Private Voting Module

Aztec Protocol:

“The AZTEC protocol enables the creation of generic confidential digital assets. We picked DAI to start with but with the press of a button the AZTEC protocol can be applied to any ERC-20 token. It also enables the construction of purely confidential assets that don’t have any kind of ERC-20 token equivalent. No extra cryptographic circuits required, no additional trusted setup processes needed. For the first time ever, it’s possible to create confidential digital assets on Ethereum, obtaining the immutability and decentralization benefits of public blockchains without sacrificing privacy.”

Keep Network:

Aragon Secret Voting:

State Channel Blind Signatures by Bo Hendo

I’ve been stuck on this question, it’s a really tough one. One of the hardest problems in the space and nobody seems to have a good answer to it… If we do votes on Quorum, we’d have to manage our own separate chain & then figure out how to get the chains talking to each other, if we got this route it seems best to wait for Polkadot to publish their cross-chain communication solution but idk if managing a separate chain would have a good cost/benefit. Honestly, zk proofs are black magic to me. Not the slightest clue how they work or what they’re capable of. I stumbled upon something called “blind signatures” that I think falls under the “computation over encrypted data” category but this still requires trusted administrators and has potential to cost a lot of gas. Another option I’ve just barely began to explore might be something similar to blind signatures in a state channel. State channels have the massive benefit of allowing participants to vote without costing them any gas. The 0 gas price might be a big enough benefit to explore this option & the off chain computation opens up the ability experiment w more computationally expensive solutions like blind signature… There’s a lot to think about here Re blind signatures:

Enigma Integration:

Qs by @Pat:

(1) anonymous reputation voting within holographic consensus

(2) anonymous predicting/staking within holographic consensus

(3) anonymous voting not related to holographic consensus (such as an election or multiple choice)

(4) a private DAO with some sort of permissions structure hiding proposals and budget from non reputation holders

As:

(1) anonymous reputation voting within holographic consensus
“reputation voting” here-- does it mean reputation-weighted voting, or voting on someone’s reputation (what their rep should be?)

(2) anonymous predicting/staking within holographic consensus

the direction of a stake could be anonymous. The degree could be obfuscated, but isn’t de-facto anonymous (b/c value is being transferred)

(3) anonymous voting not related to holographic consensus (such as an election or multiple choice)
This should be straightforward

(4) a private DAO with some sort of permissions structure hiding proposals and budget from non reputation holders
This is interesting. I will have to think more about it. Enigma provides both storage and compute, (and a private state of stored data). Access control comes for free. However, depending on the nature of the proposal it may not be the most efficient way to share.

Regarding what we do vs. pure ZKsnark voting, we don’t have an executive summary, but I can share a simple diagram comparing private computation techniques.
privacy-preserving compute overview

Using Quorem by @Eyal

I may have an easy solution for the privacy issue. I bet Arc can be easily deployed on Quorum, which is an Ethereum fork. “Deployed” here is simply the W3 the system is connected to, i.e. a Quorum node instead of Ethereum. The benefit is that now each transaction can be either public, or private for a subset of nodes. Transparency, and partially decentralization is not completely lost because nodes that don’t have access to the full transaction still have a hash of it, and certain transactions can still be completely public by going to the Ethereum network.

I think this can open up business opportunities because you can offer companies a turn key solution for a DAO that is private or public with any granularity they choose, and the beauty of this solution is that it would require minimal dev time

1 Like

Hi everyone,

I’m an Ethereum developer who has been working with the AZTEC team for the past 5 months integrating it for private security issuance and trading for a NYC real estate company. AZTEC has a generalizable crypto engine that lets it run several proof types, of which securities trading and dividends disbursement is just one. Private voting has been mentioned a few times, especially for asset governance. The AZTEC team would be happy to add a new proof type for blind voting if this is an important use case to the DAOstack community / project.

I already have a webpack’d version of AZTEC that can generate proofs and conduct confidential transactions directly in the voter’s browser, without having to trust any third party, and be validated on-chain directly.

