Aragon Nest Proposal: Zero-knowledge approval voting module

Abstract

Issue

At present, there are no working well-known solutions for Ethereum-based smart contract anonymous voting. The existing prototypes are mostly at the R&D stage.

Solution

MixBytes team aims to build a zero-knowledge approval voting module,
allowing users to vote “Yes/No” or “+/-” on some topic. Choices would remain undisclosed and the results could be publicly verified.
We are planning to incorporate Aragon user identification and authorization modules to facilitate user account management and make the solution more user-friendly.

We consider zkSNARKS technology the most suitable option due to best practices and background research of other teams used in various dapp voting systems. We plan to implement the most recent library that supports ZKP generation in the browser using JavaScript.

Flow

Analyze the existing implementation options, their limitations and feasibility
Choose the most effective algorithm for ZKPs, compliant with the existing requirements. Selection criteria include:
ZK voting with minimum number of interactions with the contract
Vote content anonymity and voter identity protection
Easy ZK-voting setup procedure
Implement a voting core (casting a ZK-vote and its verification in a smart contract)
Build a module for creating a new voting, polling, voter registration and disclosure of results

Feasibility

We have been eager to get started and have conducted some basic feasibility research. We have found out the following:
As algorithms using arithmetic circuits have a lot of constraints, we have chosen the simplest approval voting option in which 1 vote = 1 bit and the voting result is also 1 bit. That will allow to build a compact ZKP voting verification and/or combine it with other ZKPs.
More effective zkSNARKS solutions are being built based on the existing ones, and we may change algorithms on the go.
In case the intended logic is too complex for one ZKP, we might consider building several ZKPs for separate tasks:
ZKP access to the given voting (e.g. ownership of a certain Aragon role)
ZKP vote correctness verification
ZKP for double-voting elimination
There are certain implementation risks in Ethereum as some voting safety and transparency issues haven’t been resolved yet. However, we believe that zkSNARKs technology will allow to create a fully working module.

Value

This module could serve the basis for other voting modules (reputation systems for Aragon users, decision-making in DAOs, arbitration of deals, etc). Plus, the approval module integration will simplify ZK-voting creation and procedure for Aragon users.

Team

Sergey Prilutskiy, Head of R&D
Links: LinkedIn/GitHub

Algys Ievlev, Lead Developer
Links: LinkedIn/GitHub

Deliverables

Github public repository, containing:

1. A set of AragonOS-compatible smart contracts, allowing Aragon users to start and conduct an approval voting on particular topic
2. Tests in JS for voting procedures: user registration (optional), zk-voting, results tally
3. Relevant technical documentation + a guide for Aragon users

Timeline

Milestone 1 (2-3 months)
research and design a voting scheme using zkSNARKs
choose the most suitable algorithms, circuits, and constraints system
provide a document with R&D results

Milestone 2 (1-2 months)
on-chain implementation of ZKP voting verification with tests

Milestone 3 (1-2 months)
implement a full voting scheme as Aragon module

Grant size:

Required funding: $115 000 $
Milestone 1: $50 000
Milestone 2: $ 32 500
Milestone 3: $ 32 500

Success fee: 30 000 ANT

This is really cool!

A few questions:

• Are you guys thinking to use the Perpetual Powers of Tao Ceremony as your trusted setup or something else?
• Is this project still viable if any of the planned cryptographic upgrades to Ethereum get delayed?
• Would the JS proof generator be something similar to the ZKP WASM app that @kobigurk made and/or EthSnarks, but also with an Aragon app that users can send the proof to in order to check and process it? Or would it be more like the Semaphore DAO model?
• I really like how your deliverables include docs and user guides, but I don't see any mention of an Aragon app. Do you guys plan on building out a full Aragon app (font end, back end, deployment to APM) that users can install into their DAOs via the Aragon CLI, or just a few contracts in a GitHub repo that someone else can then turn into a full app?

1. Yes, our team also participates in this particular ceremony (and participated in the previous one) and plans to use generated proving and verification keys from this trusted setup
2. Yes, it’s more than likely that new cryptographic changes will optimize a prover/verifier, but in general the project can be implemented using a currently supported curve (bn254)
3. Yes, we plan to use either a JS prover like this one or use our own; and WebAssembly, because it’s the fastest way to calculate something in JS. There could be some WASM pitfalls in the browser (like memory allocations) and non-optimum generated code. WASM prover may also be optimized.
4. Our global plan is to examine and choose only working solutions from the existing experimental software and make them work in real environments. Otherwise, we will write and share the document why they are not working.
   We understand the importance of feasibility of such software, so we plan to create a fully working Aragon module, operating in the browser via Metamask. We plan to build the contracts & tests first, then integrate the Aragon’s user model and combine all in one Aragon DApp (with Aragon UI-based design), build and deploy it, collect feedback, make fixes, then deploy in the mainnet and Aragon.

Super excited about this!

Given our previous bad experience funding an anonymous voting Nest grant that also had a first stage which was pure research and deciding what route to take, I'd encourage you to present an in-depth technical spec/description of how your proposed solution will work.

There is a fair amount of 'uphill work' on a project like this, so it makes sense that research is an important part of the project, but the current feasibility study is quite shallow for a +100k USD grant.

Agreed. Lifting the restrictions and uncertainties of the solution demand a deep thorough research. We will inform you as soon as we find out the corresponding solution justification and a solid feasibility proof.

Closing this as there has not been any activity lately. Please feel free to re open the Issue if you have any updates.