A16z launches Ethereum’s anonymous voting system
The venture capital fund Andreessen Horowitz, also known as A16z, has released a Solidity library called “Cicada” that enables anonymous voting on Ethereum. This library ensures that the choices of individual voters remain unknown until the polling ends. According to a blog post by A16z engineer Michael Zhu on May 24, when combined with zero-knowledge group membership systems like Semaphore, Cicada can also make the identity of the voter permanently unknowable.
Excited to announce Cicada: a new building block for private on-chain voting. https://t.co/hxE4KL4Se6
— moodle zoup (@moodlezoup) May 24, 2023
Zhu stated that Cicada relies on time-lock puzzles, a type of cryptography that enables users to encrypt secret values that can only be decrypted after a specific period of time has passed.
These puzzles have been around since 1996, but before 2019, users would have been required to reveal their secret values once the time period had passed. In voting systems, this could have caused problems with users submitting votes and then going offline, preventing all the votes from being countable.
In 2019, cryptographers Giulio Malavolta and Aravind Thyagarajan proposed the concept of “homomorphic” time-lock puzzles. This allowed the puzzles to be added together to produce a final puzzle that was much easier to solve than the sum of the individual puzzles. The solution to the final puzzle reveals only the sum of the individual values without revealing the individual values making up this sum.
According to the A16z post, Cicada uses these homomorphic puzzles, allowing votes to be counted even if users go offline.
When A16z researchers attempted to transfer Malavolta and Thyagarajan’s system to the blockchain, they ran into an obstacle to creating a fair voting system: Each choice needed to be encoded as a boolean value of “1” or “0.” This meant that attackers could try to increase their voting power by incorrectly encoding the vote—for example, by encoding “100” as their value.
To solve this problem, Cicada requires voters to submit a zero-knowledge proof of ballot validity along with each ballot. The proof shows that the vote was encoded correctly, but without revealing the contents of the vote.
Cicada only prevents votes from being known while the poll is being conducted. Once the “poll has closed” or the time-lock period has passed, any person can determine the contents of a vote by brute-forcing the solution to the puzzle. However, A16z suggested that this problem can be solved by combining Cicada with zero-knowledge group membership systems like Semaphore, Semacaulk, or zero-knowledge state proofs. In this case, brute-forcing the puzzle will only reveal that the vote was cast by an eligible voter but will not reveal the credentials used to prove the voter’s eligibility.
Zhu provided a link to a sample contract produced using Cicada that also relies on Semaphore to prove voter eligibility as an example.
Voting systems have long been a component of decentralized autonomous organizations (DAOs), the governing bodies that often manage blockchain apps. But in most cases, DAOs use tokens to represent votes, which means that individual users can have an outsized influence if they hold a large number of tokens. For example, on May 22, an attacker took control of Tornado Cash by casting extra votes on a malicious proposal, using it to drain all of the governance contract’s funds. The attacker later offered to give back control to users.
Waves founder Sasha Ivanov has argued that DAOs must move to a more democratic voting system if governance attacks like these are to be avoided.
We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!
Was this article helpful?
93 out of 132 found this helpful
Related articles