Aragon ZK Research and Aztec joined forces to research private voting for Nouns DAO over the last few months. They just concluded their research with a proof-of-concept and both general and technical reports. They also developed two time-locked cryptography protocols to support their work.
The Nouns DAO Private Voting Research Sprint was funded by Nouns DAO, a social and cultural DAO known to push the edges of governance experimentation, to research solutions for private voting for their organization. Three teams were funded, including one team composed of Aragon ZK Research and Aztec. They had three months to complete their research and deliver findings.
In the research sprint, they sought to answer the following primary question:
Up to which point is it possible to build a user-friendly, trustless (decentralized), fair (no one can count votes before a given time), weighted (voting power depends on the amount of tokens hold/delegated) and ballot-secret (it is impossible to link a voter with a choice) voting system in Ethereum?
Answer: With the promising progress on both research and development achieved throughout the sprint, it is very possible. And they have a demo to prove it!
The only parameter not addressed in this research was weighted. This proof of concept allows one vote per NFT. So, if you own two NFTs, you will need to cast a ballot for each NFT separately.
Let’s dive into the proof of concept the teams built, how it can be used by Nouns DAO, and what’s next for bringing private voting to all DAOs built on Aragon.
Why is onchain private voting important?
In DAOs today, all votes are public because the blockchain is transparent. However, private voting has been a long sought-after goal in the web3 industry.
DAO members might not want all of their decisions to be public to everyone on the internet. For example, if there was a vote that involved some friends or close colleagues, how would they feel if you voted against them, even if you believed it was the better choice? What about an election for a role—how would those being elected and the voters feel that their choices are available for everyone to see?
There is also the issue of security. If votes are public, voters could be more easily persuaded to vote a certain way through blackmail or bribes. But with fully encrypted private voting, the voter’s choice cannot be decoded.
Having the option for private voting solves this. But the onchain component is critical as well, because it means there’s no middleman storing your results in between: it’s just the blockchain.
Some private voting solutions might sacrifice decentralization for the sake of shielding votes, but Nouns DAO knew that would be a deal-breaker. So, they selected teams willing to solve the problem of voting that is both private and onchain.
What is the private voting proof of concept and how does it work?
The teams built a proof of concept (POC) following the parameters put forward by Nouns DAO. This proof of concept is not a live product, meaning it’s not market-ready or audited. In our case, you need to interact with the POC through the CLI, so you’re writing code rather than clicking on buttons in an interface.
The POC is important because it shows that trustless private voting on Ethereum is possible, which is exciting for the industry as a whole.
You can test it out yourself. Here are the steps:
- Register your wallet (done before voting for the first time)
Every wallet must register their public key before the voting process is started. This must only be done once per address—you don’t need to register every time you vote.
Connect your wallet to the zkRegistry app, register the public key, and copy the private key, which is needed for voting.
- Create the voting process
Anyone can create a voting process via the CLI with the `create-process` subcommand. An IPFS ID can be provided to bind the process to certain information.
Additional logic, like limiting voting to only wallets with either owned or delegated NFTs, can be easily implemented on the smart contract level.
- Cast your vote
Registered wallets that meet the eligibility requirements (such as holding NFTs—either non-delegated owned or delegated—at the time of the voting process creation) can generate a ballot and the corresponding proofs.
The vote can be submitted to the Nouns voting smart contract (VSC) during the voting period. Vote generation (ballot + proofs) and submission are performed together through the CLI using the `vote` subcommand.
One vote is allowed per NFT, because weighted voting was excluded in our proposal. So, if you own more than one NFT, you will repeat this step—generating a new ballot and casting a vote—for each NFT you hold.
- Tally the votes
After the voting period ends and the decryption key is released, anyone can verify the outcome of the voting process by tallying the results and sending them and the corresponding proofs to the VSC. This must only be done once.
Use the CLI with the `tally` subcommand. The subcommand does not return an output if called before the end of the voting period.
As you can see in the image below, the final results of the vote are shared without the wallet addresses of the voters.
Before delivering a final product to Nouns DAO, the team will need to research a solution for multisig support and develop a solution for vote aggregation. Multisig support would allow multisigs to cast votes, rather than just EOA wallets, which the current POC allows.
Some of these tasks are currently in Aragon ZK Research and Aztec Labs’ roadmaps, so they will be contributing to bringing this to production.
Aragon ZK Research will apply the learnings to DAOs on Aragon OSx
Aragon ZK Research will continue developing the key components of this project by extending their research to an Aragon OSx plugin. This plugin will allow DAOs built on Aragon OSx to hold entirely private votes, unlocking powerful functionality for organizations.
The code name is likely to be zk-POPVOTE (zk Proof-based On-chain Private Voting). The final technical report provides specific details and a tentative roadmap.
Aztez will contribute to Noir to improve private voting
Aztec Labs will continue contributing to Noir’s development to enhance both the developer and user experiences with trustless private voting. From getting Recursive Aggregation in web browsers, researching in-browser proving optimizations, all the way to researching and developing the next version of our proving backend, we excitedly look forward to the blossoming of ZK DAO Governance that will be unlocked with these technologies.
Dive into their research
Check out these links to explore their research:
- nouns-anonymous-voting: voter client library, tally CLI, and smart contracts (including zkRegistry)
- noir-trie-proofs: RLP decoding and Ethereum state and storage proof verification in Noir
- tlcs-c: Timelock Cryptographic Service Protocol C implementation (currently used in Timelock.zone)
- tlcs-rust: Timelock Cryptographic Service Protocol rust implementation (to be used in Timelock.zone when put in production)
- tlcs-chain: Cosmos Blockchain which provides a Time Lock Cryptography Service
- zk-registry-ui-demo: Web based UI using MetaMask for zk registry registration