Protecting Voter Privacy in DAOs

Voting plays a crucial role within Decentralized Autonomous Organizations (DAOs). Currently, on-chain voting ensures transparency and resistance to censorship in the voting process, though this is done at the expense of voter privacy.

For example, in the OpenZeppelin’s Governor framework, the most widely used on-chain voting system, votes are not encrypted and are visible to everyone. This means anyone can see how each user voted.

To address the exposure of votes on-chain, Horizen Labs created a solution using zk-proofs to keep votes private while still keeping votes transparent and resistant to censorship, just like current on-chain voting systems. For a more technical overview of our approach, please reference our technical guide.

How it works

The voting protocol we implemented involves some complex cryptography, such as linear homomorphic encryption, and zero-knowledge proofs.

Before sending their votes on-chain, users encrypt them. In this way, to an observing third party, each on-chain vote looks like random gibberish, from which it’s impossible to recover the original vote.

Now it could be reasonable to think that, since each vote looks like random gibberish, in order to compute the final result, it’s necessary to decrypt each individual vote beforehand. But by adopting a linear homomorphic encryption scheme, it’s possible to actually compute the (still encrypted) result on-chain, without ever decrypting a single vote.

After the encrypted result has been computed, a tallying authority is in charge of decrypting it using its private decryption key, and publish it.

Zk-proofs play a crucial role in two phases of the protocol, ensuring:

1. Well-formedness of the votes: since each vote is encrypted (hence, for all purposes, indistinguishable by a random string), voters must prove the validity of their vote by generating a zk-proof of vote well-formedness. They send it on-chain together with their encrypted vote, so that the voting smart contract can discard invalid votes.
2. Correct decryption of the result: the tallying authority must generate a zk-proof of correct decryption in order to ensure that it has correctly decrypted the final result, which is available on-chain. Again, this proof is checked on-chain by the voting smart contract, thus ensuring that the tallying authority cannot cheat.

Limitations and future work

Our solution has strong guarantees of integrity and correctness: the combination of transparent on-chain computation and zk-proofs ensures that no actor can cheat. Cheating is impossible both for voters, who cannot cast invalid votes, or perform double votes, and for the tallying authority, who cannot ignore, forge, or otherwise tamper with votes. These guarantees of correctness are very important, and do not require putting trust in anyone, except in cryptography and, of course, in the consensus of the chain itself.

Our protocol also ensures privacy of votes. In this regard, guarantees are somewhat weaker, in the sense that they require assuming that the tallying authority is honest, and doesn’t decrypt each individual vote, but only the final encrypted result. We are working to improve this aspect by implementing threshold decryption: then it will be possible to create a setup in which the decryption key won’t be held by a single party, rather it will be split into multiple shares, each one held by a different party. This would prevent the situation in which a single tallying authority is able to decrypt individual votes. For that to occur, multiple parties would have to collude.

There is another trust assumption in our protocol: that the tallying authority abides by its duty, and actually performs the tallying. Otherwise the result of the voting cannot be determined and remains available only in encrypted form. The best way to prevent this possibility varies on a case by case basis, but, generally speaking, cryptoeconomic mechanisms (such as slashing) can be useful.

Conclusion

At Horizen Labs we have developed an on-chain private voting solution which is compatible with the OpenZeppelin Governor framework. At the moment, adopting our solution requires modifications to the governance contract, but we are working to solutions which could avoid this necessity.

We believe that enabling privacy in on-chain voting is important for a broader adoption of this technology, and this is our first step in that direction. If you have any question, feel free to get in contact with our team!

Luca Giussani, lucagiussani@horizenlabs.io