Here you can find the academic publications produced, published in peer-reviewed journals. This selection highlights our contributions to scientific research in our field.
The issuance and verification of academic certificates face significant challenges in the digital era. The proliferation of counterfeit credentials and the lack of a reliable, universally accepted system for issuing and validating them pose critical issues in the educational domain. Certificates, traditionally issued by centralized educational institutions using their proprietary systems, pose challenges for straightforward verification, generating uncertainty about the credibility of academic achievements. In addition to diplomas issued by academic entities, it is now necessary in virtually all professional fields to stay updated and obtain accreditation for certain skills or experiences, which is a determining factor in securing or enhancing employment. Yet, there is no platform available to consistently demonstrate these capabilities and experiences. This article introduces a novel model for issuing and verifying academic information using non-fungible tokens (NFTs) supported by blockchain technologies, focused on compliance with the General Data Protection Regulation (GDPR). It describes a model that grants control to the data subject, enabling the management of information access while adhering to key GDPR principles. Simultaneously, it remains compatible with existing systems within organizations, and is flexible in certifying various types of academic information. The implications of this model are discussed, emphasizing the importance of addressing privacy in blockchain-based applications.
The growing importance of traceability in supply chains requires robust, transparent, and efficient systems to ensure the integrity and authenticity of product journeys. This paper presents a comprehensive characterisation and data model for a generic blockchain-based traceability system, highlighting its implementation using smart contracts on Ethereum-compatible networks, as the Ethereum Virtual Machine (EVM), with its pioneering implementation of smart contracts and its extensive ecosystem; it provides a robust environment for developing decentralised applications. We discuss the advantages of using blockchain technology to notarise traceability activities, ensuring immutability and transparency by exploring two main scenarios, namely one where hash keys (i.e, cryptographic digests) are stored on-chain while detailed data remain off-chain, and another where all traceability data are fully stored on-chain. Each approach is evaluated for its impact on scalability, privacy, storage efficiency, and operational costs. The hash key method offers significant advantages in reducing blockchain storage costs, enhancing privacy, and maintaining data integrity, but it depends on reliable off-chain storage. Conversely, the full on-chain approach guarantees data immutability but at a higher cost and lower scalability. By combining these strategies, a balanced solution can be achieved, leveraging the strengths of both methods to provide a reliable, efficient, and secure blockchain-based traceability system, which is illustrated with a practical implementation to support traceability in the timber sector in Galicia, Spain. This paper aims to provide valuable insights for researchers and practitioners looking to implement or enhance traceability systems using blockchain technology, demonstrating how smart contracts can be effectively utilised to meet the demanding requirements of modern supply chains.
The popularization of blockchain-based applications made evident a critical challenge, namely the inherent isolation of these decentralized systems, akin to the disconnected and technologically diverse local area networks of the 1970s. This lack of interoperability limits the potential for widespread adoption and innovation in the blockchain space. While various initiatives aim to bridge this gap, many remain nascent. This article addresses this issue by proposing a robust architecture and practical implementation to interconnect two Ethereum-based blockchains, enabling seamless smart contract interactions across these chains, and facilitating the exchange of complex information beyond mere token transfers. Our work explores the emerging landscape of inter-blockchain communication, highlighting their current maturity and potential, and providing insights on how to overcome the technical hurdles associated with these protocols, particularly in the context of transmitting complex data and executing cross-chain function calls. Additionally, we illustrate with a case study the challenges posed by linking private blockchains with public ones, ensuring secure and efficient data exchange. This article aims to inspire blockchain researchers and practitioners, presenting a foundational framework for enhancing blockchain interoperability, including detailed, practical steps for its implementation. By laying the groundwork for more connected blockchain ecosystems, we intend to support the continued evolution and widespread adoption of blockchain technology.
Blockchain is a technology that gained relevance in various fields due to its transparency and security in recording information in a reliable and immutable manner. In particular, the adoption of private blockchain platforms based on the Ethereum technology grew significantly in enterprise environments. However, there are certain issues concerning privacy and access control that may pose significant challenges in scenarios where private transactions occur between user agents instead of nodes, that is, between blockchain accounts that are not necessarily attached to specific nodes. The Blockchain Application Firewall (BAF) is introduced as a conceptual framework that can be applied in cases where control over data access is needed, including private transactions between accounts. More specifically, the BAF is intended to complement a blockchain endpoint acting as an intermediary between users and blockchain services and data, monitoring and controlling incoming and outgoing traffic, according to an applied access policy. This work investigates BAF’s feasibility and effectiveness in enhancing the capabilities of Ethereum-based blockchains in the described scenarios. A proof-of-concept was implemented with Besu to assess its feasibility, providing evidence that BAF can act as an additional layer of control over data stored, helping to solve key limitations in practical implementations and allowing exploration of new use cases that could not be addressed so far.
