Enterprise capital fund Andreessen Horowitz, often known as “a16z,” has launched a Solidity library that can be utilized for nameless voting on Ethereum. Referred to as “Cicada,” the library prevents a person voter’s alternative from being recognized earlier than polling ends. When mixed with zero-knowledge (ZK) group membership methods like Semaphore, it may well additionally make the identification of the voter completely unknowable, in accordance with a Could 24 weblog put up from a16z engineer Michael Zhu.
Excited to announce Cicada: a brand new constructing block for personal on-chain voting. https://t.co/hxE4KL4Se6
— moodle zoup (@moodlezoup) Could 24, 2023
Cicada depends on time-lock puzzles, a kind of cryptography that permits customers to encrypt secret values that may solely be decrypted after a selected time period has handed, Zhu said.
These puzzles have been round since 1996. However earlier than 2019, they might have required customers to disclose their secret values as soon as the time interval had handed. In voting methods, this might have triggered issues with customers submitting votes after which going offline, stopping all of the votes from being countable.
In 2019, the idea of “homomorphic” time-lock puzzles was proposed by cryptographers Malavolta and Thyagarajan. This allowed the puzzles to be added collectively to provide a closing puzzle that was a lot simpler to resolve than the sum of the person puzzles. The answer to the ultimate puzzle reveals solely the sum of the person values, with out revealing the person values making up this sum.
In accordance with the a16z put up, Cicada makes use of these homomorphic puzzles, permitting votes to be counted even when customers go offline.
When trying to switch Malavolta and Thyagarajan’s system to the blockchain, a16z researchers bumped into an impediment to creating a good voting system: every alternative wanted to be encoded as a boolean worth of “1” or “0.” This meant that an attacker might attempt to improve their voting energy by incorrectly encoding the vote, by encoding “100” as their worth, for instance.
To unravel this downside, Cicada requires voters to submit a zero-knowledge proof of poll validity together with every poll, the put up stated. The proof reveals that the vote was encoded accurately, however with out revealing the contents of the vote.
Associated: Anchorage Digital opens up DeFi voting for custody shoppers
Cicada solely prevents votes from being recognized whereas the ballot is being performed. As soon as the “ballot has closed” or the time-lock interval has handed, any individual can decide the contents of a vote by brute-forcing the answer to the puzzle. Nevertheless, a16z instructed that this downside might be solved by combining Cicada with zero-knowledge group membership methods like Semaphor, Semacaulk, or ZK state proofs. On this case, brute forcing the puzzle will solely reveal that the vote was forged by an eligible voter, however won’t reveal the credentials used to show the voter’s eligibility.
For example, Zhu supplied a hyperlink to a pattern contract produced utilizing Cicada that additionally depends on Semaphor to show voter eligibility.
Voting methods have lengthy been a part of decentralized autonomous organizations (DAOs), the governing our bodies that usually handle blockchain apps. However typically, DAOs use tokens to signify votes, which implies that a person person can have an outsized affect in the event that they maintain a lot of tokens. For instance, on Could 22, an attacker took management of Twister Money by creating further votes for themselves by means of a malicious proposal, utilizing it to empty the entire governance contract’s funds. The attacker later provided to give again management to customers.
Waves Community Founder Sasha Ivanov has argued that DAOs should transfer to a extra democratic voting system if governance assaults like these are to be prevented.
