A16z releases anonymous voting system for Ethereum

Please fol­low and like us:
Pin Share

Ven­ture cap­i­tal fund Andreessen Horowitz, also known as A16z, has released a Solid­i­ty library that can be used for anony­mous vot­ing on Ethereum. Called “Cica­da,” the library pre­vents an indi­vid­ual voter’s choice from being known before polling ends. When com­bined with zero-knowl­edge group mem­ber­ship sys­tems like Sem­a­phore, it can also make the iden­ti­ty of the vot­er per­ma­nent­ly unknow­able, accord­ing to a May 24 blog post from A16z engi­neer Michael Zhu.

Cica­da relies on time-lock puz­zles, a type of cryp­tog­ra­phy that allows users to encrypt secret val­ues that can only be decrypt­ed after a spe­cif­ic peri­od of time has passed, Zhu stated. 

These puz­zles have been around since 1996. But before 2019, they would have required users to reveal their secret val­ues once the time peri­od had passed. In vot­ing sys­tems, this could have caused prob­lems with users sub­mit­ting votes and then going offline, pre­vent­ing all the votes from being countable.

In 2019, the con­cept of “homo­mor­phic” time-lock puz­zles was pro­posed by cryp­tog­ra­phers Giulio Mala­vol­ta and Aravind Thya­gara­jan. This allowed the puz­zles to be added togeth­er to pro­duce a final puz­zle that was much eas­i­er to solve than the sum of the indi­vid­ual puz­zles. The solu­tion to the final puz­zle reveals only the sum of the indi­vid­ual val­ues with­out reveal­ing the indi­vid­ual val­ues mak­ing up this sum.

Accord­ing to the A16z post, Cica­da uses these homo­mor­phic puz­zles, allow­ing votes to be count­ed even if users go offline.

When attempt­ing to trans­fer Mala­vol­ta and Thyagarajan’s sys­tem to the blockchain, A16z researchers ran into an obsta­cle to cre­at­ing a fair vot­ing sys­tem: Each choice need­ed to be encod­ed as a boolean val­ue of “1” or “0.” This meant that attack­ers could try to increase their vot­ing pow­er by incor­rect­ly encod­ing the vote — by encod­ing “100” as their val­ue, for example.

To solve this prob­lem, Cica­da requires vot­ers to sub­mit a zero-knowl­edge proof of bal­lot valid­i­ty along with each bal­lot, the post said. The proof shows that the vote was encod­ed cor­rect­ly, but with­out reveal­ing the con­tents of the vote. 

Relat­ed: Anchor­age Dig­i­tal opens up DeFi vot­ing for cus­tody clients

Cica­da only pre­vents votes from being known while the poll is being con­duct­ed. Once the “poll has closed” or the time-lock peri­od has passed, any per­son can deter­mine the con­tents of a vote by brute-forc­ing the solu­tion to the puz­zle. How­ev­er, A16z sug­gest­ed that this prob­lem can be solved by com­bin­ing Cica­da with zero-knowl­edge group mem­ber­ship sys­tems like Sem­a­phore, Semacaulk or zero-knowl­edge state proofs. In this case, brute forc­ing the puz­zle will only reveal that the vote was cast by an eli­gi­ble vot­er but will not reveal the cre­den­tials used to prove the voter’s eligibility.

As an exam­ple, Zhu pro­vid­ed a link to a sam­ple con­tract pro­duced using Cica­da that also relies on Sem­a­phore to prove vot­er eligibility.

Vot­ing sys­tems have long been a com­po­nent of decen­tral­ized autonomous orga­ni­za­tions (DAOs), the gov­ern­ing bod­ies that often man­age blockchain apps. But in most cas­es, DAOs use tokens to rep­re­sent votes, which means that indi­vid­ual users can have an out­sized influ­ence if they hold a large num­ber of tokens. For exam­ple, on May 22, an attack­er took con­trol of Tor­na­do Cash by cast­ing extra votes on a mali­cious pro­pos­al, using it to drain all of the gov­er­nance contract’s funds. The attack­er lat­er offered to give back con­trol to users.

Waves founder Sasha Ivanov has argued that DAOs must move to a more demo­c­ra­t­ic vot­ing sys­tem if gov­er­nance attacks like these are to be avoided.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.