This paper introduces a novel access control architecture based on a dual-blockchain model that separates access management from data storage to enhance security and scalability. The system enables users to submit access requests to a primary blockchain, where smart contracts dynamically verify permissions before retrieving data from a secondary, isolated blockchain. This design enforces fine-grained, account-level access control while preventing direct exposure of sensitive data. A proof of concept was implemented using Hyperledger YUI to interconnect Ethereum-based blockchains, demonstrating secure inter-chain communication and dynamic permission enforcement. The proposed solution addresses key limitations in existing blockchain infrastructures and offers a flexible, decentralized framework suitable for applications requiring robust data governance and regulatory compliance.
For years, combining the immutability associated with blockchain technology with the European Union’s General Data Protection Regulation (GDPR) has been considered a practically unsolvable conflict due to the very nature of blockchain and the GDPR. This article presents the GAVIN project (GDPR-Compliant Blockchain-Based Architecture for Universal Learning, Education and Training Information Management), a pioneering initiative that overcomes this challenge through an innovative technical and legal approach to trusted digital academic certification. Developed by atlanTTic (University of Vigo) and funded by the European Union, GAVIN proposes a scalable architecture that combines off-chain storage, encrypted Hash-Based Message Authentication Code (HMAC) anonymization, access notarization, and blockchain-based access control. The legal validation of the working prototype under development demonstrates that blockchain decentralization is compatible with GDPR compliance. The model is presented as a replicable reference for institutions wishing to leverage distributed ledger technologies without compromising personal data protection. This paper details the legal design, technical architecture, and compliance mechanisms, offering a practical framework for implementing decentralized systems with privacy by design.
Blockchain technology has emerged as a disruptive solution with the potential to transform multiple sectors, including education, due to its ability to ensure traceability, integrity, and trust in data. This paper presents the technical implementation of a blockchain-based system for the issuance, storage, and verification of academic credentials across formal, non-formal, and informal education. Addressing key challenges in authenticity, integrity, and privacy, the proposed solution ensures compliance with the EU General Data Protection Regulation (GDPR) through a privacy-by-design approach. It employs off-chain encrypted storage, advanced anonymization techniques using HMACs within Merkle Trees, and a dual-consortium blockchain architecture built on Hyperledger Besu. Interoperability is achieved via the IBC YUI protocol, while a Blockchain Application Firewall (BAF) enables dynamic, fine-grained access control. The system also includes a secure data recovery mechanism in case of institutional disappearance. A functional prototype deployed on Raspberry Pi devices demonstrates technical feasibility. Quantitative and qualitative evaluations confirm the system’s utility, security, and scalability, while also highlighting adoption challenges such as institutional resistance and the lack of standardization.
This article presents a qualitative analysis of the GAVIN project (GDPR-Compliant Blockchain-Based Architecture for Universal Learning, Education and Training Information Management), an innovative blockchain-based system developed to address challenges of academic credential verification and recovery in a context where academic certificate issuance and verification is highly fragmented, with institutions operating isolated systems that hinder efficient verification and facilitate the proliferation of fraudulent documents. The GAVIN model introduces a multi-blockchain architecture aimed at recognition of formal, non-formal, and informal learning guaranteeing compliance with the General Data Protection Regulation (GDPR). Following the design and development of a functional prototype, this study presents a qualitative evaluation of the model by means of a validation workshop with diverse stakeholders from the education sector, using pre- and post-workshop questionnaires grounded in the Technology Acceptance Model (TAM). Results indicate a strong perceived usefulness and significant potential to improve current credentialing processes. However, concerns were raised regarding implementation feasibility, associated costs, the need for official standardization, and the importance of establishing robust governance and sustainable business models. This study offers valuable insights into the challenges and opportunities of blockchain adoption in education, providing guidance for future development and policy-making.