I took my current gig because I’ve been wanting to learn about zero-knowledge proofs for awhile, and it has definitely brought me far along that goal. Although the gas cost per confidential tx in AZTEC is substantial (around 600-800k gas currently although this could be amortized across many votes), it is fully operational now on the mainnet, unlike all other ZK(SNARK) projects. I’d be interested in being part of a community effort to integrate it into DAOstack and Genesis / Alchemy. The ZK approach is not mutually exclusive with private chains, and the Quorum proposal is also interesting.

Deploying to a different chain / side-channel seems fast (on the order of weeks), but merging these tx’s back to the Ethereum mainnet is an unknown amount of work to me.

I don’t know much about Quorum, except I’m curious how the validators are chosen, and the difference with just running Arc on our own private Ethereum network with DAO-chosen validators, or even Rinkeby.

A read through the link above on blind signature voting shows that it is competitive (~300k per vote, not amortizable) and an interesting alternative approach that also uses similar techniques to AZTEC (commit-reveal schemes). Based on the contributions in this thread, I think we are close to an execute summary that could be submitted as a GenesisDAO proposal.

I look forward to working with y’all soon.

3 Likes

Super interesting breakdown, thank you for that. I would love to help spec this out further. What are the next steps you’re thinking are needed?

1 Like

Thanks @dOrgJelli and @patdaostack for previous posts. Private DAOs are the most interesting application brought up from above, and also concealed vote count (which may be revealed to voters afterwards).

I like the metaphor that DAOstack / Alchemy is the “Wordpress of DAOs”, so along that vein, people could spin up private “blogs” with votes / funds that are secret even from DAOstack.

The key idea in AZTEC is a confidentialTransfer, which operates on encrypted “banknotes” of private value, issued for a certain security, and ensures that the sum of input notes of all spenders equals the sum of all output notes of all recipients.

To start the spec, here’s one early stab / sketch at the idea, which may turn out to be wrong:

  • Each proposal has two new “securites” associated with it, a YES version and a NO version.
  • Every eligible voter is issued two notes for each security, 1-value note to vote YES/NO and a 0-value note as a decoy.
  • The voter votes in both proposals by “spending” the appropriate value note to a timed contract. Everyone can watch in public which notes are received.

The vote can be counted by a bot who tries to validate a transfer of all possible amounts with these notes. This is a brute force method, like "Do the YES votes sum to 1? Do the YES votes sum to 2? … " but it’s a stateless operation on-chain (zero gas fees), just heavy on processing power for the Ethereum node that runs it. Once the total YES and NO vote count is discovered, they are decrypted into a normal ERC20-like token equal to the difference of YES/NO (could be negative) and recorded on-chain forever.

1 Like

My assumption then is that once decrypted we know the total Reputation that voted yes/no for the proposal in question?

How does work with the boosting game, when the quorum for voting changes? Does it simply anonymize the voters, or also the ongoing results (this is a potential issue currently as being able to see the results in the regular queue is deterring some voters from participating; albeit it depends how you look at it).

Yes, to the first, once the vote is decrypted we’ll know the total REP voting yes/no.

I don’t know all the rules for boosting, but if it’s a different quorum, then we can create a different type of “election” depending on whether it’s boosted or not. The bot close voting / determine quorum by transferring the collected votes so far, and not paying attention to future votes that are cast late.

The votes would be anonymized, but metadata would still be available (people can tell that you voted first, or that you were the last one to vote to make quorum). Before the votes are decrypted, the progress would be a secret.

Can you say more @patdaostack about what the deterrent is?

1 Like

Totally!

Some people feel that if you see the results in the regular queue, you’re incentivized to not vote if one side is the clear preference of early voters, as currently there is a parameter, delta, within the Genesis Protocol that transfers Reputation from incorrect to correct voters in the regular queue. I’ve discussed this here.

However, in the boosted queue, there’s no transfer of Reputation; thus no incentive to not vote.

