Daniel Morales
phd student
Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34 951 952 939
E-mail: damesca@uma.es
Current research
- Secure Multi-party Computation: Analysis of MPC protocols and design of new use cases, with the focus on performance and security trade-offs.
- Blockchain: Design of privacy tools for blockchain scenarios.
Ph.D. research
My Ph.D. research focuses on new applications for MPC protocols in novel scenarios, e.g. blockchain. These protocols provide nice capabilities to enhance privacy in distributed environments, where different participants own different private data. MPC protocols require specific trade-offs between privacy and performance, which can condition their acceptance in different applications.
Education
- MSc. in Telematics and Telecommunication Networks, University of Málaga (July 2020)
- BSc. in Telematics, University of Málaga (July 2019)
Thesis
- MSc. Thesis: Using Protocols for Secure Multiparty Computation on the Web:
The objective of this project is to carry out an analysis and a programming design of a primitive of the Secure Multiparty Computation paradigm for the web model. Specifically, the primitive Oblivious Transfer is studied, which forms the basis of several advanced cryptography protocols. For this purpose, the state of the art is analyzed, and the first specification of this primitive integrated in the Web Cryptography API is proposed, which enables cryptography at the application level in most of the web browsers. After specification, at the interface level, a prototype is presented, developed over the Node.js environment. - BSc. Thesis: Public Key infrastructure prototype using distributed RSA with secure multiparty computation:
Security has become a very important aspect in computer networking systems. Cryptography and the usage of trusted third parties have built the essential axis on which security is based for the most of Internet transactions. The objective of this work is to develop and analyze the viability of an RSA key pair management system to perform the generation and digital signature of public key certificates, using a secure protocol based on secure multiparty computation. To achieve that, the code needed to coordinate the key management servers has been designed. Those servers offer a distributed service, thanks to the coordination of an orchestrator, working at certification entity level. Code is offered in API REST format, because of its designing and integration convenience, and the facility to change things for an implementation of the proposed architecture on different systems.
Publications
Daniel Morales, Isaac Agudo, Javier Lopez
Toward a Framework for Cost-Effective and Publicly Verifiable Confidential Computations in Blockchain Journal Article Forthcoming
In: IEEE Communications Magazine, Forthcoming, ISSN: 1558-1896.
@article{morales2024commag,
title = {Toward a Framework for Cost-Effective and Publicly Verifiable Confidential Computations in Blockchain},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2024commag.pdf},
doi = {10.1109/MCOM.001.2300839},
issn = {1558-1896},
year = {2024},
date = {2024-09-03},
urldate = {2024-09-03},
journal = {IEEE Communications Magazine},
abstract = {Blockchain technologies have introduced a compelling paradigm for a new understanding of security through decentralized networks and consensus mechanisms. However, they need all data to be public, which may be unacceptable for use cases such as biometric data processing or sensitive monetary transactions. Therefore, confidentiality is identified as a need in blockchain. Additionally, blockchain can contribute to confidential applications by providing publicly verifiable mechanisms, therefore enhancing security. This work presents a framework for cost-effective and publicly verifiable confidential computations in blockchain, by relying on secure multi-party computation committees and zero-knowledge proofs. Our framework supports arbitrary computations on confidential data enforced by smart contracts. Additionally, staking, incentives, and cheat identification are provided as solutions to enhance trust. We also provide a technical solution to embed secure multi-party computations within smart contracts by using the Promise programming pattern. Finally, a cost analysis is provided to justify the feasibility of the framework compared to other solutions.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
Daniel Morales, Isaac Agudo
Cryptographic approaches for confidential computations in blockchain Proceedings Article
In: XVI Jornadas de Ingeniería Telemática, pp. 110-113, Barcelona, 2023, ISBN: 978-84-09-58148-1.
@inproceedings{morales2023jitel,
title = {Cryptographic approaches for confidential computations in blockchain},
author = {Daniel Morales and Isaac Agudo},
url = {/wp-content/papers/morales2023jitel.pdf},
isbn = {978-84-09-58148-1},
year = {2023},
date = {2023-11-09},
urldate = {2023-11-09},
booktitle = {XVI Jornadas de Ingenier\'{i}a Telem\'{a}tica},
pages = {110-113},
address = {Barcelona},
abstract = {Blockchain technologies have been widely researched in the last decade, mainly because of the revolution they propose for different use cases. Moving away from centralized solutions that abuse their capabilities, blockchain looks like a great solution for integrity, transparency, and decentralization. However, there are still some problems to be solved, lack of privacy being one of the main ones. In this paper, we focus on a subset of the privacy area, which is confidentiality. Although users are increasingly aware of the importance of confidentiality, blockchain poses a barrier to the confidential treatment of data. We initiate the study of cryptographic confidential computing tools and focus on how these technologies can endow the blockchain with better capabilities, i.e., enable rich and versatile applications while protecting users’ data. We identify Zero Knowledge Proofs, Fully Homomorphic Encryption, and Secure Multiparty Computation as good candidates to achieve this.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Daniel Morales, Isaac Agudo, Javier Lopez
Integration of MPC into Besu through an extended private transaction model Proceedings Article
In: IEEE International Conference on Metaverse Computing, Networking and Applications, pp. 266-273, IEEE Computer Society IEEE, Kyoto, Japan, 2023.
