless Policies for NuCypher

The gas’ cost incurred for policy issuance is a limiting factor for the success of the NuCypher network. Ultimately, NuCypher nodes can ignore the policies, as they own all the pieces needed to perform the cryptographic operations of the network. Hence, moving re-encryption policies to a private NuCypher blockchain formed by all its nodes (NUChain) does not lessen the security of the NuCypher network. The main advantage of moving policies to NUChain is that users do not need to own and spend any ETH gas to issue and manage new policies.

We are working on a PoC for a NUChain that can run and manage NuCypher policies. Moreover, we will also implement in this PoC, a mechanism to report node availability and apply the corresponding slashing policies.

Code: Funded by:

Faillapop – A Hands-On Security Learning Resource

Security vulnerabilities in smart contracts have led to billions of dollars in losses. Yet, most security training resources focus on isolated contracts, leaving a gap between theoretical knowledge and real-world auditing. Faillapop is designed to bridge that gap.

Initiated by José Carlos Ramírez and developed together with Marco, Faillapop is a vulnerable-by-design decentralized marketplace, allowing security researchers, developers, and auditors to practice identifying and mitigating security risks in a realistic multi-contract environment. Inspired by real-world incidents, the protocol integrates a DAO-based dispute resolution, proxy contracts, and commit-reveal voting.

Built with Foundry, it includes comprehensive documentation, a testing suite, and realistic deployment scripts. It was Marco’s final engineering project at the University of Málaga (awarded Honors and Distinction). It is now part of our initiative to advance Ethereum security education through workshops, courses, and advanced hands-on challenges.

Test your auditing skills with Faillapop—because security is learned by doing.

Code:

Measuring Workers in PoS Networks

Proof of Stake (PoS) networks usually require worker nodes to do some work in order to keep or increase their stake. Measuring the amount of work performed by each node in a secured and truly decentralized way is a huge challenge. We have implemented a proof of concept (PoC) side chain to report the worker nodes that are actively participating in the NuCypher network, using the same principles of Optimistic Rollups. We use Ethermint (now Evmos) and BLS signatures to implement a NuCypher private blockchain that aggregates workers’ commitment. This aggregated commitment can then be sent to the Ethereum smart contract for verification of all workers’ commitment using a single Ethereum transaction.

Code: Prize: Funded by: 

Research

Digital Asset Custody Using Secure Multi-Party Computation

One of the main advantages of cryptocurrencies is that, by using non-custodial wallets, the holders retain full control over their assets. However, there is also an associated risk of losing all the assets. One alternative is to use a custodial web wallet, at the cost of relying completely on the wallet provider for the management of the assets (e.g. Coinbase Custody). There are other alternatives that involve multiple custodians, implementing some kind of multi-party computation protocol to move assets (e.g. tBTC).

We believe SMPC is essential to the development of the blockchain ecosystem and there will be more and more situations where SMPC is used as a building block to enable new exciting features. For this reason, we are investigating how SMPC can be applied to blockchain use cases, analyzing the suitability of different protocols beyond threshold ECDSA signatures.

Digital Asset Custody using Secure Multi-party Computation
Privacy and Traceability in blockchain

Privacy and Traceability in Blockchain

Transparency is a fundamental property of blockchain. Every transaction is recorded in the blockchain, and anyone can inspect it. This is a nice feature to have in many situations, but for some use cases, privacy is also a requirement. Finding the proper trade-off between privacy and transparency is complicated and will highly depend on the particular application. If we think about crypto payments, from a government perspective it could be useful to be able to track every transaction back to its source, but from the individual perspective, it seems reasonable to assume some kind of privacy, allowing individuals to decide who should be able to trace back their payment. There are already solutions in place such as TornadoCash or Zcash in the Ethereum ecosystem, but most crypto payments remain completely traceable.

This situation is not exclusive to crypto payments. Recently, the Ethereum Name Service (ENS) and the Ethereum Foundation awarded a development RFP to login.xyz, an initiative to use an Ethereum wallet to easily login to web2 applications. This raises some privacy concerns too, because it can lead to linking the blockchain history associated to a ethreum address, particularly its balance, with some personal data. Proposals such as Verifiable Credentials, a W3C standard promoted by companies such as Evernym, could help alleviate those concerns.

Welcome to our blog, where we explore Ethereum security, cryptography, privacy, and blockchain.
Through research-backed insights, we help developers, auditors, and blockchain enthusiasts navigate security challenges and emerging threats.
Stay ahead with us.

EIP-7702: Ethereum’s Next Step Toward a More Flexible Account Model
Ethereum

EIP-7702: Ethereum’s Next Step Toward a More Flexible Account Model

Externally Owned Accounts (EOAs) and smart contracts in Ethereum have traditionally been distinct: EOAs are controlled by private keys and can initiate transactions, while smart contracts can execute code when triggered but cannot initiate transactions.

EIP-7702 bridges this gap by allowing EOAs to execute code, effectively blurring the lines between them and smart contracts. This proposal represents a major step toward native account abstraction, enhancing Ethereum’s usability, security, and programmability.

Closing ceremony of the Blockchain Technologies course University of Malaga 2024
Blockchain | Education

Closing ceremony of the Blockchain Technologies course University of Malaga 2024

On Thursday, June 6, the closing event of the fifth edition of the Blockchain Technologies course at the University of Málaga took place. This fifth edition of the course has once again demonstrated the enormous talent of the students and the potential of blockchain technology in various fields.

BLS-HSM for Ethereum: Enhancing Validator Key Security
Ethereum | Hardware | Open Source

BLS-HSM for Ethereum: Enhancing Validator Key Security

One of the most critical security challenges in blockchain networks is protecting cryptographic keys. While hardware wallets provide a robust solution for individual users, securing validator keys in Ethereum’s consensus layer requires a different approach. Hardware Security Modules (HSMs) are commonly used in secure environments to protect private keys and execute cryptographic operations without exposing sensitive material.

However, there has been a notable absence of open-source HSMs supporting BLS signatures, the cryptographic scheme essential for Ethereum validators. Recognizing this gap, Decentralized Security initiated the development of an open-source BLS-HSM

Team

Daniel Morales

PhD candidate,

Applied Cryptography Researcher

Isaac Agudo

Founder & CEO,

PhD in Computer Science,

MSc in Mathematics

Marco López

BSc in Telematics Engineering,

Blockchain Security Researcher

About

Decentralized Security was born in 2021. We are a young university startup, led by Isaac Agudo, who is also a member of the Network, Information and Computer Security Lab (NICS) at the University of Malaga in Spain

Isaac Agudo

CEO

Contact