To me, the ideal solution for private voting is:

  • Hide results in the regular queue
  • Show results in the boosted queue

I’m less concerned about whether voting itself should be private; that is, whether voters should be anonymous both during and after the proposal lifecycle; this seems like a feature that DAOs should choose whether or not they want (I see immense benefits to transparent voting records, but not everyone would agree with this).

Hi @cryptogoth

I think this is vert interesting.
We have been thinking about confidential voting for a very long time. It looks very cool but I’m not sure this is the game I would prefer.
In any case, DAOstack is building modular platform. So we need to try and build this module, let people decide if it is useful.

Interesting @patdaostack thanks for clarification. I see anonymous voting as ideal for citizens electing leaders (when you go to the real polls, no one is watching you in the booth, so you can be totally honest), but transparent voting as ideal for leaders once elected (e.g. which U.S. senators voted to go to war?)

I think this is what you’re getting at re: deterrant, let me know if it sounds right. As a thought experiment: let’s say U.S. elections had 100% accurate polls tracked in real-time. If you see a big vote margin, you think your vote wouldn’t make a difference, and you’d stay home and not vote. But if it’s too early in the voting period, a small discrepancy might snowball and deter more and more people from participating, even though swinging the vote would be totally achievable if it were secret.

Why would seeing ongoing progress be more desirable for boosted proposals? Maybe b/c they are more visible, voters would be more likely to tell their friends and try to swing the vote?

It’s actually possible now to keep total vote secret forever, if we convert all REP to an ERC1724 version (this is supported under AZTEC), so that the disbursement of rewards doesn’t reveal anything about its outcome.

For companies / private organizations wishing to manage their funds on GenesisDAO, most would prefer to keep their finances / decision-making private even from DAOstack. E.g. Slack is probably training ML models on their customers chat conversations, and possibly surveilling them, even though these conversations probably contain quarterly earnings and info that would allow insider trading.

I see anonymous voting as ideal for citizens electing leaders (when you go to the real polls, no one is watching you in the booth, so you can be totally honest), but transparent voting as ideal for leaders once elected (e.g. which U.S. senators voted to go to war?)

This generally makes sense to me, but not in the context of Alchemy as a co-budgeting/collaborative resource mgmt application; we aren’t holding elections here!

Yes, and I’d go one step further: there is an additional disincentive in that delta’s default Genesis parameter stipulates that 4% of early voters will lose their Rep to winning voters (note that this can be tweaked); if you see a large voter gap in the absolute queue it becomes difficult to vote on the minority side.

Why would seeing ongoing progress be more desirable for boosted proposals? Maybe b/c they are more visible, voters would be more likely to tell their friends and try to swing the vote?

Yes, precisely – this is how holographic consensus is supposed to function; that is, proposals in the boosted queue should have attention diverted to them – this is impossible without the vote being transparently displayed. I sort of discuss this point here.

It’s actually possible now to keep total vote secret forever, if we convert all REP to an ERC1724 version (this is supported under AZTEC), so that the disbursement of rewards doesn’t reveal anything about its outcome.

I’m not sure if it effects the specification, but Reputation is not a token – perhaps this doesn’t matter but this is something to consider in relation to the Arc platform. It actually goes against the holographic consensus framework to keep the vote secret forever; members of the GEN Predictor’s Network need to understand the closeness of votes in the past in order to effectively curate proposals in the future.

For companies / private organizations wishing to manage their funds on GenesisDAO, most would prefer to keep their finances / decision-making private even from DAOstack.

I don’t think companies or private orgs would want to join the Genesis DAO, and I don’t really think this is the direction DAOstack Technologies aims to build with Alchemy – collaborative scalable networks (DAOs) – as soon as you make private the “books” of the DAO than you immediately lose the trustless “radical transparency” benefit of the blockchain. A purely private system seems fundamentally incompatible with scalable DAOs for the aforementioned reasons; it is not good for the use case of DAOs at scale. At this point it makes more sense for a firm to use a permissioned ledger, no?