Daniel Morales

Current research

• Secure Multi-party Computation: Analysis of MPC protocols and design of new use cases, with the focus on performance and security trade-offs.
• Blockchain: Design of privacy tools for blockchain scenarios.

Ph.D. research

My Ph.D. research focuses on new applications for MPC protocols in novel scenarios, e.g. blockchain. These protocols provide nice capabilities to enhance privacy in distributed environments, where different participants own different private data. MPC protocols require specific trade-offs between privacy and performance, which can condition their acceptance in different applications.

Education

• MSc. in Telematics and Telecommunication Networks, University of Málaga (July 2020)
• BSc. in Telematics, University of Málaga (July 2019)

Thesis

• MSc. Thesis: Using Protocols for Secure Multiparty Computation on the Web:
  The objective of this project is to carry out an analysis and a programming design of a primitive of the Secure Multiparty Computation paradigm for the web model. Specifically, the primitive Oblivious Transfer is studied, which forms the basis of several advanced cryptography protocols. For this purpose, the state of the art is analyzed, and the first specification of this primitive integrated in the Web Cryptography API is proposed, which enables cryptography at the application level in most of the web browsers. After specification, at the interface level, a prototype is presented, developed over the Node.js environment.
• BSc. Thesis: Public Key infrastructure prototype using distributed RSA with secure multiparty computation:
  Security has become a very important aspect in computer networking systems. Cryptography and the usage of trusted third parties have built the essential axis on which security is based for the most of Internet transactions. The objective of this work is to develop and analyze the viability of an RSA key pair management system to perform the generation and digital signature of public key certificates, using a secure protocol based on secure multiparty computation. To achieve that, the code needed to coordinate the key management servers has been designed. Those servers offer a distributed service, thanks to the coordination of an orchestrator, working at certification entity level. Code is offered in API REST format, because of its designing and integration convenience, and the facility to change things for an implementation of the proposed architecture on different systems.

Publications

• D. Morales, I. Agudo, and J. Lopez, "Integration of MPC into Besu through an extended private transaction model",
  IEEE International Conference on Metaverse Computing, Networking and Applications, 06/2023. More..

  Abstract

  In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
  Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
  We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
  Our work extends Hyperledger Besu's design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.

  
• D. Morales, I. Agudo, and J. Lopez, "Private set intersection: A systematic literature review",
  Computer Science Review, vol. 49, no. 100567, Elsevier, 05/2023. DOI (I.F.: 8.757)More..

  Abstract

  Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.

  Impact Factor: 8.757

  Journal Citation Reports® Science Edition (Thomson Reuters, 2021)

  ---

  
• D. Morales, I. Agudo, and J. Lopez, "Real-time Crowd Counting based on Wearable Ephemeral IDs",
  19th International Conference on Security and Cryptography (SECRYPT 2022), Scitepress, pp. 249-260, 07/2022. DOI More..

  Abstract

  Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.

  
• D. Morales, and I. Agudo, "Prueba de concepto de Autoridad de Certificación usando Computación Segura Multiparte",
  XIV Jornadas de Ingeniería Telemática, pp. 50-53, 10/2019. DOI More..

  Abstract

  Este trabajo pretende analizar el paradigma de la Computación Segura Multiparte y sus posibles aplicaciones en el campo de la criptografía. Se plantea como modelo alternativo, mas escalable y seguro al uso de módulos hardware de seguridad para aplicaciones que requieran de Terceras Partes Confiables. Concretamente, se ha integrado un protocolo de criptografía RSA multiparte con la librería certbuilder, para la creación de certificados X.509. De esta forma se asegura que la creación de los certificados raíz de la Infraestructura de Clave Publica se realiza de forma que la generación de claves y firma de este se ejecute íntegramente sobre el sistema multiparte, con un modelo de tres partes que trabaja con circuitos aritméticos, sin que ninguna de ellas, de forma aislada, tenga posibilidad de comprometer la clave privada correspondiente. Para comprobar la viabilidad del sistema se han realizado pruebas de generación de certificados con diferentes longitudes de clave, siendo el proceso determinante la creación de las claves. Los elevados tiempos hacen que una aplicación como esta no sea asumible en otros escenarios, pero creemos que para el caso de la creación de los certificados raíz de una infraestructura de clave pública las garantías avanzadas de seguridad compensan el tiempo extra.