@inproceedings{morales2023metacom,
title = {Integration of MPC into Besu through an extended private transaction model},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023metacom.pdf},
doi = {10.1109/MetaCom57706.2023.00056},
year = {2023},
date = {2023-06-01},
urldate = {2023-06-01},
booktitle = {IEEE International Conference on Metaverse Computing, Networking and Applications},
pages = {266-273},
publisher = {IEEE},
address = {Kyoto, Japan},
organization = {IEEE Computer Society},
abstract = {In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.
Daniel Morales, Isaac Agudo, Javier Lopez
Private set intersection: A systematic literature review Journal Article
In: Computer Science Review, vol. 49, no. 100567, 2023, ISSN: 1574-0137.
@article{morales2023psi,
title = {Private set intersection: A systematic literature review},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023psi.pdf
https://www.sciencedirect.com/science/article/pii/S1574013723000345},
doi = {10.1016/j.cosrev.2023.100567},
issn = {1574-0137},
year = {2023},
date = {2023-05-01},
urldate = {2023-05-01},
journal = {Computer Science Review},
volume = {49},
number = {100567},
publisher = {Elsevier},
address = {ScienceDirect},
abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Daniel Morales, Isaac Agudo, Javier Lopez
Real-time Crowd Counting based on Wearable Ephemeral IDs Proceedings Article
In: 19th International Conference on Security and Cryptography (SECRYPT 2022), pp. 249-260, Scitepress Scitepress, Lisbon, 2022, ISSN: 2184-7711.
@inproceedings{morales2022cc,
title = {Real-time Crowd Counting based on Wearable Ephemeral IDs},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2022cc.pdf},
doi = {10.5220/0011327200003283},
issn = {2184-7711},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
booktitle = {19th International Conference on Security and Cryptography (SECRYPT 2022)},
pages = {249-260},
publisher = {Scitepress},
address = {Lisbon},
organization = {Scitepress},
abstract = {Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Daniel Morales, Isaac Agudo
Prueba de concepto de Autoridad de Certificación usando Computación Segura Multiparte Proceedings Article
In: XIV Jornadas de Ingeniería Telemática, pp. 50-53, Zaragoza, 2019, ISBN: 978-84-09-21112-8.
@inproceedings{morales2019,
title = {Prueba de concepto de Autoridad de Certificaci\'{o}n usando Computaci\'{o}n Segura Multiparte},
author = {Daniel Morales and Isaac Agudo},
url = {/wp-content/papers/morales2019.pdf},
doi = {10.26754/uz.978-84-09-21112-8},
isbn = {978-84-09-21112-8},
year = {2019},
date = {2019-10-01},
urldate = {2019-10-01},
booktitle = {XIV Jornadas de Ingenier\'{i}a Telem\'{a}tica},
pages = {50-53},
address = {Zaragoza},
abstract = {Este trabajo pretende analizar el paradigma de la Computaci\'{o}n Segura Multiparte y sus posibles aplicaciones en el campo de la criptograf\'{i}a. Se plantea como modelo alternativo, mas escalable y seguro al uso de m\'{o}dulos hardware de seguridad para aplicaciones que requieran de Terceras Partes Confiables. Concretamente, se ha integrado un protocolo de criptograf\'{i}a RSA multiparte con la librer\'{i}a certbuilder, para la creaci\'{o}n de certificados X.509. De esta forma se asegura que la creaci\'{o}n de los certificados ra\'{i}z de la Infraestructura de Clave Publica se realiza de forma que la generaci\'{o}n de claves y firma de este se ejecute \'{i}ntegramente sobre el sistema multiparte, con un modelo de tres partes que trabaja con circuitos aritm\'{e}ticos, sin que ninguna de ellas, de forma aislada, tenga posibilidad de comprometer la clave privada correspondiente. Para comprobar la viabilidad del sistema se han realizado pruebas de generaci\'{o}n de certificados con diferentes longitudes de clave, siendo el proceso determinante la creaci\'{o}n de las claves. Los elevados tiempos hacen que una aplicaci\'{o}n como esta no sea asumible en otros escenarios, pero creemos que para el caso de la creaci\'{o}n de los certificados ra\'{i}z de una infraestructura de clave p\'{u}blica las garant\'{i}as avanzadas de seguridad compensan el tiempo extra.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}